From 643aa49d34ba40bfd6fce43661b3535800c928a4 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Tue, 28 Oct 2025 13:51:07 +0100 Subject: [PATCH] bump libnDPI to e9751cec26d80fe2d88706d4f7521a63ec12b3bb * incorporate replacement of "TLS Susp ESNI Usage" with "Mismatching Protocol with server IP address" Signed-off-by: Toni Uhlig --- libnDPI | 2 +- schema/flow_event_schema.json | 4 +- test/results/caches_cfg/ookla.pcap.out | 14 +- test/results/caches_cfg/teams.pcap.out | 12 +- .../results/caches_global/bittorrent.pcap.out | 12 +- .../caches_global/lru_ipv6_caches.pcapng.out | 12 +- test/results/caches_global/mining.pcapng.out | 16 +- test/results/caches_global/ookla.pcap.out | 14 +- test/results/caches_global/teams.pcap.out | 12 +- .../results/caches_global/zoom_p2p.pcapng.out | 12 +- .../classification_only/bittorrent.pcap.out | 12 +- .../bittorrent_tcp_miss.pcapng.out | 12 +- .../classification_only/forticlient.pcap.out | 12 +- .../http-basic-auth.pcap.out | 12 +- .../classification_only/http-pwd.pcapng.out | 12 +- .../classification_only/http_auth.pcap.out | 12 +- .../classification_only/ookla.pcap.out | 14 +- test/results/classification_only/sip.pcap.out | 16 +- .../classification_only/teams.pcap.out | 12 +- .../tls_1.2_unidir_client_no_cert.pcapng.out | 12 +- .../tls_1.2_unidir_server_no_cert.pcapng.out | 12 +- .../tls_1.2_unidirectional_client.pcapng.out | 12 +- .../tls_1.2_unidirectional_server.pcapng.out | 12 +- .../tls_1.3_unidirectional_client.pcapng.out | 12 +- .../tls_1.3_unidirectional_server.pcapng.out | 12 +- .../classification_only/tls_ech.pcapng.out | 12 +- .../tls_verylong_certificate.pcap.out | 12 +- .../custom_rules_overwrite_domains.pcap.out | 46 + test/results/default/1kxun.pcap.out | 106 +-- test/results/default/443-chrome.pcap.out | 12 +- test/results/default/443-curl.pcap.out | 12 +- test/results/default/443-firefox.pcap.out | 12 +- test/results/default/443-git.pcap.out | 12 +- test/results/default/443-opvn.pcap.out | 12 +- test/results/default/443-safari.pcap.out | 12 +- test/results/default/4in4tunnel.pcap.out | 20 +- test/results/default/4in6tunnel.pcap.out | 12 +- test/results/default/6in4tunnel.pcap.out | 12 +- test/results/default/6in6tunnel.pcap.out | 12 +- .../default/BGP_Cisco_hdlc_slarp.pcap.out | 12 +- test/results/default/BGP_redist.pcap.out | 12 +- test/results/default/EAQ.pcap.out | 12 +- .../FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out | 12 +- test/results/default/IEC104.pcap.out | 12 +- test/results/default/KakaoTalk_chat.pcap.out | 20 +- test/results/default/KakaoTalk_talk.pcap.out | 14 +- test/results/default/NTPv2.pcap.out | 12 +- test/results/default/NTPv3.pcap.out | 12 +- test/results/default/NTPv4.pcap.out | 12 +- test/results/default/Oscar.pcap.out | 12 +- test/results/default/TivoDVR.pcap.out | 12 +- test/results/default/WebattackRCE.pcap.out | 12 +- test/results/default/WebattackSQLinj.pcap.out | 12 +- test/results/default/WebattackXSS.pcap.out | 14 +- test/results/default/activision.pcap.out | 16 +- test/results/default/adult_content.pcap.out | 12 +- test/results/default/afp.pcap.out | 12 +- test/results/default/agora-sd-rtn.pcap.out | 20 +- test/results/default/ah.pcapng.out | 12 +- test/results/default/ajp.pcap.out | 12 +- test/results/default/alexa-app.pcapng.out | 196 ++-- test/results/default/alicloud.pcap.out | 36 +- test/results/default/among_us.pcap.out | 12 +- test/results/default/amqp.pcap.out | 12 +- test/results/default/android.pcap.out | 16 +- test/results/default/anyconnect-vpn.pcap.out | 42 +- test/results/default/anydesk.pcapng.out | 18 +- test/results/default/armagetron.pcapng.out | 12 +- test/results/default/atg.pcap.out | 12 +- test/results/default/avast.pcap.out | 48 +- .../default/avast_securedns.pcapng.out | 36 +- test/results/default/bacnet.pcap.out | 22 +- test/results/default/bad-dns-traffic.pcap.out | 12 +- test/results/default/badpackets.pcap.out | 14 +- test/results/default/beckhoff_ads.pcapng.out | 12 +- test/results/default/bets.pcapng.out | 24 +- test/results/default/bfcp.pcapng.out | 16 +- test/results/default/bfd.pcap.out | 12 +- test/results/default/bitcoin.pcap.out | 18 +- test/results/default/bittorrent.pcap.out | 12 +- .../default/bittorrent_tcp_miss.pcapng.out | 12 +- test/results/default/bittorrent_utp.pcap.out | 14 +- test/results/default/bjnp.pcap.out | 12 +- test/results/default/blizzard.pcap.out | 18 +- test/results/default/bot.pcap.out | 12 +- test/results/default/bt-dns.pcap.out | 10 +- test/results/default/bt-http.pcapng.out | 12 +- test/results/default/bt_search.pcap.out | 12 +- test/results/default/c1222.pcapng.out | 12 +- test/results/default/cachefly.pcapng.out | 12 +- test/results/default/can.pcap.out | 12 +- test/results/default/capwap.pcap.out | 12 +- test/results/default/capwap_data.pcapng.out | 12 +- test/results/default/cassandra.pcap.out | 12 +- test/results/default/ceph.pcap.out | 12 +- test/results/default/check_mk_new.pcap.out | 12 +- test/results/default/chrome.pcap.out | 12 +- test/results/default/cip_io.pcap.out | 12 +- test/results/default/citrix.pcap.out | 10 +- test/results/default/cloudflare-warp.pcap.out | 14 +- test/results/default/cnp_ip.pcapng.out | 12 +- test/results/default/coap_mqtt.pcap.out | 16 +- test/results/default/codm.pcap.out | 14 +- test/results/default/collectd.pcap.out | 18 +- test/results/default/conncheck.pcap.out | 56 +- test/results/default/corba.pcap.out | 12 +- test/results/default/cpha.pcap.out | 12 +- .../default/crawler_false_positive.pcapng.out | 12 +- test/results/default/crossfire.pcapng.out | 12 +- test/results/default/crynet.pcap.out | 40 +- .../results/default/custom_breed_cat.pcap.out | 12 +- .../default/custom_categories.pcapng.out | 16 +- .../default/custom_fingerprint.pcap.out | 10 +- .../default/custom_risk_mask.pcapng.out | 12 +- .../default/custom_rules_ip.pcapng.out | 36 + .../default/custom_rules_ipv6.pcapng.out | 16 +- .../custom_rules_overwrite_domains.pcap.out | 46 + ...om_rules_same-ip_multiple_ports.pcapng.out | 14 +- test/results/default/dazn.pcapng.out | 30 +- test/results/default/dcerpc.pcap.out | 12 +- test/results/default/dhcp-fuzz.pcapng.out | 12 +- test/results/default/diameter.pcap.out | 12 +- test/results/default/dicom.pcap.out | 14 +- test/results/default/dingtalk.pcap.out | 12 +- test/results/default/discord.pcap.out | 18 +- .../results/default/discord_mid_flow.pcap.out | 12 +- test/results/default/dlep.pcapng.out | 12 +- test/results/default/dlms.pcap.out | 14 +- test/results/default/dlt_ppp.pcap.out | 10 +- test/results/default/dnp3.pcap.out | 26 +- test/results/default/dns-exf.pcap.out | 12 +- .../default/dns-google-nsid.pcapng.out | 14 +- .../default/dns-invalid-chars.pcap.out | 12 +- .../default/dns-tunnel-iodine.pcap.out | 12 +- test/results/default/dns.pcap.out | 14 +- test/results/default/dns2.pcap.out | 12 +- test/results/default/dns2tcp_tunnel.pcap.out | 12 +- .../default/dns_ambiguous_names.pcap.out | 12 +- test/results/default/dns_doh.pcap.out | 12 +- test/results/default/dns_dot.pcap.out | 12 +- .../results/default/dns_exfiltration.pcap.out | 12 +- test/results/default/dns_fragmented.pcap.out | 16 +- .../default/dns_invert_query.pcapng.out | 12 +- .../default/dns_long_domainname.pcap.out | 12 +- .../default/dns_lots_of_answers.pcapng.out | 14 +- ...s_multiple_transactions_same_flow.pcap.out | 10 +- .../default/dns_response_only.pcap.out | 12 +- .../default/dns_retransmissions.pcap.out | 12 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 50 +- test/results/default/dnscrypt-v2-doh.pcap.out | 12 +- test/results/default/dnscrypt-v2.pcap.out | 12 +- .../dnscrypt_skype_false_positive.pcapng.out | 14 +- test/results/default/dofus.pcap.out | 42 +- test/results/default/doh.pcapng.out | 12 +- test/results/default/doq.pcapng.out | 12 +- test/results/default/doq_adguard.pcapng.out | 12 +- .../default/dos_win98_smb_netbeui.pcap.out | 12 +- test/results/default/dotenv.pcap.out | 12 +- test/results/default/drda_db2.pcap.out | 12 +- test/results/default/dropbox.pcap.out | 16 +- test/results/default/dtls.pcap.out | 16 +- test/results/default/dtls2.pcap.out | 12 +- .../default/dtls_certificate.pcapng.out | 12 +- .../dtls_certificate_fragments.pcap.out | 14 +- .../default/dtls_mid_sessions.pcapng.out | 12 +- .../default/dtls_old_version.pcapng.out | 12 +- .../dtls_session_id_and_coockie_both.pcap.out | 12 +- test/results/default/easyweather.pcap.out | 12 +- test/results/default/edonkey.pcap.out | 12 +- test/results/default/egd.pcapng.out | 12 +- test/results/default/elasticsearch.pcap.out | 14 +- test/results/default/elf.pcap.out | 12 +- test/results/default/emotet.pcap.out | 18 +- test/results/default/encrypted_sni.pcap.out | 12 +- test/results/default/epicgames.pcapng.out | 32 +- test/results/default/esp.pcapng.out | 12 +- test/results/default/ethereum.pcap.out | 60 +- test/results/default/ethernetIP.pcap.out | 12 +- test/results/default/ethersbus.pcap.out | 12 +- test/results/default/ethersio.pcap.out | 12 +- test/results/default/exe_download.pcap.out | 12 +- .../default/exe_download_as_png.pcap.out | 12 +- test/results/default/facebook.pcap.out | 12 +- .../default/false_positives.pcapng.out | 22 +- .../default/false_positives2.pcapng.out | 14 +- test/results/default/fastcgi.pcap.out | 12 +- test/results/default/fins.pcap.out | 14 +- test/results/default/firefox.pcap.out | 12 +- test/results/default/fix.pcap.out | 12 +- test/results/default/fix2.pcap.out | 12 +- .../default/flow_risk_lists.pcapng.out | 12 +- test/results/default/flute.pcapng.out | 12 +- test/results/default/forticlient.pcap.out | 12 +- test/results/default/ftp-start-tls.pcap.out | 12 +- test/results/default/ftp.pcap.out | 12 +- test/results/default/ftp_failed.pcap.out | 12 +- .../default/fuzz-2006-06-26-2594.pcap.out | 16 +- .../default/fuzz-2006-09-29-28586.pcap.out | 14 +- .../default/fuzz-2020-02-16-11740.pcap.out | 20 +- .../fuzz-2021-06-07-c6c72a0a56.pcap.out | 20 +- test/results/default/fuzz-2021-10-13.pcap.out | 12 +- .../default/gaijin_mobile_mixed.pcap.out | 20 +- .../default/gaijin_warthunder.pcap.out | 12 +- test/results/default/gearman.pcap.out | 12 +- test/results/default/gearup_booster.pcap.out | 244 ++--- test/results/default/geforcenow.pcapng.out | 12 +- test/results/default/genshin-impact.pcap.out | 22 +- test/results/default/git.pcap.out | 12 +- test/results/default/glbp.pcapng.out | 12 +- test/results/default/gnutella.pcap.out | 22 +- test/results/default/google_chat.pcapng.out | 12 +- test/results/default/google_meet.pcapng.out | 12 +- test/results/default/google_ssl.pcap.out | 12 +- .../default/googledns_android10.pcap.out | 12 +- test/results/default/gquic.pcap.out | 12 +- .../default/gquic_only_from_server.pcap.out | 12 +- test/results/default/gre.pcapng.out | 12 +- test/results/default/gtp.pcap.out | 14 +- test/results/default/gtp_c.pcap.out | 12 +- .../default/gtp_false_positive.pcapng.out | 16 +- test/results/default/gtp_prime.pcapng.out | 12 +- test/results/default/guildwars2.pcapng.out | 20 +- test/results/default/h323-overflow.pcap.out | 12 +- test/results/default/h323.pcap.out | 18 +- test/results/default/hamachi.pcapng.out | 12 +- test/results/default/haproxy.pcap.out | 12 +- test/results/default/hart_ip.pcap.out | 12 +- test/results/default/hcl_notes.pcapng.out | 12 +- .../heuristic_tcp_ack_payload.pcap.out | 24 +- test/results/default/hislip.pcap.out | 12 +- test/results/default/hl7.pcap.out | 12 +- test/results/default/hls.pcapng.out | 12 +- test/results/default/hots.pcapng.out | 16 +- test/results/default/hpvirtgrp.pcap.out | 26 +- test/results/default/hsrp0.pcap.out | 12 +- test/results/default/hsrp2.pcap.out | 12 +- test/results/default/hsrp2_ipv6.pcapng.out | 12 +- test/results/default/http-basic-auth.pcap.out | 12 +- .../http-crash-content-disposition.pcap.out | 20 +- .../results/default/http-lines-split.pcap.out | 12 +- .../results/default/http-manipulated.pcap.out | 14 +- test/results/default/http-proxy.pcapng.out | 12 +- test/results/default/http-pwd.pcapng.out | 12 +- test/results/default/http.pcapng.out | 12 +- test/results/default/http2.pcapng.out | 12 +- .../default/http_asymmetric.pcapng.out | 12 +- test/results/default/http_auth.pcap.out | 12 +- test/results/default/http_connect.pcap.out | 14 +- .../http_guessed_host_and_guessed.pcapng.out | 12 +- .../default/http_invalid_server.pcap.out | 22 +- test/results/default/http_ipv6.pcap.out | 28 +- .../results/default/http_on_sip_port.pcap.out | 12 +- .../http_origin_different_than_host.pcap.out | 12 +- .../http_starting_with_reply.pcapng.out | 12 +- .../http_ua_splitted_in_two_pkts.pcapng.out | 12 +- test/results/default/i3d.pcap.out | 16 +- test/results/default/iax.pcap.out | 12 +- test/results/default/icmp-tunnel.pcap.out | 14 +- test/results/default/iec60780-5-104.pcap.out | 14 +- test/results/default/ieee_c37118.pcap.out | 14 +- test/results/default/imap-starttls.pcap.out | 12 +- test/results/default/imap.pcap.out | 12 +- test/results/default/imaps.pcap.out | 14 +- test/results/default/imo.pcap.out | 12 +- test/results/default/instagram.pcap.out | 20 +- .../default/ip_fragmented_garbage.pcap.out | 12 +- test/results/default/iphone.pcap.out | 44 +- test/results/default/ipp.pcap.out | 12 +- .../results/default/ipsec_isakmp_esp.pcap.out | 32 +- test/results/default/ipv6_in_gtp.pcap.out | 14 +- test/results/default/iqiyi.pcap.out | 12 +- test/results/default/irc.pcap.out | 12 +- test/results/default/iso9506-1-mms.pcap.out | 12 +- .../ja3_lots_of_cipher_suites.pcap.out | 12 +- .../ja3_lots_of_cipher_suites_2_anon.pcap.out | 12 +- test/results/default/jabber.pcap.out | 28 +- test/results/default/jrmi.pcap.out | 12 +- test/results/default/jsonrpc.pcap.out | 12 +- test/results/default/kafka.pcapng.out | 28 +- test/results/default/kcp.pcap.out | 12 +- test/results/default/kerberos-error.pcap.out | 12 +- test/results/default/kerberos-login.pcap.out | 14 +- test/results/default/kerberos.pcap.out | 12 +- test/results/default/kerberos_fuzz.pcapng.out | 12 +- test/results/default/kismet.pcap.out | 12 +- test/results/default/knxip.pcapng.out | 12 +- test/results/default/lagofast.pcap.out | 18 +- test/results/default/ldp.pcap.out | 12 +- test/results/default/line.pcap.out | 16 +- .../default/linecall_falsepositve.pcap.out | 12 +- .../default/lisp_registration.pcap.out | 12 +- .../default/log4j-webapp-exploit.pcap.out | 12 +- .../default/lol_wild_rift_udp.pcap.out | 40 +- .../default/long_tls_certificate.pcap.out | 12 +- .../default/lru_ipv6_caches.pcapng.out | 12 +- test/results/default/lustre.pcapng.out | 10 +- test/results/default/malformed_dns.pcap.out | 12 +- test/results/default/malformed_icmp.pcap.out | 12 +- test/results/default/malware.pcap.out | 16 +- test/results/default/massscan.pcap.out | 12 +- test/results/default/matter_onoff.pcapng.out | 43 + test/results/default/melsec.pcapng.out | 12 +- test/results/default/memcached.cap.out | 12 +- test/results/default/merakicloud.pcapng.out | 12 +- test/results/default/mgcp.pcap.out | 20 +- test/results/default/mikrotik_mndp.pcap.out | 14 +- test/results/default/mining.pcapng.out | 16 +- .../default/mismatching_hostname.pcap.out | 29 + test/results/default/modbus.pcap.out | 12 +- test/results/default/monero.pcap.out | 12 +- .../default/mongo_false_positive.pcapng.out | 12 +- test/results/default/mongodb.pcap.out | 20 +- test/results/default/mpeg-dash.pcap.out | 28 +- test/results/default/mpeg.pcap.out | 12 +- test/results/default/mpegts.pcap.out | 12 +- test/results/default/mqtt.pcap.out | 12 +- test/results/default/msdo.pcapng.out | 12 +- test/results/default/mssql_tds.pcap.out | 16 +- test/results/default/mudfish.pcap.out | 16 +- test/results/default/mullvad_dns.pcap.out | 12 +- .../default/mullvad_wireguard.pcap.out | 12 +- test/results/default/mumble.pcapng.out | 12 +- test/results/default/munin.pcap.out | 18 +- test/results/default/mysql.pcapng.out | 14 +- test/results/default/nano.pcapng.out | 12 +- test/results/default/natpmp.pcap.out | 14 +- test/results/default/nats.pcap.out | 12 +- test/results/default/naver.pcap.out | 24 +- ...match_string_subprotocol__error.pcapng.out | 14 +- test/results/default/nest_log_sink.pcap.out | 72 +- test/results/default/netbios.pcap.out | 14 +- .../netbios_wildcard_dns_query.pcap.out | 12 +- test/results/default/netease_games.pcapng.out | 26 +- test/results/default/netflix.pcap.out | 226 ++--- test/results/default/netflow-fritz.pcap.out | 12 +- test/results/default/netflowv9.pcap.out | 12 +- test/results/default/nexon.pcapng.out | 26 +- test/results/default/nfsv2.pcap.out | 12 +- test/results/default/nfsv3.pcap.out | 12 +- test/results/default/nintendo.pcap.out | 54 +- test/results/default/nntp.pcap.out | 12 +- test/results/default/no_sni.pcap.out | 12 +- test/results/default/nomachine.pcapng.out | 12 +- test/results/default/nordvpn.pcap.out | 10 +- test/results/default/ocs.pcap.out | 16 +- test/results/default/ocsp.pcapng.out | 42 +- test/results/default/oicq.pcap.out | 38 +- test/results/default/ookla.pcap.out | 14 +- test/results/default/opc-ua.pcap.out | 12 +- test/results/default/openflow.pcap.out | 12 +- .../results/default/openvpn-tlscrypt.pcap.out | 12 +- test/results/default/openvpn.pcap.out | 32 +- .../results/default/openvpn_nohmac.pcapng.out | 24 +- .../default/openvpn_nohmac_tcp.pcapng.out | 12 +- .../default/openvpn_obfuscated.pcapng.out | 14 +- test/results/default/openwire.pcapng.out | 12 +- test/results/default/opera-vpn.pcapng.out | 12 +- test/results/default/oracle12.pcapng.out | 12 +- test/results/default/os_detected.pcapng.out | 12 +- .../default/ospfv2_add_new_prefix.pcap.out | 12 +- .../ossfuzz_seed_fake_traces_1.pcapng.out | 22 +- .../ossfuzz_seed_fake_traces_2.pcapng.out | 18 +- .../ossfuzz_seed_fake_traces_4.pcapng.out | 12 +- test/results/default/paltalk.pcapng.out | 24 +- test/results/default/path_of_exile.pcapng.out | 18 +- test/results/default/pfcp.pcapng.out | 12 +- test/results/default/pgm.pcap.out | 12 +- test/results/default/pgsql.pcap.out | 14 +- test/results/default/pgsql2.pcapng.out | 12 +- test/results/default/pia.pcap.out | 12 +- test/results/default/pim.pcap.out | 12 +- test/results/default/pinterest.pcap.out | 14 +- test/results/default/pluralsight.pcap.out | 28 +- test/results/default/pop3.pcap.out | 14 +- test/results/default/pop3_stls.pcap.out | 12 +- test/results/default/pops.pcapng.out | 12 +- .../default/portable_executable.pcap.out | 12 +- test/results/default/pptp.pcap.out | 12 +- test/results/default/profinet-io-le.pcap.out | 12 +- test/results/default/protobuf.pcap.out | 20 +- test/results/default/protonvpn.pcap.out | 12 +- test/results/default/psiphon3.pcap.out | 12 +- test/results/default/ptpv2.pcap.out | 12 +- test/results/default/punycode-idn.pcap.out | 12 +- test/results/default/quic-23.pcap.out | 12 +- test/results/default/quic-24.pcap.out | 12 +- test/results/default/quic-27.pcap.out | 12 +- test/results/default/quic-28.pcap.out | 12 +- test/results/default/quic-29.pcap.out | 12 +- test/results/default/quic-33.pcapng.out | 12 +- test/results/default/quic-34.pcap.out | 12 +- .../quic-forcing-vn-with-data.pcapng.out | 12 +- .../default/quic-fuzz-overflow.pcapng.out | 12 +- test/results/default/quic-mvfst-22.pcap.out | 10 +- .../quic-mvfst-22_decryption_error.pcap.out | 12 +- test/results/default/quic-mvfst-27.pcapng.out | 10 +- test/results/default/quic-mvfst-exp.pcap.out | 12 +- test/results/default/quic-v2.pcapng.out | 12 +- test/results/default/quic.pcap.out | 18 +- test/results/default/quic046.pcap.out | 12 +- test/results/default/quic_0RTT.pcap.out | 14 +- test/results/default/quic_cc_ack.pcapng.out | 12 +- .../quic_crypto_aes_auth_size.pcap.out | 12 +- ...ic_frags_ch_in_multiple_packets.pcapng.out | 12 +- ..._of_order_same_packet_craziness.pcapng.out | 368 ++++---- .../quic_frags_different_dcid.pcapng.out | 12 +- .../results/default/quic_interop_V.pcapng.out | 74 +- test/results/default/quic_q39.pcap.out | 12 +- test/results/default/quic_q43.pcap.out | 12 +- test/results/default/quic_q46.pcap.out | 12 +- test/results/default/quic_q46_b.pcap.out | 12 +- test/results/default/quic_q50.pcap.out | 12 +- test/results/default/quic_sh.pcap.out | 16 +- test/results/default/quic_t50.pcap.out | 12 +- test/results/default/quic_t51.pcap.out | 16 +- test/results/default/quickplay.pcap.out | 21 +- .../default/radius_false_positive.pcapng.out | 12 +- test/results/default/radmin3.pcapng.out | 12 +- test/results/default/raft.pcap.out | 12 +- test/results/default/raknet.pcap.out | 14 +- test/results/default/rdp.pcap.out | 12 +- test/results/default/rdp2.pcap.out | 16 +- test/results/default/rdp3.pcap.out | 12 +- test/results/default/rdp_over_tls.pcap.out | 12 +- .../default/reasm_crash_anon.pcapng.out | 16 +- .../default/reasm_segv_anon.pcapng.out | 12 +- test/results/default/reddit.pcap.out | 33 +- test/results/default/resp.pcap.out | 12 +- test/results/default/riot.pcapng.out | 14 +- test/results/default/riotgames.pcap.out | 28 +- test/results/default/ripe_atlas.pcap.out | 24 +- test/results/default/rmcp.pcap.out | 24 +- test/results/default/roblox.pcapng.out | 16 +- .../results/default/rockstar_games.pcapng.out | 28 +- test/results/default/roughtime.pcap.out | 14 +- .../rsh-syslog-false-positive.pcap.out | 12 +- test/results/default/rsh.pcap.out | 12 +- test/results/default/rsync.pcap.out | 12 +- ...ultiple_pkts_in_the_same_datagram.pcap.out | 12 +- test/results/default/rtmp.pcap.out | 14 +- test/results/default/rtp.pcapng.out | 16 +- test/results/default/rtps.pcap.out | 12 +- test/results/default/rtsp.pcap.out | 12 +- .../default/rtsp_setup_http.pcapng.out | 12 +- test/results/default/rx.pcap.out | 12 +- test/results/default/s7comm-plus.pcap.out | 12 +- test/results/default/s7comm.pcap.out | 12 +- test/results/default/safari.pcap.out | 12 +- test/results/default/salesforce.pcap.out | 12 +- test/results/default/samsung_sdp.pcapng.out | 12 +- test/results/default/scanner.pcap.out | 12 +- .../default/sccp_hw_conf_register.pcapng.out | 12 +- test/results/default/sctp.cap.out | 12 +- test/results/default/selfsigned.pcap.out | 12 +- test/results/default/sflow.pcap.out | 12 +- test/results/default/shadowsocks.pcap.out | 12 +- test/results/default/shell.pcap.out | 12 +- test/results/default/signal.pcap.out | 124 +-- .../default/signal_audiocall.pcapng.out | 12 +- .../default/signal_audiocall_2.pcapng.out | 12 +- .../default/signal_multiparty.pcapng.out | 12 +- .../default/signal_videocall.pcapng.out | 12 +- .../signal_videocall_multiparty.pcapng.out | 12 +- test/results/default/simple-dnscrypt.pcap.out | 12 +- test/results/default/sip.pcap.out | 16 +- test/results/default/sip_hello.pcapng.out | 12 +- test/results/default/sites.pcapng.out | 210 ++--- test/results/default/sites2.pcapng.out | 28 +- test/results/default/sites3.pcapng.out | 46 +- test/results/default/skinny.pcap.out | 12 +- .../default/skype-conference-call.pcap.out | 12 +- test/results/default/smb_deletefile.pcap.out | 12 +- test/results/default/smb_frags.pcap.out | 12 +- test/results/default/smbv1.pcap.out | 12 +- test/results/default/smpp_in_general.pcap.out | 12 +- test/results/default/smtp-starttls.pcap.out | 14 +- test/results/default/smtp.pcap.out | 12 +- test/results/default/smtps.pcapng.out | 12 +- test/results/default/snapchat.pcap.out | 12 +- test/results/default/snapchat_call.pcapng.out | 20 +- .../default/snapchat_call_v1.pcapng.out | 24 +- test/results/default/snmp.pcap.out | 46 +- test/results/default/soap.pcap.out | 22 +- test/results/default/socks.pcap.out | 14 +- test/results/default/softether.pcap.out | 34 +- test/results/default/someip-tp.pcap.out | 12 +- .../default/someip-udp-method-call.pcapng.out | 12 +- .../results/default/someip_sd_sample.pcap.out | 12 +- test/results/default/sonos.pcapng.out | 14 +- test/results/default/source_engine.pcap.out | 30 +- test/results/default/spotify_tcp.pcap.out | 10 +- test/results/default/sql_injection.pcap.out | 12 +- test/results/default/srvloc-v1.pcapng.out | 16 +- test/results/default/srvloc.pcap.out | 862 +++++++++--------- .../results/default/ssdp-m-search-ua.pcap.out | 12 +- test/results/default/ssdp-m-search.pcap.out | 12 +- test/results/default/ssdp.pcapng.out | 12 +- test/results/default/ssh.pcap.out | 16 +- .../default/ssh_unidirectional.pcap.out | 12 +- .../default/ssl-cert-name-mismatch.pcap.out | 12 +- .../results/default/starcraft_battle.pcap.out | 12 +- test/results/default/steam.pcapng.out | 28 +- test/results/default/stomp.pcapng.out | 12 +- test/results/default/stun.pcap.out | 26 +- test/results/default/stun_classic.pcap.out | 12 +- test/results/default/stun_dtls_rtp.pcapng.out | 14 +- .../default/stun_dtls_rtp_unidir.pcapng.out | 12 +- .../stun_dtls_unidirectional_client.pcap.out | 12 +- .../stun_dtls_unidirectional_server.pcap.out | 12 +- .../default/stun_google_meet.pcapng.out | 14 +- .../default/stun_msteams_unidir.pcapng.out | 12 +- test/results/default/stun_signal.pcapng.out | 142 +-- .../default/stun_signal_tcp.pcapng.out | 12 +- .../stun_tcp_multiple_msgs_same_pkt.pcap.out | 12 +- test/results/default/stun_wa_call.pcapng.out | 12 +- test/results/default/stun_zoom.pcapng.out | 12 +- test/results/default/syncthing.pcap.out | 12 +- test/results/default/synscan.pcap.out | 12 +- test/results/default/syslog.pcap.out | 30 +- test/results/default/tailscale.pcap.out | 22 +- .../targusdataspeed_false_positives.pcap.out | 10 +- test/results/default/tcp_scan.pcapng.out | 12 +- test/results/default/teams.pcap.out | 12 +- test/results/default/teamspeak3.pcap.out | 208 ++--- test/results/default/teamviewer.pcap.out | 12 +- test/results/default/telegram.pcap.out | 12 +- .../default/telegram_videocall.pcapng.out | 18 +- .../default/telegram_videocall_2.pcapng.out | 12 +- .../results/default/telegram_voice.pcapng.out | 12 +- test/results/default/telnet.pcap.out | 55 +- test/results/default/tencent_games.pcap.out | 16 +- test/results/default/teredo.pcap.out | 12 +- test/results/default/teso.pcapng.out | 14 +- test/results/default/tftp.pcap.out | 18 +- test/results/default/threema.pcap.out | 18 +- test/results/default/thrift.pcap.out | 14 +- test/results/default/tinc.pcap.out | 12 +- test/results/default/tk.pcap.out | 12 +- test/results/default/tls-appdata.pcap.out | 20 +- test/results/default/tls-esni-fuzzed.pcap.out | 12 +- test/results/default/tls-rdn-extract.pcap.out | 12 +- .../tls_1.2_unidirectional_client.pcapng.out | 12 +- ...2_unidirectional_client_no_cert.pcapng.out | 12 +- .../tls_1.2_unidirectional_server.pcapng.out | 12 +- ...2_unidirectional_server_no_cert.pcapng.out | 12 +- .../tls_1.3_unidirectional_client.pcapng.out | 12 +- .../tls_1.3_unidirectional_server.pcapng.out | 12 +- test/results/default/tls_2_reasms.pcapng.out | 12 +- .../results/default/tls_2_reasms_b.pcapng.out | 12 +- test/results/default/tls_alert.pcap.out | 14 +- .../default/tls_certificate_too_long.pcap.out | 28 +- .../default/tls_change_cipher.pcap.out | 12 +- test/results/default/tls_cipher_lens.pcap.out | 12 +- ...ificate_with_missing_server_one.pcapng.out | 12 +- test/results/default/tls_ech.pcapng.out | 12 +- .../default/tls_esni_sni_both.pcap.out | 12 +- .../default/tls_false_positives.pcapng.out | 12 +- .../tls_heur__shadowsocks-tcp.pcapng.out | 12 +- .../tls_heur__trojan-tcp-tls.pcapng.out | 12 +- .../tls_heur__vmess-tcp-tls.pcapng.out | 12 +- .../default/tls_heur__vmess-tcp.pcapng.out | 12 +- .../tls_heur__vmess-websocket.pcapng.out | 12 +- .../default/tls_invalid_reads.pcap.out | 16 +- test/results/default/tls_long_cert.pcap.out | 26 +- .../default/tls_malicious_sha1.pcapng.out | 12 +- .../default/tls_missing_ch_frag.pcap.out | 12 +- ...s_multiple_synack_different_seq.pcapng.out | 24 +- test/results/default/tls_port_80.pcapng.out | 12 +- test/results/default/tls_torrent.pcapng.out | 12 +- .../default/tls_unidirectional.pcap.out | 12 +- .../default/tls_verylong_certificate.pcap.out | 12 +- .../default/tls_with_huge_ch.pcapng.out | 12 +- test/results/default/toca-boca.pcap.out | 32 +- test/results/default/tor-browser.pcap.out | 12 +- test/results/default/tor.pcap.out | 14 +- test/results/default/tplink_shp.pcap.out | 18 +- test/results/default/trdp.pcapng.out | 12 +- test/results/default/trickbot.pcap.out | 12 +- test/results/default/tristation.pcap.out | 12 +- test/results/default/tumblr.pcap.out | 16 +- test/results/default/tunnelbear.pcap.out | 12 +- test/results/default/tuya_lp.pcap.out | 12 +- test/results/default/ubntac2.pcap.out | 14 +- test/results/default/uftp_v4_v5.pcap.out | 14 +- test/results/default/ultrasurf.pcap.out | 12 +- test/results/default/umas.pcap.out | 12 +- test/results/default/upnp.pcap.out | 12 +- test/results/default/viber.pcap.out | 86 +- test/results/default/vivox.pcapng.out | 12 +- test/results/default/vk.pcapng.out | 12 +- test/results/default/vnc.pcap.out | 12 +- test/results/default/vrrp3.pcapng.out | 12 +- test/results/default/vxlan.pcap.out | 12 +- test/results/default/wa_video.pcap.out | 12 +- test/results/default/wa_voice.pcap.out | 12 +- test/results/default/waze.pcap.out | 140 +-- test/results/default/webdav.pcap.out | 14 +- test/results/default/webex.pcap.out | 28 +- .../default/websocket-chisel-ssh.pcap.out | 12 +- test/results/default/websocket.pcap.out | 12 +- test/results/default/wechat.pcap.out | 32 +- test/results/default/weibo.pcap.out | 14 +- test/results/default/whatsapp.pcap.out | 132 +-- .../default/whatsapp_login_call.pcap.out | 18 +- .../default/whatsapp_login_chat.pcap.out | 14 +- .../whatsapp_voice_and_message.pcap.out | 12 +- test/results/default/whatsappfiles.pcap.out | 12 +- test/results/default/whois.pcapng.out | 16 +- .../default/windowsupdate_over_http.pcap.out | 17 +- test/results/default/windscribe.pcapng.out | 12 +- test/results/default/wireguard.pcap.out | 14 +- test/results/default/xdmcp.pcap.out | 12 +- test/results/default/xiaomi.pcap.out | 28 +- test/results/default/xss.pcap.out | 12 +- test/results/default/yandex.pcapng.out | 16 +- test/results/default/yojimbo.pcap.out | 12 +- test/results/default/youtube_quic.pcap.out | 12 +- test/results/default/youtubeupload.pcap.out | 12 +- test/results/default/z3950.pcapng.out | 14 +- test/results/default/zabbix.pcap.out | 14 +- test/results/default/zattoo.pcap.out | 12 +- test/results/default/zeromq.pcapng.out | 12 +- test/results/default/zmap.pcap.out | 12 +- test/results/default/zoom.pcap.out | 44 +- test/results/default/zoom2.pcap.out | 12 +- test/results/default/zoom_p2p.pcapng.out | 12 +- test/results/default/zug.pcap.out | 20 +- .../disable_aggressiveness/ookla.pcap.out | 14 +- .../dns_long_domainname.pcap.out | 12 +- test/results/disable_protocols/esp.pcapng.out | 12 +- .../ospfv2_add_new_prefix.pcap.out | 12 +- .../disable_protocols/pluralsight.pcap.out | 28 +- .../quic-mvfst-27.pcapng.out | 10 +- test/results/disable_protocols/sctp.cap.out | 12 +- test/results/disable_protocols/soap.pcap.out | 22 +- .../disable_use_client_ip/bot.pcap.out | 12 +- .../disable_use_client_port/iphone.pcap.out | 44 +- test/results/dns_sub_enable/dns.pcap.out | 14 +- test/results/dns_sub_enable/dns2.pcap.out | 12 +- ...s_multiple_transactions_same_flow.pcap.out | 10 +- .../dns_retransmissions.pcap.out | 12 +- .../dns.pcap.out | 14 +- .../enable_doh_heuristic/doh.pcapng.out | 12 +- .../enable_payload_stat/1kxun.pcap.out | 106 +-- .../custom_rules_overwrite_domains.pcap.out | 4 + .../flow-analyse/default/1kxun.pcap.out | 2 +- .../default/KakaoTalk_chat.pcap.out | 2 +- .../default/KakaoTalk_talk.pcap.out | 2 +- .../flow-analyse/default/alexa-app.pcapng.out | 2 +- .../flow-analyse/default/android.pcap.out | 2 +- .../default/anyconnect-vpn.pcap.out | 2 +- .../flow-analyse/default/anydesk.pcapng.out | 2 +- .../flow-analyse/default/bets.pcapng.out | 2 +- .../flow-analyse/default/conncheck.pcap.out | 2 +- .../default/custom_rules_ip.pcapng.out | 3 + .../custom_rules_overwrite_domains.pcap.out | 4 + .../flow-analyse/default/dazn.pcapng.out | 2 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 2 +- .../flow-analyse/default/dofus.pcap.out | 2 +- .../flow-analyse/default/epicgames.pcapng.out | 2 +- .../flow-analyse/default/ethereum.pcap.out | 2 +- .../default/fuzz-2006-09-29-28586.pcap.out | 2 +- .../default/gaijin_mobile_mixed.pcap.out | 2 +- .../default/gearup_booster.pcap.out | 2 +- .../flow-analyse/default/gnutella.pcap.out | 2 +- .../default/guildwars2.pcapng.out | 2 +- .../heuristic_tcp_ack_payload.pcap.out | 2 +- .../http-crash-content-disposition.pcap.out | 2 +- .../default/http_invalid_server.pcap.out | 2 +- .../flow-analyse/default/http_ipv6.pcap.out | 2 +- .../flow-analyse/default/instagram.pcap.out | 2 +- .../flow-analyse/default/iphone.pcap.out | 2 +- .../flow-analyse/default/lagofast.pcap.out | 2 +- .../flow-analyse/default/line.pcap.out | 4 +- .../default/lol_wild_rift_udp.pcap.out | 2 +- .../default/matter_onoff.pcapng.out | 4 + .../default/mismatching_hostname.pcap.out | 4 + .../flow-analyse/default/mpeg-dash.pcap.out | 2 +- .../flow-analyse/default/mudfish.pcap.out | 2 +- .../flow-analyse/default/naver.pcap.out | 2 +- .../default/nest_log_sink.pcap.out | 2 +- .../default/netease_games.pcapng.out | 2 +- .../flow-analyse/default/netflix.pcap.out | 2 +- .../flow-analyse/default/nexon.pcapng.out | 2 +- .../flow-analyse/default/nintendo.pcap.out | 4 +- .../results/flow-analyse/default/ocs.pcap.out | 2 +- .../flow-analyse/default/ocsp.pcapng.out | 2 +- .../flow-analyse/default/openvpn.pcap.out | 2 +- .../default/openvpn_nohmac.pcapng.out | 2 +- .../flow-analyse/default/paltalk.pcapng.out | 2 +- .../flow-analyse/default/pinterest.pcap.out | 4 +- .../flow-analyse/default/pluralsight.pcap.out | 2 +- ..._of_order_same_packet_craziness.pcapng.out | 2 +- .../default/quic_interop_V.pcapng.out | 2 +- .../flow-analyse/default/quic_sh.pcap.out | 2 +- .../flow-analyse/default/quic_t51.pcap.out | 2 +- .../flow-analyse/default/quickplay.pcap.out | 2 +- .../flow-analyse/default/reddit.pcap.out | 4 +- .../flow-analyse/default/riot.pcapng.out | 2 +- .../flow-analyse/default/ripe_atlas.pcap.out | 2 +- .../flow-analyse/default/rmcp.pcap.out | 2 +- .../default/rockstar_games.pcapng.out | 2 +- .../flow-analyse/default/signal.pcap.out | 2 +- .../flow-analyse/default/sites.pcapng.out | 2 +- .../flow-analyse/default/sites2.pcapng.out | 2 +- .../flow-analyse/default/sites3.pcapng.out | 2 +- .../default/snapchat_call.pcapng.out | 2 +- .../default/snapchat_call_v1.pcapng.out | 2 +- .../flow-analyse/default/snmp.pcap.out | 2 +- .../flow-analyse/default/soap.pcap.out | 2 +- .../flow-analyse/default/srvloc-v1.pcapng.out | 2 +- .../flow-analyse/default/srvloc.pcap.out | 2 +- .../flow-analyse/default/steam.pcapng.out | 2 +- .../default/stun_signal.pcapng.out | 2 +- .../flow-analyse/default/tailscale.pcap.out | 2 +- .../default/telegram_videocall.pcapng.out | 2 +- .../flow-analyse/default/telnet.pcap.out | 3 +- .../default/tls_certificate_too_long.pcap.out | 6 +- .../default/tls_long_cert.pcap.out | 2 +- ...s_multiple_synack_different_seq.pcapng.out | 2 +- .../flow-analyse/default/tumblr.pcap.out | 4 +- .../flow-analyse/default/viber.pcap.out | 2 +- .../flow-analyse/default/waze.pcap.out | 2 +- .../flow-analyse/default/webex.pcap.out | 2 +- .../flow-analyse/default/wechat.pcap.out | 4 +- .../flow-analyse/default/weibo.pcap.out | 2 +- .../default/whatsapp_login_call.pcap.out | 2 +- .../default/whatsapp_login_chat.pcap.out | 4 +- .../default/windowsupdate_over_http.pcap.out | 2 +- .../flow-analyse/default/xiaomi.pcap.out | 2 +- .../flow-analyse/default/zoom.pcap.out | 2 +- .../disable_protocols/pluralsight.pcap.out | 2 +- .../disable_protocols/soap.pcap.out | 2 +- .../disable_use_client_port/iphone.pcap.out | 2 +- .../enable_payload_stat/1kxun.pcap.out | 2 +- .../http_invalid_server.pcap.out | 2 +- test/results/flow-analyse/fpc/1kxun.pcap.out | 2 +- .../1kxun.pcap.out | 2 +- .../guessing_disable/webex.pcap.out | 2 +- .../hostname_dns_check/netflix.pcap.out | 2 +- .../ip_lists_disable/1kxun.pcap.out | 2 +- .../monitoring/stun_signal.pcapng.out | 2 +- .../monitoring/telegram_videocall.pcapng.out | 2 +- .../telegram_videocall.pcapng.out | 2 +- .../anydesk.pcapng.out | 2 +- .../zoom_extra_dissection/zoom.pcap.out | 2 +- .../custom_rules_overwrite_domains.pcap.out | 0 .../default/anyconnect-vpn.pcap.out | 2 - .../flow-captured/default/anydesk.pcapng.out | 2 - .../default/custom_rules_ip.pcapng.out | 0 .../custom_rules_overwrite_domains.pcap.out | 0 .../default/matter_onoff.pcapng.out | 0 .../default/mismatching_hostname.pcap.out | 1 + ..._of_order_same_packet_craziness.pcapng.out | 49 + .../flow-captured/default/quic_t51.pcap.out | 1 + .../flow-captured/default/quickplay.pcap.out | 1 + .../flow-captured/default/reddit.pcap.out | 2 +- .../flow-captured/default/telnet.pcap.out | 1 + .../default/tls_certificate_too_long.pcap.out | 4 +- .../flow-captured/default/tumblr.pcap.out | 1 - .../flow-captured/default/wechat.pcap.out | 2 +- .../default/whatsapp_login_call.pcap.out | 1 - .../flow-captured/default/zoom.pcap.out | 1 - .../anydesk.pcapng.out | 2 - .../zoom_extra_dissection/zoom.pcap.out | 1 - .../custom_rules_overwrite_domains.pcap.out | 26 + test/results/flow-info/default/1kxun.pcap.out | 92 +- .../flow-info/default/KakaoTalk_chat.pcap.out | 8 +- .../flow-info/default/KakaoTalk_talk.pcap.out | 2 +- .../flow-info/default/alexa-app.pcapng.out | 184 ++-- .../flow-info/default/android.pcap.out | 4 +- .../flow-info/default/anyconnect-vpn.pcap.out | 28 +- .../results/flow-info/default/bets.pcapng.out | 8 +- .../flow-info/default/conncheck.pcap.out | 42 +- .../default/custom_rules_ip.pcapng.out | 17 + .../custom_rules_overwrite_domains.pcap.out | 26 + .../results/flow-info/default/dazn.pcapng.out | 18 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 36 +- test/results/flow-info/default/dofus.pcap.out | 26 +- .../flow-info/default/epicgames.pcapng.out | 16 +- .../flow-info/default/ethereum.pcap.out | 48 +- .../default/fuzz-2006-09-29-28586.pcap.out | 2 +- .../default/gaijin_mobile_mixed.pcap.out | 6 +- .../flow-info/default/gearup_booster.pcap.out | 230 ++--- .../flow-info/default/gnutella.pcap.out | 10 +- .../flow-info/default/guildwars2.pcapng.out | 4 +- .../heuristic_tcp_ack_payload.pcap.out | 8 +- .../http-crash-content-disposition.pcap.out | 4 +- .../default/http_invalid_server.pcap.out | 6 +- .../flow-info/default/http_ipv6.pcap.out | 16 +- .../flow-info/default/instagram.pcap.out | 6 +- .../results/flow-info/default/iphone.pcap.out | 32 +- .../flow-info/default/lagofast.pcap.out | 4 +- .../default/lol_wild_rift_udp.pcap.out | 20 +- .../flow-info/default/matter_onoff.pcapng.out | 23 + .../default/mismatching_hostname.pcap.out | 23 + .../flow-info/default/mpeg-dash.pcap.out | 14 +- .../flow-info/default/mudfish.pcap.out | 4 +- test/results/flow-info/default/naver.pcap.out | 12 +- .../flow-info/default/nest_log_sink.pcap.out | 34 +- .../default/netease_games.pcapng.out | 6 +- .../flow-info/default/netflix.pcap.out | 214 ++--- .../flow-info/default/nexon.pcapng.out | 10 +- .../flow-info/default/nintendo.pcap.out | 38 +- test/results/flow-info/default/ocs.pcap.out | 4 +- .../results/flow-info/default/ocsp.pcapng.out | 18 +- .../flow-info/default/openvpn.pcap.out | 6 +- .../default/openvpn_nohmac.pcapng.out | 8 +- .../flow-info/default/paltalk.pcapng.out | 10 +- .../flow-info/default/pluralsight.pcap.out | 16 +- ..._of_order_same_packet_craziness.pcapng.out | 155 ++++ .../default/quic_interop_V.pcapng.out | 62 +- .../flow-info/default/quic_sh.pcap.out | 4 +- .../flow-info/default/quic_t51.pcap.out | 2 + .../flow-info/default/quickplay.pcap.out | 11 +- .../results/flow-info/default/reddit.pcap.out | 12 +- .../results/flow-info/default/riot.pcapng.out | 2 +- .../flow-info/default/ripe_atlas.pcap.out | 4 +- test/results/flow-info/default/rmcp.pcap.out | 4 +- .../default/rockstar_games.pcapng.out | 12 +- .../results/flow-info/default/signal.pcap.out | 108 +-- .../flow-info/default/sites.pcapng.out | 146 +-- .../flow-info/default/sites2.pcapng.out | 10 +- .../flow-info/default/sites3.pcapng.out | 14 +- .../default/snapchat_call.pcapng.out | 8 +- .../default/snapchat_call_v1.pcapng.out | 8 +- test/results/flow-info/default/snmp.pcap.out | 28 +- test/results/flow-info/default/soap.pcap.out | 8 +- .../flow-info/default/srvloc-v1.pcapng.out | 4 +- .../results/flow-info/default/srvloc.pcap.out | 44 +- .../flow-info/default/steam.pcapng.out | 16 +- .../flow-info/default/stun_signal.pcapng.out | 126 +-- .../flow-info/default/tailscale.pcap.out | 6 +- .../default/telegram_videocall.pcapng.out | 6 +- .../results/flow-info/default/telnet.pcap.out | 55 ++ .../default/tls_certificate_too_long.pcap.out | 12 +- .../flow-info/default/tls_long_cert.pcap.out | 10 +- ...s_multiple_synack_different_seq.pcapng.out | 8 +- test/results/flow-info/default/viber.pcap.out | 66 +- test/results/flow-info/default/waze.pcap.out | 124 +-- test/results/flow-info/default/webex.pcap.out | 16 +- .../results/flow-info/default/wechat.pcap.out | 16 +- test/results/flow-info/default/weibo.pcap.out | 2 +- .../default/whatsapp_login_call.pcap.out | 4 +- .../default/windowsupdate_over_http.pcap.out | 6 +- .../results/flow-info/default/xiaomi.pcap.out | 8 +- test/results/flow-info/default/zoom.pcap.out | 28 +- .../disable_protocols/pluralsight.pcap.out | 16 +- .../flow-info/disable_protocols/soap.pcap.out | 8 +- .../disable_use_client_port/iphone.pcap.out | 32 +- .../enable_payload_stat/1kxun.pcap.out | 92 +- .../http_invalid_server.pcap.out | 6 +- test/results/flow-info/fpc/1kxun.pcap.out | 92 +- .../1kxun.pcap.out | 92 +- .../flow-info/guessing_disable/webex.pcap.out | 16 +- .../hostname_dns_check/netflix.pcap.out | 214 ++--- .../flow-info/ip_lists_disable/1kxun.pcap.out | 92 +- .../monitoring/stun_signal.pcapng.out | 126 +-- .../monitoring/telegram_videocall.pcapng.out | 6 +- .../telegram_videocall.pcapng.out | 6 +- .../zoom_extra_dissection/zoom.pcap.out | 28 +- .../http_invalid_server.pcap.out | 22 +- .../tls_malicious_sha1.pcapng.out | 12 +- .../flow_risk_lists.pcapng.out | 12 +- test/results/fpc/1kxun.pcap.out | 106 +-- test/results/fpc/signal_videocall.pcapng.out | 12 +- test/results/fpc_disabled/teams.pcap.out | 12 +- .../1kxun.pcap.out | 106 +-- test/results/guessing_disable/webex.pcap.out | 28 +- .../hostname_dns_check/netflix.pcap.out | 226 ++--- .../http.pcapng.out | 12 +- .../http_asymmetric.pcapng.out | 12 +- .../synscan.pcap.out | 12 +- .../custom_rules_overwrite_domains.pcap.out | 11 + test/results/influxd/default/1kxun.pcap.out | 2 +- .../influxd/default/KakaoTalk_chat.pcap.out | 2 +- .../influxd/default/KakaoTalk_talk.pcap.out | 2 +- .../influxd/default/alexa-app.pcapng.out | 2 +- test/results/influxd/default/android.pcap.out | 2 +- .../influxd/default/anyconnect-vpn.pcap.out | 4 +- .../influxd/default/anydesk.pcapng.out | 4 +- test/results/influxd/default/bets.pcapng.out | 2 +- .../influxd/default/conncheck.pcap.out | 6 +- .../default/custom_rules_ip.pcapng.out | 11 + .../custom_rules_overwrite_domains.pcap.out | 11 + test/results/influxd/default/dazn.pcapng.out | 2 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 2 +- test/results/influxd/default/dofus.pcap.out | 2 +- .../influxd/default/epicgames.pcapng.out | 2 +- .../results/influxd/default/ethereum.pcap.out | 2 +- .../default/fuzz-2006-09-29-28586.pcap.out | 2 +- .../default/gaijin_mobile_mixed.pcap.out | 2 +- .../influxd/default/gearup_booster.pcap.out | 2 +- .../results/influxd/default/gnutella.pcap.out | 2 +- .../influxd/default/guildwars2.pcapng.out | 2 +- .../heuristic_tcp_ack_payload.pcap.out | 2 +- .../http-crash-content-disposition.pcap.out | 2 +- .../default/http_invalid_server.pcap.out | 6 +- .../influxd/default/http_ipv6.pcap.out | 2 +- .../influxd/default/instagram.pcap.out | 2 +- test/results/influxd/default/iphone.pcap.out | 2 +- .../results/influxd/default/lagofast.pcap.out | 2 +- test/results/influxd/default/line.pcap.out | 2 +- .../default/lol_wild_rift_udp.pcap.out | 2 +- .../influxd/default/matter_onoff.pcapng.out | 11 + .../default/mismatching_hostname.pcap.out | 11 + .../influxd/default/mpeg-dash.pcap.out | 2 +- test/results/influxd/default/mudfish.pcap.out | 2 +- test/results/influxd/default/naver.pcap.out | 2 +- .../influxd/default/nest_log_sink.pcap.out | 2 +- .../influxd/default/netease_games.pcapng.out | 2 +- test/results/influxd/default/netflix.pcap.out | 2 +- test/results/influxd/default/nexon.pcapng.out | 2 +- .../results/influxd/default/nintendo.pcap.out | 2 +- test/results/influxd/default/ocs.pcap.out | 2 +- test/results/influxd/default/ocsp.pcapng.out | 2 +- test/results/influxd/default/openvpn.pcap.out | 2 +- .../influxd/default/openvpn_nohmac.pcapng.out | 2 +- .../influxd/default/paltalk.pcapng.out | 2 +- .../influxd/default/pinterest.pcap.out | 2 +- .../influxd/default/pluralsight.pcap.out | 2 +- ..._of_order_same_packet_craziness.pcapng.out | 8 +- .../influxd/default/quic_interop_V.pcapng.out | 2 +- test/results/influxd/default/quic_sh.pcap.out | 2 +- .../results/influxd/default/quic_t51.pcap.out | 8 +- .../influxd/default/quickplay.pcap.out | 10 +- test/results/influxd/default/reddit.pcap.out | 8 +- test/results/influxd/default/riot.pcapng.out | 2 +- .../influxd/default/ripe_atlas.pcap.out | 2 +- test/results/influxd/default/rmcp.pcap.out | 2 +- .../influxd/default/rockstar_games.pcapng.out | 2 +- test/results/influxd/default/signal.pcap.out | 2 +- test/results/influxd/default/sites.pcapng.out | 2 +- .../results/influxd/default/sites2.pcapng.out | 4 +- .../results/influxd/default/sites3.pcapng.out | 18 +- .../influxd/default/snapchat_call.pcapng.out | 2 +- .../default/snapchat_call_v1.pcapng.out | 2 +- test/results/influxd/default/snmp.pcap.out | 2 +- test/results/influxd/default/soap.pcap.out | 2 +- .../influxd/default/srvloc-v1.pcapng.out | 2 +- test/results/influxd/default/srvloc.pcap.out | 2 +- test/results/influxd/default/steam.pcapng.out | 2 +- .../influxd/default/stun_signal.pcapng.out | 2 +- .../influxd/default/tailscale.pcap.out | 2 +- .../default/telegram_videocall.pcapng.out | 2 +- test/results/influxd/default/telnet.pcap.out | 22 +- .../default/tls_certificate_too_long.pcap.out | 2 +- .../influxd/default/tls_long_cert.pcap.out | 2 +- ...s_multiple_synack_different_seq.pcapng.out | 2 +- test/results/influxd/default/tumblr.pcap.out | 4 +- test/results/influxd/default/viber.pcap.out | 2 +- test/results/influxd/default/waze.pcap.out | 2 +- test/results/influxd/default/webex.pcap.out | 2 +- test/results/influxd/default/wechat.pcap.out | 2 +- test/results/influxd/default/weibo.pcap.out | 2 +- .../default/whatsapp_login_call.pcap.out | 4 +- .../default/whatsapp_login_chat.pcap.out | 2 +- .../default/windowsupdate_over_http.pcap.out | 8 +- test/results/influxd/default/xiaomi.pcap.out | 2 +- test/results/influxd/default/zoom.pcap.out | 4 +- .../disable_protocols/pluralsight.pcap.out | 2 +- .../influxd/disable_protocols/soap.pcap.out | 2 +- .../disable_use_client_port/iphone.pcap.out | 2 +- .../enable_payload_stat/1kxun.pcap.out | 2 +- .../http_invalid_server.pcap.out | 6 +- test/results/influxd/fpc/1kxun.pcap.out | 2 +- .../1kxun.pcap.out | 2 +- .../influxd/guessing_disable/webex.pcap.out | 2 +- .../hostname_dns_check/netflix.pcap.out | 2 +- .../influxd/ip_lists_disable/1kxun.pcap.out | 2 +- .../influxd/monitoring/stun_signal.pcapng.out | 2 +- .../monitoring/telegram_videocall.pcapng.out | 2 +- .../telegram_videocall.pcapng.out | 2 +- .../anydesk.pcapng.out | 4 +- .../zoom_extra_dissection/zoom.pcap.out | 4 +- test/results/ip_lists_disable/1kxun.pcap.out | 106 +-- .../monitoring/signal_audiocall.pcapng.out | 12 +- .../monitoring/signal_videocall.pcapng.out | 12 +- .../signal_videocall_multiparty.pcapng.out | 12 +- test/results/monitoring/stun.pcap.out | 26 +- .../monitoring/stun_google_meet.pcapng.out | 14 +- .../results/monitoring/stun_signal.pcapng.out | 142 +-- .../monitoring/stun_wa_call.pcapng.out | 12 +- test/results/monitoring/stun_zoom.pcapng.out | 12 +- test/results/monitoring/teams.pcap.out | 12 +- .../monitoring/telegram_videocall.pcapng.out | 18 +- .../telegram_videocall_2.pcapng.out | 12 +- .../monitoring/telegram_voice.pcapng.out | 12 +- .../openvpn_obfuscated.pcapng.out | 14 +- .../ndpireader_conf_file/shadowsocks.pcap.out | 12 +- .../signal_videocall.pcapng.out | 12 +- .../stun_signal_tcp.pcapng.out | 12 +- .../openvpn_obfuscated.pcapng.out | 14 +- .../tls_verylong_certificate.pcap.out | 12 +- .../custom_rules_overwrite_domains.pcap.out | 222 +++++ test/results/stats/default/1kxun.pcap.out | 2 +- .../stats/default/KakaoTalk_chat.pcap.out | 2 +- .../stats/default/KakaoTalk_talk.pcap.out | 2 +- .../stats/default/alexa-app.pcapng.out | 2 +- test/results/stats/default/android.pcap.out | 2 +- .../stats/default/anyconnect-vpn.pcap.out | 2 +- test/results/stats/default/anydesk.pcapng.out | 2 +- test/results/stats/default/bets.pcapng.out | 2 +- test/results/stats/default/conncheck.pcap.out | 12 +- .../stats/default/custom_rules_ip.pcapng.out | 222 +++++ .../custom_rules_overwrite_domains.pcap.out | 222 +++++ test/results/stats/default/dazn.pcapng.out | 2 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 2 +- test/results/stats/default/dofus.pcap.out | 2 +- .../stats/default/epicgames.pcapng.out | 2 +- test/results/stats/default/ethereum.pcap.out | 2 +- .../default/fuzz-2006-09-29-28586.pcap.out | 2 +- .../default/gaijin_mobile_mixed.pcap.out | 2 +- .../stats/default/gearup_booster.pcap.out | 2 +- test/results/stats/default/gnutella.pcap.out | 2 +- .../stats/default/guildwars2.pcapng.out | 2 +- .../heuristic_tcp_ack_payload.pcap.out | 2 +- .../http-crash-content-disposition.pcap.out | 2 +- .../default/http_invalid_server.pcap.out | 10 +- test/results/stats/default/http_ipv6.pcap.out | 2 +- test/results/stats/default/instagram.pcap.out | 2 +- test/results/stats/default/iphone.pcap.out | 2 +- test/results/stats/default/lagofast.pcap.out | 2 +- test/results/stats/default/line.pcap.out | 2 +- .../stats/default/lol_wild_rift_udp.pcap.out | 2 +- .../stats/default/matter_onoff.pcapng.out | 222 +++++ .../default/mismatching_hostname.pcap.out | 222 +++++ test/results/stats/default/mpeg-dash.pcap.out | 2 +- test/results/stats/default/mudfish.pcap.out | 2 +- test/results/stats/default/naver.pcap.out | 2 +- .../stats/default/nest_log_sink.pcap.out | 2 +- .../stats/default/netease_games.pcapng.out | 2 +- test/results/stats/default/netflix.pcap.out | 2 +- test/results/stats/default/nexon.pcapng.out | 2 +- test/results/stats/default/nintendo.pcap.out | 2 +- test/results/stats/default/ocs.pcap.out | 2 +- test/results/stats/default/ocsp.pcapng.out | 2 +- test/results/stats/default/openvpn.pcap.out | 2 +- .../stats/default/openvpn_nohmac.pcapng.out | 2 +- test/results/stats/default/paltalk.pcapng.out | 2 +- test/results/stats/default/pinterest.pcap.out | 2 +- .../stats/default/pluralsight.pcap.out | 2 +- ..._of_order_same_packet_craziness.pcapng.out | 8 +- .../stats/default/quic_interop_V.pcapng.out | 2 +- test/results/stats/default/quic_sh.pcap.out | 2 +- test/results/stats/default/quic_t51.pcap.out | 8 +- test/results/stats/default/quickplay.pcap.out | 16 +- test/results/stats/default/reddit.pcap.out | 16 +- test/results/stats/default/riot.pcapng.out | 2 +- .../results/stats/default/ripe_atlas.pcap.out | 2 +- test/results/stats/default/rmcp.pcap.out | 2 +- .../stats/default/rockstar_games.pcapng.out | 2 +- test/results/stats/default/signal.pcap.out | 2 +- test/results/stats/default/sites.pcapng.out | 2 +- test/results/stats/default/sites2.pcapng.out | 6 +- test/results/stats/default/sites3.pcapng.out | 34 +- .../stats/default/snapchat_call.pcapng.out | 2 +- .../stats/default/snapchat_call_v1.pcapng.out | 2 +- test/results/stats/default/snmp.pcap.out | 2 +- test/results/stats/default/soap.pcap.out | 2 +- .../stats/default/srvloc-v1.pcapng.out | 2 +- test/results/stats/default/srvloc.pcap.out | 2 +- test/results/stats/default/steam.pcapng.out | 2 +- .../stats/default/stun_signal.pcapng.out | 2 +- test/results/stats/default/tailscale.pcap.out | 2 +- .../default/telegram_videocall.pcapng.out | 2 +- test/results/stats/default/telnet.pcap.out | 46 +- .../default/tls_certificate_too_long.pcap.out | 2 +- .../stats/default/tls_long_cert.pcap.out | 2 +- ...s_multiple_synack_different_seq.pcapng.out | 2 +- test/results/stats/default/tumblr.pcap.out | 2 +- test/results/stats/default/viber.pcap.out | 2 +- test/results/stats/default/waze.pcap.out | 2 +- test/results/stats/default/webex.pcap.out | 2 +- test/results/stats/default/wechat.pcap.out | 2 +- test/results/stats/default/weibo.pcap.out | 2 +- .../default/whatsapp_login_call.pcap.out | 2 +- .../default/whatsapp_login_chat.pcap.out | 2 +- .../default/windowsupdate_over_http.pcap.out | 14 +- test/results/stats/default/xiaomi.pcap.out | 2 +- test/results/stats/default/zoom.pcap.out | 2 +- .../disable_protocols/pluralsight.pcap.out | 2 +- .../stats/disable_protocols/soap.pcap.out | 2 +- .../disable_use_client_port/iphone.pcap.out | 2 +- .../stats/enable_payload_stat/1kxun.pcap.out | 2 +- .../http_invalid_server.pcap.out | 10 +- test/results/stats/fpc/1kxun.pcap.out | 2 +- .../1kxun.pcap.out | 2 +- .../stats/guessing_disable/webex.pcap.out | 2 +- .../stats/hostname_dns_check/netflix.pcap.out | 2 +- .../stats/ip_lists_disable/1kxun.pcap.out | 2 +- .../stats/monitoring/stun_signal.pcapng.out | 2 +- .../monitoring/telegram_videocall.pcapng.out | 2 +- .../telegram_videocall.pcapng.out | 2 +- .../anydesk.pcapng.out | 2 +- .../stats/zoom_extra_dissection/zoom.pcap.out | 2 +- .../lru_ipv6_caches.pcapng.out | 12 +- .../stun_dtls_rtp.pcapng.out | 14 +- .../stun_dtls_rtp_unidir.pcapng.out | 12 +- .../stun_zoom.pcapng.out | 12 +- .../stun_wa_call.pcapng.out | 12 +- .../telegram_videocall.pcapng.out | 18 +- .../anydesk.pcapng.out | 18 +- .../subclassification_disable/dns.pcap.out | 14 +- .../subclassification_disable/http.pcapng.out | 12 +- .../quic-mvfst-27.pcapng.out | 10 +- .../tls_ech.pcapng.out | 12 +- .../tls_heur__shadowsocks-tcp.pcapng.out | 12 +- .../tls_heur__trojan-tcp-tls.pcapng.out | 12 +- .../tls_heur__vmess-tcp-tls.pcapng.out | 12 +- .../tls_heur__vmess-tcp.pcapng.out | 12 +- .../tls_heur__vmess-websocket.pcapng.out | 12 +- .../zoom_extra_dissection/zoom.pcap.out | 44 +- .../zoom_extra_dissection/zoom2.pcap.out | 12 +- .../zoom_extra_dissection/zoom_p2p.pcapng.out | 12 +- 1115 files changed, 10677 insertions(+), 8863 deletions(-) create mode 100644 test/results/custom_rules/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/default/custom_rules_ip.pcapng.out create mode 100644 test/results/default/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/default/matter_onoff.pcapng.out create mode 100644 test/results/default/mismatching_hostname.pcap.out create mode 100644 test/results/flow-analyse/custom_rules/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/flow-analyse/default/custom_rules_ip.pcapng.out create mode 100644 test/results/flow-analyse/default/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/flow-analyse/default/matter_onoff.pcapng.out create mode 100644 test/results/flow-analyse/default/mismatching_hostname.pcap.out create mode 100644 test/results/flow-captured/custom_rules/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/flow-captured/default/custom_rules_ip.pcapng.out create mode 100644 test/results/flow-captured/default/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/flow-captured/default/matter_onoff.pcapng.out create mode 100644 test/results/flow-captured/default/mismatching_hostname.pcap.out create mode 100644 test/results/flow-info/custom_rules/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/flow-info/default/custom_rules_ip.pcapng.out create mode 100644 test/results/flow-info/default/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/flow-info/default/matter_onoff.pcapng.out create mode 100644 test/results/flow-info/default/mismatching_hostname.pcap.out create mode 100644 test/results/influxd/custom_rules/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/influxd/default/custom_rules_ip.pcapng.out create mode 100644 test/results/influxd/default/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/influxd/default/matter_onoff.pcapng.out create mode 100644 test/results/influxd/default/mismatching_hostname.pcap.out create mode 100644 test/results/stats/custom_rules/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/stats/default/custom_rules_ip.pcapng.out create mode 100644 test/results/stats/default/custom_rules_overwrite_domains.pcap.out create mode 100644 test/results/stats/default/matter_onoff.pcapng.out create mode 100644 test/results/stats/default/mismatching_hostname.pcap.out diff --git a/libnDPI b/libnDPI index 560a4e495..e9751cec2 160000 --- a/libnDPI +++ b/libnDPI @@ -1 +1 @@ -Subproject commit 560a4e4954e2db38d995d3cba2c1dcc4276f92d5 +Subproject commit e9751cec26d80fe2d88706d4f7521a63ec12b3bb diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json index 1bda7c43a..817169e78 100644 --- a/schema/flow_event_schema.json +++ b/schema/flow_event_schema.json @@ -665,8 +665,8 @@ "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { - "risk": { "type": "string", "enum": [ "TLS Susp ESNI Usage" ] }, - "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk": { "type": "string", "enum": [ "Mismatching Protocol with server IP address" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], diff --git a/test/results/caches_cfg/ookla.pcap.out b/test/results/caches_cfg/ookla.pcap.out index 5b47bdfcf..980a40f8f 100644 --- a/test/results/caches_cfg/ookla.pcap.out +++ b/test/results/caches_cfg/ookla.pcap.out @@ -1,4 +1,4 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00819{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,7 +31,7 @@ 01123{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} @@ -52,7 +52,7 @@ 01453{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8799471 bytes -~~ total memory freed........: 8799471 bytes -~~ total allocations/frees...: 140736/140736 +~~ total memory allocated....: 9564005 bytes +~~ total memory freed........: 9564005 bytes +~~ total allocations/frees...: 154702/154702 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 1518 chars diff --git a/test/results/caches_cfg/teams.pcap.out b/test/results/caches_cfg/teams.pcap.out index 95057576d..53996efad 100644 --- a/test/results/caches_cfg/teams.pcap.out +++ b/test/results/caches_cfg/teams.pcap.out @@ -1,5 +1,5 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -658,7 +658,7 @@ 00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00874{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} +00874{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -667,9 +667,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10069076 bytes -~~ total memory freed........: 10069076 bytes -~~ total allocations/frees...: 143353/143353 +~~ total memory allocated....: 10836404 bytes +~~ total memory freed........: 10836404 bytes +~~ total allocations/frees...: 157329/157329 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 344 chars ~~ json message max len.......: 2550 chars diff --git a/test/results/caches_global/bittorrent.pcap.out b/test/results/caches_global/bittorrent.pcap.out index b4fa434e5..b37ea0510 100644 --- a/test/results/caches_global/bittorrent.pcap.out +++ b/test/results/caches_global/bittorrent.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1455469967246718,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} 01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}} @@ -161,7 +161,7 @@ 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975265759,"flow_src_last_pkt_time":1455469975265759,"flow_dst_last_pkt_time":1455469975265759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469970233620,"flow_src_last_pkt_time":1455469971153525,"flow_dst_last_pkt_time":1455469970357464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":527,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469975234548,"flow_src_last_pkt_time":1455469976169825,"flow_dst_last_pkt_time":1455469975379579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":534,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 ~~ skipped flows.............: 0 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8755455 bytes -~~ total memory freed........: 8755455 bytes -~~ total allocations/frees...: 141129/141129 +~~ total memory allocated....: 9520565 bytes +~~ total memory freed........: 9520565 bytes +~~ total allocations/frees...: 155095/155095 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 575 chars ~~ json message max len.......: 2404 chars diff --git a/test/results/caches_global/lru_ipv6_caches.pcapng.out b/test/results/caches_global/lru_ipv6_caches.pcapng.out index 843bef6cd..7c1ef05b9 100644 --- a/test/results/caches_global/lru_ipv6_caches.pcapng.out +++ b/test/results/caches_global/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ -00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} 00841{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} @@ -84,7 +84,7 @@ 01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1639052981556623} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1639052981556623} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -93,9 +93,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8688775 bytes -~~ total memory freed........: 8688775 bytes -~~ total allocations/frees...: 140760/140760 +~~ total memory allocated....: 9453501 bytes +~~ total memory freed........: 9453501 bytes +~~ total allocations/frees...: 154726/154726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 2407 chars diff --git a/test/results/caches_global/mining.pcapng.out b/test/results/caches_global/mining.pcapng.out index 97956f8a4..7ea6bf68b 100644 --- a/test/results/caches_global/mining.pcapng.out +++ b/test/results/caches_global/mining.pcapng.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484655421797845} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484655421797845} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421797845,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484655421797845,"pkt":"AASWHU4wHG9l2GloCABFAAA0A\/tAAIAGAACT5Q3euUdCJ8CbJw\/zdEGlAAAAAIACIACdWAAAAgQFtAEDAwIBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421816250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484655421816250,"pkt":"HG9l2GloAASWHU4wCABFAAAoAABAADEGrJ65R0Ink+UN3icPwJv+A6hh83RBplASAABPdQAAAAAAAAAA"} @@ -8,7 +8,7 @@ 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1484655421843996,"pkt":"AASWHU4wHG9l2GloCABFAADWA\/1AAIAGAACT5Q3euUdCJ8CbJw\/zdEGm\/gOoYlAY\/3Cd+gAAeyJ3b3JrZXIiOiAiZXRoMS4wIiwgImpzb25ycGMiOiAiMi4wIiwgInBhcmFtcyI6IFsiMHg5Yzk5ZDIxMmY3ZTVkYWExOGFiNTA4MTBlMGZkMjU1ZDFmMDQzMDNiL3Rlc3Rlci53b3JrZXIxL3Z2ZXNlbHlAbWFpbGluYXRvciIsICJ4Il0sICJpZCI6IDIsICJtZXRob2QiOiAiZXRoX3N1Ym1pdExvZ2luIn0K"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421843996,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655452163379,"flow_dst_last_pkt_time":1484655451963831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":243,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":2226,"midstream":0,"thread_ts_usec":1484655452163379,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1952629.6,"max":9791290,"stddev":3004713.0,"var":9028300177408.0,"ent":3.5,"data": [18405,18478,27683,27673,25791,11368,1,37175,8284,48338,236647,209260,12613,9755422,9791290,235473,2439803,2440063,7323703,7588500,64939,25659,10296,234651,3831832,3833133,885298,890088,5008744,5252462,238448]},"pktlen": {"min":40,"avg":131.1,"max":283,"stddev":104.0,"var":10823.6,"ent":4.6,"data": [52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40]},"bins": {"c_to_s": [11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0],"entropies": [4.421030521,4.206097126,4.730641365,4.390829086,5.638098717,4.565871716,5.435059071,5.159528255,4.561769485,5.337047100,5.173661709,4.730641365,5.160906792,4.680641174,5.323744297,5.159528255,4.730641365,5.122583389,4.680641651,4.630837917,4.652828693,5.353575706,4.652828693,5.170008659,4.711769104,5.164538860,4.780641556,5.164218426,4.680641651,5.337047100,5.144396782,4.780641556]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1514196094240063} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1514196094240063} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094240063,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094240063,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094322725,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} @@ -33,12 +33,12 @@ 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196197053838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1514196197053838,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"} 02334{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":305,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1514196703786322} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1514196703786322} 02385{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":455,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":62,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514197248783309,"flow_dst_last_pkt_time":1514197248783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":4723,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":673,"packets-processed":673,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1514197279769698} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":673,"packets-processed":673,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1514197279769698} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 673/673 ~~ skipped flows.............: 0 @@ -47,9 +47,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8679843 bytes -~~ total memory freed........: 8679843 bytes -~~ total allocations/frees...: 141243/141243 +~~ total memory allocated....: 9444313 bytes +~~ total memory freed........: 9444313 bytes +~~ total allocations/frees...: 155209/155209 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2390 chars diff --git a/test/results/caches_global/ookla.pcap.out b/test/results/caches_global/ookla.pcap.out index 4d80a820c..e67366b27 100644 --- a/test/results/caches_global/ookla.pcap.out +++ b/test/results/caches_global/ookla.pcap.out @@ -1,4 +1,4 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,7 +31,7 @@ 01040{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00766{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} @@ -52,7 +52,7 @@ 01410{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8815935 bytes -~~ total memory freed........: 8815935 bytes -~~ total allocations/frees...: 140738/140738 +~~ total memory allocated....: 9580469 bytes +~~ total memory freed........: 9580469 bytes +~~ total allocations/frees...: 154704/154704 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 1475 chars diff --git a/test/results/caches_global/teams.pcap.out b/test/results/caches_global/teams.pcap.out index 69a114c3e..6b83f6121 100644 --- a/test/results/caches_global/teams.pcap.out +++ b/test/results/caches_global/teams.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -658,7 +658,7 @@ 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -667,9 +667,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10085540 bytes -~~ total memory freed........: 10085540 bytes -~~ total allocations/frees...: 143355/143355 +~~ total memory allocated....: 10852868 bytes +~~ total memory freed........: 10852868 bytes +~~ total allocations/frees...: 157331/157331 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 301 chars ~~ json message max len.......: 2507 chars diff --git a/test/results/caches_global/zoom_p2p.pcapng.out b/test/results/caches_global/zoom_p2p.pcapng.out index 518759773..b1a6be100 100644 --- a/test/results/caches_global/zoom_p2p.pcapng.out +++ b/test/results/caches_global/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -131,7 +131,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892918986914,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892928125663,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12936,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 763/763 ~~ skipped flows.............: 0 @@ -140,9 +140,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8696147 bytes -~~ total memory freed........: 8696147 bytes -~~ total allocations/frees...: 141426/141426 +~~ total memory allocated....: 9460905 bytes +~~ total memory freed........: 9460905 bytes +~~ total allocations/frees...: 155392/155392 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 581 chars ~~ json message max len.......: 2332 chars diff --git a/test/results/classification_only/bittorrent.pcap.out b/test/results/classification_only/bittorrent.pcap.out index 186e5d297..1942b5b62 100644 --- a/test/results/classification_only/bittorrent.pcap.out +++ b/test/results/classification_only/bittorrent.pcap.out @@ -1,5 +1,5 @@ -00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} +00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1455469967246718,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} 01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}} @@ -161,7 +161,7 @@ 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975265759,"flow_src_last_pkt_time":1455469975265759,"flow_dst_last_pkt_time":1455469975265759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469970233620,"flow_src_last_pkt_time":1455469971153525,"flow_dst_last_pkt_time":1455469970357464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":527,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469975234548,"flow_src_last_pkt_time":1455469976169825,"flow_dst_last_pkt_time":1455469975379579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":534,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/classification_only\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 ~~ skipped flows.............: 0 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8755455 bytes -~~ total memory freed........: 8755455 bytes -~~ total allocations/frees...: 141129/141129 +~~ total memory allocated....: 9520565 bytes +~~ total memory freed........: 9520565 bytes +~~ total allocations/frees...: 155095/155095 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 581 chars ~~ json message max len.......: 2410 chars diff --git a/test/results/classification_only/bittorrent_tcp_miss.pcapng.out b/test/results/classification_only/bittorrent_tcp_miss.pcapng.out index 25eb56acc..e90e45641 100644 --- a/test/results/classification_only/bittorrent_tcp_miss.pcapng.out +++ b/test/results/classification_only/bittorrent_tcp_miss.pcapng.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673446123917965} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673446123917965} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673446123917965,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1673446123917965,"pkt":"UlQARf4hvGGTecRkCABFAAA8AbRAAEAGffTAqHoiskfOAb9bGuH76ArUAAAAAKAC\/\/\/tPAAAAgQFtAQCCAqT2yrZAAAAAAEDAwg="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123936638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1673446123936638,"pkt":"vGGTecRkUlQARf4hCABFAAA0vJhAAHgGixeyR84BwKh6Ihrhv1taDkQc++gK1YAS\/\/802wAAAgQFoAEDAwgBAQQC"} @@ -9,7 +9,7 @@ 01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124058520,"flow_dst_last_pkt_time":1673446124076131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":424,"flow_src_tot_l4_payload_len":737,"flow_dst_tot_l4_payload_len":1043,"midstream":0,"thread_ts_usec":1673446124076131,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"0f6b9cd2b7da4de9b6c846203920e3da49cdb795"}}} 02326{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124132868,"flow_dst_last_pkt_time":1673446124132335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1025,"flow_dst_tot_l4_payload_len":22693,"midstream":0,"thread_ts_usec":1673446124132868,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":13847.5,"max":64959,"stddev":17166.0,"var":294672928.0,"ent":3.8,"data": [18673,26924,29858,64959,29324,33873,54911,20576,19623,21996,21047,6908,279,229,213,159,199,287,569,92,484,33856,18,24514,384,131,356,353,18454,16,8]},"pktlen": {"min":40,"avg":782.2,"max":1480,"stddev":666.4,"var":444053.7,"ent":4.4,"data": [60,52,40,238,464,40,511,280,108,419,328,90,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,40,40,1480,1480,1480,1480,1480,40,40,40]},"bins": {"c_to_s": [8,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,0,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,0],"entropies": [4.679967880,5.131024837,4.765311718,7.106909752,7.520512581,4.903055668,7.548049450,7.183899879,6.238460064,5.624160767,5.095487118,4.067485332,7.834874630,7.871198177,7.882282257,7.884436607,7.876652241,7.857866764,7.878300190,7.864074230,7.855942726,7.876870155,4.853056431,4.803055763,7.863341808,7.865004539,7.869568825,7.874233246,7.854714394,4.853055954,4.903056145,4.853055954]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":67,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124222811,"flow_dst_last_pkt_time":1673446124229821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":90373,"midstream":0,"thread_ts_usec":1673446124229821,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1673446124229821} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/classification_only\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1673446124229821} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649864 bytes -~~ total memory freed........: 8649864 bytes -~~ total allocations/frees...: 140636/140636 +~~ total memory allocated....: 9414238 bytes +~~ total memory freed........: 9414238 bytes +~~ total allocations/frees...: 154602/154602 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 555 chars ~~ json message max len.......: 2331 chars diff --git a/test/results/classification_only/forticlient.pcap.out b/test/results/classification_only/forticlient.pcap.out index 492cd47a3..c4068a7a9 100644 --- a/test/results/classification_only/forticlient.pcap.out +++ b/test/results/classification_only/forticlient.pcap.out @@ -1,5 +1,5 @@ -00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621067203571879} +00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621067203571879} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067203571879,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067203571879,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067203633408,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} @@ -51,7 +51,7 @@ 01253{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067206681899,"flow_dst_last_pkt_time":1621067206738955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":3141,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01253{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067207801622,"flow_dst_last_pkt_time":1621067207860710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":384,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":751,"flow_dst_tot_l4_payload_len":6525,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01291{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1150,"flow_dst_packets_processed":751,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067222261499,"flow_dst_last_pkt_time":1621067222260652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1411,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":70643,"flow_dst_tot_l4_payload_len":206814,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1621067222261499} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/classification_only\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1621067222261499} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8759594 bytes -~~ total memory freed........: 8759594 bytes -~~ total allocations/frees...: 142622/142622 +~~ total memory allocated....: 9524129 bytes +~~ total memory freed........: 9524129 bytes +~~ total allocations/frees...: 156589/156589 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 2465 chars diff --git a/test/results/classification_only/http-basic-auth.pcap.out b/test/results/classification_only/http-basic-auth.pcap.out index fe1d8d70c..dd19ce66c 100644 --- a/test/results/classification_only/http-basic-auth.pcap.out +++ b/test/results/classification_only/http-basic-auth.pcap.out @@ -1,5 +1,5 @@ -00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844035028385} +00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844035028385} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028385,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035028385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028385,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54317,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035028385,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028385,"pkt":"TBfruiThKM\/pITwrCABFAABA\/zNAAEAG\/C\/AqAAEwP69qdQtAFChp4vUAAAAALAC\/\/\/9NwAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028541,"flow_src_last_pkt_time":1381844035028541,"flow_dst_last_pkt_time":1381844035028541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028541,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -213,7 +213,7 @@ 01144{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":36,"flow_first_seen":1381844112303792,"flow_src_last_pkt_time":1381844127675006,"flow_dst_last_pkt_time":1381844127871377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2153,"flow_dst_tot_l4_payload_len":34743,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} 00988{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844127674931,"flow_dst_last_pkt_time":1381844127867249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844127674931,"flow_dst_last_pkt_time":1381844127867249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":688,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":688,"packets-processed":688,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307822,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":16,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":25,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1381844127871377} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":688,"source":"cfgs\/classification_only\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":688,"packets-processed":688,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307822,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":16,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":25,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1381844127871377} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 688/688 ~~ skipped flows.............: 0 @@ -222,9 +222,9 @@ ~~ total active/idle flows...: 25/25 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8727737 bytes -~~ total memory freed........: 8727737 bytes -~~ total allocations/frees...: 141650/141650 +~~ total memory allocated....: 9492879 bytes +~~ total memory freed........: 9492879 bytes +~~ total allocations/frees...: 155616/155616 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars ~~ json message max len.......: 2477 chars diff --git a/test/results/classification_only/http-pwd.pcapng.out b/test/results/classification_only/http-pwd.pcapng.out index 6e1d4a928..5a65daf12 100644 --- a/test/results/classification_only/http-pwd.pcapng.out +++ b/test/results/classification_only/http-pwd.pcapng.out @@ -1,5 +1,5 @@ -00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730389991421152} +00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730389991421152} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730389991421152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421152,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1730389991421152,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB3IMLuM2poQEAAAAAsAL\/\/\/40AAACBD\/YAQMDBgEBCApDaaEzAAAAAAQCAAA="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421176,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1730389991421176,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7jcg4DfELnNqaECsBL\/\/\/40AAACBD\/YAQMDBgEBCArdWitYQ2mhMwQCAAA="} @@ -10,7 +10,7 @@ 01539{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421516,"flow_dst_last_pkt_time":1730389991421475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730389991421516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","http": {"url":"localhost:3000\/authorize.html","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/18.1 Safari\/605.1.15","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Intel Mac OS X 10_15_7"}}} 01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421516,"flow_dst_last_pkt_time":1730389991422019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":250,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":1730389991422019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost","domainame":"localhost","http": {"url":"localhost:3000\/authorize.html","code":302,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/18.1 Safari\/605.1.15","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Intel Mac OS X 10_15_7"}}} 01128{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991426436,"flow_dst_last_pkt_time":1730389991426455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":250,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":1730389991426455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":997,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1730389991426455} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/classification_only\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":997,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1730389991426455} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645912 bytes -~~ total memory freed........: 8645912 bytes -~~ total allocations/frees...: 140560/140560 +~~ total memory allocated....: 9410286 bytes +~~ total memory freed........: 9410286 bytes +~~ total allocations/frees...: 154526/154526 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 1544 chars diff --git a/test/results/classification_only/http_auth.pcap.out b/test/results/classification_only/http_auth.pcap.out index 643ce61c3..b8bc89a05 100644 --- a/test/results/classification_only/http_auth.pcap.out +++ b/test/results/classification_only/http_auth.pcap.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844050222515} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844050222515} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844050222515,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844050222515,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844050402547,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} @@ -10,7 +10,7 @@ 01492{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050802943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1381844050802943,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":401,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}} 02462{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844055865656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057134728,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":405011.4,"max":4861829,"stddev":1193509.9,"var":1424465723392.0,"ent":2.2,"data": [180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016]},"pktlen": {"min":52,"avg":626.9,"max":1500,"stddev":665.6,"var":443042.2,"ent":4.1,"data": [64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0],"entropies": [4.441382408,5.118823051,5.130219936,5.854406357,5.046594620,5.442737579,5.621041775,5.077241421,5.402398586,5.024262905,5.623777390,5.077241421,5.441255569,5.120078564,4.955154419,5.048518181,5.069016457,5.130219936,5.089414597,5.056834221,5.053296566,5.097548008,5.174168587,5.115702629,5.356103420,5.382487297,5.046594620,5.653643131,5.038779736,5.046595097,5.130219936,5.085056305]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} 01233{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":19,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844057320871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057320871,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1381844057320871} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/classification_only\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1381844057320871} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646112 bytes -~~ total memory freed........: 8646112 bytes -~~ total allocations/frees...: 140578/140578 +~~ total memory allocated....: 9410486 bytes +~~ total memory freed........: 9410486 bytes +~~ total allocations/frees...: 154544/154544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 2467 chars diff --git a/test/results/classification_only/ookla.pcap.out b/test/results/classification_only/ookla.pcap.out index 80db928d3..6ddeb41b9 100644 --- a/test/results/classification_only/ookla.pcap.out +++ b/test/results/classification_only/ookla.pcap.out @@ -1,4 +1,4 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,7 +31,7 @@ 01046{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} @@ -52,7 +52,7 @@ 01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/classification_only\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8815935 bytes -~~ total memory freed........: 8815935 bytes -~~ total allocations/frees...: 140738/140738 +~~ total memory allocated....: 9580469 bytes +~~ total memory freed........: 9580469 bytes +~~ total allocations/frees...: 154704/154704 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 1481 chars diff --git a/test/results/classification_only/sip.pcap.out b/test/results/classification_only/sip.pcap.out index 852fedc6b..9aff259d0 100644 --- a/test/results/classification_only/sip.pcap.out +++ b/test/results/classification_only/sip.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469572844249,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} 01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=903df0a","to":""}}} @@ -23,7 +23,7 @@ 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470100322200,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4613,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470158626389,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4623,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470216689496,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4633,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 02303{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":50,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470235521078,"flow_dst_last_pkt_time":1120470235448732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":825,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":7448,"flow_dst_tot_l4_payload_len":4947,"midstream":0,"thread_ts_usec":1120470235521078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25935,"avg":42751008.0,"max":279041814,"stddev":57873684.0,"var":3349363405357056.0,"ent":4.0,"data": [136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102]},"pktlen": {"min":33,"avg":415.3,"max":853,"stddev":273.0,"var":74531.7,"ent":4.6,"data": [495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"entropies": [5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -34,7 +34,7 @@ 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470373595117,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8884,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470431658642,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8894,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470431658642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":15,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470490643822,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":10471,"flow_dst_tot_l4_payload_len":6852,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":17,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":11616,"flow_dst_tot_l4_payload_len":7824,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":21,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470848686860,"flow_dst_last_pkt_time":1120470848682926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":13926,"flow_dst_tot_l4_payload_len":9670,"midstream":0,"thread_ts_usec":1120470848686860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":24,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470900060556,"flow_dst_last_pkt_time":1120470900056743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":16021,"flow_dst_tot_l4_payload_len":10997,"midstream":0,"thread_ts_usec":1120470900060556,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -56,7 +56,7 @@ 01143{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":112,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471094413365,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19714,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/classification_only\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655589 bytes -~~ total memory freed........: 8655589 bytes -~~ total allocations/frees...: 140683/140683 +~~ total memory allocated....: 9420059 bytes +~~ total memory freed........: 9420059 bytes +~~ total allocations/frees...: 154649/154649 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 2308 chars diff --git a/test/results/classification_only/teams.pcap.out b/test/results/classification_only/teams.pcap.out index d01d6aadc..838f3b2b2 100644 --- a/test/results/classification_only/teams.pcap.out +++ b/test/results/classification_only/teams.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -658,7 +658,7 @@ 00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/classification_only\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -667,9 +667,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10085540 bytes -~~ total memory freed........: 10085540 bytes -~~ total allocations/frees...: 143355/143355 +~~ total memory allocated....: 10852868 bytes +~~ total memory freed........: 10852868 bytes +~~ total allocations/frees...: 157331/157331 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 307 chars ~~ json message max len.......: 2513 chars diff --git a/test/results/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out b/test/results/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out index a856feff7..edc5a86c6 100644 --- a/test/results/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out +++ b/test/results/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592153034} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592153034} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655389592153034,"flow_src_last_pkt_time":1655389592153034,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592153034,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"172.67.21.133","src_port":39958,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655389592153034,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655389592153034,"pkt":"CL6sCxduJjb1W8R1CABFAAA8LQBAAEAGfq\/AqAycrEMVhZwWAbuIMgssAAAAAKAC\/\/9bCQAAAgQFtAQCCAoQnRwbAAAAAAEDAwk="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655389592207546,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592207546,"pkt":"CL6sCxduJjb1W8R1CABFAAAoLQFAAEAGfsLAqAycrEMVhZwWAbuIMgstwx6+DVAQAKxtvgAA"} @@ -8,7 +8,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655389592250074,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592250074,"pkt":"CL6sCxduJjb1W8R1CABFAAAoLQNAAEAGfsDAqAycrEMVhZwWAbuIMg0ywx6+r1AQAKxrFwAA"} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655389592255139,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1655389592255139,"pkt":"CL6sCxduJjb1W8R1CABFAABbLQRAAEAGfozAqAycrEMVhZwWAbuIMg0ywx6+r1AYAKxWUQAAFAMDAAEBFgMDACgAAAAAAAAAAAHqNiA\/AZp+DK3ZaLmgyUaCAFQqANlaQ7IRek9VkVX6"} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655389592153034,"flow_src_last_pkt_time":1655389592454103,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592454103,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"172.67.21.133","src_port":39958,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592454103} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592454103} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647215 bytes -~~ total memory freed........: 8647215 bytes -~~ total allocations/frees...: 140546/140546 +~~ total memory allocated....: 9411589 bytes +~~ total memory freed........: 9411589 bytes +~~ total allocations/frees...: 154512/154512 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 565 chars ~~ json message max len.......: 1267 chars diff --git a/test/results/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out b/test/results/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out index 3bc8e81a6..9f23c61ea 100644 --- a/test/results/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out +++ b/test/results/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592192414} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592192414} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655389592192414,"flow_src_last_pkt_time":1655389592192414,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592192414,"l3_proto":"ip4","src_ip":"172.67.21.133","dst_ip":"192.168.12.156","src_port":443,"dst_port":39958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655389592192414,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655389592192414,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0AABAADMGuLesQxWFwKgMnAG7nBbDHr4MiDILLYAS+vAy3AAAAgQFeAEBBAIBAwMO"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655389592248391,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592248391,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJuVAADMGkd6sQxWFwKgMnAG7nBbDHr4NiDINMlAQAARsYQAA"} @@ -8,7 +8,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655389592294804,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592294804,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJudAADMGkdysQxWFwKgMnAG7nBbDHr6viDINZVAQAARrjAAA"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655389592336100,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592336100,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJuhAADMGkdusQxWFwKgMnAG7nBbDHr6viDIO61AQAARqBgAA"} 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655389592192414,"flow_src_last_pkt_time":1655389592493255,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592493255,"l3_proto":"ip4","src_ip":"172.67.21.133","dst_ip":"192.168.12.156","src_port":443,"dst_port":39958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1426,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592493255} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidir_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1426,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592493255} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647161 bytes -~~ total memory freed........: 8647161 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9411535 bytes +~~ total memory freed........: 9411535 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 565 chars ~~ json message max len.......: 1152 chars diff --git a/test/results/classification_only/tls_1.2_unidirectional_client.pcapng.out b/test/results/classification_only/tls_1.2_unidirectional_client.pcapng.out index ce5cb2889..19bd2f9da 100644 --- a/test/results/classification_only/tls_1.2_unidirectional_client.pcapng.out +++ b/test/results/classification_only/tls_1.2_unidirectional_client.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469263977} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469263977} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949469263977,"flow_src_last_pkt_time":1656949469263977,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469263977,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"216.58.209.42","src_port":43854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949469263977,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949469263977,"pkt":"CL6sCxduJjb1W8R1CABFAAA8kXxAAEAGMpbAqAyc2DrRKqtOAbtVk\/1OAAAAAKAC\/\/87hgAAAgQFtAQCCApl0zAPAAAAAAEDAwk="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949469272227,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469272227,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kX1AAEAGMp3AqAyc2DrRKqtOAbtVk\/1PP1MFxIAQAKxU8AAAAQEICmXTMBhcKnNd"} @@ -8,7 +8,7 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949469307583,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469307583,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kX9AAEAGMpvAqAyc2DrRKqtOAbtVk\/4DP1MLToAQALFOZwAAAQEICmXTMDtcKnOA"} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949469307896,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469307896,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kYBAAEAGMprAqAyc2DrRKqtOAbtVk\/4DP1MQ2IAQALdI1wAAAQEICmXTMDtcKnOA"} 01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1656949469263977,"flow_src_last_pkt_time":1656949480565802,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1862,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949480565802,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"216.58.209.42","src_port":43854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1862,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949480565802} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1862,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949480565802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647391 bytes -~~ total memory freed........: 8647391 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9411765 bytes +~~ total memory freed........: 9411765 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 1256 chars diff --git a/test/results/classification_only/tls_1.2_unidirectional_server.pcapng.out b/test/results/classification_only/tls_1.2_unidirectional_server.pcapng.out index d8b1362a5..84f3a16c0 100644 --- a/test/results/classification_only/tls_1.2_unidirectional_server.pcapng.out +++ b/test/results/classification_only/tls_1.2_unidirectional_server.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469270147} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469270147} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469270147,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469270147,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949469270147,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949469270147,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8RzAAAHgGhGLYOtEqwKgMnAG7q04\/UwXDVZP9T6AS\/\/8m9gAAAgQFlgQCCApcKnNdZdMwDwEDAwg="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949469289435,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469289435,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0RzYAAHgGhGTYOtEqwKgMnAG7q04\/UwXEVZP+A4AQAQVTxAAAAQEIClwqc3Fl0zAj"} @@ -9,7 +9,7 @@ 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949469305704,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1656949469305704,"pkt":"Jjb1W8R1CL6sCxduCABFgAW+R0AAAHgGftDYOtEqwKgMnAG7q04\/UxDYVZP+A4AYAQVR6AAAAQEIClwqc4Bl0zAjEDu9Ka7ixzpiO2xj2YC\/WXGsYye5TBeg2vZzFb8q3o\/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjOz23HFtz30dZGm6fKa+l3D\/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJGAJ2xDx8hcFH1mt0G\/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz\/OAipmsHMdMqUybDKwjuDEI\/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl1IXNDw9bg1kWRxYtnCQ6yICmJhSFm\/Y3m6xv+cXDBlHz4n\/FsRC6UfTdAAVmMIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ\/E8FjTDTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYxOTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y\/lD63ladAPKH9gvl9MgaCcfb2jH\/76Nu8ai6Xl6OMS\/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs\/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI\/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK\/GP5Afl4\/Xtcd\/p2h\/rs37EOeZVXtL0m79YB0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6TKX\/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy\/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ\/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO\/wiRNxPjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo\/\/z9SzBgBggrBgEFBQcBAQRUMFIwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUHMAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAyMAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIFAwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9NR3t5P+T4Vxfq7s="} 01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469305720,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469305720,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","tls": {"version":"TLSv1.2","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.youtube-3rd-party.com,upload.google.com,*.upload.google.com,upload.youtube.com,*.upload.youtube.com,uploads.stage.gdata.youtube.com,bg-call-donation.goog,bg-call-donation-alpha.goog,bg-call-donation-canary.goog,bg-call-donation-dev.goog","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1C3","subjectDN":"CN=upload.video.google.com","negotiated_alpn":"h2","fingerprint":"A9:8F:37:B3:54:4F:D0:01:B7:8D:0F:88:21:37:4A:EB:F7:E3:D3:F2","blocks":0}}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469704772,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6022,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469704772,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1656949469704772} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/classification_only\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1656949469704772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662127 bytes -~~ total memory freed........: 8662127 bytes -~~ total allocations/frees...: 140574/140574 +~~ total memory allocated....: 9426501 bytes +~~ total memory freed........: 9426501 bytes +~~ total allocations/frees...: 154540/154540 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 2506 chars diff --git a/test/results/classification_only/tls_1.3_unidirectional_client.pcapng.out b/test/results/classification_only/tls_1.3_unidirectional_client.pcapng.out index a56ac08ff..0f8afd2b1 100644 --- a/test/results/classification_only/tls_1.3_unidirectional_client.pcapng.out +++ b/test/results/classification_only/tls_1.3_unidirectional_client.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481728614} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481728614} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949481728614,"flow_src_last_pkt_time":1656949481728614,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481728614,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.184.68","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949481728614,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949481728614,"pkt":"CL6sCxduJjb1W8R1CABFAAA8eAdAAEAGrjHAqAycjvq4RJtGAbtwW5KhAAAAAKAC\/\/9eLgAAAgQFtAQCCAr+HzcuAAAAAAEDAwk="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949481737014,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481737014,"pkt":"CL6sCxduJjb1W8R1CABFAAA0eAhAAEAGrjjAqAycjvq4RJtGAbtwW5Ki80vO8YAQAKwcfgAAAQEICv4fN0H6OrM2"} @@ -8,7 +8,7 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949481767911,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481767911,"pkt":"CL6sCxduJjb1W8R1CABFAAA0eApAAEAGrjbAqAycjvq4RJtGAbtwW5TW80vPy4AQAK4ZMQAAAQEICv4fN2D6OrNU"} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949481771419,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1656949481771419,"pkt":"CL6sCxduJjb1W8R1CABFAAB0eAtAAEAGrfXAqAycjvq4RJtGAbtwW5TW80vPy4AYAK7\/zQAAAQEICv4fN2T6OrNUFAMDAAEBFwMDADU2T0t2AElxo\/Anpd0+OP0c8HeptmhgzRsgsC93f4R0i9hqd0JFuQkCXfoK7TiZ0rbPid+YdQ=="} 01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1656949481728614,"flow_src_last_pkt_time":1656949481798742,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":564,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":886,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481798742,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.184.68","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481798742} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481798742} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647186 bytes -~~ total memory freed........: 8647186 bytes -~~ total allocations/frees...: 140545/140545 +~~ total memory allocated....: 9411560 bytes +~~ total memory freed........: 9411560 bytes +~~ total allocations/frees...: 154511/154511 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 581 chars ~~ json message max len.......: 1341 chars diff --git a/test/results/classification_only/tls_1.3_unidirectional_server.pcapng.out b/test/results/classification_only/tls_1.3_unidirectional_server.pcapng.out index 587863646..8e4d733bb 100644 --- a/test/results/classification_only/tls_1.3_unidirectional_server.pcapng.out +++ b/test/results/classification_only/tls_1.3_unidirectional_server.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481735174} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481735174} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949481735174,"flow_src_last_pkt_time":1656949481735174,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481735174,"l3_proto":"ip4","src_ip":"142.250.184.68","dst_ip":"192.168.12.156","src_port":443,"dst_port":39750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949481735174,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949481735174,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8KqgAAHgGAxGO+rhEwKgMnAG7m0bzS87wcFuSoqAS\/\/\/ujQAAAgQFlgQCCAr6OrM2\/h83LgEDAwg="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949481748657,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481748657,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0Kq0AAHgGAxSO+rhEwKgMnAG7m0bzS87xcFuU1oAQAQUZ3wAAAQEICvo6s0P+HzdG"} @@ -8,7 +8,7 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949481783540,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481783540,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0KrYAAHgGAwuO+rhEwKgMnAG7m0bzS8\/LcFuVFoAQAQUYhAAAAQEICvo6s2b+Hzdk"} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949481792511,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481792511,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0KroAAHgGAweO+rhEwKgMnAG7m0bzS8\/LcFuWAIAQAQkXgAAAAQEICvo6s2\/+Hzdx"} 00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1656949481735174,"flow_src_last_pkt_time":1656949481804763,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":855,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1073,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481804763,"l3_proto":"ip4","src_ip":"142.250.184.68","dst_ip":"192.168.12.156","src_port":443,"dst_port":39750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481804763} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/classification_only\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481804763} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647123 bytes -~~ total memory freed........: 8647123 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9411497 bytes +~~ total memory freed........: 9411497 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 581 chars ~~ json message max len.......: 1102 chars diff --git a/test/results/classification_only/tls_ech.pcapng.out b/test/results/classification_only/tls_ech.pcapng.out index ed1fbc73c..d173dcb21 100644 --- a/test/results/classification_only/tls_ech.pcapng.out +++ b/test/results/classification_only/tls_ech.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} 00819{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412679858,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412679858,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqoAAAAAoAL\/KDqPAAACBAWMBAIICnfjZxIAAAAAAQMDBw=="} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412684172,"pkt":"NObXAhsnILAB4IZiht1gBxYjACgGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJksyaT6roBL8wPi1AAACBATEBAIICk7TX8p342cSAQMDDQ=="} @@ -9,7 +9,7 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412688931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412688931,"pkt":"NObXAhsnILAB4IZiht1gBxYjACAGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJkwyaUDzgBAAByECAAABAQgKTtNfznfjZxY="} 01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412746874,"flow_dst_last_pkt_time":1688191412700618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":2702,"midstream":0,"thread_ts_usec":1688191412746874,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/classification_only\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654010 bytes -~~ total memory freed........: 8654010 bytes -~~ total allocations/frees...: 140549/140549 +~~ total memory allocated....: 9418384 bytes +~~ total memory freed........: 9418384 bytes +~~ total allocations/frees...: 154515/154515 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 588 chars ~~ json message max len.......: 1380 chars diff --git a/test/results/classification_only/tls_verylong_certificate.pcap.out b/test/results/classification_only/tls_verylong_certificate.pcap.out index ee5029ad8..dbb8ae47b 100644 --- a/test/results/classification_only/tls_verylong_certificate.pcap.out +++ b/test/results/classification_only/tls_verylong_certificate.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} @@ -11,7 +11,7 @@ 03994{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h1_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} 02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} 01051{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/classification_only\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8847130 bytes -~~ total memory freed........: 8847130 bytes -~~ total allocations/frees...: 140724/140724 +~~ total memory allocated....: 9611537 bytes +~~ total memory freed........: 9611537 bytes +~~ total allocations/frees...: 154691/154691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 3999 chars diff --git a/test/results/custom_rules/custom_rules_overwrite_domains.pcap.out b/test/results/custom_rules/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..a269c7a04 --- /dev/null +++ b/test/results/custom_rules/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,46 @@ +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1760964921304285} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921304285,"flow_dst_last_pkt_time":1760964921304285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964921304285,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1760964921304285,"flow_dst_last_pkt_time":1760964921304285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964921304285,"pkt":"ILAB4IZiqFlfzU+rCABFAAA8yU1AAEAGxvnAqAGPQOmnVLT2AbsBqlR6AAAAAKAC+vCqowAAAgQFtAQCCApGF7LlAAAAAAEDAwc="} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1760964921304285,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964921326634,"pkt":"qFlfzU+rILAB4IZiCABFAAA8AABAAHkGV0dA6adUwKgBjwG7tPYRFA33AapUe6AS\/\/9SbgAAAgQFhAQCCApov72dRhey5QEDAwg="} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1760964921326683,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964921326683,"pkt":"ILAB4IZiqFlfzU+rCABFAAA0yU5AAEAGxwDAqAGPQOmnVLT2AbsBqlR7ERQN+IAQAfaqmwAAAQEICkYXsvtov72d"} +03914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1760964921327839,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2541,"pkt_l4_len":2507,"thread_ts_usec":1760964921327839,"pkt":"ILAB4IZiqFlfzU+rCABFAAnfyU9AAEAGvVTAqAGPQOmnVLT2AbsBqlR7ERQN+IAYAfa0RgAAAQEICkYXsvxov72dFgMBCaYBAAmiAwMaU+TBMUSEAo3PPdaiYZIHeLZAnuXKdOmlUoP8hjhbmiB0x6tsneFlZ\/TDANZ42Wty6qDgfmMtoYovgQQAhr4ZswAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEACTcAAAAYABYAABNhY2NvdW50cy5nb29nbGUuY29tABcAAP8BAAEAAAoAEAAOEewAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwASAAAAMwUvBS0R7ATAwrnEfzBAUsyDpptJ1pNziNdpf1J+pNtSbXNBlASQxKASOUiDU+M7ueCaErm7N4yY1bosxWm4RoK8dGKKUwcTKGKSjcioQDaAS4twdpzCnjnIOXV4BIuj1JOqnBN1SwQlf7uk4NSjVGzMhcU7tOiPVZgDiHeH\/pN996a33ZS\/GncW+1wUCoZl22tNB+GqbmmvIHUQCswvitoM4OVleti4altRmolW6owLzZEcZBlO2eY2i6o4CSUmzUkUgNFfKYpQjSeKgEOxbdFF5OYeD0BFoSBjYymVedTB9VefH3y55ocqiDN09ZSfPtkdYqNlEqXDm7hyXxnFEyo0bIhqsIpYhDOAsytIISZrG7lTykQQ32AKIdkROhYMkGU2IDVb\/nWzfuSq3UzCoYODZuwwDEsVp\/uNjecx2pxI8RCdR7JjtWgbvnTG\/CKzwdSiKCR9yQR2SrxGLpl2NcgQwqoW+DVMGSoUv6HBa2ZLpBdDhMpLNuhduwInCBojztIdani5oixMcfFD02vE\/UjAzgq8DbA7mQKWMYXNK9h1IKDEGFJyiuFREVOEmZAbDOpUiyhwBwe5+SlJuwJSA6aDmEmbhuqDAuU8s9UZm6Y\/mDeg\/WxVcMkSXKp2StKxPDKoCYygOdOl+6BsK2yhE7pmNLTM1VF6pSCzB5k4tlJedQddaKKK3uyb7DuXp+ecx+TDFBls72EpLlsXRLOOGKIvDdpmLwkebPynvRUO1tJM0xVwLlEyj9BkwzGuCiG87us4VDfEG+Rskqt091pOjSEyslUk\/ZY4K+l+5XAeIpIrjMx0kfYL6bITPVSd8Ch0CQg3OxMoY5U4oFA+YqpFa4RjSeiTReHM09kdbhWCLGAfjjZnQ3ik7bR9WGl1AGwp4HFf1OGzsxmG9jYJ5RIMfQQvd9GKnrerU6x3\/AkWSNaxXfpqZWygIQOcXIuFLBELRoEOWSknI5cshDwUNIJwXqHFWqgKD2Q0ZIgYwmwSLpxWGQiN2My7PIaHM2XE2cVLJIq2M4GxZUIUbuVve9q3a2Yvn5WvMfl5jgcGMaCKT8iR6odEiEfFUqaxjAmI7kVKhVAf8mo18RhxSaw0JgZtdqyUDtqNpIUf6RZLa+qfg8WUxWMCykiN0XJmDQa2wFR2DgMbhBJwgqS9h+l54nyI3iAbDJkcYUVEgnpeF3c+IxZcPHdJwwg2ibSBjhTOJHC8VhEiplSXhnZM5uQq2SZTSjAkMklAG0FhCfQ8jGHCO4ddh+J6wgnKW7Zd1HUo7foWWCaVGnINQve8+KYyiESqczWF+qhG9eJq6UVCpycH1+MoGOg2fonN\/ESYFCNH8OViVGyFOaO9PGyG3zivjiRXUzI+iQGX4dCAFVZyZZVg75EMT5Rw+sgp9EG7PqGP2qmVs6ZVLDtzVJUMC1JyYOhrV+ZhZcR8uyyVFRKx+aE6TsMEBJpn9uABUItr2Ga9V3Y7vJwUCropjgA7JeCg\/XN2z+Kv9oIthSxaJwo+hXOQt9qYZ1oe8RNMXflal+XGFqtE3qgM74kkwzFxfQyhq7PZ4B+kro0nz0\/8dli00FTH1xR9+kyJ1\/urxyCKCmusaz\/zgyXsdXOMVpuGRuA23Z3tVRVJZpQAx\/gaIQAdACCKCmusaz\/zgyXsdXOMVpuGRuA23Z3tVRVJZpQAx\/gaIQAXAEEEKUtGeducSjkaryrptqdJHnWixhjyibf4CSw3cbDQMgB762\/YVmtrD8+FZWmuGto2HNw3N4Vb6co7Wt6E2NNglwAqAAAAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABsABwYAAQACAAP+DQI5AAABAAN8ACCF2be2m34juCDj2RPa7TiQS4b5clILe+pJ23qQayDs4QIPMOTqR\/+30ll++M+UAqJx5VXZXDXPh3+h5NMJOrBmyQm5NXiypHtVC7H7aYKNFjvudalzwXUnBQuf44W7o7Oop+eRLq7ybROnKuSf313X2gBLFl4LIvQm33i7ZP23WJV7vgk06R\/83qaSdn5LulwvMwpQOU23wZbetJBk4K\/rjqq2Cv6LjvpTtEYGgAxAaX\/wO+T18IBA0aXde\/rEdW1jhzmRBmIjHWrWUi4RhDX95G\/szgti2vkvssBh0mkPhvP0ioXj7O68cr4RLj9cN9d7vHq2KwkrVJEqE6Cxf0oh6FB+IE2+OamvLmHQgL0ZLtoFdX5nIoIi7L\/c\/dxSuuJHHlT9pTJhtK1jxohclQ7UJ78UbRzwPvje6OZ90Cp1GaszCB5nCen+eAaTtiNbgXZCzxHWdq5AIiZZT2b8E4AuYXNVHAJZNGCFh5d2q8HS7YoA\/ftID5hOJajKriJspFOyW5SRbd+JWAeB\/0sJU5IglvaQdOU+UGelw+n\/eI34s3kPcotyq7GHJ7hy7frutkHsBYAOQ4P4jKO431KR3aDC3gXPIYxTjdfP1EvCgi3SBhn1t\/vnhZmNWBg0KiDkR2H1sw7TcLltWzdJVma+HykV1xw\/viFuYjMMuX8AwjvT2424iefCFFU54GdqCOfscw7DkvAXD0iAmm8Ja1\/Dk3DxOt5nbCnL5OG8SHv8JSlwirwAKQEXAPIA7AJ+c0oJ3gB2LhiU7ohdYAdR9CAwuoyPTO4wPx+yZ6I0z78S9GBN+uYaM5kk8cLgR3qwrm3cgLF9wuv0IGG1QMj\/Exhjt1BUc\/U\/SZsN1mX0GlRkITJFfxByM99EEiygcXWZPcCXyg2QI2DUhAfBL7Ea+kSLm1zn4aIe6tliArX9IQmF7Dq1YSupERmOLrtPlPl3xEvT+eyIzW9rE3srKHG9rR0Np+SUJ9OggnTs+Guo342e2gTIXRumfnQLo1SWAZexyqbjAvm78D6hX0R6c6uOVfA4YTYI13pKBQQh6uesL0JSVQoSJrfLd46NjwTMoQAhIPZF8\/w+\/N38eg\/ptvuKgDxIw2yMxXBZgd6CegtmMOGT"} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921327839,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2475,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2475,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964921327839,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1718h2_5b57614c22b0_e7cacf613b58","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1760964921328359,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1760964921328359,"pkt":"ILAB4IZiqFlfzU+rCABFAAA6yVFAAEAGxvfAqAGPQOmnVLT2AbsBql4mERQN+IAYAfaqoQAAAQEICkYXsv1ov72dFAMDAAEB"} +01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921328401,"flow_dst_last_pkt_time":1760964921348760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4419,"flow_dst_max_l4_payload_len":1858,"flow_src_tot_l4_payload_len":6900,"flow_dst_tot_l4_payload_len":1858,"midstream":0,"thread_ts_usec":1760964921348760,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1718h2_5b57614c22b0_e7cacf613b58","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921416596,"flow_dst_last_pkt_time":1760964921435421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4419,"flow_dst_max_l4_payload_len":1858,"flow_src_tot_l4_payload_len":7117,"flow_dst_tot_l4_payload_len":4694,"midstream":0,"thread_ts_usec":1760964921435421,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7853.1,"max":60534,"stddev":14243.3,"var":202872752.0,"ent":3.1,"data": [22349,22398,1156,520,42,20617,0,0,1509,0,0,0,0,20391,18,12,652,606,20389,41123,0,0,0,0,60534,1426,1192,4030,736,24,23723]},"pktlen": {"min":52,"avg":421.6,"max":4471,"stddev":924.4,"var":854508.3,"ent":3.2,"data": [60,60,52,2527,58,4471,52,52,52,1910,114,52,52,83,52,52,52,136,83,52,1452,722,366,341,83,52,91,91,91,76,52,52]},"bins": {"c_to_s": [10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2],"s_to_c": [10,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1]},"directions": [0,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,0,0,0,0,1],"entropies": [4.646634102,5.212701797,4.897086143,7.816514969,4.956866741,7.955480576,5.178914070,5.140452385,5.101990700,7.886328697,6.212090969,5.010550976,4.988526344,5.749540806,4.933627129,4.933627129,4.933627129,6.142579079,5.693960667,5.103911400,7.892829418,7.668910027,7.338832855,7.263511181,5.734539032,5.049012184,5.937283039,5.850928307,5.893327236,5.523987293,5.010550499,5.026988029]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1760964925970876,"flow_src_last_pkt_time":1760964925970876,"flow_dst_last_pkt_time":1760964925970876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964925970876,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"17.253.144.10","src_port":46116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1760964925970876,"flow_dst_last_pkt_time":1760964925970876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964925970876,"pkt":"ILAB4IZiqFlfzU+rCABFAAA8lS9AAEAGQU7AqAGPEf2QCrQkAbthT3ztAAAAAKAC+vBkbQAAAgQFtAQCCAoO6n06AAAAAAEDAwc="} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1760964925970876,"flow_dst_last_pkt_time":1760964925990099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964925990099,"pkt":"qFlfzU+rILAB4IZiCABFAAA8AABAADYG4H0R\/ZAKwKgBjwG7tCSc2eipYU987qASfHBL+AAAAgQFtAQCCAprnQnkDup9OgEDAwk="} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1760964925990163,"flow_dst_last_pkt_time":1760964925990099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964925990163,"pkt":"ILAB4IZiqFlfzU+rCABFAAA0lTBAAEAGQVXAqAGPEf2QCrQkAbthT3zunNnoqoAQAfZkZQAAAQEICg7qfU5rnQnk"} +03814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1760964925991307,"flow_dst_last_pkt_time":1760964925990099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2467,"pkt_l4_len":2433,"thread_ts_usec":1760964925991307,"pkt":"ILAB4IZiqFlfzU+rCABFAAmVlTFAAEAGN\/PAqAGPEf2QCrQkAbthT3zunNnoqoAYAfZtxgAAAQEICg7qfU9rnQnkFgMBCVwBAAlYAwN0baD1E7paCmuTkoh20nu8d5FTAOGE83s9tttjOiHycCDOO9vQ4533AWz\/kRmPYdyYD6Dz89RYS8YDuZT3MVJEtAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEACO0AAAAOAAwAAAlhcHBsZS5jb20AFwAA\/wEAAQAACgAQAA4R7AAdABcAGAAZAQABAQALAAIBAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDABIAAAAzBS8FLRHsBMBCmjAeGLX6FKB48MhkOYhCBj+Pwk7vhQPsOy5Dh0YLuri3VY\/Ne3HF5sqmtgfJxpWDaJQyi28fgT7XBWbFQEpDJQy2clvWEBxx2A7SKqB08W4WwzpU0k2m4nAOkrYcJkPnWV1XWMgecg\/LfHyKdjIv+3PkcZ\/Kg1Aa2J8BW7i5mowS2yMLNoQEK1r3QivT6sZz9pDtnH1506rdlVSI80iIU2pb5ZG7qERX2oWvvLb7hZhUqYsGGj++M5i00mN7pD3J4p4t1Wkd+QyikMnGkK4haFj38nZNYB6x8ZsXNXgscIbx43DDu0s6syiHeTPo8yJV+JxWVrOSO4rNJnErUjZ2U7w5qZTpdXm+RRLhs3ekYwgcZ6IgAKbHhyLi0FbjuQBBC06igDjZRpwuYb0GbA5f55XQGhB8W3MZg3xb8sUbuIOpYFvcqWq6JcKfYXXsyIXnCLMy4rbVfFt3F2UqqWhd6AKVhB09C7TvQF6zILGoWRYimbNg95QKNiXtvD6KEWVVKTCQhCSkR6y1xmvhNyZIga5gFZpNt7C9Sjdnup6XCmkMSrVf2SivaqS1NpGQMyb0YWUzkCk6cU2a4QT5tC9GbL3o3JmpUE3\/xsFb5BNNM1B0y7jt5ihrCmmMx6h54CGlEchbHBsJ5o1DdLjF2p9djDxaWgsiSjy0g6FFd3YRiyY6ck5SqC8U0SdLZpbkA7me2Q7t5CmH27htUBRJjI5PMENvKyLsCkNu1LqcxLBDGomU56BMVgY9uJJWkSx9MmbCqJ\/SV2IuaJJra11ySgZf8zv11RoK94DweqeSRsIDGXNZ4K5Ki6hlaazzJ1YPUg3tKGToBzeEEYUzEoViCs6ZaaY7rIdZJUyMKRWIoUbvewwyRbKouMVcmFE7GlR3bEVImSUJx7FFMwE9cl3KVhD0iJE3JEK3ygqjMCfy15eug4KLlDx50QC+ZBDb+Kgw1qvOpmByRJ4mAxL5hQiIxUx6cZrcVg6RW3TX4ahXkxnYGyR180PWhcUNxp2rdQlpZgOYMRzj2ktaUiJINYRx6Q41BDr5pyIDDHlOV2OUhj63W3hL7FNadR7dY1GLJxdXgrv71lKrdWCVqWbEhwyM85zXnKTiG5rMckr1MTZ6Zy3a6KimK4XhpqYibByTklLzRxjQpFtgJs\/l1CoH4SpHclA26pYkKL8vS6IzKmNKyDRiFEnyg4bCh6zYp7xTZ1LTMEv30xAKZXtjkHkAOwz+6GZ2SWcd4X65tr\/5WXUUy7j\/6pT3\/DauxCkhnJm+8lbN0UF\/tyLvnLe6tQXRJhHQqKtCiCIk5iAxyaSrtpHhGhydYDNwIqoum1VmRKZYt8ipZ3kMBm8YqCN\/ZGLpfMawiRCSM2HKNLuCmDbyoAerdTKVsL9VaZlnnHsXlgeNhwr7G6e2Gq\/lAAN0DMavoc1Lipvi4ToGGgERR6PyeVmvCCZogRWlbC3nxI61kgsuBjGDAXbG0q45FMuNKx5eEBhDi4jZUcy2pKL9FXCWOw0TuWJpZ8O4gL7rwVX1JYLepC8wkbtv1JyFfSKd\/8sHAwLbtYwkEEbMPdl\/34VPKqVeHv6GPCNtDmr0dkrlLTXbPcWWBDdLgrauc1WkplN4KDC26iUxAB0AICNtDmr0dkrlLTXbPcWWBDdLgrauc1WkplN4KDC26iUxABcAQQQ4jdxB7cgouttihElnF08LtQdVo2RK6kgpXui58wVbaZc0iY7jpxmWhyU4lg22xU7BEXtf\/7yQEe4OUUxza1kqACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAbAAcGAAEAAgAD\/g0CGQAAAQADGgAg0ehFngOog25e16NnXv2VZT1Rb7W74EJC8MRwy2BWZNIB75NRk+MKVKfN88aG0SmF9iiuyjOiU\/9efP1q51mJSPHJEeg32xw1laqNq3Q22NfZJ2mtLYHwUHS6qBT9\/JTkoFPT3hiMQyeKFr9TEI94OaY0Ta3hoAUxBzaWvJYGXoIeN2Si5Tw8Q8p\/CHkSeV1d8GEvlyRU\/auMBUXM8W7nvKqMG0nqgt446EKciCS3Vlg02G4ynUWK8Yz7wOTBbfzhTBFkeQE25\/IHBGOrqn0Ot37BSJIwnl\/GFmGBImm+Gv96pkz6nlTn1e4Y0JRwccr+awh4XYfT1r4qH+8OrhsqH9UE0BhJmAZbjeVn2vQ\/2OMDx8qMWqIlaRUvbMhWhoQoEu1ve8dEHPdybr\/PTPq4cRgvrCZciib4gL0\/C+82qmcwl40KKN4urDreaB7MJNLZFU9FgHL3i5CqxV5MkOaFN6ogGdt4zpmwfxKPRQNghrgwmIBIWZoGUW6nmUfDkFpfQd8lg4Nlkqh48HjqP+X\/9jr99scyOfd91sL20xVrjYTjNOnO7ydyzRX\/fyGyenpVsLgHnnq9M7EdR3rQVB22H0QXqwrgxV4T+RtM+VRHwm8rgmF4obnqSlnk8ySOEsUecN6SHAEPjjcV7zO0BrWjrwXOkfrn+Vn5m3vapXUWIQtJvEDJSpkBOEKsgDqq23LC2AApAPsA1gDQNXZLak81azNBVzZvcEQ2UnLTiqhjQGzKa6e5FekOpH4KM1ZwA5\/0dX8sGJSg2paFYG0mfFlldkOAYtfVYeJc\/7UH1E+Q6C+XjLDJHFl5hEDMRfGiVHqbaQI6N+ME9WVLZOlRHRlfRZTWoAPbG6+LPosw4jvxY7emhlPOkOrHVqN77w8DOiohuwM37uk\/e4hqasGOSARVwQUSBtpMKn7hd5xt\/gp1zadIgMkD+MtzH6JT0G7+P6oNrmUBX1DWIxP4b2y2VG1zuX8aIVb1UYTg4susRvIAISAhPg+1bh\/RSgRPZ0qaB9T5hhi8S8kA8fkwiFdTko1Xfg=="} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1760964925970876,"flow_src_last_pkt_time":1760964925991307,"flow_dst_last_pkt_time":1760964925990099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2401,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2401,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964925991307,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"17.253.144.10","src_port":46116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apple.com","domainame":"apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1717h2_5b57614c22b0_e6dcd7ae0a9e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1760964925991307,"flow_dst_last_pkt_time":1760964926010683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964926010683,"pkt":"qFlfzU+rILAB4IZiCABFAAA0IIxAADYGv\/kR\/ZAKwKgBjwG7tCSc2eiqYU+GT4AQAD\/tbQAAAQEICmudCfgO6n1P"} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1760964925970876,"flow_src_last_pkt_time":1760964925991307,"flow_dst_last_pkt_time":1760964926010683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2401,"flow_dst_max_l4_payload_len":218,"flow_src_tot_l4_payload_len":2401,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1760964926010683,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"17.253.144.10","src_port":46116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apple.com","domainame":"apple.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1717h2_5b57614c22b0_e6dcd7ae0a9e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1760964926071819,"flow_src_last_pkt_time":1760964926071819,"flow_dst_last_pkt_time":1760964926071819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964926071819,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"23.60.189.51","src_port":43052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1760964926071819,"flow_dst_last_pkt_time":1760964926071819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964926071819,"pkt":"ILAB4IZiqFlfzU+rCABFAAA8mylAAEAGCOzAqAGPFzy9M6gsAbsjQ4wNAAAAAKAC+vCW1QAAAgQFtAQCCApFLHioAAAAAAEDAwc="} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1760964926071819,"flow_dst_last_pkt_time":1760964926088581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964926088581,"pkt":"qFlfzU+rILAB4IZiCABFAAA8AABAADgGrBUXPL0zwKgBjwG7qCxQFW9WI0OMDqAS\/oguWwAAAgQFtAQCCAqC7Cr\/RSx4qAEDAwc="} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1760964926088655,"flow_dst_last_pkt_time":1760964926088581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964926088655,"pkt":"ILAB4IZiqFlfzU+rCABFAAA0mypAAEAGCPPAqAGPFzy9M6gsAbsjQ4wOUBVvV4AQAfaWzQAAAQEICkUseLmC7Cr\/"} +04003{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1760964926089765,"flow_dst_last_pkt_time":1760964926088581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2599,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2599,"pkt_l4_len":2565,"thread_ts_usec":1760964926089765,"pkt":"ILAB4IZiqFlfzU+rCABFAAoZmytAAEAG\/wzAqAGPFzy9M6gsAbsjQ4wOUBVvV4AYAfagsgAAAQEICkUseLqC7Cr\/FgMBCeABAAncAwOyj65eVxD0V9szoOpQcoDM\/WL41nTn7wNJNxd8Si+GyiAMm0mn\/g4CWTRnB\/FBszP\/\/F5WLKCHdnnC+RCM1gWLVQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEACXEAAAASABAAAA13d3cuYXBwbGUuY29tABcAAP8BAAEAAAoAEAAOEewAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwASAAAAMwUvBS0R7ATAkmQynywX38AihqYq6KswDEVFVbgHraAYXUwYhVyxgBN9GbDKBnp3PdCqLIgtezpbc9PHrqKBEypM9GB9A\/euT4OuOPPA6UaXafPG0ZQozShrSCfB2wFzL8ErvTkT+yJfX2S4uIKQdSBM23t6txNIw2I6ACxNiqpzONx2xeXHbSV0DiEjcsQZpNXISDKn1qEkRPeW\/tqDKOsvEKIV\/NO4N+eNxPteLpabGLmvzcVkf8vECvu\/eEtLCKsLJhouc9WBuJubJCMkjfmPfJiGp5qLdmB+CiKF1UcxSzQC8Dq7uUxH7NBKqjafVrIL3rorYBo3TXQl9UQZgBIotamFfbnNu6Bx8nxDJPl0TmGu1gqb3awFxLY4FmQhsrlMBXuJkEEtIdNPYtl2buSg8joKKFW4E2BqdXTGQ6xdkNCULFpLqAeaFhOrvJVbzzM+csALFexR\/iO6ERwVqDJSm6suRANi9kK4FdAsiTpHZcU1cKW879eBBoZhJqQa89CF2fwXAdpPwUm47CIaa2rFSiwtGmIjL+UCPAwEy5iYd3pAqdCZJ\/gQA2sMZloG0agHwZQyNJsrsHvIm2uMXkqGMdm3itUdV1pKySfGJVCgtCxYPrV2mFPMgqyeZRs9tyNEfiSu0qDA\/KCPpnRJW4WpWXh4ONMMrKNb9IZ6u7BO7NDOTfMaFdwIJbKv7jGk7enMlBvFH0KZImAZgeeEdOVjf9wdzpEjIQhw58oIh1twlhpda1TPQegKvoaA6edwvkjE2EhkslFP7pNWoDJ5GsKvDJA0+ux70MLDrJdhJtF8HuWaVWYFugVGAiZQaRSRCVOWI9mUXzo7pIqj9PJd7TS4\/UmALsaDtnQpL3QQS3lb\/FqUpRo1nakAKMCK8OZt26xAlAN78nuEyYVw0VKwn2c6u6eEuvkEOgRGrSwcv6WMnKaEDsq2HtMDlaUomiLOmSg2jNUFn0Y+ZJx2vXU3zZMSAB0yunwDOWSL6IoT0GhKRSFHCRKZfIiWFrMcziZAn+XHxlJ7JVQBt8OavmmzGLg5r7cupwEg0NBO61DExlB9KLgKa7mnNWx3+dLB7XNp0dSDwoOTp1Ya7ERIbWhPwORiBBlbAQI6F0G9AybBZLaU9mGAcaFphvM5mZMjWxEbfKoMGet1M+LPZqMehQw4LBlRMscQjDxo5hhgwdUgCqIbvhe9eAQo3FIR9OjOgmy3FVe\/\/WOKDEt4CAYwwfWdYZYVD7NLpnNM8CPJEVQ2AAxKsulfzcodgtA\/VQBNV9NBbQWWhdw989l5A3dntAgn67UjixYLw4N54+E\/OmmR3UJfpixxNfEC1qkwu+ZsgGIgVJaTWVo1drhl80hciaA909tathSwTyW2aCZni+uHGgUmEvR4Vqg7fXqCL4udaYUMlhQTjBmjhfaPVfm4gVOrSjhv0rDO0TEfkiGYAAxqu6J+b5YLPFl7KGIUHgCoYck9SMK7u7w5yOQhvhhLcsaEGZsse2nFJBFQnEpYSTFsCeEczitbedkYjZm27yp44YGPayZ9wMYK4EIp\/+l\/awWHEwrS16Egscinj2jRDq1wEbkUW3MlDCYAwl5yjb\/1Jnho9E7LxWiDLAcpGw\/esNQ5A5lkxg\/LUpx6JAAdACByjb\/1Jnho9E7LxWiDLAcpGw\/esNQ5A5lkxg\/LUpx6JAAXAEEEuUSDYYECXFg5pioSiVeVX69J2NZh3iFGEuQuN+USyS9Qb+t53w9sO8JlEoV38nltTmQP3D5BlEUS4dIU1ZWagwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAGwAHBgABAAIAA\/4NAlkAAAEAA\/EAIPCUwN\/PxfBX+zEW1x19D8c5aF5g1WmxlOwkC6ie4x28Ai+lP+Zizp\/RR6mYL2PQaPt0l9Fvx9ai9jEmO2CdFw0v05Jxt\/zqzsY5LEa4hpQCnDNFd0TzyZ0o\/uLo1x0iANZZ82DH9Fy6ZMR+25D9pQMQCwBbPk1oQ8k2yNVMCOxevAxg9tGwWtCWRqxiKTLfshk4450oUgbUvSGL75mSi3jFzQj90vUUIzPKkHsOUZUh0yt6YOXwCxtgnigD1LiroEgpMhPGH8steTJ9xWd7ItkehIbjfObuL3Y+Y1iiYBk5VOy\/gtNgGo1DfUVpLqkP9wqPaNDcDyUOxd8ahrDn6HdsZIKcpdHOigls\/o8Pd46xmDDTpPPDgCI0yxsXwDN5eohVN5RVgpIG6KaJk6U6R9DQ2qH1owFtNsuk8LGtCpsA6kFnq7COsS6YXgQXpnNL4MtKMYKp1PCE6X5pEYXnxWZcQD79Iufto35BE2drYkxBJTQ1Jz71vdJVtDUY\/GbImNOYV5q6dcjk14zBsmasoA0BvZs9k00GDOCaKOJJCHZkfwXQSpoYcna0djkkKIWGGNVoS1YfePWtNhCw46qNWKrWNEgFUEmllNXsL2t1xyJkuJ7Yll8mKJlsBVyQdetxAGiPM5di3pkdLRraDuDMFaxG+9DPRBT4WD9UA7g1p64largmyu4rER50R8SxKkPhq+6qsY\/WqkLQitMMS15xj\/ttqVpNfyfmqKKpiNplTqGGeXIT\/2KZAm0cA0mcLAAMBdTKgmvcRqhVjfz6ngwbzT\/3ACkBOwEGAQAAABrKC0\/yEo4Drj12iDNbAl9BKnxhuTBwHXLxUbfL2\/kw689UbbdgVchmyvFBwIafvR3xMG+fwU5iO+hEOOcj976QGAYd6BSAsP9cHow7vaW4MU95UFKqaN1io7A4YvLUNzMA4w\/A3SaPIvjBCFvRkeJW3eT\/mriTI7zJfXHci1BlSRh2DHAzVYSWq9PqxixHysm4A4h2qsZ8uh7XrlYX0kux3ksj9zXZX7YD3nfDggxVxZSfISrKDRDoYSMmjXmRjmNxvs+B0a\/QMNsTpu\/j1mtd5nzFyMsxiUGoju39PVYVZmsqFmybAqzyU19JEjRZf+IWjP\/68G7qyPGT2wNZ6+lHwQAxMCiIBIegn9ov3KKX1kdfaziYmxgJ9wOVi55KYPuav5hXBDsh5eloXgB02p6okM3p2g=="} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1760964926071819,"flow_src_last_pkt_time":1760964926089765,"flow_dst_last_pkt_time":1760964926088581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2533,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964926089765,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"23.60.189.51","src_port":43052,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.apple.com","domainame":"www.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1717h2_5b57614c22b0_e6dcd7ae0a9e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1760964926089765,"flow_dst_last_pkt_time":1760964926106571,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964926106571,"pkt":"qFlfzU+rILAB4IZiCABFAAA0aUNAADgGQtoXPL0zwKgBjwG7qCxQFW9XI0ORtoAQAgxT2AAAAQEICoLsKxFFLHi6"} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1760964926071819,"flow_src_last_pkt_time":1760964926089765,"flow_dst_last_pkt_time":1760964926106572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2533,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":264,"midstream":0,"thread_ts_usec":1760964926106572,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"23.60.189.51","src_port":43052,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.apple.com","domainame":"www.apple.com","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1717h2_5b57614c22b0_e6dcd7ae0a9e","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1760964926071819,"flow_src_last_pkt_time":1760964926107827,"flow_dst_last_pkt_time":1760964926106572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2533,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2705,"flow_dst_tot_l4_payload_len":264,"midstream":0,"thread_ts_usec":1760964926107827,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"23.60.189.51","src_port":43052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01043{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921435471,"flow_dst_last_pkt_time":1760964921435421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4419,"flow_dst_max_l4_payload_len":1858,"flow_src_tot_l4_payload_len":7117,"flow_dst_tot_l4_payload_len":4694,"midstream":0,"thread_ts_usec":1760964926107827,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1760964925970876,"flow_src_last_pkt_time":1760964926031823,"flow_dst_last_pkt_time":1760964926050964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2401,"flow_dst_max_l4_payload_len":850,"flow_src_tot_l4_payload_len":3172,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1760964926107827,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"17.253.144.10","src_port":46116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cfgs\/custom_rules\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":63,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1760964926107827} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 63/63 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 19370 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 9481463 bytes +~~ total memory freed........: 9481463 bytes +~~ total allocations/frees...: 154612/154612 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 573 chars +~~ json message max len.......: 4008 chars +~~ json message avg len.......: 2289 chars diff --git a/test/results/default/1kxun.pcap.out b/test/results/default/1kxun.pcap.out index a595a59b9..a7170aeb1 100644 --- a/test/results/default/1kxun.pcap.out +++ b/test/results/default/1kxun.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -687,7 +687,7 @@ 01009{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01146{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01497{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -959,7 +959,7 @@ 02872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01116{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1086,27 +1086,27 @@ 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120591,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPtAADcGHEesaXlSwKgCfgBQlawVUngs+Pyij4AQAOvjqQAAAQEICsmibePytblgupUqqNl16+S0Pz2Eh252smBlVkADDp1rpWh885p2i36jktrhwQI+Nu8uV5x\/h60qcXO6Whaq0m\/wsIFVFwkjNhQQQMHPpn\/PFJJrQFfmeliOSIMA0uQzNkgA8fSpst3ub05uLstkKkSu5ijB2\/xlx396cIq9lsE21Dmmx5ZI2YNtbGAV7nPb\/Gpm4x31OdNtJrQ6jwV8Evjb8R9Pk8Q\/Df4MeMNe09WKNf6J4Zu7uJTuClN8SFc7mAIzkZHrUKrGOqdmbrDYqrTvGDavul\/Wx2erfsMftuaR4bHjTU\/2Pfidb6Zgme\/k8E3oXjuw8vcB74xUyxEU9wjl+OjBydN26adTyy8muI3Nnd28sU8LssqSRlGjYcFGVuQQeMEAit\/atpHFCmqU5J6f5lbyQ6iQqzfNz8vFJR57Pc9KOIjFcm1ydIJAwyoXnJXGDnFdUaMr3OSc4u6TJoVMauCoyx4IHA+grX2WrdtTgqwUmrO5O2mEqZmDKY8HZtxuz6d6znSdrs51XcGkupWkhIlEJjlOBkBR3rmlJxZ0wqrl03HwxtuLxxBQo\/eB+\/FbUnJy0K57e63dsUSJHFskQb1PY\/55q4zUWJt3vHYYZopJhuiU54cdAaUpKUkxxhPl91jQ0rk7ZRwvRCeT\/SplJrbYrkUI3f4n66a74A1CbVbmRrmM5nJMbSHn6nHH1962WIVj8xeWTnUlJvq\/zMPUNHl01haX9oyMR8rZyGHYj29xU8zkrozqYd0nyyVjKvLSN0AeULt+5t7+3NbQ2TZyVaUXYxL\/AEh5GK+dyysAxj6e3HetVJLY86eHvJnO3trGsmY1O2Pk9Tu9smtlM4HTipWGuI2jjcF0KEoCsWcg9uen4CpuaOMOW4huYYoltyxORwpG3Pt+NBfMoqzILy7VpZmVlJ3qFbIwwI747g8cVpFmFRtN29CtNYzFGknI3Md25c4Ue5547Vakck8M9W\/kYuosXT7MVjXyT8ofO1h6\/T3rRGDcnKzWxRntp4GZrmIhvvIhByAQPXpSbuaJKO5Qni+0r5ogUKuCzDJGOvfr6U1I0hzXuZVxGHQtsbJUnOCce+Pyo5kdNN6mZeWiRgKkm9uvFS\/I7Kc5a3NH4cfCH4pfGLxJD4V+FPw71zxLfSvtS00XTpLghsZ+ZlBVB6liAK56tanSdpOx7OAy7H5jJU8LTcm+yPrT4Ff8EBv2wfiz9g1L4vahoXgDTbmQm6tr+X7bqUUY6MsEXyBjngNIMY5xXnVc1oxbUFfzP0HLPDzNaqi8RJU79NXK3ov80fQtt\/wTm\/4I6fsKRWg\/au+K1p4j1owF5U8V6xtjDRbS2yxs+QSSAI335GRzg1xPF42u\/cWnl\/mfVw4d4UyZJ4qSct\/edv8AyWN9eyZ9GfsO\/tofsjftC6D4o8JfsjeCbzw34c8FXVtbzXyeFI7CyuXmzs8mOP5t3B++oOOcYzjnq0atKV6j1fzPoMrzLLcxpOGCTUIeSSd\/Tr66nwh\/wWM\/4KyftM+DP2rtY\/Zv\/Zp+LmoeEtD8H2kVjrN3pVtEtzfam6b5iZmVmWNFeNF2bfmDHJ4x34HCUatPnqL0Pl+J+Icbgca8JhJ8vLpJ9b9bPyPzk8Z\/EHx98TfEL+Jvij471jxJqMhy99r2pS3coJOcbpWO3r2r14U4Q+FWPgMTi8VinzVJtvzZl3sQMarxuZec+h9K0aj0OSm3fU\/cr\/gk5e2n7VH\/AARuHwa1m4ine10PXvB1zGyZ8vAlMO4e0c0RH0FfL4mPssW35o\/ashq\/2hkEYS\/llD5WuvzPwcvLW5sh9ju1IuIGMcwIPDKdp\/UGvoU+aN0flUouFWUezIGXEYcxgkHkAcmn01KUtbXHRQyYdm3RYIGO7D0HvUq4cxoiP7GjXsRKSRoDGzAnKkcj8cVWzujmbVX3"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01094{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_usec":1654385181857708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 01862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1654385181897114,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_usec":1654385183491860,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01766{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01764{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_usec":1654385183495868,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01753{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01751{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_usec":1654385183496601,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01747{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01745{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01084{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183514792,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 01082{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183517888,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 02778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_usec":1654385183520039,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_usec":1654385183618295,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01786{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01784{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1654385183642352,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02061{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_usec":1654385184096708,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -02085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1654385184117986,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} 01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} @@ -1114,7 +1114,7 @@ 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385184139299,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_usec":1654385184174078,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01527{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01532{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385184282680,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01942{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184845262,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} @@ -1124,22 +1124,22 @@ 02043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1584,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1654385184927393,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} -01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01176{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1654385184928623,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1654385184938285,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1654385184942273,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} 02472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184942885,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} 04399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184943456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184943456,"pkt":"nLbQ0+MztKXvZygQCABFAAtciZ0AAPgGVjwSQgJawKgCfgBQi1Aw2KNaFQTlKYAYAIPjEAAAAQEICjG9uf4hNwYeQbsg9lrR\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCBQQQQKCUoJSgl8UFMqwlOyqPJLvJdD+U1NwRaJQ9yFWVy9j1ThsgYSZISdQTt7l0aOvfT7dnp7HxLU284nmrcovuRmbDuSYNebaPA77D5r1NHcRbmk\/k\/UTXZeKaPTqRmff1hp2aMrV+EOMsYM9L0e0be9d+nq1vx6vxXifgO42Uzav3qe7AhwINvqWvS8SEAfEquFoA\/wTCUObxKBzaJEGEWuIuiMHMehQxCPN5qyC4I1VUYZfKeZsQwKpBY8y07j343HSyzvpVtHL2PC\/GNx4ff7s5r6w3\/ADHhlHmfLLMQoh33N5mO6g+C8rX0sxNZ7w\/d7zbaPieyjX0o7\/8AzDl0kT4pXxPbZzDykFeXMY4l+AvWa2ms94QGqhRMiMpmhET2TDRFcotAsgmaPK6spMItCqr3b5w64e1GKCOvxUOhpSQWR7OkH9gVLWfRPK\/kXW30V3O8+7p+kes\/8Q7Fl7AqWgpGQU8DIImjRrRa\/vWczl9n2Ww2+z0o0tCsVrHszFPE1gs1oAUOxUsEBBMBZAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEEqAgICAgICAgICClPTxSts9ov42Qx7tO4gZDw3HKVxlhbHMAeSeNtnA+amLYflfMHlLYeL6c9dcX9Jju4VnbK2J5aq+yrIi6F5+9zNHdd+grSJy+AeP+Wt74LrdOvX7s9rek\/wDVglbL88fNIEPoqRAlRCYylUpSuI8UWQ0soyJSdwpWqzWRMK+6OKB723jiNzpolYe14Nsf0jXzPaHR66rhwzDHzusA1tmjxVpnEZfvdxudPZbadSfTs5tX1UlbXyVUriS46LktOXy3ca9tzrTq39VC\/moUFECBUpwg33qqUbmymOwXTCIQv5pKS\/mmBEGzU9B7LV39gCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBBA7IIIJUEh2QS+KmBLZQPI9l0P5ShKVMJS9dUwslKhMTlVw6sqaGcTU0hY4HodCrVtNZzDfQ3Gpo26qThvmUs2Utc00tcGskdoQ4dx679HdRPFn67w7xnS1o+Hq8TP8JU81ZGpq5hq8GcI5j3jETo73L09Lc+lu3u5PFPLGnrxOrtOJ9v+HPq+lqaGpdT1kLopG9HDddsYtGYfhtbb6u3vNNWuJW7iBqkQzqXUYEL+ajCfREHQ3KnBga7QpgwA26oYA64RGEebS3ROEYdB4E4q909Rgs7+4Wl8YPQhcW6piOqH7nybvbTa+0tPE8wxHE6kZSZomDGBoeAbea8LXjF5w4PH9GNLeWiI7teYFi8RM0aIqnaEVyjbogi0IqmaPBFZdK4R5E7fs8YxaElpINPA4b\/viqXt6Q+qeSvJvxOnfb6vHetZ\/rP9nY8OomQsBcBzAaADRoWT7DWIrGIXjRdEooCCLeqCKAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBAQEBAQEBAQEBAAFrEXCDA5vy\/RYvhktLUwtkie3Yi5afEKYnDzvE\/C9t4ltrbfcVzE\/yeduIWVKzLGKGKQOfSyH7zNbQ+R81rE5h\/Nvmby1uPBdzNLRnTn8Nv8A56teBurPzMJUIxKHihhLdFoS+ajslAlMLVKaJ9RUNijF3PNgkNdLTte0Vj1dRyjhbMMw1senORd7lpEcPo3heyrttGK+vq1vPuKmsrvVYnfe4z06rDUtmcQ\/J+YfEZ3Ov8Gk\/dhgSbCw6LF4UcIX1QEECowmEQdLqUiK55E6U5R+pEpR1UcCF\/NMQPZyu\/sAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQSoCCVBKghZBIQgkI6qw8klbP5RSkeCJhIrJiUqrMJhKi2Uut7jceCJiWx5SzfV4W9sVSXTU48T3m\/Fb6evan0e54d41q7eem\/Nf5t65MBzfhtpQyRxGjxo9i9HQ3OOaT+T9RfT2Hi2l9\/n5+sNBzjkXE8F5qilBqqTcPbqR7wvU0d1TU47S\/EeK+W9zs5m9PvU94aoCLkG4I6FdGH5+PaT3KMJzkB3UYEA4oDXJgwc3RRBjhMD4KTDc+BFDJVZyM7bhlPG4uPwXJvLRGm\/T+T9tOr4h1+lYld8ai05kFt+TVfn9f8Tr80TE7vhpzQsH5lOwboqi0eCKpmjwQTMGiKtx4QZXON4t63Ux3pKZwuCNJHeCracP23kjy5\/2luvj60f4dJ\/jPs73hFKyCIEsANrNsNgsX3ytYrWKx2Xg1RZM3QICANUEyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQQOyCCDW8\/ZepcZwaajmYCyRvdJGrHdCFMTh5HjfhOh4psr7fVjvHHyn3eacxYXUYPi8+H1LSHxOsDb2h0K2ieH8u+KeHa3h27vttWOaz\/GPdYnRQ4EqsJb7qI7LJSdCnPqJfykwtVtPDfCnS1JrpG9xmjbjdWrD9N4Bsptf41o4hs+bsSGG4UWg\/fJRYDwS9sQ97xnfxs9rMR+KXPy4uc57jdzjdcsy+dVzMzae8pTayhcvpa6junADcb3UpEVTMN1MRkFbCpbqmCJFEwtHKVVTlDrqiXs9Wf2AICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBAoIdEEqCUhBJZB5II6Low\/lFKglI0QSEWRaJQROUp0CJS28kMq+GV1Vh9QJ6OZ0bx1HVTEzHZ0aG51NC3VScS6Jk3P0FQ0U2KgRuOhcfYf7wuvT3GeLP2PhvmGl4+HuOP6Su81ZCwfMMLqzCXspqpwuAw9xxXpaO9tTi3MNPEPLe030Tqbeem0\/wAJcuzJgOK4DWGnxGmeyxsHgd0jxuvW0tWmrXNZfP8AfeGbrZak01q4Yy4IuFfDgiRVmEwgbphICRuoxkRLrA\/JT0jtvBDBDg2UJMSqm8ktcbi\/Rq8be6sX1OmO0PqPlTw\/9D2E69+Jv\/RzrPmIDEczVMzHczQ7lafcvHvbqtl+M8X3P6RvL2ieGIYN1m8tOiJRA1RWUzOqIV8NppaytjpYQXSSvDW\/FGu22+puNaujSObTiHo3h9gcOE4NBRxtAEbQXm27lhM5l\/THgfhmn4bsabekdo5+c+rZRsoeumaEBBFougiNEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385184944474,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01471{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01476{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00942{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1654385184944791,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 06320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184945955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184945955,"pkt":"nLbQ0+MztKXvZygQCABFABDwiZ8AAPgGUKYSQgJawKgCfgBQi1Aw2K6CFQTlKYAYAIPopAAAAQEICjG9uf4hNwYeEBAQEBAQEEqAgICAgICAgICAgIIFBBBJI1r2Fjtig5B6QuWjNRjFYIwZabSSw1c1XrPo+U\/aV4D+kbeN9pR96vf6OMA2V3wyEvmphdBQJCiYVcOgdVVscDBcucArVdG30p1dSKR6uqYPTRUGGNZYNZEzVXjh9J2ujTbaGPSIaJmvEjiOLPeCezYbNC572zL5\/wCK72d5upt6Qxt1k4UGk2Q4L2CLDSiqZl1aIRKYbaK8QrMpraKcK8oW0TCcpTuVWYWiUvxVJ7rVQULVe0FZ\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBBKghZBLZBLZB5IGxK6e7+UIS9FCUpCCVWEpCqnKUhT3XQI8lAltuhlLY9FYZvKuacTwWRojldJCDrE46K1NS1Z4etsPF9xtJxE5j2dMy\/mnAM00PqOKRxOLhYxS2uPcV1aWtic0nEv2m08W2PiWl8LXiJ+U\/2a9nLhMJGOrcszh7Tqad2\/wXraHiX+nVj83ieJ+S8xOpspzHt6ubYrhuI4ZUOgr6OWF4P0mr1KWpeM1l+H19pr7e801azErS48Vboc2S48UwROeze+EuQavHKuPE8SidDhsTg67h+F9y4N3vK6UTWv4n63y75b1d7qRr60Y04\/m3ji7mKDCcHGGURa2WRnIxrfoM2K\/O6l5iJj1l+r8xeKU2u3+Bpd5jEfKHHm3JJOpK5nzSZmeZTMCImU30UVRYiqZgsg3\/gLgorMakxOVt2Uw5WXG7iqXn0fRPs68Jjcby27vHFOI+rulFH2cAFtTqVk+4KzeqCKCLRdBFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBA7IIICAgICAgICAgICAglQEEqDF5noo63D5I5GhzXtLXaJE4c+729NzoX0rxxMPL2b8NdhOYKqgcDaOQ8n5p2W0S\/lPxrw+dhv9Xbz2iePp6MUeqnu8yEPsUpSlVWjltfDLDWyzPrZB7Gjbq9X6jy9tIvadafRnc+Yj6lhXq8brSS7+5Re2Iep5h336PtvhVn70tBGg13OpK534OkYL3uFVZC\/VFi90RCManCEzSALkq9YUm2IZHBcHr8SJMERDB9Ky0iHZsvDN1vJzp14XdZljFKaMvDS8NHRWw6dfy\/vtGs2xmGH1Di1ws4aEKuHjxM5xPdKdvNVleEh+CpK0IbhQl7RR\/YQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBA6IJUELIJbIPI9l1P5PSnQbIsgdQokSkeagSkaWSolI0QS21RMShqiUtkTlC3khmEY3PY8OY4tI1BBslUxaazmG25R4gYvhAbFM71iIflHULWurMcS\/Q+H+Y91tfu2nqhv+F5xylmOnEWLQQF5FiJmgEfFbaevNfwTh+s0fG\/C\/EK9O4rGfmg3JPDqu5nxMYOb8h+y66+I7iPVWPAfAdbMx\/IZlHh1g16idkZLdW9o7dL+Ibi0Yzg\/7F8B2kdd4\/isc3cS8Po6T1PBI2vLBys5RZjFwzqYzPq5fEfNOhpafwtrGcdvaHLMUrqnEq6Srq5TJJIbklYTOZfgNzudTcak6mpOZlQaFDnTt2uio3X4IiUzPZRCZgJ0A1RV6B4PYO3Dsr0kZaA+Udq8+N9Vjacy\/o3yb4bGx8J06zH3rcz+bdlV+pTN0CANUEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQEEqB0QS9EFOZvPE5niEHAvSLwxsGORV7BYSjlebdVpTs+Efad4fGnvabmv+riXNlo+YJfHVR6FSJpkeGNFy42ClrSvVOIdUynRtpMIiZygEM5nK0Q+k+GbeNHbx8oy0rOVc6uxp9\/ZiNgFjecy\/CeM7udzvLe0MTdZS8+Et1CUL+aJhFtvFWqlMzxVohSWTynhj8VxJrOU9k32itKxl2+F7C2+3MV\/0x3dBqZaTCMOJHLHDENTtdacPo9p0tno9NOKwky9i1NilOZaZ3My9nApE5Rs95TXrms5hqXEKgZR4sJom8rJdbfWqy\/DeZNjXbbvrpHFmvuKzmHhVUzZZrwgiXtJH9hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBCyCCCFkHkZdD+TsoW1RKWyH1QABuUTEpbeSHZC2iGUtkTE+iUjdEwlsiaoKcAmCpYKAbobhERMwq09VUxfg53t9zlMNK62pTtYqKqpn\/DTPf73JlF9bUv+KcqYHiowzRaNUVTAXREo28AohCLR4KVUw1RWV7l6mNXjNNTDeWVo+1HZ4bt53G809KPWYemsuQNhpGtbs1oA8li\/qTbacaelWkdohkm9VVsigi3qgigICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBAQEBAQEBAQEBAQEEqCB2QSnZBKUHL\/SNoTLlx0rYweyeHX8Fand85+0nazq+F9cR+GXBzday\/n+qUkXKlMMhlGlFZjLIydGjm+0fpUer0vDNGNbcRWfq6fiDhS4NO8G3KwgFXfQt1aNHZ3t8nK5HF8j5HG5cb3WMvlUTNrTaUg6rOWiBKiIT6DT4KThFouFMRlEqtHC+oqGU8QJc820V4hWlL61406d5dPy1hcWEYWIwB2rhd58FpWMPp3hnh9Nht4rH4p7tC4n48aupOH0z\/AL1Ge+R9IqJnL834zv8A4tvg0niGQ4KCTsKkfR5gkOzy5nFl5xYBD6e40IUuTzhmLabTyVSX5KvZKTqqS0qh5Kpw9po\/sIQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBCyCCAghZBBB5G3XQ\/k1BE8IOCEIEInKUhWKoWVVkv9iCWyIygQiapbeSBYIFvJTyIWTIWUVRlFo8ERlEDRBFoREpkQDVEZTNGiIRaBZFWycKKMVec6ZpvaMl\/1KtuIfp\/J22jX8Y0on05\/g9F4W0NpbDqsX9HVjEYhdN0CJEEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBAQEBAQEBAQEBAQEDoglQQKCUoJSg1XitRtrMr1UbjvEbHzU17vB8zbWu58K1qT7S8xuHK5zfA2W7+WLRiZhIShDMZALRmAc2xZb+kFFfm9nwPEbqM+394dGzJAZcvVDRe4BOil+48T0vibDUhysNs0g9CqYfKtPthJ4qkw2ieEG3UYSAdEwI7Dz6BWhS04hvnDPAewgOJ1bO+fYafmtKw\/beWPCfh1\/StWOfRNxLx\/7nUDqeF4M8wtp9EJl3+M+I\/ApNaz96XKnuc9xe4kucbkqH4aZmeZdH4KMd9z6gkaFwsph+w8t1n4dplV4vFwfTNtpb9KlxecJnq04aYVm\/IQlvuqroKMD2oof2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCVAQEHkXYFdD+TUN+qCCCBQQROUqnKULKExKHkiMpQgW3RZCyIhDlRJyoqNHggAeSGUQPNEZlFECIyiBa6IlNpbzRVEbIN84AQtfmmSVzb8kRsq37PoX2b6VbeJ2vMdod3ohaBvuWL7oqoDd0EyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggUEEBAQEBAQEBAQEBAQOiCVBAoJSglKDAcRP2sVLvBhUw8rxv8AZ2r9HluuaWVkrSNQ4rd\/KmvWa6ton3UVX5MoVcMndTVrJmm1nC\/1qcujbak6WpFodhwqRmIYQCCCJo7fFS+pbe1dxtsf7oc0zJhs2G4nKyRh5C7Q2TD5d4jstTZ7i1bRwx3LcabKkw5azwlA8AownIAALlIhHVhsPD3L8mK14qp2EU8Rve2hVoh73l\/wm291viXj7kN7zFiNPhOGumeQ1rG2Y3xU5fvt5udPbaWe0R2cXx3EJcTxKSqlN+Y6DwCS+b7vc219WdSyyPioc2XT+CTXHCprjTnFkftvLMT8KVDjBIfunDEQbAfpU8vJ84Xn9JrX0agToqy\/LRCUa3VMLCYHtRVf2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAghZBBB5FXQ\/k1A3Vkd0FVIpwIWUZRlAjyU5SgRuoMpbItHbKCnkyW0UYEN0C\/kERygiREdxEdho8EEQPNBECyKot2RVFAUxA6H6PQ\/yvVu8GD5qmp2fS\/szj\/xmrPyh3OAWhb+aFi+1pkEW9UEUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBKgICAgICAgICAgICAgdEEqCBQSlBKUFhjcLJqUNlAczmF2nY+9WZ6mlXUjF+Y9nlXNFhmSvAAAFTIAB07xWkdn8m+LRjxDXiP91v6yx520VnBCVVWhuXDPMDYZPUKqTla78G4nS\/gpy\/WeX\/E4pPwdSceze6yioMXpTDVxt5iNHBInD9fr7Xbb\/TnT1o592g5lyhiGHTudTsMsJ1BHgrRy+eeJ+XN3s9SZ046qsA6CoabGB99vZKYeFNNWJxNZ\/gy+WMr1+LVTTJE6OAHvOItooxh7Hhnge53upGa4r6ulMZR4PhPZMLY4YW953ioy+mU09DZbf4dOKw5JxBzC\/GK90cTj6vGe6PFS\/AeL+JTutSa1\/DDW\/wApRh4xqeqhPzdV4IRv+4sjneyXCyP3flis\/AmZWPGcuGNRAjQDRHiecM\/pdYlpzttEflqpVVYvdMD2ss39hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg"} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184953988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184953988,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184956858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184956858,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} @@ -1155,7 +1155,7 @@ 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184973564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184973564,"pkt":"nLbQ0+MztKXvZygQCABFAAXIKLQAAPgGV\/cSQGcewKgCfgBQjy5+eJ1f0XpgIYAYAIMAzwAAAQEICvuAHVOcUadRJQJEMyhfWzk4c69t8VudXr6pn+znDQ0VEhQPPcyGS61d5+1zHyZ4kw8InhkhW68pyvvrnzX5t\/H39maFxWc2r\/jFxwq\/hEVoXAiKHiLMU4\/KyHs5sV1wD559f9zcFztWUj0ihMMgtggEDfMxXUM9dFGV6JcgarAA5KIX8Rhx4KKjXR5FenSf6ir4Wu45nkDFW59zYej9BmKhpdMb8rY8eNPnAfGmIQzij55nkq\/uWJQgPv88G0x6gqY4XOyV9k8a+qsSfYKU5lLVQEUHepnWRDQfUc+335Q9qXuFH7f+8ng\/aQrf84kI7WaO+SnxnLQouz0Cv9v8f3lE+4owCfP1Cz8OEYnQkhXEehYZgVia7bxcHiv6v4xaanozJ5rmOorquwr9GrpFyxLzcpsLlUqzK+KacyS7QwJS\/Ky0\/PTcIlt8ZLwU7TL\/\/o1pr2hLdfT095T4mmP+2+1ddHU48Byxr3aLa3WT\/jG\/C3X6ePA0eanW9XpA7VJvL\/6JmLlix5z9hSS3OqzNKQTjBUM3s7KkvCOkhFHfw0EXJwWgoKSWmSsy5BrLZEfkM0FV7a+ikWpLo3uxdOw31fp7dfTjbB4kd6HRjhDkihmhg3Fxj9HXloHyHwvckfdTCsRiouxlgct7lNCoCgpUmfTu6Yyx7kf\/6aih8KzpyyqkP02jZkyX6OCTx82lz89o7u9CyGfsWhKD\/7BBbiMdXaKK4TysUCFlwE9GGF2seEuicF8r6CTuiOZsrl8ro7A0wal1282SC8UewlAVeiOv42DSkeq4dNBmW50TVjG35t+WUxNn4Q3p5nPJnsGwNKxtQn\/XWWm1U5Gt7+GDvLGqhGlz\/Ki8pfJccVYEawTw7SCN4wp\/3ocQ6vkT4Dpx9fSRTemmYi6pENOZS6VuARnHqwYSWl4t6yJoHK9sCfi9ST8HVXbqDXWFZ2q3BJnFLL2KjKRKEQ6cwz09MaWHVSAOYMFLPRa1P4jAx3PdtEcA6Suw\/o0nBxQpA1VcK\/L5h29Se6TnnwGGwNCLWwcEJVFxaxhV\/90VokUL7AtF\/O2q\/1vhOGyiX6EkZzZs6nexDcqCRxLporgd6yB4OIQ\/K5UvGbYe6+Sm7lH6OGAMK4UMwjkq9mCtaTHr7mvhnhxRuW7uj2lidYSV8hOTyPermC3rpaeQy2urqLgBbyapxA5Pobg8dWmnSefHpRew8i1Lo7xZJ2SpCdkX1yUKisC8EMEhExSgxRoJO6lJwnDpHM5WJ36k3Ry+3q9OcgN6NLQRO5pRs8nhTf4nqy7lt5uTY1pqNSduEscx56wTi21bJStBpnuJ8UvGJx\/R+YeP8QzcFQlKJycJlPLg6eX96ULPBZxzLMetvK3n66CoeI4YwUg4QxFhrIktxxA1moIwNkkn6SE2PJvny3Cxi6Q7lkUmD0rurnBMt9ApEb3z5XFrSDnmX6QwTGHURMLAjPSQ1rzsHHaLMjENdwshfdWaIsx0\/C+jJ4udEOtxA9Fm0BuIFf8jWdfxwPFpB7wf1zLIyaPgXgtem4PL4uFnUr\/LL8Mi6yuMoLm28awieMUxVDrx8BpEilb9smuibdWhYybgbrhRDSVz2VcvfeF7S52u5dohgrnorV7VIGu4Fbfjcdt5eZr90iPKqeLRmae8arWdU6pk0+036XKkyixVdtPL96eMfve4A6Zh9TvzUvY2yZhS+fWayDF170ogtacHtunN1Y8fbumfzzXBlbMPAxKwloCcANStnnowf0vhV+lwOAC5eJ0wwfBbE\/fZdlz+fa+lDBSbIFzwquAzceoahA\/CkYEf4Il0qBgoQR8xij74ARiwygmvlhBcVhebT1T8Wht+RIpph7wDNRWhIpJICJTvhB4xG3THeUUikIIY59QcKEF+mfeRHq7zWxIrV0MxaCgpfmHu"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1654385184982489,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} 04518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1654385185015695,"pkt":"nLbQ0+MztKXvZygQCABFAAEvXw0AAPgGJjcSQGcewKgCfgBQjzQ\/gIf3GAA7E4AYAIPMaQAAAQEICgAnDeicUad2d33ytWgxPP549E8++kcL03\/7Z00U1zPvd5U\/\/8YR2M0q4PPBMJux8PPglf8nf+J\/WlmA7T+B3oKJaxaPsyxAjo+gp2JAZ5f+d\/QE\/X16KoYvHYEq954+vunj+e3Gw9PlfRI7wGV\/Kcwu++3HT+gdRAlPuP4TwL+\/wXgPgV3QrzI7kWKnsqsRSgE4+UMeBH71hw57f63nFza\/qSLL\/OFoiNQfOuTbteZRPb6e0QR0tTv7ifp0lPj6fqAJqv05gqzIACaWCLm2CQJ3YQLH5hDxubHvodkW5lBnhujgmuZOB8zInqMh0Ahg+Dnl\/wXDsfHrS4oAAA0KMA0KDQo="} @@ -1163,32 +1163,32 @@ 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1654385185942149,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229374771,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} -01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229374794,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_usec":1654385229375778,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -02262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02260{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1654385229376461,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +01038{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229377895,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} -00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} +00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229377922,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_usec":1654385229378645,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -02262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1654385229379534,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01035{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +01033{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229398934,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1654385229399980,"pkt":"nLbQ0+MztKXvZygQCABFAACbqYhAAPUGMt80HbGxwKgCfgBQkOxILxECXvClqIAYAIBoGAAAAQEICvNkXe4Ae5ZkSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229406775,"pkt":"nLbQ0+MztKXvZygQCABFAADQbSRAAPUGBTQjnCwNwKgCfgBQpkaCxYqTe31v0oAYAHWAFwAAAQEICg9XxG0ZZxH8SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_usec":1654385229413001,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385229450708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01445{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01443{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_usec":1654385229460595,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01696{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01694{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1654385229557713,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 02469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":5,"flow_src_last_pkt_time":1654385229559611,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229559611,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkxAAEAGHePAqAJ+NB2xsZDsAFBe8KWoSC8RaYAQAfauuwAAAQEICgB7lxvzZF3uR0VUIC9pbXByZXNzaW9uP29wcmk9TmpJNVltVmhNakJqTkdNM05HTXdNUDViZFE5Xy1NY0ZjdngyeWc9PSZyaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWto"} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1654385229568829,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} @@ -1200,7 +1200,7 @@ 01577{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1654385232057407,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} 01348{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385232085154,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1214,19 +1214,19 @@ 01349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":4,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385234239203,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5RAAPUGSvIDer5GwKgCfgBQgRKT0VmtkWAGsYAYAHiq\/QAAAQEICk9CoLuWJXANSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjE0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPVpJSGdqdXNlZGg5Yk5qVWRLZ3BSZUsySU93alRKTnloV0psZHkvdUZiNUNYdnVnektUYnNkQWtqS2QvOHVSa1dDL0JlUnVJd2k0QWtueG9LeUJQcWVvTjBid2VRZnpFeWJZR0crVFdwdDBQL3NIQUpqUmdOdXVpWXUrOSs7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxNCBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1aSUhnanVzZWRoOWJOalVkS2dwUmVLMklPd2pUSk55aFdKbGR5L3VGYjVDWHZ1Z3pLVGJzZEFraktkLzh1UmtXQy9CZVJ1SXdpNEFrbnhvS3lCUHFlb04wYndlUWZ6RXliWUdHK1RXcHQwUC9zSEFKalJnTnV1aVl1KzkrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTQgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_usec":1654385235892637,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -02182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385236487007,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119358297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385120216027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} -00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} -01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} +00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385185166661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":6082,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} @@ -1234,18 +1234,18 @@ 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} -01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} -01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} +01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} 01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":12,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142861550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":27563,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":12,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385137088135,"flow_dst_last_pkt_time":1654385137795021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":37440,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":124042,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":8,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385145113565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":8192,"flow_src_tot_l4_payload_len":1183,"flow_dst_tot_l4_payload_len":18456,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} @@ -1257,7 +1257,7 @@ 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com"}} 01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} -01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385129190022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":817,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":817,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi"}} @@ -1267,9 +1267,9 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385157162185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":508,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":508,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385157178524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":680,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":680,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":1950,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} -01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} -01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} -01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} 01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":19,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385146051643,"flow_dst_last_pkt_time":1654385146257351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":51980,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146481114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":4320,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":7485,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} @@ -1277,14 +1277,14 @@ 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385147163604,"flow_dst_last_pkt_time":1654385147585918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":97896,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":28,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385147363303,"flow_dst_last_pkt_time":1654385147935185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1578,"flow_dst_tot_l4_payload_len":131729,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":23,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385147316212,"flow_dst_last_pkt_time":1654385147926816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":126758,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} -01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 @@ -1293,9 +1293,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9257069 bytes -~~ total memory freed........: 9257069 bytes -~~ total allocations/frees...: 145272/145272 +~~ total memory allocated....: 10027715 bytes +~~ total memory freed........: 10027715 bytes +~~ total allocations/frees...: 159238/159238 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 11852 chars diff --git a/test/results/default/443-chrome.pcap.out b/test/results/default/443-chrome.pcap.out index 742b47917..b231d4f58 100644 --- a/test/results/default/443-chrome.pcap.out +++ b/test/results/default/443-chrome.pcap.out @@ -1,10 +1,10 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109434258190} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109434258190} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1581109434258190,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"} 01164{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1581109434258190} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1581109434258190} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646957 bytes -~~ total memory freed........: 8646957 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9411331 bytes +~~ total memory freed........: 9411331 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 592 chars ~~ json message max len.......: 2505 chars diff --git a/test/results/default/443-curl.pcap.out b/test/results/default/443-curl.pcap.out index ed3da7ec7..cb288f7df 100644 --- a/test/results/default/443-curl.pcap.out +++ b/test/results/default/443-curl.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581113120474299} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581113120474299} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120474299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113120474299,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120474299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581113120474299,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120512991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581113120512991,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="} @@ -11,7 +11,7 @@ 01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120564527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581113120564527,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} 02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121447770,"flow_dst_last_pkt_time":1581113121447985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":10128,"midstream":0,"thread_ts_usec":1581113121447985,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62811.5,"max":784064,"stddev":190271.5,"var":36203257856.0,"ent":2.2,"data": [38692,38799,9627,47643,2769,1124,2,41874,4,11797,50900,31,39132,3,742,11,18,78,76,38549,8926,46564,784064,784044,367,123,462,127,121,240,248]},"pktlen": {"min":52,"avg":397.2,"max":1492,"stddev":558.7,"var":312115.0,"ent":3.8,"data": [64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1],"entropies": [4.367087364,5.300120831,4.945419312,4.294172764,5.100070000,7.382002354,7.456428051,6.751153946,4.945419312,4.945419312,6.263377666,5.952023029,6.200525761,4.983880997,4.930902004,5.836982250,5.780514240,5.536261082,5.983234406,5.510023117,5.215455055,5.937692642,5.060803890,7.153983116,5.060803890,7.879748821,7.892062664,5.060803890,7.868061543,7.808748245,5.060803890,7.868031502]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01011{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":58,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121570392,"flow_dst_last_pkt_time":1581113121570364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":65886,"midstream":0,"thread_ts_usec":1581113121570392,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":109,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581113121570392} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":109,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581113121570392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 109/109 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668568 bytes -~~ total memory freed........: 8668568 bytes -~~ total allocations/frees...: 140653/140653 +~~ total memory allocated....: 9432975 bytes +~~ total memory freed........: 9432975 bytes +~~ total allocations/frees...: 154620/154620 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2170 chars diff --git a/test/results/default/443-firefox.pcap.out b/test/results/default/443-firefox.pcap.out index 78bffccc9..9c181ccfc 100644 --- a/test/results/default/443-firefox.pcap.out +++ b/test/results/default/443-firefox.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109488041083} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109488041083} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488041083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109488041083,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488041083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581109488041083,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488079587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581109488079587,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="} @@ -11,7 +11,7 @@ 01522{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488123785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109488123785,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3s":"3653a20186a5b490426131a611e01992","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109490061876,"flow_dst_last_pkt_time":1581109490062194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":13867,"midstream":0,"thread_ts_usec":1581109490062194,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":130384.0,"max":1655693,"stddev":403949.6,"var":163175268352.0,"ent":2.0,"data": [38504,38612,1822,40006,4099,93,2,42327,4,2052,40671,32,38677,3,193774,83,215,231092,9994,47033,1655690,50,1655693,186,15,177,176,149,321,109,243]},"pktlen": {"min":52,"avg":518.7,"max":1492,"stddev":610.4,"var":372566.0,"ent":4.0,"data": [64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016]},"bins": {"c_to_s": [11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.367087364,5.366787434,4.894361019,5.219459057,5.100070000,7.372200966,7.462010860,6.339152336,5.022342205,5.022342205,6.101534367,7.216136456,6.184206486,5.060803890,5.060803890,6.919060707,7.232208252,5.746105194,5.176993370,5.774940014,4.930902004,7.873261929,7.864090443,5.022342205,7.874901772,7.771182060,4.983880520,7.883468628,7.853567600,4.945418835,7.868775368,7.782253265]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01018{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":316,"flow_dst_packets_processed":351,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109496480905,"flow_dst_last_pkt_time":1581109496480819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7675,"flow_dst_tot_l4_payload_len":406398,"midstream":0,"thread_ts_usec":1581109496480905,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":667,"packets-processed":667,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581109496480905} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":667,"packets-processed":667,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581109496480905} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 667/667 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8708916 bytes -~~ total memory freed........: 8708916 bytes -~~ total allocations/frees...: 141215/141215 +~~ total memory allocated....: 9473323 bytes +~~ total memory freed........: 9473323 bytes +~~ total allocations/frees...: 155182/155182 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2185 chars diff --git a/test/results/default/443-git.pcap.out b/test/results/default/443-git.pcap.out index d707fa5a7..4c41635c1 100644 --- a/test/results/default/443-git.pcap.out +++ b/test/results/default/443-git.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581113657633853} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581113657633853} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657633853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113657633853,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657633853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581113657633853,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657744320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581113657744320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="} @@ -11,7 +11,7 @@ 01564{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657863749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3550,"midstream":0,"thread_ts_usec":1581113657863749,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","domainame":"github.com","tls": {"version":"TLSv1.2","server_names":"github.com,www.github.com","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h1_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84","blocks":0}}} 02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113658139408,"flow_dst_last_pkt_time":1581113658139371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":850,"flow_dst_tot_l4_payload_len":8277,"midstream":0,"thread_ts_usec":1581113658139408,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":32615.3,"max":143502,"stddev":53225.8,"var":2832981760.0,"ent":3.2,"data": [110467,110568,6595,119379,41,9,112809,2,11075,123994,112907,571,143502,5,142911,2,6496,2,14,6523,7,6,115,82,1242,13,1267,3,237,2,227]},"pktlen": {"min":52,"avg":337.8,"max":1476,"stddev":464.4,"var":215710.4,"ent":4.0,"data": [64,60,52,569,1476,1476,754,52,52,178,103,52,259,423,126,52,52,86,344,85,52,52,52,150,52,1451,608,52,52,1451,472,52]},"bins": {"c_to_s": [14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0],"entropies": [4.341937065,5.174957275,4.831954479,4.223120689,6.954095364,7.397567272,7.645401001,5.014835358,4.976373672,6.355282307,5.929066658,4.937911987,6.952417850,7.419026852,6.223026752,4.937911987,4.976373672,5.637029648,7.370140076,5.726850986,4.937911987,4.937911987,4.899450302,6.443542957,4.976373672,7.866954327,7.624365330,5.014835358,5.014835358,7.857865334,7.532955170,5.014835358]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":35,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113658456571,"flow_dst_last_pkt_time":1581113658456501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":881,"flow_dst_tot_l4_payload_len":31704,"midstream":0,"thread_ts_usec":1581113658456571,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581113658456571} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581113658456571} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8666387 bytes -~~ total memory freed........: 8666387 bytes -~~ total allocations/frees...: 140615/140615 +~~ total memory allocated....: 9430794 bytes +~~ total memory freed........: 9430794 bytes +~~ total allocations/frees...: 154582/154582 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2459 chars diff --git a/test/results/default/443-opvn.pcap.out b/test/results/default/443-opvn.pcap.out index 66dc8607e..61704e8b6 100644 --- a/test/results/default/443-opvn.pcap.out +++ b/test/results/default/443-opvn.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581153175528454} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581153175528454} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175528454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581153175528454,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175528454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581153175528454,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175550065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581153175550065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="} @@ -9,7 +9,7 @@ 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153176603974,"flow_dst_last_pkt_time":1581153176626109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1581153176626109,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153177970762,"flow_dst_last_pkt_time":1581153177992252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3449,"flow_dst_tot_l4_payload_len":3196,"midstream":0,"thread_ts_usec":1581153177992252,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":158261.5,"max":1160659,"stddev":364282.7,"var":132701855744.0,"ent":2.7,"data": [21611,21701,1053819,1075076,968,22235,339,57386,57093,21241,11768,32975,174,239,20560,20491,9065,4,19997,11251,22162,19953,19952,207,21422,21230,137,58577,1160659,1122501,1313]},"pktlen": {"min":52,"avg":260.3,"max":1492,"stddev":407.4,"var":166005.6,"ent":3.8,"data": [64,60,52,96,52,108,52,104,52,373,52,1222,52,1492,104,55,104,1492,849,52,104,52,159,52,605,368,52,104,52,138,52,104]},"bins": {"c_to_s": [7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1],"entropies": [4.398337364,5.141623974,4.810735226,5.491009712,5.116507530,5.561252594,4.971283913,5.772772789,5.078045845,6.141608238,5.116507530,6.862905025,4.887658596,7.272125721,5.704599857,5.040360451,5.785276413,6.812845707,7.438625336,5.154969215,5.830996513,4.908878326,6.252464294,5.009745598,7.575043678,7.235865593,4.971283913,5.734311104,5.063528538,6.235281944,5.217375278,5.826463223]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":21,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153184491293,"flow_dst_last_pkt_time":1581153184491180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3974,"flow_dst_tot_l4_payload_len":4543,"midstream":0,"thread_ts_usec":1581153184491293,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":46,"packets-processed":46,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1581153184491293} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":46,"packets-processed":46,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1581153184491293} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 46/46 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648220 bytes -~~ total memory freed........: 8648220 bytes -~~ total allocations/frees...: 140580/140580 +~~ total memory allocated....: 9412594 bytes +~~ total memory freed........: 9412594 bytes +~~ total allocations/frees...: 154546/154546 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2200 chars diff --git a/test/results/default/443-safari.pcap.out b/test/results/default/443-safari.pcap.out index 1810e0a11..b422dc62d 100644 --- a/test/results/default/443-safari.pcap.out +++ b/test/results/default/443-safari.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109359601646} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109359601646} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359601646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109359601646,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359601646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581109359601646,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359639845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581109359639845,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="} @@ -11,7 +11,7 @@ 01500{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359683783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109359683783,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3s":"f9fcb52580329fb6a9b61d7542087b90","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360694080,"flow_dst_last_pkt_time":1581109360694172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":9828,"midstream":0,"thread_ts_usec":1581109360694172,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":70482.6,"max":695650,"stddev":174729.3,"var":30530334720.0,"ent":2.6,"data": [38199,38303,1123,39767,4074,97,2,42774,4,225660,264285,31,38670,4,1586,32,19,43,88,40010,28,9938,48247,695603,124,695650,120,128,123,103,125]},"pktlen": {"min":52,"avg":384.7,"max":1492,"stddev":559.6,"var":313139.8,"ent":3.8,"data": [64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492]},"bins": {"c_to_s": [11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [4.335837364,5.333454132,4.945418835,5.728343010,5.176993370,7.389316082,7.427206516,6.413387775,4.945418835,4.906957150,6.036595821,5.811348915,6.124800682,4.945419312,4.983880520,5.883585453,5.842953205,5.796744347,7.425425053,5.590555668,5.047091484,5.085553169,5.773722649,4.983880520,7.878831863,7.880546093,4.945418835,7.877892971,4.808815002,7.814340115,4.945418835,7.877443314]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360696066,"flow_dst_last_pkt_time":1581109360695416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":16406,"midstream":0,"thread_ts_usec":1581109360696066,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581109360696066} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581109360696066} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8665877 bytes -~~ total memory freed........: 8665877 bytes -~~ total allocations/frees...: 140585/140585 +~~ total memory allocated....: 9430284 bytes +~~ total memory freed........: 9430284 bytes +~~ total allocations/frees...: 154552/154552 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2167 chars diff --git a/test/results/default/4in4tunnel.pcap.out b/test/results/default/4in4tunnel.pcap.out index 65e52b7bb..e5f42f5bf 100644 --- a/test/results/default/4in4tunnel.pcap.out +++ b/test/results/default/4in4tunnel.pcap.out @@ -1,20 +1,20 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1537044271794779} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1537044271794779} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537044271794779,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537044271794779} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1537058551803081} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1537058551803081} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537058551803081,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537058551803081} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1537082929816392} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1537082929816392} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537082929816392,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537082929816392} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1537138237839574} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1537138237839574} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537138237839574,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537138237839574} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1537165843864842} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1537165843864842} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537165843864842,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537165843864842} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1537165843864842} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1537165843864842} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/0 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 303 chars ~~ json message max len.......: 816 chars diff --git a/test/results/default/4in6tunnel.pcap.out b/test/results/default/4in6tunnel.pcap.out index c7d36e3b1..a5586f828 100644 --- a/test/results/default/4in6tunnel.pcap.out +++ b/test/results/default/4in6tunnel.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1543235434019243} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1543235434019243} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1543235434019243,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":5} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_usec":1543235434019243,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1543235434019243,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","proto_id":"86","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -7,7 +7,7 @@ 00950{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019246,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"thread_ts_usec":1543235434019247,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019248,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1412,"thread_ts_usec":1543235434019248,"pkt":"AAECunaOAAAASfSHht1gAAAABYQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAFhEuhQABhBvQeCgoKAcCoAAEBu\/vHAwzKj9\/hP2NQEAQEHmIAABYDAxNZAgAAWgMDW5uXESPnDY6GVdXogmmrS1WdR7CnjiCJLtiMMET4LR0g70cAAGowHs5bbipHOvpkse5qjMhnnSOXdm6lLVoWT1DALwAAEgAQAAUAAwJoMgAXAAD\/AQABAAsAEccAEcQADAYwggwCMIIJ6qADAgECAhMtAAAymdcHHbfRcIpCAAAAADKZMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xNzA3MjAxNzQ3MDhaFw0xOTA3MTAxNzQ3MDhaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqOyD7\/sOUit2AU5xoOUrdFD2wiCQmyCmP5nEBsh7fOLKKYjGNWUdfzumqBdw2Fpg1sIUPSI+b5pR9u\/gYNMtH4Aivx5J6CrFn4IFOhgzrs2GlVitrUoC9jheCrGis7gUH0hZglGqEjdJl5neUsrm31e5QyJwbyXnacl+k91de8FxrbBQKrwUcQ5sbzW8nMRIDSG0ss9ON1RYFCdc+JblurOUYfPO\/whJXqO0Ms01rklGWFKVeGj7qkJ52E0Xsw\/jJNpqe0+8AQstFZfXdWGOCgJxEIK7SzyvFbkO5VaXY9vaLDfkwWc1aVyhXCrQCMB8YD7ERtr9YuJ3qp+RBy1iMCAwEAAaOCB9AwggfMMB0GA1UdDgQWBBQJh+WFKXgwICWz3X7cbO2lKagDcDALBgNVHQ8EBAMCBLAwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCARAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGljdC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYIIYmluZy5jb22CFmllb25saW5lLm1pY3Jvc28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019248,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":264,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":1464,"midstream":0,"thread_ts_usec":1543235434019248,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","proto_id":"86","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1543235434019248} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1543235434019248} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644958 bytes -~~ total memory freed........: 8644958 bytes -~~ total allocations/frees...: 140537/140537 +~~ total memory allocated....: 9409332 bytes +~~ total memory freed........: 9409332 bytes +~~ total allocations/frees...: 154503/154503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 592 chars ~~ json message max len.......: 2494 chars diff --git a/test/results/default/6in4tunnel.pcap.out b/test/results/default/6in4tunnel.pcap.out index 57a6eab21..dbaabaa18 100644 --- a/test/results/default/6in4tunnel.pcap.out +++ b/test/results/default/6in4tunnel.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444236893450580} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444236893450580} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893450580,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444236893450580,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893450580,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1444236893450580,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893555356,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1444236893555356,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} @@ -9,7 +9,7 @@ 02015{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236901127917,"flow_dst_last_pkt_time":1444236901118187,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":4797,"midstream":0,"thread_ts_usec":1444236901127917,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":494998.2,"max":1005120,"stddev":454962.0,"var":206990442496.0,"ent":4.2,"data": [104776,780142,221063,1000457,1001744,1001146,1001712,1005120,1001052,1000771,1001064,1001072,1001370,999940,1001888,1003131,365420,1118,348987,4072,96728,99146,95730,758,97863,1021,105,98080,140,8789,539]},"pktlen": {"min":92,"avg":236.4,"max":1897,"stddev":383.0,"var":146712.7,"ent":4.1,"data": [124,124,186,124,124,124,124,124,124,124,124,124,124,124,124,124,124,119,119,259,247,100,100,92,296,92,1490,1897,92,92,254,145]},"bins": {"c_to_s": [0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0],"entropies": [5.680680275,5.741242886,5.591180325,5.686768055,5.741242886,5.686768055,5.741242886,5.664551258,5.741242886,5.729067326,5.773500919,5.648445129,5.741242886,5.664551258,5.725113869,5.680680275,5.735155106,4.719979763,4.710355759,4.773607731,4.870984077,5.180728912,5.772128105,5.515571117,5.818006039,5.609004974,6.932967663,6.965810776,5.515571117,5.514929771,6.708754063,6.001224995]}} 00999{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236901127917,"flow_dst_last_pkt_time":1444236901118187,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":4797,"midstream":0,"thread_ts_usec":1444236901127917,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":61,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236915478638,"flow_dst_last_pkt_time":1444236915586195,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1470,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":11600,"flow_dst_tot_l4_payload_len":24375,"midstream":0,"thread_ts_usec":1444236915586195,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1444236915586195} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1444236915586195} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648526 bytes -~~ total memory freed........: 8648526 bytes -~~ total allocations/frees...: 140660/140660 +~~ total memory allocated....: 9412900 bytes +~~ total memory freed........: 9412900 bytes +~~ total allocations/frees...: 154626/154626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 592 chars ~~ json message max len.......: 2020 chars diff --git a/test/results/default/6in6tunnel.pcap.out b/test/results/default/6in6tunnel.pcap.out index c4d948520..6072bafd3 100644 --- a/test/results/default/6in6tunnel.pcap.out +++ b/test/results/default/6in6tunnel.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1335197872162188} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1335197872162188} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162188,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872162188,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1335197872162188,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="} 00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} @@ -8,7 +8,7 @@ 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162188,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00992{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1335197872164220} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1335197872164220} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647336 bytes -~~ total memory freed........: 8647336 bytes -~~ total allocations/frees...: 140546/140546 +~~ total memory allocated....: 9411742 bytes +~~ total memory freed........: 9411742 bytes +~~ total allocations/frees...: 154512/154512 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 592 chars ~~ json message max len.......: 1039 chars diff --git a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out index 6b5ddcd0c..371cce04d 100644 --- a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1445156939131847} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1445156939131847} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939131847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1445156939131847,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939131847,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_usec":1445156939131847,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939145123,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_usec":1445156939145123,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"} @@ -8,7 +8,7 @@ 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156939152099,"flow_dst_last_pkt_time":1445156939145123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1445156939152099,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1445156939152099,"flow_dst_last_pkt_time":1445156939165354,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_usec":1445156939165354,"pkt":"DwAIAEXAACivgAAAAQY\/bWQQAQFkEAECALNHlBlZ04C86nYLUBA\/xz3TAAA="} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156989230918,"flow_dst_last_pkt_time":1445156988877283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":269,"midstream":0,"thread_ts_usec":1445156989230918,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":5,"ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1445156989230918} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1445156989230918} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645288 bytes -~~ total memory freed........: 8645288 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9409662 bytes +~~ total memory freed........: 9409662 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 1106 chars diff --git a/test/results/default/BGP_redist.pcap.out b/test/results/default/BGP_redist.pcap.out index 723f48007..71144fdbb 100644 --- a/test/results/default/BGP_redist.pcap.out +++ b/test/results/default/BGP_redist.pcap.out @@ -1,12 +1,12 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1256636836167156} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1256636836167156} 00296{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1256636836167156,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_usec":1256636836167156} 00537{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","pkt_datalink":104,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_usec":1256636836167156,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":5} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"pkt_datalink":104,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_usec":1256636836167195,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1256636836167195} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1256636836167195} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/1 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644871 bytes -~~ total memory freed........: 8644871 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409245 bytes +~~ total memory freed........: 9409245 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 301 chars ~~ json message max len.......: 965 chars diff --git a/test/results/default/EAQ.pcap.out b/test/results/default/EAQ.pcap.out index 6a0ab3178..d35c19445 100644 --- a/test/results/default/EAQ.pcap.out +++ b/test/results/default/EAQ.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820948562939} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820948562939} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820948562939,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948562939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820948562939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948562939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820948562939,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948566510,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820948566510,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"} @@ -266,7 +266,7 @@ 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820958981671,"flow_src_last_pkt_time":1432821045551404,"flow_dst_last_pkt_time":1432821045604962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820951932141,"flow_src_last_pkt_time":1432821038152539,"flow_dst_last_pkt_time":1432820951932141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820970111371,"flow_src_last_pkt_time":1432821034791791,"flow_dst_last_pkt_time":1432820970111371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":197,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":29,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1432821045664868} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":197,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":29,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1432821045664868} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 197/197 ~~ skipped flows.............: 0 @@ -275,9 +275,9 @@ ~~ total active/idle flows...: 31/31 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8723645 bytes -~~ total memory freed........: 8723645 bytes -~~ total allocations/frees...: 141067/141067 +~~ total memory allocated....: 9488979 bytes +~~ total memory freed........: 9488979 bytes +~~ total allocations/frees...: 155033/155033 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 525 chars ~~ json message max len.......: 1238 chars diff --git a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 3c2d93afd..2caae058c 100644 --- a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -1,5 +1,5 @@ -00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1228468937630923} +00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1228468937630923} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468937630923,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1228468937630923,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQq5AAEARunwKIygWChcBKguAC4AANST+IS8xIDxpTVNTPgpUPTU1NTI4MjcxM3tDPS17QVY9RFMvMS81e0FUe019fX19"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468937630923,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","proto_id":"181","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -49,7 +49,7 @@ 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958657176,"flow_src_last_pkt_time":1228469042380433,"flow_dst_last_pkt_time":1228469042442455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":833,"flow_src_tot_l4_payload_len":6036,"flow_dst_tot_l4_payload_len":6141,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":24,"flow_first_seen":1228468958651923,"flow_src_last_pkt_time":1228469042381601,"flow_dst_last_pkt_time":1228469042445270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":881,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":12330,"flow_dst_tot_l4_payload_len":12210,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958651179,"flow_src_last_pkt_time":1228469042379188,"flow_dst_last_pkt_time":1228469042444514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":881,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":6165,"flow_dst_tot_l4_payload_len":6105,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1552,"packets-processed":1552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":193116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1228469046884194} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1552,"packets-processed":1552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":193116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1228469046884194} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1552/1552 ~~ skipped flows.............: 0 @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8699819 bytes -~~ total memory freed........: 8699819 bytes -~~ total allocations/frees...: 142134/142134 +~~ total memory allocated....: 9464321 bytes +~~ total memory freed........: 9464321 bytes +~~ total allocations/frees...: 156100/156100 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 2232 chars diff --git a/test/results/default/IEC104.pcap.out b/test/results/default/IEC104.pcap.out index 879a99566..f53ceba3c 100644 --- a/test/results/default/IEC104.pcap.out +++ b/test/results/default/IEC104.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1317629088495135} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1317629088495135} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088495135,"flow_src_last_pkt_time":1317629088495135,"flow_dst_last_pkt_time":1317629088495135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629088495135,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1317629088495135,"flow_dst_last_pkt_time":1317629088495135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1317629088495135,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088520615,"flow_src_last_pkt_time":1317629088520615,"flow_dst_last_pkt_time":1317629088520615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629088520615,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -14,7 +14,7 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1317629089467434,"flow_dst_last_pkt_time":1317629089666296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1317629089666296,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoK+dAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7mFAQAP5RXAAA"} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1317629088495135,"flow_src_last_pkt_time":1317629090498077,"flow_dst_last_pkt_time":1317629090496349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629090498077,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1317629088520615,"flow_src_last_pkt_time":1317629088536185,"flow_dst_last_pkt_time":1317629088739193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629090498077,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1317629090498077} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1317629090498077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647713 bytes -~~ total memory freed........: 8647713 bytes -~~ total allocations/frees...: 140559/140559 +~~ total memory allocated....: 9412119 bytes +~~ total memory freed........: 9412119 bytes +~~ total allocations/frees...: 154525/154525 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 1103 chars diff --git a/test/results/default/KakaoTalk_chat.pcap.out b/test/results/default/KakaoTalk_chat.pcap.out index 213ffcf84..21c686dbe 100644 --- a/test/results/default/KakaoTalk_chat.pcap.out +++ b/test/results/default/KakaoTalk_chat.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430069021959113} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430069021959113} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959113,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069021959113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069021959113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="} 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959113,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069021959113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"auth.kakao.com","domainame":"auth.kakao.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -167,7 +167,7 @@ 02157{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1430069031236945,"flow_src_last_pkt_time":1430069031393286,"flow_dst_last_pkt_time":1430069031408850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":570,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":570,"flow_dst_tot_l4_payload_len":3571,"midstream":0,"thread_ts_usec":1430069031408850,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"developers.facebook.com","domainame":"developers.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611243,"flow_src_last_pkt_time":1430069031611243,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069031611243,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1430069031611243,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"thread_ts_usec":1430069031611243,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="} -01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611243,"flow_src_last_pkt_time":1430069031611243,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069031611243,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611243,"flow_src_last_pkt_time":1430069031611243,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069031611243,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 02330{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1430069031042945,"flow_src_last_pkt_time":1430069031534339,"flow_dst_last_pkt_time":1430069031721991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":997,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":2489,"flow_dst_tot_l4_payload_len":4397,"midstream":0,"thread_ts_usec":1430069031721991,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":92,"avg":37756.1,"max":174316,"stddev":43491.6,"var":1891518208.0,"ent":4.0,"data": [36956,40344,305,47699,3998,72083,702,123993,153,15869,671,16632,152,12207,67230,35950,15778,732,105866,38147,60424,4517,92,3936,174316,67658,16785,16968,108490,672,81115]},"pktlen": {"min":40,"avg":256.1,"max":1320,"stddev":386.9,"var":149674.2,"ent":3.8,"data": [60,44,40,605,44,40,1320,158,40,40,1320,933,40,40,1037,40,298,97,85,40,40,93,830,87,77,85,40,461,40,40,40,40]},"bins": {"c_to_s": [10,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,3,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1],"entropies": [4.650922298,5.150120735,4.884183884,6.666303635,4.612587929,4.981687069,6.409718037,5.859195709,4.780641556,4.730641365,7.017275810,6.970731735,4.680641651,4.730641365,7.788617134,4.881686687,7.033622742,6.130742073,5.968101501,4.830641270,4.830641270,5.971898556,7.719824314,5.908120155,5.773283005,5.968101501,4.780641556,7.527770996,4.830641270,5.031687260,4.931687355,5.031687260]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069035398200,"flow_src_last_pkt_time":1430069035398200,"flow_dst_last_pkt_time":1430069035398200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069035398200,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1430069035398200,"flow_dst_last_pkt_time":1430069035398200,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069035398200,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="} @@ -221,12 +221,12 @@ 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1430069072986762,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069073186194,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1430069073186682,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069073186682,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":146,"pkt_l4_len":110,"thread_ts_usec":1430069073201697,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAIIsMkAAQAZ8qQoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBgBtpi\/AAABAQgKAAKjZzTom84WAwEASQEAAEUDAVFRUVESVPKV5Ej6iE0e+b\/OK2fBD2XxGFd+RBJAtWh8AAAeAAQABQAvADMAMgAKABYAEwAJABUAEgADAAgAFAARAQA="} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069072986762,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":78,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069073201697,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i150000_e2ff6cb279ee_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069072986762,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":78,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069073201697,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i150000_e2ff6cb279ee_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073294684,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069073294684,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADQUukAALgambzb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqynAAABAQgKNOib\/AACo2c="} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022059149,"flow_src_last_pkt_time":1430069022059149,"flow_dst_last_pkt_time":1430069022094092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"up-m.talk.kakao.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069031230994,"flow_src_last_pkt_time":1430069031230994,"flow_dst_last_pkt_time":1430069031281714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"2.97.252.173.in-addr.arpa"}} -01096{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611243,"flow_src_last_pkt_time":1430069072945990,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069072986762,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073299933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":78,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611243,"flow_src_last_pkt_time":1430069072945990,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069072986762,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073299933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":78,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069060011328,"flow_src_last_pkt_time":1430069060011328,"flow_dst_last_pkt_time":1430069060011328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1430069030121588,"flow_src_last_pkt_time":1430069041457495,"flow_dst_last_pkt_time":1430069041381385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":373,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":1288,"flow_dst_tot_l4_payload_len":4298,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030978614,"flow_src_last_pkt_time":1430069030978614,"flow_dst_last_pkt_time":1430069031017096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"graph.facebook.com"}} @@ -266,7 +266,7 @@ 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022104834,"flow_src_last_pkt_time":1430069022104834,"flow_dst_last_pkt_time":1430069022234626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"up-v.talk.kakao.com"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022058570,"flow_src_last_pkt_time":1430069022058570,"flow_dst_last_pkt_time":1430069022094214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"booking.loco.kakao.com"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022252722,"flow_src_last_pkt_time":1430069022252722,"flow_dst_last_pkt_time":1430069022295691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dn-l.talk.kakao.com"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":347,"packets-processed":347,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":32,"total-updates":1,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1430069073299933} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":347,"packets-processed":347,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":32,"total-updates":1,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1430069073299933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 347/347 ~~ skipped flows.............: 0 @@ -275,9 +275,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8872961 bytes -~~ total memory freed........: 8872961 bytes -~~ total allocations/frees...: 141505/141505 +~~ total memory allocated....: 9638552 bytes +~~ total memory freed........: 9638552 bytes +~~ total allocations/frees...: 155472/155472 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2375 chars diff --git a/test/results/default/KakaoTalk_talk.pcap.out b/test/results/default/KakaoTalk_talk.pcap.out index 05e63b741..a7eaee279 100644 --- a/test/results/default/KakaoTalk_talk.pcap.out +++ b/test/results/default/KakaoTalk_talk.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430069140120551} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430069140120551} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069140120551,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140120551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069140120551,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140120551,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_usec":1430069140120551,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140453803,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069140453803,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="} @@ -117,7 +117,7 @@ 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430069211505377,"flow_src_last_pkt_time":1430069211505591,"flow_dst_last_pkt_time":1430069211505377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1430069211639075,"flow_src_last_pkt_time":1430069213599250,"flow_dst_last_pkt_time":1430069213599127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":2072,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":22,"flow_first_seen":1430069163715308,"flow_src_last_pkt_time":1430069205286811,"flow_dst_last_pkt_time":1430069216555213,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":746,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":2808,"flow_dst_tot_l4_payload_len":4200,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1430069141923255,"flow_src_last_pkt_time":1430069142383734,"flow_dst_last_pkt_time":1430069142373877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":35,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00949{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1430069141923255,"flow_src_last_pkt_time":1430069142383734,"flow_dst_last_pkt_time":1430069142373877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":35,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1430069141923255,"flow_src_last_pkt_time":1430069142383734,"flow_dst_last_pkt_time":1430069142373877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":35,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069180329901,"flow_src_last_pkt_time":1430069180329901,"flow_dst_last_pkt_time":1430069180329901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01289{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1430069159456549,"flow_src_last_pkt_time":1430069163207434,"flow_dst_last_pkt_time":1430069163250861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":609,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkminorshort.weixin.qq.com"}} @@ -142,7 +142,7 @@ 00992{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069140120551,"flow_src_last_pkt_time":1430069164724066,"flow_dst_last_pkt_time":1430069164894873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":436,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":605,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069140120551,"flow_src_last_pkt_time":1430069164724066,"flow_dst_last_pkt_time":1430069164894873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":436,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":605,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170090460,"flow_src_last_pkt_time":1430069170090460,"flow_dst_last_pkt_time":1430069170090460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3203,"packets-processed":3203,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1430069216559027} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3203,"packets-processed":3203,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1430069216559027} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3203/3203 ~~ skipped flows.............: 0 @@ -151,9 +151,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8816030 bytes -~~ total memory freed........: 8816030 bytes -~~ total allocations/frees...: 143989/143989 +~~ total memory allocated....: 9581045 bytes +~~ total memory freed........: 9581045 bytes +~~ total allocations/frees...: 157956/157956 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2709 chars diff --git a/test/results/default/NTPv2.pcap.out b/test/results/default/NTPv2.pcap.out index 9d0df1a9c..a952c5fe5 100644 --- a/test/results/default/NTPv2.pcap.out +++ b/test/results/default/NTPv2.pcap.out @@ -1,10 +1,10 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865383632810} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865383632810} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_usec":1436865383632810,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":2,"mode":7}}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865383632810} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865383632810} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644871 bytes -~~ total memory freed........: 8644871 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409245 bytes +~~ total memory freed........: 9409245 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1005 chars diff --git a/test/results/default/NTPv3.pcap.out b/test/results/default/NTPv3.pcap.out index bb8f8625f..e01ccbac6 100644 --- a/test/results/default/NTPv3.pcap.out +++ b/test/results/default/NTPv3.pcap.out @@ -1,10 +1,10 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865405371462} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865405371462} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1436865405371462,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":3,"mode":4}}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865405371462} +00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865405371462} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644871 bytes -~~ total memory freed........: 8644871 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409245 bytes +~~ total memory freed........: 9409245 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 959 chars diff --git a/test/results/default/NTPv4.pcap.out b/test/results/default/NTPv4.pcap.out index 8e76f4840..5057e0ae3 100644 --- a/test/results/default/NTPv4.pcap.out +++ b/test/results/default/NTPv4.pcap.out @@ -1,10 +1,10 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865396190857} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865396190857} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1436865396190857,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865396190857} +00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865396190857} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644871 bytes -~~ total memory freed........: 8644871 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409245 bytes +~~ total memory freed........: 9409245 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 959 chars diff --git a/test/results/default/Oscar.pcap.out b/test/results/default/Oscar.pcap.out index 4520dcfc6..9d3a262ea 100644 --- a/test/results/default/Oscar.pcap.out +++ b/test/results/default/Oscar.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434606464176482} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434606464176482} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464176482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434606464176482,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464176482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1434606464176482,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464205135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1434606464205135,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"} @@ -9,7 +9,7 @@ 01999{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606524600171,"flow_dst_last_pkt_time":1434606524130160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1138,"flow_dst_tot_l4_payload_len":3047,"midstream":0,"thread_ts_usec":1434606524600171,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":3883141.0,"max":58215154,"stddev":14267685.0,"var":203566836875264.0,"ent":1.3,"data": [28653,28776,8916,42424,33521,518,478,147,33511,33418,288,33636,843,34123,226,44565,44326,32783,32790,157,115,322,31348,31096,58175544,58215154,3,39626,1457397,1490083,502580]},"pktlen": {"min":40,"avg":172.5,"max":1400,"stddev":263.3,"var":69345.6,"ent":4.0,"data": [64,46,40,355,50,40,605,40,92,130,40,56,1400,337,40,66,46,152,497,40,270,40,252,46,335,76,46,78,40,78,46,76]},"bins": {"c_to_s": [11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0],"entropies": [4.441382408,4.871388912,4.661769390,7.090702057,4.724371910,4.661769390,5.245636463,4.661769390,4.009517670,4.346171379,4.611769676,4.280395031,3.817430019,3.863874197,4.611769676,4.309496880,4.501398563,3.542632341,4.154665947,4.611769676,3.726292849,4.611769199,5.504406452,4.457919598,3.418277502,4.801239491,4.544876099,5.035846710,4.611769676,4.478143215,4.501398087,4.761171341]}} 00926{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606524600171,"flow_dst_last_pkt_time":1434606524130160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1138,"flow_dst_tot_l4_payload_len":3047,"midstream":0,"thread_ts_usec":1434606524600171,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":33,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606536630487,"flow_dst_last_pkt_time":1434606536630387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":3946,"midstream":0,"thread_ts_usec":1434606536630487,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1434606536630487} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1434606536630487} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 71/71 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649014 bytes -~~ total memory freed........: 8649014 bytes -~~ total allocations/frees...: 140607/140607 +~~ total memory allocated....: 9413388 bytes +~~ total memory freed........: 9413388 bytes +~~ total allocations/frees...: 154573/154573 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2004 chars diff --git a/test/results/default/TivoDVR.pcap.out b/test/results/default/TivoDVR.pcap.out index 5e467b627..4d35cf0c7 100644 --- a/test/results/default/TivoDVR.pcap.out +++ b/test/results/default/TivoDVR.pcap.out @@ -1,11 +1,11 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1659655707553802} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1659655707553802} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707553802,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":175,"thread_ts_usec":1659655707553802,"pkt":"\/\/\/\/\/\/\/\/AszAqMnfCABFIADDAABAAEAR5M9i9fJF\/\/\/\/\/wiOCI4Ar6TAVGlWb0Nvbm5lY3Q9MQpzd3ZlcnNpb249MS4wCm1ldGhvZD1icm9hZGNhc3QKaWRlbnRpdHk9dXVpZDo0ZDY5NmU2OS00NDRjLTE2NGUtOWQ0MS0xNDU5YzA5OWMwNDMKbWFjaGluZT1SNzAwMFAKcGxhdGZvcm09cGMvbWluaWRsbmEKc2VydmljZXM9VGlWb01lZGlhU2VydmVyOjgyMDAvaHR0cArT0Q=="} 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707553802,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TiVoConnect","proto_id":"308","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","tivoconnect": {"identity_uuid":"4d696e69-444c-164e-9d41-1459c099c043","machine":"R7000P","platform":"pc\/minidlna","services":"TiVoMediaServer:8200\/http"}}} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1659655707554438,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":175,"thread_ts_usec":1659655707554438,"pkt":"\/\/\/\/\/\/\/\/AszAqMnfCABFIADDAABAAEAR5M9i9fJF\/\/\/\/\/wiOCI4Ar6TAVGlWb0Nvbm5lY3Q9MQpzd3ZlcnNpb249MS4wCm1ldGhvZD1icm9hZGNhc3QKaWRlbnRpdHk9dXVpZDo0ZDY5NmU2OS00NDRjLTE2NGUtOWQ0MS0xNDU5YzA5OWMwNDMKbWFjaGluZT1SNzAwMFAKcGxhdGZvcm09cGMvbWluaWRsbmEKc2VydmljZXM9VGlWb01lZGlhU2VydmVyOjgyMDAvaHR0cArT0Q=="} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707554438,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707554438,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TiVoConnect","proto_id":"308","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1659655707554438} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1659655707554438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644872 bytes -~~ total memory freed........: 8644872 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409246 bytes +~~ total memory freed........: 9409246 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 1093 chars diff --git a/test/results/default/WebattackRCE.pcap.out b/test/results/default/WebattackRCE.pcap.out index f26cce0ed..c99bf2d67 100644 --- a/test/results/default/WebattackRCE.pcap.out +++ b/test/results/default/WebattackRCE.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1576420276577658} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1576420276577658} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577658,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276577658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276577658,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} 01389{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577658,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276577658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","domainame":"127.0.0.1","http": {"url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)","detected_os":"Nikto\/2.1.6"}}} @@ -3188,7 +3188,7 @@ 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278010669,"flow_src_last_pkt_time":1576420278010669,"flow_dst_last_pkt_time":1576420278010669,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":267,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":267,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":267,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278012576,"flow_src_last_pkt_time":1576420278012576,"flow_dst_last_pkt_time":1576420278012576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":277,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":277,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01320{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278014387,"flow_src_last_pkt_time":1576420278014387,"flow_dst_last_pkt_time":1576420278014387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"3": {"risk":"RCE Injection","severity":"Severe","risk_score": {"total":160,"client":140,"server":20}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":797,"packets-processed":797,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":3191,"global_ts_usec":1576420278014387} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":797,"packets-processed":797,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":3191,"global_ts_usec":1576420278014387} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 797/797 ~~ skipped flows.............: 0 @@ -3197,9 +3197,9 @@ ~~ total active/idle flows...: 797/797 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10747955 bytes -~~ total memory freed........: 10747955 bytes -~~ total allocations/frees...: 154697/154697 +~~ total memory allocated....: 11537801 bytes +~~ total memory freed........: 11537801 bytes +~~ total allocations/frees...: 168663/168663 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 1806 chars diff --git a/test/results/default/WebattackSQLinj.pcap.out b/test/results/default/WebattackSQLinj.pcap.out index ad7f83c74..ba5584842 100644 --- a/test/results/default/WebattackSQLinj.pcap.out +++ b/test/results/default/WebattackSQLinj.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499348407419016} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499348407419016} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348407419016,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348407419016,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348407419016,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348407419147,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="} @@ -72,7 +72,7 @@ 01346{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348494345596,"flow_src_last_pkt_time":1499348499355896,"flow_dst_last_pkt_time":1499348499355969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1840,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":1840,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}} 01346{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1499348506489087,"flow_src_last_pkt_time":1499348511497289,"flow_dst_last_pkt_time":1499348511496699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":537,"flow_dst_max_l4_payload_len":1881,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":1881,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}} 01346{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1499348514064531,"flow_src_last_pkt_time":1499348519077716,"flow_dst_last_pkt_time":1499348519077129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":2701,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":4149,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":94,"packets-processed":94,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1499348519077716} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":94,"packets-processed":94,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1499348519077716} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/94 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8672338 bytes -~~ total memory freed........: 8672338 bytes -~~ total allocations/frees...: 140823/140823 +~~ total memory allocated....: 9436968 bytes +~~ total memory freed........: 9436968 bytes +~~ total allocations/frees...: 154789/154789 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 553 chars ~~ json message max len.......: 1639 chars diff --git a/test/results/default/WebattackXSS.pcap.out b/test/results/default/WebattackXSS.pcap.out index c8b7ac4f4..6c9c4439f 100644 --- a/test/results/default/WebattackXSS.pcap.out +++ b/test/results/default/WebattackXSS.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499346935283859} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499346935283859} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346935283859,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283859,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283960,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="} @@ -2515,7 +2515,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_src_last_pkt_time":1499347535081002,"flow_dst_last_pkt_time":1499347535081002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347535081002,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_src_last_pkt_time":1499347535081002,"flow_dst_last_pkt_time":1499347535081123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347535081123,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_src_last_pkt_time":1499347535081893,"flow_dst_last_pkt_time":1499347535081123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347535081893,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4740,"packets-processed":4739,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2518,"global_ts_usec":1499347536104726} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4740,"packets-processed":4739,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2518,"global_ts_usec":1499347536104726} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347536332683,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536332683,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332683,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332809,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="} @@ -5302,7 +5302,7 @@ 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348096595051,"flow_src_last_pkt_time":1499348096595952,"flow_dst_last_pkt_time":1499348096595195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9374,"packets-processed":9374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9374,"packets-processed":9374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9374/9374 ~~ skipped flows.............: 0 @@ -5311,9 +5311,9 @@ ~~ total active/idle flows...: 661/661 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10532617 bytes -~~ total memory freed........: 10532617 bytes -~~ total allocations/frees...: 157380/157380 +~~ total memory allocated....: 11318111 bytes +~~ total memory freed........: 11318111 bytes +~~ total allocations/frees...: 171346/171346 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2605 chars diff --git a/test/results/default/activision.pcap.out b/test/results/default/activision.pcap.out index 777f9bd9c..d35b147b4 100644 --- a/test/results/default/activision.pcap.out +++ b/test/results/default/activision.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646323526787000} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646323526787000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646323526787000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646323526787000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5voEAAH8RYsnAqAJkbD3rHwwCgqEAJX0XDQIA093tA5YWaZgaJ69POBvAqAAVAgxsPesfoYI="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646323526787000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -15,7 +15,7 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1646323628122000,"flow_dst_last_pkt_time":1646323628154000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1646323628154000,"pkt":"YDjgxTWgeJS0JASgCABFAAA3hJNAADURYKEtP3A2wKgCZIe1DAIAI0xRKQoAAADOR0ROAAAAAAEAAAAAAAAAAAAAAAAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1646323628324000,"flow_dst_last_pkt_time":1646323628154000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646323628324000,"pkt":"eJS0JASgYDjgxTWgCABFAAAu0NYAAH8RCmfAqAJkLT9wNgwCh7UAGpZYKLBaR04AAAAAFgAAAAAEGqAA"} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323528362000,"flow_dst_last_pkt_time":1646323528329000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646323628926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1646330186021000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1646330186021000} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646330186021000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646330186021000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5ncMAAH8RmPnAqAJklEitogwChgcAJQKmDQIAJQp5Uq9Qqtxv2LxZymHAqAAVAgyUSK2iB4Y="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646330186021000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1646330186436000,"flow_dst_last_pkt_time":1646330186357000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646330186436000,"pkt":"eJS0JASgYDjgxTWgCABFAAAuncUAAH8RmQLAqAJklEitogwChgcAGpHFKNl9LNUBAAAAcgYAAKNJ1wsA"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323528362000,"flow_dst_last_pkt_time":1646323528329000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646330187441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323628043000,"flow_src_last_pkt_time":1646323628926000,"flow_dst_last_pkt_time":1646323628858000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646330187441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"45.63.112.54","src_port":3074,"dst_port":34741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1646331972616000} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1646331972616000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646331972616000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646331972616000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5EsQAAH8RdRfAqAJkrcdDBQwCkNkAJZrDDQIAgisORyh+2Z3JjlEt75TAqAAVAgytx0MF2ZA="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646331972616000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -35,7 +35,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1646331972856000,"flow_dst_last_pkt_time":1646331972816000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646331972856000,"pkt":"eJS0JASgYDjgxTWgCABFAAAuEsYAAH8RdSDAqAJkrcdDBQwCkNkAGqUkKMQtpz8CAAAAVggAAAozEzkA"} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330187441000,"flow_dst_last_pkt_time":1646330187364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646331973357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331973357000,"flow_dst_last_pkt_time":1646331973318000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646331973357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1646331973357000} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1646331973357000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653890 bytes -~~ total memory freed........: 8653890 bytes -~~ total allocations/frees...: 140626/140626 +~~ total memory allocated....: 9418360 bytes +~~ total memory freed........: 9418360 bytes +~~ total allocations/frees...: 154592/154592 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 976 chars diff --git a/test/results/default/adult_content.pcap.out b/test/results/default/adult_content.pcap.out index 7117b35ef..ffb6f4d76 100644 --- a/test/results/default/adult_content.pcap.out +++ b/test/results/default/adult_content.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679071239291834} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679071239291834} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1679071239291834,"pkt":"ILAB4IZiPKn0qB\/sCABFAAAwUDlAAEAR7PPAqAHHH9wbRacHAFAAHI2nAAEAACESpEJBM1FjaTROdXJPS0E="} 01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -9,7 +9,7 @@ 01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1679071239366897,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent","hostname":"b-eu14.stripcdn.com","domainame":"b-eu14.stripcdn.com","stun": {"mapped_address":"93.35.171.161:59534","response_origin":"31.220.27.69:80","other_address":"127.0.0.249:2083","multimedia_flow_types":"Unknown"}}} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1679071239367273,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1679071239367273,"pkt":"ILAB4IZiPKn0qB\/sCABFAACIUEtAAEAR7InAqAHHH9wbRacHAFAAdHxgAAMAWCESpEJ4VHYxS21GNEJWa2kAGQAEEQAAAAAGAAdqb2huZG9lAAAUABNiLWV1MTQuc3RyaXBjZG4uY29tAAAVABBmYzdlNjU3YjkzODY1NGJmAAgAFKX\/EIV4M7nf301az2ompIrGx4iF"} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":14,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239509436,"flow_dst_last_pkt_time":1679071239465594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1204,"flow_dst_max_l4_payload_len":1376,"flow_src_tot_l4_payload_len":3131,"flow_dst_tot_l4_payload_len":3791,"midstream":0,"thread_ts_usec":1679071239509436,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent","hostname":"b-eu14.stripcdn.com"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":25,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6922,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1679071239509436} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":25,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6922,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1679071239509436} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 25/25 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645539 bytes -~~ total memory freed........: 8645539 bytes -~~ total allocations/frees...: 140557/140557 +~~ total memory allocated....: 9409913 bytes +~~ total memory freed........: 9409913 bytes +~~ total allocations/frees...: 154523/154523 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 1171 chars diff --git a/test/results/default/afp.pcap.out b/test/results/default/afp.pcap.out index 616f710b6..0f24a409c 100644 --- a/test/results/default/afp.pcap.out +++ b/test/results/default/afp.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643275951277370} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643275951277370} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643275951277370,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1643275951277370,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643275951277370,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","proto_id":"97","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -8,7 +8,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643275951277702,"flow_dst_last_pkt_time":1643275951277547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643275951277702,"pkt":"ABxCVgfWYPgdrn1ECABFAAA0AABAAEAGgq\/AqBs5wKgbi\/3bAiR+nkVtU19RvIAQCHBcrAAAAQEICtTtV\/gAQsM8"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643275951277715,"flow_dst_last_pkt_time":1643275951277547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643275951277715,"pkt":"ABxCVgfWYPgdrn1ECABFAAA0AABAAEAGgq\/AqBs5wKgbi\/3bAiR+nkVtU19RvIAQCHBcrAAAAQEICtTtV\/gAQsM8"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275952364726,"flow_dst_last_pkt_time":1643275952364172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":118,"midstream":1,"thread_ts_usec":1643275952364726,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","proto_id":"97","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643275952364726} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643275952364726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645306 bytes -~~ total memory freed........: 8645306 bytes -~~ total allocations/frees...: 140549/140549 +~~ total memory allocated....: 9409680 bytes +~~ total memory freed........: 9409680 bytes +~~ total allocations/frees...: 154515/154515 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 974 chars diff --git a/test/results/default/agora-sd-rtn.pcap.out b/test/results/default/agora-sd-rtn.pcap.out index 4cc0d8bb3..0da9ae90f 100644 --- a/test/results/default/agora-sd-rtn.pcap.out +++ b/test/results/default/agora-sd-rtn.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1649093494350000} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1649093494350000} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350000,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649093494350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649093494350000,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97pAAD8RrNTAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350000,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649093494350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io","domainame":"23-248-186-179.edge.agora.io"}} @@ -70,7 +70,7 @@ 01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093640794000,"flow_src_last_pkt_time":1649093640842000,"flow_dst_last_pkt_time":1649093640826000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1667,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} 01020{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093580792000,"flow_src_last_pkt_time":1649093580849000,"flow_dst_last_pkt_time":1649093580831000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1796,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-77-66.edge.agora.io"}} 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649093640842000,"flow_src_last_pkt_time":1649093640842000,"flow_dst_last_pkt_time":1649093640842000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":1219,"flow_src_tot_l4_payload_len":1546,"flow_dst_tot_l4_payload_len":4876,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":12,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1649098069656000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":12,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1649098069656000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649098069656000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649098069656000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneRAAD8RBqvAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649098069656000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io","domainame":"23-248-186-179.edge.agora.io"}} @@ -122,7 +122,7 @@ 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259000,"flow_src_last_pkt_time":1649098070310000,"flow_dst_last_pkt_time":1649098070298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1824,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"104-166-161-75.edge.agora.io"}} 01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069689000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":818,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2256,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069706000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069706000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1892,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":211,"packets-processed":210,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":15,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1649098819739000} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":211,"packets-processed":210,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":15,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1649098819739000} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259000,"flow_src_last_pkt_time":1649098070310000,"flow_dst_last_pkt_time":1649098070298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1824,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"104-166-161-75.edge.agora.io"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098129676000,"flow_src_last_pkt_time":1649098129719000,"flow_dst_last_pkt_time":1649098129703000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":492,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1769,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"193-118-52-182.edge.agora.io"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649098094676000,"flow_src_last_pkt_time":1649098094724000,"flow_dst_last_pkt_time":1649098094756000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1606,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-233-218.edge.agora.io"}} @@ -163,7 +163,7 @@ 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098849713000,"flow_src_last_pkt_time":1649098849898000,"flow_dst_last_pkt_time":1649098849881000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":430,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1659,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":6,"flow_first_seen":1649098089567000,"flow_src_last_pkt_time":1649098819802000,"flow_dst_last_pkt_time":1649098819775000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":944,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":4213,"flow_dst_tot_l4_payload_len":2952,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"104-166-161-75.edge.agora.io"}} 01025{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098909723000,"flow_src_last_pkt_time":1649098909909000,"flow_dst_last_pkt_time":1649098909895000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":398,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1627,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-224.edge.agora.io"}} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":19,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1649336870173000} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":19,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1649336870173000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649336870173000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1649336870173000,"pkt":"eJS0JASgYDjgxTWgCABFoAEFneZAAD8Rl3TAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649336870173000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io","domainame":"128-1-193-223.edge.agora.io"}} @@ -226,7 +226,7 @@ 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1649336965166000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965166000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFZAAD8RpDjAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1649336965359000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965359000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFtAAD8RpDPAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1649336965359000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965359000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFxAAD8RpDLAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":401,"packets-processed":400,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1649337802272000} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":401,"packets-processed":400,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1649337802272000} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336954948000,"flow_src_last_pkt_time":1649336955151000,"flow_dst_last_pkt_time":1649336955137000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1812,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-224.edge.agora.io"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870432000,"flow_dst_last_pkt_time":1649336870347000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2014,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1649336960225000,"flow_src_last_pkt_time":1649336960225000,"flow_dst_last_pkt_time":1649336960225000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":498,"flow_src_tot_l4_payload_len":699,"flow_dst_tot_l4_payload_len":3468,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io"}} @@ -235,7 +235,7 @@ 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1649336894950000,"flow_src_last_pkt_time":1649336897978000,"flow_dst_last_pkt_time":1649336894950000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3525,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"103-104-168-244.edge.agora.io"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1649336965165000,"flow_src_last_pkt_time":1649336968493000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-180.edge.agora.io"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336960165000,"flow_src_last_pkt_time":1649336960225000,"flow_dst_last_pkt_time":1649336960206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1814,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":403,"packets-processed":403,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":238,"global_ts_usec":1649337802273000} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":403,"packets-processed":403,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":238,"global_ts_usec":1649337802273000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 403/403 ~~ skipped flows.............: 0 @@ -244,9 +244,9 @@ ~~ total active/idle flows...: 26/26 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8717429 bytes -~~ total memory freed........: 8717429 bytes -~~ total allocations/frees...: 141211/141211 +~~ total memory allocated....: 9482603 bytes +~~ total memory freed........: 9482603 bytes +~~ total allocations/frees...: 155177/155177 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 2185 chars diff --git a/test/results/default/ah.pcapng.out b/test/results/default/ah.pcapng.out index 8bf8aa207..dc592ad45 100644 --- a/test/results/default/ah.pcapng.out +++ b/test/results/default/ah.pcapng.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587338929051893} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587338929051893} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587338929051893,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00988{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587338929051893,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAJ4AAP8RngIKAgMCCgMEBAH0AfQBbieYHBhp9tKboMwAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAop90y3jHmNMWVGIbNRerOVFzMP5JoRLlIVT+uGcaHcUDAfZ9agub4v3ifShq9iAjKtd\/XZoIX76e0SSPXecxSXzgS1HJOpsJtzfXg96dFLBFkvBpXPHiUb1T29i2BXzdKwAAJGy943MOgVw+17TTE3RGnNSeH1Br3ZzttJxYzZbae2KMKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABCNvuAsA4SMheroNDIs0se1c2REJAAAAHAAAQAUSA9ZB8IS5r14gXhydhU2hTnWD2w=="} 00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587338929051893,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -12,7 +12,7 @@ 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587338931051372,"flow_dst_last_pkt_time":1587338931051869,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1587338931051869,"pkt":"qrvMAAIQqrvMAAMQCABFAAB8ABMAAP4zoTEKAwQECgIDAgEEAACvhoPvAAAAAQLuLdf7aFTxy+gQnAAAbwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} 00911{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587338931051372,"flow_src_last_pkt_time":1587338931051372,"flow_dst_last_pkt_time":1587338931051869,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1587338931051869,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AH","proto_id":"116","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":2,"category":"VPN"}} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929067839,"flow_dst_last_pkt_time":1587338929075761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":686,"flow_dst_tot_l4_payload_len":638,"midstream":0,"thread_ts_usec":1587338931051869,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587338931051869} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587338931051869} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647452 bytes -~~ total memory freed........: 8647452 bytes -~~ total allocations/frees...: 140550/140550 +~~ total memory allocated....: 9411858 bytes +~~ total memory freed........: 9411858 bytes +~~ total allocations/frees...: 154516/154516 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 993 chars diff --git a/test/results/default/ajp.pcap.out b/test/results/default/ajp.pcap.out index bfe73940d..4be08edd8 100644 --- a/test/results/default/ajp.pcap.out +++ b/test/results/default/ajp.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505154584447407} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505154584447407} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447407,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447407,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447547,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} @@ -40,7 +40,7 @@ 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584617955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":38,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1505154584618218} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":38,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1505154584618218} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/26 ~~ skipped flows.............: 0 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648024 bytes -~~ total memory freed........: 8648024 bytes -~~ total allocations/frees...: 140570/140570 +~~ total memory allocated....: 9412430 bytes +~~ total memory freed........: 9412430 bytes +~~ total allocations/frees...: 154536/154536 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 313 chars ~~ json message max len.......: 1513 chars diff --git a/test/results/default/alexa-app.pcapng.out b/test/results/default/alexa-app.pcapng.out index 3a9028cff..29cb6961b 100644 --- a/test/results/default/alexa-app.pcapng.out +++ b/test/results/default/alexa-app.pcapng.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490976022526783} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490976022526783} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526783,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526783} 00326{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_usec":1490976022526783,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526847,"packet_id":2,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526847} @@ -85,10 +85,10 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1490976029248822,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976029325964,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqrg0VdHFrBAq2AG718qLhBMS07KNiKAScSCB1QAAAgQFtAQCCAptCebiAPZJvAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1490976029328330,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976029328330,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xDxAAEAGmYSsECrYNFXRxdfKAbvTso2Ii4QTE4AQAVcgZAAAAQEICgD2ScRtCebi"} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1490976029341528,"pkt":"AMDKkaPvePiC0\/vCCABFAAERxD1AAEAGmKasECrYNFXRxdfKAbvTso2Ii4QTE4AYAVeNQAAAAQEICgD2ScZtCebiFgMBANgBAADUAwNT2KB0JrHY5dbwauLLHFhO0VZRwtPH9AKUlOkcVsOHnAAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAfwAAABMAEQAADnd3dy5hbWF6b24uY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029341528,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029341528,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029386853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976029386853,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA09fhAAPMGtMc0VdHFrBAq2AG718qLhBMT07KOZYAQAHYgXQAAAQEICm0J5usA9knG"} -01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029387254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976029387254,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01821{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029387940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1490976029387940,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029387254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976029387254,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01826{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029387940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1490976029387940,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029669574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029669574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029669574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1490976029669574,"pkt":"AMDKkaPvePiC0\/vCCABFAABGWk9AAEARM16sECrYrBAqAU3\/ADUAMlRV5qsBAAABAAAAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQAB"} 01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029669574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029669574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -145,18 +145,18 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1490976035553389,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976035610272,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7ldsM0X8G\/VxotaASaN9A1wAAAgQFtAQCCApEF1TYAPZMMwEDAwg="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1490976035612740,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976035612740,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIhAAEAG55ysECrYIsc08JXbAbv9XGi1DNF\/B4AQAVfXJgAAAQEICgD2TDlEF1TY"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1490976035616784,"pkt":"AMDKkaPvePiC0\/vCCABFAAEYJIlAAEAG5resECrYIsc08JXbAbv9XGi1DNF\/B4AYAVcMvQAAAQEICgD2TDlEF1TYFgMBAN8BAADbAwP73M1sxI2HkRgH8V1BL3eSUwWF+lNvBxlDQftlXGYrfgAAIPr6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAksrKAAD\/AQABAAAAAC0AKwAAKGNvZ25pdG8taWRlbnRpdHkudXMtZWFzdC0xLmFtYXpvbmF3cy5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGGpqAAEA"} -01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976035616784,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976035616784,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035732914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976035732914,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KgNAAOsGNyEixzTwrBAq2AG7ldsM0X8H\/VxpmYAQAHfW9AAAAQEICkQXVQYA9kw5"} -01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035733287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976035733287,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035733821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":3389,"midstream":0,"thread_ts_usec":1490976035733821,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34","blocks":0}}} +01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035733287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976035733287,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01685{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035733821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":3389,"midstream":0,"thread_ts_usec":1490976035733821,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037754217,"flow_dst_last_pkt_time":1490976037754217,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976037754217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1490976037754217,"flow_dst_last_pkt_time":1490976037754217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976037754217,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8+KpAAEAGE3KsECrYIsc08JXcAbvRHbWkAAAAAKAC\/\/+tAQAAAgQFtAQCCAoA9k0OAAAAAAEDAwg="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1490976037754217,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976037803932,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOoGYhwixzTwrBAq2AG7ldw4CtRs0R21paASaN+cagAAAgQFtAQCCApEF1cYAPZNDgEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1490976037807519,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976037807519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+KtAAEAGE3msECrYIsc08JXcAbvRHbWlOArUbYAQAVcyugAAAQEICgD2TRREF1cY"} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_usec":1490976037809016,"pkt":"AMDKkaPvePiC0\/vCCABFAAE4+KxAAEAGEnSsECrYIsc08JXcAbvRHbWlOArUbYAYAVfzMQAAAQEICgD2TRREF1cYFgMBAP8BAAD7AwMVuDHoPIxY5YbdWtXfttgnszJ6dj3kr1us3m0FTwAhaSCuITFLxCcAmkxVA5xh9l9LJAIe6ginKsjl8g3o3EcTxQAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACSOjoAAP8BAAEAAAAALQArAAAoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACLq6AB0AFwAY6uoAAQA="} -01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976037809016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976037809016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037919951,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976037919951,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0g1VAAOoG3s4ixzTwrBAq2AG7ldw4CtRt0R22qYAQAHcydQAAAQEICkQXVzkA9k0U"} -01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037920091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1490976037920091,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037920091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1490976037920091,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041150466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041150466,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041150466,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1490976041150466,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWlNAAEARM1+sECrYrBAqAdZmADUALY4\/ocgBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041150466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041150466,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -216,23 +216,23 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041942417,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976041989388,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iuwz0jww\/ZKJqAScSDA4QAAAgQFtAQCCAptm51vAPZOsgEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1490976041995382,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976041995382,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJhAAEAGWRasECrYNFXR2NSLAbvD9komsM9I8YAQAVdfcwAAAQEICgD2Trdtm51v"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1490976041995659,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+BJlAAEAGWEusECrYNFXR2NSLAbvD9komsM9I8YAYAVe71AAAAQEICgD2Trdtm51vFgMBAMUBAADBAwO5UA\/iZEVzwxa2fCwy81ITWHfzxsPCnxUHsdFTfcWAvgAAILq6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeAoKAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABjq6gABAA=="} -01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041995659,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041995659,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976042054012,"flow_src_last_pkt_time":1490976042054012,"flow_dst_last_pkt_time":1490976042054012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976042054012,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1490976042054012,"flow_dst_last_pkt_time":1490976042054012,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976042054012,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AfNAAEAGW7OsECrYNFXR2NSNAbumNE9OAAAAAKAC\/\/9PagAAAgQFtAQCCAoA9k69AAAAAAEDAwg="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041961796,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976042056791,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iw+cfkHGE+VGqAScSB8QwAAAgQFtAQCCAps\/wWhAPZOtAEDAwg="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1490976042057764,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042057764,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0265AAEAGgf+sECrYNFXR2NSMAbsYT5UaPnH5CIAQAVca0QAAAQEICgD2Tr1s\/wWh"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1490976042058395,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+269AAEAGgTSsECrYNFXR2NSMAbsYT5UaPnH5CIAYAVdplAAAAQEICgD2Tr1s\/wWhFgMBAMUBAADBAwOGZCJ5XClhLW3uSio8xzT8mg+rdruUVrO5OZF9oNZ61QAAIIqKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeCoqAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIamoAHQAXABh6egABAA=="} -01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976042058395,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976042058395,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042062566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042062566,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA01YZAAPMG1SY0VdHYrBAq2AG71Iuwz0jxw\/ZK8IAQAHZfggAAAQEICm2bnXcA9k63"} -01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042081606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976042081606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042082340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976042082340,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042081606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976042081606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042082340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976042082340,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1490976042054012,"flow_dst_last_pkt_time":1490976042099362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976042099362,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71I2zekUSpjRPT6AScSDSoAAAAgQFtAQCCAptF6XzAPZOvQEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1490976042101270,"flow_dst_last_pkt_time":1490976042099362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042101270,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfRAAEAGW7qsECrYNFXR2NSNAbumNE9Ps3pFE4AQAVdxMgAAAQEICgD2TsJtF6Xz"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042143678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042143678,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0\/KJAAPMGrgo0VdHYrBAq2AG71Iw+cfkIGE+V5IAQAHYa3wAAAQEICmz\/BaoA9k69"} -01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042149888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976042149888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042150550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976042150550,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042149888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976042149888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042150550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976042150550,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1490976042239996,"flow_dst_last_pkt_time":1490976041952733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1490976042239996,"pkt":"AMDKkaPvePiC0\/vCCABFAAELYD1AAEAGsx6sECrYNu8YuoTjAbvEzS6SzeCOhlAYAVd4ugAAFgMBAN4BAADaAwPrd1S1ddQk7rUlC7xdTTn0up1nnk\/tmx0cHtuMmn3chgAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAkVpaAAD\/AQABAAAAACwAKgAAJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYuroAAQA="} -02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976042286958,"flow_dst_last_pkt_time":1490976042283855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1030,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1358,"flow_dst_tot_l4_payload_len":15533,"midstream":0,"thread_ts_usec":1490976042286958,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":47,"avg":22128.4,"max":90510,"stddev":31052.4,"var":964249024.0,"ent":3.6,"data": [46971,52965,277,73178,134,18906,393,341,423,88175,318,744,233,8121,32759,75313,63701,49446,70919,806,90510,2043,419,465,407,524,703,47,5315,294,1129]},"pktlen": {"min":52,"avg":580.3,"max":1500,"stddev":637.0,"var":405792.1,"ent":4.1,"data": [60,60,52,254,52,52,1500,1500,1500,819,52,52,52,52,178,1082,294,52,52,1500,1500,52,1500,1500,1500,450,1500,1112,86,52,52,52]},"bins": {"c_to_s": [11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0],"entropies": [4.626680851,5.273560524,5.056022167,5.578444004,5.038779736,5.038779736,6.941484451,7.235523224,7.505930424,7.618381500,5.017560482,4.979098797,4.979098797,4.979099274,6.314942837,7.805894852,7.019865036,5.056022167,5.000318527,7.867209435,7.863208771,4.979098797,7.856099606,7.887753487,7.874964714,7.517594337,7.873031139,7.831841469,5.789580822,4.979099274,4.979098797,4.940637589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02187{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976042286958,"flow_dst_last_pkt_time":1490976042283855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1030,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1358,"flow_dst_tot_l4_payload_len":15533,"midstream":0,"thread_ts_usec":1490976042286958,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":47,"avg":22128.4,"max":90510,"stddev":31052.4,"var":964249024.0,"ent":3.6,"data": [46971,52965,277,73178,134,18906,393,341,423,88175,318,744,233,8121,32759,75313,63701,49446,70919,806,90510,2043,419,465,407,524,703,47,5315,294,1129]},"pktlen": {"min":52,"avg":580.3,"max":1500,"stddev":637.0,"var":405792.1,"ent":4.1,"data": [60,60,52,254,52,52,1500,1500,1500,819,52,52,52,52,178,1082,294,52,52,1500,1500,52,1500,1500,1500,450,1500,1112,86,52,52,52]},"bins": {"c_to_s": [11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0],"entropies": [4.626680851,5.273560524,5.056022167,5.578444004,5.038779736,5.038779736,6.941484451,7.235523224,7.505930424,7.618381500,5.017560482,4.979098797,4.979098797,4.979099274,6.314942837,7.805894852,7.019865036,5.056022167,5.000318527,7.867209435,7.863208771,4.979098797,7.856099606,7.887753487,7.874964714,7.517594337,7.873031139,7.831841469,5.789580822,4.979099274,4.979098797,4.940637589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976042239996,"flow_dst_last_pkt_time":1490976042302047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":454,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976042302047,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 01682{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976042239996,"flow_dst_last_pkt_time":1490976042302667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":454,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976042302667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1490976042346204,"flow_dst_last_pkt_time":1490976042099362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042346204,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfVAAEAGW7msECrYNFXR2NSNAbumNE9Ps3pFE4ARAVdxGQAAAQEICgD2TtptF6Xz"} @@ -363,13 +363,13 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047560420,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976047602380,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71JuiSVznYK0iJ6AScSA47wAAAgQFtAQCCAptkKkCAPZQ5AEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047603553,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976047603553,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0csNAAEAG6uqsECrYNFXR2NSbAbtgrSInoklc6IAQAVfXgQAAAQEICgD2UOhtkKkC"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1490976047610667,"pkt":"AMDKkaPvePiC0\/vCCABFAAI5csRAAEAG6OSsECrYNFXR2NSbAbtgrSInoklc6IAYAVfMzwAAAQEICgD2UOhtkKkCFgMBAgABAAH8AwN2BwhjfJbg5Am9t4WVCSBsvbJjgWDho9rtAy+p\/VRu5SBHUQT65GzShmSQt43DXU\/iRpfvK3yVUZImuuA4WpXHawAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTCgoAAP8BAAEAAAAAEwARAAAOd3d3LmFtYXpvbi5jb20AFwAAACMAsFRWtD3JSKQf4Lr9eEfx0PQ01nHGkidDCG7s9KZESOymslO\/GqdkoVsdJK5ZoYugmQyWHOp1tqWh2bA4KlSTUx1xDcGhPBYTENeT+hnpzYJuHISGm+WAjLYZpeScMXdEj+cpOxx40tMWY+U2GkrsQW5AIinC1PY+tiQWPYlKDKD6UtQmLCxNZDzFu5nYZUvgPU\/iQ7PiXNcQfJ3byiPYuj5cRmbUB10pxz435spf4lY4AA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYamoAAQAAFQBnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047610667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047610667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047563011,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976047629213,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwJsxAAOcGf3ZIFc6HrBAq2AG7pJ+6tUVgg\/ibBnASH\/6xFgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047631210,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976047631210,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoy+JAAEAGgWisECrYSBXOh6SfAbuD+JsGurVFYVAQAVf7hwAA"} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1490976047631468,"pkt":"AMDKkaPvePiC0\/vCCABFAAEVy+NAAEAGgHqsECrYSBXOh6SfAbuD+JsGurVFYVAYAVcKJQAAFgMBAOgBAADkAwP\/\/gAuAk5v3TG7NhYWBuGwBvgFQjeXqnaZyi9wFBW4dCCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD90462wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB7CgoAAP8BAAEAAAAAFgAUAAARZmxzLW5hLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAj6+gAdABcAGCoqAAEA"} 01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047631468,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047652109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976047652109,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA09e9AAPMGtL00VdHYrBAq2AG71JuiSVzoYK0kLIAQAHbWWAAAAQEICm2QqQcA9lDo"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047664674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047664674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047664674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047664674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047694431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976047694431,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoM15AAOcGcuxIFc6HrBAq2AG7pJ+6tUVhg\/ib81AQf\/x79QAAAAAAAAAA"} 01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047695425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047695425,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":711,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047738970,"flow_dst_last_pkt_time":1490976047737869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":18550,"flow_dst_tot_l4_payload_len":666,"midstream":0,"thread_ts_usec":1490976047738970,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":114,"avg":44370.0,"max":352057,"stddev":78836.5,"var":6215196160.0,"ent":3.5,"data": [57034,58621,1781,56791,4768,135,59291,267,22886,80040,5852,71839,321,148,565,303,201,1403,296,114,67763,34752,23901,352057,295338,129,57737,650,60553,128,59805]},"pktlen": {"min":40,"avg":643.2,"max":1500,"stddev":676.9,"var":458225.8,"ent":4.1,"data": [60,48,40,299,46,46,196,40,91,806,46,550,1500,1425,1500,1500,1500,1500,1500,1500,69,46,46,46,1500,46,46,1500,1500,46,46,1500]},"bins": {"c_to_s": [4,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,11,0,0],"s_to_c": [11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,0],"entropies": [4.705928802,5.119034290,4.831687450,5.956132412,4.565872192,4.522393703,6.373359203,4.831687450,5.346002579,7.707840443,4.565872192,7.614433289,7.881308079,7.868000031,7.843427658,7.860275269,7.859666824,7.853141308,7.878274441,7.872379303,5.651857376,4.478915691,4.522393703,4.522393703,7.860081673,4.565871716,4.565872192,7.860362053,7.853739262,4.609350681,4.609350681,7.878521442]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -436,9 +436,9 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1490976064452332,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976064505269,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71KJ+bVwJX8R4G6AScSBROQAAAgQFtAQCCAptHVo6APZXfQEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1490976064519519,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976064519519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0L2hAAEAGLkasECrYNFXR2NSiAbtfxHgbfm1cCoAQAVfvyQAAAQEICgD2V4NtHVo6"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1490976064520567,"pkt":"AMDKkaPvePiC0\/vCCABFAAI5L2lAAEAGLECsECrYNFXR2NSiAbtfxHgbfm1cCoAYAVeoAQAAAQEICgD2V4RtHVo6FgMBAgABAAH8AwNl4D5WcIpeF6adbzNjl\/tiZhGpmavxSM5uXnDrdJHl1yBHUQT65GzShmSQt43DXU\/iRpfvK3yVUZImuuA4WpXHawAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTOjoAAP8BAAEAAAAAEwARAAAOd3d3LmFtYXpvbi5jb20AFwAAACMAsFRWtD3JSKQf4Lr9eEfx0PQ01nHGkidDCG7s9KZESOymslO\/GqdkoVsdJK5ZoYugmQyWHOp1tqWh2bA4KlSTUx1xDcGhPBYTENeT+hnpzYJuHISGm+WAjLYZpeScMXdEj+cpOxx40tMWY+U2GkrsQW5AIinC1PY+tiQWPYlKDKD6UtQmLCxNZDzFu5nYZUvgPU\/iQ7PiXNcQfJ3byiPYuj5cRmbUB10pxz435spf4lY4AA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAYWloAAQAAFQBnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976064520567,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976064520567,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064568500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976064568500,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0BktAAPMGpGI0VdHYrBAq2AG71KJ+bVwKX8R6IIAQAHbunQAAAQEICm0dWkEA9leE"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064578107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976064578107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064578107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976064578107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976067916709,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067916709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976067916709,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067916709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976067916709,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlhAAEARM1+sECrYrBAqAe2EADUAKHojSVQBAAABAAAAAAAAA2FwaQZhbWF6b24DY29tAAABAAE="} 01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976067916709,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067916709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976067916709,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.amazon.com","domainame":"api.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -453,7 +453,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":5,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068158441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976068158441,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo2FJAAOcGkBM27x2SrBAq2AG7otunydf4btzLCVAQf\/ymLwAAAAAAAAAA"} 01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068174408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976068174408,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com","domainame":"api.amazon.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 01675{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068174770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":3330,"midstream":0,"thread_ts_usec":1490976068174770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com","domainame":"api.amazon.com","tls": {"version":"TLSv1.2","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D","blocks":0}}} -02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976068084335,"flow_dst_last_pkt_time":1490976068174801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7862,"flow_dst_tot_l4_payload_len":9710,"midstream":0,"thread_ts_usec":1490976068174801,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":123,"avg":237241.0,"max":2896813,"stddev":560116.6,"var":313730662400.0,"ent":2.8,"data": [52937,67187,1048,63231,9607,59757,285,20918,462,225,155,1078,225,97487,133,7299,15901,484594,178,170,116007,306256,538314,1116565,2896813,279,153,126,123,583169,913790]},"pktlen": {"min":52,"avg":603.1,"max":1500,"stddev":665.4,"var":442821.7,"ent":4.1,"data": [60,60,52,569,52,208,52,103,1500,1500,125,1500,1500,1481,52,52,52,52,1500,1500,1209,1209,1500,1500,1500,52,64,64,64,64,52,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0],"s_to_c": [7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1],"entropies": [4.705928802,5.273560047,4.979098797,6.082272053,5.000318527,6.571692467,5.056022167,5.591795921,7.858945847,7.890957355,6.413620949,7.866191387,7.874218941,7.863078117,5.038779736,5.000318050,5.000318050,4.884933472,7.878181458,7.882399559,7.840240955,7.842101574,7.879061222,7.879629612,7.876855850,4.940637112,4.991729736,5.085479736,5.116729736,5.116729736,5.056022167,5.000318050]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02213{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976068084335,"flow_dst_last_pkt_time":1490976068174801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7862,"flow_dst_tot_l4_payload_len":9710,"midstream":0,"thread_ts_usec":1490976068174801,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":123,"avg":237241.0,"max":2896813,"stddev":560116.6,"var":313730662400.0,"ent":2.8,"data": [52937,67187,1048,63231,9607,59757,285,20918,462,225,155,1078,225,97487,133,7299,15901,484594,178,170,116007,306256,538314,1116565,2896813,279,153,126,123,583169,913790]},"pktlen": {"min":52,"avg":603.1,"max":1500,"stddev":665.4,"var":442821.7,"ent":4.1,"data": [60,60,52,569,52,208,52,103,1500,1500,125,1500,1500,1481,52,52,52,52,1500,1500,1209,1209,1500,1500,1500,52,64,64,64,64,52,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0],"s_to_c": [7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1],"entropies": [4.705928802,5.273560047,4.979098797,6.082272053,5.000318527,6.571692467,5.056022167,5.591795921,7.858945847,7.890957355,6.413620949,7.866191387,7.874218941,7.863078117,5.038779736,5.000318050,5.000318050,4.884933472,7.878181458,7.882399559,7.840240955,7.842101574,7.879061222,7.879629612,7.876855850,4.940637112,4.991729736,5.085479736,5.116729736,5.116729736,5.056022167,5.000318050]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02344{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":934,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068790465,"flow_dst_last_pkt_time":1490976070313997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":16863,"midstream":0,"thread_ts_usec":1490976070313997,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":102165.5,"max":486056,"stddev":138313.6,"var":19130660864.0,"ent":3.7,"data": [92394,95354,2440,97381,1862,14105,301,61,113369,268,157,49644,132555,83310,183928,260,326122,293069,272379,138,443688,400,541,41,276469,199153,505,44,713,486056,423]},"pktlen": {"min":40,"avg":686.3,"max":1500,"stddev":682.0,"var":465082.8,"ent":4.2,"data": [60,48,40,261,46,46,1500,1500,450,40,40,40,166,91,40,1500,533,46,1500,46,46,1500,1500,1500,211,1500,1500,1500,211,1500,1500,1500]},"bins": {"c_to_s": [6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,1,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.672595501,5.134760857,4.731687546,5.428875923,4.609350681,4.609350204,7.207319260,7.309862137,7.406122684,4.781687260,4.831686974,4.831686974,6.560224533,5.827393532,4.734183788,7.885433197,7.643744469,4.652828693,7.886434555,4.522393703,4.462504387,7.848043919,7.856681824,7.865322113,6.980444908,7.848917007,7.856569290,7.864667892,6.965065002,7.849271774,7.848181248,7.856681824]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976071237623,"flow_src_last_pkt_time":1490976071237623,"flow_dst_last_pkt_time":1490976071237623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071237623,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1490976071237623,"flow_dst_last_pkt_time":1490976071237623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976071237623,"pkt":"AMDKkaPvePiC0\/vCCABFAAA870hAAEAGV6asECrYNF7ohsHGAFAgR7VrAAAAAKAC\/\/9hTwAAAgQFtAQCCAoA9lojAAAAAAEDAwg="} @@ -551,10 +551,10 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1490976080485167,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976080542065,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7lgTyw5w6PAKPIKASaN+a6gAAAgQFtAQCCApEF4DYAPZdvwEDAwg="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1490976080543197,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976080543197,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qFAAEAGOYOsECrYIsc08JYEAbs8Ao8g8sOcO4AQAVcxOQAAAQEICgD2XcZEF4DY"} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":4,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_usec":1490976080544389,"pkt":"AMDKkaPvePiC0\/vCCABFAAE40qJAAEAGOH6sECrYIsc08JYEAbs8Ao8g8sOcO4AYAVdhlgAAAQEICgD2XcZEF4DYFgMBAP8BAAD7AwOX\/QoHOQfrIm4YrainwIcb8HJqxyAya+r9gcsMJ\/OOBSCuITFLxCcAmkxVA5xh9l9LJAIe6ginKsjl8g3o3EcTxQAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACSCgoAAP8BAAEAAAAALQArAAAoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACPr6AB0AFwAYGhoAAQA="} -01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976080544389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976080544389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1145,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":5,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080602253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976080602253,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0HN1AAOsGREcixzTwrBAq2AG7lgTyw5w7PAKQJIAQAHcxBQAAAQEICkQXgOgA9l3G"} -01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080606156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976080606156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01688{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080607335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":3389,"midstream":0,"thread_ts_usec":1490976080607335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34","blocks":0}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080606156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976080606156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080607335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":3389,"midstream":0,"thread_ts_usec":1490976080607335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976082723840,"flow_src_last_pkt_time":1490976082723840,"flow_dst_last_pkt_time":1490976082723840,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976082723840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1490976082723840,"flow_dst_last_pkt_time":1490976082723840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976082723840,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8n\/hAAEAGdDKsECrYNu8YuoUFAbsbksFnAAAAAKAC\/\/9eHgAAAgQFtAQCCAoA9l6fAAAAAAEDAwg="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976082964100,"flow_src_last_pkt_time":1490976082964100,"flow_dst_last_pkt_time":1490976082964100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976082964100,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -693,13 +693,13 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_src_last_pkt_time":1490976090991595,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976091160874,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KVkAACcGFEQ250hYrBAq2AG7o1w0YmduEBUO+4AS\/\/+yAwAAAgQFmAMDCAEEAgEB"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_src_last_pkt_time":1490976091163241,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976091163241,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyJAAEAGdYasECrYNudIWKNcAbsQFQ77NGJnb1AQAVf4XAAA"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":4,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_usec":1490976091163513,"pkt":"AMDKkaPvePiC0\/vCCABFAAD\/byNAAEAGdK6sECrYNudIWKNcAbsQFQ77NGJnb1AYAVcUGAAAFgMBANIBAADOAwPiWwT6rMYxCKpzwVWlHQ4+YJCqbihOIRaiGpLsY6Y1LgAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAhQoKAAD\/AQABAAAAACAAHgAAG3MzLWV4dGVybmFsLTIuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAY+voAAQA="} -01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976091163513,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976091163513,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_src_last_pkt_time":1490976091048429,"flow_dst_last_pkt_time":1490976091217295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976091217295,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Sq8AACcG8u0250hYrBAq2AG7o117lZ8zZBSwSYAS\/\/89vAAAAgQFmAMDCAEEAgEB"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_src_last_pkt_time":1490976091219669,"flow_dst_last_pkt_time":1490976091217295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976091219669,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0alAAEAGEv+sECrYNudIWKNdAbtkFLBJe5WfNFAQAVeEFQAA"} 02347{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1452,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976090996390,"flow_dst_last_pkt_time":1490976091223863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":7259,"flow_dst_tot_l4_payload_len":2355,"midstream":0,"thread_ts_usec":1490976091223863,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":30,"avg":159906.1,"max":1191626,"stddev":282043.2,"var":79548358656.0,"ent":3.5,"data": [214415,219069,3661,1161828,1191626,138,43,75944,170423,352,118993,9705,7936,105518,89968,79074,135403,22399,255382,307,202303,1216,199697,125,147,204784,30,11403,221917,129,253154]},"pktlen": {"min":40,"avg":343.0,"max":1500,"stddev":486.7,"var":236894.1,"ent":3.9,"data": [60,48,40,279,279,46,125,93,40,46,178,40,99,1500,46,206,46,46,1133,1500,254,46,541,1500,270,162,46,46,525,1500,190,46]},"bins": {"c_to_s": [4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0],"s_to_c": [10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1],"entropies": [4.672595501,5.134761333,4.762815475,5.883847237,5.876678944,4.609350204,6.148330688,5.967529297,4.712815285,4.565871716,6.521196365,4.662815094,5.915507793,7.852227211,4.565872192,6.894952297,4.565871716,4.565871716,7.832350731,7.860533714,7.115900993,4.609350204,7.520314217,7.876235962,7.163622856,6.629608631,4.522393703,4.609350204,7.614107132,7.867299557,6.817775249,4.609350204]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":5,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091345076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976091345076,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAozJ1AAOcGcQo250hYrBAq2AG7o1w0YmdvEBUP0lAQAD74ngAAAAAAAAAA"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091345211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976091345211,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091346214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976091346214,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} +01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091345211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976091345211,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01683{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091346214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976091346214,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} 02347{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976092170541,"flow_dst_last_pkt_time":1490976092236982,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":8342,"flow_dst_tot_l4_payload_len":1817,"midstream":0,"thread_ts_usec":1490976092236982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":69,"avg":209393.8,"max":1080313,"stddev":303367.1,"var":92031574016.0,"ent":3.7,"data": [1005698,1080313,210230,18680,169715,18028,104975,95,107187,277,11694,34788,143,215183,306,69,21708,195595,278,202797,728,212905,264,205823,10952,236264,754701,277,888900,405375,377261]},"pktlen": {"min":40,"avg":360.5,"max":1500,"stddev":516.5,"var":266795.3,"ent":3.8,"data": [60,60,48,40,279,48,40,125,93,40,40,99,1500,254,46,46,46,541,1500,206,46,701,1500,238,46,557,40,1500,206,46,1500,46]},"bins": {"c_to_s": [7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1],"entropies": [4.693347454,4.647432327,5.119034290,4.831686974,5.881499290,5.077367306,4.881687164,6.046293259,6.063190460,4.781687260,4.881687164,5.804432392,7.875989437,7.151407242,4.652828693,4.565872192,4.609350681,7.607057095,7.888786316,6.953813553,4.652828693,7.704366207,7.873492241,7.130478382,4.609350204,7.637624264,4.881687164,7.872291088,6.858013630,4.501398087,7.871377945,4.522393703]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1488,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":4,"flow_src_last_pkt_time":1490976092902682,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976092902682,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/hAAEAGPiGsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/91dAAAAgQFtAQCCAoA9mKZAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976093238253,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093238253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976093238253,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -742,12 +742,12 @@ 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1610,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":4,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976100998827,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_usec":1490976101001170,"pkt":"AMDKkaPvePiC0\/vCCABFAAErBwJAAEAGDDqsECrYNu8YuoUaAbt\/SWKyQ51EmVAYAVcVawAAFgMBAP4BAAD6AwNQLskK0EtMvl083kPSq0nopXQlOdvR+0IZKHw7KLO7aiAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRysoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIKioAHQAXABgKCgABAA=="} 01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976100998827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976101001170,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":4,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976100999093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_usec":1490976101001872,"pkt":"AMDKkaPvePiC0\/vCCABFAAEfOPBAAEAGqsGsECrYNudIWKNhAbuICV1cE8F9WVAYAVfc9gAAFgMBAPIBAADuAwN6LJpcPFiGGpu9Ln0VWrwN6uX9+Oq10gWhn0l9jMi\/ACBPSeLkXjji7rxbuBfRuYdiOn9o7tUR6tCEdV9ZFui2uAAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFmpoAAP8BAAEAAAAAIAAeAAAbczMtZXh0ZXJuYWwtMi5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIKioAHQAXABhaWgABAA=="} -01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976100999093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976101001872,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976100999093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976101001872,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1612,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":5,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976101080368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976101080368,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAonQZAANsG3Dc27xi6rBAq2AG7hRpDnUSZf0lislAQARyXHwAAAAAAAAAA"} 01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976101100346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976101100346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":5,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101182554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976101182554,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoaBZAAOcG1ZE250hYrBAq2AG7o2ETwX1ZiAleU1AQAD482wAAAAAAAAAA"} -01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101182694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976101182694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101183407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976101183407,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} +01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101182694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976101182694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01684{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101183407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976101183407,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_src_last_pkt_time":1490976101550206,"flow_dst_last_pkt_time":1490976100559988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976101550206,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgdAAEAGAiSsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pRQAAAgQFtAQCCAoA9mX7AAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_src_last_pkt_time":1490976101550206,"flow_dst_last_pkt_time":1490976101623514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976101623514,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwX5pAAOcGDZw27xi6rBAq2AG7hRl1e+g1UtF3knASH\/6OkAAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1643,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":4,"flow_src_last_pkt_time":1490976101624786,"flow_dst_last_pkt_time":1490976101623514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976101624786,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoEghAAEAGAjesECrYNu8YuoUZAbtS0XeSdXvoNlAQAVfZAQAA"} @@ -898,30 +898,30 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_src_last_pkt_time":1490976134144040,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976134199902,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxNJprFn0NKXyaAScSAI+QAAAgQFtAQCCAps+nOsAPZytgEDAwg="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134200000,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134200000,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0vDFAAEAGNB6sECrYNFQ\/OMsVAFCK3c6HwtatV4AQAVc6+AAAAQEICgD2crts+npU"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134200994,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134200994,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXvDJAAEAGMfqsECrYNFQ\/OMsVAFCK3c6HwtatV4AYAVfMCQAAAQEICgD2crxs+npUR0VUIC9pbWFnZXMvSS83MXB3TUtEUlFJTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976134200994,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134200994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976134200994,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134200994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134201861,"flow_dst_last_pkt_time":1490976134199672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134201861,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0TQdAAEAGo0isECrYNFQ\/OMsUAFAHRT+xsJsTXoAQAVf3QwAAAQEICgD2crxs+nys"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134202119,"flow_dst_last_pkt_time":1490976134199825,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134202119,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02IxAAEAGF8OsECrYNFQ\/OMsRAFDDaqo\/vffTz4AQAVcBnwAAAQEICgD2crxs+n3S"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134202247,"flow_dst_last_pkt_time":1490976134199869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134202247,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xZZAAEAGKrmsECrYNFQ\/OMsSAFCeYrck8hQixoAQAVeWrQAAAQEICgD2crxs+n3S"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134202405,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134202405,"pkt":"AMDKkaPvePiC0\/vCCABFAAA05X9AAEAGCtCsECrYNFQ\/OMsTAFDQ0pfJSaaxaIAQAVeniQAAAQEICgD2crxs+nOs"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2051,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134203012,"flow_dst_last_pkt_time":1490976134199672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134203012,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXTQhAAEAGoSSsECrYNFQ\/OMsUAFAHRT+xsJsTXoAYAVeTLwAAAQEICgD2crxs+nysR0VUIC9pbWFnZXMvSS82MW9CVGIralp2TC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976134203012,"flow_dst_last_pkt_time":1490976134199672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203012,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976134203012,"flow_dst_last_pkt_time":1490976134199672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203012,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01287{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2052,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134203631,"flow_dst_last_pkt_time":1490976134199825,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134203631,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX2I1AAEAGFZ+sECrYNFQ\/OMsRAFDDaqo\/vffTz4AYAVdmfQAAAQEICgD2crxs+n3SR0VUIC9pbWFnZXMvSS81MXdvaUw5a2drTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976134203631,"flow_dst_last_pkt_time":1490976134199825,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976134203631,"flow_dst_last_pkt_time":1490976134199825,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2053,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134203879,"flow_dst_last_pkt_time":1490976134199869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134203879,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXxZdAAEAGKJWsECrYNFQ\/OMsSAFCeYrck8hQixoAYAVfrxAAAAQEICgD2crxs+n3SR0VUIC9pbWFnZXMvSS84MWRpRlF5VmpITC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976134203879,"flow_dst_last_pkt_time":1490976134199869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976134203879,"flow_dst_last_pkt_time":1490976134199869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2054,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134204208,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134204208,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX5YBAAEAGCKysECrYNFQ\/OMsTAFDQ0pfJSaaxaIAYAVd2ewAAAQEICgD2crxs+nOsR0VUIC9pbWFnZXMvSS83MUdjQ05UYjZrTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976134204208,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134204208,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976134204208,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134204208,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_src_last_pkt_time":1490976134149854,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976134237090,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxaJEqCkMupghaAScSCurAAAAgQFtAQCCAps+nR5APZytgEDAwg="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134238394,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134238394,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0EjNAAEAG3hysECrYNFQ\/OMsWAFAy6mCFiRKgpYAQAVdNOgAAAQEICgD2cr9s+nR5"} 01287{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134239068,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134239068,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXEjRAAEAG2\/isECrYNFQ\/OMsWAFAy6mCFiRKgpYAYAVcSOgAAAQEICgD2cr9s+nR5R0VUIC9pbWFnZXMvSS82MTJ4bGFPSTJOTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976134239068,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134239068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976134239068,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134239068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134203631,"flow_dst_last_pkt_time":1490976134354330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134354330,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0rhBAAPIGkD40VD84rBAq2ABQyxG999PPw2qsYoAQAHYATwAAAQEICmz6feAA9nK8"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134204208,"flow_dst_last_pkt_time":1490976134354478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134354478,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0wtFAAPIGe300VD84rBAq2ABQyxNJprFo0NKZ7IAQAHamOgAAAQEICmz6c7kA9nK8"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2060,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134203012,"flow_dst_last_pkt_time":1490976134354525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134354525,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0b+dAAPIGzmc0VD84rBAq2ABQyxSwmxNeB0VB1IAQAHb19AAAAQEICmz6fLkA9nK8"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2061,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134203879,"flow_dst_last_pkt_time":1490976134354568,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134354568,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0XyZAAPIG3yg0VD84rBAq2ABQyxLyFCLGnmK5R4AQAHaVXQAAAQEICmz6feAA9nK8"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2098,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134239068,"flow_dst_last_pkt_time":1490976134375210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134375210,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA01CNAAPIGais0VD84rBAq2ABQyxaJEqClMupiqIAQAHZL6wAAAQEICmz6dIYA9nK\/"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2142,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134450449,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134450449,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXvDNAAEAGMfmsECrYNFQ\/OMsVAFCK3c6HwtatV4AYAVfL8AAAAQEICgD2ctVs+npUR0VUIC9pbWFnZXMvSS83MXB3TUtEUlFJTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2177,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976134949644,"flow_dst_last_pkt_time":1490976134943908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":15770,"midstream":0,"thread_ts_usec":1490976134949644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":121,"avg":51926.5,"max":295198,"stddev":97638.1,"var":9533208576.0,"ent":3.0,"data": [57953,60331,1632,154699,385,386,415,483,524,207,360,156722,299,4146,127,3380,248,131,172,143,126,121,6987,268261,295198,18253,286273,480,356,286588,4334]},"pktlen": {"min":52,"avg":597.0,"max":1500,"stddev":635.8,"var":404189.9,"ent":4.1,"data": [60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0],"entropies": [4.650922298,5.231404781,5.038780212,6.035903931,5.085056305,7.148868561,7.815765381,7.846660614,7.867961407,7.834940910,7.842315674,7.841011524,5.000318527,5.038780212,7.824505806,6.526866436,5.038780212,5.038780212,5.038780212,5.000318527,5.000318527,5.000318527,5.000318527,6.008402348,6.008402348,6.531550407,5.026865005,5.889882088,7.468186855,7.750551224,5.038780212,5.038780212]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +02231{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2177,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976134949644,"flow_dst_last_pkt_time":1490976134943908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":15770,"midstream":0,"thread_ts_usec":1490976134949644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":121,"avg":51926.5,"max":295198,"stddev":97638.1,"var":9533208576.0,"ent":3.0,"data": [57953,60331,1632,154699,385,386,415,483,524,207,360,156722,299,4146,127,3380,248,131,172,143,126,121,6987,268261,295198,18253,286273,480,356,286588,4334]},"pktlen": {"min":52,"avg":597.0,"max":1500,"stddev":635.8,"var":404189.9,"ent":4.1,"data": [60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0],"entropies": [4.650922298,5.231404781,5.038780212,6.035903931,5.085056305,7.148868561,7.815765381,7.846660614,7.867961407,7.834940910,7.842315674,7.841011524,5.000318527,5.038780212,7.824505806,6.526866436,5.038780212,5.038780212,5.038780212,5.000318527,5.000318527,5.000318527,5.000318527,6.008402348,6.008402348,6.531550407,5.026865005,5.889882088,7.468186855,7.750551224,5.038780212,5.038780212]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2236,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976136930982,"flow_dst_last_pkt_time":1490976136930982,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976136930982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1490976136930982,"flow_dst_last_pkt_time":1490976136930982,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976136930982,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bqFAAEAGoEasECrYNu8d\/Z+nAbuZbx1qAAAAAKAC\/\/9PLQAAAgQFtAQCCAoA9nPLAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_src_last_pkt_time":1490976136930982,"flow_dst_last_pkt_time":1490976137042055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976137042055,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwrQVAAOcGuu027x39rBAq2AG7n6dEArKimW8da3ASH\/7pVAAAAgQFtAEDAwY="} @@ -946,7 +946,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139642766,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139667722,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxh7572AMrTWW6AScSAgygAAAgQFtAQCCAps+nrkAPZ02gEDAwg="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":3,"flow_src_last_pkt_time":1490976139669064,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139669064,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ooFAAEAGTc6sECrYNFQ\/OMsYAFAytNZbe+e9gYAQAVe\/XAAAAQEICgD2dN5s+nrk"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139669495,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139669495,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXooJAAEAGS6qsECrYNFQ\/OMsYAFAytNZbe+e9gYAYAVf0FAAAAQEICgD2dN5s+nrkR0VUIC9pbWFnZXMvSS83MW5xd213bVJsTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976139669495,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139669495,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976139669495,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139669495,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139643338,"flow_dst_last_pkt_time":1490976139674717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139674717,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxrjsd\/DnToeVaAScSDohQAAAgQFtAQCCAps+naYAPZ02wEDAwg="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139643559,"flow_dst_last_pkt_time":1490976139674846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139674846,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxtRO\/n\/M6S6+6AScSAtRgAAAgQFtAQCCAps+ncBAPZ02wEDAwg="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139643137,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139674889,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxlSuJ7038mtw6AScSDlMAAAAgQFtAQCCAps+nm5APZ02wEDAwg="} @@ -956,24 +956,24 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_src_last_pkt_time":1490976139677885,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139677885,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02RpAAEAGFzWsECrYNFQ\/OMsZAFDfya3DUrie9YAQAVeDwwAAAQEICgD2dN9s+nm5"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_src_last_pkt_time":1490976139678026,"flow_dst_last_pkt_time":1490976139674922,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139678026,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c61AAEAGfKKsECrYNFQ\/OMscAFApFQd4fxQzdYAQAVcjzwAAAQEICgD2dN9s+nXP"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2291,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139678156,"flow_dst_last_pkt_time":1490976139674717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139678156,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXapFAAEAGg5usECrYNFQ\/OMsaAFCdOh5V47HfxIAYAVdhGwAAAQEICgD2dN9s+naYR0VUIC9pbWFnZXMvSS8zMTV5OUlFWFpTTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976139678156,"flow_dst_last_pkt_time":1490976139674717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976139678156,"flow_dst_last_pkt_time":1490976139674717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2292,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139678278,"flow_dst_last_pkt_time":1490976139674846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139678278,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXziNAAEAGIAmsECrYNFQ\/OMsbAFAzpLr7UTv6AIAYAVdUxgAAAQEICgD2dN9s+ncBR0VUIC9pbWFnZXMvSS81MTAwanhxclFoTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976139678278,"flow_dst_last_pkt_time":1490976139674846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678278,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976139678278,"flow_dst_last_pkt_time":1490976139674846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678278,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2293,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139678411,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139678411,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX2RtAAEAGFRGsECrYNFQ\/OMsZAFDfya3DUrie9YAYAVcODgAAAQEICgD2dN9s+nm5R0VUIC9pbWFnZXMvSS82MVNaVS1sUEZOTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976139678411,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976139678411,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139678550,"flow_dst_last_pkt_time":1490976139674922,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139678550,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXc65AAEAGen6sECrYNFQ\/OMscAFApFQd4fxQzdYAYAVfD8AAAAQEICgD2dN9s+nXPR0VUIC9pbWFnZXMvSS84MU5pNUNPdXAtTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976139678550,"flow_dst_last_pkt_time":1490976139674922,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678550,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976139678550,"flow_dst_last_pkt_time":1490976139674922,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678550,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139643974,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139711656,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyx1XQZuRlNdGa6AScSCQFAAAAgQFtAQCCAps+n\/1APZ03AEDAwg="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_src_last_pkt_time":1490976139713700,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139713700,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MrdAAEAGvZisECrYNFQ\/OMsdAFCU10ZrV0GbkoAQAVcupAAAAQEICgD2dONs+n\/1"} 01287{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139714237,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139714237,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXMrhAAEAGu3SsECrYNFQ\/OMsdAFCU10ZrV0GbkoAYAVeRsQAAAQEICgD2dONs+n\/1R0VUIC9pbWFnZXMvSS82MVRmcDdaVmNvTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976139714237,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139714237,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976139714237,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139714237,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139669495,"flow_dst_last_pkt_time":1490976139777944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139777944,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0x2ZAAPIGdug0VD84rBAq2ABQyxh7572BMrTYfoAQAHa+FwAAAQEICmz6eucA9nTe"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2314,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139678156,"flow_dst_last_pkt_time":1490976139788054,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139788054,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0qVhAAPIGlPY0VD84rBAq2ABQyxrjsd\/EnTogeIAQAHaF0gAAAQEICmz6dpwA9nTf"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2316,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139678278,"flow_dst_last_pkt_time":1490976139788207,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139788207,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0jQVAAPIGsUk0VD84rBAq2ABQyxtRO\/oAM6S9HoAQAHbKkgAAAQEICmz6dwUA9nTf"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2357,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139678411,"flow_dst_last_pkt_time":1490976139882498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139882498,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA05ztAAPIGVxM0VD84rBAq2ABQyxlSuJ7138mv5oAQAHaCbAAAAQEICmz6ec4A9nTf"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2358,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139678550,"flow_dst_last_pkt_time":1490976139882630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139882630,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0RpFAAPIG9700VD84rBAq2ABQyxx\/FDN1KRUJm4AQAHYieAAAAQEICmz6deQA9nTf"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2397,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139714237,"flow_dst_last_pkt_time":1490976139917430,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139917430,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0G5lAAPIGIrY0VD84rBAq2ABQyx1XQZuSlNdIjoAQAHYtTAAAAQEICmz6gAsA9nTj"} -02224{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2425,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140004854,"flow_dst_last_pkt_time":1490976140002371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":21002,"midstream":0,"thread_ts_usec":1490976140004854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":45,"avg":23229.3,"max":179149,"stddev":43867.1,"var":1924322304.0,"ent":3.1,"data": [31287,34141,578,113361,46407,49,49,50,45,46,11194,1598,7176,179149,121,126,120,120,142,3369,257,407,4520,99192,277,120761,46881,156,255,789,17484]},"pktlen": {"min":52,"avg":743.4,"max":1500,"stddev":681.3,"var":464196.8,"ent":4.3,"data": [60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,1223,1223,52,52,52,52,52,52,52,52,64,599,1500,1500,52,1500,1336,1500,1500,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0],"entropies": [4.684255600,5.264738083,4.815825462,5.981299400,4.959492683,7.149340153,7.740746498,7.612607002,7.631985664,7.692628384,7.667311668,7.729136467,7.507924080,7.508758068,5.115703106,5.000318050,5.077241421,5.062724590,5.115703106,5.077241421,5.077241421,5.077241421,5.163660049,6.000374794,7.141010284,7.761897087,5.115703106,7.808045864,7.811527252,7.791535378,7.807326794,4.955154419]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2425,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140004854,"flow_dst_last_pkt_time":1490976140002371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":21002,"midstream":0,"thread_ts_usec":1490976140004854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":45,"avg":23229.3,"max":179149,"stddev":43867.1,"var":1924322304.0,"ent":3.1,"data": [31287,34141,578,113361,46407,49,49,50,45,46,11194,1598,7176,179149,121,126,120,120,142,3369,257,407,4520,99192,277,120761,46881,156,255,789,17484]},"pktlen": {"min":52,"avg":743.4,"max":1500,"stddev":681.3,"var":464196.8,"ent":4.3,"data": [60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,1223,1223,52,52,52,52,52,52,52,52,64,599,1500,1500,52,1500,1336,1500,1500,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0],"entropies": [4.684255600,5.264738083,4.815825462,5.981299400,4.959492683,7.149340153,7.740746498,7.612607002,7.631985664,7.692628384,7.667311668,7.729136467,7.507924080,7.508758068,5.115703106,5.000318050,5.077241421,5.062724590,5.115703106,5.077241421,5.077241421,5.077241421,5.163660049,6.000374794,7.141010284,7.761897087,5.115703106,7.808045864,7.811527252,7.791535378,7.807326794,4.955154419]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} 00939{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022731312,"flow_src_last_pkt_time":1490976022731374,"flow_dst_last_pkt_time":1490976022731312,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00930{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022741105,"flow_src_last_pkt_time":1490976022741164,"flow_dst_last_pkt_time":1490976022741105,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976027958387,"flow_src_last_pkt_time":1490976030758514,"flow_dst_last_pkt_time":1490976027958387,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -990,7 +990,7 @@ 00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1490976023731065,"flow_src_last_pkt_time":1490976031750280,"flow_dst_last_pkt_time":1490976023731065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00954{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976032763274,"flow_src_last_pkt_time":1490976032763299,"flow_dst_last_pkt_time":1490976032763274,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cognito-identity.us-east-1.amazonaws.com"}} -02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2440,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140230625,"flow_dst_last_pkt_time":1490976140359077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":18414,"midstream":0,"thread_ts_usec":1490976140359077,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":97,"avg":42070.0,"max":510931,"stddev":110064.9,"var":12114281472.0,"ent":2.5,"data": [24956,26298,431,110222,135,214,308,354,363,1114,487,409,385,114928,244,126,125,3452,97,26252,252,149,120,119,152,4719,62468,45133,368811,510931,416]},"pktlen": {"min":52,"avg":679.6,"max":1500,"stddev":671.9,"var":451493.0,"ent":4.2,"data": [60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1],"entropies": [4.650921822,5.231404781,5.077241898,5.992787838,5.008132935,4.955154419,7.144702911,7.824075699,7.838180542,7.817303181,7.827538967,7.785875320,7.819852829,7.815253735,5.038779736,5.000318527,4.908877850,5.038779736,7.787726402,7.553128719,5.038780212,5.038780212,5.038779736,5.038780212,5.038780212,5.038780212,6.005241394,7.550778389,5.163660049,6.010917664,7.134511948,7.768814087]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +02230{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2440,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140230625,"flow_dst_last_pkt_time":1490976140359077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":18414,"midstream":0,"thread_ts_usec":1490976140359077,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":97,"avg":42070.0,"max":510931,"stddev":110064.9,"var":12114281472.0,"ent":2.5,"data": [24956,26298,431,110222,135,214,308,354,363,1114,487,409,385,114928,244,126,125,3452,97,26252,252,149,120,119,152,4719,62468,45133,368811,510931,416]},"pktlen": {"min":52,"avg":679.6,"max":1500,"stddev":671.9,"var":451493.0,"ent":4.2,"data": [60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1],"entropies": [4.650921822,5.231404781,5.077241898,5.992787838,5.008132935,4.955154419,7.144702911,7.824075699,7.838180542,7.817303181,7.827538967,7.785875320,7.819852829,7.815253735,5.038779736,5.000318527,4.908877850,5.038779736,7.787726402,7.553128719,5.038780212,5.038780212,5.038779736,5.038780212,5.038780212,5.038780212,6.005241394,7.550778389,5.163660049,6.010917664,7.134511948,7.768814087]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976142629437,"flow_dst_last_pkt_time":1490976142629437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976142629437,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1490976142629437,"flow_dst_last_pkt_time":1490976142629437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976142629437,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Si5AAEAGxLmsECrYNu8d\/Z+uAbuBOjwrAAAAAKAC\/\/9GYAAAAgQFtAQCCAoA9nYFAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_src_last_pkt_time":1490976142629437,"flow_dst_last_pkt_time":1490976142691841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976142691841,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0iJAAOcGldA27x39rBAq2AG7n66gUyr3gTo8LHASH\/4OHAAAAgQFtAEDAwY="} @@ -1009,7 +1009,7 @@ 01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150196755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976150196755,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022741105,"flow_src_last_pkt_time":1490976022741164,"flow_dst_last_pkt_time":1490976022741105,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150210618,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00937{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022731312,"flow_src_last_pkt_time":1490976022731374,"flow_dst_last_pkt_time":1490976022731312,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150210618,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2519,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976030758212,"flow_dst_last_pkt_time":1490976150757970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5474,"flow_dst_tot_l4_payload_len":6814,"midstream":0,"thread_ts_usec":1490976150757970,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":3968339.8,"max":120002762,"stddev":21185284.0,"var":448816230694912.0,"ent":0.3,"data": [77142,79508,13198,60889,401,551,135,48584,1797,3570,177758,227426,44512,20026,267154,445550,122636,142,45,33,282451,8709,270484,1626,407007,145,164075,140,290013,120002762,69]},"pktlen": {"min":52,"avg":436.5,"max":1500,"stddev":570.0,"var":324877.8,"ent":3.9,"data": [60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52]},"bins": {"c_to_s": [9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0],"s_to_c": [7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1],"entropies": [4.739262104,5.306893826,5.017560959,5.448555946,5.115703583,6.960030556,7.238288403,7.584036827,5.017560959,5.094483852,5.041505337,6.602245331,7.164677143,5.041505337,7.862887383,7.863117218,5.115703106,7.885983467,7.259884357,6.084556580,5.826154709,5.094483852,5.132945538,7.862029552,7.810581207,5.115703106,5.077241421,7.851958752,5.873827457,5.132945538,5.636672497,5.115703106]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02357{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2519,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976030758212,"flow_dst_last_pkt_time":1490976150757970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5474,"flow_dst_tot_l4_payload_len":6814,"midstream":0,"thread_ts_usec":1490976150757970,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":3968339.8,"max":120002762,"stddev":21185284.0,"var":448816230694912.0,"ent":0.3,"data": [77142,79508,13198,60889,401,551,135,48584,1797,3570,177758,227426,44512,20026,267154,445550,122636,142,45,33,282451,8709,270484,1626,407007,145,164075,140,290013,120002762,69]},"pktlen": {"min":52,"avg":436.5,"max":1500,"stddev":570.0,"var":324877.8,"ent":3.9,"data": [60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52]},"bins": {"c_to_s": [9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0],"s_to_c": [7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1],"entropies": [4.739262104,5.306893826,5.017560959,5.448555946,5.115703583,6.960030556,7.238288403,7.584036827,5.017560959,5.094483852,5.041505337,6.602245331,7.164677143,5.041505337,7.862887383,7.863117218,5.115703106,7.885983467,7.259884357,6.084556580,5.826154709,5.094483852,5.132945538,7.862029552,7.810581207,5.115703106,5.077241421,7.851958752,5.873827457,5.132945538,5.636672497,5.115703106]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2531,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158680003,"flow_dst_last_pkt_time":1490976158680003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976158680003,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1490976158680003,"flow_dst_last_pkt_time":1490976158680003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976158680003,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8\/ohAAEAGSGasECrYNF7ohrK3Abt2joLDAAAAAKAC\/\/8pLAAAAgQFtAQCCAoA9nxLAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1490976158680003,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976158840127,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="} @@ -1020,7 +1020,7 @@ 01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976159147892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976159147892,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976027958387,"flow_src_last_pkt_time":1490976030758514,"flow_dst_last_pkt_time":1490976027958387,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01033{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976031691694,"flow_src_last_pkt_time":1490976032855148,"flow_dst_last_pkt_time":1490976032852924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":808,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":808,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} -00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976036358790,"flow_dst_last_pkt_time":1490976036357145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":707,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1768,"flow_dst_tot_l4_payload_len":3944,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976036358790,"flow_dst_last_pkt_time":1490976036357145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":707,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1768,"flow_dst_tot_l4_payload_len":3944,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976032763274,"flow_src_last_pkt_time":1490976032763299,"flow_dst_last_pkt_time":1490976032763274,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1490976023731065,"flow_src_last_pkt_time":1490976031750280,"flow_dst_last_pkt_time":1490976023731065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01009{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976107217569,"flow_src_last_pkt_time":1490976107217569,"flow_dst_last_pkt_time":1490976107359299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":57,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skills-store.amazon.com"}} @@ -1061,18 +1061,18 @@ 01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976048924554,"flow_dst_last_pkt_time":1490976048922912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1194,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":3486,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976048927819,"flow_dst_last_pkt_time":1490976048926772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01145{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1490976044439648,"flow_src_last_pkt_time":1490976046418120,"flow_dst_last_pkt_time":1490976046413394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":1992,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} -01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":38,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976046399542,"flow_dst_last_pkt_time":1490976046398342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7185,"flow_dst_tot_l4_payload_len":34248,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} -00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042341365,"flow_dst_last_pkt_time":1490976042200368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":5353,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976042054012,"flow_src_last_pkt_time":1490976042398154,"flow_dst_last_pkt_time":1490976042393531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01026{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":38,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976046399542,"flow_dst_last_pkt_time":1490976046398342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7185,"flow_dst_tot_l4_payload_len":34248,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042341365,"flow_dst_last_pkt_time":1490976042200368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":5353,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976042054012,"flow_src_last_pkt_time":1490976042398154,"flow_dst_last_pkt_time":1490976042393531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976042054012,"flow_src_last_pkt_time":1490976042398154,"flow_dst_last_pkt_time":1490976042393531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976048909660,"flow_dst_last_pkt_time":1490976048908494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":711,"flow_src_tot_l4_payload_len":7601,"flow_dst_tot_l4_payload_len":867,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976048909660,"flow_dst_last_pkt_time":1490976048908494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":711,"flow_src_tot_l4_payload_len":7601,"flow_dst_tot_l4_payload_len":867,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1490976043814090,"flow_src_last_pkt_time":1490976046408639,"flow_dst_last_pkt_time":1490976046407306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5015,"flow_dst_tot_l4_payload_len":5368,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01023{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976046401041,"flow_dst_last_pkt_time":1490976046398896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5245,"flow_dst_tot_l4_payload_len":5794,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com"}} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976048928081,"flow_dst_last_pkt_time":1490976048926899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":5205,"flow_dst_tot_l4_payload_len":459,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976048917977,"flow_dst_last_pkt_time":1490976048916787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":3984,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01217{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041434841,"flow_src_last_pkt_time":1490976041434841,"flow_dst_last_pkt_time":1490976041437012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041434841,"flow_src_last_pkt_time":1490976041434841,"flow_dst_last_pkt_time":1490976041437012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976042398724,"flow_dst_last_pkt_time":1490976042396317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1195,"flow_dst_tot_l4_payload_len":2140,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976042398724,"flow_dst_last_pkt_time":1490976042396317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1195,"flow_dst_tot_l4_payload_len":2140,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976023264023,"flow_src_last_pkt_time":1490976023264087,"flow_dst_last_pkt_time":1490976023264023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android-1c1335ec95a27318"}} 01001{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976071312877,"flow_src_last_pkt_time":1490976071312877,"flow_dst_last_pkt_time":1490976071389601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com"}} 00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976067916709,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067965373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.amazon.com"}} @@ -1173,10 +1173,10 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_src_last_pkt_time":1490976195529965,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976195572630,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7o2R8wwHRgIQ4WaAScSCn6AAAAgQFtAQCCApttHwsAPaKsAEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_src_last_pkt_time":1490976195573626,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976195573626,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0sulAAEAGqw2sECrYNFXRj6NkAbuAhDhZfMMB0oAQAVdGegAAAQEICgD2irVttHws"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":4,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1490976195574285,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+supAAEAGqkKsECrYNFXRj6NkAbuAhDhZfMMB0oAYAVf8KgAAAQEICgD2irVttHwsFgMBAMUBAADBAwPpTJSZ1poYdnnlgBS9wmRJ7foXKk14XitVw1d4X49ZiQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeJqaAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAISkoAHQAXABiKigABAA=="} -01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195574285,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195574285,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2801,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":5,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195617600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976195617600,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0feNAAPMGLRM0VdGPrBAq2AG7o2R8wwHSgIQ5I4AQAHZGjAAAAQEICm20fDEA9oq1"} -01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195621582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976195621582,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01752{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195622710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976195622710,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195621582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976195621582,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195622710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976195622710,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2810,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1490976195628315,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw6\/5AAEARoYSsECoBrBAq2AA1nekAXGuw5IqBgAABAAIAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAErAAwHYW5kcm9pZAFswBzAOAABAAEAAAErAATYOsJO"} 01142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195545666,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976195628315,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android.clients.google.com","domainame":"android.clients.google.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.58.194.78,ttl=299"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195633256,"flow_dst_last_pkt_time":1490976195633256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195633256,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1188,7 +1188,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2823,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":5,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195760501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976195760501,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0idQAADcGiH7YOsJOrBAq2AG7v6uBvvSEQX73P4AQAVTAtgAAAQEICgsFPBkA9orE"} 01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195762060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1490976195762060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3s":"9b1466fd60cadccb848e09c86e284265","ja4":"t12d200700_93851ff8129a_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","blocks":0}}} 02448{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195763002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":3987,"midstream":0,"thread_ts_usec":1490976195763002,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3s":"9b1466fd60cadccb848e09c86e284265","ja4":"t12d200700_93851ff8129a_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42","blocks":0}}} -02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2844,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195874449,"flow_dst_last_pkt_time":1490976195873685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4065,"flow_dst_tot_l4_payload_len":11044,"midstream":0,"thread_ts_usec":1490976195874449,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":22200.1,"max":105973,"stddev":31062.3,"var":964868608.0,"ent":3.6,"data": [42665,43661,659,44970,3982,526,602,251,50626,787,253,1113,7308,12716,306,65597,42616,4166,48889,363,25248,76421,105973,250,551,581,305,49,101959,2918,1893]},"pktlen": {"min":52,"avg":525.8,"max":1500,"stddev":600.4,"var":360465.6,"ent":4.1,"data": [60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52]},"bins": {"c_to_s": [9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0],"entropies": [4.672595501,5.194312096,4.986606121,5.562634945,5.014835358,6.943727970,7.231536865,7.504313469,7.550236702,5.056022167,4.926120281,5.003043652,4.940637589,6.271958828,7.856376171,7.737624168,5.206705093,6.298671246,7.856991291,5.133970261,7.098200321,5.000318050,4.979098797,7.871394634,7.857693672,7.882867336,7.672193050,7.592197895,6.342199802,4.986606121,6.480828762,4.846472263]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2844,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195874449,"flow_dst_last_pkt_time":1490976195873685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4065,"flow_dst_tot_l4_payload_len":11044,"midstream":0,"thread_ts_usec":1490976195874449,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":22200.1,"max":105973,"stddev":31062.3,"var":964868608.0,"ent":3.6,"data": [42665,43661,659,44970,3982,526,602,251,50626,787,253,1113,7308,12716,306,65597,42616,4166,48889,363,25248,76421,105973,250,551,581,305,49,101959,2918,1893]},"pktlen": {"min":52,"avg":525.8,"max":1500,"stddev":600.4,"var":360465.6,"ent":4.1,"data": [60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52]},"bins": {"c_to_s": [9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0],"entropies": [4.672595501,5.194312096,4.986606121,5.562634945,5.014835358,6.943727970,7.231536865,7.504313469,7.550236702,5.056022167,4.926120281,5.003043652,4.940637589,6.271958828,7.856376171,7.737624168,5.206705093,6.298671246,7.856991291,5.133970261,7.098200321,5.000318050,4.979098797,7.871394634,7.857693672,7.882867336,7.672193050,7.592197895,6.342199802,4.986606121,6.480828762,4.846472263]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976195921499,"flow_src_last_pkt_time":1490976195921499,"flow_dst_last_pkt_time":1490976195921499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195921499,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1490976195921499,"flow_dst_last_pkt_time":1490976195921499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1490976195921499,"pkt":"AMDKkaPvePiC0\/vCCABFAABNWmZAAEARM0CsECrYrBAqARIEADUAOVP\/iiYBAAABAAAAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAQ=="} 01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2861,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976195921499,"flow_src_last_pkt_time":1490976195921499,"flow_dst_last_pkt_time":1490976195921499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195921499,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -1205,24 +1205,24 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2871,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196002121,"flow_dst_last_pkt_time":1490976196000859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196002121,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnRAAEAG5qCsECrYNFQ+c6O5Abv6a4CuA2RlJoAQAVcj2AAAAQEICgD2iuBs+oX0"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2872,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196003424,"flow_dst_last_pkt_time":1490976196001010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196003424,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0wa9AAEAGL2WsECrYNFQ+c6O4AbsdU0tx1L8trYAQAVeVpAAAAQEICgD2iuBs+oyc"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2873,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196000859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"thread_ts_usec":1490976196003702,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPCnVAAEAG5cSsECrYNFQ+c6O5Abv6a4CuA2RlJoAYAVfOvQAAAQEICgD2iuBs+oX0FgMBANYBAADSAwPpjfK00MIrt3BxXOFv6gz55nS9q4nJk9FBExT7V8ZmxQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAifr6AAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiKigAdABcAGLq6AAEA"} -01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196000859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196003702,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196000859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196003702,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196001010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"thread_ts_usec":1490976196005425,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPwbBAAEAGLomsECrYNFQ+c6O4AbsdU0tx1L8trYAYAVfIxQAAAQEICgD2iuBs+oycFgMBANYBAADSAwPu6GGuPmyzw7dLNflsWT5nlBqUB1hxgKWeZNpugQIoJQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAiWpqAAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGKqqAAEA"} -01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196001010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196005425,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196001010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196005425,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_src_last_pkt_time":1490976195985305,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196008146,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7r33SsOWDm7RKAScSApGwAAAgQFtAQCCAps+o9VAPaK3gEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196009303,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196009303,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MZ5AAEAGv3asECrYNFQ+c6O6AbtYObtE990rD4AQAVfHrwAAAQEICgD2iuBs+o9V"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"thread_ts_usec":1490976196010246,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPMZ9AAEAGvpqsECrYNFQ+c6O6AbtYObtE990rD4AYAVcgywAAAQEICgD2iuBs+o9VFgMBANYBAADSAwOZ4tBPqLqYdHU6SDQI1rutJPljePPKqcU84R0pjyIHmAAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAidraAAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGEpKAAEA"} -01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196010246,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196010246,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196016602,"flow_dst_last_pkt_time":1490976196016602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196016602,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196016602,"flow_dst_last_pkt_time":1490976196016602,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196016602,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8LWlAAEAG4smsECrYNu8csuLAAbtkEKeIAAAAAKAC\/\/+hiQAAAgQFtAQCCAoA9orhAAAAAAEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2879,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196028189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196028189,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA04NBAAPIGXkM0VD5zrBAq2AG7o7kDZGUm+muBiYAQAHYj3AAAAQEICmz6hfYA9org"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2880,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196030939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196030939,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0pFhAAPIGmrs0VD5zrBAq2AG7o7r33SsPWDm8H4AQAHbHswAAAQEICmz6j1cA9org"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2881,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196031071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196031071,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0oQ1AAPIGngY0VD5zrBAq2AG7o7jUvy2tHVNMTIAQAHaVpgAAAQEICmz6jKAA9org"} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196033481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196033481,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196034469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196034469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196037522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196037522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196038701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196038701,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196039960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196039960,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196041445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196041445,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} +01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196033481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196033481,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196034469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196034469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} +01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196037522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196037522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196038701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196038701,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} +01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196039960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196039960,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196041445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196041445,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2910,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196016602,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976196075142,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIa5AAOcGR5A27xyyrBAq2AG74sBbwNFvZBCniXASH\/4cPAAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196075924,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976196075924,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2913,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1490976196079939,"pkt":"AMDKkaPvePiC0\/vCCABFAADWLWtAAEAG4i2sECrYNu8csuLAAbtkEKeJW8DRcFAYAVdgIgAAFgMBAKkBAAClAwEIvZt9+BC6Nupqw3rZKTOo5DVtg3EJn2TLxazoTB5EvSCh56jEaMWoPL9OuslqKXpycwU0yxHxmHJEb6cXK1MHCAAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} @@ -1236,7 +1236,7 @@ 01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976075957661,"flow_dst_last_pkt_time":1490976075955747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976075957279,"flow_dst_last_pkt_time":1490976075955548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01033{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976071237623,"flow_src_last_pkt_time":1490976075957509,"flow_dst_last_pkt_time":1490976075955700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} -01020{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976068180386,"flow_dst_last_pkt_time":1490976068174801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7862,"flow_dst_tot_l4_payload_len":9710,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} +01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976068180386,"flow_dst_last_pkt_time":1490976068174801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7862,"flow_dst_tot_l4_payload_len":9710,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} 00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976064328375,"flow_src_last_pkt_time":1490976064897914,"flow_dst_last_pkt_time":1490976064895983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":5083,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"s3-external-2.amazonaws.com"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030890027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"firs-ta-g7g.amazon.com"}} @@ -1254,15 +1254,15 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2938,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196223999,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196257995,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2939,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196259088,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196259088,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2940,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":260,"pkt_l4_len":226,"thread_ts_usec":1490976196261315,"pkt":"AMDKkaPvePiC0\/vCCABFAAD2Y05AAEAG+easECrYNFXRj5ZTAbu3TOm7qdyztYAYAVe1MwAAAQEICgD2ivpt5QucFgMBAL0BAAC5AwOo7Axkb8GLUakvQG63Tsv7HZAz5uQ4F\/rfU5NRiOqOZwAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAZAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2940,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196261315,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01357{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2940,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196261315,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196295914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196295914,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0uBVAAPMG8uA0VdGPrBAq2AG7llOp3LO1t0zqfYAQAHb8mAAAAQEICm3lC6AA9or6"} -01412{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2945,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196300973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196300973,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12i220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2947,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196301692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3462,"midstream":0,"thread_ts_usec":1490976196301692,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12i220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} -02446{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2981,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196651032,"flow_dst_last_pkt_time":1490976196769763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":16510,"midstream":0,"thread_ts_usec":1490976196769763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":31380.5,"max":241435,"stddev":57224.6,"var":3274655232.0,"ent":3.4,"data": [33996,35089,2227,37919,5059,483,236,42863,280,131,30800,68825,38426,227149,241435,50068,58385,55537,3754,2000,4418,1636,659,7796,67,79,9049,341,3084,756,10250]},"pktlen": {"min":52,"avg":620.4,"max":1500,"stddev":578.4,"var":334504.2,"ent":4.3,"data": [60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.672595501,5.240227222,5.056022644,5.370272160,5.154164791,6.988568306,7.250431538,7.681571960,5.014835835,5.094483852,5.094484329,6.573484898,6.064765453,7.685264111,7.690067768,6.064765930,5.061889172,5.154164791,7.838786125,7.447540760,7.087004662,7.738961697,7.760296345,7.499400616,7.878207684,6.822522163,7.598652363,7.869508743,7.877407074,7.877415180,7.877339363,7.877696514]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01417{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2945,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196300973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196300973,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12i220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01912{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2947,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196301692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3462,"midstream":0,"thread_ts_usec":1490976196301692,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12i220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +02451{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2981,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196651032,"flow_dst_last_pkt_time":1490976196769763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":16510,"midstream":0,"thread_ts_usec":1490976196769763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":31380.5,"max":241435,"stddev":57224.6,"var":3274655232.0,"ent":3.4,"data": [33996,35089,2227,37919,5059,483,236,42863,280,131,30800,68825,38426,227149,241435,50068,58385,55537,3754,2000,4418,1636,659,7796,67,79,9049,341,3084,756,10250]},"pktlen": {"min":52,"avg":620.4,"max":1500,"stddev":578.4,"var":334504.2,"ent":4.3,"data": [60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.672595501,5.240227222,5.056022644,5.370272160,5.154164791,6.988568306,7.250431538,7.681571960,5.014835835,5.094483852,5.094484329,6.573484898,6.064765453,7.685264111,7.690067768,6.064765930,5.061889172,5.154164791,7.838786125,7.447540760,7.087004662,7.738961697,7.760296345,7.499400616,7.878207684,6.822522163,7.598652363,7.869508743,7.877407074,7.877415180,7.877339363,7.877696514]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2990,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196840676,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2990,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1490976196840676,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="} 01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2990,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196840676,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} -02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3021,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196879161,"flow_dst_last_pkt_time":1490976196866304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":9856,"midstream":0,"thread_ts_usec":1490976196879161,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":57253.4,"max":264056,"stddev":85984.0,"var":7393244160.0,"ent":3.6,"data": [22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142]},"pktlen": {"min":52,"avg":532.2,"max":1500,"stddev":595.2,"var":354289.1,"ent":4.1,"data": [60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52]},"bins": {"c_to_s": [12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0],"s_to_c": [2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0],"entropies": [4.705928802,5.306893826,5.094483852,5.740943432,5.077241898,7.061615944,7.289163589,7.495290279,7.599352837,5.094483852,5.017560482,5.094483852,5.017560482,6.445491791,7.218114853,7.854625702,7.211663246,5.042434692,7.851956367,7.855620384,7.792708397,5.812836647,5.812836647,5.056022167,5.132945538,5.093139648,7.841275692,7.859713554,7.867431164,7.510861874,5.094483852,5.094483852]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3021,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196879161,"flow_dst_last_pkt_time":1490976196866304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":9856,"midstream":0,"thread_ts_usec":1490976196879161,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":57253.4,"max":264056,"stddev":85984.0,"var":7393244160.0,"ent":3.6,"data": [22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142]},"pktlen": {"min":52,"avg":532.2,"max":1500,"stddev":595.2,"var":354289.1,"ent":4.1,"data": [60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52]},"bins": {"c_to_s": [12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0],"s_to_c": [2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0],"entropies": [4.705928802,5.306893826,5.094483852,5.740943432,5.077241898,7.061615944,7.289163589,7.495290279,7.599352837,5.094483852,5.017560482,5.094483852,5.017560482,6.445491791,7.218114853,7.854625702,7.211663246,5.042434692,7.851956367,7.855620384,7.792708397,5.812836647,5.812836647,5.056022167,5.132945538,5.093139648,7.841275692,7.859713554,7.867431164,7.510861874,5.094483852,5.094483852]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3027,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1490976196938799,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP7ApAAEARoZmsECoBrBAq2AA1CpMAO2jR2BaBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AARIFc55"} 01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3027,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976196938799,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["72.21.206.121,ttl=59"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3031,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976196942963,"flow_dst_last_pkt_time":1490976196942963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196942963,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1295,10 +1295,10 @@ 00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976100559988,"flow_src_last_pkt_time":1490976107681564,"flow_dst_last_pkt_time":1490976107679608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976100559988,"flow_src_last_pkt_time":1490976107681564,"flow_dst_last_pkt_time":1490976107679608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976107676587,"flow_dst_last_pkt_time":1490976107673906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":6872,"flow_dst_tot_l4_payload_len":551,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196942726,"flow_dst_last_pkt_time":1490976196941054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2884,"flow_dst_tot_l4_payload_len":11054,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196102580,"flow_dst_last_pkt_time":1490976196136176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1277,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1622,"flow_dst_tot_l4_payload_len":8196,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":15,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196943705,"flow_dst_last_pkt_time":1490976196942501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":10312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":34,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976198776068,"flow_dst_last_pkt_time":1490976198721541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":11109,"flow_dst_tot_l4_payload_len":23639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196942726,"flow_dst_last_pkt_time":1490976196941054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2884,"flow_dst_tot_l4_payload_len":11054,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196102580,"flow_dst_last_pkt_time":1490976196136176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1277,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1622,"flow_dst_tot_l4_payload_len":8196,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01044{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":15,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196943705,"flow_dst_last_pkt_time":1490976196942501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":10312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":34,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976198776068,"flow_dst_last_pkt_time":1490976198721541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":11109,"flow_dst_tot_l4_payload_len":23639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976187242775,"flow_src_last_pkt_time":1490976187242775,"flow_dst_last_pkt_time":1490976187508361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com"}} 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976165062082,"flow_src_last_pkt_time":1490976175921125,"flow_dst_last_pkt_time":1490976175918995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":197,"flow_src_tot_l4_payload_len":2813,"flow_dst_tot_l4_payload_len":532,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195989130,"flow_dst_last_pkt_time":1490976195979036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1840,"flow_dst_tot_l4_payload_len":4742,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} @@ -1316,10 +1316,10 @@ 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01239{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976190310465,"flow_dst_last_pkt_time":1490976190271131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5660,"flow_dst_tot_l4_payload_len":3521,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976164994460,"flow_src_last_pkt_time":1490976164994460,"flow_dst_last_pkt_time":1490976165058589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com"}} -00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976094931678,"flow_dst_last_pkt_time":1490976094927244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":4216,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00931{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976091048429,"flow_src_last_pkt_time":1490976094931528,"flow_dst_last_pkt_time":1490976094927214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976094931678,"flow_dst_last_pkt_time":1490976094927244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":4216,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00928{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976091048429,"flow_src_last_pkt_time":1490976094931528,"flow_dst_last_pkt_time":1490976094927214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976091048429,"flow_src_last_pkt_time":1490976094931528,"flow_dst_last_pkt_time":1490976094927214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976107676181,"flow_dst_last_pkt_time":1490976107673171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1071,"flow_dst_tot_l4_payload_len":4247,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976107676181,"flow_dst_last_pkt_time":1490976107673171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1071,"flow_dst_tot_l4_payload_len":4247,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_S3","proto_by_ip_id":463,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1490976107365068,"flow_src_last_pkt_time":1490976110047519,"flow_dst_last_pkt_time":1490976110045369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2227,"flow_dst_tot_l4_payload_len":4657,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1490976107365814,"flow_src_last_pkt_time":1490976110047239,"flow_dst_last_pkt_time":1490976110045297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5131,"flow_dst_tot_l4_payload_len":7946,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com"}} 00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976107366817,"flow_src_last_pkt_time":1490976110047667,"flow_dst_last_pkt_time":1490976110045422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -1352,18 +1352,18 @@ 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"s3-external-2.amazonaws.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024793542,"flow_src_last_pkt_time":1490976024793542,"flow_dst_last_pkt_time":1490976024844591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.android.com"}} -01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976135403194,"flow_dst_last_pkt_time":1490976135399921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13350,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976135403332,"flow_dst_last_pkt_time":1490976135399957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":29863,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976135402796,"flow_dst_last_pkt_time":1490976135399738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12026,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976135403069,"flow_dst_last_pkt_time":1490976135399877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13588,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976135505174,"flow_dst_last_pkt_time":1490976135503730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":14048,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976135403457,"flow_dst_last_pkt_time":1490976135399987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":14238,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":24,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140773289,"flow_dst_last_pkt_time":1490976140771277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":27645,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976140772766,"flow_dst_last_pkt_time":1490976140771030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12275,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01023{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976140745630,"flow_dst_last_pkt_time":1490976140742599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":7666,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":25,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140773163,"flow_dst_last_pkt_time":1490976140771210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":29389,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976140773012,"flow_dst_last_pkt_time":1490976140771162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976140781151,"flow_dst_last_pkt_time":1490976140771313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":15274,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01029{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976135403194,"flow_dst_last_pkt_time":1490976135399921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13350,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01030{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976135403332,"flow_dst_last_pkt_time":1490976135399957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":29863,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01029{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976135402796,"flow_dst_last_pkt_time":1490976135399738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12026,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01029{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976135403069,"flow_dst_last_pkt_time":1490976135399877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13588,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01030{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976135505174,"flow_dst_last_pkt_time":1490976135503730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":14048,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01029{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976135403457,"flow_dst_last_pkt_time":1490976135399987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":14238,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01030{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":24,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140773289,"flow_dst_last_pkt_time":1490976140771277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":27645,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01029{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976140772766,"flow_dst_last_pkt_time":1490976140771030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12275,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01028{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976140745630,"flow_dst_last_pkt_time":1490976140742599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":7666,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01030{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":25,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140773163,"flow_dst_last_pkt_time":1490976140771210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":29389,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01029{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976140773012,"flow_dst_last_pkt_time":1490976140771162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01029{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976140781151,"flow_dst_last_pkt_time":1490976140771313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":15274,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} 01033{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976076275395,"flow_src_last_pkt_time":1490976077663527,"flow_dst_last_pkt_time":1490976077660439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} 00977{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1490976089173728,"flow_src_last_pkt_time":1490976090510907,"flow_dst_last_pkt_time":1490976090509885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1490976089173728,"flow_src_last_pkt_time":1490976090510907,"flow_dst_last_pkt_time":1490976090509885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1373,7 +1373,7 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195921499,"flow_src_last_pkt_time":1490976195921499,"flow_dst_last_pkt_time":1490976195980743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":155,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":155,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"images-na.ssl-images-amazon.com"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976133936541,"flow_src_last_pkt_time":1490976133936541,"flow_dst_last_pkt_time":1490976134135541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ecx.images-amazon.com"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030890027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"firs-ta-g7g.amazon.com"}} -01156{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":20,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976152630776,"flow_dst_last_pkt_time":1490976152042248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5474,"flow_dst_tot_l4_payload_len":6876,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} +01161{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":20,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976152630776,"flow_dst_last_pkt_time":1490976152042248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5474,"flow_dst_tot_l4_payload_len":6876,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195545666,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android.clients.google.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976031581495,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031687199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976186818047,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186879188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mobileanalytics.us-east-1.amazonaws.com"}} @@ -1401,7 +1401,7 @@ 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027522377,"flow_src_last_pkt_time":1490976027522377,"flow_dst_last_pkt_time":1490976027523403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} 01217{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976081484636,"flow_dst_last_pkt_time":1490976081482994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2154,"flow_dst_tot_l4_payload_len":5486,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976081484636,"flow_dst_last_pkt_time":1490976081482994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2154,"flow_dst_tot_l4_payload_len":5486,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mads.amazon-adsystem.com"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027514649,"flow_src_last_pkt_time":1490976027514649,"flow_dst_last_pkt_time":1490976027560355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mtalk.google.com"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976114879774,"flow_src_last_pkt_time":1490976114879774,"flow_dst_last_pkt_time":1490976114880618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pitangui.amazon.com"}} @@ -1411,8 +1411,8 @@ 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pitangui.amazon.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024847601,"flow_src_last_pkt_time":1490976024847601,"flow_dst_last_pkt_time":1490976024848551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.android.com"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cognito-identity.us-east-1.amazonaws.com"}} -01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196880268,"flow_dst_last_pkt_time":1490976196870225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":23158,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3103,"packets-processed":3074,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":143,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1415,"global_ts_usec":1490976198776068} +01246{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196880268,"flow_dst_last_pkt_time":1490976196870225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":23158,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3103,"packets-processed":3074,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":143,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1415,"global_ts_usec":1490976198776068} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3103/3074 ~~ skipped flows.............: 0 @@ -1421,9 +1421,9 @@ ~~ total active/idle flows...: 160/160 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10635993 bytes -~~ total memory freed........: 10635993 bytes -~~ total allocations/frees...: 146408/146408 +~~ total memory allocated....: 11406115 bytes +~~ total memory freed........: 11406115 bytes +~~ total allocations/frees...: 160394/160394 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 300 chars ~~ json message max len.......: 2508 chars diff --git a/test/results/default/alicloud.pcap.out b/test/results/default/alicloud.pcap.out index 47a6f449a..3aba25867 100644 --- a/test/results/default/alicloud.pcap.out +++ b/test/results/default/alicloud.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656769158766000} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656769158766000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158766000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656769158766000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158766000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158766000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tl4AAD8GkXTAqAJkCNFoDJhqIye4YEtXAAAAAKAC\/\/8HVgAAAgQFtAQCCArIDoVmAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158786000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD9MI0WgMwKgCZCMnmGqSefYnuGBLWKAScSDxJQAAAgQFrAQCCAovVu0QyA6FZgEDAwc="} @@ -7,7 +7,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158796000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tmAAAD8GkXLAqAJkCNFoDJhqIye4YEtYknn2KIAYAKyCegAAAQEICsgOhYQvVu0Qzvq+uoAAAAA="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656769158796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158815000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656769158815000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Gw9AADcG9MsI0WgMwKgCZCMnmGqSefYouGBLYIAQAOOP5AAAAQEICi9W7S3IDoWE"} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1656785748891000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1656785748891000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656785748891000,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748891000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656785748891000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":41056,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748891000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656785748891000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8A+kAAD8GYjHAqAJkCNFJxaBgIyc2ZzbYAAAAAKAC\/\/8KpQAAAgQFtAQCCAqCo3RMAAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748908000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656785748908000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGLRoI0UnFwKgCZCMnoGDRcRN1Nmc22aAScSBhTAAAAgQFrAQCCAowVCL2gqN0TAEDAwc="} @@ -16,7 +16,7 @@ 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656785748891000,"flow_src_last_pkt_time":1656785748926000,"flow_dst_last_pkt_time":1656785748908000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656785748926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":41056,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656785748926000,"flow_dst_last_pkt_time":1656785748943000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656785748943000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0MH9AADgG\/KII0UnFwKgCZCMnoGDRcRN2Nmc24YAQAOP\/\/gAAAQEICjBUIxmCo3Rw"} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769159386000,"flow_dst_last_pkt_time":1656769159345000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1656785749673000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1656850884187000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1656850884187000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656850884187000,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884187000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656850884187000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":38094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884187000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656850884187000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z4oAAD8G37XAqAJkCNFon5TOIye5z4t0AAAAAKAC\/\/+NLgAAAgQFtAQCCAosIFz5AAAAAAEDAwk="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656850884208000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD0AI0WifwKgCZCMnlM5sykifuc+LdaAScSCykQAAAgQFrAQCCAo0NX\/WLCBc+QEDAwc="} @@ -39,7 +39,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188422000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656851188434000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80KEAAD8GdrvAqAJkCNFogqW+IydMgQTQEJsn\/4AYAKwi6wAAAQEICtBzJBM0OpVuzvq+uoAAAAA="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656851188404000,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188422000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656851188434000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.130","src_port":42430,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656851188451000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0snxAADgGW+gI0WiCwKgCZCMnpb4Qmyf\/TIEE2IAQAOMwVQAAAQEICjQ6lYvQcyQT"} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1657056857762000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1657056857762000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657056857762000,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657056857762000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.157","src_port":55484,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657056857762000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wVAAAD8GgvHAqAJkCNFrndi8IycjJbSWAAAAAKAC\/\/+9AAAAAgQFtAQCCAoBLH64AAAAAAEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857780000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657056857780000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGDEII0WudwKgCZCMn2Ly4f2lPIyW0l6AScSD3vQAAAgQFrAQCCApAfPHOASx+uAEDAwc="} @@ -50,7 +50,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656850884187000,"flow_src_last_pkt_time":1656850884799000,"flow_dst_last_pkt_time":1656850884767000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":38094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656851188404000,"flow_src_last_pkt_time":1656851189170000,"flow_dst_last_pkt_time":1656851189132000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.130","src_port":42430,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656851053621000,"flow_src_last_pkt_time":1656851054220000,"flow_dst_last_pkt_time":1656851054182000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":45078,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1657229888829000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1657229888829000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888829000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657229888829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888829000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657229888829000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86Q0AAD8GXjLAqAJkCNFon5zaIycgtHeSAAAAAKAC\/\/9rRwAAAgQFtAQCCAoAMk\/BAAAAAAEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888849000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657229888849000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD0AI0WifwKgCZCMnnNq1jGObILR3k6AScSDvdwAAAgQFrAQCCApKzKayADJPwQEDAwc="} @@ -59,7 +59,7 @@ 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229888862000,"flow_dst_last_pkt_time":1657229888849000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657229888862000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1657229888862000,"flow_dst_last_pkt_time":1657229888881000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657229888881000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0xVVAADcGSfII0WifwKgCZCMnnNq1jGOcILR3m4AQAOOOMQAAAQEICkrMptIAMk\/h"} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657056857762000,"flow_src_last_pkt_time":1657056858154000,"flow_dst_last_pkt_time":1657056858171000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1657229889603000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.157","src_port":55484,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657274814319000} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657274814319000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814319000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657274814319000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814319000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657274814319000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86\/4AAD8GWmPAqAJkCNFpfaZoIyeRsipKAAAAAKAC\/\/98qAAAAgQFtAQCCAoAUhAeAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814337000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657274814337000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGDWII0Wl9wKgCZCMnpmjO401pkbIqS6AScSBYmAAAAgQFrAQCCApNekkgAFIQHgEDAwc="} @@ -68,7 +68,7 @@ 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274814354000,"flow_dst_last_pkt_time":1657274814337000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657274814354000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657274814354000,"flow_dst_last_pkt_time":1657274814372000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657274814372000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BF5AADgGCQwI0Wl9wKgCZCMnpmjO401qkbIqU4AQAOP3SwAAAQEICk16SUMAUhBB"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229889603000,"flow_dst_last_pkt_time":1657229889562000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657274815086000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1657329378461000} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1657329378461000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378461000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657329378461000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378461000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657329378461000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hBoAAD8G4f\/AqAJkCNFJxcniIyfoxHdxAAAAAKAC\/\/8ZaAAAAgQFtAQCCAoBmMocAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378480000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657329378480000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGLhoI0UnFwKgCZCMnyeKXKjiN6MR3cqAScSBD1wAAAgQFrAQCCApQu0P1AZjKHAEDAwc="} @@ -77,7 +77,7 @@ 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378492000,"flow_dst_last_pkt_time":1657329378480000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657329378492000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657329378492000,"flow_dst_last_pkt_time":1657329378511000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657329378511000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fIRAADcGsZ0I0UnFwKgCZCMnyeKXKjiO6MR3eoAQAOPikwAAAQEIClC7RBMBmMo7"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274815086000,"flow_dst_last_pkt_time":1657274815046000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657329379426000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":136,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1657330328504000} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":136,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1657330328504000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657330328504000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328504000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8TVAAAD8GGMrAqAJkCNFJxcwEIye\/AMGAAAAAAKAC\/\/931AAAAgQFtAQCCAoBp0k0AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328523000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGLRoI0UnFwKgCZCMnzATz8sp6vwDBgaAScSA0ZAAAAgQFrAQCCApQycMQAadJNAEDAwc="} @@ -85,7 +85,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328654000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8TWEAAD8GGLnAqAJkCNFJxcwEIye\/AMGB8\/LKe4AYAVfE4gAAAQEICgGnSX1QycMQzvq+uoAAAAA="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657330328654000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328673000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657330328673000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0CV1AADgGI8UI0UnFwKgCZCMnzATz8sp7vwDBiYAQAOPSfgAAAQEIClDJw6YBp0l9"} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4848,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1657555354428000} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4848,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1657555354428000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657555354428000,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354428000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657555354428000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":44388,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354428000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657555354428000,"pkt":"eJS0JASgYDjgxTWgCABFAAA813sAAD8GbObAqAJkCNFrfa1kIyfBBINEAAAAAKAC\/\/\/L2gAAAgQFtAQCCAoA8S8EAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354448000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657555354448000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2II0Wt9wKgCZCMnrWQ5YTvVwQSDRaAScSCGhwAAAgQFrAQCCApeMwDBAPEvBAEDAwc="} @@ -95,7 +95,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1657555354460000,"flow_dst_last_pkt_time":1657555354480000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657555354480000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Ow5AADgG0FsI0Wt9wKgCZCMnrWQ5YTvWwQSDTYAQAOMlQAAAAQEICl4zAOEA8S8l"} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378618000,"flow_dst_last_pkt_time":1657329379426000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1657555355094000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330329394000,"flow_dst_last_pkt_time":1657330329352000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657555355094000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1657574851663000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1657574851663000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851663000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657574851663000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851663000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657574851663000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8jBEAAD8GuFDAqAJkCNFrfZEoIyeSIbrzAAAAAKAC\/\/\/yXwAAAgQFtAQCCAoBZht6AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851693000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657574851693000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2II0Wt9wKgCZCMnkSgti4VgkiG69KAScSDtEQAAAgQFrAQCCApfXIHdAWYbegEDAwc="} @@ -104,7 +104,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574851730000,"flow_dst_last_pkt_time":1657574851693000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657574851730000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1657574851730000,"flow_dst_last_pkt_time":1657574851773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657574851773000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BJxAADgGBs4I0Wt9wKgCZCMnkSgti4VhkiG6\/IAQAOOLhQAAAQEICl9cgiABZhu9"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657555354428000,"flow_src_last_pkt_time":1657555355094000,"flow_dst_last_pkt_time":1657555355050000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657574852156000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":44388,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":181,"packets-processed":180,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1658234723934000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":181,"packets-processed":180,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1658234723934000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723934000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658234723934000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723934000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658234723934000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8iRwAAD8G2gDAqAJkCNFMwrAmIycJ+x4TAAAAAKAC\/\/8EwAAAAgQFtAQCCAoAyS57AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723954000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658234723954000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGKh0I0UzCwKgCZCMnsCanYywGCfseFKAScSAQYgAAAgQFrAQCCAqGsSkaAMkuewEDAwc="} @@ -113,7 +113,7 @@ 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234723972000,"flow_dst_last_pkt_time":1658234723954000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658234723972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1658234723972000,"flow_dst_last_pkt_time":1658234723991000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658234723991000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BTdAADgGJO4I0UzCwKgCZCMnsCanYywHCfseHIAQAOOvEQAAAQEICoaxKT8AyS6g"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574852138000,"flow_dst_last_pkt_time":1657574852156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1658234724424000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":196,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1658356775079000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":196,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1658356775079000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775079000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658356775079000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775079000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658356775079000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8w68AAD8GgLXAqAJkCNFret\/qIye+qJRXAAAAAKAC\/\/\/CvgAAAgQFtAQCCAoBJPayAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775100000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658356775100000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2UI0Wt6wKgCZCMn3+oQtAE7vqiUWKAScSC9tgAAAgQFrAQCCAqN7vQBAST2sgEDAwc="} @@ -122,7 +122,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775112000,"flow_dst_last_pkt_time":1658356775100000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658356775112000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1658356775112000,"flow_dst_last_pkt_time":1658356775133000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658356775133000,"pkt":"YDjgxTWgeJS0JASgCABFAAA09SVAADgGFkcI0Wt6wKgCZCMn3+oQtAE8vqiUYIAQAONcbgAAAQEICo3u9CIBJPbT"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234724082000,"flow_dst_last_pkt_time":1658234724424000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658356775409000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":211,"packets-processed":210,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1658358259423000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":211,"packets-processed":210,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1658358259423000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658358259423000,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259423000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658358259423000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.77.36","src_port":51774,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658358259423000,"pkt":"eJS0JASgYDjgxTWgCABFAAA88QkAAD8GcbHAqAJkCNFNJMo+IyebGrUIAAAAAKAC\/\/+dzAAAAgQFtAQCCAoBM1J1AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259440000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658358259440000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGKbsI0U0kwKgCZCMnyj73vxTWmxq1CaAScSDP+wAAAgQFrAQCCAqODsIDATNSdQEDAwc="} @@ -132,7 +132,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1658358259451000,"flow_dst_last_pkt_time":1658358259468000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658358259468000,"pkt":"YDjgxTWgeJS0JASgCABFAAA01sBAADgGUwII0U0kwKgCZCMnyj73vxTXmxq1EYAQAONuvQAAAQEICo4OwiABM1KQ"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658358259423000,"flow_src_last_pkt_time":1658358259551000,"flow_dst_last_pkt_time":1658358259887000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658358259887000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.77.36","src_port":51774,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775222000,"flow_dst_last_pkt_time":1658356775409000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658358259887000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":225,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1658358259887000} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":225,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1658358259887000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 225/225 ~~ skipped flows.............: 0 @@ -141,9 +141,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8716131 bytes -~~ total memory freed........: 8716131 bytes -~~ total allocations/frees...: 140927/140927 +~~ total memory allocated....: 9480953 bytes +~~ total memory freed........: 9480953 bytes +~~ total allocations/frees...: 154893/154893 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/among_us.pcap.out b/test/results/default/among_us.pcap.out index 7bcac823f..840fd4194 100644 --- a/test/results/default/among_us.pcap.out +++ b/test/results/default/among_us.pcap.out @@ -1,10 +1,10 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":946681200000000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"} 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","proto_id":"69","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","proto_id":"69","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":946681200000000} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644871 bytes -~~ total memory freed........: 8644871 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409245 bytes +~~ total memory freed........: 9409245 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 957 chars diff --git a/test/results/default/amqp.pcap.out b/test/results/default/amqp.pcap.out index d2bff738f..33d4abc9e 100644 --- a/test/results/default/amqp.pcap.out +++ b/test/results/default/amqp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490904166118902} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490904166118902} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904166118902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1490904166118902,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="} 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904166118902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -25,7 +25,7 @@ 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1490904166119482,"flow_src_last_pkt_time":1490904170242659,"flow_dst_last_pkt_time":1490904170206101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":3469,"flow_dst_tot_l4_payload_len":105,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904170243601,"flow_dst_last_pkt_time":1490904170243630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7295,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1490904169152163,"flow_src_last_pkt_time":1490904170195756,"flow_dst_last_pkt_time":1490904170195765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2085,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":160,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1490904170243630} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":160,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1490904170243630} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 160/160 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8660557 bytes -~~ total memory freed........: 8660557 bytes -~~ total allocations/frees...: 140720/140720 +~~ total memory allocated....: 9424995 bytes +~~ total memory freed........: 9424995 bytes +~~ total allocations/frees...: 154686/154686 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2138 chars diff --git a/test/results/default/android.pcap.out b/test/results/default/android.pcap.out index ff80832cd..e42daa322 100644 --- a/test/results/default/android.pcap.out +++ b/test/results/default/android.pcap.out @@ -1,8 +1,8 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454769772338} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454769772338} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1582454769772338,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"} -00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454779631132,"flow_src_last_pkt_time":1582454779631132,"flow_dst_last_pkt_time":1582454779631132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454779631132,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1582454779631132,"flow_dst_last_pkt_time":1582454779631132,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1582454779631132,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="} 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454779631132,"flow_src_last_pkt_time":1582454779631132,"flow_dst_last_pkt_time":1582454779631132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454779631132,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -408,7 +408,7 @@ 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454866407712,"flow_src_last_pkt_time":1582454866538292,"flow_dst_last_pkt_time":1582454866407712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454823653165,"flow_src_last_pkt_time":1582454823653165,"flow_dst_last_pkt_time":1582454823653165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871676950,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871677331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"check.googlezip.net"}} -00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867637290,"flow_src_last_pkt_time":1582454867637290,"flow_dst_last_pkt_time":1582454867639360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"clients1.google.com"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1582454792980209,"flow_src_last_pkt_time":1582454853081631,"flow_dst_last_pkt_time":1582454792980209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1530,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871343067,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871383146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"semanticlocation-pa.googleapis.com"}} @@ -433,7 +433,7 @@ 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871745826,"flow_src_last_pkt_time":1582454871859316,"flow_dst_last_pkt_time":1582454871858341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":458,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":458,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"check.googlezip.net"}} 00969{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1582454871772041,"flow_src_last_pkt_time":1582454871808693,"flow_dst_last_pkt_time":1582454871807544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1582454871772041,"flow_src_last_pkt_time":1582454871808693,"flow_dst_last_pkt_time":1582454871807544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":500,"packets-processed":475,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":44,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":436,"global_ts_usec":1582454872047699} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":500,"packets-processed":475,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":44,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":436,"global_ts_usec":1582454872047699} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/475 ~~ skipped flows.............: 0 @@ -442,9 +442,9 @@ ~~ total active/idle flows...: 63/63 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9175730 bytes -~~ total memory freed........: 9175730 bytes -~~ total allocations/frees...: 141993/141993 +~~ total memory allocated....: 9942022 bytes +~~ total memory freed........: 9942022 bytes +~~ total allocations/frees...: 155957/155957 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2684 chars diff --git a/test/results/default/anyconnect-vpn.pcap.out b/test/results/default/anyconnect-vpn.pcap.out index 0057ac57a..ca3d04bbe 100644 --- a/test/results/default/anyconnect-vpn.pcap.out +++ b/test/results/default/anyconnect-vpn.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569687240992580} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569687240992580} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687240992580,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687240992580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687240992580,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687240992580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687240992580,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687241009657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687241009657,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"} @@ -56,10 +56,10 @@ 01903{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245509743,"flow_dst_last_pkt_time":1569687245547931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5737,"midstream":0,"thread_ts_usec":1569687245547931,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12i2204h1_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576189,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1569687245576189,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576189,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576189,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576934,"flow_src_last_pkt_time":1569687245576934,"flow_dst_last_pkt_time":1569687245576934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576934,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1569687245576934,"flow_dst_last_pkt_time":1569687245576934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1569687245576934,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576934,"flow_src_last_pkt_time":1569687245576934,"flow_dst_last_pkt_time":1569687245576934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576934,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576934,"flow_src_last_pkt_time":1569687245576934,"flow_dst_last_pkt_time":1569687245576934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576934,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245649655,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245649655,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1569687245576934,"flow_dst_last_pkt_time":1569687245653537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245653537,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245688240,"flow_dst_last_pkt_time":1569687245688240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245688240,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -134,9 +134,9 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1569687256018732,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569687256050128,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1569687256050218,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687256050218,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"} 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569687256050357,"pkt":"LH6BsEqhNDY7z3UoCABFAAI5AABAAEAGp+oKAADjY1YinN5YAbvhhxKHOgIvCYAYEBXjtQAAAQEIChwNo+1VvxWbFgMBAgABAAH8AwP2lJ2Zoyt+6aEF0xJ\/aUe6evUZainhAnYJBIQSx1\/tWSCNfN3\/DfWLQ8HungFwV0GCEYkIdCKU0GMUI0bm8cDscgAcmprAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZfKygAA\/wEAAQAAAAAOAAwAAAlzbGFjay5jb20AFwAAACMAsP2UHl3lVE0zaDd6PBof23w+FD8mx8e3Phvd1tTaMrFhi9+Td+e1NJsUbpbP9uRq3tuE3zRBdy5hybNsk8MXE51kvVMK0eOntSrDahuD42sFCkzVH\/S0PgpsSfI8A+giwf+frrZktkI4KRg3hCDL3AxOeo+p2XlfkQM+Sl1864masTeQczQS\/W7RtMRlmXf4940V2idU49yugeM67ej0Z92wy18bTBX2me+5KJfbuIBfAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAiamgAdABcAGAAbAAMCAAKamgABAAAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687256050357,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"slack.com","domainame":"slack.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1313h2_8b80da21ef18_e48c60694ef0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687256050357,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"slack.com","domainame":"slack.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1313h2_8b80da21ef18_e48c60694ef0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256092301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687256092301,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0OpdAAO4GwVdjViKcCgAA4wG73lg6Ai8J4YcUjIAQAHZ65gAAAQEIClW\/FZ8cDaPt"} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256093242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1569687256093242,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"slack.com","domainame":"slack.com","tls": {"version":"TLSv1.2","ja3s":"7bee5c1d424b7e5f943b06983bb11422","ja4":"t12d1313h2_8b80da21ef18_e48c60694ef0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256093242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1569687256093242,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"slack.com","domainame":"slack.com","tls": {"version":"TLSv1.2","ja3s":"7bee5c1d424b7e5f943b06983bb11422","ja4":"t12d1313h2_8b80da21ef18_e48c60694ef0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1569687259269679,"flow_dst_last_pkt_time":1569687246981850,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1569687259269679,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569687259270105,"flow_dst_last_pkt_time":1569687246982027,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_usec":1569687259270105,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1569687259297056,"flow_dst_last_pkt_time":1569687247192802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1569687259297056,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="} @@ -226,16 +226,16 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1569687267481295,"flow_dst_last_pkt_time":1569687267481295,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1569687267481295,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267481295,"flow_src_last_pkt_time":1569687267481295,"flow_dst_last_pkt_time":1569687267481295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687267481295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"detectportal.firefox.com","domainame":"detectportal.firefox.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1569687267482821,"flow_dst_last_pkt_time":1569687259715492,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1569687267482821,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnyhkAAEAGtC4KAADjuBk4Td40AFBjyKiBGk9l7oAYEABAcgAAAQEIChwN0CfjFR\/lR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1569687249612686,"flow_src_last_pkt_time":1569687267482821,"flow_dst_last_pkt_time":1569687259715492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":307,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":307,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687267482821,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"detectportal.firefox.com","domainame":"detectportal.firefox.com","http": {"url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0","detected_os":"Intel Mac OS X 10.13"}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1569687249612686,"flow_src_last_pkt_time":1569687267482821,"flow_dst_last_pkt_time":1569687259715492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":307,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":307,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687267482821,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"detectportal.firefox.com","domainame":"detectportal.firefox.com","http": {"url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0","detected_os":"Intel Mac OS X 10.13"}}} 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1569687267483863,"flow_dst_last_pkt_time":1569687259710445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_usec":1569687267483863,"pkt":"LH6BsEqhNDY7z3UoCABFAAFiADsAAEAGfhIKAADjuBk4Td5VAFBor5yuCT1EPYAYEAk5BQAAAQEIChwN0CjjFR\/gR0VUIC9zdWNjZXNzLnR4dCBIVFRQLzEuMQ0KSG9zdDogZGV0ZWN0cG9ydGFsLmZpcmVmb3guY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMC4xMzsgcnY6NjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82OS4wDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="} -01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1569687249612686,"flow_src_last_pkt_time":1569687267483863,"flow_dst_last_pkt_time":1569687259710445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687267483863,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"detectportal.firefox.com","domainame":"detectportal.firefox.com","http": {"url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0","detected_os":"Intel Mac OS X 10.13"}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1569687249612686,"flow_src_last_pkt_time":1569687267483863,"flow_dst_last_pkt_time":1569687259710445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687267483863,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"detectportal.firefox.com","domainame":"detectportal.firefox.com","http": {"url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0","detected_os":"Intel Mac OS X 10.13"}}} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1569687267477342,"flow_dst_last_pkt_time":1569687267493135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1569687267493135,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"} 01110{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267477342,"flow_src_last_pkt_time":1569687267477342,"flow_dst_last_pkt_time":1569687267493135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1569687267493135,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.org","domainame":"mozilla.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["63.245.208.195,ttl=26"]}}} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1569687267481295,"flow_dst_last_pkt_time":1569687267500594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_usec":1569687267500594,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="} 01156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267481295,"flow_src_last_pkt_time":1569687267481295,"flow_dst_last_pkt_time":1569687267500594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1569687267500594,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"detectportal.firefox.com","domainame":"detectportal.firefox.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["184.25.56.82,ttl=9","184.25.56.51,ttl=9"]}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267677665,"flow_src_last_pkt_time":1569687267677665,"flow_dst_last_pkt_time":1569687267677665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687267677665,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1569687267677665,"flow_dst_last_pkt_time":1569687267677665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1569687267677665,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"} -00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267677665,"flow_src_last_pkt_time":1569687267677665,"flow_dst_last_pkt_time":1569687267677665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687267677665,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267677665,"flow_src_last_pkt_time":1569687267677665,"flow_dst_last_pkt_time":1569687267677665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687267677665,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1569687267677665,"flow_dst_last_pkt_time":1569687267713276,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1569687267713276,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1569687267713359,"flow_dst_last_pkt_time":1569687267713276,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687267713359,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1569687267764612,"flow_dst_last_pkt_time":1569687267453153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687267764612,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"} @@ -389,8 +389,8 @@ 01303{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245725905,"flow_dst_last_pkt_time":1569687245725839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1109,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1671,"flow_dst_tot_l4_payload_len":6387,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01308{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687268824782,"flow_dst_last_pkt_time":1569687268830368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7228,"flow_dst_tot_l4_payload_len":15224,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01320{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":44,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687288874717,"flow_dst_last_pkt_time":1569687288923007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5893,"flow_dst_tot_l4_payload_len":15795,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1569687245576934,"flow_src_last_pkt_time":1569687267323402,"flow_dst_last_pkt_time":1569687267323332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687268339560,"flow_dst_last_pkt_time":1569687268339498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1569687245576934,"flow_src_last_pkt_time":1569687267323402,"flow_dst_last_pkt_time":1569687267323332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687268339560,"flow_dst_last_pkt_time":1569687268339498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268077677,"flow_src_last_pkt_time":1569687268077677,"flow_dst_last_pkt_time":1569687268077677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569687247596034,"flow_src_last_pkt_time":1569687248620045,"flow_dst_last_pkt_time":1569687247596034,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267831823,"flow_src_last_pkt_time":1569687267831823,"flow_dst_last_pkt_time":1569687267847611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apple.com"}} @@ -417,7 +417,7 @@ 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261485620,"flow_src_last_pkt_time":1569687261485620,"flow_dst_last_pkt_time":1569687261501464,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":103,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":103,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lp-rkerur-osx.hsd1.ca.comcast.net"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267800486,"flow_src_last_pkt_time":1569687267800486,"flow_dst_last_pkt_time":1569687267818785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":281,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1-courier.sandbox.push.apple.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982027,"flow_src_last_pkt_time":1569687272377448,"flow_dst_last_pkt_time":1569687246982027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":90,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_raop._tcp.local"}} -00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687267492114,"flow_dst_last_pkt_time":1569687267492018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":787,"flow_dst_max_l4_payload_len":421,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":1142,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} +00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687267492114,"flow_dst_last_pkt_time":1569687267492018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":787,"flow_dst_max_l4_payload_len":421,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":1142,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267799414,"flow_src_last_pkt_time":1569687267799414,"flow_dst_last_pkt_time":1569687267814292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.apple.com"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687245295996,"flow_src_last_pkt_time":1569687245295996,"flow_dst_last_pkt_time":1569687245320461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":121,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":121,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vco.pandion.viasat.com"}} 01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687260751544,"flow_src_last_pkt_time":1569687260751544,"flow_dst_last_pkt_time":1569687260772510,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -435,15 +435,15 @@ 00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267988009,"flow_src_last_pkt_time":1569687267988009,"flow_dst_last_pkt_time":1569687268026329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569687268559574,"flow_src_last_pkt_time":1569687271560368,"flow_dst_last_pkt_time":1569687268559574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569687269223066,"flow_src_last_pkt_time":1569687272080873,"flow_dst_last_pkt_time":1569687269223066,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":311,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569687267677665,"flow_src_last_pkt_time":1569687268288257,"flow_dst_last_pkt_time":1569687268288187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":70,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569687267677665,"flow_src_last_pkt_time":1569687268288257,"flow_dst_last_pkt_time":1569687268288187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":70,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267991361,"flow_src_last_pkt_time":1569687267991361,"flow_dst_last_pkt_time":1569687267991361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268376485,"flow_src_last_pkt_time":1569687268376485,"flow_dst_last_pkt_time":1569687268376485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":311,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":7,"flow_first_seen":1569687249612686,"flow_src_last_pkt_time":1569687268122702,"flow_dst_last_pkt_time":1569687268122629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":307,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":1535,"flow_dst_tot_l4_payload_len":1920,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"detectportal.firefox.com"}} -00970{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687240992580,"flow_src_last_pkt_time":1569687241009749,"flow_dst_last_pkt_time":1569687241009657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":7,"flow_first_seen":1569687249612686,"flow_src_last_pkt_time":1569687268122702,"flow_dst_last_pkt_time":1569687268122629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":307,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":1535,"flow_dst_tot_l4_payload_len":1920,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"detectportal.firefox.com"}} +00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687240992580,"flow_src_last_pkt_time":1569687241009749,"flow_dst_last_pkt_time":1569687241009657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00778{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687240992580,"flow_src_last_pkt_time":1569687241009749,"flow_dst_last_pkt_time":1569687241009657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1569687249612686,"flow_src_last_pkt_time":1569687268086394,"flow_dst_last_pkt_time":1569687268086320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":768,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"detectportal.firefox.com"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1569687249612686,"flow_src_last_pkt_time":1569687268086394,"flow_dst_last_pkt_time":1569687268086320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":768,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"detectportal.firefox.com"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":1569687268746220,"flow_src_last_pkt_time":1569687268989475,"flow_dst_last_pkt_time":1569687268988395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":365,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":3157,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":10,"flow_first_seen":1569687241422303,"flow_src_last_pkt_time":1569687286460671,"flow_dst_last_pkt_time":1569687286460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":1100,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":10,"flow_first_seen":1569687241422303,"flow_src_last_pkt_time":1569687286460671,"flow_dst_last_pkt_time":1569687286460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":1100,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687267453127,"flow_src_last_pkt_time":1569687267455039,"flow_dst_last_pkt_time":1569687267454953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","proto_id":"161","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687267453127,"flow_src_last_pkt_time":1569687267455039,"flow_dst_last_pkt_time":1569687267454953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1569687241064503,"flow_src_last_pkt_time":1569687246096558,"flow_dst_last_pkt_time":1569687241064503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -454,7 +454,7 @@ 01251{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1569687269562299,"flow_src_last_pkt_time":1569687273580713,"flow_dst_last_pkt_time":1569687273580632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":1330,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"10.0.0.151"}} 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242476020,"flow_src_last_pkt_time":1569687242476020,"flow_dst_last_pkt_time":1569687242476020,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242271196,"flow_src_last_pkt_time":1569687242271196,"flow_dst_last_pkt_time":1569687242271196,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":589,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95415,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":34,"total-updates":3,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":457,"global_ts_usec":1569687288923007} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":589,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95415,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":34,"total-updates":3,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":457,"global_ts_usec":1569687288923007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 589/585 ~~ skipped flows.............: 0 @@ -463,9 +463,9 @@ ~~ total active/idle flows...: 69/69 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8940012 bytes -~~ total memory freed........: 8940012 bytes -~~ total allocations/frees...: 141978/141978 +~~ total memory allocated....: 9706595 bytes +~~ total memory freed........: 9706595 bytes +~~ total allocations/frees...: 155945/155945 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2661 chars diff --git a/test/results/default/anydesk.pcapng.out b/test/results/default/anydesk.pcapng.out index 17c734dda..4fb62f03f 100644 --- a/test/results/default/anydesk.pcapng.out +++ b/test/results/default/anydesk.pcapng.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1591342198821353,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -17,7 +17,7 @@ 01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199532111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1591342199532111,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12i640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 01865{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12i640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} 02666{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":176540.0,"max":1602919,"stddev":394272.9,"var":155451113472.0,"ent":2.8,"data": [164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62]},"pktlen": {"min":40,"avg":392.7,"max":1500,"stddev":555.2,"var":308238.0,"ent":3.8,"data": [60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180]},"bins": {"c_to_s": [8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1],"entropies": [4.772595406,4.903359890,4.834184170,5.369554996,4.390828609,7.460080147,4.834184170,7.770876408,4.834184170,4.609350204,4.734183788,7.619944096,4.390829086,5.750715733,4.765311718,5.803060055,4.765311718,6.743920803,4.390828609,6.830827713,4.834184170,6.275036812,4.434307098,6.390825272,7.863389492,7.871673107,7.811679363,4.390829086,4.390829086,4.390829086,7.887207985,7.841894150]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1613977585247036} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1613977585247036} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585247036,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"} 01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","domainame":"relay-3185a847.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -28,7 +28,7 @@ 01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585542630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585542630,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com","domainame":"relay-9b6827f2.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1613977585553797,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="} 01147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com","domainame":"relay-9b6827f2.net.anydesk.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["138.199.36.115,ttl=27996"]}}} -01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342244652502,"flow_dst_last_pkt_time":1591342244652493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":159,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":355,"midstream":1,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342244652502,"flow_dst_last_pkt_time":1591342244652493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":159,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":355,"midstream":1,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342209805588,"flow_dst_last_pkt_time":1591342209768308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5797,"flow_dst_tot_l4_payload_len":7915,"midstream":0,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595379986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595379986,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595379986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595379986,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"} @@ -47,7 +47,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595463648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595463648,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"} 01880{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","ja4":"t12i640500_9197985d2161_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E","blocks":0}}} 02668{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977601740964,"flow_dst_last_pkt_time":1613977601737415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5712,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1613977601740964,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":410271.2,"max":3021750,"stddev":825943.1,"var":682181918720.0,"ent":2.9,"data": [491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006]},"pktlen": {"min":40,"avg":306.3,"max":3966,"stddev":747.4,"var":558552.1,"ent":3.1,"data": [52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]},"bins": {"c_to_s": [6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1],"s_to_c": [11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0],"entropies": [4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1663090549161771} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1663090549161771} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="} @@ -63,7 +63,7 @@ 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com"}} 01471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977602672535,"flow_dst_last_pkt_time":1613977601741457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6286,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01343{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090607968067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":3063,"midstream":0,"thread_ts_usec":1663090607968067,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":174,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1663090607968067} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":174,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1663090607968067} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 174/174 ~~ skipped flows.............: 0 @@ -72,9 +72,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8722457 bytes -~~ total memory freed........: 8722457 bytes -~~ total allocations/frees...: 140815/140815 +~~ total memory allocated....: 9487089 bytes +~~ total memory freed........: 9487089 bytes +~~ total allocations/frees...: 154783/154783 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2673 chars diff --git a/test/results/default/armagetron.pcapng.out b/test/results/default/armagetron.pcapng.out index 1185886db..52d26d7d2 100644 --- a/test/results/default/armagetron.pcapng.out +++ b/test/results/default/armagetron.pcapng.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1742902205958504} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1742902205958504} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1742902205958504,"flow_src_last_pkt_time":1742902205958504,"flow_dst_last_pkt_time":1742902205958504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742902205958504,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"150.136.145.224","src_port":56325,"dst_port":4533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1742902205958504,"flow_dst_last_pkt_time":1742902205958504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1742902205958504,"pkt":"ILAB4IZiCAAn\/ADWCABFcABIbH5AAEAR4u7AqAG3loiR4NwFEbUANOsNAAsAAAASAEAAAAAAAAAAEQAAAAYgLGRtADVQqO57\/X4eWkajdWrTHNHeAAA="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1742902205958504,"flow_src_last_pkt_time":1742902205958504,"flow_dst_last_pkt_time":1742902205958504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742902205958504,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"150.136.145.224","src_port":56325,"dst_port":4533,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Armagetron","proto_id":"104","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -275,7 +275,7 @@ 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1742902266004075,"flow_src_last_pkt_time":1742902266025099,"flow_dst_last_pkt_time":1742902266142811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":242,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":242,"midstream":0,"thread_ts_usec":1742902266142811,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"23.245.233.233","src_port":50827,"dst_port":4550,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Armagetron","proto_id":"104","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1742902208637902,"flow_src_last_pkt_time":1742902208637902,"flow_dst_last_pkt_time":1742902208674988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1742902266142811,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"178.16.102.71","src_port":44877,"dst_port":4534,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Armagetron","proto_id":"104","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1742902208081237,"flow_src_last_pkt_time":1742902208081237,"flow_dst_last_pkt_time":1742902208113541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":524,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":524,"midstream":0,"thread_ts_usec":1742902266142811,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"178.16.102.71","src_port":44877,"dst_port":4535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Armagetron","proto_id":"104","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":305,"packets-processed":305,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22834,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":50,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":278,"global_ts_usec":1742902266142811} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/armagetron.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":305,"packets-processed":305,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22834,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":50,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":278,"global_ts_usec":1742902266142811} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 305/305 ~~ skipped flows.............: 0 @@ -284,9 +284,9 @@ ~~ total active/idle flows...: 50/50 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8773051 bytes -~~ total memory freed........: 8773051 bytes -~~ total allocations/frees...: 141377/141377 +~~ total memory allocated....: 9538993 bytes +~~ total memory freed........: 9538993 bytes +~~ total allocations/frees...: 155343/155343 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2204 chars diff --git a/test/results/default/atg.pcap.out b/test/results/default/atg.pcap.out index 773b8412c..f3a04b440 100644 --- a/test/results/default/atg.pcap.out +++ b/test/results/default/atg.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1724035927044639} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1724035927044639} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1724035927044639,"flow_src_last_pkt_time":1724035927044639,"flow_dst_last_pkt_time":1724035927044639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1724035927044639,"l3_proto":"ip4","src_ip":"192.168.0.105","dst_ip":"20.108.25.119","src_port":3134,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1724035927044639,"flow_dst_last_pkt_time":1724035927044639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1724035927044639,"pkt":"pBo6bOx4PPARV9wcCABFEAA9xhlAAD8Ghp3AqABpFGwZdww+JxH+LfN006nznIAYAfW5IAAAAQEICvNemRIMUKjxAUkyMDEwMA0K"} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1724035927044639,"flow_src_last_pkt_time":1724035927044639,"flow_dst_last_pkt_time":1724035927044639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1724035927044639,"l3_proto":"ip4","src_ip":"192.168.0.105","dst_ip":"20.108.25.119","src_port":3134,"dst_port":10001,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ATG","proto_id":"423","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -16,7 +16,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1724035949357629,"flow_dst_last_pkt_time":1724035949782780,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1724035949782780,"pkt":"PPARV9wcpBo6bOx4CABFSAA0ym5AACkGmBkUbBl3wKgAaScRDEzmrckFPsnvp4AQAf0oYQAAAQEICgxlW+nzXvA7"} 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1724035927044639,"flow_src_last_pkt_time":1724036001624144,"flow_dst_last_pkt_time":1724035927044639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1724036097435398,"l3_proto":"ip4","src_ip":"192.168.0.105","dst_ip":"20.108.25.119","src_port":3134,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ATG","proto_id":"423","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":8,"flow_first_seen":1724035939680812,"flow_src_last_pkt_time":1724036097435398,"flow_dst_last_pkt_time":1724036097435071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":443,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":768,"midstream":0,"thread_ts_usec":1724036097435398,"l3_proto":"ip4","src_ip":"192.168.0.105","dst_ip":"20.108.25.119","src_port":3148,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ATG","proto_id":"423","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":914,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1724036097435398} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":914,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1724036097435398} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652269 bytes -~~ total memory freed........: 8652269 bytes -~~ total allocations/frees...: 140577/140577 +~~ total memory allocated....: 9416675 bytes +~~ total memory freed........: 9416675 bytes +~~ total allocations/frees...: 154543/154543 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 973 chars diff --git a/test/results/default/avast.pcap.out b/test/results/default/avast.pcap.out index 8d3d4030c..3e520f8d2 100644 --- a/test/results/default/avast.pcap.out +++ b/test/results/default/avast.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655043322443000} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655043322443000} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322443000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043322443000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322443000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043322443000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0JKZAAH8G2LbAqAJkBT42HftlAFDFZGAiAAAAAIAC+vBUewAAAgQFtAEDAwgBAQQC"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655043322469000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ+2UJYJxaxWRgI3ASBbS5AQAAAgQFrAEDAwI="} @@ -7,8 +7,8 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1655043322473000,"pkt":"eJS0JASgYDjgxTWgCABFAACIJKhAAH8G2GDAqAJkBT42HftlAFDFZGAjCWCcW1AYAgRIXAAATk9TQQBgAQEAAAMBCLJaKUJSRRQAAAAA+C6zpq7EMUOR+R\/w3Dm0Io9lbBBMSUMULiKdz+pk\/a1RZ2FgDsvckO27L+4uJ680TFVOEALGS94Alg+MdKN9FpVUWsmF\/QhQ"} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043322473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322499000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655043322499000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo6BxAADcGXUwFPjYdwKgCZABQ+2UJYJxbxWRgg1AQAW3opgAAAAAAAAAA"} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1655044071816000} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655048600873000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1655044071816000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655048600873000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600873000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655048600873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600873000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655048600873000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0K+lAAH8G0lvAqAJkBT41Nfy9AFA6S0u1AAAAAIAC+vDzkQAAAgQFtAEDAwgBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655048600897000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQ\/L3TPGfsOktLtnASBbTCqQAAAgQFrAEDAwI="} @@ -16,8 +16,8 @@ 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1655048600901000,"pkt":"eJS0JASgYDjgxTWgCABFAACIK+tAAH8G0gXAqAJkBT41Nfy9AFA6S0u20zxn7VAYAgRSBAAATk9TQQBgAQEAAAMBCLJaKUJSRRQAAAAA+C6zpq7EMUOR+R\/w3Dm0Io9lbBBMSUMULiKdz+pk\/a1RZ2FgDsvckO27L+4uJ680TFVOEALGS94Alg+MdKN9FpVUWsmF\/QhQ"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655048600901000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655048600926000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoaUhAADcG3QgFPjU1wKgCZABQ\/L3TPGftOktMFlAQAW3yTgAAAAAAAAAA"} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":29,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1655049392908000} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1655053076804000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":29,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1655049392908000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1655053076804000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076804000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053076804000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076804000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053076804000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0LApAAH8G0jrAqAJkBT41Nf2HAFDeGR0wAAAAAIAC+vB9fgAAAgQFtAEDAwgBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076831000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655053076831000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQ\/Yfi7KGu3hkdMXASBbQDJAAAAgQFrAEDAwI="} @@ -26,9 +26,9 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655053076836000,"flow_dst_last_pkt_time":1655053076831000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053076836000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655053076836000,"flow_dst_last_pkt_time":1655053076863000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655053076863000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo+2lAADcGSucFPjU1wKgCZABQ\/Yfi7KGv3hkdkVAQAW0yyQAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655044071816000,"flow_dst_last_pkt_time":1655044071842000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655053076921000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1655053790549000} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":347,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1655054462572000} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":387,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1655072558567000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1655053790549000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":347,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1655054462572000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":387,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1655072558567000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655072558567000,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558567000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655072558567000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":58030,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558567000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655072558567000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SOJAAH8GtD7AqAJkBT42WeKuAFDHdiAUAAAAAIAC+vCq8gAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558593000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655072558593000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRSUFPjZZwKgCZABQ4q5sq8EMx3YgFXASBbSHewAAAgQFrAEDAwI="} @@ -38,8 +38,8 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655072558598000,"flow_dst_last_pkt_time":1655072558624000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655072558624000,"pkt":"YDjgxTWgeJS0JASgCABFAAAof7ZAADcGxXYFPjZZwKgCZABQ4q5sq8ENx3YgdVAQAW23IAAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655049392908000,"flow_dst_last_pkt_time":1655049392932000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655072558681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655054462572000,"flow_dst_last_pkt_time":1655054462599000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655072558681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":57,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1655073305718000} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1657055010698000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":57,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1655073305718000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1657055010698000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010698000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657055010698000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010698000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657055010698000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0aRtAAH8GlSnAqAJkBT41NcJeAFAUkygfAAAAAIAC+vB3PwAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010725000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657055010725000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQwl7SZ2G3FJMoIHASBbRNYQAAAgQFrAEDAwI="} @@ -48,9 +48,9 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657055010734000,"flow_dst_last_pkt_time":1657055010725000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657055010734000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1657055010734000,"flow_dst_last_pkt_time":1657055010762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657055010762000,"pkt":"YDjgxTWgeJS0JASgCABFAAAonCZAADcGqioFPjU1wKgCZABQwl7SZ2G4FJMogFAQAW19BgAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655072558567000,"flow_src_last_pkt_time":1655073554764000,"flow_dst_last_pkt_time":1655073554790000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657055010934000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":58030,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1657055653080000} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":618,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1657056295590000} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1657203798816000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1657055653080000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":618,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1657056295590000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1657203798816000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657203798816000,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798816000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657203798816000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":49532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798816000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657203798816000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ngdAAH8GXxnAqAJkBT42WcF8AFBgG1unAAAAAIAC+vD37AAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798842000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657203798842000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRSUFPjZZwKgCZABQwXwE4IZnYBtbqHASBbR25gAAAgQFrAEDAwI="} @@ -59,8 +59,8 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657203798816000,"flow_src_last_pkt_time":1657203798845000,"flow_dst_last_pkt_time":1657203798842000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657203798845000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":49532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1657203798845000,"flow_dst_last_pkt_time":1657203798871000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657203798871000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo6YhAADcGW6QFPjZZwKgCZABQwXwE4IZoYBtcCFAQAW2miwAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657056295590000,"flow_dst_last_pkt_time":1657056295616000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657203798932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":89,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":734,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657204596088000} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1657475015947000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":89,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":734,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657204596088000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1657475015947000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657475015947000,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015947000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657475015947000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":58412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015947000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657475015947000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0NRdAAH8GyEXAqAJkBT42HeQsAFCc4xvZAAAAAIAC+vDYfgAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015975000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657475015975000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ5CxO2JJPnOMb2nASBbQBmAAAAgQFrAEDAwI="} @@ -76,9 +76,9 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1657475603758000,"pkt":"eJS0JASgYDjgxTWgCABFAACINWNAAH8Gx2nAqAJkBT42WdSFAFBlBx5gDIVhMlAYAgRUGwAATk9TQQBgAQEAAAMB8zwJGkJSRRQAAAAABYiCpXRH+WmBnnTxsTaTNZqejhNMSUMUljUok9KFl0dRXc72tHtQFwKSnYJAcpIFTFVOEALhpIIAlg+MdKN9FpVUWsmF\/QhQ"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657475603758000,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657475603758000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":54405,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657475603758000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoYdxAADcG41AFPjZZwKgCZABQ1IUMhWEyZQcewFAQAW3pbwAAAAAAAAAA"} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":110,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1657475721074000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":110,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1657475721074000} 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1657475015947000,"flow_src_last_pkt_time":1657475203218000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657475735090000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":58412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":113,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1657612856239000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":113,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1657612856239000} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856239000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657612856239000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856239000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657612856239000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DwdAAH8G7lXAqAJkBT42HeF\/AFBeZJgBAAAAAIAC+vCdggAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856269000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657612856269000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ4X\/x2q1EXmSYAnASBbQIpAAAAgQFrAEDAwI="} @@ -87,8 +87,8 @@ 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657612856291000,"flow_dst_last_pkt_time":1657612856269000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657612856291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657612856291000,"flow_dst_last_pkt_time":1657612856321000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657612856321000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo9wtAADcGTl0FPjYdwKgCZABQ4X\/x2q1FXmSYYlAQAW04SQAAAAAAAAAA"} 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1657475603758000,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475749106000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657612856413000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":54405,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":124,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1074,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1657613496559000} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":128,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1657715755306000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":124,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1074,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1657613496559000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":128,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1657715755306000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657715755306000,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755306000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657715755306000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.131","src_port":62741,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755306000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657715755306000,"pkt":"eJS0JASgYDjgxTWgCABFAAA07PtAAH8GEPvAqAJkBT41g\/UVAFBENDSQAAAAAIAC+vAIKAAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755336000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657715755336000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRfsFPjWDwKgCZABQ9RVBYkV5RDQ0kXASBbSLjQAAAgQFrAEDAwI="} @@ -98,7 +98,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657715755343000,"flow_dst_last_pkt_time":1657715755373000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657715755373000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo+DZAADcGTcwFPjWDwKgCZABQ9RVBYkV6RDQ08VAQAW27MgAAAAAAAAAA"} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657613709852000,"flow_dst_last_pkt_time":1657613709881000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657715755532000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657715755306000,"flow_src_last_pkt_time":1657716324963000,"flow_dst_last_pkt_time":1657716324992000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1657716324992000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.131","src_port":62741,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":142,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":101,"global_ts_usec":1657716324992000} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":142,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":101,"global_ts_usec":1657716324992000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 ~~ skipped flows.............: 0 @@ -107,9 +107,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8691334 bytes -~~ total memory freed........: 8691334 bytes -~~ total allocations/frees...: 140784/140784 +~~ total memory allocated....: 9455996 bytes +~~ total memory freed........: 9455996 bytes +~~ total allocations/frees...: 154750/154750 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 966 chars diff --git a/test/results/default/avast_securedns.pcapng.out b/test/results/default/avast_securedns.pcapng.out index b759f978a..764dfd05a 100644 --- a/test/results/default/avast_securedns.pcapng.out +++ b/test/results/default/avast_securedns.pcapng.out @@ -1,10 +1,10 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625215624443704} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625215624443704} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443704,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625215624443704,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625215624443704,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443704,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625215624443704,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624563615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625215624563615,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625241699450886} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625241699450886} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241699450886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625241699450886,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241699450886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -18,7 +18,7 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714666452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625241714666452,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241714666452,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714666452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241714666452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714787539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625241714787539,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1625320207133036} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1625320207133036} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625320207133036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625320207133036,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625320207133036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241701462154,"flow_src_last_pkt_time":1625241701462154,"flow_dst_last_pkt_time":1625241701583055,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699572209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241714666452,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714787539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1625321673727184} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1625321673727184} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625321673727184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625321673727184,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625321673727184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -41,7 +41,7 @@ 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1625321675283046,"flow_dst_last_pkt_time":1625321675403948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625321675403948,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207252515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625321675403948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320209063685,"flow_src_last_pkt_time":1625320209063685,"flow_dst_last_pkt_time":1625320209184034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625321675403948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1625395217252548} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1625395217252548} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625395217252548,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625395217252548,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625395217252548,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -52,7 +52,7 @@ 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1625395217373676,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625395217373676,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673848204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625395217373676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321675283046,"flow_src_last_pkt_time":1625321675283046,"flow_dst_last_pkt_time":1625321675403948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625395217373676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1625401091063741} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1625401091063741} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625401091063741,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625401091063741,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625401091063741,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -63,14 +63,14 @@ 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1625401093323098,"flow_dst_last_pkt_time":1625401093443763,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625401093443763,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217373676,"flow_src_last_pkt_time":1625395217373676,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625401093443763,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625401093443763,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1625413810414650} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1625413810414650} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414650,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625413810414650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625413810414650,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414650,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625413810414650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810531155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625413810531155,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091190472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625413810531155,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401093323098,"flow_src_last_pkt_time":1625401093323098,"flow_dst_last_pkt_time":1625401093443763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625413810531155,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1625477697370410} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1625477697370410} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370410,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477697370410,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625477697370410,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370410,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477697370410,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -92,7 +92,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739836341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625477739836341,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477739836341,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739836341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477739836341,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739952878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625477739952878,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":1625482316411404} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":1625482316411404} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482316411404,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625482316411404,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482316411404,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -137,7 +137,7 @@ 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482318517463,"flow_src_last_pkt_time":1625482318517463,"flow_dst_last_pkt_time":1625482318634061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482396199376,"flow_src_last_pkt_time":1625482396199376,"flow_dst_last_pkt_time":1625482396320234,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316532446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":7,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":140,"global_ts_usec":1625482998213179} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":7,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":140,"global_ts_usec":1625482998213179} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482998213179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625482998213179,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482998213179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -168,7 +168,7 @@ 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1625483073457882,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625483073457882,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483010449914,"flow_src_last_pkt_time":1625483010449914,"flow_dst_last_pkt_time":1625483010570990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625483073457882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998333968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625483073457882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":9,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":171,"global_ts_usec":1625511643408589} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":9,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":171,"global_ts_usec":1625511643408589} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408589,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625511643408589,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625511643408589,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408589,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625511643408589,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -182,7 +182,7 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483010449914,"flow_src_last_pkt_time":1625483010449914,"flow_dst_last_pkt_time":1625483010570990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998333968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073336987,"flow_src_last_pkt_time":1625483073336987,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":185,"global_ts_usec":1625556065479179} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":185,"global_ts_usec":1625556065479179} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556065479179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625556065479179,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556065479179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -200,7 +200,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102196787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625556102196787,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556102196787,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102196787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556102196787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102314591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625556102314591,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":9,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1625558730271025} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":9,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1625558730271025} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558730271025,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625558730271025,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558730271025,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -215,7 +215,7 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730389235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556100118860,"flow_src_last_pkt_time":1625556100118860,"flow_dst_last_pkt_time":1625556100236729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":218,"global_ts_usec":1625558735164269} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":218,"global_ts_usec":1625558735164269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8739643 bytes -~~ total memory freed........: 8739643 bytes -~~ total allocations/frees...: 141028/141028 +~~ total memory allocated....: 9505233 bytes +~~ total memory freed........: 9505233 bytes +~~ total allocations/frees...: 154994/154994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 993 chars diff --git a/test/results/default/bacnet.pcap.out b/test/results/default/bacnet.pcap.out index 563b6d854..78afb2ad0 100644 --- a/test/results/default/bacnet.pcap.out +++ b/test/results/default/bacnet.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268949991615} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268949991615} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268949991615,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268949991615,"l3_proto":"ip4","src_ip":"65.49.20.98","dst_ip":"90.147.69.219","src_port":53234,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680268949991615,"pkt":"bs1PogZtPJTVQTiBCABFAAAt1DEAAPMR\/YxBMRRiWpNF28\/yusAAGQAAgQoAEQEEAAWpDAwCP\/\/\/GUsA"} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268949991615,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268949991615,"l3_proto":"ip4","src_ip":"65.49.20.98","dst_ip":"90.147.69.219","src_port":53234,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -14,24 +14,24 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680269481013331,"pkt":"bpHurUgdPJTVQTiBCABFAAAt1DEAAPMRTUFAPsWmWpNF1Y84usAAGQAAgQoAEQEEAAXcDAwCP\/\/\/GUsA"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269481013331,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269481013331,"l3_proto":"ip4","src_ip":"64.62.197.166","dst_ip":"90.147.69.213","src_port":36664,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269401152467,"flow_src_last_pkt_time":1680269401152467,"flow_dst_last_pkt_time":1680269401152467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269481013331,"l3_proto":"ip4","src_ip":"198.235.24.166","dst_ip":"90.147.69.222","src_port":56883,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1680270793239173} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1680270793239173} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680270793239173,"pkt":"AAwp30Y4PJTVQTiBCABFAAAt1DEAAPoRbRbG6xgnWpNF0tU7usAAGQAAgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269401152467,"flow_src_last_pkt_time":1680269401152467,"flow_dst_last_pkt_time":1680269401152467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.166","dst_ip":"90.147.69.222","src_port":56883,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269481013331,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"64.62.197.166","dst_ip":"90.147.69.213","src_port":36664,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269473899742,"flow_src_last_pkt_time":1680269473899742,"flow_dst_last_pkt_time":1680269473899742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"64.62.197.26","dst_ip":"90.147.69.221","src_port":36992,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1680271991867802} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1680271991867802} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680271991867802,"pkt":"ipffLU2SPJTVQTiBCABFCAAtP98AACQRhKSnXopvWpNF1GmhusAAGe\/YgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":102,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1680273941879740} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":102,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1680273941879740} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273941879740,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"162.142.125.140","dst_ip":"90.147.69.217","src_port":63852,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680273941879740,"pkt":"moT+\/Ph8PJTVQTiBCABFAAAt\/WwAACcR1cyijn2MWpNF2flsusAAGXG7gQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273941879740,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"162.142.125.140","dst_ip":"90.147.69.217","src_port":63852,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1680278570937544} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1680278570937544} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278570937544,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680278570937544,"pkt":"bs1PogZtPJTVQTiBCABFAAAt1DEAAPoRbQfG6xgtWpNF28rSusAAGQAAgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278570937544,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -40,7 +40,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680278735577357,"flow_dst_last_pkt_time":1680278735577357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680278735577357,"pkt":"bs1PogZtPJTVQTiBCABFAAAt7PQAACcR5kqijn2EWpNF23RWusAAGfbXgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278735577357,"flow_src_last_pkt_time":1680278735577357,"flow_dst_last_pkt_time":1680278735577357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278735577357,"l3_proto":"ip4","src_ip":"162.142.125.132","dst_ip":"90.147.69.219","src_port":29782,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278735577357,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":153,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1681133167315255} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":153,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1681133167315255} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133167315255,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1681133167315255,"pkt":"AQIDBAUGABorPE1eCABFAAAoq9VAAEARkffMrLH\/zKyxn7rAusAAFPoNgQsADAEg\/\/8A\/xAI"} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133167315255,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -54,7 +54,7 @@ 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133274409641,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133274409641,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133345185904,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133345185904,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133388520203,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133388520203,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1681133388520203} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1681133388520203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667433 bytes -~~ total memory freed........: 8667433 bytes -~~ total allocations/frees...: 140655/140655 +~~ total memory allocated....: 9432095 bytes +~~ total memory freed........: 9432095 bytes +~~ total allocations/frees...: 154621/154621 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 979 chars diff --git a/test/results/default/bad-dns-traffic.pcap.out b/test/results/default/bad-dns-traffic.pcap.out index c27c53b2b..bad822223 100644 --- a/test/results/default/bad-dns-traffic.pcap.out +++ b/test/results/default/bad-dns-traffic.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1486012623234684} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1486012623234684} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012623234684,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} 01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","domainame":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr": []}}} @@ -36,7 +36,7 @@ 01406{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":146,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012727434811,"flow_dst_last_pkt_time":1486012727540477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":43062,"flow_dst_tot_l4_payload_len":37153,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org"}} 01399{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org"}} 01398{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012733574897,"flow_dst_last_pkt_time":1486012733669835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":632,"flow_dst_tot_l4_payload_len":863,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":382,"packets-processed":382,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":3,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1486012733669835} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":382,"packets-processed":382,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":3,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1486012733669835} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 382/382 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661089 bytes -~~ total memory freed........: 8661089 bytes -~~ total allocations/frees...: 140943/140943 +~~ total memory allocated....: 9425527 bytes +~~ total memory freed........: 9425527 bytes +~~ total allocations/frees...: 154909/154909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 2689 chars diff --git a/test/results/default/badpackets.pcap.out b/test/results/default/badpackets.pcap.out index 67d38be79..ae3f7a399 100644 --- a/test/results/default/badpackets.pcap.out +++ b/test/results/default/badpackets.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495451029466717} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495451029466717} 00316{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451029466717,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_usec":1495451029466717} 00659{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00316{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451030401327,"packet_id":2,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_usec":1495451030401327} @@ -122,7 +122,7 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} 00316{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_usec":1495451620868987} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1495451632004127} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1495451632004127} 00317{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451632004127,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_usec":1495451632004127} 01151{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"} 00317{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451636457182,"packet_id":61,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_usec":1495451636457182} @@ -191,7 +191,7 @@ 00949{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"} 00317{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451915752227,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451915752227} 00664{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":93,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":194,"global_ts_usec":1495451915752227} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":93,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":194,"global_ts_usec":1495451915752227} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/0 ~~ skipped flows.............: 0 @@ -200,9 +200,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 320 chars ~~ json message max len.......: 2335 chars diff --git a/test/results/default/beckhoff_ads.pcapng.out b/test/results/default/beckhoff_ads.pcapng.out index c3f14deb5..80f46a550 100644 --- a/test/results/default/beckhoff_ads.pcapng.out +++ b/test/results/default/beckhoff_ads.pcapng.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1464342183296235} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1464342183296235} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1464342183296235,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1464342183296235,"pkt":"AAEFDXVguK7tfhtMCABFAAAwApZAAIAGAADAqAFjwKgBCMAxvwIE4+LLAAAAAHAC\/\/+D3gAAAgQFtAEBBAI="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1464342183296582,"pkt":"uK7tfhtMAAEFDXVgCABFAAAwACFAAIAGduvAqAEIwKgBY78CwDEAX9wABOPizHASgyw44wAAAgQFtAEBBAI="} @@ -9,7 +9,7 @@ 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1464342183297046,"flow_dst_last_pkt_time":1464342183297751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1464342183297751,"pkt":"uK7tfhtMAAEFDXVgCABFAABWACJAAIAGdsTAqAEIwKgBY78CwDEAX9wBBOPi8lAYgwbOTgAAAAAoAAAAwKgBYwEBA4AFDXVgAQEQJwQABQAIAAAAAAAAAAUAAAAAAAAABQACAA=="} 02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342209208136,"flow_dst_last_pkt_time":1464342209208822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":1036,"flow_dst_tot_l4_payload_len":880,"midstream":0,"thread_ts_usec":1464342209208822,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":347,"avg":1671757.6,"max":25812409,"stddev":6313651.0,"var":39862191259648.0,"ent":1.1,"data": [347,423,388,1169,198854,25613267,25812409,3967,3716,23996,23596,50986,50986,3994,4006,2129,2480,1881,1867,1982,1982,1999,1993,2000,1998,2015,2016,2024,2026,1996,1996]},"pktlen": {"min":40,"avg":100.4,"max":318,"stddev":47.8,"var":2284.8,"ent":4.9,"data": [48,48,40,78,86,40,90,90,90,318,118,86,78,86,82,82,118,86,136,87,133,86,134,87,135,86,134,87,136,87,134,86]},"bins": {"c_to_s": [3,5,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,13,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.102187157,4.537780762,4.334184647,4.058208466,4.054616928,4.453056335,3.858134031,3.871968746,3.874475002,3.622990608,3.363279343,3.975625038,4.113958359,4.077686787,3.958570004,4.088738441,3.346330643,4.026189327,4.928956985,4.066451550,4.906247616,4.092061996,4.933094978,4.057775021,4.965210915,4.115317822,4.918169498,4.066451550,4.982229233,4.089439869,4.933094501,4.147351265]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BeckhoffADS","proto_id":"365","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":24,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342209589146,"flow_dst_last_pkt_time":1464342209589545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":708,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":1934,"midstream":0,"thread_ts_usec":1464342209589545,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BeckhoffADS","proto_id":"365","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1464342209589545} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1464342209589545} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646289 bytes -~~ total memory freed........: 8646289 bytes -~~ total allocations/frees...: 140583/140583 +~~ total memory allocated....: 9410663 bytes +~~ total memory freed........: 9410663 bytes +~~ total allocations/frees...: 154549/154549 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2196 chars diff --git a/test/results/default/bets.pcapng.out b/test/results/default/bets.pcapng.out index a235318d5..234ea2f6b 100644 --- a/test/results/default/bets.pcapng.out +++ b/test/results/default/bets.pcapng.out @@ -1,16 +1,16 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1693252376328241} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1693252376328241} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376328241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376328241,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376328241,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1693252376328241,"pkt":"RQAAQAAAQABABvsXwKgKAg3gZxbqwwG7A+7xFgAAAACwAv\/\/lHwAAAIEBWQBAwMGAQEICjEzUHgAAAAABAIAAA=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1693252376373304,"pkt":"RQAAPAAAQAD1BkYbDeBnFsCoCgIBu+rDfMJDrwPu8RegEv\/\/nUwAAAIEBaAEAggKSjv9NzEzUHgBAwMJ"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1693252376373327,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1693252376373327,"pkt":"RQAANAAAQABABvsjwKgKAg3gZxbqwwG7A+7xF3zCQ7CAEAgEw9UAAAEBCAoxM1ClSjv9Nw=="} 00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":380,"pkt_l4_len":360,"thread_ts_usec":1693252376374043,"pkt":"RQABfAAAQABABvnbwKgKAg3gZxbqwwG7A+7xF3zCQ7CAGAgEHo0AAAEBCAoxM1ClSjv9NxYDAQFDAQABPwMDwABk4guyTxhZCw+GLxoVbHFTKe0wXKQIKjfXpYO0MBQgaRcSNkWDHUwKFQ\/xX0r86c\/n28v92ZnIHyKw4WCLfcYAYhMDEwITAcypzKjMqsAwwCzAKMAkwBTACgCfAGsAOf+FAMQAiACBAJ0APQA1AMAAhMAvwCvAJ8AjwBPACQCeAGcAMwC+AEUAnAA8AC8AugBBwBHABwAFAATAEsAIABYACgD\/AQAAlAArAAkIAwQDAwMCAwEAMwAmACQAHQAg4K+nU26wL5q0EcrSAPZbMBwmwfa4+K20LRLRPSLNBiMAAAAXABUAABJ3d3cuMTA4NGJldHMxMC5jb20ACwACAQAACgAKAAgAHQAXABgAGQANABgAFggGBgEGAwgFBQEFAwgEBAEEAwIBAgMAEAAOAAwCaDIIaHR0cC8xLjE="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376374043,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","domainame":"www.1084bets10.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376374043,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","domainame":"www.1084bets10.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376419072,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1693252376419072,"pkt":"RQAANHFFAAD1BhTeDeBnFsCoCgIBu+rDfMJDsAPu8l+AEACDyeAAAAEBCApKO\/1lMTNQpQ=="} -01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376420557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1693252376420557,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","domainame":"www.1084bets10.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -02131{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376473051,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516940,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10758.4,"max":46532,"stddev":18210.4,"var":331618016.0,"ent":3.2,"data": [45063,45086,716,45768,1485,46532,228,223,359,358,497,1,497,2530,35,126,50,44471,1044,896,1,81,43759,187,180,74,3041,2969,1675,39830,5747]},"pktlen": {"min":52,"avg":286.8,"max":1420,"stddev":477.2,"var":227739.3,"ent":3.6,"data": [64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1],"entropies": [4.359427452,5.254205704,5.077241421,6.193246841,5.115703106,7.830681801,5.024262905,7.844112873,5.154164791,7.881240845,5.115703106,7.848938465,5.975646019,5.115703106,4.911536217,6.119595051,6.468632221,6.137733459,5.192626476,5.154164791,5.154164791,5.192626476,6.778203011,5.077241421,6.239024639,5.154164791,5.561018467,7.842863560,5.115703106,4.979099274,5.154164791,5.154164791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376516972,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516972,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1693252376516972} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376420557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1693252376420557,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","domainame":"www.1084bets10.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376473051,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516940,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10758.4,"max":46532,"stddev":18210.4,"var":331618016.0,"ent":3.2,"data": [45063,45086,716,45768,1485,46532,228,223,359,358,497,1,497,2530,35,126,50,44471,1044,896,1,81,43759,187,180,74,3041,2969,1675,39830,5747]},"pktlen": {"min":52,"avg":286.8,"max":1420,"stddev":477.2,"var":227739.3,"ent":3.6,"data": [64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1],"entropies": [4.359427452,5.254205704,5.077241421,6.193246841,5.115703106,7.830681801,5.024262905,7.844112873,5.154164791,7.881240845,5.115703106,7.848938465,5.975646019,5.115703106,4.911536217,6.119595051,6.468632221,6.137733459,5.192626476,5.154164791,5.154164791,5.192626476,6.778203011,5.077241421,6.239024639,5.154164791,5.561018467,7.842863560,5.115703106,4.979099274,5.154164791,5.154164791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376516972,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516972,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com"}} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1693252376516972} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8685184 bytes -~~ total memory freed........: 8685184 bytes -~~ total allocations/frees...: 140577/140577 +~~ total memory allocated....: 9449591 bytes +~~ total memory freed........: 9449591 bytes +~~ total allocations/frees...: 154544/154544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars -~~ json message max len.......: 2136 chars -~~ json message avg len.......: 1273 chars +~~ json message max len.......: 2141 chars +~~ json message avg len.......: 1275 chars diff --git a/test/results/default/bfcp.pcapng.out b/test/results/default/bfcp.pcapng.out index b51e8bee9..b4f5aaa03 100644 --- a/test/results/default/bfcp.pcapng.out +++ b/test/results/default/bfcp.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1334761403310041} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1334761403310041} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1334761403310041,"flow_src_last_pkt_time":1334761403310041,"flow_dst_last_pkt_time":1334761403310041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1334761403310041,"l3_proto":"ip4","src_ip":"192.168.3.134","dst_ip":"192.168.9.100","src_port":57020,"dst_port":16500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1334761403310041,"flow_dst_last_pkt_time":1334761403310041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1334761403310041,"pkt":"6JqP1emY6LdIMp5ICABFAAAo6XcAAD8RBBPAqAOGwKgJZN68QHQAFAAAMAsAAHLlqBWAAQgIAAAAAAAA"} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1334761403310041,"flow_src_last_pkt_time":1334761403310041,"flow_dst_last_pkt_time":1334761403310041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1334761403310041,"l3_proto":"ip4","src_ip":"192.168.3.134","dst_ip":"192.168.9.100","src_port":57020,"dst_port":16500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} @@ -7,7 +7,7 @@ 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1334761403347193,"flow_dst_last_pkt_time":1334761403346874,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1334761403347193,"pkt":"6JqP1emY6LdIMp5ICABFAABM5wYAAD8RBmDAqAOGwKgJZN68QHQAOAAAIAwACXLlqBUAAQgIFg4BAgMEBwgLDA0ODxAAABQUAgQGCAoMDhASFBYYGhweICIk"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1334761403347193,"flow_dst_last_pkt_time":1334761403361105,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1334761403361105,"pkt":"6LdIMp5I6JqP1emYCABFAAAsjUhAAEARHz7AqAlkwKgDhkB03rwAGAo\/IAcAAXLlqBUAAggIBQQAAg=="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1334761403361363,"flow_dst_last_pkt_time":1334761403361105,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1334761403361363,"pkt":"6JqP1emY6LdIMp5ICABFAAAsLqAAAD8RvubAqAOGwKgJZN68QHQAGAAAIAgAAXLlqBUAAggIBAQAAgAA"} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1670596775531458} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1670596775531458} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1670596775531458,"flow_src_last_pkt_time":1670596775531458,"flow_dst_last_pkt_time":1670596775531458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1670596775531458,"l3_proto":"ip4","src_ip":"10.0.200.73","dst_ip":"10.0.102.79","src_port":3238,"dst_port":36633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1670596775531458,"flow_dst_last_pkt_time":1670596775531458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1670596775531458,"pkt":"AAAAAAAAAAAAAAAACABFAAAsP2wAAH4RurwKAMhJCgBmTwymjxkAGPxQIAsAAQAAAAEAAQACBQQAAQ=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1670596775531458,"flow_src_last_pkt_time":1670596775531458,"flow_dst_last_pkt_time":1670596775531458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1670596775531458,"l3_proto":"ip4","src_ip":"10.0.200.73","dst_ip":"10.0.102.79","src_port":3238,"dst_port":36633,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} @@ -17,7 +17,7 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1670596779477029,"flow_dst_last_pkt_time":1670596781983239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1670596781983239,"pkt":"AAAAAAAAAAAAAAAACABFAAAsFRxAAEAR4wwKAGZPCgDISY8ZDKYAGN1aQAEAAQAAAAEAAgABBAQAAQ=="} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":9,"flow_first_seen":1334761403310041,"flow_src_last_pkt_time":1334761419990449,"flow_dst_last_pkt_time":1334761419994448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1670596784470322,"l3_proto":"ip4","src_ip":"192.168.3.134","dst_ip":"192.168.9.100","src_port":57020,"dst_port":16500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 02222{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1670596775531458,"flow_src_last_pkt_time":1670596805749561,"flow_dst_last_pkt_time":1670596804463739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":256,"midstream":0,"thread_ts_usec":1670596805749561,"l3_proto":"ip4","src_ip":"10.0.200.73","dst_ip":"10.0.102.79","src_port":3238,"dst_port":36633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":634,"avg":1908076.9,"max":5006028,"stddev":1366464.1,"var":1867224317952.0,"ent":4.5,"data": [634,3930459,3945571,2520688,2685080,180691,2298635,2308213,5000320,5006028,1036617,1707921,685305,3278115,3289000,2705399,2716243,53456,53212,502732,503127,1025394,1025368,702862,2014500,1311531,1470880,1470669,2217805,2235554,1268375]},"pktlen": {"min":40,"avg":52.9,"max":80,"stddev":15.1,"var":228.7,"ent":4.9,"data": [44,80,40,80,44,56,40,40,80,40,80,48,56,40,40,80,60,40,60,40,60,40,60,40,40,60,40,60,40,40,80,44]},"bins": {"c_to_s": [4,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0],"entropies": [4.020728588,5.006616592,3.831541777,5.101737022,3.857835770,4.008951187,3.900413990,3.900413990,5.136173725,3.900413990,5.126737595,3.874270678,4.080379963,3.950413942,3.850414038,5.092300892,4.243333817,3.900413990,4.066249847,3.820482731,4.066249847,3.820482731,4.032916069,3.820482731,3.850413799,4.066249847,3.820482731,4.264085770,3.950414181,3.850413799,5.126737595,4.003571987]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1747904608303888} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1747904608303888} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747904608303888,"flow_src_last_pkt_time":1747904608303888,"flow_dst_last_pkt_time":1747904608303888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747904608303888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58984,"dst_port":5070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1747904608303888,"flow_dst_last_pkt_time":1747904608303888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747904608303888,"pkt":"AAAAAAAAAAAAAAAACABFAAA8NMpAAEAGB\/B\/AAABfwAAAeZoE861nPF6AAAAAKAC\/9f+MAAAAgT\/1wQCCArWBuLyAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1747904608303888,"flow_dst_last_pkt_time":1747904608303910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747904608303910,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARPO5mj8\/9O9tZzxe6AS\/8v+MAAAAgT\/1wQCCArWBuLy1gbi8gEDAwc="} @@ -27,7 +27,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1747904611926740,"flow_dst_last_pkt_time":1747904611926756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1747904611926756,"pkt":"AAAAAAAAAAAAAAAACABFAAA0u39AAEAGgUJ\/AAABfwAAARPO5mj8\/9O+tZzxh4AQAgD+KAAAAQEICtYG8RnWBvEZ"} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":18,"flow_first_seen":1670596775531458,"flow_src_last_pkt_time":1670596805749561,"flow_dst_last_pkt_time":1670596805749947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":308,"midstream":0,"thread_ts_usec":1747904611926938,"l3_proto":"ip4","src_ip":"10.0.200.73","dst_ip":"10.0.102.79","src_port":3238,"dst_port":36633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1747904608303888,"flow_src_last_pkt_time":1747904731416028,"flow_dst_last_pkt_time":1747904731415997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":108,"midstream":0,"thread_ts_usec":1747904731416028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58984,"dst_port":5070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":65,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1747904731416028} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":65,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1747904731416028} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 65/65 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653643 bytes -~~ total memory freed........: 8653643 bytes -~~ total allocations/frees...: 140621/140621 +~~ total memory allocated....: 9418081 bytes +~~ total memory freed........: 9418081 bytes +~~ total allocations/frees...: 154587/154587 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2227 chars diff --git a/test/results/default/bfd.pcap.out b/test/results/default/bfd.pcap.out index 99f09eeb2..cd5129226 100644 --- a/test/results/default/bfd.pcap.out +++ b/test/results/default/bfd.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1407756994998897} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1407756994998897} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994998897,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAANAABAAD\/EWrxmwENAZsBDQPAAA7IACCXvyBAAxgAAAABAAAAAAAPQkAAD0JAAAehIA=="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -23,7 +23,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994999521,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493316,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995862322,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1407756995862322} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1407756995862322} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -32,9 +32,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652469 bytes -~~ total memory freed........: 8652469 bytes -~~ total allocations/frees...: 140577/140577 +~~ total memory allocated....: 9416939 bytes +~~ total memory freed........: 9416939 bytes +~~ total allocations/frees...: 154543/154543 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 974 chars diff --git a/test/results/default/bitcoin.pcap.out b/test/results/default/bitcoin.pcap.out index 870fc119e..c172a1035 100644 --- a/test/results/default/bitcoin.pcap.out +++ b/test/results/default/bitcoin.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1301327937725033} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1301327937725033} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301327937725033,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301327937725033,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301327937725033,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -29,7 +29,7 @@ 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328473077893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1301328473077893,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328487120277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301328487120277,"pkt":"ACNshovhACPrIpS0CABFAABxMvRAAG8GgQJCRFMWwKgBjiCN2Ff1mJ4OLY+1yIAY\/5YyzAAAAQEICgBK7fonMvBH+b602WludgAAAAAAAAAAACUAAAAXvAGWAQEAAAAYqnCtA4JeCfSWUZFYsh6sAyMBtBHVR6Y5dbVZJO1sMQ=="} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328526763444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301328526763444,"pkt":"ACNshovhACPrIpS0CABFAABxM2VAAG8GgJFCRFMWwKgBjiCN2Ff1mJ5LLY+1yIAY\/5bHMAAAAQEICgBK74cnMvDT+b602WludgAAAAAAAAAAACUAAAAOAWk4AQEAAACmU2ocFfjbk6bwRfCWT0dV1t0G5OkxndgzFqeVZZtzHw=="} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":112864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1301328538215424} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":112864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1301328538215424} 02266{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1301328472925065,"flow_src_last_pkt_time":1301328607711436,"flow_dst_last_pkt_time":1301328616076718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9102,"flow_dst_tot_l4_payload_len":23653,"midstream":1,"thread_ts_usec":1301328616076718,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":8965742.0,"max":134322478,"stddev":25481870.0,"var":649325705166848.0,"ent":2.2,"data": [62318,90510,14042384,39643167,11451980,9238604,22700384,134322478,190526,216456,52,56784,49,15,11,45582876,5468,2949,79677,2390,56420,14875,38291,1106,29429,10233,41403,43,29590,11803,15753]},"pktlen": {"min":72,"avg":1075.6,"max":1500,"stddev":630.5,"var":397582.1,"ent":4.7,"data": [157,157,72,113,113,113,168,113,96,1500,1500,1500,1500,1500,1500,317,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0],"s_to_c": [1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.314049721,4.516415119,5.159438610,5.621953964,5.629888535,5.436272144,5.232412338,5.492824554,5.047397614,6.620144367,6.645269394,6.641551971,6.624248028,6.652445793,6.650110245,6.173855782,3.519509792,3.418695927,3.522331953,3.473526716,3.458976030,3.461488724,3.521340132,3.498308420,3.439558506,3.445366859,3.488321781,3.470211506,3.484444618,3.500530481,3.521874428,3.458418369]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328699728375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301328699728375,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328699728375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301328699728375,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"} @@ -39,7 +39,7 @@ 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328717164944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1301328717164944,"pkt":"ACNshovhACPrIpS0CABFAABrBgZAAHUGaMTD2hCywKgBjiCN2GjjI7OQQQ13l4AYAQQrZwAAAQEICgAAKOAnMvki+b602WFkZHIAAAAAAAAAAB8AAABr2MyYATqzkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/1XJqP0gjQ=="} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328728615715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1301328728615715,"pkt":"ACNshovhACPrIpS0CABFAABrByNAAHUGZ6fD2hCywKgBjiCN2GjjI7PHQQ13l4AYAQSkaAAAAQEICgAALVknMvnN+b602WFkZHIAAAAAAAAAAB8AAAATXr9rAUCzkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/4FhwkwgjQ=="} 02278{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301328741904043,"flow_dst_last_pkt_time":1301328743741542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5826,"flow_dst_tot_l4_payload_len":27918,"midstream":1,"thread_ts_usec":1301328743741542,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":2780285.0,"max":41186439,"stddev":7975567.0,"var":63609669419008.0,"ent":2.2,"data": [128208,113258,17195103,11450771,3438749,6775,2755264,41186439,319900,321845,34,347450,8283500,31885,35035,52689,19022,36630,49289,41130,63903,2317,29070,27748,37436,32734,49198,24571,33724,41084,34074]},"pktlen": {"min":72,"avg":1106.5,"max":1500,"stddev":621.5,"var":386298.0,"ent":4.7,"data": [157,157,72,107,107,107,107,113,96,1500,1500,1500,1385,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0],"s_to_c": [1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]},"directions": [0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.383668423,4.444240093,4.982605934,4.668665886,4.713104248,4.762123585,4.780815601,5.560832977,4.996669769,6.587570190,6.648486137,6.600738525,6.599431038,3.406774759,3.373550653,3.345058441,3.338595867,3.355129480,3.392081499,3.337737560,3.285459280,3.329736471,3.341146708,3.315114975,3.270951748,3.318075180,3.308751106,3.279112339,3.298598528,3.384484768,3.426392555,3.339625120]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":387,"packets-processed":386,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":372733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1301329138452825} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":387,"packets-processed":386,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":372733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1301329138452825} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301329304767401,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301329304767401,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301329304767401,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -47,14 +47,14 @@ 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1301329305005443,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1301329305005443,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1301329309391663,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301329309391663,"pkt":"ACPrIpS0ACNshovhCABFAABxpRVAAEAGdYnAqAGOuDqld9i\/II0stRd5NDMFdYAY\/\/\/QMQAAAQEICiczEOgAVd0S+b602WludgAAAAAAAAAAACUAAAAM+O86AQEAAABjYqN6+8l5NV5ILuoyGWmRHhZ4vrImNA17xLD+35pOKQ=="} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1301329331545459,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301329331545459,"pkt":"ACPrIpS0ACNshovhCABFAABx5FNAAEAGNkvAqAGOuDqld9i\/II0stRe2NDMFdYAY\/\/+YyAAAAQEICiczEcYAVd7J+b602WludgAAAAAAAAAAACUAAACKqR5BAQEAAADko5gKOXTkTY\/EAL+Sv3gEjdoxRRE7Qf9xD2E6EXEwBA=="} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":514,"packets-processed":513,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":390162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1301329743430837} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":514,"packets-processed":513,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":390162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1301329743430837} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":29,"flow_first_seen":1301328089970465,"flow_src_last_pkt_time":1301328231627793,"flow_dst_last_pkt_time":1301328234467725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":34585,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":3,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327939000921,"flow_dst_last_pkt_time":1301327938227159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20617,"flow_dst_tot_l4_payload_len":1573,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":3,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329810839993,"flow_dst_last_pkt_time":1301329452712485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":1061,"flow_src_tot_l4_payload_len":1498,"flow_dst_tot_l4_payload_len":1186,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":96,"flow_first_seen":1301328472925065,"flow_src_last_pkt_time":1301329809784023,"flow_dst_last_pkt_time":1301329809936278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":40981,"flow_dst_tot_l4_payload_len":64003,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":117,"flow_first_seen":1301328319392147,"flow_src_last_pkt_time":1301329810648952,"flow_dst_last_pkt_time":1301328837883797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":25033,"flow_dst_tot_l4_payload_len":127108,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":72,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301329743430837,"flow_dst_last_pkt_time":1301329807659230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23722,"flow_dst_tot_l4_payload_len":51175,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":529,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":391630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1301329810839993} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":529,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":391630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1301329810839993} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 529/529 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8672363 bytes -~~ total memory freed........: 8672363 bytes -~~ total allocations/frees...: 141117/141117 +~~ total memory allocated....: 9436897 bytes +~~ total memory freed........: 9436897 bytes +~~ total allocations/frees...: 155083/155083 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 2493 chars diff --git a/test/results/default/bittorrent.pcap.out b/test/results/default/bittorrent.pcap.out index f3d7b82e3..5de48ab39 100644 --- a/test/results/default/bittorrent.pcap.out +++ b/test/results/default/bittorrent.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1455469967246718,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} 01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}} @@ -161,7 +161,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975265759,"flow_src_last_pkt_time":1455469975265759,"flow_dst_last_pkt_time":1455469975265759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469970233620,"flow_src_last_pkt_time":1455469971153525,"flow_dst_last_pkt_time":1455469970357464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":527,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469975234548,"flow_src_last_pkt_time":1455469976169825,"flow_dst_last_pkt_time":1455469975379579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":534,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 ~~ skipped flows.............: 0 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8755455 bytes -~~ total memory freed........: 8755455 bytes -~~ total allocations/frees...: 141129/141129 +~~ total memory allocated....: 9520565 bytes +~~ total memory freed........: 9520565 bytes +~~ total allocations/frees...: 155095/155095 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 2398 chars diff --git a/test/results/default/bittorrent_tcp_miss.pcapng.out b/test/results/default/bittorrent_tcp_miss.pcapng.out index 54f97187c..aa37a4524 100644 --- a/test/results/default/bittorrent_tcp_miss.pcapng.out +++ b/test/results/default/bittorrent_tcp_miss.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673446123917965} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673446123917965} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673446123917965,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1673446123917965,"pkt":"UlQARf4hvGGTecRkCABFAAA8AbRAAEAGffTAqHoiskfOAb9bGuH76ArUAAAAAKAC\/\/\/tPAAAAgQFtAQCCAqT2yrZAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123936638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1673446123936638,"pkt":"vGGTecRkUlQARf4hCABFAAA0vJhAAHgGixeyR84BwKh6Ihrhv1taDkQc++gK1YAS\/\/802wAAAgQFoAEDAwgBAQQC"} @@ -9,7 +9,7 @@ 01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124058520,"flow_dst_last_pkt_time":1673446124076131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":424,"flow_src_tot_l4_payload_len":737,"flow_dst_tot_l4_payload_len":1043,"midstream":0,"thread_ts_usec":1673446124076131,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"0f6b9cd2b7da4de9b6c846203920e3da49cdb795"}}} 02314{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124132868,"flow_dst_last_pkt_time":1673446124132335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1025,"flow_dst_tot_l4_payload_len":22693,"midstream":0,"thread_ts_usec":1673446124132868,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":13847.5,"max":64959,"stddev":17166.0,"var":294672928.0,"ent":3.8,"data": [18673,26924,29858,64959,29324,33873,54911,20576,19623,21996,21047,6908,279,229,213,159,199,287,569,92,484,33856,18,24514,384,131,356,353,18454,16,8]},"pktlen": {"min":40,"avg":782.2,"max":1480,"stddev":666.4,"var":444053.7,"ent":4.4,"data": [60,52,40,238,464,40,511,280,108,419,328,90,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,40,40,1480,1480,1480,1480,1480,40,40,40]},"bins": {"c_to_s": [8,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,0,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,0],"entropies": [4.679967880,5.131024837,4.765311718,7.106909752,7.520512581,4.903055668,7.548049450,7.183899879,6.238460064,5.624160767,5.095487118,4.067485332,7.834874630,7.871198177,7.882282257,7.884436607,7.876652241,7.857866764,7.878300190,7.864074230,7.855942726,7.876870155,4.853056431,4.803055763,7.863341808,7.865004539,7.869568825,7.874233246,7.854714394,4.853055954,4.903056145,4.853055954]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":67,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124222811,"flow_dst_last_pkt_time":1673446124229821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":90373,"midstream":0,"thread_ts_usec":1673446124229821,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1673446124229821} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1673446124229821} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649864 bytes -~~ total memory freed........: 8649864 bytes -~~ total allocations/frees...: 140636/140636 +~~ total memory allocated....: 9414238 bytes +~~ total memory freed........: 9414238 bytes +~~ total allocations/frees...: 154602/154602 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2319 chars diff --git a/test/results/default/bittorrent_utp.pcap.out b/test/results/default/bittorrent_utp.pcap.out index 549e12e25..3f0f1262a 100644 --- a/test/results/default/bittorrent_utp.pcap.out +++ b/test/results/default/bittorrent_utp.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1456385034843882} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1456385034843882} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1456385034843882,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1456385034843882,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1456385034843882,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} @@ -8,7 +8,7 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1456385040274000,"flow_dst_last_pkt_time":1456385040274157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1456385040274157,"pkt":"LFbcjDU0xCwDBkn+CABFAAA60g0AAEARAADAqAEFUvNxK5\/\/\/ckAJoYDIQJTAgb\/P19\/\/\/\/\/AADwAEnH5\/UACAAAAAAAAAAA"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1456385040390819,"flow_dst_last_pkt_time":1456385040274157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_usec":1456385040390819,"pkt":"xCwDBkn+LFbcjDU0CABFCADuPhxAAHARRg9S83ErwKgBBf3Jn\/8A2oQHAQBTAxDwaHYJ8SkXABAAAOf2ScYTQml0VG9ycmVudCBwcm90b2NvbAAAAAAAGAAFDKTI5\/smo1Sxp6oVuuryYGfGaBEtTFQxMTAwLTFGYTUzMVJ0THV2dwAAAHEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/ff\/+\/\/\/\/v++\/7\/\/f\/f\/\/\/t\/+5gAAAAAEB"} 02372{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385041276103,"flow_dst_last_pkt_time":1456385041181191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":477,"flow_src_tot_l4_payload_len":14142,"flow_dst_tot_l4_payload_len":872,"midstream":0,"thread_ts_usec":1456385041276103,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":959,"avg":411920.3,"max":5430275,"stddev":1202360.0,"var":1445669502976.0,"ent":2.4,"data": [4392194,1037924,5430275,116819,116920,100471,240441,139898,4463,110556,115010,959,58628,60551,88152,88141,37493,37665,24480,24365,43679,55465,11575,11793,11863,53659,52777,104119,173318,8337,17540]},"pktlen": {"min":48,"avg":497.2,"max":1500,"stddev":600.8,"var":360942.7,"ent":4.0,"data": [132,132,48,58,238,505,48,48,103,257,48,48,132,1500,54,1500,54,1500,54,1500,54,82,1500,54,1500,54,1500,48,48,1037,1037,1037]},"bins": {"c_to_s": [3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0],"s_to_c": [11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0],"entropies": [5.803075790,5.866444111,4.474482536,4.231768131,4.447527885,5.267382622,4.667174816,5.259760857,3.872052193,5.423846722,5.259760857,4.750508785,5.806200504,7.847329140,4.531593323,7.839333057,4.619647026,7.837954521,4.582609653,7.820847988,4.619647026,4.109564304,7.831181049,4.693720818,7.634190559,4.693720818,7.787273407,4.892893314,4.750508785,7.761264801,7.781966686,7.702743530]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":87,"packets-processed":86,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1704898946338043} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":87,"packets-processed":86,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1704898946338043} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704898946338043,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1704898946338043,"pkt":"AAAAAAAAAAAAAAAACABFAAAwp8NAALARJPd\/AAABfwAAAcLFgjUAHP4vQQBFZ+1jkpYAAAAAABAAACPGAAA="} 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704898946338043,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} @@ -18,7 +18,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1704898949036574,"flow_dst_last_pkt_time":1704898947830917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1704898949036574,"pkt":"AAAAAAAAAAAAAAAACABFAAA1qOdAALARI85\/AAABfwAAAcLFgjUAIf40AQBFaO2Mv60AAACFABAAACPIRWZ0ZXN0Cg=="} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":39,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385044298958,"flow_dst_last_pkt_time":1456385054059812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":477,"flow_src_tot_l4_payload_len":34679,"flow_dst_tot_l4_payload_len":3198,"midstream":0,"thread_ts_usec":1704898949036733,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898949036574,"flow_dst_last_pkt_time":1704898949036733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1704898949036733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38006,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1704898949036733} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38006,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1704898949036733} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/92 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649966 bytes -~~ total memory freed........: 8649966 bytes -~~ total allocations/frees...: 140636/140636 +~~ total memory allocated....: 9414372 bytes +~~ total memory freed........: 9414372 bytes +~~ total allocations/frees...: 154602/154602 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2377 chars diff --git a/test/results/default/bjnp.pcap.out b/test/results/default/bjnp.pcap.out index fc147780c..aead24bae 100644 --- a/test/results/default/bjnp.pcap.out +++ b/test/results/default/bjnp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1467725378685790} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1467725378685790} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685790,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725378685790,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_usec":1467725378685790,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685790,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725378685790,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -40,7 +40,7 @@ 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384113794,"flow_src_last_pkt_time":1467725384113794,"flow_dst_last_pkt_time":1467725384113794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383909788,"flow_src_last_pkt_time":1467725383909788,"flow_dst_last_pkt_time":1467725383909788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383705789,"flow_src_last_pkt_time":1467725383705789,"flow_dst_last_pkt_time":1467725383705789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1467725385329792} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1467725385329792} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667056 bytes -~~ total memory freed........: 8667056 bytes -~~ total allocations/frees...: 140642/140642 +~~ total memory allocated....: 9431718 bytes +~~ total memory freed........: 9431718 bytes +~~ total allocations/frees...: 154608/154608 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 970 chars diff --git a/test/results/default/blizzard.pcap.out b/test/results/default/blizzard.pcap.out index 46fd645e9..6bcd80c82 100644 --- a/test/results/default/blizzard.pcap.out +++ b/test/results/default/blizzard.pcap.out @@ -1,4 +1,4 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":214643227,"flow_src_last_pkt_time":214643227,"flow_dst_last_pkt_time":214643227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":214643227,"l3_proto":"ip4","src_ip":"192.168.1.205","dst_ip":"37.244.28.101","src_port":50082,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":214643227,"flow_dst_last_pkt_time":214643227,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":214643227,"pkt":"ILAB4IZiCAAnOk7TCABFAAA00b5AAIAGJDfAqAHNJfQcZcOiBF8AxoH8AAAAAIACgACfhQAAAgQFtAEDAwABAQQC"} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":214643227,"flow_dst_last_pkt_time":214668240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":214668240,"pkt":"CAAnOk7TILAB4IZiCABFAAA0AABAADAGRfYl9BxlwKgBzQRfw6JdjjEBAMaB\/YAS+vCV7QAAAgQFtAEBBAIBAwMH"} @@ -13,7 +13,7 @@ 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":230553665,"flow_dst_last_pkt_time":230408738,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":230553665,"pkt":"ILAB4IZiCAAnOk7TCABFAACV5aJAAIAGXjLAqAHNid1qO8OIBF\/xoMmMXMDCB1AYgADDcgAAQQAACmZS7cbGZK3KqhMBACmZTiOiGIUp4XgBACmZTiOiGcjFyqkBACmZTiOiGTVjlCEAACmZTiOiGhShThtCNzK6VrcbGgAE5AAJAFhYWFhYWFhYWEBHTUFJTC5DT00BC1hYWFhYMDQwNjMjMQ=="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":230553665,"flow_dst_last_pkt_time":230717876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":230717876,"pkt":"CAAnOk7TILAB4IZiCABFAAAodKJAADEGHqCJ3Wo7wKgBzQRfw4hcwMIH8aDJ+VAQ+k9crAAAAAAAAAAA"} 00900{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":230244648,"flow_src_last_pkt_time":230553665,"flow_dst_last_pkt_time":230718522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":230718522,"l3_proto":"ip4","src_ip":"192.168.1.205","dst_ip":"137.221.106.59","src_port":50056,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1742849068921784} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1742849068921784} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1742849068921784,"flow_src_last_pkt_time":1742849068921784,"flow_dst_last_pkt_time":1742849068921784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742849068921784,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"137.221.107.220","src_port":42710,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1742849068921784,"flow_dst_last_pkt_time":1742849068921784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1742849068921784,"pkt":"dNo47VMyYhO2esBpCABFAAA86wlAAEAGjQ3AqAxDid1r3KbWDoxt76BvAAAAAKAC\/\/\/Y2gAAAgQFtAQCCAoYoNAcAAAAAAEDAwk="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1742849068921784,"flow_dst_last_pkt_time":1742849069089792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1742849069089792,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAADIGhheJ3WvcwKgMQw6MptY4p9XKbe+gcKAS\/ohJHQAAAgQFtAQCCAp8JwaMGKDQHAEDAwc="} @@ -23,7 +23,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1742849069258089,"flow_dst_last_pkt_time":1742849069425734,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1742849069425734,"pkt":"YhO2esBpdNo47VMyCABFAAA0+ZVAADIGjImJ3WvcwKgMQw6MptY4p9XLbe+gz4AQAf1xiQAAAQEICnwnB9wYoNFZ"} 00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":230244648,"flow_src_last_pkt_time":232491522,"flow_dst_last_pkt_time":232345391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":615,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":811,"midstream":0,"thread_ts_usec":1742849070875606,"l3_proto":"ip4","src_ip":"192.168.1.205","dst_ip":"137.221.106.59","src_port":50056,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":8,"flow_first_seen":214643227,"flow_src_last_pkt_time":216090440,"flow_dst_last_pkt_time":216029758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":615,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":717,"midstream":0,"thread_ts_usec":1742849070875606,"l3_proto":"ip4","src_ip":"192.168.1.205","dst_ip":"37.244.28.101","src_port":50082,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5091,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1742892681221649} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5091,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1742892681221649} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1742892681221649,"flow_src_last_pkt_time":1742892681221649,"flow_dst_last_pkt_time":1742892681221649,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742892681221649,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"34.171.17.90","src_port":1120,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1742892681221649,"flow_dst_last_pkt_time":1742892681221649,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1742892681221649,"pkt":"dNo47VMyYhO2esBpCABFAAAujrpAAEARqxTAqAxDIqsRWgRgw1AAGm9cZFhNdFkyVnVkSAEAAAABAAAA"} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1742892681221649,"flow_src_last_pkt_time":1742892681221649,"flow_dst_last_pkt_time":1742892681221649,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742892681221649,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"34.171.17.90","src_port":1120,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -40,7 +40,7 @@ 01190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1742892725419082,"flow_dst_last_pkt_time":1742892725121081,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":542,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":542,"pkt_l4_len":508,"thread_ts_usec":1742892725419082,"pkt":"dNo47VMyYhO2esBpCABFAAIQTVlAAEARWWjAqAxDIhajGqz6HWEB\/BFUQgYCAfeqNJkAAgACAAAAAQAAAAgAAABm\/qGlAgAAAAIAAAAIAQgAAAB9tdVAQgAAAEIAAAAKIM993kFbHhyZXHvZYLqO99hVDPPbydgngJbjMvVA5cxKEhIJkd9DAVumNkERHzmAzJUBAAAY46iBxqP\/4oRUIAFDe3D+Ex2qlr+VALM7KnXPQdtkHUBVkKw7RT6T2fQrR\/6euuzMWnhIqApmuSl0Y1h\/gCy5p7piu615BFT4T1vwrsbciPCdZ8nIDEoVXkjKbE79L\/QRxuZbibQIuY9bb42erDJrM0UNEsvsyyocvnVKZeOWrXMq1+f2lcwV+BQFPcteqSEjD27xNNw5W55K7c\/x57tIDn3urYUa5OW8bYfSOYsWApuYMH5SSk5WjEksp0ZFlHMG3Mw76Tw9fCMATt8Mo0IZ6gaP8aAqTTXf3Hwarkt4I8pnHboEWPIcdKU6E\/d7UsSiKNwAeBn2a0sXzduSRKF0lVUm5CGJ8H8cVgIVW+rSkUXw50\/4gBVEX8OconTIZ8JOCRirKRhxtkeNc03PePPcnF+rKzBbYy8fIPdmIySPFKnN9XBD2itcIUOjujMHedg1iDAQM3DwQFt1fnhDjk5qDS21cab4pqYejVfmv4TlyhfM2wJ+z1g\/kd5tyIj2SspaFnO3+PBtv7M="} 01192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1742892725422392,"flow_dst_last_pkt_time":1742892725121081,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":542,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":542,"pkt_l4_len":508,"thread_ts_usec":1742892725422392,"pkt":"dNo47VMyYhO2esBpCABFAAIQTVpAAEARWWfAqAxDIhajGqz6HWEB\/GOAQgYCAcPPmUEAAwDjAQAAAQAAAI38+XkYoChVcIwU24\/3aUJaoBRKQzWFpnQ4+35ebP7lF9XYRUDvYSbIaemUAfSGp2FRDxefpWwxS2xmDVgeGYUPJeBtmpVwDPYXOIs2Th2ffRwVFICd4VcSLYK7o83VPsin6uvMpRNrImwSsXe\/KMXqUO8wXt+XJdPvPyIhODqLL1Y63bhUNbll2TfICpQuqt4gXvj9Hba9DX6j8QVPQqVhKyNFP4bX2VYYUtC56InPo8FGxQKYeL9Y8gX+zF5W45defarXtpe3n3Kc2wcbDqTBTMTkqM8uzVPEeI\/MaBjIPjP2sLev1tkISrUnasM2hHPj\/ugfaMj6HxSmnawSPe5pILLt\/6eOMKFikiW1\/wxNFw1Cv03U9\/9B0XLK\/2rH2B33xeDp0ka0K\/y4ZsU3tAzrZcs9DxyzaGTxLUqr91JhmWezdQx6Tt\/6nE9EFUHMiU52VSnT6bkNR1X1lsVtEOBNYCHHgxIfNAT3JQxdwxpnH5UxcGy30bKENOGYqf20kKfNth84j8Zk97mAza5BMO+31jCDh91zJTtXz9kVgowuHhVt5KKJs23a1hEmQwvwI2k1J0Bi4DtlA\/mAkI0trxAZyaOSiWHXqcFr6VGF+7FWJ0QP2jQqXasAB16PtYQPGws="} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1742892681221649,"flow_src_last_pkt_time":1742892736422854,"flow_dst_last_pkt_time":1742892736543501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":195,"midstream":0,"thread_ts_usec":1742892736543501,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"34.171.17.90","src_port":1120,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":110,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1743254837313361} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":110,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1743254837313361} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1743254837313361,"flow_src_last_pkt_time":1743254837313361,"flow_dst_last_pkt_time":1743254837313361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1743254837313361,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"66.40.180.215","src_port":50015,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1743254837313361,"flow_dst_last_pkt_time":1743254837313361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1743254837313361,"pkt":"ILAB4IZiSKRyNpegCABFAAA0UHFAAIAG8TXAqAF1Qii018NfDowlhAQUAAAAAIAC\/\/+6bwAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1743254837313361,"flow_dst_last_pkt_time":1743254837345750,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1743254837345750,"pkt":"SKRyNpegILAB4IZiCABFAAA0AABAADAGkadCKLTXwKgBdQ6Mw1\/2WbxuJYQEFYAS+vAMpQAAAgQFtAEBBAIBAwMI"} @@ -50,7 +50,7 @@ 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1743254837372461,"flow_dst_last_pkt_time":1743254837372278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1743254837372461,"pkt":"ILAB4IZiSKRyNpegCABFAABdUHNAAIAG8QrAqAF1Qii018NfDowlhAQV9lm8pFAYAP8\/RgAAV09STEQgT0YgV0FSQ1JBRlQgQ09OTkVDVElPTiAtIENMSUVOVCBUTyBTRVJWRVIgLSBWMgo="} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1742892725101885,"flow_src_last_pkt_time":1742892725424444,"flow_dst_last_pkt_time":1742892725566165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":500,"flow_src_tot_l4_payload_len":2901,"flow_dst_tot_l4_payload_len":1637,"midstream":0,"thread_ts_usec":1743254843020240,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"34.22.163.26","src_port":44282,"dst_port":7521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1742892681221649,"flow_src_last_pkt_time":1742892736422854,"flow_dst_last_pkt_time":1742892736543501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":195,"midstream":0,"thread_ts_usec":1743254843020240,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"34.171.17.90","src_port":1120,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1743340090407216} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1743340090407216} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1743340090407216,"flow_src_last_pkt_time":1743340090407216,"flow_dst_last_pkt_time":1743340090407216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1743340090407216,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"66.40.191.253","src_port":60378,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1743340090407216,"flow_dst_last_pkt_time":1743340090407216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1743340090407216,"pkt":"ILAB4IZiSKRyNpegCABFAAA0Y1pAAIAG0ybAqAF1Qii\/\/evaDoz9qM7iAAAAAIAC\/\/\/j2gAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1743340090407216,"flow_dst_last_pkt_time":1743340090438479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1743340090438479,"pkt":"SKRyNpegILAB4IZiCABFAAA0AABAADAGhoFCKL\/9wKgBdQ6M69qdpmKv\/ajO44AS+vDogwAAAgQFtAEBBAIBAwMH"} @@ -76,7 +76,7 @@ 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":20,"flow_first_seen":1743340090407216,"flow_src_last_pkt_time":1743340090864144,"flow_dst_last_pkt_time":1743340090894704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":29200,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":42824,"midstream":0,"thread_ts_usec":1743340104573778,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"66.40.191.253","src_port":60378,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":9,"flow_first_seen":1743340103372399,"flow_src_last_pkt_time":1743340104347803,"flow_dst_last_pkt_time":1743340104573778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":1245,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":1834,"midstream":0,"thread_ts_usec":1743340104573778,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"137.221.82.101","src_port":58787,"dst_port":29503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1743340096015463,"flow_src_last_pkt_time":1743340098487647,"flow_dst_last_pkt_time":1743340098324952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":360,"midstream":0,"thread_ts_usec":1743340104573778,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"137.221.72.99","src_port":63711,"dst_port":29523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":206,"packets-processed":206,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1743340104573778} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/blizzard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":206,"packets-processed":206,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1743340104573778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 206/206 ~~ skipped flows.............: 0 @@ -85,9 +85,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8672497 bytes -~~ total memory freed........: 8672497 bytes -~~ total allocations/frees...: 140835/140835 +~~ total memory allocated....: 9437127 bytes +~~ total memory freed........: 9437127 bytes +~~ total allocations/frees...: 154801/154801 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 509 chars ~~ json message max len.......: 2216 chars diff --git a/test/results/default/bot.pcap.out b/test/results/default/bot.pcap.out index 273c49211..6a78263b9 100644 --- a/test/results/default/bot.pcap.out +++ b/test/results/default/bot.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240233170,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233170,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233579,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} @@ -9,7 +9,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240340261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240340261,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAKO4IQAA\/BtxaWR9I3ChNpyQAUP0AWPWTmLcGyylQEHVAXRgAAAAAtTpUPQ=="} 02295{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240455112,"flow_dst_last_pkt_time":1645108240455337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":33120,"midstream":0,"thread_ts_usec":1645108240455337,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":14326.1,"max":114244,"stddev":36180.2,"var":1309009792.0,"ent":2.2,"data": [409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465]},"pktlen": {"min":46,"avg":1086.5,"max":1480,"stddev":631.2,"var":398369.0,"ent":4.6,"data": [48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1],"entropies": [4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334]},"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} 01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108245896135,"flow_dst_last_pkt_time":1645108245896491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":406780,"midstream":0,"thread_ts_usec":1645108245896491,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8656747 bytes -~~ total memory freed........: 8656747 bytes -~~ total allocations/frees...: 140942/140942 +~~ total memory allocated....: 9421121 bytes +~~ total memory freed........: 9421121 bytes +~~ total allocations/frees...: 154908/154908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2300 chars diff --git a/test/results/default/bt-dns.pcap.out b/test/results/default/bt-dns.pcap.out index f5c30df0c..532e18ceb 100644 --- a/test/results/default/bt-dns.pcap.out +++ b/test/results/default/bt-dns.pcap.out @@ -1,11 +1,11 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00733{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":78726493,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":78726493,"pkt":"UlQAEjUDCAAn5uVZCABFAAA6fBwAAIARpoUKAAIPCgACA+lnADUAJvPGb\/EBAAABAAAAAAAACHV0b3JyZW50A2NvbQAAAQAB"} 01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":78726493,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com","domainame":"utorrent.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":78730365,"pkt":"CAAn5uVZUlQAEjUCCABFAABKEKAAAEARUfIKAAIDCgACDwA16WcANruUb\/GBgAABAAEAAAAACHV0b3JyZW50A2NvbQAAAQABwAwAAQABAAAC5wAEYo+SBw=="} 01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":78730365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com","domainame":"utorrent.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["98.143.146.7,ttl=743"]}}} 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":78730365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com"}} -00799{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":76,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":78730365} +00799{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":76,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":78730365} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644872 bytes -~~ total memory freed........: 8644872 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409246 bytes +~~ total memory freed........: 9409246 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 1069 chars diff --git a/test/results/default/bt-http.pcapng.out b/test/results/default/bt-http.pcapng.out index 25f11143f..3cfbf2e6d 100644 --- a/test/results/default/bt-http.pcapng.out +++ b/test/results/default/bt-http.pcapng.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631962352376282} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631962352376282} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352376282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352376282,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352376282,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631962352376282,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8rHZAAEAGOofAqAGAsB\/hdrciAFDsRCPNAAAAAKACC2gBUwAAAgQFtAQCCApMENP4AAAAAAEDAwA="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1631962352393006,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAsAABAADMG9A2wH+F2wKgBgABQtyLpFLp77EQjzmASRHCYbQAAAgQCGAAA"} @@ -8,7 +8,7 @@ 01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352393146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"tracker.trackerfix.com","domainame":"tracker.trackerfix.com","http": {"url":"tracker.trackerfix.com\/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started","code":0,"content_type":"","user_agent":"Transmission\/2.94"}}} 00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"thread_ts_usec":1631962352417837,"pkt":"PKn0qB\/spJGxgjQ5CABFAAF8AABAADMG8r2wH+F2wKgBgABQtyLpFLp87EQlQFAZRHAAXAAASFRUUC8xLjEgMzA3IFRlbXBvcmFyeSBSZWRpcmVjdA0KQ29ubmVjdGlvbjogY2xvc2UNClByYWdtYTogbm8tY2FjaGUNCmNhY2hlLWNvbnRyb2w6IG5vLWNhY2hlDQpMb2NhdGlvbjogL2Fubm91bmNlP2luZm9faGFzaD0lYWE3aSVjNFMlMGQlZGUlMDYlMjQlMThzJWRhJWQ0JTNhJWI1JWNjJWVjJTJjJWU2JTIyJnBlZXJfaWQ9LVRSMjk0MC1jaGhvOTJjNTZwdWwmcG9ydD01MTQxMyZ1cGxvYWRlZD0wJmRvd25sb2FkZWQ9MCZsZWZ0PTI4MjA1MDU2MCZudW13YW50PTgwJmtleT0zYjU1MDJjYyZjb21wYWN0PTEmc3VwcG9ydGNyeXB0bz0xJnJlcXVpcmVjcnlwdG89MSZldmVudD1zdGFydGVkDQoNCg=="} 01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962409934151,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1631962409934151,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"tracker.trackerfix.com"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":710,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631962409934151} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":710,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631962409934151} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645880 bytes -~~ total memory freed........: 8645880 bytes -~~ total allocations/frees...: 140563/140563 +~~ total memory allocated....: 9410254 bytes +~~ total memory freed........: 9410254 bytes +~~ total allocations/frees...: 154529/154529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 1354 chars diff --git a/test/results/default/bt_search.pcap.out b/test/results/default/bt_search.pcap.out index ee74b8dc2..1fe21851b 100644 --- a/test/results/default/bt_search.pcap.out +++ b/test/results/default/bt_search.pcap.out @@ -1,11 +1,11 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430752225251619} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430752225251619} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752225251619,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1430752225251619,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00964{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752225251619,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1430752525284866,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1430752525284866,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752525284866,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752525284866,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1430752525284866} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1430752525284866} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644872 bytes -~~ total memory freed........: 8644872 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409246 bytes +~~ total memory freed........: 9409246 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/c1222.pcapng.out b/test/results/default/c1222.pcapng.out index a1d60259e..511dc76a6 100644 --- a/test/results/default/c1222.pcapng.out +++ b/test/results/default/c1222.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1367373585690512} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1367373585690512} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373585690512,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1367373585690512,"pkt":"ABEiM0RVAAWaPHoACABFAABOA4sAAIARHrcKCQN8CtAACdc0BIEAOgrWYDCiDwYNYHyG91QBFgABAUDOEaYOBgxgfIb3VAEWAAEBQCGoBAICD4m+BygFgQOAASA="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373585690512,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -10,7 +10,7 @@ 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373604761735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1367373604761735,"pkt":"AB87hnijAAxB9XvLCABFAACjBPIAAH8GTzHAqGR8wKgBZQSBBikBodABAMCADYAYFoeRHgAACAoMHiITABbwdwEBYG2iCgYIKwYBBAGChWOkBgIEE+gUIaYRBg8rBgEEAYKFY45\/hfHCTgCoAwIBLKwPog2gC6EJgAEAgQRMl\/SJvi4oLIEqiOaXa+kgYVnM6gzTmUHz8kQJ4pSh+YRjhl6LlsXldgOakOTnD6E4otmY"} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373604761735,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1367373604761735,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373604761735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":111,"midstream":1,"thread_ts_usec":1367373604761735,"l3_proto":"ip4","src_ip":"192.168.1.101","dst_ip":"192.168.100.124","src_port":1577,"dst_port":1153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1367373604761735} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1367373604761735} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647394 bytes -~~ total memory freed........: 8647394 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9411800 bytes +~~ total memory freed........: 9411800 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 580 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/cachefly.pcapng.out b/test/results/default/cachefly.pcapng.out index a036486c3..8a3baa5d7 100644 --- a/test/results/default/cachefly.pcapng.out +++ b/test/results/default/cachefly.pcapng.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639053996915968} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639053996915968} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053996915968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053996915968,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053996915968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639053996915968,"pkt":"AAAAAAAAAAEAzkGkCABFAAA8AABAADgGbggKCgoBwKgAAQG7qvYcGrARC\/df8aASOJAXeAAAAgQFtAQCCAr4WKdZ8aCtGAEDAwk="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1639053997244536,"pkt":"AAAAAAAAAAEAzkGkCABFAAI5KtdAAD8GOjTAqAABCgoKAar2AbsL91\/xHBqwEoAYAECN7gAAAQEICvGgrmz4WKdZFgMBAgABAAH8AwN5I1ozU7xInxtJozbyruWCcUxU4dIiuEr772yEdl+IjiA8lzzThjK9JFGzvzmsOf5jh+xiqEIzY+\/b\/bu2q\/rhKgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAAAABcAFQAAEmFwcHR2LmNhY2hlZmx5Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgnPDvY\/VXlPM6JRGRsi41pgbweEr23XZr7mS8KeaUbX0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACRGkABQADAmgyiooAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} @@ -10,7 +10,7 @@ 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639053997267562,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1639053997267562,"pkt":"AAAAAAAAAAEAzkGkCABFAAV41QlAADgGk8IKCgoBwKgAAQG7qvYcGrqaC\/dh9oAQAB\/vzwAAAQEICvhYqLjxoK5sqdvCyNy5nJl8pz8yig1\/0ToWo4n9G1+jQBkpHuvmq3mui3JaLfaWEYzTozJ2lSjwdmADNIQmGCVoo94GYNcxHUw+jfmGsG3KkH41Yf7PGpFbZe91rp+mBxc2VnnNt\/WxNR7dl4m8J1f4MhQYldwt9akxZAnON84h2ZASWPhsdS8bH6k8KebX8pwcPYKtvKQUwxNRMSLJJqTTpzIw85wYyhANgqvE838DGLsCL8jxxhy5+0fKuXi4mwFbgmqDattP32RRoTk1s8zPgwN00cv2z\/4ylTPyDqwpuCc8mgAEUjCCBE4wggM2oAMCAQICDQHuXyId\/GI71DM6hVcwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTgxMTIxMDAwMDAwWhcNMjgxMTIxMDAwMDAwWjBQMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEmMCQGA1UEAxMdR2xvYmFsU2lnbiBSU0EgT1YgU1NMIENBIDIwMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnWsnVDBghACPVlw\/rrt1caGtrj1BgE3qBy5fujophlEsmefYEpyr7pNpWu+6gpPB7in9VH0eTYQ1ucVE6JSQIL4zh94nWks+vs6c\/MO213yGu\/vVEF\/3YY9kv04Faa1\/TR7Cs8qs7JHlPH8cu6rkVOnwYTGmztSBZCV4pw2PmLkZbqpSQSQ658PVKoQkvfDRN0LwAxQZVeQbOotAQ8UhD6LlatZVVvTHSGz2GvqHsDRLbLJkkrUfCbwPmenC1cMzNJyyljI7CGDySyS5zbwYQVpNAqqPFUvvlxQXWaWhcBrnuUYnhig5BTZuSkAqJ6RZr7+91vnpGuONHih0cLqdPAgMBAAGjggEpMIIBJTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQU+O9\/8s14Z6jeb48kjYjxhwMCs+swHwYDVR0jBBgwFoAUj\/BLf6guRSSuTVD6Y5qL3uLdG7wwPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHIzMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCZkMgtX0KK1Atm25gDcxHUiIZSKFOK+63f\/XOOOmcE28NTFHAUCXzD4PjXHJgaosQ+2+kA48pwsvEiMCFW29OteV6BWAttFIA19W9dHeuaRwX\/WY0AsUDakJiWGrpsbX+M9bOA34xkczaWeXlpdOq\/+J4Bj6CVaY3phLrp5dSIONt4O5jQNnspsNJSGJDeUkMArmonyBSehpWs4YAxMH6aJbuLrAQjppkA6PHSJuwPfjuKK5I4Ex2Phs2GUkfmNHxbpAI+imF8InZTWpRTM4a4kqhyr6H5UocfMaX8sIFXL830ztz2JM+n4jSQaJ3+qvGpmhLMm8DGw6ilsCF+3kj2AANjMIIDXzCCAkegAwIBAgILBA=="} 02750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","domainame":"apptv.cachefly.net","tls": {"version":"TLSv1.2","server_names":"*.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA","blocks":0}}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639053997267567} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639053997267567} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8694482 bytes -~~ total memory freed........: 8694482 bytes -~~ total allocations/frees...: 140603/140603 +~~ total memory allocated....: 9458856 bytes +~~ total memory freed........: 9458856 bytes +~~ total allocations/frees...: 154569/154569 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 2755 chars diff --git a/test/results/default/can.pcap.out b/test/results/default/can.pcap.out index 5a9d2e088..e29efc821 100644 --- a/test/results/default/can.pcap.out +++ b/test/results/default/can.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1682849329089168} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1682849329089168} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849329089168,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849329089168,"pkt":"mgwp30Y4PJTVQTiBCABFAABJTkoAAO4ROSvPhkBZMNzgTo2bLnoANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849329089168,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} @@ -33,7 +33,7 @@ 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849375322090,"flow_src_last_pkt_time":1682849375322090,"flow_dst_last_pkt_time":1682849375322090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"55.97.32.36","dst_ip":"61.40.63.42","src_port":56551,"dst_port":25353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"103.183.191.240","dst_ip":"73.121.85.123","src_port":46565,"dst_port":63575,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"128.244.36.46","dst_ip":"196.77.109.252","src_port":34952,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1682849417335803} +00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1682849417335803} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662126 bytes -~~ total memory freed........: 8662126 bytes -~~ total allocations/frees...: 140618/140618 +~~ total memory allocated....: 9426724 bytes +~~ total memory freed........: 9426724 bytes +~~ total allocations/frees...: 154584/154584 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/capwap.pcap.out b/test/results/default/capwap.pcap.out index 2b231ab3e..cca2d7266 100644 --- a/test/results/default/capwap.pcap.out +++ b/test/results/default/capwap.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1422328949167396} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1422328949167396} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328949167396,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1422328949167396,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328949167396,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -67,7 +67,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":111,"flow_first_seen":1422329005767224,"flow_src_last_pkt_time":1422329174862523,"flow_dst_last_pkt_time":1422329174862030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1457,"flow_dst_max_l4_payload_len":1457,"flow_src_tot_l4_payload_len":21692,"flow_dst_tot_l4_payload_len":32868,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":3,"flow_first_seen":1422329017533285,"flow_src_last_pkt_time":1422329175528388,"flow_dst_last_pkt_time":1422329139638529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":26325,"flow_dst_tot_l4_payload_len":311,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766358,"flow_src_last_pkt_time":1422329136181810,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":492,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":422,"packets-processed":397,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":70,"global_ts_usec":1422329175528388} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":422,"packets-processed":397,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":70,"global_ts_usec":1422329175528388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 422/397 ~~ skipped flows.............: 0 @@ -76,9 +76,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8666043 bytes -~~ total memory freed........: 8666043 bytes -~~ total allocations/frees...: 140972/140972 +~~ total memory allocated....: 9430545 bytes +~~ total memory freed........: 9430545 bytes +~~ total allocations/frees...: 154938/154938 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 297 chars ~~ json message max len.......: 2258 chars diff --git a/test/results/default/capwap_data.pcapng.out b/test/results/default/capwap_data.pcapng.out index b2559f243..e2c96acf2 100644 --- a/test/results/default/capwap_data.pcapng.out +++ b/test/results/default/capwap_data.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1517901568789948} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1517901568789948} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568789948,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568789948} 00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":158,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQCAXoEAgAMIAEUAAIhUOUAA\/hEG9qwyZJusEGRXoTAUfwB0AAAAIAMgAAAAAAS\/IwAAAAAAEQgsAISALStFkFTyAeGymRDzEeruwXYwqqoDAAAACABFAAA8ISJAAEAGPxwKAQNESn2CvLexAbsLIWFuAAAAAKAC\/\/8HGAAAAgQFtAQCCAoAIUBMAAAAAAEDAwg="} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568789948,"packet_id":2,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568789948} @@ -28,7 +28,7 @@ 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":142,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":142,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQBgXoEAYAQIAEUAAHggA0AA\/RE8PKwQZFesMmSbFH+hMABkAAAAEAMA4D0AAAIIAABU8gHhspmEgC0rRZDkxyKquU8AAKqqAwAAAAgARQAANHZKQABABun7Sn2CvAoBA0QBu7ex0fR0XgshYhuAEABnUOoAAAEBCAqbZQIUACFAVw=="} 00303{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568910933,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568910933} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":142,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":142,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQBgXoEAYAQIAEUAAHggBEAA\/RE8O6wQZFesMmSbFH+hMABkAAAAEAMA4D4AAAIIAABU8gHhspmEgC0rRZDkxyKquU8AAKqqAwAAAAgARQAANHZLQABABun6Sn2CvAoBA0QBu7ex0fR0XgshYhuAEQBnUOkAAAEBCAqbZQIUACFAVw=="} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1517901568910933} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1517901568910933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/0 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 306 chars ~~ json message max len.......: 821 chars diff --git a/test/results/default/cassandra.pcap.out b/test/results/default/cassandra.pcap.out index 436c823d8..4c5a6266c 100644 --- a/test/results/default/cassandra.pcap.out +++ b/test/results/default/cassandra.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1450889498032587} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1450889498032587} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1450889498032587,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1450889498032587,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1450889498032587,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1450889498032598,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="} @@ -23,7 +23,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1450889498038774,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"198.18.0.2","dst_ip":"198.18.0.3","src_port":37184,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1450889498032587,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":61,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1450889498038774,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":111,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"198.18.0.3","dst_ip":"198.18.0.2","src_port":37892,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1450889498038774} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1450889498038774} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -32,9 +32,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654378 bytes -~~ total memory freed........: 8654378 bytes -~~ total allocations/frees...: 140577/140577 +~~ total memory allocated....: 9418816 bytes +~~ total memory freed........: 9418816 bytes +~~ total allocations/frees...: 154543/154543 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 979 chars diff --git a/test/results/default/ceph.pcap.out b/test/results/default/ceph.pcap.out index d5db62e34..b04ca1dd2 100644 --- a/test/results/default/ceph.pcap.out +++ b/test/results/default/ceph.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444254926293773} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444254926293773} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444254926293773,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444254926293773,"pkt":"ABY+Yk9kABY+ORkpCABFAAA8JRpAAEAG+mYKAAP5CgADQ4rkGoX3CVGxAAAAAKACchAbagAAAgQFtAQCCAoABnSrAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444254926293826,"pkt":"ABY+ORkpABY+Yk9kCABFAAA8AABAAEAGH4EKAANDCgAD+RqFiuSMzekF9wlRsqAScSAbagAAAgQFtAQCCAoABnSrAAZ0qwEDAwc="} @@ -9,7 +9,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1444254926294107,"flow_dst_last_pkt_time":1444254926294066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1444254926294107,"pkt":"ABY+Yk9kABY+ORkpCABFAAA0JRxAAEAG+mwKAAP5CgADQ4rkGoX3CVGyjM3pD4AQAOUbYgAAAQEICgAGdKsABnSr"} 02103{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926296112,"flow_dst_last_pkt_time":1444254926296142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":3467,"flow_src_tot_l4_payload_len":1115,"flow_dst_tot_l4_payload_len":6094,"midstream":0,"thread_ts_usec":1444254926296142,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":151.9,"max":411,"stddev":119.2,"var":14214.2,"ent":4.5,"data": [53,81,240,253,16,84,8,105,31,134,52,139,36,95,126,151,45,237,411,352,352,337,227,33,140,286,44,383,70,131,56]},"pktlen": {"min":52,"avg":277.8,"max":3519,"stddev":606.3,"var":367642.9,"ent":3.6,"data": [60,60,52,61,52,61,52,324,188,85,52,78,61,187,61,675,52,160,207,342,331,529,159,675,147,52,187,169,52,3519,52,147]},"bins": {"c_to_s": [8,1,0,2,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,2,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]},"directions": [0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,1,1,0,1],"entropies": [4.415062904,4.780834198,4.585552692,5.013127804,4.686420441,5.066326618,4.686420441,1.480767250,2.119496346,3.943692684,4.686420441,4.274820805,4.955590725,3.217613459,4.955590248,2.337368011,4.647958755,3.441700935,3.464580774,5.300559044,5.232830048,6.238731384,3.562841177,2.348599672,3.969928980,4.685171604,3.406629562,3.573093653,4.685171604,2.285975933,4.633441925,3.913353920]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Ceph","proto_id":"381","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926392223,"flow_dst_last_pkt_time":1444254926392200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":3467,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":9638,"midstream":0,"thread_ts_usec":1444254926392223,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ceph","proto_id":"381","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1444254926392223} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1444254926392223} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645969 bytes -~~ total memory freed........: 8645969 bytes -~~ total allocations/frees...: 140572/140572 +~~ total memory allocated....: 9410343 bytes +~~ total memory freed........: 9410343 bytes +~~ total allocations/frees...: 154538/154538 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2108 chars diff --git a/test/results/default/check_mk_new.pcap.out b/test/results/default/check_mk_new.pcap.out index 9144248f6..92e2668b2 100644 --- a/test/results/default/check_mk_new.pcap.out +++ b/test/results/default/check_mk_new.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1512031663734797} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1512031663734797} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512031663734797,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1512031663734797,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734824,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1512031663734824,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="} @@ -9,7 +9,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1512031663737046,"flow_dst_last_pkt_time":1512031663736952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1512031663737046,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwpAAEAGbhDAqGQWwKhkMuZ2GZzVcug4bqkCXYAQAOVJwAAAAQEICisMa0AWUVye"} 02128{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663748376,"flow_dst_last_pkt_time":1512031663748413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":502,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1376,"midstream":0,"thread_ts_usec":1512031663748413,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":27,"avg":877.3,"max":2128,"stddev":812.2,"var":659616.6,"ent":4.3,"data": [27,188,2128,2061,102,68,67,104,1865,1834,72,90,1254,1242,147,158,91,94,1228,1205,176,172,1964,1988,1810,1805,1867,1907,699,663,119]},"pktlen": {"min":52,"avg":95.5,"max":554,"stddev":116.8,"var":13650.4,"ent":4.4,"data": [60,60,52,67,52,317,52,62,52,53,52,61,52,554,52,61,52,70,52,463,52,68,52,68,52,69,52,65,52,117,52,61]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.777318954,5.266787052,5.116507530,5.382888317,4.972088814,5.429334641,5.063528538,5.369284153,5.025067329,5.119153976,5.025067329,5.200747967,5.025067329,3.834031105,5.063528538,5.200747967,4.972088814,5.439786434,5.116507530,4.356705666,5.078045845,5.383426666,5.078045845,5.414306641,5.078045845,5.456064701,5.116507530,5.341373920,5.010550022,5.388670444,5.116507530,5.245910168]},"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","proto_id":"138","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663775626,"flow_dst_last_pkt_time":1512031663775645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":13758,"midstream":0,"thread_ts_usec":1512031663775645,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","proto_id":"138","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":98,"packets-processed":98,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1512031663775645} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":98,"packets-processed":98,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1512031663775645} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647680 bytes -~~ total memory freed........: 8647680 bytes -~~ total allocations/frees...: 140631/140631 +~~ total memory allocated....: 9412054 bytes +~~ total memory freed........: 9412054 bytes +~~ total allocations/frees...: 154597/154597 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2133 chars diff --git a/test/results/default/chrome.pcap.out b/test/results/default/chrome.pcap.out index 5785d2dcf..857f4ea02 100644 --- a/test/results/default/chrome.pcap.out +++ b/test/results/default/chrome.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620902507870345} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620902507870345} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507870345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902507870345,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507870345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620902507870345,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507899110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620902507899110,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="} @@ -54,7 +54,7 @@ 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":15,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509367004,"flow_dst_last_pkt_time":1620902509367096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":13523,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1620902509274034,"flow_src_last_pkt_time":1620902509373854,"flow_dst_last_pkt_time":1620902509373839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1303,"flow_dst_tot_l4_payload_len":14272,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1620902509276446,"flow_src_last_pkt_time":1620902509367151,"flow_dst_last_pkt_time":1620902509367101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1303,"flow_dst_tot_l4_payload_len":3889,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":59629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1620902509373854} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":59629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1620902509373854} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8925073 bytes -~~ total memory freed........: 8925073 bytes -~~ total allocations/frees...: 140774/140774 +~~ total memory allocated....: 9689607 bytes +~~ total memory freed........: 9689607 bytes +~~ total allocations/frees...: 154740/154740 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 1409 chars diff --git a/test/results/default/cip_io.pcap.out b/test/results/default/cip_io.pcap.out index 4a6dd495a..1a01f7feb 100644 --- a/test/results/default/cip_io.pcap.out +++ b/test/results/default/cip_io.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1706518964090521} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1706518964090521} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706518964090521,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1706518964090521,"pkt":"9FQzmBs\/5JBpqywUCABFvAA6y+gAAA8RU07AqAU+wKgFMgiuCK4AJp64AgACgAgAeHs6AOjLXgSxAAwAAwD9\/\/\/\/\/\/\/\/\/wAA"} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706518964090521,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CIP","proto_id":"393","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -7,7 +7,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964093700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1706518964100530,"pkt":"9FQzmBs\/5JBpqywUCABFvAA6y+kAAA8RU03AqAU+wKgFMgiuCK4AJp24AgACgAgAeHs6AOnLXgSxAAwAAwD9\/\/\/\/\/\/\/\/\/wAA"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964103687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1706518964103687,"pkt":"5JBpqywU9FQzmBs\/CABFvAA+cu4AAEARe0TAqAUywKgFPgiuCK4AKmkbAgACgAgA67SRdlXMXgSxABAA++QBAAAA\/f\/\/\/\/\/\/\/\/8AAA=="} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964103687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1706518964103687,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CIP","proto_id":"393","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1706518964103687} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1706518964103687} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644958 bytes -~~ total memory freed........: 8644958 bytes -~~ total allocations/frees...: 140537/140537 +~~ total memory allocated....: 9409332 bytes +~~ total memory freed........: 9409332 bytes +~~ total allocations/frees...: 154503/154503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 970 chars diff --git a/test/results/default/citrix.pcap.out b/test/results/default/citrix.pcap.out index bd2dfa957..c22d0e7c5 100644 --- a/test/results/default/citrix.pcap.out +++ b/test/results/default/citrix.pcap.out @@ -1,4 +1,4 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00704{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":0,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":0,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":0,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":2099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":2099,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="} @@ -8,7 +8,7 @@ 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":8200,"flow_dst_last_pkt_time":8192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":26,"thread_ts_usec":8200,"pkt":"4F+5aekiABUXp3WjCABFAAAurYUAAIAGYjYVAAAIFgAAB7CpBdYP1me5D9ZxbFAYgABLowAAf39JQ0EA5qZLtQ=="} 02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":5,"flow_first_seen":0,"flow_src_last_pkt_time":72692,"flow_dst_last_pkt_time":72684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":343,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1670,"flow_dst_tot_l4_payload_len":114,"midstream":0,"thread_ts_usec":72692,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":4689.5,"max":56256,"stddev":12448.2,"var":154958800.0,"ent":2.6,"data": [2099,2106,6093,6094,4120,7122,1007,6,6,6,6,1006,1007,7,5,13,6,1007,6,5,2009,7,5,6,5,1007,5,56256,46119,4116,4114]},"pktlen": {"min":50,"avg":100.3,"max":387,"stddev":63.6,"var":4041.6,"ent":4.8,"data": [50,50,50,50,50,62,198,107,87,88,91,387,83,211,95,133,103,97,95,103,98,83,83,83,100,103,97,95,128,50,50,50]},"bins": {"c_to_s": [5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0],"entropies": [4.094119072,4.506643772,4.039021015,4.568367004,4.528367043,4.245353222,5.186970711,4.576177120,4.820792675,4.800546169,4.260721207,4.770667076,4.545018196,3.338554859,4.081573486,4.165511131,4.056994915,4.437763214,4.102537632,4.181773186,4.332800388,4.481823921,4.388646603,4.394422054,4.212355614,4.095830441,4.246722221,4.279045105,4.048637390,4.188758850,4.256690979,4.322698593]},"ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Citrix","proto_id":"132","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01053{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":25,"flow_first_seen":0,"flow_src_last_pkt_time":1581384,"flow_dst_last_pkt_time":1605466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":855,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":3874,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1605466,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Citrix","proto_id":"132","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1605466} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1605466} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647783 bytes -~~ total memory freed........: 8647783 bytes -~~ total allocations/frees...: 140634/140634 +~~ total memory allocated....: 9412157 bytes +~~ total memory freed........: 9412157 bytes +~~ total allocations/frees...: 154600/154600 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 500 chars ~~ json message max len.......: 2182 chars diff --git a/test/results/default/cloudflare-warp.pcap.out b/test/results/default/cloudflare-warp.pcap.out index 7a8aeb170..88d4b706f 100644 --- a/test/results/default/cloudflare-warp.pcap.out +++ b/test/results/default/cloudflare-warp.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656230932729365} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656230932729365} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230932729365,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656230932729365,"pkt":"ABoRAAACABoRAAABCABFAAA0l3RAAEAGWO8KnoZdjvsqatjYAbtyVk7QfkNIjoAUAYa94wAAAQEICgCjbMKzFenn"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932996308,"flow_src_last_pkt_time":1656230932996308,"flow_dst_last_pkt_time":1656230932996308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230932996308,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -49,7 +49,7 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1656230939817793,"flow_dst_last_pkt_time":1656230939817793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230939817793,"pkt":"ABoRAAACABoRAAABCABFAAA816BAAEAG6XwKCAABrNnCvKpQFGzl+aQLAAAAAKAC\/\/8RUAAAAgQFtAQCCAoAo3OrAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939817793,"flow_dst_last_pkt_time":1656230939818817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939818817,"pkt":"ABoRAAACABoRAAABCABFAAAoABtAABAG8Ras2cK8CggAARRsqlAaBlv05fmkDFAS\/\/93dgAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939818992,"flow_dst_last_pkt_time":1656230939818817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939818992,"pkt":"ABoRAAACABoRAAABCABFAAAo16FAAEAG6Y8KCAABrNnCvKpQFGzl+aQMGgZb9VAQ\/\/93dwAA"} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1719546279552167} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1719546279552167} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1719546279552167,"flow_src_last_pkt_time":1719546279552167,"flow_dst_last_pkt_time":1719546279552167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":194,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1719546279552167,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"162.159.192.7","src_port":60555,"dst_port":2408,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1719546279552167,"flow_dst_last_pkt_time":1719546279552167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1719546279552167,"pkt":"uCfrJnoXbGp3iJhwCABFAADe3PNAAIAR+HfAqAFUop\/AB+yLCWgAyuWowQAAAACQgwGCQ2ywbChVvz8zwLIHrw\/rvPvgxiS9ZVQn5lLhx2nHPPSbtqkHyTUK8Iv2DMx\/zyTMJl6qxW2KMJ8pmdyNIGxovI6V2NAYgX9GzMZQoF+jMVdVEj+hUIMAt3gh6Jyo0xXvcr6KcrMX7SdPiUsKZjS1mFvlcv+42p75f13z3JoQYbeQcWJB6LC\/+Mvyy6CXMn8RUyU3BaqWogtPqMm8j5zC4EWBJip1Jj3gFWsFWtwmzis0d9ZbWwTl2zw="} 00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1719546279552167,"flow_src_last_pkt_time":1719546279552167,"flow_dst_last_pkt_time":1719546279552167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":194,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1719546279552167,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"162.159.192.7","src_port":60555,"dst_port":2408,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CloudflareWarp","proto_id":"300","proto_by_ip":"CloudflareWarp","proto_by_ip_id":300,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -69,7 +69,7 @@ 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1719546282441904,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00930{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1656230934714151,"flow_src_last_pkt_time":1656230934714523,"flow_dst_last_pkt_time":1656230934714509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1719546282441904,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1656230934714151,"flow_src_last_pkt_time":1656230934714523,"flow_dst_last_pkt_time":1656230934714509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1719546282441904,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":78,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10551,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1719546282441904} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":78,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10551,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1719546282441904} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 78/78 ~~ skipped flows.............: 0 @@ -78,9 +78,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8689137 bytes -~~ total memory freed........: 8689137 bytes -~~ total allocations/frees...: 140726/140726 +~~ total memory allocated....: 9453767 bytes +~~ total memory freed........: 9453767 bytes +~~ total allocations/frees...: 154692/154692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 1601 chars diff --git a/test/results/default/cnp_ip.pcapng.out b/test/results/default/cnp_ip.pcapng.out index 17bdfb039..53c948d63 100644 --- a/test/results/default/cnp_ip.pcapng.out +++ b/test/results/default/cnp_ip.pcapng.out @@ -1,11 +1,11 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1294227823248261} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1294227823248261} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1294227823248261,"flow_src_last_pkt_time":1294227823248261,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1294227823248261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39819,"dst_port":1628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1294227823248261,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1294227823248261,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEARPK9\/AAABfwAAAZuLBlwAKP47ACABAQAAAABri0VnAAAAAAAAAAABCQGqAakBA4ENAMo="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1294227823248261,"flow_src_last_pkt_time":1294227823248261,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1294227823248261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39819,"dst_port":1628,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CNP-IP","proto_id":"422","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1294227823258145,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1294227823258145,"pkt":"AAAAAAAAAAAAAAAACABFAAA4AABAAEARPLN\/AAABfwAAAZuLBlwAJP43ABwBAQAAAABri0VnAAAAAQAAAAAACQGpAaoBIw=="} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1294227823248261,"flow_src_last_pkt_time":1294227823258145,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1294227823258145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39819,"dst_port":1628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CNP-IP","proto_id":"422","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1294227823258145} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1294227823258145} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644900 bytes -~~ total memory freed........: 8644900 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409274 bytes +~~ total memory freed........: 9409274 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 968 chars diff --git a/test/results/default/coap_mqtt.pcap.out b/test/results/default/coap_mqtt.pcap.out index 2e85a7e25..555dd4373 100644 --- a/test/results/default/coap_mqtt.pcap.out +++ b/test/results/default/coap_mqtt.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1333957710293035} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1333957710293035} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1333957710293035,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -15,7 +15,7 @@ 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":1333957720773953,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1375090528017876} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1375090528017876} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"thread_ts_usec":1375090528017876,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"} 00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -43,7 +43,7 @@ 00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090935240020,"flow_src_last_pkt_time":1375091005616928,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090926676575,"flow_src_last_pkt_time":1375090935026698,"flow_dst_last_pkt_time":1375090935086791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":11,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1375091022221897,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1375091022221897,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsB9ABJUkt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1455907243976582} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1455907243976582} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1455907243976582,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -118,7 +118,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1455907258332152,"flow_src_last_pkt_time":1455907272399051,"flow_dst_last_pkt_time":1455907272398939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":578,"flow_dst_tot_l4_payload_len":808,"midstream":1,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":26,"flow_first_seen":1455907271483430,"flow_src_last_pkt_time":1455907272398966,"flow_dst_last_pkt_time":1455907272399057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":806,"flow_dst_tot_l4_payload_len":576,"midstream":1,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":41,"flow_first_seen":1455907267002212,"flow_src_last_pkt_time":1455907272399063,"flow_dst_last_pkt_time":1455907272398989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":907,"midstream":0,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1082,"packets-processed":1080,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":53303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1455907286608960} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1082,"packets-processed":1080,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":53303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1455907286608960} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1082/1080 ~~ skipped flows.............: 0 @@ -127,9 +127,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8720998 bytes -~~ total memory freed........: 8720998 bytes -~~ total allocations/frees...: 141786/141786 +~~ total memory allocated....: 9485852 bytes +~~ total memory freed........: 9485852 bytes +~~ total allocations/frees...: 155752/155752 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 2321 chars diff --git a/test/results/default/codm.pcap.out b/test/results/default/codm.pcap.out index a805a1eea..725396509 100644 --- a/test/results/default/codm.pcap.out +++ b/test/results/default/codm.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1714945575038105} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1714945575038105} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714945575038105,"flow_src_last_pkt_time":1714945575038105,"flow_dst_last_pkt_time":1714945575038105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714945575038105,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"49.51.177.25","src_port":45028,"dst_port":8013,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1714945575038105,"flow_dst_last_pkt_time":1714945575038105,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1714945575038105,"pkt":"RQAAPPYgQABABqp2CtetATEzsRmv5B9N0u\/CjAAAAACgAv\/\/EuMAAAIEJugEAggKgbiTWwAAAAABAwMJ"} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1714945575038105,"flow_dst_last_pkt_time":1714945575344783,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1714945575344783,"pkt":"RQAAMAAAQABABqCjMTOxGQrXrQEfTa\/kd+t369Lvwo1wEgQAaDAAAAIEJugDAwkA"} @@ -12,7 +12,7 @@ 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1714945575549162,"pkt":"RQAAKBdMQABAEacKCtetARf4rJ6dWh1MABSIPbu2U+qW\/bsDcGluZw=="} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714945575549162,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714945575549162,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.248.172.158","src_port":40282,"dst_port":7500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CoD_Mobile","proto_id":"186","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1714945575549162,"pkt":"RQAAKAAAQABAEb5WF\/isngrXrQEdTJ1aABQAALu2U+qW\/bsDcGluZw=="} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1714947445643585} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1714947445643585} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714947445643585,"flow_src_last_pkt_time":1714947445643585,"flow_dst_last_pkt_time":1714947445643585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714947445643585,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.131.34.20","src_port":38704,"dst_port":7948,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1714947445643585,"flow_dst_last_pkt_time":1714947445643585,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":210,"pkt_l4_len":190,"thread_ts_usec":1714947445643585,"pkt":"RQAA0kuKQABAEekhCtetASuDIhSXMB8MAL4XDQn7wXX\/qpBGDQFAKnwBAAEIzBUNrglAxq8zmv0AAFwMSw8x47WLBe8CQqK13MZq5inDco6IFoo4+pwf3SGoxCzr\/bnxAeIYIvQbar9KI\/MEycpy1Zvo5GAeorGLNdvPbqrnXgzsXy7gnHcOayvA7vQQgAE3AVVSNQcW2FmWH5eXpaKyLXGXhUlExjO92yqeas+2z2eZEtlUcp+WS2Y1aN4mJ4DBpDzsNcBul71bl\/KfmoV0fB6j"} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1714947445643585,"flow_dst_last_pkt_time":1714947445698836,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1714947445698836,"pkt":"RQAAJAAAQABAETVaK4MiFArXrQEfDJcwABAAAA4CwAAAAQAB"} @@ -22,7 +22,7 @@ 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1714945575549162,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1714947445706350,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.248.172.158","src_port":40282,"dst_port":7500,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CoD_Mobile","proto_id":"186","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1714947445643585,"flow_src_last_pkt_time":1714947445643585,"flow_dst_last_pkt_time":1714947445706350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":485,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":959,"midstream":0,"thread_ts_usec":1714947445706350,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.131.34.20","src_port":38704,"dst_port":7948,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CoD_Mobile","proto_id":"186","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714945575038105,"flow_src_last_pkt_time":1714945575353057,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1432,"midstream":0,"thread_ts_usec":1714947445706350,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"49.51.177.25","src_port":45028,"dst_port":8013,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.CoD_Mobile","proto_id":"91.186","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3114,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1714947445706350} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3114,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1714947445706350} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654303 bytes -~~ total memory freed........: 8654303 bytes -~~ total allocations/frees...: 140575/140575 +~~ total memory allocated....: 9418741 bytes +~~ total memory freed........: 9418741 bytes +~~ total allocations/frees...: 154541/154541 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 502 chars ~~ json message max len.......: 1462 chars diff --git a/test/results/default/collectd.pcap.out b/test/results/default/collectd.pcap.out index 4a4c1012f..44875cae2 100644 --- a/test/results/default/collectd.pcap.out +++ b/test/results/default/collectd.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946742154132991} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946742154132991} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742154132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02283{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_usec":946742154132991,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY7gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742154132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","domainame":"devlap.fritz.box","collectd": {"client_username":""}}} @@ -8,7 +8,7 @@ 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132991,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742156132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02285{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_usec":946742156132991,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAYzgZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAA\/\/8ACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132991,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742156132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","domainame":"devlap.fritz.box","collectd": {"client_username":""}}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":946746151465954} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":946746151465954} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_usec":946746151465954,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVv\/\/dXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -17,7 +17,7 @@ 00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132991,"flow_src_last_pkt_time":946742155132991,"flow_dst_last_pkt_time":946742155132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":"","collectd": {"client_username":""}}} 00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132991,"flow_src_last_pkt_time":946742155132991,"flow_dst_last_pkt_time":946742155132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1655315218479780} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1655315218479780} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479780,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1386,"pkt_l4_len":1352,"thread_ts_usec":1655315218479780,"pkt":"AAAAAAAAAAAAAAAACABFAAVcLQ9AAEARCoB\/AAABfwAAAdN6ZOIFSANcAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsIetVOvAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEh8igAIAAwYqobCHrR67QADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobCHrVLVQADAAYyAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEm00wAIAAwYqobCHryG+AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAA2BLtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANBcwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAynjmQQAFAAlmcmVlAAAGAA8AAQEAAAAAkCfAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAE3+tBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAANaXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAg7ahBAAgADBiqhsSesjKdAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaX1gAIAAwYqobEnrJfCQADAAYyAAAGAA8AAQIAAAAAABQBWwAIAAwYqobEnrKDcQADAAYzAAAGAA8AAQIAAAAAABXhLQAIAAwYqobEnrLCpgADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKFFAAgADBiqhsSess\/yAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENLAAgADBiqhsSesk3YAAMABjEAAAUACXVzZXIAAAYADwABAgAAAAAAFeA2AAgADBiqhsSestJFAAUACXdhaXQAAAYADwABAgAAAAAAAENGAAgADBiqhsSesqjuAAMABjAAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEokkACAAMGKqGxJ6yx68AAwAGMwAABgAPAAECAAAAAAAEhJAACAAMGKqGxJ6y1z0ABQAJd2FpdAAABgAPAAECAAAAAAAAPhAACAAMGKqGxJ6y2ckAAwAGMAAABQAJbmljZQAABgAPAAECAAAAAAAAACYACAAMGKqGxJ6y3FYAAwAGMQAABgAPAAECAAAAAAAAADEACAAMGKqGxJ6y4OIAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqGxJ6yxTgAAwAGMgAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASXNwAIAAwYqobEnrLUXAAFAAl3YWl0AAAGAA8AAQIAAAAAAABGMAAIAAwYqobEnrLuvwAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/mAAgADBiqhsSesvscAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOnzAAgADBiqhsSesv0mAAMABjEAAAYADwABAgAAAAAAAHMKAAgADBiqhsSesuvPAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo1oACAAMGKqGxJ6y8H0AAwAGMwAABgAPAAECAAAAAAAAbUsACAAMGKqGxJ6y\/yAAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUq8ACAAMGKqGxJ6zBsgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSeswuRAAMABjIAAAYADwABAgAAAAAAAAAAAAgADBiqhsSest6\/AAUACW5pY2UAAAYADwABAgAAAAAAAAAr"} 01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479780,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","domainame":"devlap.fritz.box","collectd": {"client_username":""}}} @@ -58,7 +58,7 @@ 02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655315774132712,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_usec":1655315774132712,"pkt":"AAAAAAAAAAAAAAAACABFAAVEkBxAAEARp4p\/AAABfwAAAY\/gZOIFMANEAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh00IfHOfAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAl3YWl0AAAGAA8AAQIAAAAAAAA+hgAIAAwYqodNCHx3BQADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqodNCHx4iwADAAYyAAAGAA8AAQIAAAAAAAAAKwAIAAwYqodNCHx6GAADAAYzAAAGAA8AAQIAAAAAAAAAMAAIAAwYqodNCHx+YwADAAYwAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAARAEAAgADBiqh00IfIBJAAMABjEAAAYADwABAgAAAAAAAKTtAAgADBiqh00IfIIYAAMABjIAAAYADwABAgAAAAAAAND4AAgADBiqh00IfIQ5AAMABjMAAAYADwABAgAAAAAAAG48AAgADBiqh00IfIc5AAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOv6AAgADBiqh00IfImlAAMABjEAAAYADwABAgAAAAAAAHQyAAgADBiqh00IfIuXAAMABjIAAAYADwABAgAAAAAAAFNGAAgADBiqh00IfI3qAAMABjMAAAYADwABAgAAAAAAADrxAAgADBiqh00IfJJ8AAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHyUxQADAAYxAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzGWgADAAYyAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzI6AADAAYzAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzNbwADAAYwAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEbooAAIAAwYqodNCHzQVwADAAYxAAAGAA8AAQIAAAAAAEiSpwAIAAwYqodNCHzSjwADAAYyAAAGAA8AAQIAAAAAAEpmKAAIAAwYqodNCHzffgADAAYzAAAGAA8AAQIAAAAAAEkuRwAIAAwYqodNCHxvHAADAAYwAAAFAAl3YWl0AAAGAA8AAQIAAAAAAABD8QAIAAwYqodNCHxw\/QADAAYxAAAGAA8AAQIAAAAAAABDwgAIAAwYqodNCHx1BQADAAYwAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAJgAIAAwYqodNCHxoDgADAAYzAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABI3eAAgADBiqh00Igvk5AAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUACXVzZWQAAAYADwABAQAAAAAkwe1BAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAsH7AQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAACUIetBAAUAC2NhY2hlZAAABgAPAAEBAAAAADpG50EABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAAAA35dBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAOBOqUEABQAJZnJlZQAABgAPAAEBAAAAAKD8s0EACAAMGKqHT4h9FSwAAgAIY3B1AAADAAYwAAAEAAhjcHUAAAUACXVzZXIAAAYADwABAgAAAAAAFrKDAAgADBiqh0+IfXU9AAMABjIAAAYADwABAgAAAAAAFBusAAgADBiqh0+IfY6xAAMABjMAAAYADwABAgAAAAAAFfvCAAgADBiqh0+IfUlfAAMABjEAAAYADwABAgAAAAAAFftv"} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133371,"flow_src_last_pkt_time":1655315784133517,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1299,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9255,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315784133517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} 01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991539,"flow_src_last_pkt_time":1655315720484900,"flow_dst_last_pkt_time":1655315313991539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63954,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315804133071,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":13,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1655315824133020} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":13,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1655315824133020} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133371,"flow_src_last_pkt_time":1655315834133390,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1299,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17165,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315834133390,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} 01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991539,"flow_src_last_pkt_time":1655315720484900,"flow_dst_last_pkt_time":1655315313991539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63954,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315854133128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465954,"flow_src_last_pkt_time":1655316151465954,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655316151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -71,7 +71,7 @@ 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655316181464412,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_usec":1655316181464412,"pkt":"AAAAAAAAAAAAAAAACABFAAV8xlhAAAERAUrAqLIj78BKQpqYZOIFaLJIAhAFYAAEdXNlcvgFFMcC7YLnXJdq6iy8vLKCzAlatvrBwkJrE96Ca8hAiNz7UuTaNB2VAQDjZhwW8It9Bw6C5dOcFYI7dtaUsqoM3W+UcjrrT3TlmYGZdLqeSCurY+PxhiyPEjq83Kx+9cfb79V6QQOle6UCpNHC5cTbJxieSFgnAJf5U9l1Wb2Zfo1KITT5S1JLK2mB2AhZBzMiAmW7nDv1DYwK1E3Ja+k+cy\/02WZLSF\/4MBU6ElL5un4wRJoLZFKsiRQoRARw+w\/tYjnuompfoCUOnxEAbNO\/ScH8GQMAqxRKubol4sJ34rEuem1hVbus9EhIVHVsndZrfW\/t5p0Ymc5PzzUJQhytc9t0mG8bp8PtBJoOuuKTjAIjgsK6HRvDbBosq8UVWLvRCpGzUMDmhXWm3M3Af\/19vdeNFYDrdeKZl4\/Tiot7Jk4SGJUVLdwRLYXJKVNSDLc+\/2NLSCP3hRgGgkJTram0IrQaOBKTrnVgzs9JG1xVsFY3JAvYZrm2EEmpxYtYVR8eAIattMv0OJ3RVFlsmMqg2eeGd75jusMSQqGOYY1i5+3CJ6pT6\/OSbK6qzW2BKd9B3UtkkBxo5RqaHboxPGcWFP9ceXeIXdp\/k9R+0PKCuHshX4\/ZHPPCpR0XFfXp9ONx\/WS97lCYY1KkrhKcbgcrld\/cVsBWi3ZVWyfgaaD6tDUL73yYB\/HDjD60VIkxHTkOgzHXADKncbnDzeOxTs5w0AyZB8\/y7yXDLHrObGSiP544LREjSMwjQLBMcUwvJSy66lkhW\/720bRu7\/Z8J3zhwUEPu76N0yVimaSbZvDSdiQmOesMZp1xdVC+R5mnJ73b9P1BiCPtcZkSaeIxzVphD0E4FDMO7n639Sb3etUlxEH994EWaUuWyatwWzuPuI6aHd5gs7\/5k9edMeE7INONDor97aMkxNjH45LA7FQQWLxlNG82ECskPeh9eRHEhD01c4OjHspfBLQoWdPKm+FuT9rOuIsOyJjB0CB7yyo2\/sBwQOapu2nKKop3WGOhCekvJa8bGT\/fwtNBu6y9lvflXlB4w+cUn9LHVPd8c55suJBYjaTEjGtpJPPQr5FwLCPb0VQ+d76LnIgPOOqrAXHe8nl5hlL4FQA7x5adn04mFDCeAPZXtv3rDB6BTBpZsMjvH4YfYynU9GuxvQYioQ9CNBjF0HVnHlzElnx8hwrjTUPNs7ClrDa96mzZfFyVb5Nj4ECxJ7iPAuWcneVIn7uPEC1z\/zkMfgUIsDmTIKqAQvLZN5NLHlkeqdFQcGQp+m5b0LZKFsewnwU5Wom6dY70EU47NKObNczXhUieeY9QRG8ZpIRK+A4vdFu4A8IN3hwZbEZfdhEMiiCqXyoGEygAKQQfCZfxj5XXH9P2FkFQR8fFVjJU18UTLX6PfK\/7x1yL3qTxAbbviPoXAsfqh5waRw9YMEb08B\/WYQmyFCYElXrknFcIHnXPqkU6DC7RINGNFZLWpq\/U3L1Isb6\/W1gOsLiDJnMWmPhnseLBCoBKrB1KOZjMd5s+mfB4dnHLTtT5sF2scQr93OceGFLqdFl0POX\/v3abJ4ZP2yYha2NExOMtruFRBbxZ4HF\/wdGc+VkB4AzCn99BfYbV5VwNloBfugi\/5X5G1iqiqGAVZiDPU+u0nZUCeYsB1q9K1\/NmpGiEgNdo81WcEYmMARdF9xmvcOnLMmdOcMlv63fln5KBSKO4HZPzLvwD0pI0AUYlGah1oa9\/zk4QeMBIubH+v1XKARl5SmOXRRBqDat7eVIysKApBnDoFsDxGDTZUVDOsGf4TgfdFNvZu6lJeMPeugL+z+wgF+k="} 02189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655316182371478,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1655316182371478,"pkt":"AAAAAAAAAAAAAAAACABFAATsxv9AAAERATPAqLIj78BKQpqYZOIE2LG4AhAE0AAEdXNlcnP\/uCtk9UXV2KF4JOzP1M1v7q6jawqniLWeIANnL2\/k3sSyHPr3tqTLnAuukLSfxlpixnPsEPx0Zo4Oww1TgylacBsRLCY9L9BPZIhwPUd9+1cDwsYbIA++HJQi+hVC4mgKe4VGv0zjBGe7+ifIIww2jGaTY1Blgv9t7vC9d7ndAN0HBkDs8O\/zvgWZaJvfq4fGvb\/5XmfhyyZ4qLYRdYtSabVScBoObPSfn5ouUsYUF07PMfBvtxV\/apbRdODDfM8eEU3cHVtvDHVfPNHmDKMgO4Z8IosjUrwCc0maYz2m53Uumq1aZqaehZvpt7lahc85fSLehC5NpUixm0Lx+h\/ujjdNrvcaMhw1JlCmSJTwtM\/EgbZpDVag1G5bvmZXLcmg0VE5QVODMtPUOiFVnxHuZ7em8M5APoD2YV5OJuwO1S203xtd9p5GwaU\/p7xn+Vad6uNBMssyRZd1DFsDqNec\/2mUnEeYzQ0y65upIZH9vGNerHd5wExkz7FsIMx3S13uUvn4wDqBrafmQ+FDkktQOlPQKQCp\/7L2mGfKxv\/eoKvpMWMnLuCqjwfSk4fidgiUs\/m4w95YyqeonfzSrcqoqHJ3fyWyw+5xgHEDZacDV4Ns+TmWUKkOgyvJwE+b\/SQWMv\/jfPynda2l0vcIL+hkEpUrZFILSjN89wKmjBSCYPHxh5mXQE6zJIA1\/lm42Ws2JT2S+ySIj5lF+j3LavgWzu6LgcWm3kC80BQusAMGRm5HX7lv+eo7wfeyjF9kwzkXfUzjp8u6PpnZjLLYU0KH9cwFxoJy3O1cDLvkBRdM3BZq9ulTYUekIh71M7sgzqXVnK69LZBSDnT0gFbc8EVuq\/baI30HbLnm6v4phtxorZGfNfwUKiOVg1+m92hZ33VoHullyAzE63i5HEz23N63w1OMMidtcwnQQNv5nLpw3\/rGyhBPakrtlZMqHYa7IKPmIEnvypW5odQzFUn+ewMgVF7IheAe5ktL5eVlqRIBuwuHWex66FM8PsAJ+0GFiVQDT90ORRBulv\/nwrzAF73B2UEjuT7o1XSdo2yzYV+fg0tuAFh+J7b40tEzGMHkSNLR1nFhaO5GaNm72JV6B4GV3KcI7XYFIsQkCMlVJFvhtZvlEEzzKyBObmFid+xH1F+FLuVe\/sawgjTtvxhAeoMv0XwePMnlzUAkaHBI+ToVrXG9TuIYXHfng\/Zvydp8Rup0i1kr6nlU0SjI9FoU7GEx3Af9YoSVdhTuAuvx9gAyHT0\/40EQiUpaScFUKZZzI3+kiAckU5y6lSp2C2D\/KFh\/8TiJ0y\/DQMZrU7s8eIlBc0ciTshw9ABtMfOmuuAgqDx\/GJnXt2TA1+EOW+NMitt+822JWDfRDzWsygrDddbT8Fzr6C7F7UlvifDEWmgAE\/nt78d+PtDMW1S9lGNvzBeXE\/+a22PprpuD7c9xntPU\/aEWUALWBlFO1SgekTxdJK57eae6wWZtWku9YoU7jyqN5MGxMWGFbfQAvQJ3TqPi7FKY+5b3645lan5PFGzus6rBQOo4ZZj5QGYP9SPBCyLQ15ugjV+nlLKc3PQZGgTgCS\/O9M4yjl3lOf2xkK+f0evs7+kT1\/NYdqtOmB5psJPQhvhx32w="} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465954,"flow_src_last_pkt_time":1655316182371478,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1392,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6745,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655316182371478,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":81,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1655316182371478} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":81,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1655316182371478} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 81/81 ~~ skipped flows.............: 0 @@ -80,9 +80,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8666503 bytes -~~ total memory freed........: 8666503 bytes -~~ total allocations/frees...: 140695/140695 +~~ total memory allocated....: 9431133 bytes +~~ total memory freed........: 9431133 bytes +~~ total allocations/frees...: 154661/154661 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 590 chars ~~ json message max len.......: 2401 chars diff --git a/test/results/default/conncheck.pcap.out b/test/results/default/conncheck.pcap.out index 03bdddeb9..5be29d6cc 100644 --- a/test/results/default/conncheck.pcap.out +++ b/test/results/default/conncheck.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784566615744} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784566615744} 00297{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784566615744,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784566615744} 00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1705784566615744,"pkt":"AAAAAAAAAAEAAAABgQANQoEAAHEIAEUAAGDrbAAAOxGATwqE5bAKhhkXCGgIaABMAAAw\/wA8Qy6yBkUoADwAAEAALQbC1QElItMKjlw5Abu\/gJFDna3q2XqvoBL\/\/9pdAAACBAVQBAIICv5MYFQGfShgAQMDCg=="} 00297{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784566818209,"packet_id":2,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784566818209} @@ -14,7 +14,7 @@ 02259{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":1458,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1458,"pkt_l4_len":0,"thread_ts_usec":1705784566615744,"pkt":"AAAAAAAAAAEAAAABgQANQoEAAHEIAEUABZzDCwAAOxGjdAqE5bAKhhkXCGgIaAWIAAAw\/wV4Qy6yBkUoBXj4OUAALQbFXwElItMKjlw5Abu\/gJFDovLq2XtzgBAAgVM\/AAABAQgK\/kxingZ9KlYbAAAEAwBHMEUCIH1I+48VtgltL4hO45iL5N4YyNOHY0hCopyLulL4fbNpAiEAwwv6GIa+vxrZjGQ\/2ZUUvmM9Wh9ZuQ3amGcltaedkCkAdgDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYlsMz37AAAEAwBHMEUCIAEv+h7h2k4nQmm99yVZ3MsFtkykj1XiBkEdWB9a4oZnAiEA0SP7koCLrcSEzcRg+B6eDneAZfL5\/bfvCswPdKikOAQAdgB2\/4g\/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYlsMz5AAAAEAwBHMEUCIQClhSSG67bp7s4pmrgM6Ls4cLna6V1Li3GZxuBBoxpjUQIgYb8ztCLFddNqSfzbUnwUENXinwtKzHQHVtNebY5MYFIwDQYJKoZIhvcNAQELBQADggEBAG6sE1Fv\/EPeZTtbcBA+YBDLcuQvCvxS5fGXaSfbyszKosUKrSPGsEEdfVTQNIi5H+YVivFQ9r2jsxFXGqmmVBX4MOuZQYiJxTghY\/LgP7YNQhsCPwGmQMW6\/Q1U4HNkKqnaTeMKtGy\/pOtcVvQtcjjkmvQECtyb64u6h0BQ98WDi\/36Jf5lFgpntE7GAmAJUas+qFegV27MFre5OGTGQPxWRFqziMUsL0ScEw1t40LM+V4YzFQTn72khB4bdsIypsgxW99EsVQloZ74oOFYuT0KwMca1hbS8WBFRZgOB4mfM9xvheRasjbYtQblFun0XkZ+wiAx5lypPdNfKaBJMw0ABI8wggSLMIIDc6ADAgECAg5HB7EBmgxXrTmz4X2p+TANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTE1MDkwNDAwMDAwMFoXDTI1MDkwNDAwMDAwMFowZjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExPDA6BgNVBAMTM0dsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0EgLSBTSEEyNTYgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmGogU+7HdNeUKB8sVGqcKb+VepSN08O+IWR4MVDDaIYbPIudUgl7b+BzABngE6+VCHoE9gzJD23R+mx1UAbFQxXwKa938HmtIiUwXNn8e7e1k7irKTeA1DApJ2pSn4fJ1cOqL4UnIiRZH9kBIoTXXk3ap5WGhvKn5779Gef1LcyxxI4j5NXEd6tPHO\/9lgK3fRYiItqVoGFu43alHPjqXRbnBK8NhjYGpyVdfxmTiGRGcY4HGOwUBthdpL3TFzvDLMb457uY1LgNq5x8Ykg14y+4fpi2Fnopl226WqtOhsQZ9fKrPVfdeSyCdL7B\/aBW2Ic48Gsjg9A6Lhh4Y8xqECAwEAAaOCAUQwggFAMA4GA1UdDwEB\/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQUaIa4fXrZbUlrhy8YixU0bNe0eg4wHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP\/8\/UswPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxz"} 00297{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784567201381,"packet_id":7,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784567201381} 01179{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":656,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":656,"pkt_l4_len":0,"thread_ts_usec":1705784566615744,"pkt":"AAAAAAAAAAEAAAABgQANQoEAAHEIAEUAAnrDLwAAOxGmcgqE5bAKhhkXCGgIaAJmAAAw\/wJWQy6yBkUoAlb4OkAALQbIgAElItMKjlw5Abu\/gJFDqDbq2XtzgBgAgQszAAABAQgK\/kxingZ9KlZpZ24uY29tL3Jvb3RyMTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QuY3JsMEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAmrmCHN2Dg4uSwMTtAa2E\/E7ubZwdAfpSFNvYwhBjn2s5msccPKCq4xk6\/GRGKu81JgP2BWf6bnThRvtA2G+uLTkhdIafAAUaPy+TW9SkRbw9DCkXWtP7aKYP4ABoebBMsUWLyIWMZw6MfVT4sHXOCqwd12tErP4b1KaYIQk+okszurpLEqhrVyed+pSAtGhMd2D\/1ylaOD3OLUsIVp9py3vY4jb5N2nFzjaXHLoNPxWzZaDsdBK9s63o3p6h7NO\/qeClkW2DWRJWLxOmfnlzoaOJ1eGljM4trIrPYhZlzdnuqLZACLV8UPk3gnqkCzRm7OmXVx+KZz6BvDs10ypIDBYDAwB0DAAAcAMAHSA1\/cAC\/1tj9PPDL+vFPwY8QtUNSjpcFIhItCgOY7cMKgQDAEgwRgIhAOOrhCfX8Wa7ZDDRdRMfDXQegiNHb+rIIpvVyozR147fAiEA0GxRwXqsenjLmG9lCSr2FvVzQvIf\/3bd3MH2HTPjyR8WAwMABA4AAAA="} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1717680638779902} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1717680638779902} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638779902,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1717680638779902,"pkt":"IHwUotKkrpzVkkEiCABFAABNGrRAAEARC64KAQA8CgEAAbXrADUAObVB6kABAAABAAAAAAAAEmNvbm4tc2VydmljZS1ldS0wNAhhbGxhd25vcwNjb20AAAEAAQ=="} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638779902,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -25,15 +25,17 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1717680638899584,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680638899755,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAG7OGO+rSjCgEAPABQweolBJ+MvRWBtqAS\/ohOCQAAAgQFtAQCCAoLgH8amnIb6gEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1717680638906240,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680638906240,"pkt":"IHwUotKkrpzVkkEiCABFAAA0OphAAEAGslEKAQA8jvq0o8HqAFC9FYG2JQSfjYAQAIAhzQAAAQEICppyG\/ALgH8a"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1717680638907186,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680638907186,"pkt":"IHwUotKkrpzVkkEiCABFAAEHOplAAEAGsX0KAQA8jvq0o8HqAFC9FYG2JQSfjYAYAIDm+wAAAQEICppyG\/ELgH8aR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680638899584,"flow_src_last_pkt_time":1717680638907186,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638907186,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680638899584,"flow_src_last_pkt_time":1717680638907186,"flow_dst_last_pkt_time":1717680638899755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638907186,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1717680638907186,"flow_dst_last_pkt_time":1717680638907267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680638907267,"pkt":"rpzVkkEiIHwUotKkCABFAAA0arlAAEAGgjCO+rSjCgEAPABQweolBJ+NvRWCiYAQAfxOAQAAAQEICguAfyGachvx"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1717680638899584,"flow_src_last_pkt_time":1717680638907186,"flow_dst_last_pkt_time":1717680638907392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680638907392,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":302,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639005444,"flow_dst_last_pkt_time":1717680639005444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680639005444,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1717680639005444,"flow_dst_last_pkt_time":1717680639005444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680639005444,"pkt":"IHwUotKkrpzVkkEiCABFAAA8EgZAAEAG2tsKAQA8jvq0o8H4AFDU4k+6AAAAAKAC\/\/9ceAAAAgQFtAQCCAqachxTAAAAAAEDAwk="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1717680639005444,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680639005551,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAG7OGO+rSjCgEAPABQwfjETWtF1OJPu6AS\/ohOCQAAAgQFtAQCCAoLgH+EmnIcUwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1717680639008720,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680639008720,"pkt":"IHwUotKkrpzVkkEiCABFAAA0EgdAAEAG2uIKAQA8jvq0o8H4AFDU4k+7xE1rRoAQAIDQGQAAAQEICppyHFcLgH+E"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1717680639009837,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680639009837,"pkt":"IHwUotKkrpzVkkEiCABFAAEHEghAAEAG2g4KAQA8jvq0o8H4AFDU4k+7xE1rRoAYAICVSAAAAQEICppyHFgLgH+ER0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639009837,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680639009837,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639009837,"flow_dst_last_pkt_time":1717680639005551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680639009837,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1717680639009837,"flow_dst_last_pkt_time":1717680639009877,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680639009877,"pkt":"rpzVkkEiIHwUotKkCABFAAA0afhAAEAGgvGO+rSjCgEAPABQwfjETWtG1OJQjoAQAfxOAQAAAQEICguAf4iachxY"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639009837,"flow_dst_last_pkt_time":1717680639010018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680639010018,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":302,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641054823,"flow_dst_last_pkt_time":1717680641054823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641054823,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1717680641054823,"flow_dst_last_pkt_time":1717680641054823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641054823,"pkt":"IHwUotKkrpzVkkEiCABFAAA8HIBAAEAG0GEKAQA8jvq0o8H6AFC23ySBAAAAAKAC\/\/+dsAAAAgQFtAQCCAqaciRVAAAAAAEDAwk="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1717680641054823,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641055325,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAG7OGO+rSjCgEAPABQwfphoswdtt8kgqAS\/ohOCQAAAgQFtAQCCAoLgIeFmnIkVQEDAwc="} @@ -41,13 +43,15 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1717680641065531,"flow_dst_last_pkt_time":1717680641065531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641065531,"pkt":"IHwUotKkrpzVkkEiCABFAAA8S9NAAEAGIrgKAQA8XHtleZR4AFCBs05pAAAAAKAC\/\/9ThAAAAgQFtAQCCArtH9ZDAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641065617,"pkt":"IHwUotKkrpzVkkEiCABFAAA0HIFAAEAG0GgKAQA8jvq0o8H6AFC23ySCYaLMHoAQAIALHgAAAQEICppyJF8LgIeF"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680641065617,"pkt":"IHwUotKkrpzVkkEiCABFAAEHHIJAAEAGz5QKAQA8jvq0o8H6AFC23ySCYaLMHoAYAIDQTAAAAQEICppyJGALgIeFR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641065617,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641055325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641065617,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641065711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641065711,"pkt":"rpzVkkEiIHwUotKkCABFAAA0ydJAAEAGIxeO+rSjCgEAPABQwfphoswett8lVYAQAfxOAQAAAQEICguAh5CaciRg"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1717680641065531,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641065763,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAGbotce2V5CgEAPABQlHgEniOkgbNOaqAS\/ojMXwAAAgQFtAQCCAoLgIeQ7R\/WQwEDAwc="} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641065617,"flow_dst_last_pkt_time":1717680641065903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680641065903,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":302,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641087390,"pkt":"IHwUotKkrpzVkkEiCABFAAA0S9RAAEAGIr8KAQA8XHtleZR4AFCBs05qBJ4jpYAQAIDGWgAAAQEICu0f1lcLgIeQ"} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1717680641087390,"pkt":"IHwUotKkrpzVkkEiCABFAAEYS9VAAEAGIdoKAQA8XHtleZR4AFCBs05qBJ4jpYAYAIALCwAAAQEICu0f1lcLgIeQR0VUIC9nZW5lcmF0ZTIwNCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpIb3N0OiBjb25uLXNlcnZpY2UtZXUtMDQuYWxsYXdub3MuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641065531,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641087390,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641065531,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641065763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641087390,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641087494,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641087494,"pkt":"rpzVkkEiIHwUotKkCABFAAA0PABAAEAGMpNce2V5CgEAPABQlHgEniOlgbNPToAQAfzMVwAAAQEICguAh6btH9ZX"} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1717680641065531,"flow_src_last_pkt_time":1717680641087390,"flow_dst_last_pkt_time":1717680641087694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":853,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1717680641087694,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":302,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641594363,"flow_dst_last_pkt_time":1717680641594363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641594363,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1717680641594363,"flow_dst_last_pkt_time":1717680641594363,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641594363,"pkt":"IHwUotKkrpzVkkEiCABFAAA8A1tAAEAG6YYKAQA8jvq0o8IIAFDjsnqEAAAAAKAC\/\/8YsAAAAgQFtAQCCAqaciZxAAAAAAEDAwk="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1717680641594363,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641594575,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAG7OGO+rSjCgEAPABQwghT479J47J6haAS\/ohOCQAAAgQFtAQCCAoLgImhmnImcQEDAwc="} @@ -56,24 +60,26 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1717680641595073,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680641595307,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAEAGbmtce2WZCgEAPABQt4RZYl3oU9cAm6AS\/ojMfwAAAgQFtAQCCAoLgImhmmUSiwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1717680641597337,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641597337,"pkt":"IHwUotKkrpzVkkEiCABFAAA0A1xAAEAG6Y0KAQA8jvq0o8IIAFDjsnqFU+O\/SoAQAICemwAAAQEICppyJnQLgImh"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1717680641598489,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680641598489,"pkt":"IHwUotKkrpzVkkEiCABFAAEHA11AAEAG6LkKAQA8jvq0o8IIAFDjsnqFU+O\/SoAYAIBjygAAAQEICppyJnULgImhR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641598489,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641598489,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641598489,"flow_dst_last_pkt_time":1717680641594575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641598489,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1717680641598489,"flow_dst_last_pkt_time":1717680641598552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641598552,"pkt":"rpzVkkEiIHwUotKkCABFAAA0yPZAAEAGI\/OO+rSjCgEAPABQwghT479K47J7WIAQAfxOAQAAAQEICguAiaWaciZ1"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641598489,"flow_dst_last_pkt_time":1717680641598707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680641598707,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":302,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1717680641599621,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641599621,"pkt":"IHwUotKkrpzVkkEiCABFAAA0KydAAEAGQ0wKAQA8XHtlmbeEAFBT1wCbWWJd6YAQAICkQgAAAQEICpplEpALgImh"} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1717680641602917,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1717680641602917,"pkt":"IHwUotKkrpzVkkEiCABFAAEYKyhAAEAGQmcKAQA8XHtlmbeEAFBT1wCbWWJd6YAYAIDo8QAAAQEICpplEpELgImhR0VUIC9nZW5lcmF0ZTIwNCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpIb3N0OiBjb25uLXNlcnZpY2UtZXUtMDQuYWxsYXdub3MuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641595073,"flow_src_last_pkt_time":1717680641602917,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641602917,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.153","src_port":46980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680641595073,"flow_src_last_pkt_time":1717680641602917,"flow_dst_last_pkt_time":1717680641595307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680641602917,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.153","src_port":46980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1717680641602917,"flow_dst_last_pkt_time":1717680641602980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680641602980,"pkt":"rpzVkkEiIHwUotKkCABFAAA02RFAAEAGlWFce2WZCgEAPABQt4RZYl3pU9cBf4AQAfzMdwAAAQEICguAiamaZRKR"} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1717680641595073,"flow_src_last_pkt_time":1717680641602917,"flow_dst_last_pkt_time":1717680641603111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":853,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1717680641603111,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.153","src_port":46980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":302,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680643892628,"flow_src_last_pkt_time":1717680643892628,"flow_dst_last_pkt_time":1717680643892628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643892628,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1717680643892628,"flow_dst_last_pkt_time":1717680643892628,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680643892628,"pkt":"IHwUotKkrpzVkkEiCABFAAA838JAAEAGjsgKAQA8XHtleZSIAFBHLuG9AAAAAKAC\/\/\/vlgAAAgQFtAQCCArtH+FRAAAAAAEDAwk="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1717680643892628,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680643898779,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAADYGeItce2V5CgEAPABQlIhO\/3\/iRy7hvqAS\/oimXAAAAgQFrAQCCAq3WcRu7R\/hUQEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1717680643901387,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680643901387,"pkt":"IHwUotKkrpzVkkEiCABFAAA038NAAEAGjs8KAQA8XHtleZSIAFBHLuG+Tv9\/44AQAIDTIAAAAQEICu0f4Vq3WcRu"} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1717680643902355,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1717680643902355,"pkt":"IHwUotKkrpzVkkEiCABFAAEY38RAAEAGjeoKAQA8XHtleZSIAFBHLuG+Tv9\/44AYAIAX0QAAAQEICu0f4Vq3WcRuR0VUIC9nZW5lcmF0ZTIwNCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpIb3N0OiBjb25uLXNlcnZpY2UtZXUtMDQuYWxsYXdub3MuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680643892628,"flow_src_last_pkt_time":1717680643902355,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643902355,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680643892628,"flow_src_last_pkt_time":1717680643902355,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643902355,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","http": {"url":"conn-service-eu-04.allawnos.com\/generate204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680643920100,"flow_dst_last_pkt_time":1717680643920100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643920100,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1717680643920100,"flow_dst_last_pkt_time":1717680643920100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680643920100,"pkt":"IHwUotKkrpzVkkEiCABFAAA8p3JAAEAGRW8KAQA8jvq0o8IKAFCZFg7KAAAAAKAC\/\/\/F7wAAAgQFtAQCCAqaci+GAAAAAAEDAwk="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1717680643920100,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680643928469,"pkt":"rpzVkkEiIHwUotKkCABFAAA8AABAAHcGteGO+rSjCgEAPABQwgoLlBtDmRYOy6AS\/\/8xzgAAAgQFhAQCCAqvfr3rmnIvhgEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1717680643933122,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680643933122,"pkt":"IHwUotKkrpzVkkEiCABFAAA0p3NAAEAGRXYKAQA8jvq0o8IKAFCZFg7LC5QbRIAQAIBf3gAAAQEICppyL5Ovfr3r"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1717680643933123,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680643933123,"pkt":"IHwUotKkrpzVkkEiCABFAAEHp3RAAEAGRKIKAQA8jvq0o8IKAFCZFg7LC5QbRIAYAIAlDQAAAQEICppyL5Svfr3rR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680643933123,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643933123,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680643933123,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680643933123,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.eu","domainame":"www.google.eu","http": {"url":"www.google.eu\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1717680644128726,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1717680644128726,"pkt":"IHwUotKkrpzVkkEiCABFAAEY38VAAEAGjekKAQA8XHtleZSIAFBHLuG+Tv9\/44AYAIAW+QAAAQEICu0f4jK3WcRuR0VUIC9nZW5lcmF0ZTIwNCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpIb3N0OiBjb25uLXNlcnZpY2UtZXUtMDQuYWxsYXdub3MuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1717680644164002,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1717680644164002,"pkt":"IHwUotKkrpzVkkEiCABFAAEHp3VAAEAGRKEKAQA8jvq0o8IKAFCZFg7LC5QbRIAYAIAkNQAAAQEICppyMGyvfr3rR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogd3d3Lmdvb2dsZS5ldQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680798559360,"flow_dst_last_pkt_time":1717680798559360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680798559360,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -81,19 +87,19 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1717680798559360,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1717680798564341,"pkt":"lrQYc\/0eIHwUotKkCABFAAA8AABAAHUGt\/CO+rSKCgEARgBQ1VSBw+KZEy4JIaAS\/\/8\/gQAAAgQFhAQCCAo1F+Dn0xB7cQEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1717680798568142,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1717680798568142,"pkt":"IHwUotKklrQYc\/0eCABFAAA0LRpAAEAGv94KAQBGjvq0itVUAFATLgkhgcPimoAQAQBtFQAAAQEICtMQe3o1F+Dn"} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1717680798568142,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1717680798568142,"pkt":"IHwUotKklrQYc\/0eCABFAAENLRtAAEAGvwQKAQBGjvq0itVUAFATLgkhgcPimoAYAQDoIgAAAQEICtMQe3s1F+DnR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogcGxheS5nb29nbGVhcGlzLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680798568142,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680798568142,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"play.googleapis.com","domainame":"play.googleapis.com","http": {"url":"play.googleapis.com\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} +01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680798568142,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680798568142,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.googleapis.com","domainame":"play.googleapis.com","http": {"url":"play.googleapis.com\/generate_204","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36","detected_os":"Linux x86_64"}}} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1717680798789824,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1717680798789824,"pkt":"IHwUotKklrQYc\/0eCABFAAENLRxAAEAGvwMKAQBGjvq0itVUAFATLgkhgcPimoAYAQDnRQAAAQEICtMQfFg1F+DnR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENCkNvbm5lY3Rpb246IGNsb3NlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82MC4wLjMxMTIuMzIgU2FmYXJpLzUzNy4zNg0KSG9zdDogcGxheS5nb29nbGVhcGlzLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641065531,"flow_src_last_pkt_time":1717680641096289,"flow_dst_last_pkt_time":1717680641096361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":853,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com"}} -00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1717680643892628,"flow_src_last_pkt_time":1717680650975243,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}} -01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1717680641595073,"flow_src_last_pkt_time":1717680641608255,"flow_dst_last_pkt_time":1717680641608232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":853,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.153","src_port":46980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"conn-service-eu-04.allawnos.com"}} +01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641065531,"flow_src_last_pkt_time":1717680641096289,"flow_dst_last_pkt_time":1717680641096361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":853,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com"}} +00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1717680643892628,"flow_src_last_pkt_time":1717680650975243,"flow_dst_last_pkt_time":1717680643898779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.121","src_port":38024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}} +01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1717680641595073,"flow_src_last_pkt_time":1717680641608255,"flow_dst_last_pkt_time":1717680641608232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":853,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":853,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"92.123.101.153","src_port":46980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638787962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com"}} -01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680638899584,"flow_src_last_pkt_time":1717680638915103,"flow_dst_last_pkt_time":1717680638915187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}} -01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639017905,"flow_dst_last_pkt_time":1717680639017948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}} -01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641087428,"flow_dst_last_pkt_time":1717680641087481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}} -01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641605840,"flow_dst_last_pkt_time":1717680641605905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}} -00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680650974273,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1477,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}} -00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680802234320,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":99,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10946,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1717680802234320} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680638899584,"flow_src_last_pkt_time":1717680638915103,"flow_dst_last_pkt_time":1717680638915187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.google.eu"}} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680639005444,"flow_src_last_pkt_time":1717680639017905,"flow_dst_last_pkt_time":1717680639017948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.google.eu"}} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641054823,"flow_src_last_pkt_time":1717680641087428,"flow_dst_last_pkt_time":1717680641087481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.google.eu"}} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641605840,"flow_dst_last_pkt_time":1717680641605905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.google.eu"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680650974273,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1477,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680802234320,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":99,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10946,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1717680802234320} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 99/92 ~~ skipped flows.............: 0 @@ -102,9 +108,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8671140 bytes -~~ total memory freed........: 8671140 bytes -~~ total allocations/frees...: 140771/140771 +~~ total memory allocated....: 9435802 bytes +~~ total memory freed........: 9435802 bytes +~~ total allocations/frees...: 154737/154737 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 302 chars ~~ json message max len.......: 2264 chars diff --git a/test/results/default/corba.pcap.out b/test/results/default/corba.pcap.out index 86e7975f7..36d64655d 100644 --- a/test/results/default/corba.pcap.out +++ b/test/results/default/corba.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1234165929809181} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1234165929809181} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1234165929809181,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1234165929809181,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.1.1","src_port":42717,"dst_port":56899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809181,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1234165929809181,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pBtAAEAGlp5\/AAEBfwABAabd3kOQX9RSAAAAAKACgBgzXQAAAgRADAQCCAoAE3BJAAAAAAEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1234165929809206,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGOrp\/AAEBfwABAd5Dpt2Q23rIkF\/UU6ASgAC3YwAAAgRADAQCCAoAE3BJABNwSQEDAwc="} @@ -16,7 +16,7 @@ 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1234166104151416,"flow_dst_last_pkt_time":1234166104096487,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":302,"pkt_l4_len":268,"thread_ts_usec":1234166104151416,"pkt":"AAAAAAAAAAAAAAAACABFAAEgAABAAEAR7LMKXxwuCl8cLoatPnABDE43TUlPUBAD5AAAAAAAAQAAAAwAAAAEAAAAAAAAAAAAAABHSU9QAQIBANgAAAAEAAAAAAAAAAEAAAADAAAASAAAAAEBAAAMAAAAMTAuOTUuMjguNDYAcD4AAAEAAAAnAAAAJAAAAAEBAAAJAAAAQ29uc3VtZXIAAAAAAAAAAAEAAAAAAAAAAAAAABQAAAByZWNlaXZlUmVsaWFibGVEYXRhAAAAAAAAAAAAMTIAAMgAAAAEAAAAWOGPSYFOAgBAAAAAQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQAAAAA="} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1234166104096487,"flow_src_last_pkt_time":1234166104156023,"flow_dst_last_pkt_time":1234166104096487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1234166104156023,"l3_proto":"ip4","src_ip":"10.95.28.46","dst_ip":"10.95.28.46","src_port":34477,"dst_port":15984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1234165929809181,"flow_src_last_pkt_time":1234165932080045,"flow_dst_last_pkt_time":1234165932071907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4096,"flow_dst_max_l4_payload_len":4029,"flow_src_tot_l4_payload_len":18310,"flow_dst_tot_l4_payload_len":4122,"midstream":0,"thread_ts_usec":1234166104156023,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.1.1","src_port":42717,"dst_port":56899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1234166104156023} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1234166104156023} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650134 bytes -~~ total memory freed........: 8650134 bytes -~~ total allocations/frees...: 140573/140573 +~~ total memory allocated....: 9414540 bytes +~~ total memory freed........: 9414540 bytes +~~ total allocations/frees...: 154539/154539 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 972 chars diff --git a/test/results/default/cpha.pcap.out b/test/results/default/cpha.pcap.out index d281b97a5..f4045dcbf 100644 --- a/test/results/default/cpha.pcap.out +++ b/test/results/default/cpha.pcap.out @@ -1,10 +1,10 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603354463286532} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603354463286532} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","vlan_id":21,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_usec":1603354463286532,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00805{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1603354463286532} +00805{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1603354463286532} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644843 bytes -~~ total memory freed........: 8644843 bytes -~~ total allocations/frees...: 140533/140533 +~~ total memory allocated....: 9409217 bytes +~~ total memory freed........: 9409217 bytes +~~ total allocations/frees...: 154499/154499 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 963 chars diff --git a/test/results/default/crawler_false_positive.pcapng.out b/test/results/default/crawler_false_positive.pcapng.out index 289886cba..75ed5e540 100644 --- a/test/results/default/crawler_false_positive.pcapng.out +++ b/test/results/default/crawler_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892509284373} +00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892509284373} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509284373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892509284373,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509284373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666892509284373,"pkt":"CL6sCxduJjb1W8R1CABFAAA8KY5AAEAGChTAqAycXbjcHZWTAFBs+j0RAAAAAKAC\/\/\/HSwAAAgQFtAQCCArcRF1kAAAAAAEDAwk="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509292073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666892509292073,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8tqIAADgGxP9duNwdwKgMnABQlZO39n5kbPo9EqAS\/\/9z+AAAAgQFtAQCCApFkddV3ERdZAEDAwk="} @@ -9,7 +9,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666892509294998,"flow_dst_last_pkt_time":1666892509302404,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666892509302404,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0tqMAADgGxQZduNwdwKgMnABQlZO39n5lbPo9I4AQAICiHwAAAQEICkWR12DcRF1v"} 01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509303435,"flow_dst_last_pkt_time":1666892509302404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892509303435,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.digicert.com","domainame":"ocsp.digicert.com","http": {"request_content_type":"application\/ocsp-request"}}} 01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509319173,"flow_dst_last_pkt_time":1666892509318297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":799,"midstream":0,"thread_ts_usec":1666892509319173,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.digicert.com"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1034,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1666892509319173} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1034,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1666892509319173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645309 bytes -~~ total memory freed........: 8645309 bytes -~~ total allocations/frees...: 140551/140551 +~~ total memory allocated....: 9409683 bytes +~~ total memory freed........: 9409683 bytes +~~ total allocations/frees...: 154517/154517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 1108 chars diff --git a/test/results/default/crossfire.pcapng.out b/test/results/default/crossfire.pcapng.out index 47c015c2f..6f3bf4bb2 100644 --- a/test/results/default/crossfire.pcapng.out +++ b/test/results/default/crossfire.pcapng.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1747770266005064} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1747770266005064} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747770266005064,"flow_src_last_pkt_time":1747770266005064,"flow_dst_last_pkt_time":1747770266005064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747770266005064,"l3_proto":"ip4","src_ip":"192.168.1.15","dst_ip":"67.210.208.31","src_port":49797,"dst_port":13008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1747770266005064,"flow_dst_last_pkt_time":1747770266005064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1747770266005064,"pkt":"WJz8EPJuaFRakVvWCABFAAA0ugFAAIAGAADAqAEPQ9LQH8KFMtCuZZPzAAAAAIAC\/\/\/VzwAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1747770266005064,"flow_dst_last_pkt_time":1747770266192673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1747770266192673,"pkt":"aFRakVvWWJz8EPJuCABFAAA0L6xAAHAGBW9D0tAfwKgBDzLQwoXqYQPJrmWT9IASIABTlAAAAgQFnAEDAwgBAQQC"} @@ -22,7 +22,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1747770322821258,"flow_src_last_pkt_time":1747770322821258,"flow_dst_last_pkt_time":1747770322821258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":173,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":173,"midstream":0,"thread_ts_usec":1747770322821258,"l3_proto":"ip4","src_ip":"192.168.1.15","dst_ip":"67.210.208.40","src_port":58790,"dst_port":14037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Crossfire","proto_id":"105","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":16,"category":"RPC"}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1747770266005064,"flow_src_last_pkt_time":1747770322623003,"flow_dst_last_pkt_time":1747770322821258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":445,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":28051,"midstream":0,"thread_ts_usec":1747770322821258,"l3_proto":"ip4","src_ip":"192.168.1.15","dst_ip":"67.210.208.31","src_port":49797,"dst_port":13008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Crossfire","proto_id":"105","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":16,"category":"RPC"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1747770322821258,"flow_src_last_pkt_time":1747770322821258,"flow_dst_last_pkt_time":1747770322821258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1747770322821258,"l3_proto":"ip4","src_ip":"192.168.1.15","dst_ip":"67.210.208.38","src_port":51836,"dst_port":12007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Crossfire","proto_id":"105","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":16,"category":"RPC"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1747770322821258} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/crossfire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1747770322821258} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652687 bytes -~~ total memory freed........: 8652687 bytes -~~ total allocations/frees...: 140588/140588 +~~ total memory allocated....: 9417125 bytes +~~ total memory freed........: 9417125 bytes +~~ total allocations/frees...: 154554/154554 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 11391 chars diff --git a/test/results/default/crynet.pcap.out b/test/results/default/crynet.pcap.out index e8e808ae3..f6dd1d3b7 100644 --- a/test/results/default/crynet.pcap.out +++ b/test/results/default/crynet.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663053319315000} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663053319315000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663053319315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663053319315000,"pkt":"eJS0JASgYDjgxTWgCABFAABiTCIAAH8RZ1zAqAJkTp92YfGNYycATjhrPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAEAAAAAAAAAARHZiPEYhJ98Ekv15rJNB070HsYAjtelIOS7\/FaGTcNxA=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663053319315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1663053319427000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1663053319427000,"pkt":"eJS0JASgYDjgxTWgCABFAAENTCMAAH8RZrDAqAJkTp92YfGNYycA+dc4twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKALLez3wAN7++JPrzMT38iX1WAjfTctCz5DQW2Gr52YR6j8NlMBYhOJtQoUHxWCr79vIUajpzWXoiTJxxi4wkpAsXoa6o3PGme6\/1vAonPYaENBaP83tcQBWM5F7CctUortxGxwNJCzC9Ng4j6g\/M10VJx\/+uWwf2XNZu+YTz0cFhVKD8b3EyMN0OKFLxjveSPCFnaIrDkrsYSHksMYnidzTlDmbVkI\/TwEtMTUGYmv\/K8tH5HZVgkUeK3w2NFKXJmMwkHObFIIO9Wtu40KY6w=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1663053319451000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663053319451000,"pkt":"eJS0JASgYDjgxTWgCABFAABeTCQAAH8RZ17AqAJkTp92YfGNYycASqIEu1TNMFI7KjNcy30zZh7kTKyCtibj5Ew6S3L3XbNweck02v9yC85o1\/QG3mAVSF2v178BxRBCueTrL00RuPSJPkfw"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1663053319456000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1663053319456000,"pkt":"eJS0JASgYDjgxTWgCABFAABOTCUAAH8RZ23AqAJkTp92YfGNYycAOmtU9A4B7\/sy9rQJaZpS1ZjPxtRWqt1UsEDlsdYvzNiHXlYQ36yJt6tP5zK6OP2iIuXDoH0="} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1663054340264000} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1663054340264000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663054340264000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663054340264000,"pkt":"eJS0JASgYDjgxTWgCABFAABi6scAAH8RL4jAqAJkJTo49dwNTxoATkBTPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAIAAAAAAAAAAjxLoziqJeNB3TOIAvp1HVUPwwhoEa8nhYPd5MbnCISkw=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663054340264000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663054340492000,"flow_dst_last_pkt_time":1663054340492000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663054340492000,"pkt":"eJS0JASgYDjgxTWgCABFAAD96skAAH8RLuvAqAJkJTo49dwNTxoA6Ti1twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh3drXUfBsymjYclKxpc0nfGK4TXfQ\/ZSFodhwO7TchiHrNe49me58e8bAAF0I5F+veDMTcPaTIoyhzRIr6m6Z+CQOrG3Nvv5hothMloBht44k3gby0eyZA8TY4qdQtt6AYi3PRm5uclYvCq7ZM0GzREHOCsM\/h3pJ8dIne0rl8Yv9UgWddpCFQWkiWUe8V0eVdRqpF4eAMBu6EaVBsGFq1obTzwAbq+Z\/AwxrK1Xtv1qLyBe4BTjjP7SPqWmHWyI"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663054340511000,"flow_dst_last_pkt_time":1663054340492000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663054340511000,"pkt":"eJS0JASgYDjgxTWgCABFAABe6soAAH8RL4nAqAJkJTo49dwNTxoASie1u6Um18UiAc6pJXjjl\/HaNSDy6KAZaciEAaWBHHD0wMybHHlIRagmxlljIDbFX86yQQAXEeT6hI04WN7LK1Fbtr9a"} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319756000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663054340750000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1663085644364000} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1663085644364000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663085644364000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663085644364000,"pkt":"eJS0JASgYDjgxTWgCABFAABiEW8AAH8RLCHAqAJkVBDm3t6Kb\/kATnW6PAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAMAAAAAAAAAAxNRIfGTwR+QCEti3EMpFVQUjpXNe1F8lY80rv42uT7UA=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663085644364000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1663085644862000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663085644862000,"pkt":"eJS0JASgYDjgxTWgCABFAAD9EXEAAH8RK4TAqAJkVBDm3t6Kb\/kA6Sf1twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7h+WQPdzYtRujvIv99Gk4jK5CTYtKMcC8UdvPHTkwMgv+CqSO\/LPaCHfKYn\/qLUXKya\/WMk8UEbZcOxwqjti+zv7dA6vrTWc2C\/bio3R8dE2bVVZbga+3ONnGrLsbTsX0xoj2QaGBCLAdRWxgab3ISN7Kk+HGnPTiKc7GqjMvt66EEvs79X9BPSniUDFUWQ7OB3ZrrH+fG8WChwJChWKyc1UHcxBPrsbIkc7Zz+aZYp63dfaXDBKUO5TM6wJXKs5"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1663085644878000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663085644878000,"pkt":"eJS0JASgYDjgxTWgCABFAABeEXIAAH8RLCLAqAJkVBDm3t6Kb\/kASp3Du8hOJwkzpDMeJIiqYysbahdAbCneww7mPP0qdlopQndRNSW4Hvz1o7Z0XzePGFOyamSlKQFqSXW59rtF9f1o0hC2"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340750000,"flow_dst_last_pkt_time":1663054340651000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1663085645134000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4099,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1663087012386000} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4099,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1663087012386000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663087012386000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663087012386000,"pkt":"eJS0JASgYDjgxTWgCABFAABiWwwAAH8RbHXAqAJkTp9iXtldbtcATsvtPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAEAAAAAAAAAARP2yVOOppoNSzHVb7aVJGzvGqD\/2urmHg+Q2g7KegnkQ=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663087012386000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -34,7 +34,7 @@ 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1663087012600000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663087012600000,"pkt":"eJS0JASgYDjgxTWgCABFAABeWw4AAH8RbHfAqAJkTp9iXtldbtcASiuhu7hTlkLWJMqukwgQRylK5qgiLSt9XVj0u0sQ8ebeC3F2lAmzaT1fMxkq7a+2soe7OxLP59ZLK7oofqm79eExsFje"} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663087012606000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1663087012606000,"pkt":"eJS0JASgYDjgxTWgCABFAABOWw8AAH8RbIbAqAJkTp9iXtldbtcAOmEb9J0pHkeKMvM7Xkxdv+3E0sy5KB0kANOKPFc0\/VebRRnb5+QoZ3Mrtf9BC\/abuZwnrKw="} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085645134000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1313,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663087012873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1690748853317402} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1690748853317402} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690748853317402,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690748853317402,"pkt":"eJS0JASgYDjgxTWgCABFAABiGQIAAH8REt3AqAJkVBD4j+1PdZIATnKmPAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAJAAAAAAAAAAkdjp3RMzFPjpS+Wr+8IHfk2zWlV90jwStZ3EBEfsVDkg=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690748853317402,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -51,7 +51,7 @@ 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1690749276056149,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1690749276056149,"pkt":"eJS0JASgYDjgxTWgCABFAAENI8IAAH8RmufAqAJkTp9qi+tAbrcA+U1QtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAug8yp8Qv8TeWfHQtc3YYH0QzMa6rPBBh7r86MQSgH+LNvWKGO1aam6d5zesL+sUrF6Ua+4CYT4UxlWoLk8it1sGIVwsHw8kPIqURbyn87lSjBx+EtL3kcCJd9kbwqoHNYYl8vr8h\/pQyPDY\/ybl6Qwn\/XMkSLUm2ozx+ocAL3SGobGPEaWQ9OWNjOTl7uDiKpBrygQ3id7tOI36I6GmEl\/Tp54jwr5vadXwcWL1EaB7bvcFBmu9\/MyRxHuzsWY\/Iy1vmeVBmRgJ+QgzZSkyjLg=="} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1690749276072688,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1690749276072688,"pkt":"eJS0JASgYDjgxTWgCABFAABuI8MAAH8Rm4XAqAJkTp9qi+tAbrcAWmUpu3tPZAeQ46M6mABOvfTiLmhjk5Eo7IVF5El0OH9Oalhsd6e845+k7R3mRhdmSAjukoEpvToeTF5uw4+ZNVffp2IhCQbEzT+aUmfmbrcP3OMEDg=="} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853790269,"flow_dst_last_pkt_time":1690748853462657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1150,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1690749276312337,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8210,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1690750256496605} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8210,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1690750256496605} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690750256496605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690750256496605,"pkt":"eJS0JASgYDjgxTWgCABFAABivOoAAH8R9mXAqAJkTp92j9ikVasATlq9PAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAHAAAAAAAAAAcaZmSmn4yqST2dsNw5sE0qvA1Y7T4SUNxW2dvvvwLc+w=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690750256496605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -60,7 +60,7 @@ 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1690750257016787,"flow_dst_last_pkt_time":1690750257223019,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1690750257223019,"pkt":"YDjgxTWgeJS0JASgCABFAACh7\/5AADkRyRJOn3aPwKgCZFWr2KQAjXYqhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8dpRYQ+oNgGmLuIRx8o3yqGljPRSQdKg6s3ezQfd1fFfc8W50rmMGhRKqYvRWSqBS+yTBzDYMRASmWsy5F8aPQAAAAE2AjgcjCwPjZjKtR64trQyF9DwO6AwDZRSMKKRxDbkOg=="} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1690750257223299,"flow_dst_last_pkt_time":1690750257223019,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1690750257223299,"pkt":"eJS0JASgYDjgxTWgCABFAAD9vO0AAH8R9cfAqAJkTp92j9ikVasA6U89twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJayDQss1yqjCVCoRYctWeyPGeh+rCqtfCAIezh5tfYD49Oxy7cP6xgAn1J2UkUSha0Yjsn7UHAsO+lM\/OP0MxdkHqrKyWhPVzyEGXJI+V1GZ5uZtKBSxmQ2LpU\/fF1GAhhx4zkZTb6htgJ9EmSVdNHDsFhdFkst7D5VTXje47jWx68FCg42Rr02\/Qmpgfh4mPfHHczsTnssYMMZB0Psd4i03cSDcEnIP2kzIf0IYx8G8rXQ3qhVAEUIr1uuv2oqp"} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1690749275638306,"flow_src_last_pkt_time":1690749276312337,"flow_dst_last_pkt_time":1690749276197934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1136,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1690750257436073,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.106.139","src_port":60224,"dst_port":28343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9667,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1748527271259112} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9667,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1748527271259112} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748527271259112,"flow_src_last_pkt_time":1748527271259112,"flow_dst_last_pkt_time":1748527271259112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748527271259112,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"23.81.180.139","src_port":60588,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1748527271259112,"flow_dst_last_pkt_time":1748527271259112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":45,"pkt_l4_len":11,"thread_ts_usec":1748527271259112,"pkt":"FEm8iwNUYDjgxTWgCABFAAAfxgIAAH8R5+jAqAFeF1G0i+ys7qAACypuNDk4"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1748527271259112,"flow_dst_last_pkt_time":1748527271421388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":11,"thread_ts_usec":1748527271421388,"pkt":"YDjgxTWgFEm8iwNUCABFAAAfhspAADYRMCEXUbSLwKgBXu6g7KwACypuNDk4AAAAAAAAAAAAAAAAAAAA"} @@ -69,7 +69,7 @@ 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1748527273260887,"flow_dst_last_pkt_time":1748527272421882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":45,"pkt_l4_len":11,"thread_ts_usec":1748527273260887,"pkt":"FEm8iwNUYDjgxTWgCABFAAAfxgQAAH8R5+bAqAFeF1G0i+ys7qAACy92NTEy"} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1748527271259112,"flow_src_last_pkt_time":1748527275262903,"flow_dst_last_pkt_time":1748527275425152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1748527275425152,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"23.81.180.139","src_port":60588,"dst_port":61088,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750257417113,"flow_dst_last_pkt_time":1690750257436073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1058,"flow_dst_tot_l4_payload_len":399,"midstream":0,"thread_ts_usec":1748527275425152,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1756724364593380} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1756724364593380} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1756724364593380,"flow_src_last_pkt_time":1756724364593380,"flow_dst_last_pkt_time":1756724364593380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1756724364593380,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"78.159.118.108","src_port":62092,"dst_port":26830,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1756724364593380,"flow_dst_last_pkt_time":1756724364593380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1756724364593380,"pkt":"FEm8iwNUYDjgxTWgCABFAABmY6YAAH8RUM\/AqAFeTp92bPKMaM4AUvFIBQAAAEQAAAAAAAAABAAAAAIAAAABAAAABwAAAAMHAAAABwAAAAAAAAAHPmhqsbJt7zfHOtVc\/98+GevVcPzEsgZpnJd\/PWdOAR0="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1756724364593380,"flow_src_last_pkt_time":1756724364593380,"flow_dst_last_pkt_time":1756724364593380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1756724364593380,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"78.159.118.108","src_port":62092,"dst_port":26830,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -78,7 +78,7 @@ 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1756724364736551,"flow_dst_last_pkt_time":1756724364720006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1756724364736551,"pkt":"FEm8iwNUYDjgxTWgCABFAABuY6gAAH8RUMXAqAFeTp92bPKMaM4AWiWMEQkqbekygUHOHZeM7RXwa6ORMoJ37aOJzKXuwo2zqpKZ1LcH112y+imlK2lPXyt9VGwfSVY9hRyLsHy424BzhhsqUiLrXD0m3XdkUzb8r6YZEw=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1756724364752673,"flow_dst_last_pkt_time":1756724364720006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1756724364752673,"pkt":"FEm8iwNUYDjgxTWgCABFAABOY6kAAH8RUOTAqAFeTp92bPKMaM4AOpaEEgoRV13iW8THqXuRcRByYK6X7Ar64WJRTHfreP+GGiTY2PjEGFHXMgpBzVrtlaSQDn8="} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1748527271259112,"flow_src_last_pkt_time":1748527275262903,"flow_dst_last_pkt_time":1748527275425152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1756724364986035,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"23.81.180.139","src_port":60588,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1756845264652256} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1756845264652256} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1756845264652256,"flow_src_last_pkt_time":1756845264652256,"flow_dst_last_pkt_time":1756845264652256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1756845264652256,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"212.95.44.193","src_port":62898,"dst_port":23103,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1756845264652256,"flow_dst_last_pkt_time":1756845264652256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1756845264652256,"pkt":"FEm8iwNUYDjgxTWgCABFAABm2EwAAH8RoBPAqAFe1F8swfWyWj8AUuwBBQAAAEQAAAAAAAAABAAAAAIAAAABAAAABwAAAAMHAAAADQAAAAAAAAANLUGLFV\/K3vbSGV4z2NLA68kR7F3DLf983zPoOYMbIkY="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1756845264652256,"flow_src_last_pkt_time":1756845264652256,"flow_dst_last_pkt_time":1756845264652256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1756845264652256,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"212.95.44.193","src_port":62898,"dst_port":23103,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -87,7 +87,7 @@ 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1756845265026199,"flow_dst_last_pkt_time":1756845265025907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1756845265026199,"pkt":"FEm8iwNUYDjgxTWgCABFAAEN2E4AAH8Rn2rAqAFe1F8swfWyWj8A+XGekgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA09GD9VDPLZj\/N9vHLxo3RIGVH6lQsHW1uoEgBovF7h3FXAlxQOM9iHo5MvYzObDfFVHwo7MuTo8FOUBOBxjKGVfp0j37CDbO\/3VQl7+UGFkP33EipCQFbOX4bjt9Ob9dPV807tRzqpDDXjS2qzsIZl\/F1Vu5sEerOpV5BL6qXNGhGhqHi0PInI5vTjJqe7Jz3IJs3KYz+yCCkADqsNcVXj9mxTC00TtVs6S43icNQ6ePTBb9cYc6e1CNKtD9vdZ5GciiSjDORR9XlOG8taTFJA=="} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1756845265038387,"flow_dst_last_pkt_time":1756845265025907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1756845265038387,"pkt":"FEm8iwNUYDjgxTWgCABFAABu2E8AAH8RoAjAqAFe1F8swfWyWj8AWkVlEXQchYcCOMszMqyEIix3zwtxaGHZ0RoYiMELp7bprsE0nYExO9upVY8vSFkxclR2Wxl92Nioc357DfdZLw4gzUdSQTrJB72PNCmbk+KjNGYHug=="} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1756724364593380,"flow_src_last_pkt_time":1756724364986035,"flow_dst_last_pkt_time":1756724364973501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":249,"midstream":0,"thread_ts_usec":1756845265287931,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"78.159.118.108","src_port":62092,"dst_port":26830,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1756925030265577} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1756925030265577} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1756925030265577,"flow_src_last_pkt_time":1756925030265577,"flow_dst_last_pkt_time":1756925030265577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1756925030265577,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"189.1.173.216","src_port":63564,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1756925030265577,"flow_dst_last_pkt_time":1756925030265577,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":45,"pkt_l4_len":11,"thread_ts_usec":1756925030265577,"pkt":"FEm8iwNUYDjgxTWgCABFAAAfd+cAAH8RlwbAqAFevQGt2PhM7qAAC4rQMTkw"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1756925030265577,"flow_dst_last_pkt_time":1756925030472221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":11,"thread_ts_usec":1756925030472221,"pkt":"YDjgxTWgFEm8iwNUCABFAAAfbxdAADQRqta9Aa3YwKgBXu6g+EwAC4rQMTkwAAAAAAAAAAAAAAAAAAAA"} @@ -96,7 +96,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1756925032266730,"flow_dst_last_pkt_time":1756925032472723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":11,"thread_ts_usec":1756925032472723,"pkt":"YDjgxTWgFEm8iwNUCABFAAAfcrVAADQRpzi9Aa3YwKgBXu6g+EwAC4LQMTk4AAAAAAAAAAAAAAAAAAAA"} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1756925030265577,"flow_src_last_pkt_time":1756925035269708,"flow_dst_last_pkt_time":1756925034475246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1756925035269708,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"189.1.173.216","src_port":63564,"dst_port":61088,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1756845264652256,"flow_src_last_pkt_time":1756845265287931,"flow_dst_last_pkt_time":1756845265141641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1756925035475731,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"212.95.44.193","src_port":62898,"dst_port":23103,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":99,"global_ts_usec":1757007129470014} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":99,"global_ts_usec":1757007129470014} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757007129470014,"flow_src_last_pkt_time":1757007129470014,"flow_dst_last_pkt_time":1757007129470014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757007129470014,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"178.162.197.242","src_port":60063,"dst_port":28944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1757007129470014,"flow_dst_last_pkt_time":1757007129470014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1757007129470014,"pkt":"FEm8iwNUYDjgxTWgCABFAABmHkkAAH8R4qLAqAFesqLF8uqfcRAAUtZJBQAAAEQAAAAAAAAABAAAAAIAAAABAAAABwAAAAMHAAAAAgAAAAAAAAACFgjofxD2K1lqLFFgiujuzA\/pSaX7XK1RcA\/2j8T2mrw="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757007129470014,"flow_src_last_pkt_time":1757007129470014,"flow_dst_last_pkt_time":1757007129470014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757007129470014,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"178.162.197.242","src_port":60063,"dst_port":28944,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -105,7 +105,7 @@ 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1757007129591717,"flow_dst_last_pkt_time":1757007129582517,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1757007129591717,"pkt":"FEm8iwNUYDjgxTWgCABFAABuHksAAH8R4pjAqAFesqLF8uqfcRAAWjZhEUCoKHkvr9r+Gp\/9\/SbP9Jviak21L+Age6rRgOoexdaIBpYoeKNByrFgwvNuzdAHNBYZfWhfSTZxHrYoGIatPYDfv+4qcUJhgSMku7itsdwWQA=="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1757007129607973,"flow_dst_last_pkt_time":1757007129582517,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1757007129607973,"pkt":"FEm8iwNUYDjgxTWgCABFAABOHkwAAH8R4rfAqAFesqLF8uqfcRAAOrxxEkFLcURRb2GbnvssuaMkqkhwwYCv2bu3K3TXwOLFunOHYYStXN0hkPStXEmG1TI2e80="} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1756925030265577,"flow_src_last_pkt_time":1756925061491741,"flow_dst_last_pkt_time":1756925061698072,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1757007129907982,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"189.1.173.216","src_port":63564,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":176,"packets-processed":175,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":108,"global_ts_usec":1757091667526969} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":176,"packets-processed":175,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":108,"global_ts_usec":1757091667526969} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757091667526969,"flow_src_last_pkt_time":1757091667526969,"flow_dst_last_pkt_time":1757091667526969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757091667526969,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"178.162.204.181","src_port":58834,"dst_port":29183,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1757091667526969,"flow_dst_last_pkt_time":1757091667526969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1757091667526969,"pkt":"FEm8iwNUYDjgxTWgCABFAABmFy8AAH8R4vnAqAFesqLMteXScf8AUk+kBQAAAEQAAAAAAAAABAAAAAIAAAABAAAABwAAAAMHAAAABwAAAAAAAAAHQKvUIBjiDE4Fmirhae3Q+MK49ihtel7jfJgNeynF3ek="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757091667526969,"flow_src_last_pkt_time":1757091667526969,"flow_dst_last_pkt_time":1757091667526969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757091667526969,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"178.162.204.181","src_port":58834,"dst_port":29183,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -114,7 +114,7 @@ 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1757091667730009,"flow_dst_last_pkt_time":1757091667720111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1757091667730009,"pkt":"FEm8iwNUYDjgxTWgCABFAABuFzEAAH8R4u\/AqAFesqLMteXScf8AWn+kEcbup66f3zH6HYL0\/o+y6VSwM7KkZH\/k27WykR0S7WaNIfRufwWwg+ICvrXE\/nYv9N5VuBpBI2R1h8YT1+al8nfyRhqr2q\/M5y2JQJmoVL6c8Q=="} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1757091667730022,"flow_dst_last_pkt_time":1757091667720111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1757091667730022,"pkt":"FEm8iwNUYDjgxTWgCABFAAENFzIAAH8R4k\/AqAFesqLMteXScf8A+d9rkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANUJOMF9TpPpvEpBiJOI47xZXBbnHlgw3\/BOolHXAtowTDNuWxzEQxpuLGDmgW0WCSSetllUjRCEsTlgnITT8TYZVHdHygPnSL+jhnwS9OQOINB48sHKgO09\/zcv7jA2oiSCiamoJ0mIEcFBOvVqskMcMono4Vr8tJWvf4jZWRO2OlhCCHuHHsTnOtNTaKUdkJdVwix4MSZjfP5lU6p30+YAsjQp4QEu7idwlDp9L1Xp+Gfzm4Ix+GvTXec+m1BAf18CYvBrUpo3p1OhdlLOoRg=="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1757007129470014,"flow_src_last_pkt_time":1757007129907982,"flow_dst_last_pkt_time":1757007129582517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1138,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1757091667912829,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"178.162.197.242","src_port":60063,"dst_port":28944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":191,"packets-processed":190,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":117,"global_ts_usec":1757180730818403} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":191,"packets-processed":190,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":117,"global_ts_usec":1757180730818403} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757180730818403,"flow_src_last_pkt_time":1757180730818403,"flow_dst_last_pkt_time":1757180730818403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757180730818403,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"78.159.118.197","src_port":63584,"dst_port":29584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1757180730818403,"flow_dst_last_pkt_time":1757180730818403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1757180730818403,"pkt":"FEm8iwNUYDjgxTWgCABFAABm4k0AAH8R0c7AqAFeTp92xfhgc5AAUkf+BQAAAEQAAAAAAAAABAAAAAIAAAABAAAABwAAAAMHAAAABwAAAAAAAAAHckT94Je66x0t0z7KEaNPZ7AwuL1nHP0pkv0mufqTJ7U="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757180730818403,"flow_src_last_pkt_time":1757180730818403,"flow_dst_last_pkt_time":1757180730818403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757180730818403,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"78.159.118.197","src_port":63584,"dst_port":29584,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -123,7 +123,7 @@ 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1757180731166549,"flow_dst_last_pkt_time":1757180731166249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1757180731166549,"pkt":"FEm8iwNUYDjgxTWgCABFAAEN4k8AAH8R0SXAqAFeTp92xfhgc5AA+Z0SkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1AlqUDWI3iJNr7fsZA9\/88jPZ1\/u7Bm9NHGN4Nm0Ow79vaV8xObez8++a907bFWs6OpYotZ8JK+UYFYmNyJywge8mWkJbRHMzakMFn8yIzOvLZG2eIUS2j8\/XpXcEG\/QyAuFdfEPyhcT50boZvLswCsLkuMGN19aB44mk\/erZCp9qRu9xbVJQhNe8V9LIhgd3LuJLzExVFhCWgQiOJX4klLZzb3R19zGMN85LDLGSuPFbMLJE5vWzvif8WHqpbrvrw9io46nYjjrbyd404Hzxw=="} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1757180731166549,"flow_dst_last_pkt_time":1757180731167173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1757180731167173,"pkt":"YDjgxTWgFEm8iwNUCABFAAChBOlAADcRtvhOn3bFwKgBXnOQ+GAAjX8ZkQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5X1Y8HBxEZiw5BGcV\/NT6lvRRgxWljUctTLgsZjQlmER7viNa1Y1LDA6yTn886noqyBT6Kem89zQta90pIqGtQAAAAGbKejNevXwWzYfKZhY5FRKVYQqYKyzYqiWsIriYOWdTA=="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1757091667526969,"flow_src_last_pkt_time":1757091667912829,"flow_dst_last_pkt_time":1757091667898857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1002,"flow_dst_tot_l4_payload_len":365,"midstream":0,"thread_ts_usec":1757180731338949,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"178.162.204.181","src_port":58834,"dst_port":29183,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1757240641978994} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1757240641978994} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757240641978994,"flow_src_last_pkt_time":1757240641978994,"flow_dst_last_pkt_time":1757240641978994,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757240641978994,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"46.165.211.36","src_port":55118,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1757240641978994,"flow_dst_last_pkt_time":1757240641978994,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1757240641978994,"pkt":"FEm8iwNUYDjgxTWgCABFAAAgE0cAAH8RZLbAqAFeLqXTJNdO7qAADBGwMTIzNA=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1757240641978994,"flow_dst_last_pkt_time":1757240641995005,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"thread_ts_usec":1757240641995005,"pkt":"YDjgxTWgFEm8iwNUCABFAAAgCr9AADcRdT4updMkwKgBXu6g104ADBGwMTIzNAAAAAAAAAAAAAAAAAAA"} @@ -132,7 +132,7 @@ 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1757240643980312,"flow_dst_last_pkt_time":1757240642996262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1757240643980312,"pkt":"FEm8iwNUYDjgxTWgCABFAAAgE0kAAH8RZLTAqAFeLqXTJNdO7qAADBCsMTI0OA=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1757240641978994,"flow_src_last_pkt_time":1757240645982356,"flow_dst_last_pkt_time":1757240645998551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1757240645998551,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"46.165.211.36","src_port":55118,"dst_port":61088,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1757180730818403,"flow_src_last_pkt_time":1757180731321141,"flow_dst_last_pkt_time":1757180731338949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1010,"flow_dst_tot_l4_payload_len":464,"midstream":0,"thread_ts_usec":1757240645998551,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"78.159.118.197","src_port":63584,"dst_port":29584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":221,"packets-processed":220,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1757775840977961} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":221,"packets-processed":220,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1757775840977961} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757775840977961,"flow_src_last_pkt_time":1757775840977961,"flow_dst_last_pkt_time":1757775840977961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757775840977961,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"46.165.211.36","src_port":64498,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1757775840977961,"flow_dst_last_pkt_time":1757775840977961,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":45,"pkt_l4_len":11,"thread_ts_usec":1757775840977961,"pkt":"FEm8iwNUYDjgxTWgCABFAAAfh4wAAH8R8HHAqAFeLqXTJPvy7qAAC+xCMTE0"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1757775840977961,"flow_dst_last_pkt_time":1757775840993829,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":11,"thread_ts_usec":1757775840993829,"pkt":"YDjgxTWgFEm8iwNUCABFAAAfGQdAADcRZvcupdMkwKgBXu6g+\/IAC+xCMTE0AAAAAAAAAAAAAAAAAAAA"} @@ -142,7 +142,7 @@ 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1757775840977961,"flow_src_last_pkt_time":1757775844981679,"flow_dst_last_pkt_time":1757775844997651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1757775844997651,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"46.165.211.36","src_port":64498,"dst_port":61088,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1757240641978994,"flow_src_last_pkt_time":1757240674350211,"flow_dst_last_pkt_time":1757240673365153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1757775844997651,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"46.165.211.36","src_port":55118,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1757775840977961,"flow_src_last_pkt_time":1757775873346525,"flow_dst_last_pkt_time":1757775872361492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1757775873346525,"l3_proto":"ip4","src_ip":"192.168.1.94","dst_ip":"46.165.211.36","src_port":64498,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":235,"packets-processed":235,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1757775873346525} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":235,"packets-processed":235,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1757775873346525} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 235/235 ~~ skipped flows.............: 0 @@ -151,9 +151,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8688085 bytes -~~ total memory freed........: 8688085 bytes -~~ total allocations/frees...: 140929/140929 +~~ total memory allocated....: 9452939 bytes +~~ total memory freed........: 9452939 bytes +~~ total allocations/frees...: 154895/154895 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/custom_breed_cat.pcap.out b/test/results/default/custom_breed_cat.pcap.out index 509300987..486279578 100644 --- a/test/results/default/custom_breed_cat.pcap.out +++ b/test/results/default/custom_breed_cat.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1749221300106583} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1749221300106583} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1749221300106583,"flow_src_last_pkt_time":1749221300106583,"flow_dst_last_pkt_time":1749221300106583,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1749221300106583,"l3_proto":"ip6","src_ip":"2001:db8::1","dst_ip":"2001:db8::c2fd:b817:5ca8:82dd","src_port":33408,"dst_port":16690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1749221300106583,"flow_dst_last_pkt_time":1749221300106583,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1749221300106583,"pkt":"AAAAAAAAAAAAAAAAht1gAABJACgGQCABDbgAAAAAAAAAAAAAAAEgAQ24AAAAAML9uBdcqILdgoBBMrsTw9wAAAAAoAL\/xLT6AAACBP\/EBAIICuR2vAcAAAAAAQMDBw=="} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1749221336091557,"flow_src_last_pkt_time":1749221336091557,"flow_dst_last_pkt_time":1749221336091557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1749221336091557,"l3_proto":"ip6","src_ip":"2001:db8::2","dst_ip":"2001:db8::cba5:51b2:8733:6d9e","src_port":33408,"dst_port":38542,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -16,7 +16,7 @@ 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1749221300106583,"flow_src_last_pkt_time":1749221300106583,"flow_dst_last_pkt_time":1749221300106583,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1749221515682405,"l3_proto":"ip6","src_ip":"2001:db8::1","dst_ip":"2001:db8::c2fd:b817:5ca8:82dd","src_port":33408,"dst_port":16690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01052{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1749221515682405,"flow_src_last_pkt_time":1749221515682405,"flow_dst_last_pkt_time":1749221515682405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1749221515682405,"l3_proto":"ip6","src_ip":"2003:db8::4","dst_ip":"2001:db8::7b51:316f:9fe:4940","src_port":33408,"dst_port":42695,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1749221515682405,"flow_src_last_pkt_time":1749221515682405,"flow_dst_last_pkt_time":1749221515682405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1749221515682405,"l3_proto":"ip6","src_ip":"2003:db8::4","dst_ip":"2001:db8::7b51:316f:9fe:4940","src_port":33408,"dst_port":42695,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1749221515682405} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_breed_cat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1749221515682405} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652362 bytes -~~ total memory freed........: 8652362 bytes -~~ total allocations/frees...: 140574/140574 +~~ total memory allocated....: 9416832 bytes +~~ total memory freed........: 9416832 bytes +~~ total allocations/frees...: 154540/154540 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 1058 chars diff --git a/test/results/default/custom_categories.pcapng.out b/test/results/default/custom_categories.pcapng.out index e615db3ca..80b54ab92 100644 --- a/test/results/default/custom_categories.pcapng.out +++ b/test/results/default/custom_categories.pcapng.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":921159918266121} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":921159918266121} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918266121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":921159918266121,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918266121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":921159918266121,"pkt":"AGCXrkniAACGApxRht1gAAAAACgGQCABDbgAAQAAAAAAAAAAAAEgAQ24AgAAAAAAAAAAAAAB\/NBRhNZ28yEAAAAAoAIgAOtZAAACBAWgAQMDAAEBCAoACMpXAAAAAA=="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918323110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":921159918323110,"pkt":"AACGApxRAGCXrkniht1gAAAAACgGPSABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABUYT80Ax6BePWdvMioBIhXG9FAAACBATEAQMDAAEBCAoAAWklAAjKVw=="} @@ -8,7 +8,7 @@ 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":921159918404039,"flow_dst_last_pkt_time":921159918402990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":101,"pkt_l4_len":47,"thread_ts_usec":921159918404039,"pkt":"AGCXrkniAACGApxRht1gAAAAAC8GQCABDbgAAQAAAAAAAAAAAAEgAQ24AgAAAAAAAAAAAAAB\/NBRhNZ28yIMegXzgBghXPiEAAABAQgKAAjKVwABaSVTU0gtMS41LTEuMi4yNgo="} 01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918404039,"flow_dst_last_pkt_time":921159918402990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":921159918404039,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.5-1.2.26","server_signature":"SSH-1.5-1.2.26","hassh_client":"","hassh_server":""}}} 02359{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159920416135,"flow_dst_last_pkt_time":921159920477444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":568,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":1335,"midstream":0,"thread_ts_usec":921159920477444,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":56989,"avg":140688.3,"max":385938,"stddev":76774.1,"var":5894261248.0,"ent":4.8,"data": [56989,57531,79880,80387,89216,138763,253258,182381,385938,91317,93080,94647,191269,165005,76892,108844,123707,109411,199372,90998,94037,69367,74265,78602,142565,139480,141464,314131,235639,200458,202444]},"pktlen": {"min":72,"avg":135.7,"max":640,"stddev":113.0,"var":12766.0,"ent":4.7,"data": [80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116]},"bins": {"c_to_s": [12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [3.368683577,4.029293060,3.817690372,4.358336926,4.312359810,6.673550606,6.224353790,3.789912701,4.102612972,4.484647751,4.159218788,6.579281807,6.467639446,3.817690372,4.106600761,6.354053020,6.361316204,3.779428005,4.600508690,5.055481434,3.751650333,4.102612972,6.370564461,4.049995422,4.126422405,4.126422405,4.078803539,7.576204777,3.789912701,4.708058834,3.789912701,5.130954742]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4626,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1372147721244685} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4626,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1372147721244685} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1372147721244685,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244685,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1372147721244685,"pkt":"AA4M4kUbACNaf3GXCABFAAA87cpAAEAG1CSsGtssrB5FZ+UPABbU06naAAAAAKACOQjEsQAAAgQFtAQCCAoplUQQAAAAAAEDAwc="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1372147721244833,"pkt":"ACNaf3GXAA4M4kUbCABFAAA8AABAAEAGwe+sHkVnrBrbLAAW5Q9l97pw1NOp26ASFqC2AgAAAgQFtAQCCAoIsgfsKZVEEAEDAwc="} @@ -19,11 +19,11 @@ 01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721256013,"flow_dst_last_pkt_time":1372147721255988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1372147721256013,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_6.1","server_signature":"SSH-1.99-OpenSSH_4.3","hassh_client":"D6593B3202A30B2AA9793A00F8647A0A","hassh_server":""}}} 01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721256013,"flow_dst_last_pkt_time":1372147721258988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":704,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":725,"midstream":0,"thread_ts_usec":1372147721258988,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_6.1","server_signature":"SSH-1.99-OpenSSH_4.3","hassh_client":"D6593B3202A30B2AA9793A00F8647A0A","hassh_server":"500033A73A293E7C36743693D0D4596B"}}} 01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159923590712,"flow_dst_last_pkt_time":921159923604621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":879,"flow_dst_tot_l4_payload_len":3747,"midstream":0,"thread_ts_usec":1372147721351034,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1536820136171967} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1536820136171967} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536820136171967,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536820136171967} 00776{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":346,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":346,"pkt_l4_len":0,"thread_ts_usec":1372147721351034,"pkt":"AAAAEABx1JToDq3KgQABHYEAAHmIZBEAIXUBPgBXYA+EAwEUMjIqAQ40729DQJS+XazCCtKgIAEWcAAIQKagjjMrqmkY3CxYL7oAAAAB9z4M1SEeGqQ7VD\/8uYulUwNGJm\/OK8amyLr31U5ficc+rCHRtb\/T3cgFN7Omq98Xcc2KqKObdmG5QJsjAR6nscPvKVK5EQQ2CtXgQ2ekli85AWg\/\/9hDrwzDTYQCdc04v178i1vzDmCn1E6C0ltXFPME9jPS9nyo6OU4GZzL4WKFeXnOWd820KgwjMMCcUzamtrkQtu\/aKLDIzQKRkoT5GPfQKPWU5curqG35\/fVuD6MuVU49VS296Pb0Kuy+euctUZkgyPAOdaQzWXn8dfRYDWVRLmvOnjyARednGx7v5AEEw0GOFVD4kR8htGuevYonoWDIkWmw5\/cutFIs5NF1fWRfG6VNRiBgVSHZg=="} 01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721351034,"flow_dst_last_pkt_time":1372147721311475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":704,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1372147721351034,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1536820136171967} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1536820136171967} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 85/84 ~~ skipped flows.............: 0 @@ -32,9 +32,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655849 bytes -~~ total memory freed........: 8655849 bytes -~~ total allocations/frees...: 140637/140637 +~~ total memory allocated....: 9420255 bytes +~~ total memory freed........: 9420255 bytes +~~ total allocations/frees...: 154603/154603 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 313 chars ~~ json message max len.......: 2364 chars diff --git a/test/results/default/custom_fingerprint.pcap.out b/test/results/default/custom_fingerprint.pcap.out index 7b51c9568..927aa1a92 100644 --- a/test/results/default/custom_fingerprint.pcap.out +++ b/test/results/default/custom_fingerprint.pcap.out @@ -1,4 +1,4 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":280220686,"flow_src_last_pkt_time":280220686,"flow_dst_last_pkt_time":280220686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":280220686,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"204.14.73.14","src_port":41400,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":280220686,"flow_dst_last_pkt_time":280220686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":280220686,"pkt":"UlQAEjUCCAAns+YuCABFAAA8REBAAEAG1VAKAAIPzA5JDqG4AbuaORNAAAAAAKAC+vD7fAAAAgQFtAQCCAqcyEKxAAAAAAEDAwc="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":280220686,"flow_dst_last_pkt_time":280329726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":280329726,"pkt":"CAAns+YuUlQAEjUCCABFAAAsBXIAAEAGVC\/MDkkOCgACDwG7obgB7x4BmjkTQWAS\/\/8GDQAAAgQFtA=="} @@ -8,7 +8,7 @@ 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":280330126,"flow_dst_last_pkt_time":280330213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":280330213,"pkt":"CAAns+YuUlQAEjUCCABFAAAoBXUAAEAGVDDMDkkOCgACDwG7obgB7x4CmjkT5VAQ\/\/8dJgAA"} 01718{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":280220686,"flow_src_last_pkt_time":280330126,"flow_dst_last_pkt_time":280448811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":280448811,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"204.14.73.14","src_port":41400,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"whatsapp.com","domainame":"whatsapp.com","tls": {"version":"TLSv1.2","server_names":"*.whatsapp.com,whatsapp.com","ja3s":"a704460bd0a887c62e4f462bf1bba96b","ja4":"t12d1206h2_0cf722e5493e_4bc6cc91817c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Clara, O=WhatsApp, Inc., CN=*.whatsapp.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:E9:E3:D8:DE:00:63:A7:53:D8:13:A5:46:4A:D2:EA:E9:79:EF:19","blocks":0}}} 01191{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":12,"flow_first_seen":280220686,"flow_src_last_pkt_time":280763559,"flow_dst_last_pkt_time":280763328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":786,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":6152,"midstream":0,"thread_ts_usec":280763559,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"204.14.73.14","src_port":41400,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":280763559} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/custom_fingerprint.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":280763559} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657145 bytes -~~ total memory freed........: 8657145 bytes -~~ total allocations/frees...: 140566/140566 +~~ total memory allocated....: 9421519 bytes +~~ total memory freed........: 9421519 bytes +~~ total allocations/frees...: 154532/154532 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 521 chars ~~ json message max len.......: 1723 chars diff --git a/test/results/default/custom_risk_mask.pcapng.out b/test/results/default/custom_risk_mask.pcapng.out index ed22f75e7..8df13b4fd 100644 --- a/test/results/default/custom_risk_mask.pcapng.out +++ b/test/results/default/custom_risk_mask.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104378045695} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104378045695} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378045695,"pkt":"MzMANk5E\/PiuTCJLht1gAAAAACYRAf6AAAAAAAAAB8DnTofDXZP\/AgAAAAAAAAAAAAAAAQADGlUU6wAmkyP2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01153{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1470104378045695} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1470104378045695} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647356 bytes -~~ total memory freed........: 8647356 bytes -~~ total allocations/frees...: 140546/140546 +~~ total memory allocated....: 9411762 bytes +~~ total memory freed........: 9411762 bytes +~~ total allocations/frees...: 154512/154512 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 595 chars ~~ json message max len.......: 1158 chars diff --git a/test/results/default/custom_rules_ip.pcapng.out b/test/results/default/custom_rules_ip.pcapng.out new file mode 100644 index 000000000..0abc46f64 --- /dev/null +++ b/test/results/default/custom_rules_ip.pcapng.out @@ -0,0 +1,36 @@ +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1761052469511855} +00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1761052469511855,"flow_src_last_pkt_time":1761052469511855,"flow_dst_last_pkt_time":1761052469511855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052469511855,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"213.75.170.11","src_port":42176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1761052469511855,"flow_dst_last_pkt_time":1761052469511855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1761052469511855,"pkt":"ILAB4IZiEJgZwDaQCABFAAA8NvFAAEAGwk3AqAF+1UuqC6TAAbvqAkHXAAAAAKAC+vBBrAAAAgQFtAQCCAo2djMzAAAAAAEDAwc="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1761052470535508,"flow_dst_last_pkt_time":1761052469511855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1761052470535508,"pkt":"ILAB4IZiEJgZwDaQCABFAAA8NvJAAEAGwkzAqAF+1UuqC6TAAbvqAkHXAAAAAKAC+vBBrAAAAgQFtAQCCAo2djczAAAAAAEDAwc="} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1761052480612678,"flow_src_last_pkt_time":1761052480612678,"flow_dst_last_pkt_time":1761052480612678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052480612678,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"8.248.73.247","src_port":41162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1761052480612678,"flow_dst_last_pkt_time":1761052480612678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1761052480612678,"pkt":"ILAB4IZiEJgZwDaQCABFAAA8bfJAAEAGt7TAqAF+CPhJ96DKAbvG2W6eAAAAAKAC+vAVRAAAAgQFtAQCCAoRqBV8AAAAAAEDAwc="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1761052481671119,"flow_dst_last_pkt_time":1761052480612678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1761052481671119,"pkt":"ILAB4IZiEJgZwDaQCABFAAA8bfNAAEAGt7PAqAF+CPhJ96DKAbvG2W6eAAAAAKAC+vAVRAAAAgQFtAQCCAoRqBmfAAAAAAEDAwc="} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1761052494259331,"flow_src_last_pkt_time":1761052494259331,"flow_dst_last_pkt_time":1761052494259331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052494259331,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"54.80.47.130","src_port":56052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1761052494259331,"flow_dst_last_pkt_time":1761052494259331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1761052494259331,"pkt":"ILAB4IZiEJgZwDaQCABFAAA82SRAAEAGOZ\/AqAF+NlAvgtr0AFDjAr5uAAAAAKAC+vAoJwAAAgQFtAQCCArb46NFAAAAAAEDAwc="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1761052494259331,"flow_dst_last_pkt_time":1761052494360487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1761052494360487,"pkt":"EJgZwDaQILAB4IZiCABFAAA8AABAAPEGYcM2UC+CwKgBfgBQ2vRCXdgU4wK+b6ASaN+ZfwAAAgQFtAQCCApdFaov2+OjRQEDAwg="} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1761052494360552,"flow_dst_last_pkt_time":1761052494360487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1761052494360552,"pkt":"ILAB4IZiEJgZwDaQCABFAAA02SVAAEAGOabAqAF+NlAvgtr0AFDjAr5vQl3YFYAQAfYoHwAAAQEICtvjo6pdFaov"} +00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1761052494360723,"flow_dst_last_pkt_time":1761052494360487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1761052494360723,"pkt":"ILAB4IZiEJgZwDaQCABFAAB\/2SZAAEAGOVrAqAF+NlAvgtr0AFDjAr5vQl3YFYAYAfYoagAAAQEICtvjo6pdFaovR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDU0LjgwLjQ3LjEzMA0KVXNlci1BZ2VudDogY3VybC84LjUuMA0KQWNjZXB0OiAqLyoNCg0K"} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1761052494259331,"flow_src_last_pkt_time":1761052494360723,"flow_dst_last_pkt_time":1761052494360487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":75,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052494360723,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"54.80.47.130","src_port":56052,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"54.80.47.130","domainame":"54.80.47.130","http": {"url":"54.80.47.130\/","code":0,"content_type":"","user_agent":"curl\/8.5.0"}}} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1761052494360723,"flow_dst_last_pkt_time":1761052494461750,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1761052494461750,"pkt":"EJgZwDaQILAB4IZiCABFAAA0vXJAAPEGpFg2UC+CwKgBfgBQ2vRCXdgV4wK+uoAQAGkvrgAAAQEICl0VqpTb46Oq"} +01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1761052469511855,"flow_src_last_pkt_time":1761052470535508,"flow_dst_last_pkt_time":1761052469511855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052494562938,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"213.75.170.11","src_port":42176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1761052469511855,"flow_src_last_pkt_time":1761052470535508,"flow_dst_last_pkt_time":1761052469511855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052494562938,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"213.75.170.11","src_port":42176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01055{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1761052480612678,"flow_src_last_pkt_time":1761052481671119,"flow_dst_last_pkt_time":1761052480612678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052494562938,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"8.248.73.247","src_port":41162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1761052480612678,"flow_src_last_pkt_time":1761052481671119,"flow_dst_last_pkt_time":1761052480612678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052494562938,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"8.248.73.247","src_port":41162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1761052494259331,"flow_src_last_pkt_time":1761052494462047,"flow_dst_last_pkt_time":1761052494562938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":75,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1761052494562938,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"54.80.47.130","src_port":56052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/custom_rules_ip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1761052494562938} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 12/12 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 75 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 9414606 bytes +~~ total memory freed........: 9414606 bytes +~~ total allocations/frees...: 154539/154539 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 555 chars +~~ json message max len.......: 1214 chars +~~ json message avg len.......: 883 chars diff --git a/test/results/default/custom_rules_ipv6.pcapng.out b/test/results/default/custom_rules_ipv6.pcapng.out index b302a36e8..7f57f9a75 100644 --- a/test/results/default/custom_rules_ipv6.pcapng.out +++ b/test/results/default/custom_rules_ipv6.pcapng.out @@ -1,9 +1,9 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":921159902141757} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":921159902141757} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902141757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":921159902141757,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902141757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":921159902141757,"pkt":"AGCXun1\/AACGUYYrht1gAAAAACQRQD\/+BQcAAAABAgCG\/\/4FgNo\/\/gUBSBkAAAAAAAAAAABCVDIU1QAkkJMABgEAAAEAAAAAAAAGaXRvanVuA29yZwAA\/wAB"} 01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":510,"pkt_l4_len":456,"thread_ts_usec":921159902215272,"pkt":"AACGUYYrAGCXun1\/ht1gAAAAAcgR5j\/+BQFIGQAAAAAAAAAAAEI\/\/gUHAAAAAQIAhv\/+BYDaFNVUMgHInvQABoWAAAEABgACAAUGaXRvanVuA29yZwAA\/wABwAwAAgABAAAOEAAUB2NvY29udXQGaXRvanVuA29yZwDADAACAAEAAA4QABoFdGlnZXIFaGlyb28Ib3Nob2t1amkDb3JnAMAMAA8AAQAADhAAFgAKB2NvY29udXQGaXRvanVuA29yZwDADAAPAAEAAA4QABMAFARraXdpBml0b2p1bgNvcmcAwAwAAQABAAAOEAAE0qBfYcAMAAYAAQAADhAAMQZpdG9qdW4Db3JnAARyb290Bml0b2p1bgNvcmcAC+pHaAAADhAAAAEsADbugAAADhDADAACAAEAAA4QABQHY29jb251dAZpdG9qdW4Db3JnAMAMAAIAAQAADhAAGgV0aWdlcgVoaXJvbwhvc2hva3VqaQNvcmcAB2NvY29udXTADAABAAEAAA4QAATSoF9hBXRpZ2VyBWhpcm9vCG9zaG9rdWppwBMAAQABAAAOEAAE0pEh8gRraXdpwAwAHAABAAAOEAAQP\/4FAQQQAAACwN\/\/\/kcDPsFzABwAAQAADhAAED\/+BQEEEAEAUlQA\/\/7aSL\/BcwABAAEAAA4QAATSoF9j"} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":476,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1639052947771491} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":476,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1639052947771491} 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1287,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1287,"pkt_l4_len":1233,"thread_ts_usec":1639052947771491,"pkt":"AAAAAAAAAAIAMzxWht1gAAAABNERPyR\/hVteFjyvPyxBNJWSZhshvLJzf2iI13eoBYU5kJJ7AGQHxwTRtFQX\/v0AAQAAAAAaDQS8AAEAAAAAGg3ty6JKrYU18U2SnV6TZ4GWPTkMaTeI9UivesrOAyLeyxCH9Ett98n\/BUnyUWlx5VOsHuSnNHK30aiWa0bQql\/OXO+\/gsGi9Vb3WsWwYwBW0pVyHQ0B46+DlfcYN9qmkFlJh9kPJ0YDdosoedP6B1hATFaaYqjsVizwYv4HbXzokGD8PNwSlO3kQDrYIDtSZtpx53PdVwuoZxmUt2\/suWUGs8IBjSst\/7lN9W\/tNGh8FPVXN62L5CDnpEZkkIUsEaeXQROB99R7U\/ALAM\/PILPWGKHcK40NY0zdzRDoPZgcslPBdXAvOL0SyOsktYL4LsfNMroozoQrT1QygQh\/o+MoyM33fxWmZDikDkltMfPc33LY24DbMLEUJSzHfiOjIRCt2AqzjcvSCQ38yEO+w9IlHTAlWBz5qVIMz7e1qCh3VJZC2Uk5DzFw28f9kldm3DfO9X7n7ddcO7HPXGEKSAl\/dwOtNCSxzRyxVMkINXT1F8R3Kr1X0P79jeYNVsXDuoN440ZxqXaTe3v0EasLalE31omPrKPox8OjFKowZ\/SB2G59InZnkarkjdu7hofmRIpcf1D0LJ3M2t8stXvQJI6nUBwyqpp5ngwHNvz79ijs5osivjMa3ty3XsPR+UNx8lznc42OZ1sGTXR0GLXtbRRqi7Z+4UroQBOGMmj+qZ8+nmZa1QVZaDNzAO8RnvnWLVhMuivh1V4phVCw91Xn3+UI\/Yq\/HuRtkiiI4kcN+I7R7A0JaMt0M2QaUHpH\/RO\/Z5WhuDGAMKrjoa7iJZvXMIIyECgYOrb7SOnPE2s3lSzDu7L3oxtwwlAylIXUQaomQnBMvB3FgbB6sUeYuhXFnMNy372f9keLastrb\/zBNJ51N\/OVuA6B8wsbBsXGn8cGnWZR2no5OrWHInzQk69yG731TtvqCHK0cXkmZv8FcaBZBELVB9ipqEVcSZkd+jnn\/t8Abzkn7pB+sMPEXMqIs5QJ7XJPl0ndMGtuhy6yPPoXAW+ICkWKMXbgJRWDbCXvYXNR4+vU\/VosznWRONI5l3QbtVvN+cDigIswYX29jz4xZcn6V4kBfpRMLOAzyovu9Kqb4CMRAAZG3cC2PKlxE5a1Le13Q1hKVJKJpAITen73s\/tG1LSh8h0ljZQqCT9vsB418MDr50io5+X4sUm3wUHzm6zfNYpxQupY1pT1JptaHZiDxZjS3ZXx6kha2vcHtmQyYyxdoRL9hcTVRT8MNr4FV7Wcl6hfgek7k1qWbCCdZejjISGI+kEtgx0Q6LVKF6ecXJ3rg4aQXVd2dslKHzHPrIAHtxUnnqmjZyXIQ2ftOFVgObSb+gEi\/MesMAdhLiYHOOuP+UEVRIAuAkdvrQn+T4E6jQ\/y2JFluy8pQnPkoLwOumUrd5SpyEaqoCaTiXWXj4KqbJyqqSa5WR\/Tqdr8FovyWg3dT0gR6zCv6HfHWt1gY7rHuLyUJN3p3vhJlqMR6cesxmaJwoXuqhhOLnvYjvUbc\/hIxS8Bbqpi4atOXiC6GVEtb4bWUS\/ux9Fq2ZwJ4B\/5D0UfjHbWiETDrnG4dRBdY8Qzx3a3pDvzONf1PZ1KOdnkPMqzglGKxtgmCYP53\/TX"} 00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -12,7 +12,7 @@ 00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":36098,"dst_port":50621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00940{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":448,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":448,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2926,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1697468695606215} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2926,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1697468695606215} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12719,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":318,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":318,"pkt_l4_len":264,"thread_ts_usec":1697468695606215,"pkt":"MzMAAAABdKy5BVOoht1gCiQKAQgRAf6AAAAAAAAAdqy5\/\/5swST\/AgAAAAAAAAAAAAAAAAABMa9pcQEICAgCBgD8NQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAACAAp0rLlswSTAqAGKNQAEAAAAAAEABnSsuWzBJAoABAAaK9ALAApVQVAtQUMtUHJvDAAFVTdQRzIDACNCWi5xY2E5NTZ4XzYuNS4yOCsxNDQ5MS4yMzAxMjcuMTYxMhYADDYuNS4yOC4xNDQ5MRUABVU3UEcyFwABABgAAQAZAAEBGgABARMABnSsuWzBJBIABAAAAGwbAAUzLjQuMScACGzPYx5MclIbKgAQoL0SJJZDS0aMz2MeTHJSGywAAQA4AAEA"} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fedd:a1e2","dst_ip":"ff02::1","src_port":12719,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -31,7 +31,7 @@ 00928{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":36098,"dst_port":50621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3950,"total-not-detected-flows":5,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1697468695606215} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3950,"total-not-detected-flows":5,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1697468695606215} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -40,9 +40,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659616 bytes -~~ total memory freed........: 8659616 bytes -~~ total allocations/frees...: 140604/140604 +~~ total memory allocated....: 9424116 bytes +~~ total memory freed........: 9424116 bytes +~~ total allocations/frees...: 154568/154568 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 593 chars ~~ json message max len.......: 2220 chars diff --git a/test/results/default/custom_rules_overwrite_domains.pcap.out b/test/results/default/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..7098bc99c --- /dev/null +++ b/test/results/default/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,46 @@ +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1760964921304285} +00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921304285,"flow_dst_last_pkt_time":1760964921304285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964921304285,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1760964921304285,"flow_dst_last_pkt_time":1760964921304285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964921304285,"pkt":"ILAB4IZiqFlfzU+rCABFAAA8yU1AAEAGxvnAqAGPQOmnVLT2AbsBqlR6AAAAAKAC+vCqowAAAgQFtAQCCApGF7LlAAAAAAEDAwc="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1760964921304285,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964921326634,"pkt":"qFlfzU+rILAB4IZiCABFAAA8AABAAHkGV0dA6adUwKgBjwG7tPYRFA33AapUe6AS\/\/9SbgAAAgQFhAQCCApov72dRhey5QEDAwg="} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1760964921326683,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964921326683,"pkt":"ILAB4IZiqFlfzU+rCABFAAA0yU5AAEAGxwDAqAGPQOmnVLT2AbsBqlR7ERQN+IAQAfaqmwAAAQEICkYXsvtov72d"} +03909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1760964921327839,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2541,"pkt_l4_len":2507,"thread_ts_usec":1760964921327839,"pkt":"ILAB4IZiqFlfzU+rCABFAAnfyU9AAEAGvVTAqAGPQOmnVLT2AbsBqlR7ERQN+IAYAfa0RgAAAQEICkYXsvxov72dFgMBCaYBAAmiAwMaU+TBMUSEAo3PPdaiYZIHeLZAnuXKdOmlUoP8hjhbmiB0x6tsneFlZ\/TDANZ42Wty6qDgfmMtoYovgQQAhr4ZswAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEACTcAAAAYABYAABNhY2NvdW50cy5nb29nbGUuY29tABcAAP8BAAEAAAoAEAAOEewAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwASAAAAMwUvBS0R7ATAwrnEfzBAUsyDpptJ1pNziNdpf1J+pNtSbXNBlASQxKASOUiDU+M7ueCaErm7N4yY1bosxWm4RoK8dGKKUwcTKGKSjcioQDaAS4twdpzCnjnIOXV4BIuj1JOqnBN1SwQlf7uk4NSjVGzMhcU7tOiPVZgDiHeH\/pN996a33ZS\/GncW+1wUCoZl22tNB+GqbmmvIHUQCswvitoM4OVleti4altRmolW6owLzZEcZBlO2eY2i6o4CSUmzUkUgNFfKYpQjSeKgEOxbdFF5OYeD0BFoSBjYymVedTB9VefH3y55ocqiDN09ZSfPtkdYqNlEqXDm7hyXxnFEyo0bIhqsIpYhDOAsytIISZrG7lTykQQ32AKIdkROhYMkGU2IDVb\/nWzfuSq3UzCoYODZuwwDEsVp\/uNjecx2pxI8RCdR7JjtWgbvnTG\/CKzwdSiKCR9yQR2SrxGLpl2NcgQwqoW+DVMGSoUv6HBa2ZLpBdDhMpLNuhduwInCBojztIdani5oixMcfFD02vE\/UjAzgq8DbA7mQKWMYXNK9h1IKDEGFJyiuFREVOEmZAbDOpUiyhwBwe5+SlJuwJSA6aDmEmbhuqDAuU8s9UZm6Y\/mDeg\/WxVcMkSXKp2StKxPDKoCYygOdOl+6BsK2yhE7pmNLTM1VF6pSCzB5k4tlJedQddaKKK3uyb7DuXp+ecx+TDFBls72EpLlsXRLOOGKIvDdpmLwkebPynvRUO1tJM0xVwLlEyj9BkwzGuCiG87us4VDfEG+Rskqt091pOjSEyslUk\/ZY4K+l+5XAeIpIrjMx0kfYL6bITPVSd8Ch0CQg3OxMoY5U4oFA+YqpFa4RjSeiTReHM09kdbhWCLGAfjjZnQ3ik7bR9WGl1AGwp4HFf1OGzsxmG9jYJ5RIMfQQvd9GKnrerU6x3\/AkWSNaxXfpqZWygIQOcXIuFLBELRoEOWSknI5cshDwUNIJwXqHFWqgKD2Q0ZIgYwmwSLpxWGQiN2My7PIaHM2XE2cVLJIq2M4GxZUIUbuVve9q3a2Yvn5WvMfl5jgcGMaCKT8iR6odEiEfFUqaxjAmI7kVKhVAf8mo18RhxSaw0JgZtdqyUDtqNpIUf6RZLa+qfg8WUxWMCykiN0XJmDQa2wFR2DgMbhBJwgqS9h+l54nyI3iAbDJkcYUVEgnpeF3c+IxZcPHdJwwg2ibSBjhTOJHC8VhEiplSXhnZM5uQq2SZTSjAkMklAG0FhCfQ8jGHCO4ddh+J6wgnKW7Zd1HUo7foWWCaVGnINQve8+KYyiESqczWF+qhG9eJq6UVCpycH1+MoGOg2fonN\/ESYFCNH8OViVGyFOaO9PGyG3zivjiRXUzI+iQGX4dCAFVZyZZVg75EMT5Rw+sgp9EG7PqGP2qmVs6ZVLDtzVJUMC1JyYOhrV+ZhZcR8uyyVFRKx+aE6TsMEBJpn9uABUItr2Ga9V3Y7vJwUCropjgA7JeCg\/XN2z+Kv9oIthSxaJwo+hXOQt9qYZ1oe8RNMXflal+XGFqtE3qgM74kkwzFxfQyhq7PZ4B+kro0nz0\/8dli00FTH1xR9+kyJ1\/urxyCKCmusaz\/zgyXsdXOMVpuGRuA23Z3tVRVJZpQAx\/gaIQAdACCKCmusaz\/zgyXsdXOMVpuGRuA23Z3tVRVJZpQAx\/gaIQAXAEEEKUtGeducSjkaryrptqdJHnWixhjyibf4CSw3cbDQMgB762\/YVmtrD8+FZWmuGto2HNw3N4Vb6co7Wt6E2NNglwAqAAAAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABsABwYAAQACAAP+DQI5AAABAAN8ACCF2be2m34juCDj2RPa7TiQS4b5clILe+pJ23qQayDs4QIPMOTqR\/+30ll++M+UAqJx5VXZXDXPh3+h5NMJOrBmyQm5NXiypHtVC7H7aYKNFjvudalzwXUnBQuf44W7o7Oop+eRLq7ybROnKuSf313X2gBLFl4LIvQm33i7ZP23WJV7vgk06R\/83qaSdn5LulwvMwpQOU23wZbetJBk4K\/rjqq2Cv6LjvpTtEYGgAxAaX\/wO+T18IBA0aXde\/rEdW1jhzmRBmIjHWrWUi4RhDX95G\/szgti2vkvssBh0mkPhvP0ioXj7O68cr4RLj9cN9d7vHq2KwkrVJEqE6Cxf0oh6FB+IE2+OamvLmHQgL0ZLtoFdX5nIoIi7L\/c\/dxSuuJHHlT9pTJhtK1jxohclQ7UJ78UbRzwPvje6OZ90Cp1GaszCB5nCen+eAaTtiNbgXZCzxHWdq5AIiZZT2b8E4AuYXNVHAJZNGCFh5d2q8HS7YoA\/ftID5hOJajKriJspFOyW5SRbd+JWAeB\/0sJU5IglvaQdOU+UGelw+n\/eI34s3kPcotyq7GHJ7hy7frutkHsBYAOQ4P4jKO431KR3aDC3gXPIYxTjdfP1EvCgi3SBhn1t\/vnhZmNWBg0KiDkR2H1sw7TcLltWzdJVma+HykV1xw\/viFuYjMMuX8AwjvT2424iefCFFU54GdqCOfscw7DkvAXD0iAmm8Ja1\/Dk3DxOt5nbCnL5OG8SHv8JSlwirwAKQEXAPIA7AJ+c0oJ3gB2LhiU7ohdYAdR9CAwuoyPTO4wPx+yZ6I0z78S9GBN+uYaM5kk8cLgR3qwrm3cgLF9wuv0IGG1QMj\/Exhjt1BUc\/U\/SZsN1mX0GlRkITJFfxByM99EEiygcXWZPcCXyg2QI2DUhAfBL7Ea+kSLm1zn4aIe6tliArX9IQmF7Dq1YSupERmOLrtPlPl3xEvT+eyIzW9rE3srKHG9rR0Np+SUJ9OggnTs+Guo342e2gTIXRumfnQLo1SWAZexyqbjAvm78D6hX0R6c6uOVfA4YTYI13pKBQQh6uesL0JSVQoSJrfLd46NjwTMoQAhIPZF8\/w+\/N38eg\/ptvuKgDxIw2yMxXBZgd6CegtmMOGT"} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921327839,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2475,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2475,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964921327839,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1718h2_5b57614c22b0_e7cacf613b58","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1760964921328359,"flow_dst_last_pkt_time":1760964921326634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1760964921328359,"pkt":"ILAB4IZiqFlfzU+rCABFAAA6yVFAAEAGxvfAqAGPQOmnVLT2AbsBql4mERQN+IAYAfaqoQAAAQEICkYXsv1ov72dFAMDAAEB"} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921328401,"flow_dst_last_pkt_time":1760964921348760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4419,"flow_dst_max_l4_payload_len":1858,"flow_src_tot_l4_payload_len":6900,"flow_dst_tot_l4_payload_len":1858,"midstream":0,"thread_ts_usec":1760964921348760,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1718h2_5b57614c22b0_e7cacf613b58","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921416596,"flow_dst_last_pkt_time":1760964921435421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4419,"flow_dst_max_l4_payload_len":1858,"flow_src_tot_l4_payload_len":7117,"flow_dst_tot_l4_payload_len":4694,"midstream":0,"thread_ts_usec":1760964921435421,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7853.1,"max":60534,"stddev":14243.3,"var":202872752.0,"ent":3.1,"data": [22349,22398,1156,520,42,20617,0,0,1509,0,0,0,0,20391,18,12,652,606,20389,41123,0,0,0,0,60534,1426,1192,4030,736,24,23723]},"pktlen": {"min":52,"avg":421.6,"max":4471,"stddev":924.4,"var":854508.3,"ent":3.2,"data": [60,60,52,2527,58,4471,52,52,52,1910,114,52,52,83,52,52,52,136,83,52,1452,722,366,341,83,52,91,91,91,76,52,52]},"bins": {"c_to_s": [10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2],"s_to_c": [10,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1]},"directions": [0,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,0,0,0,0,1],"entropies": [4.646634102,5.212701797,4.897086143,7.816514969,4.956866741,7.955480576,5.178914070,5.140452385,5.101990700,7.886328697,6.212090969,5.010550976,4.988526344,5.749540806,4.933627129,4.933627129,4.933627129,6.142579079,5.693960667,5.103911400,7.892829418,7.668910027,7.338832855,7.263511181,5.734539032,5.049012184,5.937283039,5.850928307,5.893327236,5.523987293,5.010550499,5.026988029]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1760964925970876,"flow_src_last_pkt_time":1760964925970876,"flow_dst_last_pkt_time":1760964925970876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964925970876,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"17.253.144.10","src_port":46116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1760964925970876,"flow_dst_last_pkt_time":1760964925970876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964925970876,"pkt":"ILAB4IZiqFlfzU+rCABFAAA8lS9AAEAGQU7AqAGPEf2QCrQkAbthT3ztAAAAAKAC+vBkbQAAAgQFtAQCCAoO6n06AAAAAAEDAwc="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1760964925970876,"flow_dst_last_pkt_time":1760964925990099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964925990099,"pkt":"qFlfzU+rILAB4IZiCABFAAA8AABAADYG4H0R\/ZAKwKgBjwG7tCSc2eipYU987qASfHBL+AAAAgQFtAQCCAprnQnkDup9OgEDAwk="} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1760964925990163,"flow_dst_last_pkt_time":1760964925990099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964925990163,"pkt":"ILAB4IZiqFlfzU+rCABFAAA0lTBAAEAGQVXAqAGPEf2QCrQkAbthT3zunNnoqoAQAfZkZQAAAQEICg7qfU5rnQnk"} +03809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1760964925991307,"flow_dst_last_pkt_time":1760964925990099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2467,"pkt_l4_len":2433,"thread_ts_usec":1760964925991307,"pkt":"ILAB4IZiqFlfzU+rCABFAAmVlTFAAEAGN\/PAqAGPEf2QCrQkAbthT3zunNnoqoAYAfZtxgAAAQEICg7qfU9rnQnkFgMBCVwBAAlYAwN0baD1E7paCmuTkoh20nu8d5FTAOGE83s9tttjOiHycCDOO9vQ4533AWz\/kRmPYdyYD6Dz89RYS8YDuZT3MVJEtAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEACO0AAAAOAAwAAAlhcHBsZS5jb20AFwAA\/wEAAQAACgAQAA4R7AAdABcAGAAZAQABAQALAAIBAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDABIAAAAzBS8FLRHsBMBCmjAeGLX6FKB48MhkOYhCBj+Pwk7vhQPsOy5Dh0YLuri3VY\/Ne3HF5sqmtgfJxpWDaJQyi28fgT7XBWbFQEpDJQy2clvWEBxx2A7SKqB08W4WwzpU0k2m4nAOkrYcJkPnWV1XWMgecg\/LfHyKdjIv+3PkcZ\/Kg1Aa2J8BW7i5mowS2yMLNoQEK1r3QivT6sZz9pDtnH1506rdlVSI80iIU2pb5ZG7qERX2oWvvLb7hZhUqYsGGj++M5i00mN7pD3J4p4t1Wkd+QyikMnGkK4haFj38nZNYB6x8ZsXNXgscIbx43DDu0s6syiHeTPo8yJV+JxWVrOSO4rNJnErUjZ2U7w5qZTpdXm+RRLhs3ekYwgcZ6IgAKbHhyLi0FbjuQBBC06igDjZRpwuYb0GbA5f55XQGhB8W3MZg3xb8sUbuIOpYFvcqWq6JcKfYXXsyIXnCLMy4rbVfFt3F2UqqWhd6AKVhB09C7TvQF6zILGoWRYimbNg95QKNiXtvD6KEWVVKTCQhCSkR6y1xmvhNyZIga5gFZpNt7C9Sjdnup6XCmkMSrVf2SivaqS1NpGQMyb0YWUzkCk6cU2a4QT5tC9GbL3o3JmpUE3\/xsFb5BNNM1B0y7jt5ihrCmmMx6h54CGlEchbHBsJ5o1DdLjF2p9djDxaWgsiSjy0g6FFd3YRiyY6ck5SqC8U0SdLZpbkA7me2Q7t5CmH27htUBRJjI5PMENvKyLsCkNu1LqcxLBDGomU56BMVgY9uJJWkSx9MmbCqJ\/SV2IuaJJra11ySgZf8zv11RoK94DweqeSRsIDGXNZ4K5Ki6hlaazzJ1YPUg3tKGToBzeEEYUzEoViCs6ZaaY7rIdZJUyMKRWIoUbvewwyRbKouMVcmFE7GlR3bEVImSUJx7FFMwE9cl3KVhD0iJE3JEK3ygqjMCfy15eug4KLlDx50QC+ZBDb+Kgw1qvOpmByRJ4mAxL5hQiIxUx6cZrcVg6RW3TX4ahXkxnYGyR180PWhcUNxp2rdQlpZgOYMRzj2ktaUiJINYRx6Q41BDr5pyIDDHlOV2OUhj63W3hL7FNadR7dY1GLJxdXgrv71lKrdWCVqWbEhwyM85zXnKTiG5rMckr1MTZ6Zy3a6KimK4XhpqYibByTklLzRxjQpFtgJs\/l1CoH4SpHclA26pYkKL8vS6IzKmNKyDRiFEnyg4bCh6zYp7xTZ1LTMEv30xAKZXtjkHkAOwz+6GZ2SWcd4X65tr\/5WXUUy7j\/6pT3\/DauxCkhnJm+8lbN0UF\/tyLvnLe6tQXRJhHQqKtCiCIk5iAxyaSrtpHhGhydYDNwIqoum1VmRKZYt8ipZ3kMBm8YqCN\/ZGLpfMawiRCSM2HKNLuCmDbyoAerdTKVsL9VaZlnnHsXlgeNhwr7G6e2Gq\/lAAN0DMavoc1Lipvi4ToGGgERR6PyeVmvCCZogRWlbC3nxI61kgsuBjGDAXbG0q45FMuNKx5eEBhDi4jZUcy2pKL9FXCWOw0TuWJpZ8O4gL7rwVX1JYLepC8wkbtv1JyFfSKd\/8sHAwLbtYwkEEbMPdl\/34VPKqVeHv6GPCNtDmr0dkrlLTXbPcWWBDdLgrauc1WkplN4KDC26iUxAB0AICNtDmr0dkrlLTXbPcWWBDdLgrauc1WkplN4KDC26iUxABcAQQQ4jdxB7cgouttihElnF08LtQdVo2RK6kgpXui58wVbaZc0iY7jpxmWhyU4lg22xU7BEXtf\/7yQEe4OUUxza1kqACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAbAAcGAAEAAgAD\/g0CGQAAAQADGgAg0ehFngOog25e16NnXv2VZT1Rb7W74EJC8MRwy2BWZNIB75NRk+MKVKfN88aG0SmF9iiuyjOiU\/9efP1q51mJSPHJEeg32xw1laqNq3Q22NfZJ2mtLYHwUHS6qBT9\/JTkoFPT3hiMQyeKFr9TEI94OaY0Ta3hoAUxBzaWvJYGXoIeN2Si5Tw8Q8p\/CHkSeV1d8GEvlyRU\/auMBUXM8W7nvKqMG0nqgt446EKciCS3Vlg02G4ynUWK8Yz7wOTBbfzhTBFkeQE25\/IHBGOrqn0Ot37BSJIwnl\/GFmGBImm+Gv96pkz6nlTn1e4Y0JRwccr+awh4XYfT1r4qH+8OrhsqH9UE0BhJmAZbjeVn2vQ\/2OMDx8qMWqIlaRUvbMhWhoQoEu1ve8dEHPdybr\/PTPq4cRgvrCZciib4gL0\/C+82qmcwl40KKN4urDreaB7MJNLZFU9FgHL3i5CqxV5MkOaFN6ogGdt4zpmwfxKPRQNghrgwmIBIWZoGUW6nmUfDkFpfQd8lg4Nlkqh48HjqP+X\/9jr99scyOfd91sL20xVrjYTjNOnO7ydyzRX\/fyGyenpVsLgHnnq9M7EdR3rQVB22H0QXqwrgxV4T+RtM+VRHwm8rgmF4obnqSlnk8ySOEsUecN6SHAEPjjcV7zO0BrWjrwXOkfrn+Vn5m3vapXUWIQtJvEDJSpkBOEKsgDqq23LC2AApAPsA1gDQNXZLak81azNBVzZvcEQ2UnLTiqhjQGzKa6e5FekOpH4KM1ZwA5\/0dX8sGJSg2paFYG0mfFlldkOAYtfVYeJc\/7UH1E+Q6C+XjLDJHFl5hEDMRfGiVHqbaQI6N+ME9WVLZOlRHRlfRZTWoAPbG6+LPosw4jvxY7emhlPOkOrHVqN77w8DOiohuwM37uk\/e4hqasGOSARVwQUSBtpMKn7hd5xt\/gp1zadIgMkD+MtzH6JT0G7+P6oNrmUBX1DWIxP4b2y2VG1zuX8aIVb1UYTg4susRvIAISAhPg+1bh\/RSgRPZ0qaB9T5hhi8S8kA8fkwiFdTko1Xfg=="} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1760964925970876,"flow_src_last_pkt_time":1760964925991307,"flow_dst_last_pkt_time":1760964925990099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2401,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2401,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964925991307,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"17.253.144.10","src_port":46116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apple.com","domainame":"apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1717h2_5b57614c22b0_e6dcd7ae0a9e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1760964925991307,"flow_dst_last_pkt_time":1760964926010683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964926010683,"pkt":"qFlfzU+rILAB4IZiCABFAAA0IIxAADYGv\/kR\/ZAKwKgBjwG7tCSc2eiqYU+GT4AQAD\/tbQAAAQEICmudCfgO6n1P"} +01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1760964925970876,"flow_src_last_pkt_time":1760964925991307,"flow_dst_last_pkt_time":1760964926010683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2401,"flow_dst_max_l4_payload_len":218,"flow_src_tot_l4_payload_len":2401,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1760964926010683,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"17.253.144.10","src_port":46116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apple.com","domainame":"apple.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1717h2_5b57614c22b0_e6dcd7ae0a9e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1760964926071819,"flow_src_last_pkt_time":1760964926071819,"flow_dst_last_pkt_time":1760964926071819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964926071819,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"23.60.189.51","src_port":43052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1760964926071819,"flow_dst_last_pkt_time":1760964926071819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964926071819,"pkt":"ILAB4IZiqFlfzU+rCABFAAA8mylAAEAGCOzAqAGPFzy9M6gsAbsjQ4wNAAAAAKAC+vCW1QAAAgQFtAQCCApFLHioAAAAAAEDAwc="} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1760964926071819,"flow_dst_last_pkt_time":1760964926088581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760964926088581,"pkt":"qFlfzU+rILAB4IZiCABFAAA8AABAADgGrBUXPL0zwKgBjwG7qCxQFW9WI0OMDqAS\/oguWwAAAgQFtAQCCAqC7Cr\/RSx4qAEDAwc="} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1760964926088655,"flow_dst_last_pkt_time":1760964926088581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964926088655,"pkt":"ILAB4IZiqFlfzU+rCABFAAA0mypAAEAGCPPAqAGPFzy9M6gsAbsjQ4wOUBVvV4AQAfaWzQAAAQEICkUseLmC7Cr\/"} +03998{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1760964926089765,"flow_dst_last_pkt_time":1760964926088581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2599,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2599,"pkt_l4_len":2565,"thread_ts_usec":1760964926089765,"pkt":"ILAB4IZiqFlfzU+rCABFAAoZmytAAEAG\/wzAqAGPFzy9M6gsAbsjQ4wOUBVvV4AYAfagsgAAAQEICkUseLqC7Cr\/FgMBCeABAAncAwOyj65eVxD0V9szoOpQcoDM\/WL41nTn7wNJNxd8Si+GyiAMm0mn\/g4CWTRnB\/FBszP\/\/F5WLKCHdnnC+RCM1gWLVQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEACXEAAAASABAAAA13d3cuYXBwbGUuY29tABcAAP8BAAEAAAoAEAAOEewAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwASAAAAMwUvBS0R7ATAkmQynywX38AihqYq6KswDEVFVbgHraAYXUwYhVyxgBN9GbDKBnp3PdCqLIgtezpbc9PHrqKBEypM9GB9A\/euT4OuOPPA6UaXafPG0ZQozShrSCfB2wFzL8ErvTkT+yJfX2S4uIKQdSBM23t6txNIw2I6ACxNiqpzONx2xeXHbSV0DiEjcsQZpNXISDKn1qEkRPeW\/tqDKOsvEKIV\/NO4N+eNxPteLpabGLmvzcVkf8vECvu\/eEtLCKsLJhouc9WBuJubJCMkjfmPfJiGp5qLdmB+CiKF1UcxSzQC8Dq7uUxH7NBKqjafVrIL3rorYBo3TXQl9UQZgBIotamFfbnNu6Bx8nxDJPl0TmGu1gqb3awFxLY4FmQhsrlMBXuJkEEtIdNPYtl2buSg8joKKFW4E2BqdXTGQ6xdkNCULFpLqAeaFhOrvJVbzzM+csALFexR\/iO6ERwVqDJSm6suRANi9kK4FdAsiTpHZcU1cKW879eBBoZhJqQa89CF2fwXAdpPwUm47CIaa2rFSiwtGmIjL+UCPAwEy5iYd3pAqdCZJ\/gQA2sMZloG0agHwZQyNJsrsHvIm2uMXkqGMdm3itUdV1pKySfGJVCgtCxYPrV2mFPMgqyeZRs9tyNEfiSu0qDA\/KCPpnRJW4WpWXh4ONMMrKNb9IZ6u7BO7NDOTfMaFdwIJbKv7jGk7enMlBvFH0KZImAZgeeEdOVjf9wdzpEjIQhw58oIh1twlhpda1TPQegKvoaA6edwvkjE2EhkslFP7pNWoDJ5GsKvDJA0+ux70MLDrJdhJtF8HuWaVWYFugVGAiZQaRSRCVOWI9mUXzo7pIqj9PJd7TS4\/UmALsaDtnQpL3QQS3lb\/FqUpRo1nakAKMCK8OZt26xAlAN78nuEyYVw0VKwn2c6u6eEuvkEOgRGrSwcv6WMnKaEDsq2HtMDlaUomiLOmSg2jNUFn0Y+ZJx2vXU3zZMSAB0yunwDOWSL6IoT0GhKRSFHCRKZfIiWFrMcziZAn+XHxlJ7JVQBt8OavmmzGLg5r7cupwEg0NBO61DExlB9KLgKa7mnNWx3+dLB7XNp0dSDwoOTp1Ya7ERIbWhPwORiBBlbAQI6F0G9AybBZLaU9mGAcaFphvM5mZMjWxEbfKoMGet1M+LPZqMehQw4LBlRMscQjDxo5hhgwdUgCqIbvhe9eAQo3FIR9OjOgmy3FVe\/\/WOKDEt4CAYwwfWdYZYVD7NLpnNM8CPJEVQ2AAxKsulfzcodgtA\/VQBNV9NBbQWWhdw989l5A3dntAgn67UjixYLw4N54+E\/OmmR3UJfpixxNfEC1qkwu+ZsgGIgVJaTWVo1drhl80hciaA909tathSwTyW2aCZni+uHGgUmEvR4Vqg7fXqCL4udaYUMlhQTjBmjhfaPVfm4gVOrSjhv0rDO0TEfkiGYAAxqu6J+b5YLPFl7KGIUHgCoYck9SMK7u7w5yOQhvhhLcsaEGZsse2nFJBFQnEpYSTFsCeEczitbedkYjZm27yp44YGPayZ9wMYK4EIp\/+l\/awWHEwrS16Egscinj2jRDq1wEbkUW3MlDCYAwl5yjb\/1Jnho9E7LxWiDLAcpGw\/esNQ5A5lkxg\/LUpx6JAAdACByjb\/1Jnho9E7LxWiDLAcpGw\/esNQ5A5lkxg\/LUpx6JAAXAEEEuUSDYYECXFg5pioSiVeVX69J2NZh3iFGEuQuN+USyS9Qb+t53w9sO8JlEoV38nltTmQP3D5BlEUS4dIU1ZWagwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAGwAHBgABAAIAA\/4NAlkAAAEAA\/EAIPCUwN\/PxfBX+zEW1x19D8c5aF5g1WmxlOwkC6ie4x28Ai+lP+Zizp\/RR6mYL2PQaPt0l9Fvx9ai9jEmO2CdFw0v05Jxt\/zqzsY5LEa4hpQCnDNFd0TzyZ0o\/uLo1x0iANZZ82DH9Fy6ZMR+25D9pQMQCwBbPk1oQ8k2yNVMCOxevAxg9tGwWtCWRqxiKTLfshk4450oUgbUvSGL75mSi3jFzQj90vUUIzPKkHsOUZUh0yt6YOXwCxtgnigD1LiroEgpMhPGH8steTJ9xWd7ItkehIbjfObuL3Y+Y1iiYBk5VOy\/gtNgGo1DfUVpLqkP9wqPaNDcDyUOxd8ahrDn6HdsZIKcpdHOigls\/o8Pd46xmDDTpPPDgCI0yxsXwDN5eohVN5RVgpIG6KaJk6U6R9DQ2qH1owFtNsuk8LGtCpsA6kFnq7COsS6YXgQXpnNL4MtKMYKp1PCE6X5pEYXnxWZcQD79Iufto35BE2drYkxBJTQ1Jz71vdJVtDUY\/GbImNOYV5q6dcjk14zBsmasoA0BvZs9k00GDOCaKOJJCHZkfwXQSpoYcna0djkkKIWGGNVoS1YfePWtNhCw46qNWKrWNEgFUEmllNXsL2t1xyJkuJ7Yll8mKJlsBVyQdetxAGiPM5di3pkdLRraDuDMFaxG+9DPRBT4WD9UA7g1p64largmyu4rER50R8SxKkPhq+6qsY\/WqkLQitMMS15xj\/ttqVpNfyfmqKKpiNplTqGGeXIT\/2KZAm0cA0mcLAAMBdTKgmvcRqhVjfz6ngwbzT\/3ACkBOwEGAQAAABrKC0\/yEo4Drj12iDNbAl9BKnxhuTBwHXLxUbfL2\/kw689UbbdgVchmyvFBwIafvR3xMG+fwU5iO+hEOOcj976QGAYd6BSAsP9cHow7vaW4MU95UFKqaN1io7A4YvLUNzMA4w\/A3SaPIvjBCFvRkeJW3eT\/mriTI7zJfXHci1BlSRh2DHAzVYSWq9PqxixHysm4A4h2qsZ8uh7XrlYX0kux3ksj9zXZX7YD3nfDggxVxZSfISrKDRDoYSMmjXmRjmNxvs+B0a\/QMNsTpu\/j1mtd5nzFyMsxiUGoju39PVYVZmsqFmybAqzyU19JEjRZf+IWjP\/68G7qyPGT2wNZ6+lHwQAxMCiIBIegn9ov3KKX1kdfaziYmxgJ9wOVi55KYPuav5hXBDsh5eloXgB02p6okM3p2g=="} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1760964926071819,"flow_src_last_pkt_time":1760964926089765,"flow_dst_last_pkt_time":1760964926088581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2533,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760964926089765,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"23.60.189.51","src_port":43052,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.apple.com","domainame":"www.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1717h2_5b57614c22b0_e6dcd7ae0a9e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1760964926089765,"flow_dst_last_pkt_time":1760964926106571,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760964926106571,"pkt":"qFlfzU+rILAB4IZiCABFAAA0aUNAADgGQtoXPL0zwKgBjwG7qCxQFW9XI0ORtoAQAgxT2AAAAQEICoLsKxFFLHi6"} +01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1760964926071819,"flow_src_last_pkt_time":1760964926089765,"flow_dst_last_pkt_time":1760964926106572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2533,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":264,"midstream":0,"thread_ts_usec":1760964926106572,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"23.60.189.51","src_port":43052,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.apple.com","domainame":"www.apple.com","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1717h2_5b57614c22b0_e6dcd7ae0a9e","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1760964926071819,"flow_src_last_pkt_time":1760964926107827,"flow_dst_last_pkt_time":1760964926106572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2533,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2705,"flow_dst_tot_l4_payload_len":264,"midstream":0,"thread_ts_usec":1760964926107827,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"23.60.189.51","src_port":43052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01038{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1760964921304285,"flow_src_last_pkt_time":1760964921435471,"flow_dst_last_pkt_time":1760964921435421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4419,"flow_dst_max_l4_payload_len":1858,"flow_src_tot_l4_payload_len":7117,"flow_dst_tot_l4_payload_len":4694,"midstream":0,"thread_ts_usec":1760964926107827,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"64.233.167.84","src_port":46326,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1760964925970876,"flow_src_last_pkt_time":1760964926031823,"flow_dst_last_pkt_time":1760964926050964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2401,"flow_dst_max_l4_payload_len":850,"flow_src_tot_l4_payload_len":3172,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1760964926107827,"l3_proto":"ip4","src_ip":"192.168.1.143","dst_ip":"17.253.144.10","src_port":46116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_rules_overwrite_domains.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":63,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1760964926107827} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 63/63 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 19370 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 9481463 bytes +~~ total memory freed........: 9481463 bytes +~~ total allocations/frees...: 154612/154612 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 568 chars +~~ json message max len.......: 4003 chars +~~ json message avg len.......: 2284 chars diff --git a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out index 0568551b7..562d00e24 100644 --- a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680119132471406} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680119132471406} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680119132471406,"flow_src_last_pkt_time":1680119132471406,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680119132471406,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":56866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680119132471406,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119132471406,"pkt":"ILAB4IZiNObXAhsnCABFAAA8s3NAAEAGvqXAqAH1AwMDA94iAbtRdP6TAAAAAKAC+vDI0QAAAgQFtAQCCAqoD4ViAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1680119133500058,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119133500058,"pkt":"ILAB4IZiNObXAhsnCABFAAA8s3RAAEAGvqTAqAH1AwMDA94iAbtRdP6TAAAAAKAC+vDI0QAAAgQFtAQCCAqoD4lnAAAAAAEDAwc="} @@ -7,7 +7,7 @@ 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119137435431,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680119137435431,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680119137435431,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119137435431,"pkt":"ILAB4IZiNObXAhsnCABFAAA8LchAAEAGRFHAqAH1AwMDA+kiAbwrwl9OAAAAAKAC+vDI0QAAAgQFtAQCCAqoD5jGAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119138460059,"pkt":"ILAB4IZiNObXAhsnCABFAAA8LclAAEAGRFDAqAH1AwMDA+kiAbwrwl9OAAAAAKAC+vDI0QAAAgQFtAQCCAqoD5zHAAAAAAEDAwc="} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1690371375710832} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1690371375710832} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690371375710832,"flow_src_last_pkt_time":1690371375710832,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371375710832,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":58288,"dst_port":446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690371375710832,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690371375710832,"pkt":"ILAB4IZiNObXAhsnCABFAAA8o61AAEAGzmvAqAH1AwMDA+OwAb5KplVKAAAAAKAC+vDI0QAAAgQFtAQCCApUfTfYAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1690371376732151,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690371376732151,"pkt":"ILAB4IZiNObXAhsnCABFAAA8o65AAEAGzmrAqAH1AwMDA+OwAb5KplVKAAAAAKAC+vDI0QAAAgQFtAQCCApUfTvVAAAAAAEDAwc="} @@ -18,7 +18,7 @@ 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1690371375710832,"flow_src_last_pkt_time":1690371378748110,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":58288,"dst_port":446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01052{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":2,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1690371378748110} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":2,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1690371378748110} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650018 bytes -~~ total memory freed........: 8650018 bytes -~~ total allocations/frees...: 140566/140566 +~~ total memory allocated....: 9414456 bytes +~~ total memory freed........: 9414456 bytes +~~ total allocations/frees...: 154532/154532 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1074 chars diff --git a/test/results/default/dazn.pcapng.out b/test/results/default/dazn.pcapng.out index 007ed10b9..0953c9595 100644 --- a/test/results/default/dazn.pcapng.out +++ b/test/results/default/dazn.pcapng.out @@ -1,30 +1,30 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1653830614885814} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1653830614885814} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614885814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830614885814,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614885814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830614885814,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nR9AAEAGx+XAqAGANFTfOtMEAbuvwsZTAAAAAKAC+vBmfAAAAgQFtAQCCAqWAjADAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830614902501,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8gywAAPQGbdg0VN86wKgBgAG70wTy6KcPr8LGVKAS\/\/+ceQAAAgQFoAQCCAqKcaCKlgIwAwEDAwk="} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1653830614904478,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nSFAAEAGxebAqAGANFTfOtMEAbuvwsZU8uinEIAYAfZtkgAAAQEICpYCMBWKcaCKFgMBAgABAAH8AwPGAVMbGSAdqErCRl+JXjKyqMchnfEu2B1zRzOaxV8o1iAgIXSPqMjljdeZ3z7HJVcJsXiZNidVLUq9BDfRlvUd8wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZGF6bi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgb4BCLF1x\/xJ6a5y\/t336Oc1aPROIMgrb5TqghyKk8UgAFwBBBJ9JHh6PsEBzfFNPwetkTywSgp2rvZxjUd7cfOXHBFgNjkLd+otPjvJdROVP19OEA+JHkFvE7miAvh9c39D0acUAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830614904478,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.dazn.com","domainame":"www.dazn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830614904478,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.dazn.com","domainame":"www.dazn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1653830614920429,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIgy4AAPQGaEo0VN86wKgBgAG70wTy6KcQr8LIWYAQAIMGCgAAAQEICopxoJ2WAjAVFgMDAHoCAAB2AwN+k6WxbbH42KOkzP0SBpF8WFVddPso8FOsxsoMR2jLcCAgIXSPqMjljdeZ3z7HJVcJsXiZNidVLUq9BDfRlvUd8xMBAAAuACsAAgMEADMAJAAdACBZ2hsGUV2gITpTso8DXqINyYHL6ZGZCOCBmDB\/itdeCBQDAwABARcDAwAkWVBDTPurDvPZsfIS6S0s6C7umaT50NuCMlrjqlV8cgp2hqcSFwMDFVXRPJFSTOuW60gnjy4fxxS8LeNFPAMPr7E2fm6NKgy\/3qHFeZu2HB8eHDEt7ZIZSf72nK9lfyRKw\/GiHha4gvxzBoqjvdflfMe9eOqaSI5XuU7CPRVsUP+oEhFhG1J98ZSAB7V8yKB1C9Ga7Y7KZ2zsUDHcjfUBQwFH+fDou1Ch0KKzNvtBbOHQhB52yIsBVRAVbC9df5pQMdjQRAqLduL98xoDs6l1X4f4g\/9XvwQBO42eRE99TzCu6cMrD8GlNbyPsjdyLdPGOaX1dn3d5HRJQSyitYGWsms\/2F7djKZDJJIrSjOjBPuAya5rAk3Y\/7aUpJl5wjIRRGJ3k5EnXWrgVqcOKuR5UnQuzczTvx6NueGpYkzxwfbUzWjO6DFxo8gfOI3ISQ1fbp+Cf530AdBmVxJIu5vAZn0G8S9UGChE\/gWYtkraR2byU4SbXWNeK9Tm7Y5H+bNkTno+Us5qXipcv0KNpsa\/xOSu95ULG1Iie5Xb\/7YrUtVtDneNAEM5zRRd0k0Yw0LQ5ql\/FXmEJAifwFFTOtbNGXhgQbC7wCZio9P19LQtLd70LS28EvGAnhRsz5GCgUhoTCD4gnHCUhwLt2xRDeV0Ywfq1KsYEei9WtOSbvJUV++hqKCJz1IbGYBjueFfMMomHcNFfa1hgmnERjyfYazdn3u8BzGrG78YBZDkderm78CkJGLl8r2UNTG1cytOplfe1QdOI\/QJMxD4B0k44PnRwFsZG3kIzSOb2DNEM5slZqEyz1h+cfH1naj5IdK4TDw1x6wOhgF9HveREJpplK24MDQSCafgHRQPFDr8RhIYMbYma5MSYxUALFml8ZpRWhSgyL77INDTHGYUyZXQBw9JUeO+LF5POHCYSPtqJX37dZ0wYMpRVi7Lh0CdTiInk1u+ISO0yOnfKTMbbokesl+2nZs2B3Y5UTwKSjykoG0LhxfoD9rLcVdhu93ZHg\/LVJ+qzuZEhRGPMstf0Y3Px\/LAAT4GfYjwzAvL3SY2UfH9yxllqed1B5eGeVxHk6lg3MdhtewzMNSmjBYFm55eC02P+dPcmpeTEsVigtiHevodeSvr2AHy69ZUZnjfRSO3lvFGRsKZs1jfiaTkxth0oIW7V6XRqW2FaX+mIZgXp4GizJLrfg5zc4nWwalnd6IdcfbmmtgOpkvJBcOZLSLRBXLy7QnI1BGTnTwifc2Ymm1WzIWPIeuxM2mQz8uafohmydMOrURLfyk3ygTm+TjIb1EGhGjSvLZ7VRa+\/9fcUbrNvUx+JrMDkizOnXPjF3AUKagNn++lYCDqaepQDJASoUxh6FFqwGr+l1FyPPhUKEq+2BZQwjYqImZEAxnY6WYzUM\/Y3we+LU+WEHbYpx\/Fmb9xVVDbUbaIPPSPYJyw7gjl3bjOwoA2Awsl5Vywys4TWnlbRf6g\/O6g363fzQ+xKjDiSzCITt8HX1IVpsgOULSrB+o7lDQTTaD282OuK4Z8AWwDxVvwQsiAh2ffC7VPQmVzAhtx7hZvJZzblHXg3HjIWwCJCqCCNHwGffzxFUxB\/Slj8E1qh7YQB62Z32UWzAPy146fe0YcsQu16cIqnY8xUvI7JbdvjRsCj7r1BjCi1+PxQcL7MZ3YtZM+onFqF8rtErPKp9eMm+uO6zqNFptquxE4wf2syxjhWiY0"} -01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830614920429,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.dazn.com","domainame":"www.dazn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830614920429,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.dazn.com","domainame":"www.dazn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640613975,"flow_dst_last_pkt_time":1653830640613975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830640613975,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1653830640613975,"flow_dst_last_pkt_time":1653830640613975,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830640613975,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA81ThAAEAGoV3AqAGADeL0G7PUAbsidLdlAAAAAKAC+vBeiAAAAgQFtAQCCArtba2JAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1653830640613975,"flow_dst_last_pkt_time":1653830640629748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830640629748,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8HAYAAPQG5o8N4vQbwKgBgAG7s9RejoeqInS3ZqAS\/\/\/XoAAAAgQFoAQCCApxJyp57W2tiQEDAwk="} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640629748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1653830640634086,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI51TpAAEAGn17AqAGADeL0G7PUAbsidLdmXo6Hq4AYAfYzVAAAAQEICu1trZ1xJyp5FgMBAgABAAH8AwNgo6eggHfe+PBZNxxz2f+Nts8It8o3t3RyfFY+U+8s3iC6XQSkJJt5cWG68Q2AWVjlm2pyKfMq4VXHQ5nXKhlFIwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAfAB0AABp1c2VyLXByb2ZpbGUuYXIuaW5kYXpuLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDBldI46Te7dQq3VD7W+6azi6DI\/x3CzXEMlx+YJs8PCwAXAEEEQNzV3U7NxlwdMnUehbZejtqtCZtaP2SJSRszCqNnAwH+g3rcgl4s+kaLRhv1lRSxAtta1rthAruCkIpXtKVXxQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640629748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830640634086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"user-profile.ar.indazn.com","domainame":"user-profile.ar.indazn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640629748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830640634086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"user-profile.ar.indazn.com","domainame":"user-profile.ar.indazn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1653830640651038,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIHAgAAPQG4QEN4vQbwKgBgAG7s9RejoerInS5a4AQAIN7kwAAAQEICnEnKo7tba2dFgMDAHoCAAB2AwNYacmOIN7R5DbNvd37b9lQNIYaqM0SGhLLAsWGeirJ4iC6XQSkJJt5cWG68Q2AWVjlm2pyKfMq4VXHQ5nXKhlFIxMBAAAuACsAAgMEADMAJAAdACD7tlFbO0LTRU8Ap0MRnrLjPXXFJGHgmtlXxMAUdMc8BhQDAwABARcDAwAkmuhNVJyxQw5OOAb7F6tIvi4VgcCeuisc1TVajKV205tWCQi5FwMDFVDe79fprRpSmLwFAGz7xDJakbQNveJUfFHRuwGhjZF68MYMHWsknIhL3OpNV\/x6ASGP0upPivi4ytATjQ0ptilH1fYD4OeDE\/oW4CxC+SvEY8iSc8qHHV9v73SIjNW4Vsc4\/iRigeJkzFkKvLLlkJg8d4rZLJr9nLZ14tC9v3pP6kQLjbflW1aERZnMgCfPi2GSKm2eRLqPjtotRbr1mOxYOxa3pPiHI6jSFtpZsZJSOApwh36msojFER\/6BTYUGlFT1fpQaW9jp6lwuhmmrT394NNUK113ZEAm6iffg3oDchm8ytDhtti9NNzu5DfzVrxhrmHkg\/N2KwuSs8KcJCPZEAp2\/zO+E7O\/o3ORKAUUFG8g+yo17Eq769hxm7EupLJoMmKb7kyH95HVS5Tezk+bFo5UzNWyC\/Y7Wp2xivXnfwSSnSSSLi\/3\/7DzGUDFaTcEHvT2BfXLyfydCP\/2v1ufhL+EF9Zbr\/sOoVFG989C+qN5lXHYSsAhhbYQqkkhTn+W8juTe2e0o2Cczz5w4mv77qc\/Upd4ldFKcGNqggQRYAg9cBqfVRyUvVMrNr5XWo7jJQxfUuaBxdb6o5dBrYLTe4IGAhiDZcWF7c5YFTIZ+eHe7rhjrbQrkwNtHSNaGWWzge+vSL2tRVTmmSTF8GMOAJ3JtDMtoJpmdJPRnoIap8ihtOsCpVBblswCdMUIyTmu+QmhiI9QfYCZmNYP6gTO5f2Nli6RAcCb6IAPQ3YR70k3RmeaQ33FXSsDm+1q23mIHQwgwG+2r52++3UBFsctV3BbAGiqcGQg1Xm4CNXSEo7GI8JwsY379LXOMO0SNIkYTyfJryrCZLhTp717HxpO8yjRJtgdbsHR1vWKA7dIfIuJtMFa3t09nZX5jDaOly6C+W3L5cUhm8+vsAgePYmO+DUaxlMK4KUYJV2aeDglTYjd5GbSyNS7k7qZlDvvnZ1eqNQ4J7rGgynQPe8tMSrd6uMru8o7BkXviYF1JflVSax7\/W21d1L8pe3k5zlc6EvjuSGRo4eo7XOueTPp7K8YyxOEewP8Vd5dDYhVrcsDKYinNtNL5uxdTBTumeMd8+GKweh12gKes2TvSmI\/yYO\/d59f25RSaP7rHdjmSXllIP\/YUt\/324utwKtJ3pY6JQSY1B7JeHYuwDNJVjlN3G53J1a1TPgOM+phMMI4Xt9shy0hxWjxYLupU9xJOs6cVYd4BChfRf\/qyh50r1s9ElL68jf48hKaT7D0HC8P2EdTd\/0WPMZ546PiNdtyTRQS8miWzQX7B1fIkP8e+QGCdvqnY7J0h2jLblRzWa6V3PIXIrqVyeC8vAxMMJ0dNOPWZ\/ehqxLreBXzgQiRHT9V7iEde\/8\/03R1q4S9dU4XQyqRF0bkHVpRm1uVxLfXrX4GhHPsxHq64y3FbONCbi\/r84tqtEl\/R4UmNI7N4+m\/U17o4BPftc4dFgNxLXR\/3rPqbQFoUJGMVLHOv7riJ7D9aCWAUUXOZGNwnSMKen4cqpJac1QH3tgLp6NglYhHJ60uoHKe33f0CvoLLWEeLs0cAzLxoTYg+Sq+mG5nfUF\/7\/3KR\/QmvuALcvEN36H+RWW4v5U1sXT0Va5Uy0lQPyiRpyjMU6TtNRxSWhT49mb3kqPKLTCiRdTjS5ZpWSn3kF\/gFOdb"} -01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830640651038,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"user-profile.ar.indazn.com","domainame":"user-profile.ar.indazn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830640651038,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"user-profile.ar.indazn.com","domainame":"user-profile.ar.indazn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641480609,"flow_dst_last_pkt_time":1653830641480609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830641480609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1653830641480609,"flow_dst_last_pkt_time":1653830641480609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830641480609,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85BtAAEAGknfAqAGADeL0Hp+yAbsjfBE0AAAAAKAC+vA8bQAAAgQFtAQCCAp3jv7MAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1653830641480609,"flow_dst_last_pkt_time":1653830641499729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830641499729,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8XjkAAPQGpFkN4vQewKgBgAG7n7LhtoguI3wRNaAS\/\/8VuQAAAgQFoAQCCArbVdxqd47+zAEDAwk="} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641499729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1653830641501966,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55B1AAEAGkHjAqAGADeL0Hp+yAbsjfBE14baIL4AYAfZN2QAAAQEICneO\/uHbVdxqFgMBAgABAAH8AwP2xFVrrUUvT7baclvRUkGIqabLtROHVCH1j8n+tyIQOSBQFGnUgcb1RPrURqFyxAWNNtynXG\/2Smtg77i2bY+f2AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAnACUAACJzdWJzY3JpcHRpb25zLXNlcnZpY2UuZGF6bi1hcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFI+QFCwyxDx8rtg+zcI4aDG3vLdEXhdv9WlGPEzxkNWABcAQQRZp49grcHpoqyt72TjbH7tj6VIJDIKkQJbqcOiWq2yF5dYzF0IxbGxZvKD0AgVDvU5GFpnRplE+UiURWgGlLRaACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641499729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830641501966,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"subscriptions-service.dazn-api.com","domainame":"subscriptions-service.dazn-api.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641499729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830641501966,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"subscriptions-service.dazn-api.com","domainame":"subscriptions-service.dazn-api.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1653830641520526,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIXjsAAPQGnssN4vQewKgBgAG7n7LhtogvI3wTOoAQAIN7lgAAAQEICttV3H93jv7hFgMDAHoCAAB2AwP19\/qDGjoXS4oSaU6\/9dZn\/bUvQ\/RVymcGAm1FbLA1CCBQFGnUgcb1RPrURqFyxAWNNtynXG\/2Smtg77i2bY+f2BMBAAAuACsAAgMEADMAJAAdACDYD+u6tIt\/u6lWfW4\/USRVqQQZbneP546oJkrzpXHzOBQDAwABARcDAwAbEzGkaMCM4EB1qRopJFv3Et16HjBgnzhrUzb7FwMDFT4tI29ZQugH\/QTN4Ro7RShzVYpVRbI9DrsTliKjXYlLRnAlN9AjWVd1EiKdmitOvNEnylHwvenvLB5kQ+Z117+7keP55OhwCA+bvNAR\/XzOUMewc\/5D3mL+3hwu2gEnMy7LQYfp9eqpiWywrkNMKmu8SIXZJzKmAdq034QXitu+7omz+VjKTyMv4nifq\/oX9igNJnv8gKkcmoZNma+TVO12I0DcE7O\/izsEwM3UNKFgSU8epUYsXUUtZ6onZuMQRfQ9pIqvx\/ulnPZhbrM5kLCVKgteSeZ0n95q5KNxSCPYnYfwmRTqdb7xwqwCTOr+xmLvaAACdShhMUhzuMpZulaHYCD3IWm2tXs857wDS1FzypwZQaloM61MqPQD20f6qgvF4Hx5fFm6XEeKK6EgLU0tB\/FG+af3AFrhG1P2jERIR+A0af84oPKXtU31i7PlyzJM1sktv59YM0hmFzSXnXSflNERf6EB65EA2x4+NTNK1RnVriahr8Qh+42GdQc3u+X8mnl4ClOEhxwGJoqyob\/4YOs5qxwIvEOTtDXG4icnFf\/KISF+rX31HB06GOm1196U2X\/IK2Ux8Oc6Q3+eMu0YZD15MFPIXlTLKBL430HoPwVMT9RPzqnnAsgdzM\/cw8DlWR\/7EE7D0xc2SoJFLTbpkhvv7W8BHM1EsSJtqLxbAzZ17razO0U18U+yWyGHoEXDLJ\/oMpqUp0U+nKS4ZYwc6twueukKJm\/WKQlLm+aTdK0JWzUErk99GDc5rONaVe\/VOsMz5S2t77vqhUIYQ4ifUCWk4of6V\/QVf3TsZRumOdFZsp+FY7fKUucRHHNbLoC5uo0HQfZkI9U1Wy9GsT88A\/hnynSDASUz2WWigrdXV9d\/4OOPUwTJ2ElTw5TjlnESaIuhm\/oy4szxgLqqDY+S17dpDRKLfJ28hnQ9fO0wCZ6e76G\/Td5e7NOwNTKmiTjIUyqbIMltnbLZgrAvJbHmcr\/OLyC01w\/NlXEubw2R8HPIPUEfof9HahFt5YJDm6qgxgktNhNfSxLIBSyiISnstXRMWvDbQ6bt4FUlj+BHGjWWswlkg0FA8iZT6y0jilw4DzNUvsDVhkuLhwBsh+ZHj3nWQFGujSCkLZv\/mpis0nBHtnhjinVVmLAjkvvfmLHN40pOJsl1OBhR4mv7HhMUxxKEOGTASHIkJZjHtX0jTPFaiq0rMBTnWwYOdKeM8faViEzFdrazD5WIys+HYd1e5BLoot7uAd7D80HdEGfQUpR\/+FCa\/OhxcTUUJdENDavcqekuhJ2NEv6chcAuElWZNkaV\/i7Q+dUUHLFBooDxl4P6O29trWcsQPGDFDC+XxpINz1cI9SED0bcTXLmE+8uUnq+\/As1ZViCRLFGUEelQhGLaF7Op\/GkJsUbU+OUAkvE6LM0dmqKSybd7JDamTXwtbUuRlAEvts9X\/q+1UCfZ\/BCKxtNA8Z\/YApHz6suoQ8QnP2ptRoyJhB2EyX2WFLrFQ1UP35Cg8EQ8yn7F46i7LcMaKJnW3lV37oQ54g5FntAypJSXpIL\/t6N4uBWOae0Y\/cYpwS80IA1A0Ye9yTQxsEcz86FGBwz3CZYd\/59M9DtI5Hd6sDQx860CsLLGNDworsyeuj2pIPItjxdGiqObIx1g673++fT09qe6R4yBLIb1iix9doxYsdt"} -01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"subscriptions-service.dazn-api.com","domainame":"subscriptions-service.dazn-api.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1653830641520526} +01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"subscriptions-service.dazn-api.com","domainame":"subscriptions-service.dazn-api.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1653830641520526} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662422 bytes -~~ total memory freed........: 8662422 bytes -~~ total allocations/frees...: 140579/140579 +~~ total memory allocated....: 9426860 bytes +~~ total memory freed........: 9426860 bytes +~~ total allocations/frees...: 154545/154545 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 557 chars ~~ json message max len.......: 2497 chars diff --git a/test/results/default/dcerpc.pcap.out b/test/results/default/dcerpc.pcap.out index a3e3b31fc..bcd54852e 100644 --- a/test/results/default/dcerpc.pcap.out +++ b/test/results/default/dcerpc.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1602860709979607} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1602860709979607} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":642,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":642,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860709979607,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_usec":1602860709979607,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"} 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":642,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":642,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860709979607,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -26,7 +26,7 @@ 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1602860710063382,"flow_src_last_pkt_time":1602860710063386,"flow_dst_last_pkt_time":1602860710063382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1602860710071384,"flow_src_last_pkt_time":1602860710071385,"flow_dst_last_pkt_time":1602860710071384,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1602860709993940,"flow_src_last_pkt_time":1602860710062922,"flow_dst_last_pkt_time":1602860709993940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1602860710071385} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1602860710071385} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652698 bytes -~~ total memory freed........: 8652698 bytes -~~ total allocations/frees...: 140586/140586 +~~ total memory allocated....: 9417168 bytes +~~ total memory freed........: 9417168 bytes +~~ total allocations/frees...: 154552/154552 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 588 chars ~~ json message max len.......: 1808 chars diff --git a/test/results/default/dhcp-fuzz.pcapng.out b/test/results/default/dhcp-fuzz.pcapng.out index 96de0f2e8..6f3d945d8 100644 --- a/test/results/default/dhcp-fuzz.pcapng.out +++ b/test/results/default/dhcp-fuzz.pcapng.out @@ -1,10 +1,10 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1268519154926217} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1268519154926217} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1268519154926217,"pkt":"\/\/\/\/\/\/\/\/AB8p2i15CABFAAFIfVQAAIAR+kDAqJto\/\/\/\/\/wBEAEMBNNQyAQEGAMl5uWAAAAAAwKgBaAAAAAAAAAAAAAAAAAAfKdoteQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1wAAAAAAAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQAAAAAAAAAAAABjglNjNQFqPQcBAB8p2i15DAdNSzAzODYyPDFNU0ZUIDUuMDcMAQ8DBiwuLx8h+Sv8KwPcAQD\/AAAAACUAAAAA"} 01014{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dhcp": {"fingerprint":"","class_ident":""}}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1268519154926217} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1268519154926217} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644843 bytes -~~ total memory freed........: 8644843 bytes -~~ total allocations/frees...: 140533/140533 +~~ total memory allocated....: 9409217 bytes +~~ total memory freed........: 9409217 bytes +~~ total allocations/frees...: 154499/154499 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 593 chars ~~ json message max len.......: 1019 chars diff --git a/test/results/default/diameter.pcap.out b/test/results/default/diameter.pcap.out index 69b8755e9..000ec25c8 100644 --- a/test/results/default/diameter.pcap.out +++ b/test/results/default/diameter.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1263278878271686} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1263278878271686} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1263278878271686,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00988{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_usec":1263278878271686,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1263278878271686,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","proto_id":"237","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1263278878336701,"flow_dst_last_pkt_time":1263278878344805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1263278878344805,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYpAAEAGe8gKyQkLCskJ9Q8cxw34vDB89+H9dlAYHVCNmAAAAQAA7EAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAgAAAZ9AAAAMAAAAAQAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1263278878350601,"flow_dst_last_pkt_time":1263278878344805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_usec":1263278878350601,"pkt":"ABpk3ZWLACYYlIbACABFAAFcBttAAIAGAAAKyQn1CskJC8cNDxz34f12+LwxaFAY+Cwp4AAAAQABNIAAARAAAAAEAupJMibwAAcAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAACAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAwAAAb5AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAEAAAGpQAAADAAAAWQ="} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878350601,"flow_dst_last_pkt_time":1263278878357703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":308,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":644,"midstream":1,"thread_ts_usec":1263278878357703,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","proto_id":"237","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1263278878357703} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1263278878357703} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645016 bytes -~~ total memory freed........: 8645016 bytes -~~ total allocations/frees...: 140539/140539 +~~ total memory allocated....: 9409390 bytes +~~ total memory freed........: 9409390 bytes +~~ total allocations/frees...: 154505/154505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 590 chars ~~ json message max len.......: 1014 chars diff --git a/test/results/default/dicom.pcap.out b/test/results/default/dicom.pcap.out index d636c4f0a..6f00c0e58 100644 --- a/test/results/default/dicom.pcap.out +++ b/test/results/default/dicom.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1542403616208085} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1542403616208085} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542403616208085,"flow_src_last_pkt_time":1542403616208085,"flow_dst_last_pkt_time":1542403616208085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542403616208085,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49531,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 01441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1542403616208085,"flow_dst_last_pkt_time":1542403616208085,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":739,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":739,"pkt_l4_len":715,"thread_ts_usec":1542403616208085,"pkt":"AgAAAEUAAt8AAEAAQAYAAH8AAAF\/AAABwXsAaOSpZTT8Yk9SgBgY6wDUAAABAQgKERggPBEYIDwBAAAAAqUAAQAAdGVzdHNlcnZlciAgICAgIHRlc3RjbGllbnQgICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABUxLjIuODQwLjEwMDA4LjMuMS4xLjEgAACAAQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAAwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4yLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACABQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4zLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB7BwAAADAAABYxLjIuODQwLjEwMDA4LjUuMS40LjMxQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5UAAAOVEAAAQAQAAAUgAAHjEuMi44MjYuMC4xLjM2ODAwNDMuOS43MTMzLjEuMVUAAAtHT0RJQ09NXzFfMQ=="} 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542403616208085,"flow_src_last_pkt_time":1542403616208085,"flow_dst_last_pkt_time":1542403616208085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542403616208085,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49531,"dst_port":104,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} @@ -7,7 +7,7 @@ 11384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1542403638136893,"flow_dst_last_pkt_time":1542403638136893,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":16388,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":16388,"pkt_l4_len":16364,"thread_ts_usec":1542403638136893,"pkt":"AgAAAEUAQAAAAEAAQAYAAH8AAAF\/AAABwYUAaDYFz9KamXHFgBAY6z31AAABAQgKERh1cREYdXEBAAAAQHcAAQAAdGVzdHNlcnZlciAgICAgIHRlc3RjbGllbnQgICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABUxLjIuODQwLjEwMDA4LjMuMS4xLjEgAACAAQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4xLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAAwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4yLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACABQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4zLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB7BwAAADAAABYxLjIuODQwLjEwMDA4LjUuMS4xLjI3QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAewkAAAAwAAAWMS4yLjg0MC4xMDAwOC41LjEuMS4yOUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAHsLAAAAMAAAFjEuMi44NDAuMTAwMDguNS4xLjEuMzBAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB+DQAAADAAABkxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgA8AAAAwAAAbMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAghEAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMS4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAEwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xLjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCFQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xLjIuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIAXAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIIZAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEuMy4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfxsAAAAwAAAaMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTBAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCHQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMDQuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIIfAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEwNC4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfyEAAAAwAAAaMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBIwAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgSUAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIEnAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjExLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBKQAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMS40QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgSsAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTEuNUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIEtAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACDLwAAADAAAB4xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMi4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBMQAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMi4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgzMAAAAwAAAeMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTIuMi4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgTUAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTIuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIA3AAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyOEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIA5AAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyOUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM7AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM9AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM\/AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBBAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzMEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBDAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIFFAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjE0LjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBRwAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xNC4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfkkAAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBLAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjIuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH9NAAAAMAAAGjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjIwQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfk8AAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBRAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjMuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH5TAAAAMAAAGTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjRAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAVQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAVwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAWQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCWwAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJdAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgl8AAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCYQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuNEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJjAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS41QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgmUAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjZAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCZwAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuN0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJpAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS44QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgmsAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjlAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB+bQAAADAAABkxLjIuODQwLjEwMDA4LjUuMS40LjEuMS41QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfm8AAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBxAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjYuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBzAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjYuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH91AAAAMAAAGjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjY2QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgXcAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNjYuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIF5AAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjY2LjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQ="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542403638136893,"flow_src_last_pkt_time":1542403638136893,"flow_dst_last_pkt_time":1542403638136893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16332,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16332,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542403638136893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49541,"dst_port":104,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1542403638136896,"flow_dst_last_pkt_time":1542403638136893,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":233,"pkt_l4_len":209,"thread_ts_usec":1542403638136896,"pkt":"AgAAAEUAAOUAAEAAQAYAAH8AAAF\/AAABwYUAaDYGD56amXHFgBgY6\/7ZAAABAQgKERh1cREYdXEuMi44NDAuMTAwMDguNS4xLjQuNDUuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OVAAADlRAAAEAEAAAFIAAB4xLjIuODI2LjAuMS4zNjgwMDQzLjkuNzEzMy4xLjFVAAALR09ESUNPTV8xXzE="} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1542640280263675} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1542640280263675} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640280263675,"flow_src_last_pkt_time":1542640280263675,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16332,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16332,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640280263675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52180,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 11384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1542640280263675,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":16388,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":16388,"pkt_l4_len":16364,"thread_ts_usec":1542640280263675,"pkt":"AgAAAEUAQAAAAEAAQAYAAH8AAAF\/AAABy9QAaAmUtDbeVlmKgBAY6z31AAABAQgKHojvcx6I73IBAAAAQHcAAQAAdGVzdHNlcnZlciAgICAgIHRlc3RjbGllbnQgICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABUxLjIuODQwLjEwMDA4LjMuMS4xLjEgAACAAQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4xLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAAwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4yLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACABQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4zLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB7BwAAADAAABYxLjIuODQwLjEwMDA4LjUuMS4xLjI3QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAewkAAAAwAAAWMS4yLjg0MC4xMDAwOC41LjEuMS4yOUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAHsLAAAAMAAAFjEuMi44NDAuMTAwMDguNS4xLjEuMzBAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB+DQAAADAAABkxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgA8AAAAwAAAbMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAghEAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMS4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAEwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xLjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCFQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xLjIuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIAXAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIIZAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEuMy4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfxsAAAAwAAAaMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTBAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCHQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMDQuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIIfAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEwNC4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfyEAAAAwAAAaMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBIwAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgSUAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIEnAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjExLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBKQAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMS40QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgSsAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTEuNUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIEtAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACDLwAAADAAAB4xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMi4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBMQAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMi4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgzMAAAAwAAAeMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTIuMi4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgTUAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTIuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIA3AAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyOEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIA5AAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyOUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM7AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM9AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM\/AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBBAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzMEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBDAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIFFAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjE0LjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBRwAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xNC4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfkkAAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBLAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjIuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH9NAAAAMAAAGjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjIwQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfk8AAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBRAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjMuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH5TAAAAMAAAGTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjRAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAVQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAVwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAWQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCWwAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJdAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgl8AAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCYQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuNEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJjAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS41QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgmUAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjZAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCZwAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuN0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJpAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS44QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgmsAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjlAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB+bQAAADAAABkxLjIuODQwLjEwMDA4LjUuMS40LjEuMS41QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfm8AAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBxAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjYuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBzAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjYuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH91AAAAMAAAGjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjY2QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgXcAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNjYuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIF5AAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjY2LjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQ="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640280263675,"flow_src_last_pkt_time":1542640280263675,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16332,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16332,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640280263675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52180,"dst_port":104,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} @@ -19,7 +19,7 @@ 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640472542802,"flow_src_last_pkt_time":1542640472542802,"flow_dst_last_pkt_time":1542640472542802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640472542802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52228,"dst_port":104,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1542640280263675,"flow_src_last_pkt_time":1542640280263678,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16509,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640472542802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52180,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640472542802,"flow_src_last_pkt_time":1542640472542802,"flow_dst_last_pkt_time":1542640472542802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640472542802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52228,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1542640472542802} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1542640472542802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652324 bytes -~~ total memory freed........: 8652324 bytes -~~ total allocations/frees...: 140572/140572 +~~ total memory allocated....: 9416794 bytes +~~ total memory freed........: 9416794 bytes +~~ total allocations/frees...: 154538/154538 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 11389 chars diff --git a/test/results/default/dingtalk.pcap.out b/test/results/default/dingtalk.pcap.out index f10dc075b..3bcf4b1a3 100644 --- a/test/results/default/dingtalk.pcap.out +++ b/test/results/default/dingtalk.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1728289377294889} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1728289377294889} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1728289377294889,"flow_src_last_pkt_time":1728289377294889,"flow_dst_last_pkt_time":1728289377294889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728289377294889,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"47.246.133.39","src_port":48910,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1728289377294889,"flow_dst_last_pkt_time":1728289377294889,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1728289377294889,"pkt":"RQAAPCYtQABABqeZCtetAS\/2hSe\/DgG7YrqPJgAAAACgAv\/\/81AAAAIEBXgEAggK\/Hc40QAAAAABAwMJ"} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1728289377294889,"flow_dst_last_pkt_time":1728289377313973,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1728289377313973,"pkt":"RQAAMAAAQABABs3SL\/aFJwrXrQEBu78Od+t362K6jydwEgQAR2MAAAIEJugDAwkA"} @@ -16,7 +16,7 @@ 01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1728289414066710,"flow_src_last_pkt_time":1728289414072331,"flow_dst_last_pkt_time":1728289414078591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3493,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3493,"midstream":0,"thread_ts_usec":1728289414078591,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"104.166.182.25","src_port":49352,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DingTalk","proto_id":"91.431","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"static.dingtalk.com","domainame":"static.dingtalk.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1728289377294889,"flow_src_last_pkt_time":1728289377316787,"flow_dst_last_pkt_time":1728289377313973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728289414087096,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"47.246.133.39","src_port":48910,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DingTalk","proto_id":"431","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1728289414066710,"flow_src_last_pkt_time":1728289414086424,"flow_dst_last_pkt_time":1728289414087096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3493,"flow_src_tot_l4_payload_len":597,"flow_dst_tot_l4_payload_len":3493,"midstream":0,"thread_ts_usec":1728289414087096,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"104.166.182.25","src_port":49352,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DingTalk","proto_id":"91.431","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1728289414087096} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1728289414087096} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657421 bytes -~~ total memory freed........: 8657421 bytes -~~ total allocations/frees...: 140566/140566 +~~ total memory allocated....: 9421827 bytes +~~ total memory freed........: 9421827 bytes +~~ total allocations/frees...: 154532/154532 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 514 chars ~~ json message max len.......: 1300 chars diff --git a/test/results/default/discord.pcap.out b/test/results/default/discord.pcap.out index e9eb39044..c8b9a2d0e 100644 --- a/test/results/default/discord.pcap.out +++ b/test/results/default/discord.pcap.out @@ -1,4 +1,4 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00740{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":42193200,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42193200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42193200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42193200,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":42193200,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42208691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":42208691,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="} @@ -8,7 +8,7 @@ 01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":42225002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","domainame":"discord.com","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 02202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1312,"pkt_l4_len":1278,"thread_ts_usec":42225262,"pkt":"CAAnW\/mGUlQAEjUCCABFAAUSAYsAAEAGRMSin4DpCgACDwG7p1IAKQmuhl3zuVAY\/\/\/akgAAFw0yMDAxMjcxMjQ4MDhaFw0yNDEyMzEyMzU5NTlaMEoxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMSAwHgYDVQQDExdDbG91ZGZsYXJlIEluYyBFQ0MgQ0EtMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLmtTWaZFAtG7B+B0SpQHp0DFS80En0tlriIOJuFX4+\/u03vYUbEyXPUJE\/g7hzObLNRcS9q7kwFCXfTcmKkm9ejggFoMIIBZDAdBgNVHQ4EFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8wHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMG0GA1UdIARmMGQwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCwYJYIZIAYb9bAECMAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IBAQAFJB3dG7Aq65jWheM5TV5rV52CV\/zr6DGiV5BlBb4WRDhadwK5zxBCxuGSpONFJ\/gARyxoqFaZU1SPrZ5AwdAPttcNCzhIbFAsSZAGW2Qdi8xIMC7eCOKbSSLAkgwRXpaSlNX8INxWbOWSk796HMA344VJFfor4XQ5GA+32vOiV1hgT8yOlAD8Rns0MT5NR4KBOsv0iV0O700NbpwbgiTdMiVdEXhRED2gNSMEL2VvnMHRQ9fQHvMxZ1kn3WvSdQmTESQkFM8pvuYjw7iPcj\/pB8gkRFN6s7lhZaFMDsZIAMl1YwWHcEVSg9OVnUXq8OgxHX4JHwr+Pt2qPF500qyxFgMDAR8WAAEbAQABFzCCARMKAQCgggEMMIIBCAYJKwYBBQUHMAEBBIH6MIH3MIGeohYEFKXON+rrsHUOlGeItEX62SQQh5YfGA8yMDIxMDYwNDE2NTQ1OVowczBxMEkwCQYFKw4DAhoFAAQUEteLQCw1Ygb6gn+O2JIkEbSs9QQEFKXON+rrsHUOlGeItEX62SQQh5YfAhAH3YJIZrz5uC05EWraPqhcgAAYDzIwMjEwNjA0MTYzOTAyWqARGA8yMDIxMDYxMTE1NTQwMlowCgYIKoZIzj0EAwIDSAAwRQIhAMXROKXZ7Jt8Zi554DB7quPCK\/IZFlmTaZZnz0VZFHNpAiACcSV+13HWn1ohsEui9BTB3RCy2aPuehedNO\/\/FOrpQBYDAwBzDAAAbwMAHSCkniGEc6D0P0\/zc1ti1h5Xij6mTf1b+LwAXyazuTPOIQQDAEcwRQIgFOasmmQ0Pr7QbXb\/XK1MLPUyhzbInReveIgZXB8OeaoCIQC4F4W16GCAbAzpDvdw8iubNMQsnWU0ZKVkBEftiyeqwhYDAwAEDgAAAA=="} 01640{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":2710,"midstream":0,"thread_ts_usec":42225262,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","domainame":"discord.com","tls": {"version":"TLSv1.2","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D","blocks":0}}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656934210298000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656934210298000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210298000,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.244.154","src_port":56271,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1656934210298000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkfNMAAH8RxTjAqAJkQhb0mtvPw1QAEHq2EzfK\/g4AAAA="} 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210298000,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.244.154","src_port":56271,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} @@ -34,7 +34,7 @@ 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210363000,"flow_src_last_pkt_time":1656934210363000,"flow_dst_last_pkt_time":1656934210363000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.237.11","src_port":56271,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1656934210363000,"flow_dst_last_pkt_time":1656934210363000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1656934210363000,"pkt":"YDjgxTWgeJS0JASgCABFAAAkjuxAADcRwq5CFu0LwKgCZMNU288AEItFEzfK\/gUAAAAAAAAAAAAAAAAA"} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":42193200,"flow_src_last_pkt_time":42233199,"flow_dst_last_pkt_time":42247831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":3037,"midstream":0,"thread_ts_usec":1656934210363000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3402,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":0,"current-active-flows":6,"total-active-flows":7,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1657223719868000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3402,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":0,"current-active-flows":6,"total-active-flows":7,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1657223719868000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657223719868000,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719868000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657223719868000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":57955,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719868000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657223719868000,"pkt":"eJS0JASgYDjgxTWgCABFAABmlIAAAH8R3TbAqAJkQhbEreJjw1QAUnMiAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb3Q="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719895000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657223719895000,"pkt":"YDjgxTWgeJS0JASgCABFAABmFK9AADoRYghCFsStwKgCZMNU4mMAUpwIAAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mM="} @@ -155,7 +155,7 @@ 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1657224079896000,"flow_src_last_pkt_time":1657224081830000,"flow_dst_last_pkt_time":1657224081824000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":1206,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":58322,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657224139897000,"flow_src_last_pkt_time":1657224140295000,"flow_dst_last_pkt_time":1657224140441000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2892,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":61392,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1657224199898000,"flow_src_last_pkt_time":1657224200131000,"flow_dst_last_pkt_time":1657224200128000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":2845,"flow_dst_tot_l4_payload_len":363,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":63362,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":187,"packets-processed":186,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":2,"total-updates":25,"current-active-flows":4,"total-active-flows":19,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":158,"global_ts_usec":1657224319898000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":187,"packets-processed":186,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":2,"total-updates":25,"current-active-flows":4,"total-active-flows":19,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":158,"global_ts_usec":1657224319898000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657224319898000,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319898000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657224319898000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":62379,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319898000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224319898000,"pkt":"eJS0JASgYDjgxTWgCABFAABmywMAAH8RprPAqAJkQhbErfOrw1QAUprMAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANoI="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319945000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224319945000,"pkt":"YDjgxTWgeJS0JASgCABFAABmaGhAADoRDk9CFsStwKgCZMNU86sAUnl4AAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA86s="} @@ -260,7 +260,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1657224679899000,"flow_src_last_pkt_time":1657224680269000,"flow_dst_last_pkt_time":1657224680139000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":2527,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":61060,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657224799899000,"flow_src_last_pkt_time":1657224800581000,"flow_dst_last_pkt_time":1657224800795000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":2902,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":52323,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1657224739899000,"flow_src_last_pkt_time":1657224740128000,"flow_dst_last_pkt_time":1657224739929000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":299,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":3296,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":63893,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":2,"total-updates":48,"current-active-flows":3,"total-active-flows":29,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":263,"global_ts_usec":1657224919900000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":2,"total-updates":48,"current-active-flows":3,"total-active-flows":29,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":263,"global_ts_usec":1657224919900000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657224919900000,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919900000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657224919900000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":65053,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919900000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224919900000,"pkt":"eJS0JASgYDjgxTWgCABFAABm+q8AAH8RdwfAqAJkQhbErf4dw1QAUjxpAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAinM="} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919927000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224919927000,"pkt":"YDjgxTWgeJS0JASgCABFAABmvT9AADoRuXdCFsStwKgCZMNU\/h0AUmSUAAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/h0="} @@ -313,7 +313,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657225039901000,"flow_src_last_pkt_time":1657225040816000,"flow_dst_last_pkt_time":1657225041016000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2662,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":54950,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657225099902000,"flow_src_last_pkt_time":1657225101391000,"flow_dst_last_pkt_time":1657225101610000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2892,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":59240,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1657225159904000,"flow_src_last_pkt_time":1657225160168000,"flow_dst_last_pkt_time":1657225159930000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":1771,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":62481,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":411,"packets-processed":411,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":2,"total-updates":57,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":316,"global_ts_usec":1657225160168000} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":411,"packets-processed":411,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":2,"total-updates":57,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":316,"global_ts_usec":1657225160168000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 411/411 ~~ skipped flows.............: 0 @@ -322,9 +322,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8743392 bytes -~~ total memory freed........: 8743392 bytes -~~ total allocations/frees...: 141291/141291 +~~ total memory allocated....: 9508822 bytes +~~ total memory freed........: 9508822 bytes +~~ total allocations/frees...: 155257/155257 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 516 chars ~~ json message max len.......: 2458 chars diff --git a/test/results/default/discord_mid_flow.pcap.out b/test/results/default/discord_mid_flow.pcap.out index 54fe9f733..ee7839144 100644 --- a/test/results/default/discord_mid_flow.pcap.out +++ b/test/results/default/discord_mid_flow.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444902267546} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444902267546} 00304{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902267546,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902267546} 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":110,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AUgAhRQAAUDmyQAA2EUNIQhbyhAUkjeTDUdaXADysR4HJAAcAFi\/9U3EJWSzwZdVy25rBGVhGPGQBRx\/4s1vL+mbg\/hL8rWooq\/qDozlbBiYhAAA="} 00304{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444903267716,"packet_id":2,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444903267716} @@ -32,7 +32,7 @@ 00463{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AWgAhRQAAWERnAAB\/ES+LBSSN5EIW8oTWl8NRAETgQYDIAAYAFi\/9+yCCO3My0Tvo+T4AtA5exBK1zkrGAV0k2VqCPuVJGZMMW3h3lrKvNPY5LxBLvqs9ywEAgA=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444911267758,"packet_id":16,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444911267758} 00450{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":110,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AUgAhRQAAUDzIQAA2EUAyQhbyhAUkjeTDUdaXADx1CoHJAAcAFi\/9SPerYXcFME3U81PRyMrjJiWKLfADxN490f944PcsGQYO71EGes1sJS8hAAA="} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":40,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1673444926267852} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":40,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1673444926267852} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 40/0 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 309 chars ~~ json message max len.......: 824 chars diff --git a/test/results/default/dlep.pcapng.out b/test/results/default/dlep.pcapng.out index 52e0791bf..2adfa5dbd 100644 --- a/test/results/default/dlep.pcapng.out +++ b/test/results/default/dlep.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1565709120718355} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1565709120718355} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120718355,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1565709120718355,"pkt":"AQBeAAB1AAAAqgAACABFAAA4CyxAAP8RhhIKAAAB4AAAdd7kA1YAJOqrRExFUAABABQABAAQAGVtdWxhdGVkLXJvdXRlcg=="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120718355,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -13,7 +13,7 @@ 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120720050,"flow_src_last_pkt_time":1565709120720050,"flow_dst_last_pkt_time":1565709120720050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.0.0.1","src_port":44515,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1565709120723425,"flow_src_last_pkt_time":1565709120723425,"flow_dst_last_pkt_time":1565709120726405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":51762,"dst_port":854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1565709120726405} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1565709120726405} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649802 bytes -~~ total memory freed........: 8649802 bytes -~~ total allocations/frees...: 140558/140558 +~~ total memory allocated....: 9414240 bytes +~~ total memory freed........: 9414240 bytes +~~ total allocations/frees...: 154524/154524 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 964 chars diff --git a/test/results/default/dlms.pcap.out b/test/results/default/dlms.pcap.out index 97bd43e11..3c3dc8cb1 100644 --- a/test/results/default/dlms.pcap.out +++ b/test/results/default/dlms.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1520780595035623} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1520780595035623} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1520780595035623,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1520780595035623,"pkt":"lDnlrnyR3KkEgvOKCABFAABAAABAAEAGppXAqIkUwKiJve19D9yvhVkrAAAAALAC\/\/+DkQAAAgQFtAEDAwUBAQgKBgITPAAAAAAEAgAA"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1520780595035701,"pkt":"3KkEgvOKlDnlrnyRCABFAAA8AABAAEAGppnAqIm9wKiJFA\/c7X0R5x5nr4VZLKAScSAumQAAAgQFtAQCCAptmVbiBgITPAEDAwc="} @@ -7,7 +7,7 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1520780595041619,"pkt":"lDnlrnyR3KkEgvOKCABFAAA9AABAAEAGppjAqIkUwKiJve19D9yvhVksEeceaIAYEBWKJQAAAQEICgYCEz5tmVbifqAHAyGTDwF+"} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1520780595041619,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595041656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1520780595041656,"pkt":"3KkEgvOKlDnlrnyRCABFAAA0+YlAAEAGrRfAqIm9wKiJFA\/c7X0R5x5or4VZNYAQAOPNkQAAAQEICm2ZVugGAhM+"} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1522419490000000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1522419490000000} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000000,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":17,"thread_ts_usec":1522419490000000,"pkt":"CgICAgICCgEBAQEBCABFAAAlEjQAAP8Rko4KAQEBCgICAgAAD9sAEUWjfqAHAwOTjBF+AAAAAAAAAAAA"} 00901{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000000,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -17,7 +17,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1522419490000004,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1522419490000004,"pkt":"CgICAgICCgEBAQEBCABFAAA3EjQAAP8RknwKAQEBCgICAgAAD9sAIz7OfqAZAyHcH9bm5gDAAcEADwAAKAAA\/wcAKS1+"} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000008,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000008,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595062222,"flow_dst_last_pkt_time":1520780595062256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":2270,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1522419490000008,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1522419490000008} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1522419490000008} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650127 bytes -~~ total memory freed........: 8650127 bytes -~~ total allocations/frees...: 140573/140573 +~~ total memory allocated....: 9414533 bytes +~~ total memory freed........: 9414533 bytes +~~ total allocations/frees...: 154539/154539 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 1116 chars diff --git a/test/results/default/dlt_ppp.pcap.out b/test/results/default/dlt_ppp.pcap.out index 9f2107137..dc4f0c46a 100644 --- a/test/results/default/dlt_ppp.pcap.out +++ b/test/results/default/dlt_ppp.pcap.out @@ -1,7 +1,7 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00272{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031048,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_usec":1031048} 01950{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","pkt_datalink":9,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_usec":1031048,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"} -00798{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":4,"global_ts_usec":1031048} +00798{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":4,"global_ts_usec":1031048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -10,9 +10,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 277 chars ~~ json message max len.......: 1955 chars diff --git a/test/results/default/dnp3.pcap.out b/test/results/default/dnp3.pcap.out index 844a4e281..41abfb7a6 100644 --- a/test/results/default/dnp3.pcap.out +++ b/test/results/default/dnp3.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1097501938503079} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1097501938503079} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097501938503079,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503079,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503079,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} @@ -8,7 +8,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503280,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503280,"pkt":"AFAEk3BnAAKzznBRCABFAAAwkmJAAIAGVFsKAAADCgAACE4gCuVSxjiFVRwa03AS\/\/8axQAAAgQFtAEBBAI="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097501938503490,"flow_dst_last_pkt_time":1097501938504844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097501938504844,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02090{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097502061905496,"flow_dst_last_pkt_time":1097501941569134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097502061905496,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":4079628.2,"max":120145678,"stddev":21203112.0,"var":449571977166848.0,"ent":0.4,"data": [0,0,201,0,0,411,0,0,1564,0,0,151649,0,0,2891882,0,0,795,0,0,3043080,0,0,21210,0,0,212002,0,0,120145678,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.8,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.259637833,4.259637833,4.259637833,4.683206558,4.683206558,4.683206558,4.102729797,4.102729797,4.102729797,4.867636204,4.867636204,4.867636204,4.146208286,4.146208286,4.146208286,4.803641796,4.803641796,4.803641796,5.091148376,5.091148376,5.091148376,4.146208286,4.146208286,4.146208286,4.750165939,4.750165939,4.750165939,4.146208286,4.146208286,4.146208286,4.932524681,4.932524681]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1097502623045756} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1097502623045756} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097502623045756,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045756,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045756,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} @@ -17,7 +17,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045930,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045930,"pkt":"AFAEk3BnAAKzznBRCABFAAAwkrlAAIAGVAQKAAADCgAACE4gCvNc+rZHZuVtCnAS\/\/8uwAAAAgQFtAEBBAI="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502623046134,"flow_dst_last_pkt_time":1097502623047417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097502623047417,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02093{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502648521527,"flow_dst_last_pkt_time":1097502648521681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097502648521681,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1643603.1,"max":17487311,"stddev":4346023.5,"var":18887919796224.0,"ent":2.2,"data": [0,0,174,0,0,378,0,0,1487,0,0,181225,0,0,17203302,0,0,17487311,0,0,4814054,0,0,4907006,0,0,3276812,0,0,3079947,0]},"pktlen": {"min":46,"avg":50.8,"max":64,"stddev":7.1,"var":50.0,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1],"entropies": [4.259637833,4.259637833,4.259637833,4.599873543,4.599873543,4.599873543,4.032184124,4.032184124,4.032184124,4.588809967,4.588809967,4.588809967,4.075662136,4.075662136,4.075662136,4.807524681,4.807524681,4.807524681,4.075662136,4.075662136,4.075662136,4.889479637,4.889479637,4.889479637,4.102729797,4.102729797,4.102729797,4.146208286,4.146208286,4.146208286,4.146208286,4.146208286]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":79,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1097504102255746} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":79,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1097504102255746} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097504102255746,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097504102255746,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097504102255746,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} @@ -27,7 +27,7 @@ 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504102256118,"flow_dst_last_pkt_time":1097504102257400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097504102257400,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":18,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502648678187,"flow_dst_last_pkt_time":1097502648677871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097504103602860,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02088{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504186592304,"flow_dst_last_pkt_time":1097504103409070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097504186592304,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2757738.0,"max":82989444,"stddev":14650606.0,"var":214640269197312.0,"ent":0.2,"data": [0,0,167,0,0,372,0,0,1487,0,0,144969,0,0,996855,0,0,774,0,0,1141407,0,0,10263,0,0,204144,0,0,82989444,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.8,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.233697891,4.233697891,4.233697891,4.698933601,4.698933601,4.698933601,4.075662136,4.075662136,4.075662136,4.854392529,4.854392529,4.854392529,4.119140625,4.119140625,4.119140625,4.817366600,4.817366600,4.817366600,5.114375591,5.114375591,5.114375591,4.162618637,4.162618637,4.162618637,4.765161514,4.765161514,4.765161514,4.075662136,4.075662136,4.075662136,4.901274681,4.901274681]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1097505644006837} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1097505644006837} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097505644006837,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644006837,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644006837,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} @@ -36,7 +36,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644007009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644007009,"pkt":"AFAEk3BnAAKzznBRCABFAAAwxfhAAIAGIMQKAAADCgAACU4gBDiWbHn2GWoYHXAS\/\/\/awQAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505719035890,"flow_dst_last_pkt_time":1097505644007009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097505719035890,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02091{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505754575976,"flow_dst_last_pkt_time":1097505754654239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":205,"midstream":0,"thread_ts_usec":1097505754654239,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7136017.5,"max":75076356,"stddev":19839044.0,"var":393587648888832.0,"ent":1.9,"data": [0,0,172,0,0,422,0,0,75028631,0,0,75076356,0,0,533,0,0,48219,0,0,553,0,0,153041,0,0,35338826,0,0,35569788,0]},"pktlen": {"min":46,"avg":52.7,"max":63,"stddev":5.9,"var":34.5,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,55,55,55,57,57,57,57,57,57,46,46,46,63,63,63,46,46,46,58,58,58,57,57]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1],"entropies": [4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.162618637,4.162618637,4.162618637,4.907654285,4.907654285,4.907654285,4.659897804,4.659897804,4.659897804,4.765161991,4.765161991,4.765161991,4.162618637,4.162618637,4.162618637,4.927980900,4.927980900,4.927980900,4.162619114,4.162619114,4.162619114,4.909368515,4.909368515,4.909368515,4.673142433,4.673142433]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":352,"packets-processed":351,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1097507785883614} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":352,"packets-processed":351,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1097507785883614} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097507785883614,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883614,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883614,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} @@ -45,7 +45,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883753,"pkt":"AFAEk3BnAAKzznBRCABFAAAwx49AAIAGHy4KAAADCgAACE4gBD62X0jyDC0Sy3AS\/\/\/+XAAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507785883944,"flow_dst_last_pkt_time":1097507785885063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097507785885063,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02079{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507788771853,"flow_dst_last_pkt_time":1097507788624309,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097507788771853,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":181578.5,"max":2639445,"stddev":625878.8,"var":391724269568.0,"ent":1.5,"data": [0,0,139,0,0,330,0,0,1310,0,0,168563,0,0,2471106,0,0,796,0,0,2639445,0,0,99801,0,0,232167,0,0,15277,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.1,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,64,64,64,46,46,46,57,57,57,46,46,46,65,65]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.119140148,4.119140148,4.119140148,4.854392529,4.854392529,4.854392529,4.162619114,4.162619114,4.162619114,4.767277718,4.767277718,4.767277718,4.850569725,4.850569725,4.850569725,4.119140625,4.119140625,4.119140625,4.806060791,4.806060791,4.806060791,4.206097126,4.206097126,4.206097126,5.071992874,5.071992874]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":445,"packets-processed":444,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1097510947092701} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":445,"packets-processed":444,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1097510947092701} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097510947092701,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092701,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092701,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} @@ -54,7 +54,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092859,"pkt":"AFAEk3BnAAKzznBRCABFAAAwyZlAAIAGHSQKAAADCgAACE4gBIfliDTWmKbHVHAS\/\/+iAwAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510947093064,"flow_dst_last_pkt_time":1097510947094289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097510947094289,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":15,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097502062040142,"flow_dst_last_pkt_time":1097502061912093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097510950374117,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":472,"packets-processed":471,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1097512255234470} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":472,"packets-processed":471,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1097512255234470} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097512255234470,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097512255234470,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097512255234470,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} @@ -64,7 +64,7 @@ 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512255234830,"flow_dst_last_pkt_time":1097512255236054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097512255236054,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":78,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504224083555,"flow_dst_last_pkt_time":1097504223905294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":2730,"midstream":0,"thread_ts_usec":1097512264841740,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02088{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512267645965,"flow_dst_last_pkt_time":1097512267537969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097512267645965,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":797257.9,"max":9487840,"stddev":2344670.8,"var":5497481068544.0,"ent":1.9,"data": [0,0,157,0,0,360,0,0,1427,0,0,192830,0,0,9226978,0,0,9487840,0,0,187102,0,0,2636386,0,0,2814075,0,0,167839,0]},"pktlen": {"min":46,"avg":52.8,"max":64,"stddev":7.0,"var":48.7,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0],"entropies": [4.217971325,4.217971325,4.217971325,4.641540051,4.641540051,4.641540051,4.032184124,4.032184124,4.032184124,4.784216881,4.784216881,4.784216881,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.906424999,4.906424999,4.906424999,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.858093739,4.858093739,4.858093739,4.075662136,4.075662136]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":505,"packets-processed":504,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1097513177295531} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":505,"packets-processed":504,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1097513177295531} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097513177295531,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097513177295531,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097513177295531,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097513177295531,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} @@ -78,7 +78,7 @@ 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":36,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507856257809,"flow_dst_last_pkt_time":1097507856091024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":93,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":774,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510959359091,"flow_dst_last_pkt_time":1097510959487180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512267645965,"flow_dst_last_pkt_time":1097512267537969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":543,"packets-processed":543,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1097513185107737} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":543,"packets-processed":543,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1097513185107737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 543/543 ~~ skipped flows.............: 0 @@ -87,9 +87,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8677617 bytes -~~ total memory freed........: 8677617 bytes -~~ total allocations/frees...: 141153/141153 +~~ total memory allocated....: 9442215 bytes +~~ total memory freed........: 9442215 bytes +~~ total allocations/frees...: 155119/155119 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2098 chars diff --git a/test/results/default/dns-exf.pcap.out b/test/results/default/dns-exf.pcap.out index 62607419d..321fc5f5c 100644 --- a/test/results/default/dns-exf.pcap.out +++ b/test/results/default/dns-exf.pcap.out @@ -1,12 +1,12 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1694185912616950} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1694185912616950} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1694185912616950,"pkt":"rB9rrWosDMR6zE5uCABFAACVxO0AAEARLrPAqALhwKgChrDqADUAgRda\/9UBIAABAAAAAAABOkg0c0lDTjAzKjJRQUEzUmxjM1F1ZEhoMEFBdkp5Q3hXQUtKRWhlTFU1S0xVRW9XMHpKeFVMZ0FnZS0MNFMyRmdBQUFBPT0tBHRlc3QDdHh0AAABAAEAACkQAAAAAAAADAAKAAiBti2q57F2RQ=="} 01560{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","domainame":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1694185912617037,"pkt":"DMR6zE5urB9rrWosCABFAACl4RtAAEAR0nTAqAKGwKgC4QA1sOoAkYda\/9WBgAABAAEAAAAAOkg0c0lDTjAzKjJRQUEzUmxjM1F1ZEhoMEFBdkp5Q3hXQUtKRWhlTFU1S0xVRW9XMHpKeFVMZ0FnZS0MNFMyRmdBQUFBPT0tBHRlc3QDdHh0AAABAAEAACkQAAAAAAAADAAKAAiBti2q57F2RcAMAAEAAQAAADwABMCoAoY="} 01674{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","domainame":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":41,"rsp_addr": []}}} 01511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1694185912617037} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1694185912617037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644983 bytes -~~ total memory freed........: 8644983 bytes -~~ total allocations/frees...: 140538/140538 +~~ total memory allocated....: 9409357 bytes +~~ total memory freed........: 9409357 bytes +~~ total allocations/frees...: 154504/154504 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 1679 chars diff --git a/test/results/default/dns-google-nsid.pcapng.out b/test/results/default/dns-google-nsid.pcapng.out index 5984e6caf..5e1997081 100644 --- a/test/results/default/dns-google-nsid.pcapng.out +++ b/test/results/default/dns-google-nsid.pcapng.out @@ -1,11 +1,11 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690622872644843} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690622872644843} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1690622872644843,"pkt":"ILAB4IZiNObXAhsnht1gAfZ6ADQRQCABCwcKPcESszICDYmrEF4gAUhgSGAAAAAAAAAAAIhEopgANQA0fuyRUQEgAAEAAAAAAAEAAAIAAQAAKRAAAAAAAAAQAAMAAAAKAAjr5ips77+Grg=="} 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2,"rsp_type":0,"rsp_addr": []}}} 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":314,"pkt_l4_len":260,"thread_ts_usec":1690622872652124,"pkt":"NObXAhsnILAB4IZiht1oBYXDAQQReyABSGBIYAAAAAAAAAAAiEQgAQsHCj3BErMyAg2JqxBeADWimAEE5j2RUYGgAAEADQAAAAEAAAIAAQAAAgABAACPzQAUAWEMcm9vdC1zZXJ2ZXJzA25ldAAAAAIAAQAAj80ABAFiwB4AAAIAAQAAj80ABAFjwB4AAAIAAQAAj80ABAFkwB4AAAIAAQAAj80ABAFlwB4AAAIAAQAAj80ABAFmwB4AAAIAAQAAj80ABAFnwB4AAAIAAQAAj80ABAFowB4AAAIAAQAAj80ABAFpwB4AAAIAAQAAj80ABAFqwB4AAAIAAQAAj80ABAFrwB4AAAIAAQAAj80ABAFswB4AAAIAAQAAj80ABAFtwB4AACkCAAAAAAAADQADAAlncGRucy1taWw="} 01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1690622872652124,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":2,"rsp_type":2,"rsp_addr": []}}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1690735119384155} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1690735119384155} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735119384155,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1690735119384155,"pkt":"EBMx8Tl2nFg8p+7MCABFAABJMKYAAEARAADAqAEdCAgEBOTUADUANc4XTRUBIAABAAAAAAABA3d3dwRudG9wA29yZwAAAQABAAApEAAAAAAAAAQAAwAA"} 01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735119384155,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -43,7 +43,7 @@ 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295632475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wikipedia.it"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295421128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.ntop.org"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735126272436,"flow_src_last_pkt_time":1690735126272436,"flow_dst_last_pkt_time":1690735126289473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":51166,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wireshark.org"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1422,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1690735295654626} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1422,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1690735295654626} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -52,9 +52,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659668 bytes -~~ total memory freed........: 8659668 bytes -~~ total allocations/frees...: 140606/140606 +~~ total memory allocated....: 9424234 bytes +~~ total memory freed........: 9424234 bytes +~~ total allocations/frees...: 154572/154572 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 1212 chars diff --git a/test/results/default/dns-invalid-chars.pcap.out b/test/results/default/dns-invalid-chars.pcap.out index 6c66e2758..5851a801e 100644 --- a/test/results/default/dns-invalid-chars.pcap.out +++ b/test/results/default/dns-invalid-chars.pcap.out @@ -1,12 +1,12 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946734886956538} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946734886956538} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":946734886956538,"pkt":"AAAAAAAAAAAAAAAACABFAABMyRJAAEARc4x\/AAABfwAAAYyMADUAOP5Ln2wBAAABAAAAAAAAA3d3dxdhbGx5b3VyYmEEBQZhcmViZWxvbmd0bwJjbgAAAQAB"} 01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourba???arebelongto.cn","domainame":"www.allyourba???arebelongto.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":946734886957011,"pkt":"AAAAAAAAAAAAAAAACABFAABcAABAAEARPI9\/AAABfwAAAQA1jIwASP5bn2yBgAABAAEAAAAAA3d3dxdhbGx5b3VyYmFzZXNhcmUBAgNvbmd0bwJjbgAAAQABwAwAAQABAAAAPAAEE7mN8Q=="} 01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourbasesare???ongto.cn","domainame":"www.allyourbasesare???ongto.cn","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["19.185.141.241,ttl=60"]}}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourbasesare???ongto.cn"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":946734886957011} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":946734886957011} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644910 bytes -~~ total memory freed........: 8644910 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409284 bytes +~~ total memory freed........: 9409284 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 584 chars ~~ json message max len.......: 1287 chars diff --git a/test/results/default/dns-tunnel-iodine.pcap.out b/test/results/default/dns-tunnel-iodine.pcap.out index a4ba9da6f..772cf72fa 100644 --- a/test/results/default/dns-tunnel-iodine.pcap.out +++ b/test/results/default/dns-tunnel-iodine.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1282356640051082} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1282356640051082} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1282356640051082,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1282356640051082,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="} 01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1282356640051082,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea","domainame":"vaaaakardli.pirate.sea","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr": []}}} @@ -10,7 +10,7 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1282356640057774,"flow_dst_last_pkt_time":1282356640052258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1282356640057774,"pkt":"CAAnx266CAAnnOC0CABFAABKAABAAEARInIKAAIeCgACFK5fADUANnlrTw4BAAABAAAAAAABBnlyYmkwMgZwaXJhdGUDc2VhAAAKAAEAACkQAAAAgAAAAA=="} 02427{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356645071860,"flow_dst_last_pkt_time":1282356640060900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1434,"flow_src_tot_l4_payload_len":2968,"flow_dst_tot_l4_payload_len":3580,"midstream":0,"thread_ts_usec":1282356645071860,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":93,"avg":162277.3,"max":1002966,"stddev":368318.9,"var":135658823680.0,"ent":2.4,"data": [93,897,1083,5795,5715,411,342,245,227,219,217,216,215,213,212,209,230,282,586,445,177,314,494,447,227,245,1001664,1002291,1001465,1002966,1002454]},"pktlen": {"min":68,"avg":232.6,"max":1462,"stddev":286.6,"var":82112.7,"ent":4.4,"data": [68,89,89,130,74,123,109,152,118,170,124,182,104,142,120,174,74,82,74,81,74,79,309,1078,309,1462,309,309,309,309,309,309]},"bins": {"c_to_s": [0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0],"entropies": [4.192683220,4.481659889,4.827383041,4.928776741,4.048753262,5.135797501,4.621113777,4.797404289,4.689741611,4.823459148,5.501323700,5.868503571,5.093356609,5.373332500,5.574461937,5.911468983,4.085981369,4.376136780,4.058953762,4.299961090,4.038551807,4.297753811,4.143254280,7.508830547,3.346999884,7.575299263,4.126974583,4.140811443,4.147284031,4.120341778,4.126974583,4.140811920]},"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea"}} 01240{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":212,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356664538177,"flow_dst_last_pkt_time":1282356664538369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1470,"flow_src_tot_l4_payload_len":16812,"flow_dst_tot_l4_payload_len":35212,"midstream":0,"thread_ts_usec":1282356664538369,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":438,"packets-processed":434,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1282356664538369} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":438,"packets-processed":434,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1282356664538369} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 438/434 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657450 bytes -~~ total memory freed........: 8657450 bytes -~~ total allocations/frees...: 140968/140968 +~~ total memory allocated....: 9421824 bytes +~~ total memory freed........: 9421824 bytes +~~ total allocations/frees...: 154934/154934 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2432 chars diff --git a/test/results/default/dns.pcap.out b/test/results/default/dns.pcap.out index 344f3e1f8..bcfff1052 100644 --- a/test/results/default/dns.pcap.out +++ b/test/results/default/dns.pcap.out @@ -1,4 +1,4 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":15458020,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":371,"pkt_l4_len":317,"thread_ts_usec":15458020,"pkt":"MzMAAAD7CAAns+Yuht1gDvfuAT0R\/\/6AAAAAAAAACgAn\/\/6z5i7\/AgAAAAAAAAAAAAAAAAD7FOkU6QE94YsAAIQAAAAABgAAAAMBRQEyATYBRQEzAUIBRQFGAUYBRgE3ATIBMAEwAUEBMAEwATABMAEwATABMAEwATABMAEwATABMAEwATgBRQFGA2lwNgRhcnBhAAAMgAEAAAB4AA8HQW5kcm9pZAVsb2NhbAAQYWRiLXVuaWRlbnRpZmllZARfYWRiBF90Y3DAaAAQgAEAABGUAAEACV9zZXJ2aWNlcwdfZG5zLXNkBF91ZHDAaAAMAAEAABGUAALAgMCAAAwAAQAAEZQAAsBvwGAAHIABAAAAeAAQ\/oAAAAAAAAAKACf\/\/rPmLsBvACGAAQAAAHgACAAAAAAVs8BgwAwAL4ABAAAAeAAGwAwAAgAIwG8AL4ABAAARlAAJwG8ABQAAgABAwGAAL4ABAAAAeAAIwGAABAAAAAg="} 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":15458020,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","domainame":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","mdns": {}}} @@ -11,7 +11,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":69520583,"flow_dst_last_pkt_time":69520924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_usec":69520924,"pkt":"CAAnOk7TILAB4IZiht1gAAAAABQGQCABCwcKPcESAAAAAAAAAAEgAQsHCj3BErgxpz95dOYEADXCbjRYwBs5t9KvUBABfj89AAA="} 01112{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":69519720,"flow_src_last_pkt_time":69520583,"flow_dst_last_pkt_time":69526637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":69526637,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b831:a73f:7974:e604","dst_ip":"2001:b07:a3d:c112::1","src_port":49774,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"opentracker.io","domainame":"opentracker.io","dns": {"num_queries":1,"num_answers":23,"reply_code":0,"query_type":255,"rsp_type":43,"rsp_addr": ["45.9.60.30,ttl=1347"]}}} 01025{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":69527477,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1112172654366527} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1112172654366527} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="} 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","domainame":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} @@ -21,13 +21,13 @@ 01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695204348,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.example.com","domainame":"www.example.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} 01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.example.com","domainame":"www.example.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1484673025972667} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1484673025972667} 00292{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":16,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667} 00410{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00292{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":17,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144} 00581{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1484673025976144} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1484673025976144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/15 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650089 bytes -~~ total memory freed........: 8650089 bytes -~~ total allocations/frees...: 140568/140568 +~~ total memory allocated....: 9414527 bytes +~~ total memory freed........: 9414527 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 297 chars ~~ json message max len.......: 1117 chars diff --git a/test/results/default/dns2.pcap.out b/test/results/default/dns2.pcap.out index 08931cfcf..dbd26d8ca 100644 --- a/test/results/default/dns2.pcap.out +++ b/test/results/default/dns2.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727454108448141} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727454108448141} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727454108448141,"flow_src_last_pkt_time":1727454108448141,"flow_dst_last_pkt_time":1727454108448141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727454108448141,"l3_proto":"ip4","src_ip":"192.168.255.251","dst_ip":"8.8.8.8","src_port":56550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1727454108448141,"flow_dst_last_pkt_time":1727454108448141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1727454108448141,"pkt":"HFc+pX\/wAOBnMU8qCABFAAA8qHtAAEARwYHAqP\/7CAgICNzmADUAKOwr3uwBAAABAAAAAAAAA3d3dwZnaXRodWIDY29tAAABAAE="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727454108448141,"flow_src_last_pkt_time":1727454108448141,"flow_dst_last_pkt_time":1727454108448141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727454108448141,"l3_proto":"ip4","src_ip":"192.168.255.251","dst_ip":"8.8.8.8","src_port":56550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.github.com","domainame":"www.github.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -9,7 +9,7 @@ 01084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1727454108448141,"flow_src_last_pkt_time":1727454108448181,"flow_dst_last_pkt_time":1727454108459948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":111,"midstream":0,"thread_ts_usec":1727454108459948,"l3_proto":"ip4","src_ip":"192.168.255.251","dst_ip":"8.8.8.8","src_port":56550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.github.com","domainame":"www.github.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":5,"rsp_addr": []}}} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1727454108448181,"flow_dst_last_pkt_time":1727454108477621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1727454108477621,"pkt":"AOBnMU8qHFc+pX\/wCABFAABab50AAHsR\/0EICAgIwKj\/+wA13OYARheq3uyBgAABAAIAAAAAA3d3dwZnaXRodWIDY29tAAABAAHADAAFAAEAAA30AALAEMAQAAEAAQAAADwABIxSeQQ="} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1727454108448141,"flow_src_last_pkt_time":1727454108448181,"flow_dst_last_pkt_time":1727454108477621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":173,"midstream":0,"thread_ts_usec":1727454108477621,"l3_proto":"ip4","src_ip":"192.168.255.251","dst_ip":"8.8.8.8","src_port":56550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.github.com"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":237,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1727454108477621} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":237,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1727454108477621} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644930 bytes -~~ total memory freed........: 8644930 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409304 bytes +~~ total memory freed........: 9409304 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 555 chars ~~ json message max len.......: 1089 chars diff --git a/test/results/default/dns2tcp_tunnel.pcap.out b/test/results/default/dns2tcp_tunnel.pcap.out index be1b98f89..ff4b08e0c 100644 --- a/test/results/default/dns2tcp_tunnel.pcap.out +++ b/test/results/default/dns2tcp_tunnel.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1585754662417775} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1585754662417775} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662417775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1585754662417775,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662417775,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1585754662417775,"pkt":"AAQAAQAGAAwpA+mwAAAIAEUAADxHSUAAQAYb9sCoFNMBAQEBrXQBu3Drjx4AAAAAoAL68NerAAACBAW0BAIICnay3cMAAAAAAQMDBw=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1585754662432958,"pkt":"AAAAAQAGAMGxFOsxAAAIAEUAADQAAEAAOwZoRwEBAQHAqBTTAbutdOoUh0Fw648fgBL\/\/3bwAAACBAW0AQEEAgEDAwo="} @@ -10,7 +10,7 @@ 01452{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662450074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1585754662450074,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13i1910h2_9dc949149365_d811adc85aab","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02388{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754667234417,"flow_dst_last_pkt_time":1585754667234382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1588,"flow_src_tot_l4_payload_len":832,"flow_dst_tot_l4_payload_len":4006,"midstream":0,"thread_ts_usec":1585754667234417,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":310750.0,"max":3088155,"stddev":822603.9,"var":676677156864.0,"ent":2.2,"data": [15183,15220,354,15270,1846,16739,62,53,90384,91,71,105281,44,81,14863,21,60,6014,10,5995,405,8870,6443,1568614,19,1583566,686,15609,3073223,17,3088155]},"pktlen": {"min":40,"avg":193.5,"max":1628,"stddev":364.6,"var":132965.6,"ent":3.7,"data": [60,52,40,301,46,1500,40,1628,40,104,126,164,46,46,111,40,46,71,311,71,40,144,46,46,259,71,40,202,46,344,71,40]},"bins": {"c_to_s": [9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0],"entropies": [4.667386532,4.668681622,4.543943405,5.982677937,4.205535889,7.833335876,4.543943405,7.877990246,4.493943214,6.023458481,6.306409836,6.668928623,4.205535889,4.138445377,6.120807171,4.543943405,4.249013901,5.515665054,7.178042412,5.484094143,4.446440220,6.385652542,4.249013901,4.205535889,7.207519531,5.404759407,4.543943405,6.804022312,4.205535412,7.318181038,5.501630783,4.543943405]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754670430406,"flow_dst_last_pkt_time":1585754670531367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1588,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":4713,"midstream":0,"thread_ts_usec":1585754670531367,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1585754670531367} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1585754670531367} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8677706 bytes -~~ total memory freed........: 8677706 bytes -~~ total allocations/frees...: 140597/140597 +~~ total memory allocated....: 9442113 bytes +~~ total memory freed........: 9442113 bytes +~~ total allocations/frees...: 154564/154564 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2393 chars diff --git a/test/results/default/dns_ambiguous_names.pcap.out b/test/results/default/dns_ambiguous_names.pcap.out index cc8714794..2b4bce7fd 100644 --- a/test/results/default/dns_ambiguous_names.pcap.out +++ b/test/results/default/dns_ambiguous_names.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625744123717337} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625744123717337} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123717337,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1625744123717337,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123717337,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"41-courier.push.apple.com","domainame":"41-courier.push.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -60,7 +60,7 @@ 01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123973076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_.teams.microsoft.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123977935,"flow_src_last_pkt_time":1625744123977935,"flow_dst_last_pkt_time":1625744124006118,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wide-youtube.l.google.com"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124422852,"flow_src_last_pkt_time":1625744124422852,"flow_dst_last_pkt_time":1625744124461060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"instagram.faae1-1.fna.fbcdn.net"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1625744124461060} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1625744124461060} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667128 bytes -~~ total memory freed........: 8667128 bytes -~~ total allocations/frees...: 140644/140644 +~~ total memory allocated....: 9431790 bytes +~~ total memory freed........: 9431790 bytes +~~ total allocations/frees...: 154610/154610 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 1354 chars diff --git a/test/results/default/dns_doh.pcap.out b/test/results/default/dns_doh.pcap.out index d85ee6cea..bdb842994 100644 --- a/test/results/default/dns_doh.pcap.out +++ b/test/results/default/dns_doh.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1571089200789290} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1571089200789290} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200789290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1571089200789290,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200789290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1571089200789290,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200876406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1571089200876406,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"} @@ -10,7 +10,7 @@ 01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200968629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1571089200968629,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089201723583,"flow_dst_last_pkt_time":1571089201764372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":4202,"midstream":0,"thread_ts_usec":1571089201764372,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61592.7,"max":535341,"stddev":130172.4,"var":16944855040.0,"ent":3.0,"data": [87116,87208,1808,92218,5,2,90426,511,1485,930,26074,858,110,91,102733,7825,6,1,83431,1,0,17900,147557,535341,708,88830,66,525420,6,10702,6]},"pktlen": {"min":40,"avg":216.9,"max":1340,"stddev":327.3,"var":107137.2,"ent":3.9,"data": [64,52,40,557,40,1340,1340,40,40,489,40,104,210,283,119,40,577,390,71,40,40,40,71,40,102,133,102,143,40,40,244,71]},"bins": {"c_to_s": [9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1],"entropies": [4.441382408,4.801308632,4.503056526,5.369568825,4.730641365,7.827131748,7.862888336,4.630641460,4.453056335,7.522860050,4.630641460,5.744826317,6.939166546,7.200489998,6.276752949,4.730641365,7.589616776,7.428659439,5.699038506,4.730641365,4.730641365,4.680641174,5.688406467,4.780641556,6.111449242,6.391828060,6.039783001,6.407779217,4.780641556,4.730641365,7.064774990,5.558194637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":56,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089204031014,"flow_dst_last_pkt_time":1571089204030791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":3792,"flow_dst_tot_l4_payload_len":8866,"midstream":0,"thread_ts_usec":1571089204031014,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":142,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1571089204031014} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":142,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1571089204031014} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673647 bytes -~~ total memory freed........: 8673647 bytes -~~ total allocations/frees...: 140685/140685 +~~ total memory allocated....: 9438054 bytes +~~ total memory freed........: 9438054 bytes +~~ total allocations/frees...: 154652/154652 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2167 chars diff --git a/test/results/default/dns_dot.pcap.out b/test/results/default/dns_dot.pcap.out index 470722a24..7dd66ad8a 100644 --- a/test/results/default/dns_dot.pcap.out +++ b/test/results/default/dns_dot.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1572783663234722} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1572783663234722} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663234722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572783663234722,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663234722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572783663234722,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663269648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572783663269648,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="} @@ -9,7 +9,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663302644,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572783663302644,"pkt":"CAAnjau+uCfrK5DxCABFAAA0cqYAAHcG\/qwICAgIwKgBuQNV47LuO0vZVUT8voAQAPDiaAAAAQEICo47ADIqL5U2"} 01941{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663319899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":198,"flow_dst_tot_l4_payload_len":3069,"midstream":0,"thread_ts_usec":1572783663319899,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"2b341b88c742e940cfb485ce7d93dde7","ja4":"t12i250900_7415a186c913_cdf51c020b42","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53","blocks":0}}} 01341{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783666246370,"flow_dst_last_pkt_time":1572783666246346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3721,"midstream":0,"thread_ts_usec":1572783666246370,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1572783666246370} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1572783666246370} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653897 bytes -~~ total memory freed........: 8653897 bytes -~~ total allocations/frees...: 140576/140576 +~~ total memory allocated....: 9418271 bytes +~~ total memory freed........: 9418271 bytes +~~ total allocations/frees...: 154542/154542 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1946 chars diff --git a/test/results/default/dns_exfiltration.pcap.out b/test/results/default/dns_exfiltration.pcap.out index 2d37c4ca0..6d0de964b 100644 --- a/test/results/default/dns_exfiltration.pcap.out +++ b/test/results/default/dns_exfiltration.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1580978146717893} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1580978146717893} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1580978146717893,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_usec":1580978146717893,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="} 01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1580978146717893,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","domainame":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr": []}}} @@ -11,7 +11,7 @@ 02590{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978160880828,"flow_dst_last_pkt_time":1580978160882236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":1158,"flow_dst_tot_l4_payload_len":2183,"midstream":0,"thread_ts_usec":1580978160882236,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3976,"avg":913783.2,"max":1035526,"stddev":281798.4,"var":79410348032.0,"ent":4.8,"data": [170631,1035526,866477,1015270,1015599,4647,3976,1009971,1010376,1009201,1009121,1008475,1008435,1009499,1009380,1008042,1008120,1008655,1008570,1009773,1009797,1009990,1010112,1008960,1008939,1008465,1008353,1007666,1007763,1008795,1008694]},"pktlen": {"min":87,"avg":132.4,"max":372,"stddev":59.1,"var":3497.9,"ent":4.9,"data": [201,372,152,272,122,179,87,134,87,134,87,142,87,134,87,144,87,144,87,142,87,134,87,144,87,144,87,144,87,134,87,134]},"bins": {"c_to_s": [0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.667089462,4.689397812,4.760825157,4.825231075,4.676949501,4.874624252,4.717905998,4.933177948,4.565960884,4.809306622,4.614233017,4.906701565,4.640079498,4.841056824,4.601366520,4.896399975,4.614233017,4.837578773,4.621761799,4.830716610,4.594102859,4.805916786,4.652946472,4.869677067,4.607450485,4.854219437,4.621762276,4.930173397,4.677563667,4.830170631,4.546681404,4.850760937]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02"}} 01312{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":57,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978196387731,"flow_dst_last_pkt_time":1580978196389199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":4115,"flow_dst_tot_l4_payload_len":7851,"midstream":0,"thread_ts_usec":1580978196389199,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02"}} 01314{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978206706247,"flow_dst_last_pkt_time":1580978206707432,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":26119,"flow_dst_tot_l4_payload_len":34826,"midstream":0,"thread_ts_usec":1580978206707432,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":300,"packets-processed":300,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1580978206707432} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":300,"packets-processed":300,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1580978206707432} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 300/300 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653628 bytes -~~ total memory freed........: 8653628 bytes -~~ total allocations/frees...: 140834/140834 +~~ total memory allocated....: 9418002 bytes +~~ total memory freed........: 9418002 bytes +~~ total allocations/frees...: 154800/154800 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 598 chars ~~ json message max len.......: 2595 chars diff --git a/test/results/default/dns_fragmented.pcap.out b/test/results/default/dns_fragmented.pcap.out index b7cf3e0bc..20b7ecf2a 100644 --- a/test/results/default/dns_fragmented.pcap.out +++ b/test/results/default/dns_fragmented.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1558968008021140} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1558968008021140} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1558968008021140,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="} 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","domainame":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr": []}}} @@ -45,7 +45,7 @@ 01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968031134211,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","domainame":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 01657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_usec":1558968031134623,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 01120{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1558968031134623,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","domainame":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1559042371783274} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1559042371783274} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783274,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559042371783274,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_usec":1559042371783274,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"} 01131{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783274,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559042371783274,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2-mgmt.weberlab.de","domainame":"fg2-mgmt.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} @@ -73,7 +73,7 @@ 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021014081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de"}} 01271{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de"}} 01250{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1560869882430319} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1560869882430319} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"thread_ts_usec":1560869882430319,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"} 01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigok.verteiltesysteme.net","domainame":"sigok.verteiltesysteme.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -149,7 +149,7 @@ 01282{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222469,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916473264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de"}} 01037{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913756066,"flow_dst_last_pkt_time":1560869913756036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":66,"packets-processed":59,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1560869916477286} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":66,"packets-processed":59,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1560869916477286} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/59 ~~ skipped flows.............: 0 @@ -158,9 +158,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8694911 bytes -~~ total memory freed........: 8694911 bytes -~~ total allocations/frees...: 140801/140801 +~~ total memory allocated....: 9459925 bytes +~~ total memory freed........: 9459925 bytes +~~ total allocations/frees...: 154767/154767 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 325 chars ~~ json message max len.......: 2522 chars diff --git a/test/results/default/dns_invert_query.pcapng.out b/test/results/default/dns_invert_query.pcapng.out index 587a117b8..3066d253c 100644 --- a/test/results/default/dns_invert_query.pcapng.out +++ b/test/results/default/dns_invert_query.pcapng.out @@ -1,12 +1,12 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744019230637} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744019230637} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744019230637,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1618744019230637,"pkt":"AAAAAAAAAAEAVKCBCABFAABAAABAAEARzK6tk2yu9LtfAUf7ADUALMGVd\/wJAAAAAAEAAAAAAzIxNgI1OAMyMDIBNAAAAQABAAAAAAAA"} 01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744019230637,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"216.58.202.4","domainame":"216.58.202.4","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1618744019235548,"pkt":"AAAAAAAAAAEAVKCBCABFAAAoAABAADsR0cb0u18BrZNsrgA1R\/sAFEgWd\/yJhAAAAAAAAAAAAAA="} 01209{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1618744019235548,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"216.58.202.4","domainame":"216.58.202.4","dns": {"num_queries":0,"num_answers":0,"reply_code":4,"query_type":0,"rsp_type":0,"rsp_addr": []}}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1618744019235548,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1618744019235548} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1618744019235548} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644894 bytes -~~ total memory freed........: 8644894 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409268 bytes +~~ total memory freed........: 9409268 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1214 chars diff --git a/test/results/default/dns_long_domainname.pcap.out b/test/results/default/dns_long_domainname.pcap.out index add1e5bf4..7ffdbd60d 100644 --- a/test/results/default/dns_long_domainname.pcap.out +++ b/test/results/default/dns_long_domainname.pcap.out @@ -1,12 +1,12 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} 01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","domainame":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} 01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","domainame":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644896 bytes -~~ total memory freed........: 8644896 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409270 bytes +~~ total memory freed........: 9409270 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 601 chars ~~ json message max len.......: 1273 chars diff --git a/test/results/default/dns_lots_of_answers.pcapng.out b/test/results/default/dns_lots_of_answers.pcapng.out index 33c9a8f4a..92c6bb59a 100644 --- a/test/results/default/dns_lots_of_answers.pcapng.out +++ b/test/results/default/dns_lots_of_answers.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646233170491036} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646233170491036} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646233170491036,"flow_src_last_pkt_time":1646233170491036,"flow_dst_last_pkt_time":1646233170491036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646233170491036,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"192.168.12.1","src_port":4026,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646233170491036,"flow_dst_last_pkt_time":1646233170491036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646233170491036,"pkt":"CL6sCxdumt9Y+uvcCABFAAA847JAAEAGvQ7AqAypwKgMAQ+6ADWW2fpAAAAAAKAC\/\/8DVAAAAgQFtAQCCAr14hPDAAAAAAEDAwk="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1646233170491036,"flow_dst_last_pkt_time":1646233170491089,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646233170491089,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAEAGoMHAqAwBwKgMqQA1D7pdLRIBltn6QaAS\/ogCbQAAAgQFtAQCCApeszRt9eITwwEDAwc="} @@ -8,7 +8,7 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1646233171547995,"flow_dst_last_pkt_time":1646233171548040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646233171548040,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAEAGoMHAqAwBwKgMqQA1D7pdLRIBltn6QaAS\/oj+SwAAAgQFtAQCCApesziO9eITwwEDAwc="} 01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1646233170491036,"flow_src_last_pkt_time":1646233172264061,"flow_dst_last_pkt_time":1646233171548040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646233172264061,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"192.168.12.1","src_port":4026,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"bstream.hzmklvdieo.com","domainame":"bstream.hzmklvdieo.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1646233170491036,"flow_src_last_pkt_time":1646233172264061,"flow_dst_last_pkt_time":1646233172266135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":698,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":698,"midstream":0,"thread_ts_usec":1646233172266135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"192.168.12.1","src_port":4026,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"bstream.hzmklvdieo.com","domainame":"bstream.hzmklvdieo.com","dns": {"num_queries":1,"num_answers":41,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["169.197.119.239,ttl=19","169.136.112.244,ttl=19","164.90.112.24,ttl=19","164.90.106.4,ttl=19"]}}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949603329569} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949603329569} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949603329569,"flow_src_last_pkt_time":1656949603329569,"flow_dst_last_pkt_time":1656949603329569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949603329569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.12.1","src_port":54660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656949603329569,"flow_dst_last_pkt_time":1656949603329569,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1656949603329569,"pkt":"CL6sCxduJjb1W8R1CABFAABNGjBAAEARhoLAqAycwKgMAdWEADUAOZNBDFQBAAABAAAAAAAACGRpbmFtaWN4EmFsaWJhYmF1c2VyY29udGVudANjb20AAAEAAQ=="} 01127{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949603329569,"flow_src_last_pkt_time":1656949603329569,"flow_dst_last_pkt_time":1656949603329569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949603329569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.12.1","src_port":54660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dinamicx.alibabausercontent.com","domainame":"dinamicx.alibabausercontent.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -16,7 +16,7 @@ 01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1656949603329569,"flow_src_last_pkt_time":1656949603329569,"flow_dst_last_pkt_time":1656949603654070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":363,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":363,"midstream":0,"thread_ts_usec":1656949603654070,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.12.1","src_port":54660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dinamicx.alibabausercontent.com","domainame":"dinamicx.alibabausercontent.com","dns": {"num_queries":1,"num_answers":17,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["163.181.50.229,ttl=60","47.246.46.226,ttl=60","163.181.50.230,ttl=60","47.246.46.227,ttl=60"]}}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1656949603329569,"flow_src_last_pkt_time":1656949603329569,"flow_dst_last_pkt_time":1656949603654070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":363,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":363,"midstream":0,"thread_ts_usec":1656949603654070,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.12.1","src_port":54660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dinamicx.alibabausercontent.com"}} 01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1646233170491036,"flow_src_last_pkt_time":1646233173661458,"flow_dst_last_pkt_time":1646233173181666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":698,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":698,"midstream":0,"thread_ts_usec":1656949603654070,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"192.168.12.1","src_port":4026,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"bstream.hzmklvdieo.com"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1656949603654070} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dns_lots_of_answers.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1656949603654070} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647710 bytes -~~ total memory freed........: 8647710 bytes -~~ total allocations/frees...: 140559/140559 +~~ total memory allocated....: 9412116 bytes +~~ total memory freed........: 9412116 bytes +~~ total allocations/frees...: 154525/154525 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 1238 chars diff --git a/test/results/default/dns_multiple_transactions_same_flow.pcap.out b/test/results/default/dns_multiple_transactions_same_flow.pcap.out index d82b915dc..99676fa9f 100644 --- a/test/results/default/dns_multiple_transactions_same_flow.pcap.out +++ b/test/results/default/dns_multiple_transactions_same_flow.pcap.out @@ -1,4 +1,4 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":30880377,"flow_src_last_pkt_time":30880377,"flow_dst_last_pkt_time":30880377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":30880377,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":30880377,"flow_dst_last_pkt_time":30880377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":30880377,"pkt":"3KYyW3JVCAAnOk7TCABFAAA8mOMAAIARHLTAqAHMwKgB\/cQ6ADUAKBEYFlUBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":30880377,"flow_src_last_pkt_time":30880377,"flow_dst_last_pkt_time":30880377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":30880377,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","domainame":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -13,7 +13,7 @@ 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":34,"flow_first_seen":30880377,"flow_src_last_pkt_time":207846046,"flow_dst_last_pkt_time":207859331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":312,"flow_src_tot_l4_payload_len":1263,"flow_dst_tot_l4_payload_len":5201,"midstream":0,"thread_ts_usec":207859331,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":37,"flow_first_seen":30880377,"flow_src_last_pkt_time":326485080,"flow_dst_last_pkt_time":326489906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":5567,"midstream":0,"thread_ts_usec":326489906,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":40,"flow_first_seen":30880377,"flow_src_last_pkt_time":434536207,"flow_dst_last_pkt_time":434545692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":6137,"midstream":0,"thread_ts_usec":434545692,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":80,"packets-processed":80,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":4,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":434545692} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":80,"packets-processed":80,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":4,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":434545692} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 80/80 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647134 bytes -~~ total memory freed........: 8647134 bytes -~~ total allocations/frees...: 140612/140612 +~~ total memory allocated....: 9411508 bytes +~~ total memory freed........: 9411508 bytes +~~ total allocations/frees...: 154578/154578 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2243 chars diff --git a/test/results/default/dns_response_only.pcap.out b/test/results/default/dns_response_only.pcap.out index 372fca218..03eb58273 100644 --- a/test/results/default/dns_response_only.pcap.out +++ b/test/results/default/dns_response_only.pcap.out @@ -1,10 +1,10 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727454108477621} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727454108477621} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727454108477621,"flow_src_last_pkt_time":1727454108477621,"flow_dst_last_pkt_time":1727454108477621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727454108477621,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.255.251","src_port":53,"dst_port":56550,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1727454108477621,"flow_dst_last_pkt_time":1727454108477621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1727454108477621,"pkt":"AOBnMU8qHFc+pX\/wCABFAABab50AAHsR\/0EICAgIwKj\/+wA13OYARheq3uyBgAABAAIAAAAAA3d3dwZnaXRodWIDY29tAAABAAHADAAFAAEAAA30AALAEMAQAAEAAQAAADwABIxSeQQ="} 01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727454108477621,"flow_src_last_pkt_time":1727454108477621,"flow_dst_last_pkt_time":1727454108477621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727454108477621,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.255.251","src_port":53,"dst_port":56550,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.github.com","domainame":"www.github.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["140.82.121.4,ttl=60"]}}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727454108477621,"flow_src_last_pkt_time":1727454108477621,"flow_dst_last_pkt_time":1727454108477621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727454108477621,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.255.251","src_port":53,"dst_port":56550,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.github.com"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1727454108477621} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_response_only.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1727454108477621} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644871 bytes -~~ total memory freed........: 8644871 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409245 bytes +~~ total memory freed........: 9409245 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 599 chars ~~ json message max len.......: 1111 chars diff --git a/test/results/default/dns_retransmissions.pcap.out b/test/results/default/dns_retransmissions.pcap.out index 7714fc993..e6f9f90e1 100644 --- a/test/results/default/dns_retransmissions.pcap.out +++ b/test/results/default/dns_retransmissions.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938020640966} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938020640966} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938020640966,"flow_src_last_pkt_time":1614938020640966,"flow_dst_last_pkt_time":1614938020640966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938020640966,"vlan_id":103,"l3_proto":"ip4","src_ip":"37.41.101.140","dst_ip":"208.67.222.222","src_port":11892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","vlan_id":103,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938020640966,"flow_dst_last_pkt_time":1614938020640966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_usec":1614938020640966,"pkt":"AAAAAAAAAAEAAAADgQAAZwgARQAAOc5tQAA\/ETNvJSlljNBD3t4udAA1ACV9ybjiAQAAAQAAAAAAAANhcGkDbXNuA2NvbQAAAQAB"} 01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938020640966,"flow_src_last_pkt_time":1614938020640966,"flow_dst_last_pkt_time":1614938020640966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938020640966,"vlan_id":103,"l3_proto":"ip4","src_ip":"37.41.101.140","dst_ip":"208.67.222.222","src_port":11892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.msn.com","domainame":"api.msn.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -8,7 +8,7 @@ 01136{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1614938020640966,"flow_src_last_pkt_time":1614938020734734,"flow_dst_last_pkt_time":1614938020749410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1614938020749410,"vlan_id":103,"l3_proto":"ip4","src_ip":"37.41.101.140","dst_ip":"208.67.222.222","src_port":11892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.msn.com","domainame":"api.msn.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["204.79.197.203,ttl=80"]}}} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","vlan_id":103,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614938020734734,"flow_dst_last_pkt_time":1614938020843060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":150,"pkt_l4_len":112,"thread_ts_usec":1614938020843060,"pkt":"AAAAAAAAAAEAAAADgQAAZwgARQAAhJLfQAA2EXey0EPe3iUpZYwANS50AHAtJbjigYAAAQADAAAAAANhcGkDbXNuA2NvbQAAAQABwAwABQABAAAXOwAhC2FwaS1tc24tY29tBmEtMDAwMwhhLW1zZWRnZQNuZXQAwCkABQABAAAAUAACwDXANQABAAEAAABQAATMT8XL"} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938020640966,"flow_src_last_pkt_time":1614938020734734,"flow_dst_last_pkt_time":1614938020843060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1614938020843060,"vlan_id":103,"l3_proto":"ip4","src_ip":"37.41.101.140","dst_ip":"208.67.222.222","src_port":11892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.msn.com"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1614938020843060} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1614938020843060} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644930 bytes -~~ total memory freed........: 8644930 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409304 bytes +~~ total memory freed........: 9409304 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 1141 chars diff --git a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out index 34d7b3192..13b517438 100644 --- a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,5 +1,5 @@ -00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946735705348929} +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946735705348929} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348929,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946735705348929,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348929,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":946735705349019,"flow_dst_last_pkt_time":946735705459813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705459813,"pkt":"ZmZmZmZmRERERERECABFAADUC58AADQRQFiVOOQtCgAAAQG7iZwAwDxIf0KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946735705348987,"flow_dst_last_pkt_time":946735705460564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705460564,"pkt":"ZmZmZmZmRERERERECABFAADUC50AADQRQFqVOOQtCgAAAQG7iqcAwDs5f0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":946735705349002,"flow_dst_last_pkt_time":946735705461257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705461257,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":946739299327173} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":946739299327173} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327173,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739299327173,"pkt":"REREREREZmZmZmZmCABFAAIcFypAAL0R8NAKAAABPtK0R8c8BB0CCLXvBycBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327173,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -367,22 +367,22 @@ 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":946739311153527,"flow_dst_last_pkt_time":946739311314055,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739311314055,"pkt":"ZmZmZmZmRERERERECABFAADShQMAADIRAC7NuXR0CgAAAQIplYYAvqc0nSaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802321,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739311802321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802321,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739311802321,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739311802321,"pkt":"REREREREZmZmZmZmCABFAAIcgu5AAL0RWGMKAAABNEHrgdoaAbsCCOKYCnMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802321,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739311802321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802321,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802321,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739311802321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802321,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802386,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739311802386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802386,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739311802386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739311802386,"pkt":"REREREREZmZmZmZmCABFAAXcgu8gAL0RdKIKAAABNEHrgbTpAbsGBA+NCnABAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00957{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802386,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739311802386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802386,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802386,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739311802386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802386,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739311802400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802400,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739311802400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739311802400,"pkt":"REREREREZmZmZmZmCABFAAIcgvBAAL0RWGEKAAABNEHrgc6vAbsCCOKYCnEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739311802400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802400,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739311802400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802400,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739311802444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802444,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739311802444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739311802444,"pkt":"REREREREZmZmZmZmCABFAAXcgvEgAL0RdKAKAAABNEHrgbpFAbsGBAozCm4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00957{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739311802444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802444,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739311802444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802444,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739311802455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802455,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739311802455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739311802455,"pkt":"REREREREZmZmZmZmCABFAAIcgvJAAL0RWF8KAAABNEHrgdqrAbsCCOKYCm8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739311802455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802455,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739311802455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802455,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739311802507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802507,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739311802507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739311802507,"pkt":"REREREREZmZmZmZmCABFAAXcgvMgAL0RdJ4KAAABNEHrgdhxAbsGBOwCCnIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00957{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739311802507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802507,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739311802507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802507,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739312102709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312102709,"pkt":"ZmZmZmZmRERERERECABFAADUhiJAACkR6nc0QeuBCgAAAQG72hoAwNtICnOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739312103356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312103356,"pkt":"ZmZmZmZmRERERERECABFAADUhiRAACkR6nU0QeuBCgAAAQG7zq8AwOa1CnGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739312103386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312103386,"pkt":"ZmZmZmZmRERERERECABFAADUhiNAACgR63Y0QeuBCgAAAQG7tOkAwAB9CnCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="} @@ -883,7 +883,7 @@ 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304599857,"flow_src_last_pkt_time":946739304599857,"flow_dst_last_pkt_time":946739304627573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317432603,"flow_src_last_pkt_time":946739317432603,"flow_dst_last_pkt_time":946739317461291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739306241796,"flow_src_last_pkt_time":946739306241796,"flow_dst_last_pkt_time":946739306435760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739312103356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739312103356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305192710,"flow_src_last_pkt_time":946739305192710,"flow_dst_last_pkt_time":946739305220178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318061289,"flow_src_last_pkt_time":946739318061289,"flow_dst_last_pkt_time":946739318175518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312105859,"flow_src_last_pkt_time":946739312105859,"flow_dst_last_pkt_time":946739312132855,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":189,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -893,9 +893,9 @@ 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311153654,"flow_src_last_pkt_time":946739311153654,"flow_dst_last_pkt_time":946739311312303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496759,"flow_src_last_pkt_time":946739317496759,"flow_dst_last_pkt_time":946739317819516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496872,"flow_src_last_pkt_time":946739317496872,"flow_dst_last_pkt_time":946739317822049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739312105464,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802321,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739312102709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739312105709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739312105464,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802321,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739312102709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739312105709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318038155,"flow_src_last_pkt_time":946739318038155,"flow_dst_last_pkt_time":946739318061202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304363284,"flow_src_last_pkt_time":946739304363284,"flow_dst_last_pkt_time":946739304396142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304363242,"flow_src_last_pkt_time":946739304363242,"flow_dst_last_pkt_time":946739304394317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -992,7 +992,7 @@ 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496723,"flow_src_last_pkt_time":946739317496723,"flow_dst_last_pkt_time":946739317825451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432697,"flow_src_last_pkt_time":946739317432697,"flow_dst_last_pkt_time":946739317432697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317462376,"flow_src_last_pkt_time":946739317462376,"flow_dst_last_pkt_time":946739317496321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802386,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739312103386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802386,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739312103386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496865,"flow_src_last_pkt_time":946739317496865,"flow_dst_last_pkt_time":946739317810353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304328460,"flow_src_last_pkt_time":946739304328460,"flow_dst_last_pkt_time":946739304362961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317432695,"flow_src_last_pkt_time":946739317432695,"flow_dst_last_pkt_time":946739317463523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1002,7 +1002,7 @@ 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304628366,"flow_src_last_pkt_time":946739304628366,"flow_dst_last_pkt_time":946739304788094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317403392,"flow_src_last_pkt_time":946739317403392,"flow_dst_last_pkt_time":946739317429999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304599728,"flow_src_last_pkt_time":946739304599728,"flow_dst_last_pkt_time":946739304626301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739312105245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739312105245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312106245,"flow_src_last_pkt_time":946739312106245,"flow_dst_last_pkt_time":946739312136620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":189,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304328639,"flow_src_last_pkt_time":946739304328639,"flow_dst_last_pkt_time":946739304369837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402392,"flow_src_last_pkt_time":946739312402392,"flow_dst_last_pkt_time":946739312402392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1295,7 +1295,7 @@ 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304599857,"flow_src_last_pkt_time":946739304599857,"flow_dst_last_pkt_time":946739304627573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317432603,"flow_src_last_pkt_time":946739317432603,"flow_dst_last_pkt_time":946739317461291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739306241796,"flow_src_last_pkt_time":946739306241796,"flow_dst_last_pkt_time":946739306435760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739312103356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739312103356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305192710,"flow_src_last_pkt_time":946739305192710,"flow_dst_last_pkt_time":946739305220178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318061289,"flow_src_last_pkt_time":946739318061289,"flow_dst_last_pkt_time":946739318175518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312105859,"flow_src_last_pkt_time":946739312105859,"flow_dst_last_pkt_time":946739312132855,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":189,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1310,11 +1310,11 @@ 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396047817,"flow_src_last_pkt_time":946739396047817,"flow_dst_last_pkt_time":946739396073027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396047770,"flow_src_last_pkt_time":946739396047770,"flow_dst_last_pkt_time":946739396071393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400460524,"flow_src_last_pkt_time":946739400460524,"flow_dst_last_pkt_time":946739400520977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739312105464,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802321,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739312102709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739312105464,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802321,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739312102709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299355250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318038155,"flow_src_last_pkt_time":946739318038155,"flow_dst_last_pkt_time":946739318061202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739312105709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739312105709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304363284,"flow_src_last_pkt_time":946739304363284,"flow_dst_last_pkt_time":946739304396142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304363242,"flow_src_last_pkt_time":946739304363242,"flow_dst_last_pkt_time":946739304394317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380805613,"flow_src_last_pkt_time":946739380805613,"flow_dst_last_pkt_time":946739380838291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1473,7 +1473,7 @@ 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496723,"flow_src_last_pkt_time":946739317496723,"flow_dst_last_pkt_time":946739317825451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432697,"flow_src_last_pkt_time":946739317432697,"flow_dst_last_pkt_time":946739317432697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317462376,"flow_src_last_pkt_time":946739317462376,"flow_dst_last_pkt_time":946739317496321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802386,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739312103386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802386,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739312103386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400522566,"flow_src_last_pkt_time":946739400522566,"flow_dst_last_pkt_time":946739400550382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400460550,"flow_src_last_pkt_time":946739400460550,"flow_dst_last_pkt_time":946739400522927,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496865,"flow_src_last_pkt_time":946739317496865,"flow_dst_last_pkt_time":946739317810353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1487,7 +1487,7 @@ 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317403392,"flow_src_last_pkt_time":946739317403392,"flow_dst_last_pkt_time":946739317429999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304599728,"flow_src_last_pkt_time":946739304599728,"flow_dst_last_pkt_time":946739304626301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380804529,"flow_src_last_pkt_time":946739380804529,"flow_dst_last_pkt_time":946739380834784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739312105245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739312105245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396047802,"flow_src_last_pkt_time":946739396047802,"flow_dst_last_pkt_time":946739396069636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312106245,"flow_src_last_pkt_time":946739312106245,"flow_dst_last_pkt_time":946739312136620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":189,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400460551,"flow_src_last_pkt_time":946739400460551,"flow_dst_last_pkt_time":946739400522189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1536,7 +1536,7 @@ 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739660371388,"flow_src_last_pkt_time":946739660371388,"flow_dst_last_pkt_time":946739660417793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739620053560,"flow_src_last_pkt_time":946739620053560,"flow_dst_last_pkt_time":946739620112675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739614386871,"flow_src_last_pkt_time":946739614386871,"flow_dst_last_pkt_time":946739614411248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":608,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1539,"global_ts_usec":946739861499384} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":608,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1539,"global_ts_usec":946739861499384} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 608/488 ~~ skipped flows.............: 0 @@ -1545,9 +1545,9 @@ ~~ total active/idle flows...: 245/245 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9253488 bytes -~~ total memory freed........: 9253488 bytes -~~ total allocations/frees...: 143705/143705 +~~ total memory allocated....: 10025670 bytes +~~ total memory freed........: 10025670 bytes +~~ total allocations/frees...: 157671/157671 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 338 chars ~~ json message max len.......: 2508 chars diff --git a/test/results/default/dnscrypt-v2-doh.pcap.out b/test/results/default/dnscrypt-v2-doh.pcap.out index 8eb7082d2..19ab202e8 100644 --- a/test/results/default/dnscrypt-v2-doh.pcap.out +++ b/test/results/default/dnscrypt-v2-doh.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946739298533748} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946739298533748} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739298533748,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="} 01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} @@ -306,7 +306,7 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":12,"flow_first_seen":946739312203391,"flow_src_last_pkt_time":946739327879222,"flow_dst_last_pkt_time":946739327905353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":988,"flow_dst_tot_l4_payload_len":4128,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739374011190,"flow_src_last_pkt_time":946739404206695,"flow_dst_last_pkt_time":946739374206227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3125,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":4506,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739304846437,"flow_src_last_pkt_time":946739327879513,"flow_dst_last_pkt_time":946739304972225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":3131,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":5025,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":577,"packets-processed":577,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":309,"global_ts_usec":946739888204388} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":577,"packets-processed":577,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":309,"global_ts_usec":946739888204388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 577/577 ~~ skipped flows.............: 0 @@ -315,9 +315,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9733494 bytes -~~ total memory freed........: 9733494 bytes -~~ total allocations/frees...: 141815/141815 +~~ total memory allocated....: 10498924 bytes +~~ total memory freed........: 10498924 bytes +~~ total allocations/frees...: 155781/155781 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 4788 chars diff --git a/test/results/default/dnscrypt-v2.pcap.out b/test/results/default/dnscrypt-v2.pcap.out index 0a9eecf2c..c306486e8 100644 --- a/test/results/default/dnscrypt-v2.pcap.out +++ b/test/results/default/dnscrypt-v2.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946760521313462} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946760521313462} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946760521313462,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521313462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946760521313462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521313462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_usec":946760521313462,"pkt":"AABeAAEK6qmpVXFVCABFAARcbhBAALERNCZ\/AAABfwAAApb6FOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQpQUH1mr6e8OCu\/fibn8cYTAvsRcNZA8\/lTdO1zXx64xZvGw9jDVohyuD42K8UoR60NkNdqxmDm0qVliFWXizmljTn2lD7CTHoYDdzqjjkHmHHUYe7NejwHo7UzJLYj4uUoMZ5OBbpbxqfekl3zx\/Y\/4Zdyfk6\/03lvMbG9F2W\/akMw4XwHvq2g20\/z7ROpAn9pbnoIPgkT0bVLMUloa6KCu+fPabNALYQCzXjw1dWf3V3HgmcswkwsHKRU4IqCA\/69xcDmnZfgajXBSpNTdHGZU3HrpU7Y+zKoXZQEmeLc30bXeW5a9kf14ALJr7nP37xAYcN4G1BzEhKbbjiDg1A8CDSXiipFooV7yrAiiDZFfq27wAKZRhDngTzeslBwu2i9MUBFZfRNYKakWYXb0zhir5\/O29uGdH+oix0VAlOhQ1zI2Iy777Cmv9swWs1wCBkrJE\/94M4tHF8XTS+kICmBd4\/\/oCbnlEOyxgE0tpl\/nt7We2odNwl1bEewLva0FOnwrRvhVpfaOoXJc9u0J1yVggsuxaSQHVALa0pkLJp+\/KL1C5ympFZjeFktaMfNQOPv5Z3ESCDKvkHzBBiVXNmZyBQJjVm8OJ2VxCOFxQRcEAfIQp56nl1CI6spURDZCsZVp2WuwyXhdsymxVlmsZMvMariZ7h1rbuSEhdHqejvERJd+oAjcCDcUCZYn75DUrNO01fMsDJFP9eRjUktxwy4\/sGlfHHZsXsBQsVS+zNosEiqeQlMFWbk\/CQC\/Iy+m8JNr48sNXZTfXlgESJMZXIJGI3ZhFWluGHRiSLjWQPEgvt0+8gtmgy\/Sb56ZYrX4M7I0sBjqZhkP6vZD63SReYDlzFMUXd7hqpdFD+DjTIU374ZDUKtowMci+TNbopqyz97shtgi2xwOH9hFddB1RkG4yQjJkESvH+dEwGDhiyuqu1jbA0SFR8P5u+YYRQ+42CE\/iBU+jTsoOwxLsuWVcddU3vstbXn6rqxHgTXYGQFfuQtZFvSdKWnmTw8z9w8zndi+uHY\/vuoYXfx78owiiwhQhGyfvFoeyz6rWetZHRBw8zdBPggojOpslDYBovfLfe36dR5k4GtMpkpWYRt2em7VCMyF\/XbQIJEmhp+Ako20cMzqWuCfInK3G1X2JqV5rUe\/hqwd4JCyxrYqNuTc0r7m\/tXkqg9Pt8Nefpg\/ArWfvW+92iTAzlNVO3aq1ykTtQZiIeO81hVzagjUmsfI9nbIftuGPqsEIReSMuv5dWv6UgqYAe4C\/Xx87KHRwvxYrw2wdoQQVmttjR1\/zLAosSHz6yXxjq3yFjyK9Klg3OqBxrG0xMTunO9JWWEVDj8mxnhWJ808mUKd\/9SGzIWV6hSgWaIDqMtm18GCQPG3sT0f23Y6zC5qmo="} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521327075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":946760521327075,"pkt":"6qmpVXFVLGv1oHfACABFAAEMLuFAADYR8aV\/AAACfwAAARTplvoA+BE2cjZmbnZXajgKUFB9Zq+nvDgrv35wwPFkkokFr1FaigO8H+CEw9XZ9v94iKYdvhofH7\/r0T3rultZ9ZuMYw63KPKpYNyj1i2Vz2KxAnu1y9OcbN8hOMoWFrn1y\/BrWeycOMWNW\/UytoGW9Utt69PEyNka4RcvHRab4iJ\/YjjMR75dgU4mnlrydsdtgAPjXq8XLISW7\/42LpWK7O03ro1N2Q0h\/PZQAkZ8Yr116m7rrS+wia4dqoRvx+npPzTL2uTXQZk6coE4bD7nXs83zCQTiFsawPIKEo\/Czq95ZoX+83ElbKp2Lf2x5F0tvUmYWWas"} @@ -15,7 +15,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760521313462,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521327075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605202862,"flow_src_last_pkt_time":946760605202862,"flow_dst_last_pkt_time":946760605216429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605285191,"flow_src_last_pkt_time":946760605285191,"flow_dst_last_pkt_time":946760605298451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946760605298451} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946760605298451} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649918 bytes -~~ total memory freed........: 8649918 bytes -~~ total allocations/frees...: 140561/140561 +~~ total memory allocated....: 9414356 bytes +~~ total memory freed........: 9414356 bytes +~~ total allocations/frees...: 154527/154527 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 593 chars ~~ json message max len.......: 1999 chars diff --git a/test/results/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/default/dnscrypt_skype_false_positive.pcapng.out index 758b64c5d..121645451 100644 --- a/test/results/default/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/default/dnscrypt_skype_false_positive.pcapng.out @@ -1,16 +1,16 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625015363846677} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625015363846677} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363846677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625015363846677,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363846677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625015363846677,"pkt":"eJS0JASgYDjgxTWgCABFcAIcMeUAAKoRYLfAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD3lhBxF+xRcXm4OudBLKFF3lXNzJRT1n1mCwEwKyGhzNUC6UkZad2AWsmuU16fgPBH\/sceAjxvXbeJaMQ9EbSG+EryR20f36x0OJcNkQYlfmM\/kN4T86L0ASqKQ0TZzuEESSiQX32uxygOna3C7y8YkubD4iZwEIg4QPEIQOdpWbEXtV\/o83jys6juVpKCDsvd9F8BJn0A7cjfMFRaUEMtODCG9KXBGEFHSZ18dK+ql0\/Pni3Dqd6Y7WU9Mlsj6IJPn77nWwLoqZYdJM9PltVUKA0BCDDZWLsJkP+knwwM996eWvPVPxNZ1KKAU+KOVJ04oTxBObGh5XZz6JStYBY6Gu1I+A7lBm6RD\/WCsjY01E5zHZUyzq\/sRzA5mq5v96ugcirzkq3k0\/Yi8TtQ9Ei2s6Y2t9FI5mQA6UNGXKigRJGNMlurE7oVNz9ZGKjrmgUROTHW19Dk8giJLA8E8v8V\/Kx+sNH6hBiMP0Nh9x\/ejK++VYPU3QRVutcD8PafmUWXqxmeXX5tAdjXoA\/bR66F4Yy0keXtHiEolfEIPbbw5Dss1Er21DaArDQUxYztwJdUkbudQ3HagiiDaY7lCwmWsiFTSiz+tzK3sS0+qynhYwsO0Zb6cGdfI="} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1625015363881095,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"} 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1625015363881095,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625020200938475} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625020200938475} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625020200938475,"pkt":"eJS0JASgYDjgxTWgCABFcAIcvZMAAIwR8wjAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD0vHrlH\/yRcXvmd7t8+K4M4sVr0Poj8Wk\/utpL\/xCX\/xF62azc12+nNI8QCtVvppS8TlqEq0v0z1ZL6VhUUGpPUFklJ6FIusCvwq2w1dSM6BMePG+Qo4lcOLbOLpFDdDpN7sGyBBByiu62SvizwpJiQ6P3\/ZSXKjnk+4TGpUh1Mb5c9mzEfAV3qGGdzKjeCok93Nwnvp36CiiO\/GOkE9r\/ZYsdRaCmC23bIy9acHKaDgHPfJpiFe0JUanQLCN9xYimCEsH8Zta9Ub1Y03R23fJnK8tpwkYIEBK7LZJ1F9iJoeKxBWFnz1ecGcBI1RX2es6McfzJoxkjQOuHEH6AiYPJoSwpKAve4ipq0HR\/HOtcm2eSvFhLdYG1E+T0mXDh9vYgTW5nrseVIT7nqhIq7lD3WYEFzszkgcd3k9UDRv+myTHfgeMeOMZENFmbm5E8g9X\/DmfsUhaGuiUNClJJMVj7goJjiEWrKvyoRVfrCC4PbNLMbvqDrlvRzXORnY\/CFgO7+WLg3KO2ey7CthW2BKxwYRE712SYEdOkDCt96TjkrXI1srSS+8m95DCo5Kt+A80OCrLXxvwtGpEmk4P+Hhi7NqGvVAPLHH8VQvEse4iqUK05\/zGpQspc="} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1625020200970253,"pkt":"YDjgxTWgeJS0JASgCABFAACMI\/pAADQRpqLUL+SIwKgCZAG7twoAeAlVcjZmbnZXajhLx65R\/8kXF75ne7erN1aKqAFT9tSdFNk+\/FY4BWykKt5VBHfuRsQIXEdAWbATnDkescRMFqApy\/x1xRRyQOqpZlSFj2MoC\/ojSMDHYB0u+03LWvVBM3MXLjO1DiMtdOl\/yGx2VrztXQ=="} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":352,"midstream":0,"thread_ts_usec":1625020200970253,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1625020500944370,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625020500944370,"pkt":"eJS0JASgYDjgxTWgCABFcAIc0FIAALcRtUnAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD1a7lthGyhcXsTywP0kSgKzMOKxLpaXyj+9OZAFS8DY5Bm4L6EvzNq4lEGOPhLCjDamIIC0\/kBi+logo8aCs8Ykn1kcDSMHr5ohPkH5ojDFTDgfmwbydb9VkrPfnTo30VRoMTeB8FjhWHQEihOvRCilI3eOZjQ28Yfe1\/VN8xjLtW7ba4LSN2xCht1I09+EoUxpQ96D64sakFbj1gbWIfFC6mjxNpJkUYgFtEUrHrbQo6Yb4wDxxrHKxSGf5tYgGK8+4GML8fzlbAPa7o6RV3JY5yXNFJ3MnYVZDLyK7vZpuX+W0QdpvlOoXdQgu5V\/1vYCuIbYyjD1E\/aqH6T1VVYtREkaXUDd2\/HQM\/9A9d0RFNq36PferQRHvpzqWhRknav7p0NkGaOvxNr4arkI\/fXVJ5MfbPAbPxakCs4BQU\/13cQP6ZDmndNX77Vh4tfvSXHISUMO3wWRgJZ5OO3uCUlzoA70aywvlK9wHzLDRpXNBGmyqLOHKhuYIVjBo28jLGSH+k4Q\/m9sLX96Cn4Sy2hg4OVoKY8hV\/wDfOcc9a0g43ssuZX7WTWVwK498ezLekMjk8VjiXXgnBFdZzcotEoa4LInFCCX+jv6P33my\/Qi3ujnaRbTYXaA="} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625020500944370,"flow_dst_last_pkt_time":1625020500975955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1536,"flow_dst_tot_l4_payload_len":592,"midstream":0,"thread_ts_usec":1625020500975955,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1625020500975955} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1625020500975955} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645026 bytes -~~ total memory freed........: 8645026 bytes -~~ total allocations/frees...: 140539/140539 +~~ total memory allocated....: 9409400 bytes +~~ total memory freed........: 9409400 bytes +~~ total allocations/frees...: 154505/154505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 613 chars ~~ json message max len.......: 1235 chars diff --git a/test/results/default/dofus.pcap.out b/test/results/default/dofus.pcap.out index 59d919c77..732151918 100644 --- a/test/results/default/dofus.pcap.out +++ b/test/results/default/dofus.pcap.out @@ -1,12 +1,12 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":42932282,"flow_src_last_pkt_time":42932282,"flow_dst_last_pkt_time":42932282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42932282,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"18.65.82.75","src_port":49684,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":42932282,"flow_dst_last_pkt_time":42932282,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":42932282,"pkt":"ILAB4IZiCAAnOk7TCABFAAA03L9AAIAG9wPAqAHMEkFSS8IUAbsqwBbjAAAAAIAC\/\/9CnQAAAgQFtAEDAwgBAQQC"} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":42932282,"flow_dst_last_pkt_time":42943243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":42943243,"pkt":"CAAnOk7TILAB4IZiCABFAAA0AABAAPgGW8MSQVJLwKgBzAG7whS7eA\/qKsAW5IAS\/\/93PAAAAgQFoAEBBAIBAwMJ"} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":42943460,"flow_dst_last_pkt_time":42943243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":42943460,"pkt":"ILAB4IZiCAAnOk7TCABFAAAo3MBAAIAG9w7AqAHMEkFSS8IUAbsqwBbku3gP61AQAP+2\/QAA"} 01193{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":42945537,"flow_dst_last_pkt_time":42943243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":42945537,"pkt":"ILAB4IZiCAAnOk7TCABFAAIt3MFAAIAG9QjAqAHMEkFSS8IUAbsqwBbku3gP61AYAP+8iQAAFgMBAgABAAH8AwOY1uaiK66oOIzbjOm2vfjWzWwl3lXAvxoRjaMhwYybDiBvGEpOhurEfsrkb4a6c8ZuflWT4MUgRSKhMsUJDcn8VQAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAAABwAGgAAF2xhdW5jaGVyLmNkbi5hbmthbWEuY29tABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACB6l2EiNhIAOoL9F0Bpgz2hbtxgOSOsgICY8wmmPywECAAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJqagABAAAVALwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":42932282,"flow_src_last_pkt_time":42945537,"flow_dst_last_pkt_time":42943243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42945537,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"18.65.82.75","src_port":49684,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"launcher.cdn.ankama.com","domainame":"launcher.cdn.ankama.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":42932282,"flow_src_last_pkt_time":42945537,"flow_dst_last_pkt_time":42943243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42945537,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"18.65.82.75","src_port":49684,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"launcher.cdn.ankama.com","domainame":"launcher.cdn.ankama.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":42945537,"flow_dst_last_pkt_time":42956272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":42956272,"pkt":"CAAnOk7TILAB4IZiCABFAAAobAEAAPgGL84SQVJLwKgBzAG7whS7eA\/rKsAY6VAQAIO1dAAAAAAAAAAA"} -01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":42932282,"flow_src_last_pkt_time":42945537,"flow_dst_last_pkt_time":42956375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":42956375,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"18.65.82.75","src_port":49684,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"launcher.cdn.ankama.com","domainame":"launcher.cdn.ankama.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":42932282,"flow_src_last_pkt_time":42945537,"flow_dst_last_pkt_time":42956375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":42956375,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"18.65.82.75","src_port":49684,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"launcher.cdn.ankama.com","domainame":"launcher.cdn.ankama.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00740{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":57179983,"flow_src_last_pkt_time":57179983,"flow_dst_last_pkt_time":57179983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":57179983,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"75.2.115.63","src_port":49715,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":57179983,"flow_dst_last_pkt_time":57179983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":57179983,"pkt":"ILAB4IZiCAAnOk7TCABFAAA0j7JAAIAG6lvAqAHMSwJzP8IzFbPtO0zFAAAAAIAC\/\/\/ccgAAAgQFtAEDAwgBAQQC"} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":57179983,"flow_dst_last_pkt_time":57182582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":57182582,"pkt":"CAAnOk7TILAB4IZiCABFAAA0AABAAPcGAw5LAnM\/wKgBzBWzwjN0PJLj7TtMxoAS\/\/\/VQQAAAgQFtAEBBAIBAwMI"} @@ -19,33 +19,33 @@ 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":61536799,"flow_dst_last_pkt_time":61574222,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":61574222,"pkt":"CAAnOk7TILAB4IZiCABFAAA0AABAADgGHEwuiTV7wKgBzBWzwjSDSvsqLdLatoAS9Qf0mgAAAgQFtAEBBAIBAwMH"} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":61580889,"flow_dst_last_pkt_time":61574222,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":61580889,"pkt":"ILAB4IZiCAAnOk7TCABFAAAo0ElAAIAGBA7AqAHMLok1e8I0FbMt0tq2g0r7K1AQAP8pdgAA"} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":61655608,"flow_dst_last_pkt_time":61574222,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":61655608,"pkt":"ILAB4IZiCAAnOk7TCABFAAB10EpAAIAGA8DAqAHMLok1e8I0FbMt0tq2g0r7K1AYAP+ppAAATApKCP\/\/\/\/\/\/\/\/\/\/\/wESPQoTdHlwZS5hbmthbWEuY29tL2piaRImCgJlbhIgYzY2NGU3MWMzNGYwNDZjYzkyNzBhMDk1N2QzZjRiMDc="} -00888{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":61536799,"flow_src_last_pkt_time":61655608,"flow_dst_last_pkt_time":61574222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":61655608,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"46.137.53.123","src_port":49716,"dst_port":5555,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dofus","proto_id":"106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":61536799,"flow_src_last_pkt_time":61655608,"flow_dst_last_pkt_time":61574222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":61655608,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"46.137.53.123","src_port":49716,"dst_port":5555,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dofus","proto_id":"106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":61655608,"flow_dst_last_pkt_time":61692198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":61692198,"pkt":"CAAnOk7TILAB4IZiCABFAAAoYvRAADgGuWMuiTV7wKgBzBWzwjSDSvsrLdLbA1AQAeooPgAAAAAAAAAA"} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":54,"packets-processed":53,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13450,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1747822690144744} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":54,"packets-processed":53,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13450,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1747822690144744} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690144744,"flow_dst_last_pkt_time":1747822690144744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747822690144744,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1747822690144744,"flow_dst_last_pkt_time":1747822690144744,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747822690144744,"pkt":"AgAAAAABAgAAAAACCABFAAA8HNdAAEAG\/wkK160BIvBEE6W+AbvneNIFAAAAAKAC\/\/+MagAAAgQm6AQCCAql5nSlAAAAAAEDAwk="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1747822690144744,"flow_dst_last_pkt_time":1747822690207497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1747822690207497,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGG+0i8EQTCtetAQG7pb5363fr53jSBnASBADnLwAAAgQm6AMDCQA="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1747822690207688,"flow_dst_last_pkt_time":1747822690207497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1747822690207688,"pkt":"AgAAAAABAgAAAAACCABFAAAoHNhAAEAG\/xwK160BIvBEE6W+AbvneNIGd+t37FAQAIA\/qAAA"} 01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1747822690208332,"flow_dst_last_pkt_time":1747822690207497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1747822690208332,"pkt":"AgAAAAABAgAAAAACCABFAAIoHNlAAEAG\/RsK160BIvBEE6W+AbvneNIGd+t37FAQAICicgAAFgMBAi0BAAIpAwMwT9njNJF98IOvftN72yix94uTUtd\/NS0EScAJp7zXYyAgRFVwN5lx5xC2vu\/dwnWZ4jK9CtKARVXfUxa5+ExEvQAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAHA+voAAERpAAUAAwJoMgAtAAIBAQAKAAoACLq6AB0AFwAYACsABwZqagMEAwMABQAFAQAAAAAAMwArACm6ugABAAAdACAZPP8snMVlWTb\/w27ltA4iy72VTLMQd3u41d7Y39VfaQALAAIBAAAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAL\/AQABAAAAAC8ALQAAKmR0LXByb3h5LXByb2R1Y3Rpb24tbG9naW4uYW5rYW1hLWdhbWVzLmNvbf4NANoAAAEAAXgAIOXHo3T3TTliWuYMf5ZgBL4gWNOx34Bfh8kzvxW\/peMpALB1VWXAavHa1Lqzq9L+ZCDEjOhCFGYbPMrPtjw8Y+C6RE1yJSwXyHx30b+HbSrVi+3tfhA972eXQTZEu6eGI4MIXdWM\/cao3Vmlnw\/rdnKtRvBBoPsebF1EuzAuySPrKECdUV74NKVagolfB8hVCErtCvt1yeM5b2zlXYojOAzLe8zwIVn5cuS39801+JvChFCVn59gSgIRmcHtRVtQ\/751Gm6LRp4="} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1747822690208455,"flow_dst_last_pkt_time":1747822690207497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1747822690208455,"pkt":"AgAAAAABAgAAAAACCABFAABaHNpAAEAG\/ugK160BIvBEE6W+AbvneNQGd+t37FAYAIARuwAA7J0sU\/uY10kEw7wADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAXAAAAIwAA6uoAAQA="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690208455,"flow_dst_last_pkt_time":1747822690207497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":562,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747822690208455,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"dt-proxy-production-login.ankama-games.com","domainame":"dt-proxy-production-login.ankama-games.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690208455,"flow_dst_last_pkt_time":1747822690264973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":562,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1747822690264973,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"dt-proxy-production-login.ankama-games.com","domainame":"dt-proxy-production-login.ankama-games.com","tls": {"version":"TLSv1.2","ja3s":"bfc90d56141386ee83b56cda231cccfc","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690265408,"flow_dst_last_pkt_time":1747822690265602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":562,"flow_dst_tot_l4_payload_len":4270,"midstream":0,"thread_ts_usec":1747822690265602,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"dt-proxy-production-login.ankama-games.com","domainame":"dt-proxy-production-login.ankama-games.com","tls": {"version":"TLSv1.2","server_names":"*.ankama-games.com","ja3s":"bfc90d56141386ee83b56cda231cccfc","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, CN=Amazon RSA 2048 M02","subjectDN":"CN=*.ankama-games.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"A8:D5:A9:6D:53:95:1E:F5:F8:9C:76:F5:71:A0:E4:17:58:D1:B1:EA","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690208455,"flow_dst_last_pkt_time":1747822690207497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":562,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747822690208455,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"dt-proxy-production-login.ankama-games.com","domainame":"dt-proxy-production-login.ankama-games.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690208455,"flow_dst_last_pkt_time":1747822690264973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":562,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1747822690264973,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"dt-proxy-production-login.ankama-games.com","domainame":"dt-proxy-production-login.ankama-games.com","tls": {"version":"TLSv1.2","ja3s":"bfc90d56141386ee83b56cda231cccfc","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690265408,"flow_dst_last_pkt_time":1747822690265602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":562,"flow_dst_tot_l4_payload_len":4270,"midstream":0,"thread_ts_usec":1747822690265602,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"dt-proxy-production-login.ankama-games.com","domainame":"dt-proxy-production-login.ankama-games.com","tls": {"version":"TLSv1.2","server_names":"*.ankama-games.com","ja3s":"bfc90d56141386ee83b56cda231cccfc","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, CN=Amazon RSA 2048 M02","subjectDN":"CN=*.ankama-games.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"A8:D5:A9:6D:53:95:1E:F5:F8:9C:76:F5:71:A0:E4:17:58:D1:B1:EA","blocks":0}}} 00938{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":57179983,"flow_src_last_pkt_time":59763105,"flow_dst_last_pkt_time":59765462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":311,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":395,"midstream":0,"thread_ts_usec":1747822690266680,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"75.2.115.63","src_port":49715,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dofus","proto_id":"106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":19,"flow_first_seen":61536799,"flow_src_last_pkt_time":62122057,"flow_dst_last_pkt_time":62064677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":7157,"midstream":0,"thread_ts_usec":1747822690266680,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"46.137.53.123","src_port":49716,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dofus","proto_id":"106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":42932282,"flow_src_last_pkt_time":42956537,"flow_dst_last_pkt_time":42957704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4826,"midstream":0,"thread_ts_usec":1747822690266680,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"18.65.82.75","src_port":49684,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":19,"flow_first_seen":61536799,"flow_src_last_pkt_time":62122057,"flow_dst_last_pkt_time":62064677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":7157,"midstream":0,"thread_ts_usec":1747822690266680,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"46.137.53.123","src_port":49716,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dofus","proto_id":"106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":42932282,"flow_src_last_pkt_time":42956537,"flow_dst_last_pkt_time":42957704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4826,"midstream":0,"thread_ts_usec":1747822690266680,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"18.65.82.75","src_port":49684,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820187482,"flow_dst_last_pkt_time":1747822820187482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747822820187482,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1747822820187482,"flow_dst_last_pkt_time":1747822820187482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747822820187482,"pkt":"AgAAAAABAgAAAAACCABFAAA8A\/JAAEAGz6oK160BNvZ4UacgAbu9LlZSAAAAAKAC\/\/8mBQAAAgQm6AQCCArIuRSPAAAAAAEDAwk="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1747822820187482,"flow_dst_last_pkt_time":1747822820278663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1747822820278663,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAG06g29nhRCtetAQG7pyB363frvS5WU3ASBABDhwAAAgQm6AMDCQA="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1747822820278846,"flow_dst_last_pkt_time":1747822820278663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1747822820278846,"pkt":"AgAAAAABAgAAAAACCABFAAAoA\/NAAEAGz70K160BNvZ4UacgAbu9LlZTd+t37FAQAICb\/wAA"} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1747822820279191,"flow_dst_last_pkt_time":1747822820278663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1747822820279191,"pkt":"AgAAAAABAgAAAAACCABFAAIoA\/RAAEAGzbwK160BNvZ4UacgAbu9LlZTd+t37FAQAIBIZQAAFgMBAkEBAAI9AwNO9meHvulQrTR088vYxmoCgFA5onCIQfZcnK1zEtNX2iB4Z9vdBfcosjV5WiCnhGJTzni3FaAvovWC8tZJWzhgawAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAHUOjoAAAAQAA4ADAJoMghodHRwLzEuMQAKAAoACHp6AB0AFwAYAAUABQEAAAAAAC0AAgEBADMAKwApenoAAQAAHQAgz9zFSs254wG9apI7B6Ss+qonh2tZXAMlumUqFXmmGRr+DQD6AAABAAFxACD+eyNCe7YaO2Ao7L29dQeV0fp5QKpf3LlpGUYJLGsPFwDQShUpJql4anuE779udV11ZTiaYAApR1ivVH+kyNIFrPdbqM3VTHRV\/X4dmgLCEaZBLgFRmQJN\/JuQlAlrkbhnm1QLi4uubKfwkZkn7tO4xbuRFHazXx7F0NC0sLYGew3HMUoYCPH0f38cbQriJrq6LIOSY3z1NCWJlrZKHJhfWOb5VK5aAflUOr1c1gQ2wIrzDVwVcBJm8PlkoJf9r6q7CvDM0bv4K1ZTnvGPWDLnUR0rSjeFaRGa3cep\/meOQw7eIO09j60H3+oDONBn3c0oBQAXAAAAEgAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAf8BAAEAACMAAERpAAUAAwI="} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1747822820279299,"flow_dst_last_pkt_time":1747822820278663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1747822820279299,"pkt":"AgAAAAABAgAAAAACCABFAABuA\/VAAEAGz3UK160BNvZ4UacgAbu9LlhTd+t37FAYAIAGygAAaDIAGwADAgACACsABwa6ugMEAwMACwACAQAAAAAjACEAAB5ldmVudC1tZWRpYXRvci5kb2Z1cy10b3VjaC5jb23q6gABAA=="} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820279299,"flow_dst_last_pkt_time":1747822820278663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747822820279299,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"event-mediator.dofus-touch.com","domainame":"event-mediator.dofus-touch.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820279299,"flow_dst_last_pkt_time":1747822820341123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1747822820341123,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"event-mediator.dofus-touch.com","domainame":"event-mediator.dofus-touch.com","tls": {"version":"TLSv1.2","ja3s":"bfc90d56141386ee83b56cda231cccfc","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01545{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820341397,"flow_dst_last_pkt_time":1747822820342569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":4282,"midstream":0,"thread_ts_usec":1747822820342569,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"event-mediator.dofus-touch.com","domainame":"event-mediator.dofus-touch.com","tls": {"version":"TLSv1.2","server_names":"*.dofus-touch.com,dofus-touch.com","ja3s":"bfc90d56141386ee83b56cda231cccfc","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, CN=Amazon RSA 2048 M03","subjectDN":"CN=*.dofus-touch.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"6D:13:FC:5E:53:C6:F6:F0:7A:40:A5:AD:45:E1:D2:3D:C2:70:26:65","blocks":0}}} -00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690266680,"flow_dst_last_pkt_time":1747822690265602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":562,"flow_dst_tot_l4_payload_len":4270,"midstream":0,"thread_ts_usec":1747822820342802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820342802,"flow_dst_last_pkt_time":1747822820342569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":4282,"midstream":0,"thread_ts_usec":1747822820342802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":73,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23146,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1747822820342802} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820279299,"flow_dst_last_pkt_time":1747822820278663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747822820279299,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"event-mediator.dofus-touch.com","domainame":"event-mediator.dofus-touch.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820279299,"flow_dst_last_pkt_time":1747822820341123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1747822820341123,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"event-mediator.dofus-touch.com","domainame":"event-mediator.dofus-touch.com","tls": {"version":"TLSv1.2","ja3s":"bfc90d56141386ee83b56cda231cccfc","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01543{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820341397,"flow_dst_last_pkt_time":1747822820342569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":4282,"midstream":0,"thread_ts_usec":1747822820342569,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"event-mediator.dofus-touch.com","domainame":"event-mediator.dofus-touch.com","tls": {"version":"TLSv1.2","server_names":"*.dofus-touch.com,dofus-touch.com","ja3s":"bfc90d56141386ee83b56cda231cccfc","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, CN=Amazon RSA 2048 M03","subjectDN":"CN=*.dofus-touch.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"6D:13:FC:5E:53:C6:F6:F0:7A:40:A5:AD:45:E1:D2:3D:C2:70:26:65","blocks":0}}} +00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1747822690144744,"flow_src_last_pkt_time":1747822690266680,"flow_dst_last_pkt_time":1747822690265602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":562,"flow_dst_tot_l4_payload_len":4270,"midstream":0,"thread_ts_usec":1747822820342802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"34.240.68.19","src_port":42430,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1747822820187482,"flow_src_last_pkt_time":1747822820342802,"flow_dst_last_pkt_time":1747822820342569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":4282,"midstream":0,"thread_ts_usec":1747822820342802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.246.120.81","src_port":42784,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dofus","proto_id":"91.106","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dofus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":73,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23146,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1747822820342802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 73/73 ~~ skipped flows.............: 0 @@ -54,10 +54,10 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8699157 bytes -~~ total memory freed........: 8699157 bytes -~~ total allocations/frees...: 140682/140682 +~~ total memory allocated....: 9463659 bytes +~~ total memory freed........: 9463659 bytes +~~ total allocations/frees...: 154648/154648 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 504 chars -~~ json message max len.......: 1559 chars -~~ json message avg len.......: 1030 chars +~~ json message max len.......: 1557 chars +~~ json message avg len.......: 1029 chars diff --git a/test/results/default/doh.pcapng.out b/test/results/default/doh.pcapng.out index 2d449786b..5d2fc4972 100644 --- a/test/results/default/doh.pcapng.out +++ b/test/results/default/doh.pcapng.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"} @@ -10,7 +10,7 @@ 01462{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13i1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02381{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01193{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668228 bytes -~~ total memory freed........: 8668228 bytes -~~ total allocations/frees...: 140664/140664 +~~ total memory allocated....: 9432635 bytes +~~ total memory freed........: 9432635 bytes +~~ total allocations/frees...: 154631/154631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2386 chars diff --git a/test/results/default/doq.pcapng.out b/test/results/default/doq.pcapng.out index ddb94b0e1..a97a0549f 100644 --- a/test/results/default/doq.pcapng.out +++ b/test/results/default/doq.pcapng.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1606056093199591} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1606056093199591} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1606056093199591,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="} 01362{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","quic": {"quic_version":"Draft-32","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00i0307d0_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} @@ -16,7 +16,7 @@ 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1606056094761968,"flow_dst_last_pkt_time":1606056093260178,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_usec":1606056094761968,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRDyQAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBDTi\/juYgmMflRQ+5iHRbV0PH6VAD4ThaqZ1CAONxwoz6WhjCyy3b7S1XIRkGal+nrRIME3nHuB4Ws4VB9TKvtbvdiy1ZVtUUE7G\/BOwkfFiH9M8cl"} 00919{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1606056093260178,"flow_src_last_pkt_time":1606056096363710,"flow_dst_last_pkt_time":1606056093260178,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":846,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056096363710,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":11,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093202473,"flow_dst_last_pkt_time":1606056096363686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1606056096363710,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1606056096363710} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1606056096363710} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8658054 bytes -~~ total memory freed........: 8658054 bytes -~~ total allocations/frees...: 140587/140587 +~~ total memory allocated....: 9422460 bytes +~~ total memory freed........: 9422460 bytes +~~ total allocations/frees...: 154553/154553 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 2220 chars diff --git a/test/results/default/doq_adguard.pcapng.out b/test/results/default/doq_adguard.pcapng.out index a24184912..1f33e8fff 100644 --- a/test/results/default/doq_adguard.pcapng.out +++ b/test/results/default/doq_adguard.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1608278425043144} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1608278425043144} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1608278425043144,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="} 01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com","domainame":"dns.adguard.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309d0_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3"}}}} @@ -9,7 +9,7 @@ 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425122888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1608278425122888,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbUAAD8RO01ejA4OwKgMqQMQoG4E7Ejn6\/8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRETGDa1HS+zF6UxQoqcWPtvaZD0M5D8vOuuwT1lT22BsNzW7UeqT3G1yaqqeziGQS9CbrgeN2LYCFWePpTXrCGMIZRaKZ4Dzl\/ylxVo1sZoKf5iJ77RobOd4uOVr4v1fzVtZK7SSnw2TNr9+YJLUw8RzWrFl1R5\/LuSFg\/4LBpdELaercn4cag8\/wfjYg5esjxgyw3\/DI39x6fJiEeLfYiMTQhdl4S1DvT1bf4On1cZ5Pve8aL9ZNSUV6pjz8exU6v+yozsTMJ2gReNqSJxiLOZA7Chr1rP372EcxwZOJfjuB3dtVyhjEVmDDR0MFakaOiW2TopUKwSO6tanORLdiScMWtoVB9EEXWrRqu7AHeUwMqJpJaM2sTYg9vj5V8V49eB01MwBWnW3RvuELSAA\/rr0tFC5kN8x80Q6hkUR9WERSgsSZyq2fWg2XEVb6wgyhQj7yJd8o1FbiW9te0lPExFduactwU4ZdCzzWwIfFwRTxEDa1WjbFyzhWvrV\/L8AnXhR\/fz+ImBVLIzbVNVFQzjIpkvT0AiSLhI\/Q3u+VRc1QDRm\/KyZFemkvcqHRqTa1EzbDy\/8E8zwa4LPWD4qxNxc86\/+Z2tRmJf7XxMZKQFOo0p\/mtsuZYDLoqPpnbMk+WCZqUAKJw5ylbvHbPXC16P9bvC6+EtzBwnKuIepTSqo3Idks2KPcjL1GocIhx65JvpwFw49ItI8ZlGPLwUdd\/nv1HyD8d1Q0CYp\/9+4zHKOO4YHyAjhX5MzgfB2TYJ+1KbY6eG8U+KMm575akz5nzlxw26myucQvSCqFwJ7xEC8AIJrnjWDoPOQR60myqM33dqPGKrP6kE0cAk+afxU3b\/vK+rfZEV\/Py90klu2hWkGl5in5MPx0bsWnQ0F7CXctdd02NLCht2yp7ll4ETNeFn3XM6mhON3pCvy498D54qI4zen22mbk\/WqVm3E8+JTyfl\/CzxZ4qyEDlpfxf7GEaVhJ7rqcius2EygkgEVV4xY2XRuUR766UoZs8qWnepQKnzhy\/9amls+aw28xFV3aYpewQpsypFwiv7Z7bDx+nQsJYuuS1kaashnFzhaXmhKUkxgorWYVnMEjKkzb\/IUGbuhdZstKP7O9fF7e6KKBxNLLfRS0lfTf+XipzVaJcbDwmAd2AluLDPZofxNzCj5cPuXES3Heazc8O8YpvXof3ytzfQk5x+KqUqi\/+Rxe9T3HFewik8RMi8MrjOjdYIZ51+0tdEPKmEFbsQMTFbcW172ZavX5jdgrAuD4MwmJ6wgKGaYwWwNRXhzRCSVvtIsCGrk+txykp4tvV75By2Kor6l0z9qnIl7gBOVIiHasEepsdO4OiB\/RH8LGAnt03cK3PZFqYhm2MSA6+sCm3NKMl7pHROc0Syuyaw8\/S9pn8cSw1kIUOxu0CAy6MKzrQ3zeUd8YrXWJeJn9B45tmf6F\/IZwdW6kr8sz3gshgpqCh64vBnmFxQNepWuT\/rvLhTewMp7+YSfmgGvgJk0VlvONZkv9khFJAToEnRePOuBnhUhkWLAJGxHNu\/tfIpyWrL0N3ERF4a3\/HS+2EuavJ219sPDpGBPIVfa4k5r2z4Wkv1gAWxeE7KYlcVSwrhvZRtvOqoTh68InjRMQA=="} 02230{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278427520204,"flow_dst_last_pkt_time":1608278427556259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":3388,"flow_dst_tot_l4_payload_len":9887,"midstream":0,"thread_ts_usec":1608278427556259,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":160973.4,"max":1885270,"stddev":453072.4,"var":205274628096.0,"ent":2.4,"data": [36477,41681,43201,66,19,41861,6662,38406,6603,58707,16,206479,12,419140,55,727,29151,153173,67,8229,73,10468,39556,83,37026,44980,51489,1830423,63,12,1885270]},"pktlen": {"min":59,"avg":442.8,"max":1280,"stddev":522.9,"var":273444.5,"ent":4.1,"data": [1260,168,1260,1280,1280,1270,83,84,184,81,1270,1270,1270,1270,255,59,83,84,69,292,140,86,59,69,423,59,70,59,87,89,89,69]},"bins": {"c_to_s": [4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1],"entropies": [7.847249508,6.664321423,7.854867935,7.829421520,7.845530033,7.828608036,5.784439087,5.698686600,6.822151661,5.751563549,7.848925114,7.841618061,7.849283695,7.840007782,7.166291237,5.550272942,5.778533459,5.825033665,5.698887825,7.230185032,6.684528351,6.026679039,5.577555180,5.650410652,7.431746960,5.496964455,5.706285954,5.435783863,6.043458462,6.076747894,6.093711376,5.553960800]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":132,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278463119538,"flow_dst_last_pkt_time":1608278462796456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":10308,"flow_dst_tot_l4_payload_len":21705,"midstream":0,"thread_ts_usec":1608278463119538,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":296,"packets-processed":296,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1608278463119538} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":296,"packets-processed":296,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1608278463119538} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 296/296 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8663529 bytes -~~ total memory freed........: 8663529 bytes -~~ total allocations/frees...: 140851/140851 +~~ total memory allocated....: 9427903 bytes +~~ total memory freed........: 9427903 bytes +~~ total allocations/frees...: 154817/154817 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 595 chars ~~ json message max len.......: 2235 chars diff --git a/test/results/default/dos_win98_smb_netbeui.pcap.out b/test/results/default/dos_win98_smb_netbeui.pcap.out index 222d90f4b..963606378 100644 --- a/test/results/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/default/dos_win98_smb_netbeui.pcap.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1576409796586005} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1576409796586005} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586005,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586005} 00386{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586078,"packet_id":2,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586078} @@ -107,7 +107,7 @@ 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409931837438,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"mdjr98"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409928060524,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":952,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"mdjr98"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409923353834,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2817,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":220,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1576409931837438} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":220,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1576409931837438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 220/62 ~~ skipped flows.............: 0 @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653864 bytes -~~ total memory freed........: 8653864 bytes -~~ total allocations/frees...: 140625/140625 +~~ total memory allocated....: 9418334 bytes +~~ total memory freed........: 9418334 bytes +~~ total allocations/frees...: 154591/154591 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 311 chars ~~ json message max len.......: 2220 chars diff --git a/test/results/default/dotenv.pcap.out b/test/results/default/dotenv.pcap.out index eb632531c..43f484d89 100644 --- a/test/results/default/dotenv.pcap.out +++ b/test/results/default/dotenv.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712149625108862} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712149625108862} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625108862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712149625108862,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625108862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1712149625108862,"pkt":"BBjWBrNamAGnpQyTCABFAABAAABAAEAG0iDAqALGWR9MCsh\/AFDEMiwGAAAAALAC\/\/+OxwAAAgQFtAEDAwYBAQgKah4cdgAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625154117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712149625154117,"pkt":"mAGnpQyTBBjWBrNaCABFAAA8AABAADIG4CRZH0wKwKgCxgBQyH9vZPz5xDIsB6AScSDzUAAAAgQFrAQCCAooNaa9ah4cdgEDAwc="} @@ -9,7 +9,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625197601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712149625197601,"pkt":"mAGnpQyTBBjWBrNaCABFAAA0Wj9AADIGhe1ZH0wKwKgCxgBQyH9vZPz6xDIsWYAQAOORyAAAAQEICig1psdqHhyk"} 01468{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625197647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":231,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":231,"midstream":0,"thread_ts_usec":1712149625197647,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"sevenpitaly.com","domainame":"sevenpitaly.com","http": {"url":"sevenpitaly.com\/.env","code":406,"content_type":"application\/octet-stream","user_agent":"curl\/8.4.0"}}} 01348{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625232341,"flow_dst_last_pkt_time":1712149625232158,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":231,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":231,"midstream":0,"thread_ts_usec":1712149625232341,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"sevenpitaly.com"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1712149625232341} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1712149625232341} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645302 bytes -~~ total memory freed........: 8645302 bytes -~~ total allocations/frees...: 140551/140551 +~~ total memory allocated....: 9409676 bytes +~~ total memory freed........: 9409676 bytes +~~ total allocations/frees...: 154517/154517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 1473 chars diff --git a/test/results/default/drda_db2.pcap.out b/test/results/default/drda_db2.pcap.out index 710c50697..690cc8da3 100644 --- a/test/results/default/drda_db2.pcap.out +++ b/test/results/default/drda_db2.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1175543772220609} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1175543772220609} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772220609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1175543772220609,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772220609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1175543772220609,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772221098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1175543772221098,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="} @@ -9,7 +9,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1175543772338468,"flow_dst_last_pkt_time":1175543772338790,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1175543772338790,"pkt":"AFBWwAABAAwpfMZqCABFAAAoelNAAEAGaqrAqGqAwKhqAcNQEu\/9XlZICrRoYFAQGSCj5gAA"} 02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543792690997,"flow_dst_last_pkt_time":1175543792523346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":630,"flow_src_tot_l4_payload_len":2071,"flow_dst_tot_l4_payload_len":2488,"midstream":0,"thread_ts_usec":1175543792690997,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":489,"avg":1315262.1,"max":17986057,"stddev":4366159.0,"var":19063346561024.0,"ent":1.8,"data": [489,527,117332,117692,728,9146,43443,966142,1129664,349281,477633,7546,71563,64394,182669,413229,622408,30275,5528,2591,521,1606,2014,1552,1127,154254,17828332,17986057,9928,7015,168439]},"pktlen": {"min":40,"avg":183.0,"max":703,"stddev":190.6,"var":36335.2,"ent":4.3,"data": [48,48,40,215,40,147,304,40,281,40,703,40,510,50,94,40,282,670,130,51,50,94,308,441,50,94,40,369,452,50,94,40]},"bins": {"c_to_s": [10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0],"entropies": [4.443420410,4.743162632,4.731687069,5.602320194,4.712815285,5.534297943,5.451408386,4.643942833,5.407389164,4.731687069,5.469695568,4.712814808,4.427623272,4.828757286,5.028375626,4.781687260,5.564469814,5.097215652,4.705523014,4.912525654,4.828757286,5.049652100,5.369750977,4.250173569,4.773659706,5.041621685,4.681686878,5.027119160,4.343546391,4.828757286,5.070929050,4.615311623]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","proto_id":"227","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":18,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543810683631,"flow_dst_last_pkt_time":1175543810683601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":630,"flow_src_tot_l4_payload_len":2081,"flow_dst_tot_l4_payload_len":2542,"midstream":0,"thread_ts_usec":1175543810683631,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","proto_id":"227","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1175543810683631} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1175543810683631} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647989 bytes -~~ total memory freed........: 8647989 bytes -~~ total allocations/frees...: 140572/140572 +~~ total memory allocated....: 9412363 bytes +~~ total memory freed........: 9412363 bytes +~~ total allocations/frees...: 154538/154538 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2213 chars diff --git a/test/results/default/dropbox.pcap.out b/test/results/default/dropbox.pcap.out index 37db0022c..502c96219 100644 --- a/test/results/default/dropbox.pcap.out +++ b/test/results/default/dropbox.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455907271481938} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455907271481938} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1455907271481938,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -32,7 +32,7 @@ 02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907274088318,"flow_src_last_pkt_time":1455907275896569,"flow_dst_last_pkt_time":1455907275902611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1455907275902611,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1319,"avg":116856.3,"max":131359,"stddev":22365.2,"var":500202464.0,"ent":4.9,"data": [1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537]},"pktlen": {"min":46,"avg":87.2,"max":129,"stddev":38.5,"var":1485.3,"ent":4.9,"data": [125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]},"bins": {"c_to_s": [0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.540076256,5.126628399,5.646005154,5.238902569,5.556076050,5.011841774,5.645351887,5.124912739,5.661224842,5.124912739,5.536271572,5.045301914,5.526149273,5.010309696,5.552532196,5.088779926,5.645638943,5.155473709,5.623487949,5.027874470,5.658226013,5.203855038,5.594115257,5.084961414,5.581238747,5.084961414,5.642791271,5.201836586,5.575829029,5.148757458,5.623488426,5.043280125]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1455907275958608,"flow_dst_last_pkt_time":1455907275835251,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1455907275958608,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7FHgAAIARNEPAqDgBwKg4ZcSPRFwAZyUVQgOAaDrbckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE2IEVFVCAyMDE2In0="} 02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907275690777,"flow_src_last_pkt_time":1455907277661201,"flow_dst_last_pkt_time":1455907277663998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1561,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1455907277663998,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5091,"avg":127214.4,"max":172321,"stddev":26264.3,"var":689812928.0,"ent":4.9,"data": [5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564]},"pktlen": {"min":45,"avg":87.1,"max":129,"stddev":38.6,"var":1487.1,"ent":4.9,"data": [127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51]},"bins": {"c_to_s": [0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.584132195,5.148756981,5.612321377,5.123405457,5.484527588,5.088779926,5.497614384,5.088779926,5.597732544,5.084096432,5.526148796,5.088780403,5.523175716,5.047409534,5.616926193,5.163855076,5.550037384,5.084961891,5.666587353,5.277364254,5.567777157,5.068690777,5.565383434,5.070440769,5.542193413,5.084961414,5.626701832,5.238902569,5.490826130,4.985334873,5.638961315,5.241052151]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":801,"packets-processed":800,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1459182796665502} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":801,"packets-processed":800,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1459182796665502} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665502,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1459182796665502,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1459182796665502,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"} 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665502,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1459182796665502,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"client.dropbox.com","domainame":"client.dropbox.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -88,7 +88,7 @@ 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1459182830673445,"flow_dst_last_pkt_time":1459182817566407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673445,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfRXtAAEARMoLAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1459182830673733,"flow_dst_last_pkt_time":1459182817566700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673733,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1459182830673733,"flow_dst_last_pkt_time":1459182817566700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673733,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":837,"packets-processed":836,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":6,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1535391465534592} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":837,"packets-processed":836,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":6,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1535391465534592} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391465534592,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_usec":1535391465534592,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391465534592,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -124,7 +124,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391525545240,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391651170134,"flow_src_last_pkt_time":1535391682514087,"flow_dst_last_pkt_time":1535391651170134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":163,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":489,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465535228,"flow_src_last_pkt_time":1535391525545589,"flow_dst_last_pkt_time":1535391465535228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":848,"packets-processed":848,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":4,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":127,"global_ts_usec":1535391682514087} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":848,"packets-processed":848,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":4,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":127,"global_ts_usec":1535391682514087} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 848/848 ~~ skipped flows.............: 0 @@ -133,9 +133,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8703230 bytes -~~ total memory freed........: 8703230 bytes -~~ total allocations/frees...: 141524/141524 +~~ total memory allocated....: 9468052 bytes +~~ total memory freed........: 9468052 bytes +~~ total allocations/frees...: 155490/155490 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2231 chars diff --git a/test/results/default/dtls.pcap.out b/test/results/default/dtls.pcap.out index 3fe08e2e4..b02f1df7a 100644 --- a/test/results/default/dtls.pcap.out +++ b/test/results/default/dtls.pcap.out @@ -1,11 +1,11 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1545143424891780} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1545143424891780} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1545143424891780,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} 01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2i120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1545143424891780,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} 01310{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2i120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1709402982954913} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1709402982954913} 00292{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1709402982954913,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1709402982954913} 00670{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":282,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"thread_ts_usec":1545143424891780,"pkt":"AAAAAAAAAAECAAD6gQBsq4EAYAoIAEVoAQSIAgAAQBHZsAp0CDkK7vozCGgIaADwFLgw\/wDgDiwdx0UAAOCbbkAAQBECYgq\/4w2d8BCA05INlgDMnSUW\/v8AAAAAAAAAAAC3AQAAqwAAAAAAAACr\/v3TX4DX\/2Tw+fR5prCNPlqT6Mx2Z76XU2pTu0obfv2RmwAAACDMqcyozKrAK8AvAJ7ACsAUADnACcATADMAnAA1AC8A\/wEAAGEACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAAA4ABQACAAEAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYC"} 00292{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1709402983129998,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1709402983129998} @@ -14,7 +14,7 @@ 00669{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":282,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"thread_ts_usec":1545143424891780,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEVoAQRgdgAAOxEGPQru+jMKdAg5CGgIaADwAAAw\/wDgfqoMiUUcAOASNEAAORGSgJ3wEIAKv+MNDZbTkgDMnCUW\/v8AAAAAAAAAAQC3AQAAqwAAAAAAAACr\/v3TX4DX\/2Tw+fR5prCNPlqT6Mx2Z76XU2pTu0obfv2RmwAAACDMqcyozKrAK8AvAJ7ACsAUADnACcATADMAnAA1AC8A\/wEAAGEACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAAA4ABQACAAEAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYC"} 00292{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1709402983154949,"packet_id":6,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1709402983154949} 00427{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":101,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"thread_ts_usec":1545143424891780,"pkt":"AAAAAAAAAAECAAD6gQBsq4EAYAoIAEVoAE+KggAAQBHX5Qp0CDkK7vozCGgIaAA7FiIw\/wArDiwdx0UAACube0AAQBEDCgq\/4w2d8BCA05INlgAXX1kV\/v8AAAAAAAAAAgACAgo="} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1715267278678898} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1715267278678898} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278678898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":522,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715267278678898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278678898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":564,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":564,"pkt_l4_len":530,"thread_ts_usec":1715267278678898,"pkt":"AAAAAAAAAAAAAAAACABFAAImCsxAAEARL\/l\/AAABfwAAAaAXK2cCEgAmFv79AAAAAAAAAAAB\/QEAAfEAAAAAAAAB8f79znoqN\/EoajbE0TuzZEbImtaxHP\/wmWHLlwiemzKi0n0AAAA2EwETAhMDwCzAK8AwwC8AnwCezKnMqMyqwCfAI8AowCTACsAJwBTAEwBrAGcAOQAzzBTME8wVAQABkQAtAAMCAAEAKwADAv78AA0AHAAaBgMFAwQDCAYICwgFCAoIBAgJBgEFAQQBAwEACgAMAAoAGQAYABcAFQEAABYAAAAzAUsBSQAXAEEEFoRmwsae0kYSDd9U8ZH4sD1xSXUDkDoe1Nmons14JvZWuN9jwuehgR\/SPE3bp1\/Ar5ynjKa9Htuuyl1wfMuKfgEAAQC4dQqS0DjMwOdydz\/gty3VCQtk6mc\/KZ3tGlM3MTF1q94yWKAXMQdXzdqxDlFBXsdhEkF15bfa+Yi\/o9gYMleVnP40PS0IeW\/IXujZrOeeFBoWBoXBcdJiJsOs\/NetRbvBw2uCHThKyNvdZTbhQ7MA8fMVp9QAXuviWZhLGQlHFvdAhqMNs117LgJpBPZBUFZ8YJsIlZaZ8Rd1XVh8m9nOdCUYiu8Sc8f9gmu1pizOPWXJXEJI1aTmu9qoT5Wdr9Hbx9EZY5gBs4dH7STBRN9+vltvLtLf6AvVfZJ7jKK2ortNPmuljsvEjDr+prerNV1EgYG0tHeSIPbe7lC+mxtY"} 01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278678898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":522,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715267278678898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2i270600_991e33d7eb74_10f9deb96590","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"DTLSv1.3"}}} @@ -25,7 +25,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1715267278679274,"flow_dst_last_pkt_time":1715267278682070,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1715267278682070,"pkt":"AAAAAAAAAAAAAAAACABFAABACtBAAEARMdt\/AAABfwAAAStnoBcALP4\/LgiBAB8nnxlPMXJq4owcIMi60RTH7aY5NMHJW01cWZirNmOm"} 01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":11,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278694728,"flow_dst_last_pkt_time":1715267278694701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1383,"flow_src_tot_l4_payload_len":2893,"flow_dst_tot_l4_payload_len":3518,"midstream":0,"thread_ts_usec":1715267278694728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01200{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715267278694728,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1715267278694728} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1715267278694728} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/20 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647918 bytes -~~ total memory freed........: 8647918 bytes -~~ total allocations/frees...: 140568/140568 +~~ total memory allocated....: 9412324 bytes +~~ total memory freed........: 9412324 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 297 chars ~~ json message max len.......: 1377 chars diff --git a/test/results/default/dtls2.pcap.out b/test/results/default/dtls2.pcap.out index fbf4fcb6f..a474577f8 100644 --- a/test/results/default/dtls2.pcap.out +++ b/test/results/default/dtls2.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507911659748597} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507911659748597} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1507911659748597,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"} 01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.0","ja3s":"","ja4":"dd1i080000_f3b6e48d6e2b_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -14,7 +14,7 @@ 01334{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911920885639,"flow_dst_last_pkt_time":1507911921101187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":1919,"midstream":0,"thread_ts_usec":1507911921101187,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.RockstarGames","proto_id":"30.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01334{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":15,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911981436327,"flow_dst_last_pkt_time":1507911981652443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":1996,"midstream":0,"thread_ts_usec":1507911981652443,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.RockstarGames","proto_id":"30.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01332{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507912041681166,"flow_dst_last_pkt_time":1507912041896833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1658,"flow_dst_tot_l4_payload_len":2073,"midstream":0,"thread_ts_usec":1507912041896833,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.RockstarGames","proto_id":"30.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":5,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1507912041896833} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":5,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1507912041896833} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645834 bytes -~~ total memory freed........: 8645834 bytes -~~ total allocations/frees...: 140568/140568 +~~ total memory allocated....: 9410208 bytes +~~ total memory freed........: 9410208 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1633 chars diff --git a/test/results/default/dtls_certificate.pcapng.out b/test/results/default/dtls_certificate.pcapng.out index e27393b81..5a1893e95 100644 --- a/test/results/default/dtls_certificate.pcapng.out +++ b/test/results/default/dtls_certificate.pcapng.out @@ -1,10 +1,10 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645461580895085} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645461580895085} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1645461580895085,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="} 01509{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","tls": {"version":"DTLSv1.2","ja3s":"953c1507994f72697446de4eff6e300b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft, OU=DSP, CN=www.update.microsoft.com","fingerprint":"D1:88:0F:51:C1:01:91:72:A1:A4:6E:69:F4:33:7F:FE:3E:C4:F0:39"}}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1645461580895085} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1645461580895085} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647112 bytes -~~ total memory freed........: 8647112 bytes -~~ total allocations/frees...: 140537/140537 +~~ total memory allocated....: 9411486 bytes +~~ total memory freed........: 9411486 bytes +~~ total allocations/frees...: 154503/154503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 600 chars ~~ json message max len.......: 2481 chars diff --git a/test/results/default/dtls_certificate_fragments.pcap.out b/test/results/default/dtls_certificate_fragments.pcap.out index f56747d4a..9ae5f29a3 100644 --- a/test/results/default/dtls_certificate_fragments.pcap.out +++ b/test/results/default/dtls_certificate_fragments.pcap.out @@ -1,5 +1,5 @@ -00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1556606275726225} +00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1556606275726225} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_usec":1556606275726225,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} 01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2i800500_9cedc1f1428b_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -9,7 +9,7 @@ 01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"d45798bc098cd930de7eb2f5f866e994","ja4":"dd2i800500_9cedc1f1428b_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1556606276035205,"pkt":"AAAAp2BiAAAAtzPNCABFIAE94VhAAD4RKZAj0juGCrrGla2bmbMBKYUyFv7\/AAAAAAAAAAMA+wsABgsAAgAFHAAA7xmWcPJxf+syLm5kr8JFkg5FV4AlWuYVZqKRDkSXNY2wDo4JRyk7bpK3luN\/HZfToj36ViRMUxoGzOIdNQQtdLDZ9I6l5ryvVP5AVvfsfLCm9sZAxjhtLYRgCPa+oX7MDX\/1pOIA9ScqtjYO9k7rU1+EQszS6yuQBUHbzqzJDE5+Sr0FYdV0ChHOUsH5pqFWRmYkMY1kxz3WCDFqLZz3OCXgMI4dlHN4OUfYtjdlKZjojOO\/DI2VYl9JYb1bxVDvI\/jLCpX0S20qleMt33f6vetcgUgWnM2jDSMPp6PARk5VmmjgwVuZ3AbB3Md620\/oFv7\/AAAAAAAAAAQADA4AAAAAAwAAAAAAAA=="} 01868{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1749,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","server_names":"*.samsungmax.com,*.opera-mini.net","ja3s":"d45798bc098cd930de7eb2f5f866e994","ja4":"dd2i800500_9cedc1f1428b_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","subjectDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","fingerprint":"2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0"}}} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591661831005800} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591661831005800} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1591661831005800,"pkt":"KICiDkMyVIygpBIpCABFAAC3TLlAAEARa4zAqAEaaJlXlapKw1EAo42PFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79L2+PkbrvwtAd0lRXHnV+fU0MoPLilZ8yrbMm6GEmh9kAAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQA="} 01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2i120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -22,7 +22,7 @@ 01309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":621,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":621,"pkt_l4_len":587,"thread_ts_usec":1591661831094429,"pkt":"KICiDkMyVIygpBIpCABFAAJfTMFAAEARadzAqAEaaJlXlapKw1ECSz2PFv79AAAAAAAAAAIBLAsAASAAAQAAAAABIAABHQABGjCCARYwgb2gAwIBAgIJANEC+9dk9FU0MAoGCCqGSM49BAMCMBExDzANBgNVBAMMBldlYlJUQzAeFw0yMDA2MDgwMDE3MTBaFw0yMDA3MDkwMDE3MTBaMBExDzANBgNVBAMMBldlYlJUQzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMN4B8BcSIB8vft5RRQLAR85m\/tKuX7g5T1IYw7Hm7qhkyBdZX4OnwIFwDEfSDt3hvNzM2wWRdpiSZ6iGF90YtUwCgYIKoZIzj0EAwIDSAAwRQIgYiBJQW7KDUuAi3M9L3zwhEDpAL9q4DirUrayN1dURyMCIQD5bYw+Zs558BwlQadzNvlnhksxNHUTMmtsQ591HUXbABb+\/QAAAAAAAAADAE4QAABCAAIAAAAAAEJBBMZcbp+gpTP\/98W2Gp\/agbTEoqgz1y6bqmJbklIBPupi+fq8SYEjO9Y9JmSaRonmMNJqXH7zBblXPkmNr6nWxPMW\/v0AAAAAAAAABABXDwAASwADAAAAAABLBAMARzBFAiEAi1u+G3KaGQXoX1KGtvuQeozvmzHFR9Ra5exkC1MSZpoCIFTAFKcDyN3bpdNt1LWIF31bDpEkYEvrDTEBZbETusOEFP79AAAAAAAAAAUAAQEW\/v0AAQAAAAAAAAAwAAEAAAAAAACBA9i\/5ZXnRtf9Ph0HrY+iWRLDuMWOD5PqKOYsPS6F0szsv0blWRNP"} 01253{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831138018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":579,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":889,"flow_dst_tot_l4_payload_len":3074,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Discord","proto_id":"30.58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 01343{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606278645792,"flow_dst_last_pkt_time":1556606276558755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":374,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":2162,"flow_dst_tot_l4_payload_len":2976,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":26,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1591661831138018} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":26,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1591661831138018} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654739 bytes -~~ total memory freed........: 8654739 bytes -~~ total allocations/frees...: 140586/140586 +~~ total memory allocated....: 9419145 bytes +~~ total memory freed........: 9419145 bytes +~~ total allocations/frees...: 154552/154552 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 598 chars ~~ json message max len.......: 2433 chars diff --git a/test/results/default/dtls_mid_sessions.pcapng.out b/test/results/default/dtls_mid_sessions.pcapng.out index 8e70018c5..f51cf2b39 100644 --- a/test/results/default/dtls_mid_sessions.pcapng.out +++ b/test/results/default/dtls_mid_sessions.pcapng.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251732783352} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251732783352} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251732783352,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_usec":1644251732783352,"pkt":"AAAAAAAAAAUAH77DCABFAAB5TfQAAHkRcBI11u5Bx7qXm9E2AbsAZQC2FwEAAAEAAAAA1BUAUFbLHE7KkMRUAMa+BCcg\/DTD4cWbj4CR\/ou6\/eEj1qcEoJjrsJeHH7KwZMNGTwAG1rS\/\/iatJdFhJzn0FDJ0hSfdwvHN8cKVzNzbvFPCN5Gy"} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251732783352,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -28,7 +28,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1644251732819831,"flow_src_last_pkt_time":1644251733371724,"flow_dst_last_pkt_time":1644251733286733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":15606,"flow_dst_tot_l4_payload_len":1540,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1644251732859305,"flow_src_last_pkt_time":1644251736135259,"flow_dst_last_pkt_time":1644251736133006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":791,"flow_src_tot_l4_payload_len":5737,"flow_dst_tot_l4_payload_len":3089,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":91,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1644251736135259} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":91,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1644251736135259} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 91/91 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654921 bytes -~~ total memory freed........: 8654921 bytes -~~ total allocations/frees...: 140661/140661 +~~ total memory allocated....: 9419259 bytes +~~ total memory freed........: 9419259 bytes +~~ total allocations/frees...: 154623/154623 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 601 chars ~~ json message max len.......: 2504 chars diff --git a/test/results/default/dtls_old_version.pcapng.out b/test/results/default/dtls_old_version.pcapng.out index 00b640a28..7dd4886e1 100644 --- a/test/results/default/dtls_old_version.pcapng.out +++ b/test/results/default/dtls_old_version.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388130600596} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388130600596} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388130600596,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1592388130600596,"pkt":"AAAAAAAAAAYArvxgCABFAAB\/OTwAAH8Ri0ElvARzRkIGgNyFAbsAaxY5FgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEAXunqImL3nzdrUBZ\/BhfTQm46UvY\/Zrav40oHNoY96qUgA8IpvhXWIFFe7w7KCq\/byTjgCP7o8hqBpXIG\/Tdba9gAAAIANQEA"} 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388130600596,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -9,7 +9,7 @@ 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388133613774,"flow_dst_last_pkt_time":1592388133698009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1592388133698009,"pkt":"AAAAAAAAAAYArvxgCABFAABM9VcAAPIRXFhGQgaAJbwEcwG73IUAOKixFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFJQvJfDCZcKI8kzWgOcHI1Oo1d90"} 01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388137732924,"flow_dst_last_pkt_time":1592388137817410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":188,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1592388137817410,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388137732924,"flow_dst_last_pkt_time":1592388137817410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":188,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1592388137817410,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1592388137817410} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1592388137817410} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645097 bytes -~~ total memory freed........: 8645097 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9409471 bytes +~~ total memory freed........: 9409471 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1206 chars diff --git a/test/results/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/default/dtls_session_id_and_coockie_both.pcap.out index d5916e750..df4d1ad37 100644 --- a/test/results/default/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/default/dtls_session_id_and_coockie_both.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388499775130} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388499775130} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1592388499775130,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"} 01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2i010000_653ffb6f323e_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -8,7 +8,7 @@ 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1592388499833900,"pkt":"AAAAAAAAAAcAwedSCABFAADGx3wAAPMRiorfdGn3ucRx762bxFEAspnDFv79AAAAAAAAAAEAUgIAAEYAAQAAAAAARv79h9MldvGqD4L7eTZa2NHhRQF1vlik3WVyEyjxpUYtENcgODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST7ALAAU\/v0AAAAAAAAAAgABARb+\/QABAAAAAAAAADBhiqTy6UqwzhCYCPtl5aoUaCDaK6eEDLWKYD9PQuzP3fUrM48czQrGX1gmubwFx64="} 01392{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"a1d48eca741e476d8ee735578a26bdbd","ja4":"dd2i010000_653ffb6f323e_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}} 01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388499833900} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388499833900} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645000 bytes -~~ total memory freed........: 8645000 bytes -~~ total allocations/frees...: 140539/140539 +~~ total memory allocated....: 9409374 bytes +~~ total memory freed........: 9409374 bytes +~~ total allocations/frees...: 154505/154505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 605 chars ~~ json message max len.......: 1397 chars diff --git a/test/results/default/easyweather.pcap.out b/test/results/default/easyweather.pcap.out index bbcf6d00c..782f09b38 100644 --- a/test/results/default/easyweather.pcap.out +++ b/test/results/default/easyweather.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1746958829396856} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1746958829396856} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1746958829396856,"flow_src_last_pkt_time":1746958829396856,"flow_dst_last_pkt_time":1746958829396856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746958829396856,"l3_proto":"ip4","src_ip":"192.168.178.101","dst_ip":"255.255.255.255","src_port":2525,"dst_port":59387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1746958829396856,"flow_dst_last_pkt_time":1746958829396856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1746958829396856,"pkt":"\/\/\/\/\/\/\/\/3E8iZ\/eNCABFAABKlDkAAIARM1zAqLJl\/\/\/\/\/wnd5\/sANhav\/\/8SACzcTyJn943AqLJlr8gbRWFzeVdlYXRoZXItV0lGSUY3OEQgVjEuNi45sA=="} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1746958829396856,"flow_src_last_pkt_time":1746958829396856,"flow_dst_last_pkt_time":1746958829396856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746958829396856,"l3_proto":"ip4","src_ip":"192.168.178.101","dst_ip":"255.255.255.255","src_port":2525,"dst_port":59387,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EasyWeather","proto_id":"453","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1746958837395626,"flow_dst_last_pkt_time":1746958829396856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1746958837395626,"pkt":"\/\/\/\/\/\/\/\/3E8iZ\/eNCABFAABKlEAAAIARM1XAqLJl\/\/\/\/\/wnd5\/sANhav\/\/8SACzcTyJn943AqLJlr8gbRWFzeVdlYXRoZXItV0lGSUY3OEQgVjEuNi45sA=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1746958839345099,"flow_dst_last_pkt_time":1746958829396856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1746958839345099,"pkt":"\/\/\/\/\/\/\/\/3E8iZ\/eNCABFAABKlEEAAIARM1TAqLJl\/\/\/\/\/wnd5\/sANhav\/\/8SACzcTyJn943AqLJlr8gbRWFzeVdlYXRoZXItV0lGSUY3OEQgVjEuNi45sA=="} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1746958829396856,"flow_src_last_pkt_time":1746958853396346,"flow_dst_last_pkt_time":1746958829396856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":552,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746958853396346,"l3_proto":"ip4","src_ip":"192.168.178.101","dst_ip":"255.255.255.255","src_port":2525,"dst_port":59387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EasyWeather","proto_id":"453","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1746958853396346} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/easyweather.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1746958853396346} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645162 bytes -~~ total memory freed........: 8645162 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9409536 bytes +~~ total memory freed........: 9409536 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 593 chars ~~ json message max len.......: 989 chars diff --git a/test/results/default/edonkey.pcap.out b/test/results/default/edonkey.pcap.out index d00700a78..df7fdcf81 100644 --- a/test/results/default/edonkey.pcap.out +++ b/test/results/default/edonkey.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1256627019012259} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1256627019012259} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1256627019012259,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019012259,"pkt":"AAAAAAAAAAAAAAAACABFAAAwFXFAAHQGF7PJD7Hjh8DW8AbaHX\/iBcO2AAAAAHAC\/\/\/feQAAAgQFoAEBBAI="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019016300,"pkt":"AAAAAAAAAAAAAAAACABFAAAwOUtAAH0G6tiHwNbwyQ+x4x1\/BtrTGFiF4gXDt3AS\/\/+ztgAAAgQFtAEBBAI="} @@ -8,7 +8,7 @@ 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1256627019107420,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019112512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1256627019112512,"pkt":"AAAAAAAAAAAAAAAACABFAACsOWpAAH0G6j2HwNbwyQ+x4x1\/BtrTGFiG4gXEM1AY\/4OcSAAA438AAABMOjVEqDEOKB1R7VGC9M9v1Ixx9M9\/HQgAAAACAQABFQBbQ0hOXVtWZXJ5Q0RdeW91cm5hbWUDAQARPAAAAAMBAPmJHYkdAwEA+htCEzQDAQD+tAEAAAMBAPsAwAAAAgEAVQ0AVmVyeUNEIDA5MDMwNAMBAO4M6YkU1D\/OI5IQ"} 01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":11,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627076408213,"flow_dst_last_pkt_time":1256627076408912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":248,"flow_dst_tot_l4_payload_len":792,"midstream":0,"thread_ts_usec":1256627076408912,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1256627076408912} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1256627076408912} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647380 bytes -~~ total memory freed........: 8647380 bytes -~~ total allocations/frees...: 140551/140551 +~~ total memory allocated....: 9411754 bytes +~~ total memory freed........: 9411754 bytes +~~ total allocations/frees...: 154517/154517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 1097 chars diff --git a/test/results/default/egd.pcapng.out b/test/results/default/egd.pcapng.out index 046ed9ce4..17f2bd2ea 100644 --- a/test/results/default/egd.pcapng.out +++ b/test/results/default/egd.pcapng.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646935234258730} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646935234258730} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646935234258730,"flow_src_last_pkt_time":1646935234258730,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646935234258730,"l3_proto":"ip4","src_ip":"192.168.8.77","dst_ip":"192.168.8.169","src_port":18246,"dst_port":18246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646935234258730,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1646935234258730,"pkt":"EHtERZCfCAAZAMkDCABFAABXq1AAAEARPP\/AqAhNwKgIqUdGR0YAQ2A8DQHU8MCoCE17AAAAvop+OACBGywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646935234258730,"flow_src_last_pkt_time":1646935234258730,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646935234258730,"l3_proto":"ip4","src_ip":"192.168.8.77","dst_ip":"192.168.8.169","src_port":18246,"dst_port":18246,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetGlobalData","proto_id":"149","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -8,7 +8,7 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1646935237259037,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1646935237259037,"pkt":"EHtERZCfCAAZAMkDCABFAABXq70AAEARPJLAqAhNwKgIqUdGR0YAQ1o8DQHX8MCoCE17AAAAwYp+OACBGywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1646935238258970,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1646935238258970,"pkt":"EHtERZCfCAAZAMkDCABFAABXq94AAEARPHHAqAhNwKgIqUdGR0YAQ1g8DQHY8MCoCE17AAAAwop+OACBGywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646935234258730,"flow_src_last_pkt_time":1646935238258970,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646935238258970,"l3_proto":"ip4","src_ip":"192.168.8.77","dst_ip":"192.168.8.169","src_port":18246,"dst_port":18246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetGlobalData","proto_id":"149","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1646935238258970} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1646935238258970} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644987 bytes -~~ total memory freed........: 8644987 bytes -~~ total allocations/frees...: 140538/140538 +~~ total memory allocated....: 9409361 bytes +~~ total memory freed........: 9409361 bytes +~~ total allocations/frees...: 154504/154504 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 986 chars diff --git a/test/results/default/elasticsearch.pcap.out b/test/results/default/elasticsearch.pcap.out index f7f1f5607..071f0fecc 100644 --- a/test/results/default/elasticsearch.pcap.out +++ b/test/results/default/elasticsearch.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666258196034202} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666258196034202} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196034202,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196034202,"pkt":"ABY+v3lW+hY+\/yO1CABFAAA816FAAD4G6yisEBFmrBAQa51aJFSXRuFEAAAAAKAC9QBC8wAAAgQjAAQCCAqEzLnHAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196036761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196036761,"pkt":"+hY+\/yO1ABY+v3lWCABFAAA8AABAAEAGwMqsEBBrrBARZiRUnVr59pHXl0bhRaAS9KzUfwAAAgQjAAQCCApHXJuLhMy5xwEDAwc="} @@ -27,7 +27,7 @@ 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1666258220448291,"pkt":"+hY+\/yO1ABY+v3lWCABFAAC9EplAAEAGrbCsEBBrrBARZiRUnWpT5e7d+a0KsYAYAeTSJwAAAQEICkdc+ueEzRkjRVMAAACDAAAAAAAAAHsBAGu7SwAAAHIBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNaTVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":38,"packets-processed":37,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1666258921758874} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":38,"packets-processed":37,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1666258921758874} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196256706,"flow_dst_last_pkt_time":1666258196229737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":414,"midstream":0,"thread_ts_usec":1666258923619099,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259164268444,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":422,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":422,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":422,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259164268444,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48028,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_usec":1666259164268444,"pkt":"ABY+soAn+hY+\/yO1CABFAAHarfFAAD4GEzysEBFmrBAQarucJFRoIUIXoUah\/oAYAebLKwAAAQEIClAEIdUYdep8RVMAAAGgAAAAAAAADI8AAGu7SwAAADAAAAEGeC1wYWNrJWluZGljZXM6ZGF0YS9yZWFkL3NlYXJjaFtwaGFzZS9xdWVyeV0WNUtpa2xFY3ZRRC01UnVUVjVIbXNlUQAAAAAAAE7GCS5raWJhbmFfMRY5YW1TRnUtMlJWbUQ3aDFUaDMwOTJBAAEBAAEAAgAAAAAAAAAAAQRib29sP4AAAAABE3NpbXBsZV9xdWVyeV9zdHJpbmc\/gAAAAAEwAAAAASp1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbi5zdGF0dXM\/gAAA\/\/\/\/\/wAAAAAAAAABADIBAAABBGJvb2w\/gAAAAAAAAQRib29sP4AAAAABBHRlcm0\/gAAAAAR0eXBlFSN1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbgEGZXhpc3RzP4AAAAAJbmFtZXNwYWNlAAABAAABAQExAQAAABQAAAAAAAACAQAAAAAAAX\/\/\/\/8AAAA\/gAAAv7ikpr8wAgABAAABBy5raWJhbmEDAgQFAQA="} @@ -41,7 +41,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1666258196428446,"flow_src_last_pkt_time":1666258212491705,"flow_dst_last_pkt_time":1666258212486464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2955,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":33288,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258198552605,"flow_src_last_pkt_time":1666258198552605,"flow_dst_last_pkt_time":1666258198552605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1758,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1758,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1758,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1666259173881713} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1666259173881713} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8675145 bytes -~~ total memory freed........: 8675145 bytes -~~ total allocations/frees...: 140653/140653 +~~ total memory allocated....: 9439711 bytes +~~ total memory freed........: 9439711 bytes +~~ total allocations/frees...: 154619/154619 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2903 chars diff --git a/test/results/default/elf.pcap.out b/test/results/default/elf.pcap.out index 456110966..40f3c6976 100644 --- a/test/results/default/elf.pcap.out +++ b/test/results/default/elf.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712420115772907} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712420115772907} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772907,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16384,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420115772907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 11800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712420115772907,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":16426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":16426,"pkt_l4_len":16392,"thread_ts_usec":1712420115772907,"pkt":"AAAAAAAAAAAAAAAACABFAEActA1AAEARSMF\/AAABfwAAAer2gjVACD4cf0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAoB8AAAAAAABAAAAAAAAAALhxAAAAAAAAAAAAAEAAOAANAEAAHgAdAAYAAAAEAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAA2AIAAAAAAADYAgAAAAAAAAgAAAAAAAAAAwAAAAQAAAAYAwAAAAAAABgDAAAAAAAAGAMAAAAAAAAcAAAAAAAAABwAAAAAAAAAAQAAAAAAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAEAAAAFAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAoTIAAAAAAAChMgAAAAAAAAAQAAAAAAAAAQAAAAQAAAAAUAAAAAAAAABQAAAAAAAAAFAAAAAAAABQEgAAAAAAAFASAAAAAAAAABAAAAAAAAABAAAABgAAAIBsAAAAAAAAgHwAAAAAAACAfAAAAAAAAJQDAAAAAAAAqAMAAAAAAAAAEAAAAAAAAAIAAAAGAAAAkGwAAAAAAACQfAAAAAAAAJB8AAAAAAAA8AEAAAAAAADwAQAAAAAAAAgAAAAAAAAABAAAAAQAAAA4AwAAAAAAADgDAAAAAAAAOAMAAAAAAAAwAAAAAAAAADAAAAAAAAAACAAAAAAAAAAEAAAABAAAAGgDAAAAAAAAaAMAAAAAAABoAwAAAAAAAEQAAAAAAAAARAAAAAAAAAAEAAAAAAAAAFPldGQEAAAAOAMAAAAAAAA4AwAAAAAAADgDAAAAAAAAMAAAAAAAAAAwAAAAAAAAAAgAAAAAAAAAUOV0ZAQAAABkXgAAAAAAAGReAAAAAAAAZF4AAAAAAACUAAAAAAAAAJQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAAgGwAAAAAAACAfAAAAAAAAIB8AAAAAAAAgAMAAAAAAACAAwAAAAAAAAEAAAAAAAAAL2xpYjY0L2xkLWxpbnV4LXg4Ni02NC5zby4yAAAAAAAEAAAAIAAAAAUAAABHTlUAAgAAwAQAAAADAAAAAAAAAAKAAMAEAAAAAQAAAAAAAAAEAAAAFAAAAAMAAABHTlUA0uju2W4DwzSiBB87d5L+o7nU\/UgEAAAAEAAAAAEAAABHTlUAAAAAAAMAAAACAAAAAAAAAAAAAAACAAAALwAAAAEAAAAGAAAAAACBAAAAAAAvAAAAAAAAANFlzm0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOQEAABIAAAAAAAAAAAAAAAAAAAAAAAAApQEAABEAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAPwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAagAAABIAAAAAAAAAAAAAAAAAAAAAAAAASAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAHwIAACAAAAAAAAAAAAAAAAAAAAAAAAAACAEAABEAAAAAAAAAAAAAAAAAAAAAAAAADwEAABIAAAAAAAAAAAAAAAAAAAAAAAAAjwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAfAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAewAAABIAAAAAAAAAAAAAAAAAAAAAAAAAeAEAABIAAAAAAAAAAAAAAAAAAAAAAAAALwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAwwAAABIAAAAAAAAAAAAAAAAAAAAAAAAApAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAsgAAABIAAAAAAAAAAAAAAAAAAAAAAAAA7wAAABIAAAAAAAAAAAAAAAAAAAAAAAAAsAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAQAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAggAAABIAAAAAAAAAAAAAAAAAAAAAAAAA6AAAABIAAAAAAAAAAAAAAAAAAAAAAAAAuwEAABIAAAAAAAAAAAAAAAAAAAAAAAAAqwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAKgEAABIAAAAAAAAAAAAAAAAAAAAAAAAAOwIAACAAAAAAAAAAAAAAAAAAAAAAAAAAUAEAABEAAAAAAAAAAAAAAAAAAAAAAAAAUQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAYwAAABIAAAAAAAAAAAAAAAAAAAAAAAAARQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAWAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAmgAAABIAAAAAAAAAAAAAAAAAAAAAAAAA0QEAABIAAAAAAAAAAAAAAAAAAAAAAAAAOQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAaAEAABEAAAAAAAAAAAAAAAAAAAAAAAAAiAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAIgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAEAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAygEAABIAAAAAAAAAAAAAAAAAAAAAAAAAHAEAABIAAAAAAAAAAAAAAAAAAAAAAAAASgIAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAhwEAABEAAAAAAAAAAAAAAAAAAAAAAAAA9wAAABIAAAAAAAAAAAAAAAAAAAAAAAAA2gAAABIAAAAAAAAAAAAAAAAAAAAAAAAAFQEAABEAAAAAAAAAAAAAAAAAAAAAAAAAAQAAACIAAAAAAAAAAAAAAAAAAAAAAAAAAF9fY3hhX2ZpbmFsaXplAF9fbGliY19zdGFydF9tYWluAF9fY3hhX2F0ZXhpdABkY2dldHRleHQAZXJyb3IAYWJvcnQAbmxfbGFuZ2luZm8AZmlsZW5vAF9fZnJlYWRpbmcAZmZsdXNoAF9fZXJybm9fbG9jYXRpb24AZmNsb3NlAGxzZWVrAGZzZWVrbwBfX2ZwZW5kaW5nAHNldGxvY2FsZQBzdHJsZW4Ac3RyY21wAF9fc3RhY2tfY2hrX2ZhaWwAX19jdHlwZV9nZXRfbWJfY3VyX21heABfX2N0eXBlX2JfbG9jAG1lbWNtcABtYnJ0b3djAGlzd3ByaW50AG1ic2luaXQAc3Rkb3V0AF9leGl0AHN0ZGVycgBfX2ZwcmludGZfY2hrAGZwdXRjX3VubG9ja2VkAGdldGVudgBzdHJyY2hyAHN0cm5jbXAAcHJvZ3JhbV9pbnZvY2F0aW9uX25hbWUAX19wcm9nbmFtZV9mdWxsAGJpbmR0ZXh0ZG9tYWluAHByb2dyYW1faW52b2NhdGlvbl9zaG9ydF9uYW1lAF9fcHJvZ25hbWUAX19vdmVyZmxvdwBmcHV0c191bmxvY2tlZABmd3JpdGUAX19wcmludGZfY2hrAGxpYmMuc28uNgBHTElCQ18yLjMAR0xJQkNfMi4zLjQAR0xJQkNfMi40AEdMSUJDXzIuMzQAR0xJQkNfMi4yLjUAX0lUTV9kZXJlZ2lzdGVyVE1DbG9uZVRhYmxlAF9fZ21vbl9zdGFydF9fAF9JVE1fcmVnaXN0ZXJUTUNsb25lVGFibGUAAAACAAIAAwACAAIAAgABAAIAAgACAAIAAgACAAIAAgACAAQAAgACAAIAAgACAAIAAgACAAEAAgACAAIAAgACAAIABQACAAIAAgACAAIAAgAFAAEAAgACAAIABgACAAIAAAAAAAEABQDeAQAAEAAAAAAAAAATaWkNAAAGAOgBAAAQAAAAdBlpCQAABQDyAQAAEAAAABRpaQ0AAAQA\/gEAABAAAAC0kZYGAAADAAgCAAAQAAAAdRppCQAAAgATAgAAAAAAAIB8AAAAAAAACAAAAAAAAACAIAAAAAAAAIh8AAAAAAAACAAAAAAAAABAIAAAAAAAAAiAAAAAAAAACAAAAAAAAAAIgAAAAAAAALh\/AAAAAAAABgAAAAMAAAAAAAAAAAAAAMB\/AAAAAAAABgAAAAcAAAAAAAAAAAAAAMh\/AAAAAAAABgAAAAgAAAAAAAAAAAAAANB\/AAAAAAAABgAAABoAAAAAAAAAAAAAANh\/AAAAAAAABgAAABsAAAAAAAAAAAAAAOB\/AAAAAAAABgAAACkAAAAAAAAAAAAAAOh\/AAAAAAAABgAAACsAAAAAAAAAAAAAAPB\/AAAAAAAABgAAAC8AAAAAAAAAAAAAAPh\/AAAAAAAABgAAAC4AAAAAAAAAAAAAAJh+AAAAAAAABwAAAAEAAAAAAAAAAAAAAKB+AAAAAAAABwAAAAQAAAAAAAAAAAAAAKh+AAAAAAAABwAAAAUAAAAAAAAAAAAAALB+AAAAAAAABwAAAAYAAAAAAAAAAAAAALh+AAAAAAAABwAAAAkAAAAAAAAAAAAAAMB+AAAAAAAABwAAAAoAAAAAAAAAAAAAAMh+AAAAAAAABwAAAAsAAAAAAAAAAAAAANB+AAAAAAAABwAAAAwAAAAAAAAAAAAAANh+AAAAAAAABwAAAA0AAAAAAAAAAAAAAOB+AAAAAAAABwAAAA4AAAAAAAAAAAAAAOh+AAAAAAAABwAAAA8AAAAAAAAAAAAAAPB+AAAAAAAABwAAABAAAAAAAAAAAAAAAPh+AAAAAAAABwAAABEAAAAAAAAAAAAAAAB\/AAAAAAAABwAAABIAAAAAAAAAAAAAAAh\/AAAAAAAABwAAABMAAAAAAAAAAAAAABB\/AAAAAAAABwAAABQAAAAAAAAAAAAAABh\/AAAAAAAABwAAABUAAAAAAAAAAAAAACB\/AAAAAAAABwAAABYAAAAAAAAAAAAAACh\/AAAAAAAABwAAABcAAAAAAAAAAAAAADB\/AAAAAAAABwAAABgAAAAAAAAAAAAAADh\/AAAAAAAABwAAABkAAAAAAAAAAAAAAEB\/AAAAAAAABwAAABwAAAAAAAAAAAAAAEh\/AAAAAAAABwAAAB0AAAAAAAAAAAAAAFB\/AAAAAAAABwAAAB4AAAAAAAAAAAAAAFh\/AAAAAAAABwAAAB8AAAAAAAAAAAAAAGB\/AAAAAAAABwAAACAAAAAAAAAAAAAAAGh\/AAAAAAAABwAAACEAAAAAAAAAAAAAAHB\/AAAAAAAABwAAACIAAAAAAAAAAAAAAHh\/AAAAAAAABwAAACQAAAAAAAAAAAAAAIB\/AAAAAAAABwAAACUAAAAAAAAAAAAAAIh\/AAAAAAAABwAAACYAAAAAAAAAAAAAAJB\/AAAAAAAABwAAACcAAAAAAAAAAAAAAJh\/AAAAAAAABwAAACgAAAAAAAAAAAAAAKB\/AAAAAAAABwAAACoAAAAAAAAAAAAAAKh\/AAAAAAAABwAAACwAAAAAAAAAAAAAALB\/AAAAAAAABwAAAC0AAAAAAAAAAAAAAPMPHvpIg+wISIsFwW8AAEiFwHQC\/9BIg8QIwwAAAAAA\/zVibgAA\/yVkbgAADx9AAPMPHvpoAAAAAOni\/\/\/\/ZpDzDx76aAEAAADp0v\/\/\/2aQ8w8e+mgCAAAA6cL\/\/\/9mkPMPHvpoAwAAAOmy\/\/\/\/ZpDzDx76aAQAAADpov\/\/\/2aQ8w8e+mgFAAAA6ZL\/\/\/9mkPMPHvpoBgAAAOmC\/\/\/\/ZpDzDx76aAcAAADpcv\/\/\/2aQ8w8e+mgIAAAA6WL\/\/\/9mkPMPHvpoCQAAAOlS\/\/\/\/ZpDzDx76aAoAAADpQv\/\/\/2aQ8w8e+mgLAAAA6TL\/\/\/9mkPMPHvpoDAAAAOki\/\/\/\/ZpDzDx76aA0AAADpEv\/\/\/2aQ8w8e+mgOAAAA6QL\/\/\/9mkPMPHvpoDwAAAOny\/v\/\/ZpDzDx76aBAAAADp4v7\/\/2aQ8w8e+mgRAAAA6dL+\/\/9mkPMPHvpoEgAAAOnC\/v\/\/ZpDzDx76aBMAAADpsv7\/\/2aQ8w8e+mgUAAAA6aL+\/\/9mkPMPHvpoFQAAAOmS\/v\/\/ZpDzDx76aBYAAADpgv7\/\/2aQ8w8e+mgXAAAA6XL+\/\/9mkPMPHvpoGAAAAOli\/v\/\/ZpDzDx76aBkAAADpUv7\/\/2aQ8w8e+mgaAAAA6UL+\/\/9mkPMPHvpoGwAAAOky\/v\/\/ZpDzDx76aBwAAADpIv7\/\/2aQ8w8e+mgdAAAA6RL+\/\/9mkPMPHvpoHgAAAOkC\/v\/\/ZpDzDx76aB8AAADp8v3\/\/2aQ8w8e+mggAAAA6eL9\/\/9mkPMPHvpoIQAAAOnS\/f\/\/ZpDzDx76aCIAAADpwv3\/\/2aQ8w8e+mgjAAAA6bL9\/\/9mkPMPHvr\/JXZtAABmDx9EAADzDx76\/yUObAAAZg8fRAAA8w8e+v8lBmwAAGYPH0QAAPMPHvr\/Jf5rAABmDx9EAADzDx76\/yX2awAAZg8fRAAA8w8e+v8l7msAAGYPH0QAAPMPHvr\/JeZrAABmDx9EAADzDx76\/yXeawAAZg8fRAAA8w8e+v8l1msAAGYPH0QAAPMPHvr\/Jc5rAABmDx9EAADzDx76\/yXGawAAZg8fRAAA8w8e+v8lvmsAAGYPH0QAAPMPHvr\/JbZrAABmDx9EAADzDx76\/yWuawAAZg8fRAAA8w8e+v8lpmsAAGYPH0QAAPMPHvr\/JZ5rAABmDx9EAADzDx76\/yWWawAAZg8fRAAA8w8e+v8ljmsAAGYPH0QAAPMPHvr\/JYZrAABmDx9EAADzDx76\/yV+awAAZg8fRAAA8w8e+v8ldmsAAGYPH0QAAPMPHvr\/JW5rAABmDx9EAADzDx76\/yVmawAAZg8fRAAA8w8e+v8lXmsAAGYPH0QAAPMPHvr\/JVZrAABmDx9EAADzDx76\/yVOawAAZg8fRAAA8w8e+v8lRmsAAGYPH0QAAPMPHvr\/JT5rAABmDx9EAADzDx76\/yU2awAAZg8fRAAA8w8e+v8lLmsAAGYPH0QAAPMPHvr\/JSZrAABmDx9EAADzDx76\/yUeawAAZg8fRAAA8w8e+v8lFmsAAGYPH0QAAPMPHvr\/JQ5rAABmDx9EAADzDx76\/yUGawAAZg8fRAAA8w8e+v8l\/moAAGYPH0QAAPMPHvr\/JfZqAABmDx9EAADoy\/3\/\/2YuDx+EAAAAAACQ8w8e+kFXQVZBVUG9AQAAAEFUVYn9SI09LEEAAFNIifNIgeyYAAAAZEiLBCUoAAAASImEJIgAAAAxwOhx\/f\/\/SYnGSIXAdCFFMe2D\/QF+GUiLewhIjTX+QAAARTHt6H7+\/\/+FwEEPlMVEiehMiyOD4AGIRCQLTYXkD4SABgAAvi8AAABMiefoFf7\/\/0mJx0iFwHQxSI1IAUiJyEiJDCRMKeBIg\/gGfh1JjX\/6ugcAAABIjTWkQAAA6CT9\/\/+FwA+EVgIAAEiLBT1qAABIjTV1QAAAvwYAAABMjT0IQAAATIkla2oAAEyJIOhT\/v\/\/SI01c0AAAEyJ\/+g0\/f\/\/TIn\/6Az9\/\/9IjT1lJgAA6KAsAACD\/QIPhesAAACAfCQLAA+E4AAAAEiLawhIjTVKQAAASInv6Kn9\/\/+FwA+E5AUAAEiNNc9AAABIie\/okv3\/\/4XAD4QCBQAATI17CL0BAAAARYXtD4W3AAAAQbwBAAAATYX2D4T7AwAAhe0PjkgBAACJ7U2NLO9IjS2wPQAATYs36y8PH4AAAAAASIsdWWkAAA+2ykmJxkiLO0iLRyhIO0cwD4NKAwAASI1IAUiJTyiIEEEPthZJjUYBhNIPhFADAACA+lx1w0UPtkYBRYTAD4T1AgAAQY1A0E2NTgJEicE8SA+HWAEAAA+2wEhjRIUASAHoPv\/gg+0BTI17CEWF7Q+EVP\/\/\/0GJ7YXtD46tAAAATYX2RIntQbwBAAAASbgBAAAAAQIAAEEPlcJFMclJiz+APy0PhU4EAAAPtk8BhMkPhEIEAABIjVcCichmDx9EAACD6EU8KQ+H9QIAAEkPo8BAD5LGQIT2D4TkAgAAD7YCSIPCAYTAddlIjUcBMdLrD5CA+UVED0TKD7YIhMl0HEiDwAGA+WUPhK0CAACA+W514A+2CEUx5ITJdeRJg8cIg+0BD4V1\/\/\/\/RYTkdCNIiwUlaAAASIs4SItHKEg7RzAPg\/MDAABIjVABSIlXKMYACkiLhCSIAAAAZEgrBCUoAAAAD4XzAwAASIHEmAAAADHAW11BXEFdQV5BX8NIizwkugMAAABIjTU5PgAA6LH6\/\/9MiyQkhcAPhYn9\/\/9IiwXWZwAATY1nBEyJIOl2\/f\/\/SIsdo2cAAEEPtshIiztIi0coSDtHMA+DQwMAAEiNUAFIiVcoxgBcRInCTYnO6SX+\/\/9BD7ZOAo1B0DwHD4dmAgAATY1OA0EPtgGNUdCNSNCA+QcPhiUCAABIix1KZwAAD7bKTYnO6ez9\/\/9MiQwkQQ+2XgJEiEQkC+gU\/P\/\/RA+2RCQLTIsMJEiLCA+2w\/ZEQQEQD4Rn\/\/\/\/D7b76NEHAABBD7Z+A4nC9kR5ARAPhAgCAACJwUAPtv9Jg8YE6LAHAADB4QRIix3eZgAAjRQBD7bK6YD9\/\/9Iix3MZgAATYnOuQsAAAC6CwAAAOln\/f\/\/SIsds2YAAE2JzrkJAAAAugkAAADpTv3\/\/0iLHZpmAABNic65DQAAALoNAAAA6TX9\/\/9Iix2BZgAATYnOuQoAAAC6CgAAAOkc\/f\/\/SIsdaGYAAE2JzrkMAAAAugwAAADpA\/3\/\/0iLHU9mAABNic65GwAAALobAAAA6er8\/\/9Iix02ZgAATYnOuQgAAAC6CAAAAOnR\/P\/\/Dx9AAEiLHRlmAABJica5XAAAAEiLO0iLRyhIO0cwD4K+\/P\/\/Dx+EAAAAAACJzuiJ+f\/\/QQ+2FkmNRgGE0g+Fufz\/\/2YPH4QAAAAAAEmDxwhNOe8PhJr9\/\/9Iix3EZQAASIs7SItHKEg7RzAPgwQBAABIjVABSIlXKMYAIOk3\/P\/\/Dx8AQYnx6Tf9\/\/9FhNIPhRb8\/\/9FhMkPhQ38\/\/+F7Q+OTf3\/\/4ntSIsddWUAAEmNLO\/rEg8fgAAAAABIjVABSIlXKMYAIEmLP0iLM0mDxwjoJvn\/\/0k57w+EFP3\/\/0iLO0iLRyhIO0cwctC+IAAAAOjG+P\/\/68+NVNDQQQ+2QQGD6DA8Bw+HBgEAAI0U0EiLHQ5lAABNjXECD7bK6a\/7\/\/9Iix37ZAAATYnOMckx0umc+\/\/\/SIsd6GQAAEmDxgMPtsjpifv\/\/0iLHdVkAABNic65BwAAALoHAAAA6XD7\/\/9Iix28ZAAATYnOuVwAAADpXPv\/\/74gAAAA6D34\/\/\/pNPv\/\/1BIiwWYZAAASI0NzTsAAEiNFXQ6AABqAEyNDag7AABMjQWsOwAASIs4SI01aDoAADHA6GEhAABaWelZ\/P\/\/RYTSD4XY+v\/\/RYTJD4TS\/v\/\/6cr6\/\/++XAAAAIlMJAxMiQwkRIhEJAvozPf\/\/0QPtkQkC0yLDCSLTCQM6Z78\/\/++CgAAAOiv9\/\/\/6Qn8\/\/9Iix0LZAAATY1xAQ+2yums+v\/\/6HL3\/\/9IiwUjZAAAujcAAAC+AQAAAEiNPUI9AABIiwjogvj\/\/+id9v\/\/ugUAAABIjTVhPQAAMf\/oCvf\/\/0yJ4UyJ4r8BAAAASInGMcDoBfj\/\/0iLHaZjAAC6BQAAADH\/SI01cD0AAEiLK+jY9v\/\/SInHSInu6F33\/\/9Iiyu6BQAAADH\/SI01rD0AAOi39v\/\/SInuSInH6Dz3\/\/9Iiyu6BQAAADH\/SI01Ez4AAOiW9v\/\/SInuSInH6Bv3\/\/9Iiyu6BQAAADH\/SI01Ij4AAOh19v\/\/SInuSInH6Pr2\/\/9Iiyu6BQAAADH\/SI01QT4AAOhU9v\/\/SInuSInH6Nn2\/\/9Iiyu6BQAAADH\/SI01YD4AAOgz9v\/\/SInuSInH6Lj2\/\/9Iiyu6BQAAADH\/SI01Jz8AAOgS9v\/\/SInuSI0tuDgAAEiJx+iQ9v\/\/ugUAAABIjTV0PwAAMf\/o7fX\/\/0iJ6r8BAAAASInGMcDo6\/b\/\/0yLI7oFAAAAMf9IjTUKQAAA6MX1\/\/9MieZMjWQkEEiJx+hF9v\/\/SI0F\/zgAAEiNNfY4AABmSA9u0GZID27GSI0F9zgAAGYPbMJmSA9u2EiNBf04AAAPKUQkEGZJD27HZg9sww8pRCQgZkgPbsBIjQWnOAAAZkgPbshIjQXcOAAAZg9swQ8pRCQwZkgPbsBIjQXROAAAZg9swQ8pRCRAZkgPbsBIjQXGOAAAZg9swQ8pRCRQZkgPbsBmD2zBDylEJGBmD+\/ADylEJHDrEEiJ7+in9f\/\/hcB0DUmDxBBJizQkSIX2dedNi2wkCLoFAAAASI01hDgAADH\/TYXtD4S5AAAA6NX0\/\/9MjSV+PwAAvwEAAABIjRVkNwAASInGTInhMcDoxfX\/\/zH2vwUAAADoqfX\/\/0iFwHQcugMAAABIjTVOOAAASInH6DD0\/\/+FwA+F4wAAALoFAAAASI01NjgAADH\/6HX0\/\/9IielMieK\/AQAAAEiJxjHASI0dZTcAAOhp9f\/\/STntD4SYAAAAugUAAABIjTVkPwAAMf\/oPfT\/\/78BAAAASInZTInqSInGMcDoOPX\/\/zH\/6HH1\/\/\/oHPT\/\/0yNJcU+AABIjRWwNgAAvwEAAABIicZMieFMjS2sNgAAMcDoBfX\/\/zH2vwUAAADo6fT\/\/0iFwA+FPP\/\/\/7oFAAAASI01jjcAADH\/6M3z\/\/9IielMieK\/AQAAAEiJxjHA6Mj0\/\/9MjS1hNgAASI0dFTcAAOlV\/\/\/\/SIsbMf+6BQAAAEiNNWw+AADoj\/P\/\/0iJx0iJ3ugU9P\/\/6ff+\/\/9mLg8fhAAAAAAADx9EAADzDx76Me1JidFeSIniSIPk8FBURTHAMclIjT0R9f\/\/\/xXzXwAA9GYuDx+EAAAAAABIjT1BYAA="} 12188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":14690,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":14690,"pkt_l4_len":14656,"thread_ts_usec":1712420115772931,"pkt":"AAAAAAAAAAAAAAAACABFADlUtA5AAEART4h\/AAABfwAAAer2gjU5QDdUTCRASI01thgAAEyLbCR4TItkJHBIi1wkaEyJTCQQTIt8JGBMi3QkWEyJRCQISIkMJOja0v\/\/SInCUOla\/\/\/\/TItEJEhIi0wkQLoFAAAAMf9Mi2QkcEiLXCRoSI01LxgAAEyLfCRgTIt0JFhMiUQkCEyLbCRQSIkMJOiS0v\/\/QVRTSInCTYnpQVdBVkyLRCQoSItMJCC+AQAAAEiJ7zHA6NzT\/\/9Ig8Qg6Rf\/\/\/9Ii0wkQEyLbCRQugUAAAAx\/0yLZCRISItcJGhIjTWZFwAATIt8JGBMi3QkWEiJDCToLtL\/\/02J6U2J4FFIicJTQVdBVuudTIt8JGC6BQAAAEiNNTwXAAAx\/0yLdCRYTItsJFBMi2QkSEiLXCRA6PHR\/\/9BV0iJwkFWvgEAAABIie9NielNieBIidkxwOhC0\/\/\/Xl\/pf\/7\/\/7oFAAAASI01zxYAADH\/TIt0JFhMi2wkUEyLZCRISItcJEDopNH\/\/0iJwkFQ67FMi2wkUEyLZCRIMf+6BQAAAEiLXCRASI01bBQAAOh70f\/\/TYnpTYngvgEAAABIicJIidlIie8xwOjQ0v\/\/6Q\/+\/\/9Mi2QkSEiLXCRAMf+6BQAAAEiNNRgUAADoPtH\/\/02J4EiJ2b4BAAAASInCSInvMcDoltL\/\/+nV\/f\/\/SItcJEAx\/7oFAAAASI010xMAAOgJ0f\/\/vgEAAABIie9IicJIidkxwOhk0v\/\/6aP9\/\/9Mi0wkUEyLRCRIugUAAABIjTW5FgAATIuUJIAAAABIi0wkQEyLbCR4TItkJHBMiUwkEEiLXCRoTIt8JGBMiVQkGEyJRCQITIt0JFhIiQwk6RP9\/\/\/oxtD\/\/2YPH0QAAPMPHvpIixV9PQAAMfbpvtH\/\/wAA8w8e+kiD7AhIg8QIwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8ND\/\/+DQ\/\/+g0P\/\/sND\/\/8DQ\/\/\/Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/\/w0P\/\/4ND\/\/6DQ\/\/+w0P\/\/wND\/\/9DQ\/\/853f\/\/Rt7\/\/5zq\/\/8E3v\/\/19z\/\/3Ld\/\/\/C3f\/\/ntz\/\/+jV\/\/\/o1f\/\/6NX\/\/6jb\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/+S2\/\/\/Vdr\/\/wHc\/\/9m3P\/\/GNr\/\/xfX\/\/9a3P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/S9z\/\/+zZ\/\/\/s2f\/\/3Nv\/\/+zZ\/\/861\/\/\/7Nn\/\/zzb\/\/\/s2f\/\/7Nn\/\/+zZ\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/7Nn\/\/+zZ\/\/\/s2f\/\/7Nn\/\/2va\/\/933v\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/aN7\/\/xDf\/\/\/\/3v\/\/V97\/\/\/De\/\/8w3\/\/\/H9\/\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/9Xe\/\/831v\/\/N9b\/\/0re\/\/831v\/\/NN7\/\/zfW\/\/8\/3\/\/\/N9b\/\/zfW\/\/831v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zfW\/\/831v\/\/N9b\/\/zfW\/\/912f\/\/zN7\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/znf\/\/\/R3\/\/\/vd\/\/\/3ff\/\/+L3\/\/\/rt\/\/\/5rf\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/\/g3\/\/\/vN7\/\/7ze\/\/\/c2f\/\/vN7\/\/5ze\/\/+83v\/\/\/t\/\/\/7ze\/\/+83v\/\/vN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+83v\/\/vN7\/\/7ze\/\/+83v\/\/SN\/\/\/+Dr\/\/8L7v\/\/0e3\/\/4\/t\/\/9h7f\/\/D+3\/\/8ns\/\/9b7P\/\/Cez\/\/z3u\/\/9ExP\/\/WMT\/\/1jE\/\/9YxP\/\/WMT\/\/1jE\/\/9YxP\/\/WMT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/\/nG\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/4Mb\/\/3\/F\/\/+zw\/\/\/EsT\/\/2bF\/\/9Nxf\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/zTF\/\/8SxP\/\/EsT\/\/xLE\/\/8bxf\/\/EsT\/\/wLF\/\/8SxP\/\/6cT\/\/xLE\/\/99xP\/\/AAAAAAAAAAAAAAAAAAAAAENvcHlyaWdodCAlcyAlZCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4AbWVtb3J5IGV4aGF1c3RlZAAlcwDigJkAoa8AIgAnAKEHZQDigJgAR0IxODAzMABQT1NJWABgAHdyaXRlIGVycm9yAEdOVSBjb3JldXRpbHMAZWNobwAlcyAoJXMpICVzCgAoQykAV3JpdHRlbiBieSAlcy4KAFdyaXR0ZW4gYnkgJXMgYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsIGFuZCAlcy4KAFBPU0lYTFlfQ09SUkVDVAAtbgAvLmxpYnMvAGx0LQAvdXNyL3NoYXJlL2xvY2FsZQAtLWhlbHAAc2hhMiB1dGlsaXRpZXMAWwB0ZXN0IGludm9jYXRpb24ATXVsdGktY2FsbCBpbnZvY2F0aW9uAHNoYTIyNHN1bQBzaGEyNTZzdW0Ac2hhMzg0c3VtAHNoYTUxMnN1bQAKJXMgb25saW5lIGhlbHA6IDwlcz4KAGVuXwBGdWxsIGRvY3VtZW50YXRpb24gPCVzJXM+CgAtLXZlcnNpb24AQ2hldCBSYW1leQBCcmlhbiBGb3gAOS4xAExpY2Vuc2UgR1BMdjMrOiBHTlUgR1BMIHZlcnNpb24gMyBvciBsYXRlciA8JXM+LgpUaGlzIGlzIGZyZWUgc29mdHdhcmU6IHlvdSBhcmUgZnJlZSB0byBjaGFuZ2UgYW5kIHJlZGlzdHJpYnV0ZSBpdC4KVGhlcmUgaXMgTk8gV0FSUkFOVFksIHRvIHRoZSBleHRlbnQgcGVybWl0dGVkIGJ5IGxhdy4KAAAAAAAAaHR0cHM6Ly9nbnUub3JnL2xpY2Vuc2VzL2dwbC5odG1sAAAAAAAAAFdyaXR0ZW4gYnkgJXMsICVzLCAlcywKJXMsICVzLCAlcywgJXMsCiVzLCAlcywgYW5kIG90aGVycy4KAAAAAABXcml0dGVuIGJ5ICVzLCAlcywgJXMsCmFuZCAlcy4KAFdyaXR0ZW4gYnkgJXMsICVzLCAlcywKJXMsIGFuZCAlcy4KAAAAAABXcml0dGVuIGJ5ICVzLCAlcywgJXMsCiVzLCAlcywgYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCBhbmQgJXMuCgAAAAAAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCAlcywKYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCAlcywKJXMsIGFuZCAlcy4KAAAAAABBIE5VTEwgYXJndlswXSB3YXMgcGFzc2VkIHRocm91Z2ggYW4gZXhlYyBzeXN0ZW0gY2FsbC4KAFVzYWdlOiAlcyBbU0hPUlQtT1BUSU9OXS4uLiBbU1RSSU5HXS4uLgogIG9yOiAgJXMgTE9ORy1PUFRJT04KAABFY2hvIHRoZSBTVFJJTkcocykgdG8gc3RhbmRhcmQgb3V0cHV0LgoKICAtbiAgICAgICAgICAgICBkbyBub3Qgb3V0cHV0IHRoZSB0cmFpbGluZyBuZXdsaW5lCgAAAAAgIC1lICAgICAgICAgICAgIGVuYWJsZSBpbnRlcnByZXRhdGlvbiBvZiBiYWNrc2xhc2ggZXNjYXBlcwogIC1FICAgICAgICAgICAgIGRpc2FibGUgaW50ZXJwcmV0YXRpb24gb2YgYmFja3NsYXNoIGVzY2FwZXMgKGRlZmF1bHQpCgAAAAAAICAgICAgLS1oZWxwICAgICAgICBkaXNwbGF5IHRoaXMgaGVscCBhbmQgZXhpdAoAICAgICAgLS12ZXJzaW9uICAgICBvdXRwdXQgdmVyc2lvbiBpbmZvcm1hdGlvbiBhbmQgZXhpdAoAAAAAAAAAAApJZiAtZSBpcyBpbiBlZmZlY3QsIHRoZSBmb2xsb3dpbmcgc2VxdWVuY2VzIGFyZSByZWNvZ25pemVkOgoKAAAgIFxcICAgICAgYmFja3NsYXNoCiAgXGEgICAgICBhbGVydCAoQkVMKQogIFxiICAgICAgYmFja3NwYWNlCiAgXGMgICAgICBwcm9kdWNlIG5vIGZ1cnRoZXIgb3V0cHV0CiAgXGUgICAgICBlc2NhcGUKICBcZiAgICAgIGZvcm0gZmVlZAogIFxuICAgICAgbmV3IGxpbmUKICBcciAgICAgIGNhcnJpYWdlIHJldHVybgogIFx0ICAgICAgaG9yaXpvbnRhbCB0YWIKICBcdiAgICAgIHZlcnRpY2FsIHRhYgoAAAAAICBcME5OTiAgIGJ5dGUgd2l0aCBvY3RhbCB2YWx1ZSBOTk4gKDEgdG8gMyBkaWdpdHMpCiAgXHhISCAgICBieXRlIHdpdGggaGV4YWRlY2ltYWwgdmFsdWUgSEggKDEgdG8gMiBkaWdpdHMpCgAAAApOT1RFOiB5b3VyIHNoZWxsIG1heSBoYXZlIGl0cyBvd24gdmVyc2lvbiBvZiAlcywgd2hpY2ggdXN1YWxseSBzdXBlcnNlZGVzCnRoZSB2ZXJzaW9uIGRlc2NyaWJlZCBoZXJlLiAgUGxlYXNlIHJlZmVyIHRvIHlvdXIgc2hlbGwncyBkb2N1bWVudGF0aW9uCmZvciBkZXRhaWxzIGFib3V0IHRoZSBvcHRpb25zIGl0IHN1cHBvcnRzLgoAAApOT1RFOiBwcmludGYoMSkgaXMgYSBwcmVmZXJyZWQgYWx0ZXJuYXRpdmUsCndoaWNoIGRvZXMgbm90IGhhdmUgaXNzdWVzIG91dHB1dHRpbmcgb3B0aW9uLWxpa2Ugc3RyaW5ncy4KAAAAAAAAAABodHRwczovL3d3dy5nbnUub3JnL3NvZnR3YXJlL2NvcmV1dGlscy8AUmVwb3J0IGFueSB0cmFuc2xhdGlvbiBidWdzIHRvIDxodHRwczovL3RyYW5zbGF0aW9ucHJvamVjdC5vcmcvdGVhbS8+CgAAb3IgYXZhaWxhYmxlIGxvY2FsbHkgdmlhOiBpbmZvICcoY29yZXV0aWxzKSAlcyVzJwoAAAEbAzuQAAAAEQAAALyx\/\/\/EAAAADLT\/\/+wAAAActP\/\/BAEAAFy2\/\/+AAgAAbLb\/\/3QDAAA8wf\/\/rAAAACzC\/\/8cAQAAvML\/\/zABAAC8w\/\/\/RAEAAPzD\/\/9gAQAA7MT\/\/6QBAADsxf\/\/4AEAAEzG\/\/8MAgAAfMf\/\/zACAADc3f\/\/oAIAAFze\/\/\/AAgAAHOT\/\/9QDAAAUAAAAAAAAAAF6UgABeBABGwwHCJABAAAUAAAAHAAAAIjA\/\/8mAAAAAEQHEAAAAAAkAAAANAAAAPCw\/\/9QAgAAAA4QRg4YSg8LdwiAAD8aOSozJCIAAAAAFAAAAFwAAAAYs\/\/\/EAAAAAAAAAAAAAAAFAAAAHQAAAAQs\/\/\/QAIAAAAAAAAAAAAAEAAAAIwAAAAIwf\/\/hgAAAAAAAAAQAAAAoAAAAITB\/\/\/9AAAAAAAAABgAAAC0AAAAcML\/\/zcAAAAAQQ4QQQ4IUg4QAABAAAAA0AAAAJTC\/\/\/uAAAAAEE="} @@ -13,7 +13,7 @@ 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1712420134895500,"flow_src_last_pkt_time":1712420138537174,"flow_dst_last_pkt_time":1712420138537199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41150,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01139{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14648,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14648,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62064,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1712420138537199} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62064,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1712420138537199} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8666133 bytes -~~ total memory freed........: 8666133 bytes -~~ total allocations/frees...: 140562/140562 +~~ total memory allocated....: 9430539 bytes +~~ total memory freed........: 9430539 bytes +~~ total allocations/frees...: 154528/154528 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 12193 chars diff --git a/test/results/default/emotet.pcap.out b/test/results/default/emotet.pcap.out index b6fd4cbb8..18e564952 100644 --- a/test/results/default/emotet.pcap.out +++ b/test/results/default/emotet.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645830066121611} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645830066121611} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645830066121611,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1645830066121611,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0wBJAAIAGPvkKAhlmwfwWVN\/dAkvNIWS2AAAAAIAC+vBkZgAAAgQFtAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066871134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1645830066871134,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsxzIAAIAGd+HB\/BZUCgIZZgJL392K6SffzSFkt2AS+vDaogAAAgQFtA=="} @@ -8,7 +8,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830067977441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1645830067978107,"pkt":"IOUqtpPxAAgCHEeuCABFAAA9wBRAAIAGPu4KAhlmwfwWVN\/dAkvNIWS3iukoFlAY+rqhDQAARUhMTyBbMTczLjY2LjQ2Ljk3XQ0K"} 01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830068348052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":214,"midstream":0,"thread_ts_usec":1645830068348052,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1","domainame":"opmta1mto02nd1","smtp": {"user":"","password":"","auth_failed":0}}} 02203{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074471734,"flow_dst_last_pkt_time":1645830074471604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":898,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1645830074471734,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":254,"avg":538713.4,"max":3056402,"stddev":774055.0,"var":599161176064.0,"ent":3.7,"data": [749523,749719,1106307,1106777,773,369838,370621,895,325625,326244,506,323,737,841210,842439,907,363,438,3054676,3056402,1628,247201,247778,521,1205120,1205575,420,442964,443628,704,254]},"pktlen": {"min":40,"avg":80.8,"max":738,"stddev":121.9,"var":14849.5,"ent":4.3,"data": [52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738]},"bins": {"c_to_s": [8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.644789696,4.953416348,4.981687069,5.477373600,5.387795925,4.784183979,5.738989830,5.361793995,4.834184170,5.487123966,5.654376030,4.784183979,4.955064297,4.734184265,5.288679600,5.421465874,4.784183979,4.859826565,4.784183979,5.343945503,5.557319641,4.765312195,5.392617702,5.626545429,4.834184170,5.525993347,5.097266674,4.834184170,5.095175266,5.329178810,4.784184456,5.639209747]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15889,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1648563468993352} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15889,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1648563468993352} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648563468993352,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648563468993352,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0EddAAIAG2c0KAx1laKF\/Ftv1AFBvd7IvAAAAAIAC+vBnEwAAAgQFtAEDAwgBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563469109116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1648563469109116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsoCoAAIAGi4JooX8WCgMdZQBQ2\/UuAEklb3eyMGAS+vAY8wAAAgQFtA=="} @@ -18,7 +18,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1648563469109583,"flow_dst_last_pkt_time":1648563469109634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1648563469109634,"pkt":"AAgCHEeuIOUqtpPxCABFAAAooCsAAIAGi4VooX8WCgMdZQBQ2\/UuAEkmb3ez7lAQ+vAu8gAA"} 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469442201,"flow_dst_last_pkt_time":1648563469442152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":24498,"midstream":0,"thread_ts_usec":1648563469442201,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":77,"avg":28956.4,"max":204389,"stddev":59845.4,"var":3581476608.0,"ent":2.7,"data": [115764,115896,335,518,204207,77,204389,352,224,565,217,228,441,212,496,705,246,220,470,115050,221,115302,340,251,573,9235,226,9483,474,242,690]},"pktlen": {"min":40,"avg":820.0,"max":1401,"stddev":663.1,"var":439751.8,"ent":4.4,"data": [52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.710365295,4.913976669,4.680641174,5.777981758,4.621928692,7.446667671,7.722211838,4.711769104,7.820096016,7.819649696,4.730641365,7.834948540,7.865209579,4.730641365,7.838735580,7.852061272,4.780641079,7.835340023,7.853207111,4.711769104,7.851351738,7.847233772,4.780641079,7.872184753,7.855648994,4.780641079,7.879763126,7.844507217,4.680641174,7.843948364,7.837398529,4.780641079]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fkl.co.ke"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":27,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074472054,"flow_dst_last_pkt_time":1645830074472521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":15498,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1648563469606163,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1650490398530577} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1650490398530577} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650490398530577,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650490398530577,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0\/mJAAIAGv4MKBBRma6Gy0tQvAFBRzVZmAAAAAIAC\/\/+1fwAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398627831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1650490398627831,"pkt":"AAgCHEeuIOUqtpPxCABFAAAwAABAADIGC+trobLSCgQUZgBQ1C8M9mn7Uc1WZ3ASchDhvAAAAgQFbAEDAwc="} @@ -28,7 +28,7 @@ 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1442,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1442,"pkt_l4_len":1408,"thread_ts_usec":1650490398888771,"pkt":"AAgCHEeuIOUqtpPxCABFAAWU7ZtAADMGF+trobLSCgQUZgBQ1C8M9mn8Uc1XSFAQAO1SvQAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDIwIEFwciAyMDIyIDIxOjMzOjA0IEdNVA0KU2VydmVyOiBBcGFjaGUNClgtUG93ZXJlZC1CeTogUEhQLzUuNi40MA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogV2VkLCAyMCBBcHIgMjAyMiAyMTozMzowNCBHTVQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSJFR2g3eDZhS04zSUxQLmRsbCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJpbmFyeQ0KU2V0LUNvb2tpZTogNjI2MDdjMTAzODZhMz0xNjUwNDkwMzg0OyBleHBpcmVzPVdlZCwgMjAtQXByLTIwMjIgMjE6MzQ6MDQgR01UOyBNYXgtQWdlPTYwOyBwYXRoPS8NCkxhc3QtTW9kaWZpZWQ6IFdlZCwgMjAgQXByIDIwMjIgMjE6MzM6MDQgR01UDQpDb250ZW50LUxlbmd0aDogODAyODE2DQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LW1zZG93bmxvYWQNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAANclxdSRMyDkkTMg5JEzIOP45fDkETMg4\/jkkOXhMyDkkTMw4uETIObtVfDsMTMg5u1U8OQxMyDm7VXA75EzIObtVADkATMg5u1UgOSBMyDm7VTg5IEzIObtVKDkgTMg5SaWNoSRMyDgAAAAAAAAAAUEUAAGSGBgAAFV9iAAAAAAAAAADwACIgCwIIAABgBgAA3AUAAAAAAMBwBAAAEAAAAAAAEAAAAAAAEAAAAAIAAAQAAAAAAAAABQACAAAAAAAA0AwAAAQAAPAJDQACAAAAAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAACCMCABjAAAAsF8IANwAAAAAsAkABMwCAAAwCQDgcwAAAAAAAAAAAAAAgAwAhCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwBgAIDgAAEF8IAEAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAACcXwYAABAAAABgBgAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAgxwCAABwBgAAHgIAAGQGAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAADCTAAAAkAgAADYAAACCCAAAAAAAAAAAAAAAAABAAADALnBkYXRhAADgcwAAADAJAAB0AAAAuAgAAAAAAAAAAAAAAAAAQAAAQC5yc3JjAAAABMwCAACwCQAAzgIAACwJAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAADxEAAAAgAwAAEYAAAD6CwAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01474{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1650490398888771,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"gandhitoday.org","domainame":"gandhitoday.org","http": {"url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"application\/x-msdownload","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","detected_os":"Windows 10"}}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":37,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469606163,"flow_dst_last_pkt_time":1648563469559770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":46621,"midstream":0,"thread_ts_usec":1650490398907947,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fkl.co.ke"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":123,"packets-processed":122,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":71509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1650905413858492} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":123,"packets-processed":122,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":71509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1650905413858492} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905413858492,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905413858492,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0LKVAAIAGOLEKBBllTWkknMKFAFDxFWwgAAAAAIAC+vC+pQAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905414042728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905414042728,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADEGtFZNaSScCgQZZQBQwoUpbDcH8RVsIYASOQggUwAAAgQFbAEBBAIBAwMH"} @@ -57,7 +57,7 @@ 01315{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467928862,"flow_dst_last_pkt_time":1650905469191372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01209{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905518385458,"flow_dst_last_pkt_time":1650905473602816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":553,"flow_dst_max_l4_payload_len":660,"flow_src_tot_l4_payload_len":929,"flow_dst_tot_l4_payload_len":800,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01361{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":10,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905414338361,"flow_dst_last_pkt_time":1650905414341100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":9960,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"filmmogzivota.rs"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":169,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":89856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1650905518385458} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":169,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":89856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1650905518385458} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 169/169 ~~ skipped flows.............: 0 @@ -66,9 +66,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8680181 bytes -~~ total memory freed........: 8680181 bytes -~~ total allocations/frees...: 140795/140795 +~~ total memory allocated....: 9444715 bytes +~~ total memory freed........: 9444715 bytes +~~ total allocations/frees...: 154761/154761 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2391 chars diff --git a/test/results/default/encrypted_sni.pcap.out b/test/results/default/encrypted_sni.pcap.out index 7474b1d4f..a0c6b7c1e 100644 --- a/test/results/default/encrypted_sni.pcap.out +++ b/test/results/default/encrypted_sni.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680386576239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} 01531{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13i1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} @@ -12,7 +12,7 @@ 01298{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01298{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01299{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8656125 bytes -~~ total memory freed........: 8656125 bytes -~~ total allocations/frees...: 140573/140573 +~~ total memory allocated....: 9420563 bytes +~~ total memory freed........: 9420563 bytes +~~ total allocations/frees...: 154539/154539 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 595 chars ~~ json message max len.......: 1537 chars diff --git a/test/results/default/epicgames.pcapng.out b/test/results/default/epicgames.pcapng.out index c90b26d1e..065178e74 100644 --- a/test/results/default/epicgames.pcapng.out +++ b/test/results/default/epicgames.pcapng.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1684594463217688} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1684594463217688} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594463217688,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594463217688,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1684594463217688,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1684594463217688,"pkt":"CL6sCxduJjb1W8R1CABFAABOdf1AAEAR1QjAqAycEp0PuMIdOqMAOpeORxogAAiYImV0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEKE7iHg4H\/Z6HRc="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594463538671,"flow_dst_last_pkt_time":1684594463538671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594463538671,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -9,30 +9,30 @@ 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1684594465276288,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1684594465276288,"pkt":"CL6sCxduJjb1W8R1CABFAABOdpZAAEAR1G\/AqAycEp0PuMIdOqMAOgiQRxogABiYImV0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8IKo684kOqzBtBA="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1684594465567882,"flow_dst_last_pkt_time":1684594463538671,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1684594465567882,"pkt":"CL6sCxduJjb1W8R1CABFAABNdqNAAEAR1GPAqAycEp0PuLlWOqMAOfe1hxogABiYImV0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGuNs85sXCO+Hg=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1684594465567882,"flow_dst_last_pkt_time":1684594466059833,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1684594466059833,"pkt":"Jjb1W8R1CL6sCxduCABFAABRfylAAC4R3dkSnQ+4wKgMnDqjuVYAPfz3hxogCAiYImV0BAAAAAA0uJNTASQmjhWzH04G3mwo0EJXzuKlTWR9FRPzonVmSKoVeAkc\/hA="} -00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594465567882,"flow_dst_last_pkt_time":1684594466059833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1684594466059833,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594465567882,"flow_dst_last_pkt_time":1684594466059833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1684594466059833,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1684594465567882,"flow_dst_last_pkt_time":1684594466059864,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1684594466059864,"pkt":"Jjb1W8R1CL6sCxduCABFAABTfytAAC4R3dUSnQ+4wKgMnDqjuVYAP4pXhxogCBCYImV0BAAAAAA0uJNTASQmjhWzH04G3mwo0EJXzuKlTWR91XB+\/KeWD6NJdRGCFycCEQ=="} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1684594465276288,"flow_dst_last_pkt_time":1684594466059963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1684594466059963,"pkt":"Jjb1W8R1CL6sCxduCABFAABTfyhAAC4R3dgSnQ+4wKgMnDqjwh0AP+SARxogCAiYImV0BAAAAAA0uJNTATSLD46m3fLj4+CA2iAxbtXUEopaeSnMMiyHubnkWkvzvUocHw=="} -00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594465276288,"flow_dst_last_pkt_time":1684594466059963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1684594466059963,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594465276288,"flow_dst_last_pkt_time":1684594466059963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1684594466059963,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1684594465276288,"flow_dst_last_pkt_time":1684594466059971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1684594466059971,"pkt":"Jjb1W8R1CL6sCxduCABFAABPfypAAC4R3doSnQ+4wKgMnDqjwh0AO73QRxogCBCYImV0BAAAAAA0uJNTATSLD46m3fLj4+CA2iAxbtXUEopaiXsiUa5O4Gfw1MIb"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594474564082,"flow_src_last_pkt_time":1684594474564082,"flow_dst_last_pkt_time":1684594474564082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594474564082,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":39322,"dst_port":9011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1684594474564082,"flow_dst_last_pkt_time":1684594474564082,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1684594474564082,"pkt":"CL6sCxduJjb1W8R1CABFAABSeWhAAEAR0ZnAqAycEp0PuJmaIzMAPivwRxogAAiYImV0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFUPiiaOeaLdd8DoKLAY"} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1684594474564082,"flow_dst_last_pkt_time":1684594474581439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1684594474581439,"pkt":"Jjb1W8R1CL6sCxduCABFAABUgWxAAC8R2pMSnQ+4wKgMnCMzmZoAQAcJRxogCAiYImV0BAAAQGIp\/KoNDoQXAGfDpK50J8xZTLzsLaqKlQtQSG51zmL1gfLXKuoXMHnHFRo="} -00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1684594474564082,"flow_src_last_pkt_time":1684594474564082,"flow_dst_last_pkt_time":1684594474581439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1684594474581439,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":39322,"dst_port":9011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1684594474564082,"flow_src_last_pkt_time":1684594474564082,"flow_dst_last_pkt_time":1684594474581439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1684594474581439,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":39322,"dst_port":9011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1684594474614535,"flow_dst_last_pkt_time":1684594474581439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1684594474614535,"pkt":"CL6sCxduJjb1W8R1CABFAABNeWtAAEAR0ZvAqAycEp0PuJmaIzMAOUVzRxogEBCYImV0BAAAQGIp\/KoNDoQXAGfDpK50J8xZTLzsLaqKlQtQeGmgSpn0fPLiFA=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1684594474614535,"flow_dst_last_pkt_time":1684594474648075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1684594474648075,"pkt":"Jjb1W8R1CL6sCxduCABFAABSgXhAAC8R2okSnQ+4wKgMnCMzmZoAPgW1RxogGBCYImV0BAAIAAAAAAAA\/4sXAGfDpK50J8xZTLzsLaqKlQtQmKOfhDWCVFh8bJjtK7YX"} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1684594474687747,"flow_dst_last_pkt_time":1684594474648075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1684594474687747,"pkt":"CL6sCxduJjb1W8R1CABFAAB4eW5AAEAR0W3AqAycEp0PuJmaIzMAZPxsR+hL+4tQEkSm7EoufFgEE8C\/y+er7338S0J15aThYYwMnD863iJ0Fk6Eq8kHuLVrjMoIaYvZ\/VQwvSr5lqiJwNKvWrm2U794vf7NAGvwTGDaeEN2Q5b8RJR5bF0="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594490567237,"flow_src_last_pkt_time":1684594490567237,"flow_dst_last_pkt_time":1684594490567237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594490567237,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":37989,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1684594490567237,"flow_dst_last_pkt_time":1684594490567237,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1684594490567237,"pkt":"CL6sCxduJjb1W8R1CABFAABTfcNAAEARzT3AqAycEp0PuJRlOqMAP3AFxxogAAiYImV0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PfNUGgFbe0vReqqUQG9HQ=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1684594490567237,"flow_dst_last_pkt_time":1684594490606776,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1684594490606776,"pkt":"Jjb1W8R1CL6sCxduCABFAABRiXBAAC8R0pISnQ+4wKgMnDqjlGUAPRfGxxogCAiYImV0BAAIAACZlKndA9R0Y4jhNbR4BlTqSRMlBfkHU18LqaF1OcEqHrNvRKt5Fh8="} -00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1684594490567237,"flow_src_last_pkt_time":1684594490567237,"flow_dst_last_pkt_time":1684594490606776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1684594490606776,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":37989,"dst_port":15011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1684594490567237,"flow_src_last_pkt_time":1684594490567237,"flow_dst_last_pkt_time":1684594490606776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1684594490606776,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":37989,"dst_port":15011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1684594491022786,"flow_dst_last_pkt_time":1684594490606776,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1684594491022786,"pkt":"CL6sCxduJjb1W8R1CABFAABTfdtAAEARzSXAqAycEp0PuJRlOqMAP7+RxxogEBCYImV0BAAIAACZlKndA9R0Y4jhNbR4BlTqSRMlBfkHU18LSdPunEtOyRGkhF2RquteFA=="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1684594491022786,"flow_dst_last_pkt_time":1684594491040680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1684594491040680,"pkt":"Jjb1W8R1CL6sCxduCABFAABPiZdAAC8R0m0SnQ+4wKgMnDqjlGUAO0HyxxogGBCYImV0BAAIAAAAAAAA\/9t0Y4jhNbR4BlTqSRMlBfkHU18LCUcGWaB9JyQjTGcd"} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1684594491075813,"flow_dst_last_pkt_time":1684594491040680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_usec":1684594491075813,"pkt":"CL6sCxduJjb1W8R1CABFAAB5feBAAEARzPrAqAycEp0PuJRlOqMAZeftx+BLq6zGyvRuvCST7jBCHUjjNTGS2sIgRDm+yDmzxSF91jmbk5S+4VWXvYA2iuVDK+IrIRZ8bqDO+ktjU+04b4UKHBnCxNTk0i95upU1GAT7LJD7MRWWyErPV1hR"} -00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1684594474564082,"flow_src_last_pkt_time":1684594474915533,"flow_dst_last_pkt_time":1684594475180053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":952,"flow_dst_max_l4_payload_len":77,"flow_src_tot_l4_payload_len":4385,"flow_dst_tot_l4_payload_len":394,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":39322,"dst_port":9011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1684594490567237,"flow_src_last_pkt_time":1684594491581525,"flow_dst_last_pkt_time":1684594491475757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":681,"flow_dst_tot_l4_payload_len":750,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":37989,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594467700923,"flow_dst_last_pkt_time":1684594467772599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":449,"flow_dst_tot_l4_payload_len":344,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594467702588,"flow_dst_last_pkt_time":1684594467772655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":444,"flow_dst_tot_l4_payload_len":337,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":81,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7784,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1684594491581525} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1684594474564082,"flow_src_last_pkt_time":1684594474915533,"flow_dst_last_pkt_time":1684594475180053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":952,"flow_dst_max_l4_payload_len":77,"flow_src_tot_l4_payload_len":4385,"flow_dst_tot_l4_payload_len":394,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":39322,"dst_port":9011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1684594490567237,"flow_src_last_pkt_time":1684594491581525,"flow_dst_last_pkt_time":1684594491475757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":681,"flow_dst_tot_l4_payload_len":750,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":37989,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594467700923,"flow_dst_last_pkt_time":1684594467772599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":449,"flow_dst_tot_l4_payload_len":344,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594467702588,"flow_dst_last_pkt_time":1684594467772655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":444,"flow_dst_tot_l4_payload_len":337,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":81,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7784,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1684594491581525} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 81/81 ~~ skipped flows.............: 0 @@ -41,10 +41,10 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654387 bytes -~~ total memory freed........: 8654387 bytes -~~ total allocations/frees...: 140643/140643 +~~ total memory allocated....: 9418857 bytes +~~ total memory freed........: 9418857 bytes +~~ total allocations/frees...: 154609/154609 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 584 chars -~~ json message max len.......: 984 chars -~~ json message avg len.......: 783 chars +~~ json message max len.......: 982 chars +~~ json message avg len.......: 782 chars diff --git a/test/results/default/esp.pcapng.out b/test/results/default/esp.pcapng.out index d6b331147..ee2dae04c 100644 --- a/test/results/default/esp.pcapng.out +++ b/test/results/default/esp.pcapng.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587340723655842} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587340723655842} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587340723655842,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAN8AAP8RncEKAgMCCgMEBAH0AfQBbm9jBawPTRIgE\/QAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAADDsDka\/duvsZYQytelWlC6NzARHfxQ9jT\/JU2Un7NCQA+jXJ08WlF7e\/NDuPTB526R8Cb4Zuk\/QhNNiyysAyBZ0W7cfOpAFmMETkjg2lvpSaO0W743zdwZbhwL5xtEDwKwAAJBinv2eNdHZsJ29wVvPTnOU5tMnnhBtj26lK3VUpGlaPKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABE++qlf\/rnDMCHdomXQhhbbCu7VdAAAAHAAAQAWxbxU4srTSjW8apuj3nZ6SyjPUCQ=="} 00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -12,7 +12,7 @@ 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587340725659995,"pkt":"qrvMAAIQqrvMAAMQCABFAACYACQAAP4yoQUKAwQECgIDAvAJLLUAAAABLX+WjVQswRpYbFeiaZdQW6eWJsw6BS2eB7OP9\/5eHwi2mYpUZ6G3t755XGwuYLanMk25K6hMBwBSxcZ\/ydNZPrrxBrySAlcBAFV4v6tDTuHpnnv89BSOnoK6gF0SG3nSCAMIxyxKQV4U+ecInNO5d\/EnrgCW7OWI7NuXZg=="} 00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587340725658959,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ESP","proto_id":"117","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":2,"category":"VPN"}} 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723670088,"flow_dst_last_pkt_time":1587340723676343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":702,"flow_dst_tot_l4_payload_len":654,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587340725659995} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587340725659995} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647452 bytes -~~ total memory freed........: 8647452 bytes -~~ total allocations/frees...: 140550/140550 +~~ total memory allocated....: 9411858 bytes +~~ total memory freed........: 9411858 bytes +~~ total allocations/frees...: 154516/154516 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 999 chars diff --git a/test/results/default/ethereum.pcap.out b/test/results/default/ethereum.pcap.out index 4b74cc4e1..1fcba16a5 100644 --- a/test/results/default/ethereum.pcap.out +++ b/test/results/default/ethereum.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578508362274369} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578508362274369} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508362274369,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -9,7 +9,7 @@ 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692141,"flow_src_last_pkt_time":1578508363692141,"flow_dst_last_pkt_time":1578508363692141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508363692141,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364272113,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1578508364272113,"pkt":"KDc3AG3IEBMx8Tl2CABFCACn7eVAACURF08DcIo5wKgBuGOsdl8Ak1lonaJ3QYcb7U0uMgLRKCkYOOmsVBzd6scD1gTgbTNauX3kB3bPaDZ67w0\/6JScqj4YBzeDQtx9d9GUfbwpNwws+A3fj9N5t1f25M57T8Etpo9cRpw0Ipg9vE7GnadXMLBRAAHoBNeQAAAAAAAAAAAAAAAAAAAAAIInD4InD8mETxbOvYLp94CEXhYgYA=="} -00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364272113,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364272113,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382390,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364382390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382390,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364382390,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364382390,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHswoAAEAR05vAqAG4A9EtT3Zfdl8As46jAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382390,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364382390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382390,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -66,7 +66,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523356,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364566297,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364566341,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364566341,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"} 01221{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364565857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":561,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":561,"pkt_l4_len":527,"thread_ts_usec":1578508364568148,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIjAABAAEAGXj\/AqAG4I570l90ndl+E\/i4wBuq8c4AYECy0dwAAAQEICiLYlHw03AK8Ae0ENFbRMbDoR8q7\/lBVpSLdvQ0ss\/KysYDT3cgeuBsRepnhTempELxTDDzyA+2tnSS3\/ruB2mpEbWEuSedlIoj8Q+\/G+12XRxalYMJALGF\/Er1BufURk5A1YQ9d2FudC\/iAy\/0\/SQgKSDzazWMxd7m1Lzwbt1nkw8ZjTM6FPB2McyXwSH7Wjc1nUQhgSn5LWTODVqRQ+X4PuwvkifJR9XsBkh3VIgyEdaHFX8Yr3KzeLOekLEwSI0yKjH4ZLdpjDM5KKnBhg548bY6D30ay\/BaaMyf58ioyShCmLNSMSsFYyQQfVVYzvtvrZbl6LBsAaCp1QztDCCDI5Nl2M+bjMCsqt67khRdyIfZr+458mG08qKTyjO8oMmjYTZnLSmtS\/VNx\/QIJ5AL1xUckB+Ry3W4m+FfUNCXmhxM8jJ7Q4eEIQ3o0C3wBOm4q5OMhy77zHLV1U8n+1P3lzOlz1qwVcBSZ3c6jcmKjn7wAUE56CQ3m8W6n0IFKPd3C6lqMAp6k49eCxjEMbPCq3GbuLOhnLL0327qOy9StdTswkzKaOg7a3WHDZrriFvESwbOC3lodEcL\/J8VODIzTYk7iMhP3qabE+jkUi6\/1UrkkkLHqBQ7cfZ4aoH5Iqr35Sjr2YB7HO6Wo2LBxq97lA5uIai0r"} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364565857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568148,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364565857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568148,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":612,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":612,"pkt_l4_len":578,"thread_ts_usec":1578508364568221,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJWAABAAEAG\/+TAqAG4soDD3N0ydl\/wysJJ+FRpUYAYECwg3gAAAQEICiLYlHxfPQwNAiAEhpkrlQBwH8ddEcq0BdL83Bo3hypa+fGbFwNsVRwx6iJqkT5ihZAS\/ej6odE27zVMZrwBgqFs6p9Y1qpQoG5AV\/xzB4ClP9AB\/3NVdEZa3hbMgtTl1WhChUY7PebrIbb7y7PKnhNG+fKkKEu2x79pMd24HXnzXjog8DrnqEwTWv5KnyKedSGLXPCsTmlzQN0QJEEY6J5nOrHUU8dFU21ucoziHzGqWR5upt8sNYEWXNo6BUoTw\/WutZuGkhbYkbg5yWqRm30izxfOmiC8VyOi\/XMkx2UM3FBf8b0juv8c6D9s\/qC+0wi8mopLq4rc0gMxNoHlt+XzgDmJJFmvryPOV\/VAXW0q9oQMgKbtHFLpFdW31b4pm9vkytbPbkbcxgYGzaDvLEvKf9fu6uiqaksKWf+ZV+QAMMtjZP7GkVhpNpwxIdCnaZadlVVgG5B+NfjFmgFxDlq9z36B5kVcAWPa24LZ\/YDsz5uz6kgth55OzqmUOcrjN0\/VL65\/IbGLyC\/XZeQucYMmUi5JlCrKEYIFZvdF9RFCHhZvdXS1fXnC5BRkGI9NSx1dKmp\/59WBa70i7aYEdFQrwisFND8qlAvWK9W60aDIMUoR\/G\/TpuNnaF7w6dROBlznoePkr7Mlqpx\/UMiw+Y\/vg9yIOdXpZ2b4tI2QpgNHpymKXmH3PbTxBdPmO5c6fcZf5qmOPHf8dq+j7gt1qe6Ulo\/6iuixGxQb"} 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":546,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568221,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523293,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364569557,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="} @@ -76,7 +76,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523418,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364593446,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364593616,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364593616,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364595041,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"thread_ts_usec":1578508364595041,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI0AABAAEAGO\/TAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AYECw7TwAAAQEICiLYlJWnEIc7Af4E5Ftu7jhsh85mLz6DNdsr0rAu57KuMEEixSIhTUDBiDfVxvICkA5Md\/KKK0k3oE9+USvcqszUqPqZS0YzQ9lY1TT\/7cu3JyyOo6CJXkfDE4lma+SeZys01m9T952LuyvfS48J7XlHZgraHR8cc3n8HM9YAHMsuedtFBG9prv6HDrQGSb03gVP6VxROea7RSYAn+GEuUGG2+5SwvTtMvcBGDkNIFf0+rzM7Vup0UcVtmwoDndxJ\/4\/VfNR50YiBMyCiwTTtO52rPZkFb3MCR7wVc28UdXcwGsfavpyG0m1ZyTVuctUw4csneHOJU0nHt14r4rU0983EE3nyiF4JrC6UWya4O12uL7LPLkqGQJnpWpfiNUK\/CEAiwiZR+8f3CuR\/L9bCfrWwBIJAAZ69SxxRcB85802N1ESA\/KDY5oKA8in0wBWRTMOSh+WJqLWlR0xlxNbRcKueBbcg6sgqnZuuypIrzOe6pkjQ9Y92tWs1UJguFwDFK3aBIqvwRXCHt0IIRtFIjv637tCzfR4kZQX7JDqbOBeRFtA9zcohdcYuHGtI63P8PaY0lv6+B4+xY2kBnmR55inLSnZNGcaFlPXXxfXBf7FGwL4BL3G9JKfxtGcGk\/eaHYb+98xEWv\/CFZwcwGDKxGiTf6dYH3fob6Ul5r+ZFAJ378vDb+ajQc="} -00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364595041,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364595041,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364595041,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364595041,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364629148,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364629148,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ZWFAADQGqKWygMPcwKgBuHZf3TL4VGlR8MrEa4AQAOuv4AAAAQEICl89DDMi2JR8"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364629323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364629323,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Z0xAAC0GC+IjnvSXwKgBuHZf3ScG6rxzhP4wH4AQAOvgIwAAAQEICjTcAuUi2JR8"} 01946{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364631547,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_usec":1578508364631547,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="} @@ -97,7 +97,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364595041,"flow_dst_last_pkt_time":1578508364655558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364655558,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0tVBAACcGoaMi\/xdxwKgBuHZf3TMrXBsHHvlGKYAQAOuT7wAAAQEICqcQh3si2JSV"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523420,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364657828,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364657930,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364657930,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"} -02129{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364658815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508364658815,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":7898.0,"max":63466,"stddev":18325.6,"var":335828128.0,"ent":2.4,"data": [42899,42982,2208,63466,818,46,62123,6,373,313,356,354,126,10,127,6,123,159,339,3,86,17,41,85,11,59,21,32,10,27626,14]},"pktlen": {"min":46,"avg":91.2,"max":547,"stddev":114.1,"var":13011.4,"ent":4.4,"data": [64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.453177452,5.333454132,5.000318527,7.620707512,5.195351601,7.612061024,5.903985500,5.077241421,5.077241421,5.270098686,5.077241421,5.305542469,5.077241421,5.535423279,5.653491497,5.077241421,5.077241421,5.233812809,5.077241421,5.807060242,5.154217243,6.729629993,5.192151070,5.452736855,5.949917316,5.154217243,5.191807747,5.493040085,5.493248940,5.077241421,3.725504398,3.725504398]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02127{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364658815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508364658815,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":7898.0,"max":63466,"stddev":18325.6,"var":335828128.0,"ent":2.4,"data": [42899,42982,2208,63466,818,46,62123,6,373,313,356,354,126,10,127,6,123,159,339,3,86,17,41,85,11,59,21,32,10,27626,14]},"pktlen": {"min":46,"avg":91.2,"max":547,"stddev":114.1,"var":13011.4,"ent":4.4,"data": [64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.453177452,5.333454132,5.000318527,7.620707512,5.195351601,7.612061024,5.903985500,5.077241421,5.077241421,5.270098686,5.077241421,5.305542469,5.077241421,5.535423279,5.653491497,5.077241421,5.077241421,5.233812809,5.077241421,5.807060242,5.154217243,6.729629993,5.192151070,5.452736855,5.949917316,5.154217243,5.191807747,5.493040085,5.493248940,5.077241421,3.725504398,3.725504398]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364659294,"flow_dst_last_pkt_time":1578508364659294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364659294,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364659294,"flow_dst_last_pkt_time":1578508364659294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364659294,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"} 01082{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364659971,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":461,"pkt_l4_len":427,"thread_ts_usec":1578508364659971,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG\/AABAAEAGRbnAqAG4A9EtT900dl+bF1Vm3a7y04AYECwE6gAAAQEICiLYlNJOlRAnAYkEYzsbi3U1VbPxeO8JeZGy8BDKLHIeRSKQp4\/evVyQovWvCuUArTsYbNFNxbOpHxgiMLlX0ZOeEmBKpT+zxdZ5teBbqVi3L+mm7Ze75jkvKWog+sVO61B5+CMn3LI3RoqoEIs7LzSm4dXhRB4iMDjlKoJ5ZcHwLwlkh8E9Vpo3djq3bdx6lp\/EdVYh6tyjrDNl\/j+nQfIHSl0cMW+mhrtlfSdcGh0syw23uJtUSkclaVzh1wHeEc\/bQntltm8xovFOwV9SJyedZop+oHv1QYNt8oHL9v3ZZw5lkXyC9v2DYGLqmi1M7RPz8jlmDJa9m+OtKYcpqVh3LJYWvbiP5AVvl68VRguEFNQTEiaz8u+Ok4fajiRFN+EVltIdouSx7saQkYFk1SJM9L4aBUOJFvL6FFh3igjYUWKgCjdf2qOqAGWN2QeLZkNKg69L2LgHAubee5cXm\/oVTb4ak7cxt1raQVyZh0C5KR4jqdxt3Bdo\/8IlgvyUrAcIb4sc4COpXETFl0cDGUpkbOA="} @@ -125,7 +125,7 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364717893,"flow_dst_last_pkt_time":1578508364717778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364717893,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364719135,"flow_dst_last_pkt_time":1578508364717778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_usec":1578508364719135,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIeAABAAEAGNTbAqAG4aCrZGd0jdl\/sFGYjIWK3YYAYEAln5wAAAQEICiLYlQnu0q\/IAegEP2pezgVKWt8J8LrduXpDyCo1FSJyTyJ5lbbH7EMZGv5G3Ivb1Abhvkw0dCEBVV6UxMSYllHcXVIlysO4yRAJrD5b3f1+VOKSoFLSg1WcmxxEFO5pnU9HGIUQEJOaDwrvCvMmNd\/GyeuIehvlbz29a4IXVRSSdhfjxmtwfJH+UkHpQ4uA18eIcetGchNx7gI7Oz0jMukXSf6+fHPd5WzMA+QkRtKtiOA\/Ie9P0PHPpHyImbvmHyYsAnQAyF4U1Vv15ymELSbMPh6zJQBf6IEP1\/CsQtKLagSDJKpl3a0jUjZwfj\/oq5+fdfqdkyAe+2Dk+tJ3lqwB+Dn4UKkYaFJ02\/UB95EcD\/zFU66a5SFkLQDvY3+vcobTa\/lD7OTd6xDAWEFP2BjNtfPoRyhVmxGgL4bywwcRwT6f1g2LccJsDy4U775nSR0Ycq1gnFsOfvC1Y9DaUuFcWbL7Z3JghsVJzD7MutydGKoI2UvduWqCdBRnpaAxRMcAZl5TC\/i+u2g5IW+pDMOuiS2ibZEmMWOlF4ZWAnJCS4GUFO1bcjbhwDALyFMTF0NZdpp8BmB793G\/lfe5Ar+ZIMVJs8CawDm2xKMURTt++U3mblRrsMZgCuWrzMqnUgZd5lFo1bOfVXFU2qOsmJmGig=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522827,"flow_src_last_pkt_time":1578508364719135,"flow_dst_last_pkt_time":1578508364717778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364719135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -02121{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364721593,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508364721593,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":10767.0,"max":70198,"stddev":24163.0,"var":583848512.0,"ent":2.4,"data": [70028,70198,1425,62112,2103,2,2,32,23,22,62731,3,15,11,2,8,85,118,636,45,106,25,18,64,32,95,10,50,9,63729,37]},"pktlen": {"min":46,"avg":90.3,"max":564,"stddev":111.3,"var":12394.7,"ent":4.4,"data": [64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.441382408,5.346035480,5.024262905,7.573521614,5.233813286,7.579136848,5.880175591,5.270098686,5.268505573,5.525989532,5.642391205,5.062724590,5.024262905,5.024262905,5.024262905,5.062724590,5.062724590,5.272274494,5.062724590,5.967890739,5.154217243,6.729060650,5.228514671,5.477021694,5.839856625,5.078744888,5.191807270,5.462270737,5.610895157,5.115703106,3.600984097,3.600984097]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02119{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364721593,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508364721593,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":10767.0,"max":70198,"stddev":24163.0,"var":583848512.0,"ent":2.4,"data": [70028,70198,1425,62112,2103,2,2,32,23,22,62731,3,15,11,2,8,85,118,636,45,106,25,18,64,32,95,10,50,9,63729,37]},"pktlen": {"min":46,"avg":90.3,"max":564,"stddev":111.3,"var":12394.7,"ent":4.4,"data": [64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.441382408,5.346035480,5.024262905,7.573521614,5.233813286,7.579136848,5.880175591,5.270098686,5.268505573,5.525989532,5.642391205,5.062724590,5.024262905,5.024262905,5.024262905,5.062724590,5.062724590,5.272274494,5.062724590,5.967890739,5.154217243,6.729060650,5.228514671,5.477021694,5.839856625,5.078744888,5.191807270,5.462270737,5.610895157,5.115703106,3.600984097,3.600984097]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364729181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_usec":1578508364729181,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="} 01087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364729798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_usec":1578508364729798,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732443,"flow_src_last_pkt_time":1578508364732443,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364732443,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -171,7 +171,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508364832618,"flow_dst_last_pkt_time":1578508364832618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364832618,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364832618,"flow_dst_last_pkt_time":1578508364832618,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364832618,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"} 01189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364833343,"flow_dst_last_pkt_time":1578508364831187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1578508364833343,"pkt":"EBMx8Tl2KDc3AG3ICABFAAILAABAAEAGEufAqAG4EopRHN0vdl8VNVkc\/BYyhoAYECzL6gAAAQEICiLYlXFjgYkbAdUEwUIR9YgFXZ9yiOt5YBH4UtFaqA+cwIzRVHYokt1jt3NSo7VChRqaTps9paUa0ngH25xMfgJbcuBsMxxTxgihIKn5VUXXgWDlNYyvU0KlT1bNUEI4mKZzhEJdNwjpMn9paKBWzu2LEMjx6bLou4eS13z\/nVxfNlGL0J7vv8\/wC8YQ1+XvQyGDWq4sjQibEugRViJciB03P97SSio3NTS6h9JYGoEfM9nybcbgUflDrSQcxM3wZhLR4RyXHFofiZ6ItK5WZXSq5pX\/rioqKS6rjD\/Od8+ItIp1Os0RxmLLf4DWm4\/UMEN2gFSO\/\/Glty20yCOSCBOfFj8FNpqoruWb3E+P4CmQ2C\/teNBBz+h3griSFolu7EDV7zs7SLm4DR4ICIyHvtuOPkeooGrl0tep6tLaxHM2ZkQOiUJRKu+5pHwHgHmEbBncVaLwnhxRCP51iVfM2TEGdhOXmZNW\/1FyvH8rso8UOfKabPq7CXCpZK38otIKu601tzRMGFOYwWIHKFmd+rKAZ\/NBoZt\/6W8POfwll5vHjI\/FLep7U77tKANlUam924r9s1XPKaPkH9fxcGGux9IUOJRyhmfvWk\/b8yyfBvntIhfV4oqnCZvlQGRKNPXA"} -00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508364833343,"flow_dst_last_pkt_time":1578508364831187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":471,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364833343,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508364833343,"flow_dst_last_pkt_time":1578508364831187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":471,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364833343,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523037,"flow_dst_last_pkt_time":1578508364841546,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364841546,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364669552,"flow_dst_last_pkt_time":1578508364841574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364841574,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05dtAADEGDGhCKlL2wKgBuHZf3SQj+YV5f2ikFYAQAOvH9gAAAQEICh2SYKIi2JTZ"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364841644,"flow_dst_last_pkt_time":1578508364841546,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364841644,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"} @@ -195,7 +195,7 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364924936,"flow_dst_last_pkt_time":1578508364924936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364924936,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364925232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364925232,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364925232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364925232,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364925232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364925232,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364925232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364925232,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364819362,"flow_dst_last_pkt_time":1578508364930055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364930055,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0P7RAACgGl+woQ5CAwKgBuHZf3TZG9x3RfGwnQoAQAOutlAAAAQEICnIsxqEi2JVm"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364824682,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364932308,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364932360,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364932360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"} @@ -237,7 +237,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364932939,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365063785,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365063889,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365063889,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365065166,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_usec":1578508365065166,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI9AABAAEAGu+DAqAG4Etunn90\/dl9+5\/UfX8vPzIAYECwSKQAAAQEICiLYlkYSyYNbAgcExEL6k7iDCmvDnLTJQ493cMoyN1vB35yNoXPALiSuhgaS7ozJbRQbYOIH3P2cKiRvQXZnyi4u4Lw9Z+qm430tq6fsEdocQZExsicq33nFabONqvhhdUCa\/Ycdml2wvn5dpDCXVB9DNlrFeOeFE91jSn+\/t\/1SEOuxaQXmtjOwaQ1rpHIUzUgqbMGDk2Xf\/clHNIrP+8dybicogNvvQdnfbOpGdx1BoT0UQ\/cJXLKng37Bgj1WiAiOYJXJZa8JBRrhcHue5nPxDIJBjNepGAEan7DM7ryaKTAgOvU\/Di6OjPj6R7ouWTk82ibH7ElOw1FPPG5org7fTBskGPYN2GwayBKfWJqhgX9Gm1oPuX1X+g+ulBxYo6+kcnIZf2UWtLkGazBcTymT3ikMsPJcAOx6Ez506cWe12f8KbpoTZUvcT+X1eAJbGBrWT7DguMC80iDihkY\/yzY\/n3QuAZq24LNcyxoBP\/uCwVTm8qaMGfmyat1VRjTTPpp+Fj+UiG42oX6jN4ArwZ513sZwkaDYmzIysegLaM5r3\/zIAY5u9dqFaz0kd9hCdidoGIQ0QsFKfLzcRD16xeZ1Z2WCedBAjFbCQYMbcXNCoLuX9swWHUyq5fABYOQJH2AbDJ3jx4sK0iNO0HqAWR0fuWK4AaZIlse6PDKjcaLDe4h\/7OZqPG8cMv39kbM44A="} -00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365065166,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":521,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365065166,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365065166,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":521,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365065166,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365021490,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365065326,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365065360,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365065360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365065549,"flow_dst_last_pkt_time":1578508364563748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508365065549,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} @@ -287,7 +287,7 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365189114,"flow_dst_last_pkt_time":1578508365189114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365189114,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365189369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365189369,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365189369,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365189369,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="} -00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365189369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365189369,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365189369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365189369,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365193903,"flow_dst_last_pkt_time":1578508365193933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":382,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":623,"midstream":0,"thread_ts_usec":1578508365193933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9603.5,"max":51634,"stddev":18821.1,"var":354234048.0,"ent":2.8,"data": [47219,47359,1594,49528,3728,51634,828,16,1020,92,14,1,37,127,71,134,135,105,102,138,138,353,12,12,16,83,45623,1100,32,46342,115]},"pktlen": {"min":52,"avg":93.9,"max":462,"stddev":97.7,"var":9536.3,"ent":4.5,"data": [64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.453177452,5.346035004,5.115703106,7.515024185,5.233812809,7.417223930,4.993616104,5.784938335,5.072169304,5.912971973,6.701569080,5.101185799,5.178425789,5.447610855,5.218119621,5.101185799,6.890011311,5.062724113,5.253729820,5.062724113,5.434425354,5.062724113,5.620957375,5.057926178,6.028760910,5.398105145,5.477022171,5.180834770,5.180834770,5.823570728,5.062724113,5.218119144]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364879259,"flow_dst_last_pkt_time":1578508365194549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365194549,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UNhAACEGQrU0u88bwKgBuHZf3S3Pd7n21PprjoAQAfmqiwAAAQEICm8lvuMi2JWb"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365194618,"flow_src_last_pkt_time":1578508365194618,"flow_dst_last_pkt_time":1578508365194618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365194618,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -326,13 +326,13 @@ 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365300081,"flow_src_last_pkt_time":1578508365300081,"flow_dst_last_pkt_time":1578508365300081,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365300081,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365300081,"flow_dst_last_pkt_time":1578508365300081,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365300081,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"} 02137{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508365154217,"flow_dst_last_pkt_time":1578508365304459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":413,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":469,"midstream":0,"thread_ts_usec":1578508365304459,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":25594.8,"max":159357,"stddev":56992.8,"var":3248178688.0,"ent":2.5,"data": [157669,157791,1578,152892,8130,159357,1177,13,61,20,78,1877,13,527,1,123,12,130,3,101,114,166,3,78,34,46,32,749,390,149661,614]},"pktlen": {"min":46,"avg":87.5,"max":465,"stddev":99.1,"var":9815.1,"ent":4.5,"data": [64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.421927452,5.346035480,5.077241421,7.486079693,5.156889439,7.536809444,5.038779736,5.887475491,5.154217243,6.869001865,5.192151070,5.540970802,5.945767879,5.232362270,5.038779736,5.077241421,5.268505096,5.556758881,5.077241421,5.038780212,5.612979889,5.038780212,5.673190117,5.078745365,5.080696106,5.322218418,5.522660255,5.077241421,5.156889915,5.077241421,5.233813286,3.768982887]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -02138{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1231,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365188877,"flow_dst_last_pkt_time":1578508365309479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":490,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":554,"midstream":0,"thread_ts_usec":1578508365309479,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":20402.5,"max":130950,"stddev":46194.5,"var":2133934848.0,"ent":2.4,"data": [130846,130950,1277,122765,1253,122671,155,10,149,9,88,86,123,126,124,123,256,9,49,17,28,59,7,51,29,22,20,121098,33,23,22]},"pktlen": {"min":46,"avg":93.0,"max":573,"stddev":122.2,"var":14931.5,"ent":4.3,"data": [64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46]},"bins": {"c_to_s": [16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1],"entropies": [4.484427452,5.300120831,5.038779736,7.626091480,5.156889439,7.533421516,5.077241898,5.942617416,5.156890869,5.038780212,5.038780212,5.524824619,5.077241898,5.583567619,5.077241898,5.156889439,5.038780212,5.902298450,5.116480827,6.768815994,5.105699062,5.552071571,5.744618893,5.116480827,5.117732525,5.395370483,5.552071571,5.077241421,3.926020861,3.969499111,3.969499111,3.969499111]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1231,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365188877,"flow_dst_last_pkt_time":1578508365309479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":490,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":554,"midstream":0,"thread_ts_usec":1578508365309479,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":20402.5,"max":130950,"stddev":46194.5,"var":2133934848.0,"ent":2.4,"data": [130846,130950,1277,122765,1253,122671,155,10,149,9,88,86,123,126,124,123,256,9,49,17,28,59,7,51,29,22,20,121098,33,23,22]},"pktlen": {"min":46,"avg":93.0,"max":573,"stddev":122.2,"var":14931.5,"ent":4.3,"data": [64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46]},"bins": {"c_to_s": [16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1],"entropies": [4.484427452,5.300120831,5.038779736,7.626091480,5.156889439,7.533421516,5.077241898,5.942617416,5.156890869,5.038780212,5.038780212,5.524824619,5.077241898,5.583567619,5.077241898,5.156889439,5.038780212,5.902298450,5.116480827,6.768815994,5.105699062,5.552071571,5.744618893,5.116480827,5.117732525,5.395370483,5.552071571,5.077241421,3.926020861,3.969499111,3.969499111,3.969499111]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365315790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1578508365315790,"pkt":"KDc3AG3IEBMx8Tl2CABFAACymwlAACMRP1cS26efwKgBuHZfdl8AnsFrVj4puAH6ZgARKbHJmno0oUTDSx6ME3WyQvgYFdLFf82IMxF0n+9n2kTCv9WKp0W5OWAeoQIHesUQlOhBZUox8XuUKjSw2r\/cLxIh6clEUwjRudwx4mptlXU2a3WMaDxBAALzy4RPFs69gun3gnZfoAez3OWZbA2U21K6mmqEcXi9Zewq23MX\/wTlxWTRncmbhF4WIGEK"} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365315825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365315825,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365316928,"flow_dst_last_pkt_time":1578508365315825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1578508365316928,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAmgAAEAR+vjAqAG4Etunn3Zfdl8Anj7AyKLY5AHDHkr8d6KSA+T3Tls\/POEygEa\/IYu00zDsS\/rUOw6lzLJwrJGeGp5ZbDZpK7GjW2rkr31SRKZcwxqVK3x67DtjZyUlj3CybqwG4tIXJkxmTgyRuyMntMeOtUM\/AQLzy4QS26efgnZfgnZfoHHmTsGRrnzVxQL11iO++KKHOj5MAupMb8wptAYYk7P0hF4WIGEF"} 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365327684,"flow_dst_last_pkt_time":1578508365329449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":462,"flow_dst_max_l4_payload_len":442,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":778,"midstream":0,"thread_ts_usec":1578508365329449,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":11280.5,"max":57129,"stddev":22219.5,"var":493705824.0,"ent":2.8,"data": [56823,56925,1602,56390,2342,57129,531,462,124,8,117,8,162,10,51,23,20,1132,926,430,2,33,26,92,56511,32,22,55939,9,1784,32]},"pktlen": {"min":52,"avg":100.4,"max":514,"stddev":109.7,"var":12030.8,"ent":4.5,"data": [64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1],"entropies": [4.515677452,5.240226269,5.115703106,7.534019470,5.233812809,7.516967297,5.154164791,5.847379684,5.115703106,6.830158234,5.194627285,5.024262905,5.038780212,5.926107883,5.078744888,6.739013672,5.192151070,5.482147217,5.671802521,5.115703106,5.887475491,5.191953182,6.048761845,5.522709846,5.522660255,5.233812809,5.894998550,6.621984482,5.115703106,5.062724590,5.776439667,5.272274494]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 02138{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1264,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523182,"flow_src_last_pkt_time":1578508365078877,"flow_dst_last_pkt_time":1578508365330913,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1578508365330913,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":43981.5,"max":300415,"stddev":100376.1,"var":10075352064.0,"ent":2.3,"data": [300373,300415,1705,253379,743,11,252408,10,126,124,122,12,120,7,112,11,115,13,362,33,90,11,17,64,29,59,24,45,44,252812,30]},"pktlen": {"min":46,"avg":88.3,"max":583,"stddev":106.2,"var":11275.5,"ent":4.4,"data": [64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.428027153,5.279368877,5.038780212,7.657849789,5.131024361,7.439465523,5.864164352,5.000318527,5.000318050,5.244720936,5.038779736,5.317672253,5.536067009,5.000318050,5.000318050,5.563788414,5.169486046,5.000318050,5.000318050,5.759441853,4.989030361,6.735422134,5.192151546,5.357292175,5.816047192,5.041008472,5.154769897,5.339193821,5.410754204,5.038779736,3.682026386,3.682026386]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1282,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365350710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508365350710,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":45181.0,"max":308079,"stddev":102626.0,"var":10532101120.0,"ent":2.4,"data": [308002,308079,2079,260252,1619,259755,495,482,122,10,122,8,118,9,119,17,140,15,66,21,45,75,23,49,39,20,18,2347,1915,254515,36]},"pktlen": {"min":46,"avg":89.8,"max":523,"stddev":108.1,"var":11684.8,"ent":4.4,"data": [64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.515677452,5.379368782,5.115703106,7.587895393,5.233812809,7.532115936,5.077241421,5.898149014,5.038779736,5.232362747,5.231468678,5.000318050,5.038779736,5.618297577,5.642390728,5.038779736,5.000318050,5.825033665,5.041009426,6.724864960,5.192151070,5.429300308,5.854679585,5.078745842,5.117733479,5.462270737,5.482147217,5.038779736,5.195351601,5.077241421,5.195351601,3.768982887]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02140{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1282,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365350710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508365350710,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":45181.0,"max":308079,"stddev":102626.0,"var":10532101120.0,"ent":2.4,"data": [308002,308079,2079,260252,1619,259755,495,482,122,10,122,8,118,9,119,17,140,15,66,21,45,75,23,49,39,20,18,2347,1915,254515,36]},"pktlen": {"min":46,"avg":89.8,"max":523,"stddev":108.1,"var":11684.8,"ent":4.4,"data": [64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.515677452,5.379368782,5.115703106,7.587895393,5.233812809,7.532115936,5.077241421,5.898149014,5.038779736,5.232362747,5.231468678,5.000318050,5.038779736,5.618297577,5.642390728,5.038779736,5.000318050,5.825033665,5.041009426,6.724864960,5.192151070,5.429300308,5.854679585,5.078745842,5.117733479,5.462270737,5.482147217,5.038779736,5.195351601,5.077241421,5.195351601,3.768982887]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365408726,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365408726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365408726,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365408726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1578508365408726,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdhY9AAC4RWjq3gfKkwKgBuAQAdl8AiS5Y3VkKujBE9K5giYMoNotbt65xxd7ko3VSXKgTCSaupxKnp71rmT0XRsX6xoF5macEurqmdfib0\/9m0ybRIVy\/Qzz+\/\/zwyKtEHKyC9Xjjwvc8TLpzNetXjDWFS0pbC\/Z0AQHeBcuErBRsfYJ2X4J2X8uETxbOvYLp94J2X4ReFiBh"} 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365408726,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365408726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365408726,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -350,7 +350,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365279592,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365458807,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365458850,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365458850,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"} 01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365460380,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"thread_ts_usec":1578508365460380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGwj7AqAG4NAmARN1Vdl\/t7etc0eyX2IAYECw2bAAAAQEICiLYl6CDIEEYAdYE5LsQSZlDUqqTHDd28VIop408G8yHQ+g12SBtC4bobvsWyQ4YWXiRfGVfScHSSUnTjTpf\/+23Sz0kCTGUpeeZFIqw3JnBHdptJpv6R2QSdjwWF97DyrJFySS8bo0Z5f6iv8act5Gj4QOtF9wl7L4XXQ\/F1DNsc\/lWP2vigp16BUuZMGglwG663lAad9u0dkQ9FK2\/7\/8AOVyotPmi+JeFwCWQ8jE2NRIY\/iLlnhd84GwGpOWfGlXg2sRox3c92a0drS3o5YJyHfODCJKd193nihFVDq18n74tRhyKX6zzotiy\/kwSO6m\/\/Y8jtY8L+ZeEz+ApaHZAgbWiteJxWtEen3Z6RV1DI8tKhdynvtOMMOzz49Rx25gKK9DSlgEi54tvDDIa4VG2z8P5l1nvHLjyaLGh0LL6goab8xtTadEJUjCnY3t\/fZrnnudTuWibKhNHBZrOh1FASkf\/u4aIsAaa\/fTHS++2nsizi3dopiJ8G9PkpE7aMhPDUyHILPc8tYAJAyXN39XQYwYzL+ry\/\/lAbapCn30R24vKqkiwseOuDMtEC9yiUtZN\/ju0Qt6\/PDHFGgfGtibb9zS0CSW6nDPiDOBnf9bT0whSnVZlZ+MLutLVJqm5jA=="} -00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365460380,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365460380,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365460380,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365460380,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365461164,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365461164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365461164,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365461164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365461164,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="} 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365461164,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365461164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365461164,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -437,7 +437,7 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365466737,"flow_dst_last_pkt_time":1578508365837105,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365837105,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0q5tAACsGiei2oqE9wKgBuHZf3Ueh\/8nVB33+UYAQAHo91wAAAQEICjwSYk8i2Jem"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365846680,"flow_src_last_pkt_time":1578508365846680,"flow_dst_last_pkt_time":1578508365846680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365846680,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365846680,"flow_dst_last_pkt_time":1578508365846680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365846680,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"} -02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1700,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365851788,"flow_dst_last_pkt_time":1578508365851734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":764,"midstream":0,"thread_ts_usec":1578508365851788,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":36914.1,"max":194120,"stddev":74421.4,"var":5538540544.0,"ent":2.7,"data": [179215,179258,1530,193512,372,17,192344,9,225,230,714,12,52,18,61,2845,2062,406,9,21,19,104,193755,151,777,194120,128,66,1119,26,1161]},"pktlen": {"min":52,"avg":100.2,"max":524,"stddev":109.0,"var":11872.9,"ent":4.5,"data": [64,60,52,524,52,480,84,52,52,184,52,84,53,176,55,68,80,52,84,53,100,67,68,52,52,84,52,133,52,83,52,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0],"entropies": [4.453177452,5.348397732,4.961856365,7.599962234,4.933627129,7.510960579,5.832557201,4.932822704,4.932822704,6.835141659,4.894361019,5.783250809,5.064501762,6.716285229,5.069335938,5.335089684,5.759187222,4.947339535,5.789087296,5.078744888,6.152247906,5.259534836,5.434425354,4.972088337,5.025067329,5.878987312,5.038779736,6.474194050,4.961856842,5.903718472,5.154969215,4.961856842]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02149{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1700,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365851788,"flow_dst_last_pkt_time":1578508365851734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":764,"midstream":0,"thread_ts_usec":1578508365851788,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":36914.1,"max":194120,"stddev":74421.4,"var":5538540544.0,"ent":2.7,"data": [179215,179258,1530,193512,372,17,192344,9,225,230,714,12,52,18,61,2845,2062,406,9,21,19,104,193755,151,777,194120,128,66,1119,26,1161]},"pktlen": {"min":52,"avg":100.2,"max":524,"stddev":109.0,"var":11872.9,"ent":4.5,"data": [64,60,52,524,52,480,84,52,52,184,52,84,53,176,55,68,80,52,84,53,100,67,68,52,52,84,52,133,52,83,52,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0],"entropies": [4.453177452,5.348397732,4.961856365,7.599962234,4.933627129,7.510960579,5.832557201,4.932822704,4.932822704,6.835141659,4.894361019,5.783250809,5.064501762,6.716285229,5.069335938,5.335089684,5.759187222,4.947339535,5.789087296,5.078744888,6.152247906,5.259534836,5.434425354,4.972088337,5.025067329,5.878987312,5.038779736,6.474194050,4.961856842,5.903718472,5.154969215,4.961856842]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365852452,"flow_src_last_pkt_time":1578508365852452,"flow_dst_last_pkt_time":1578508365852452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365852452,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365852452,"flow_dst_last_pkt_time":1578508365852452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365852452,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1724,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365594975,"flow_dst_last_pkt_time":1578508365881659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1578508365881659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEm9AADQGZggj5egTwKgBuHZf3VbzHyaN6OsKtlAQAOd\/jwAAAAAAAAAA"} @@ -485,7 +485,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365828265,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508366081823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1578508366081862,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366081862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"} 01097{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"thread_ts_usec":1578508366083506,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHIAABAAEAGWg7AqAG4DfsOx91mdl9PCwRidy3gf4AYECz5oAAAAQEICiLYmdsTnX6eAZIEFrCo0N0ttqxpYaQ6\/DDzSswuwkgUgdNkL3WZM1v1fyZ2Ylb0NhLSoQBhonZfsRcPAuF\/WO+nwsCvfGQeXaGMXAMSJ7v0OK8rWtUAPR\/+qKg\/XDdHLSziLdfWzAHrSQazvItj3Lw3XRQytKVnPvrtJorfzhpqvmlk3d37bBGJ23mvRwVp6tPmv1ESOYsCymML4zMT1t025sBho2nQSsaSJ4ZnhF0vk41IwL32D5dq21fVy5+y1NCcpufvNBWXe2eG07dRg8loNL6osx09j8oPyPKWdkxz7f\/DS6IBNmlc912u9lmrDEBrovoPr+LTCo8NesjjPWN0GGyRe3fwZ4NJTeCiNRLC8wl+lpmnFnS\/\/w+3lom\/uRfaeuXXdvZmEq8WiM6jvqdvu+VG1DiPSG4DrK31EcD8gbYHKYXiSBoMYQDJ\/z4TrLKf4Ij6fWuNND3e3uJqm4GTASLM2T5zBmJCMa1h0RvyDJ6RKhfmsA4tFXWF4FD7J9ZVLqqtXan1mlOvoM8do0UUOv6GHD3Zlxjl0SY="} -00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366083506,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366083506,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1578508366049271,"flow_dst_last_pkt_time":1578508366090791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366090791,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0\/xlAAC4GasozU+0swKgBuHZf3WzP3gWGHaeOqIAQAOzR6gAAAQEICmlUxZoi2Jm+"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1578508366059449,"flow_dst_last_pkt_time":1578508366096835,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366096835,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA00c9AADEG\/1VYY13bwKgBuHZf3W1kMpWwgknWYYAQAOzntgAAAQEICldNWzMi2JnH"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1578508366073881,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508366117663,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="} @@ -493,16 +493,16 @@ 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"thread_ts_usec":1578508366119559,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHLAABAAEAGPOzAqAG4zr1rI91udl8AOSk\/hQVLAYAYECxdpAAAAQEICiLYmftn2sBGAZUEFk3FYfNys9s55XyY23YdDU3mEgfTwzJe27SlFM87eEMrJbt8cMgfjrjKWMiVLh8DFSnipO+kUBBPaWEbU3Ynmx9QZ3LCiokcuUn7Dv\/+DsRlOpOb9d7+9uxwgEIscONdRtih2SP3JkYCA5iz3x9iSDdCsdlbaZrLb4ApkwQdkHEdITIkUszUt2IX2uTJSV+yWP5LgWIqw0LC3HCjWNkdNsXaTWnyoaf2cxQE1sr8DLAEkla6sbskUUPcZxZdZjiulq\/TmUBdEsi20dCtnTcf\/jmlhSZy3voPmKqnhBPKSsaSYV7gSfuhHvsx91uppt0PNe3c4y1gZjJmVqYegwNwd0Rhv3znUxx3KvFnJvEHZ7qFrzJd+ENToWIdx6FI8UpuevN49imKrwGh6WMiZD5f+DuvvAz7122yS8O20jeD8xnmRJeaN9NLvP5y82I4mw+mgnTQZFXTXU9XVqqqQlOkUsTMTiF0dbm32C97Qj202x3I4SGZE8nwdInxnX8nY65E\/K8JK0edlNviRiUkfu9o\/gCJI\/Y="} 00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366119559,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1983,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508366123630,"flow_dst_last_pkt_time":1578508366123331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":567,"flow_dst_max_l4_payload_len":347,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":859,"midstream":0,"thread_ts_usec":1578508366123630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":26506.8,"max":285939,"stddev":65286.3,"var":4262303488.0,"ent":2.6,"data": [40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216]},"pktlen": {"min":52,"avg":109.6,"max":619,"stddev":120.4,"var":14503.6,"ent":4.5,"data": [64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84]},"bins": {"c_to_s": [16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0],"entropies": [4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":23,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365853609,"flow_dst_last_pkt_time":1578508366038811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":23,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365853609,"flow_dst_last_pkt_time":1578508366038811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365239481,"flow_dst_last_pkt_time":1578508365272465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365461164,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365899554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523182,"flow_src_last_pkt_time":1578508365078877,"flow_dst_last_pkt_time":1578508365331579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":22,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365354316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":22,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365354316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508363333871,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364867557,"flow_dst_last_pkt_time":1578508364919424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":682,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":24,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365440433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364654361,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364729798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1055,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364664127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364664127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":29,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365706352,"flow_dst_last_pkt_time":1578508365838573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":421,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":837,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365701530,"flow_src_last_pkt_time":1578508365787932,"flow_dst_last_pkt_time":1578508365828827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":356,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":5,"flow_first_seen":1578508365094625,"flow_src_last_pkt_time":1578508365839944,"flow_dst_last_pkt_time":1578508365839070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":488,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":504,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -529,7 +529,7 @@ 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365225822,"flow_dst_last_pkt_time":1578508365257303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":417,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":23,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365152350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365751522,"flow_dst_last_pkt_time":1578508366012064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":539,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954930,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954930,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364824407,"flow_dst_last_pkt_time":1578508364937177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":470,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":534,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":7,"flow_first_seen":1578508366005550,"flow_src_last_pkt_time":1578508366135917,"flow_dst_last_pkt_time":1578508366135790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":561,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":638,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365189114,"flow_src_last_pkt_time":1578508365295262,"flow_dst_last_pkt_time":1578508365331677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":508,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -537,7 +537,7 @@ 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732443,"flow_src_last_pkt_time":1578508365736342,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692141,"flow_src_last_pkt_time":1578508363692141,"flow_dst_last_pkt_time":1578508363692141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":5,"flow_first_seen":1578508365300081,"flow_src_last_pkt_time":1578508366073587,"flow_dst_last_pkt_time":1578508366073178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":785,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365188877,"flow_dst_last_pkt_time":1578508365309934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":490,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":554,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365188877,"flow_dst_last_pkt_time":1578508365309934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":490,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":554,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365009842,"flow_src_last_pkt_time":1578508365099452,"flow_dst_last_pkt_time":1578508365126662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":532,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":27,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365195126,"flow_dst_last_pkt_time":1578508365241563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":382,"flow_src_tot_l4_payload_len":762,"flow_dst_tot_l4_payload_len":798,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508364523037,"flow_src_last_pkt_time":1578508365387385,"flow_dst_last_pkt_time":1578508365656960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":667,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -546,7 +546,7 @@ 00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365846680,"flow_src_last_pkt_time":1578508366021276,"flow_dst_last_pkt_time":1578508366076116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":370,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":642,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508365154217,"flow_dst_last_pkt_time":1578508365305200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":413,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":469,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":9,"flow_first_seen":1578508365295537,"flow_src_last_pkt_time":1578508365885091,"flow_dst_last_pkt_time":1578508365884827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":433,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01080{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":27,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365959875,"flow_dst_last_pkt_time":1578508365961099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":935,"flow_dst_tot_l4_payload_len":823,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523039,"flow_src_last_pkt_time":1578508365008936,"flow_dst_last_pkt_time":1578508365220768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":690,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -560,17 +560,17 @@ 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365919739,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365951357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":147,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1578508365194618,"flow_src_last_pkt_time":1578508366069091,"flow_dst_last_pkt_time":1578508366068384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":494,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":782,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364925728,"flow_dst_last_pkt_time":1578508365036380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":543,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365818517,"flow_dst_last_pkt_time":1578508365942196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":449,"flow_dst_tot_l4_payload_len":1760,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365818517,"flow_dst_last_pkt_time":1578508365942196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":449,"flow_dst_tot_l4_payload_len":1760,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364421473,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364694327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1136,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":28,"flow_first_seen":1578508364924936,"flow_src_last_pkt_time":1578508365071322,"flow_dst_last_pkt_time":1578508365071971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":494,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":894,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364723459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364723459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1578508364382655,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364651426,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":2964,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":37,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364665328,"flow_dst_last_pkt_time":1578508364687375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01075{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523327,"flow_src_last_pkt_time":1578508365619930,"flow_dst_last_pkt_time":1578508364523327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523327,"flow_src_last_pkt_time":1578508365619930,"flow_dst_last_pkt_time":1578508364523327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":573,"global_ts_usec":1578508366135917} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":573,"global_ts_usec":1578508366135917} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -579,9 +579,9 @@ ~~ total active/idle flows...: 74/74 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8880530 bytes -~~ total memory freed........: 8880530 bytes -~~ total allocations/frees...: 143339/143339 +~~ total memory allocated....: 9647240 bytes +~~ total memory freed........: 9647240 bytes +~~ total allocations/frees...: 157305/157305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2157 chars diff --git a/test/results/default/ethernetIP.pcap.out b/test/results/default/ethernetIP.pcap.out index 13fd22d33..ff19a6680 100644 --- a/test/results/default/ethernetIP.pcap.out +++ b/test/results/default/ethernetIP.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1352718180263865} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1352718180263865} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1352718180263865,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="} 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -32,7 +32,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1352718180265384,"flow_src_last_pkt_time":1352718181047922,"flow_dst_last_pkt_time":1352718181046461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":352,"flow_dst_max_l4_payload_len":474,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":1864,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":1352718180390103,"flow_src_last_pkt_time":1352718181046315,"flow_dst_last_pkt_time":1352718181050397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1492,"flow_dst_tot_l4_payload_len":1106,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1352718180397556,"flow_src_last_pkt_time":1352718181046133,"flow_dst_last_pkt_time":1352718181017708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1538,"flow_dst_tot_l4_payload_len":860,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1352718181050397} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1352718181050397} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655050 bytes -~~ total memory freed........: 8655050 bytes -~~ total allocations/frees...: 140666/140666 +~~ total memory allocated....: 9419520 bytes +~~ total memory freed........: 9419520 bytes +~~ total allocations/frees...: 154632/154632 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2151 chars diff --git a/test/results/default/ethersbus.pcap.out b/test/results/default/ethersbus.pcap.out index 2a7eb029a..79e5e4c86 100644 --- a/test/results/default/ethersbus.pcap.out +++ b/test/results/default/ethersbus.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1119024300361278} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1119024300361278} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1119024300361278,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1119024300361278,"pkt":"AFDCDF0nAAR14vSPCABFAAAp4p0AAIAR\/QasEAF4rBABhwmjE7oAFU3cAAAADQEAAAEACiBTGA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1119024300361278,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Ether-S-Bus","proto_id":"368","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -8,7 +8,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1119024300369033,"flow_dst_last_pkt_time":1119024300376367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1119024300376367,"pkt":"AAR14vSPAFDCDF0nCABFAAArKxoAAB4RFomsEAGHrBABeBO6CaMAF6QUAAAADwAAAAIBTW9kZWwNAAAA"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1119024300377012,"flow_dst_last_pkt_time":1119024300376367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1119024300377012,"pkt":"AFDCDF0nAAR14vSPCABFAAA14qEAAIAR\/PasEAF4rBABhwmjE7oAIW2KAAAAGQEAAAMAClEKAMQ8I8YAAMRETnV6Cg=="} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300457007,"flow_dst_last_pkt_time":1119024300466212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":230,"midstream":0,"thread_ts_usec":1119024300466212,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ether-S-Bus","proto_id":"368","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1119024300466212} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1119024300466212} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645422 bytes -~~ total memory freed........: 8645422 bytes -~~ total allocations/frees...: 140553/140553 +~~ total memory allocated....: 9409796 bytes +~~ total memory freed........: 9409796 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 986 chars diff --git a/test/results/default/ethersio.pcap.out b/test/results/default/ethersio.pcap.out index 601b4b770..f5372eeda 100644 --- a/test/results/default/ethersio.pcap.out +++ b/test/results/default/ethersio.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1279888308544606} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1279888308544606} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888308544606,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1279888308544606,"pkt":"AFDCjQ2CAFDCvyBeCABFAABNhU8AAEARmPisFwIbrBcCDwQAF6wAOXbIRVNJTwABAAAAMXYWAAAAGAAAAA0BAAAAAFwAAAABABEAAAswAAAAAAAAAAAAAAAA\/w=="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888308544606,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -9,7 +9,7 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1279888308942138,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1279888308942138,"pkt":"AFDCjQ2CAFDCvyBeCABFAABNhVMAAEARmPSsFwIbrBcCDwQAF6wAOXbERVNJTwABAAAAMXYaAAAAGAAAAA0BAAAAAFwAAAABABEAAAswAAAAAAAAAAAAAAAA\/w=="} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888311540875,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1543,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888311540875,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":96653.8,"max":111455,"stddev":18558.1,"var":344403296.0,"ent":4.9,"data": [96162,97433,107881,96056,97599,109902,95490,95566,98398,3,111001,95507,96493,95973,109998,96979,96994,97899,109080,95700,95853,95658,111455,95276,100124,106350,95476,95590,108907,95554,95912]},"pktlen": {"min":52,"avg":76.2,"max":77,"stddev":4.3,"var":18.9,"ent":5.0,"data": [77,77,77,77,77,77,77,77,77,52,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77]},"bins": {"c_to_s": [1,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [3.361773968,3.345603704,3.361774206,3.387748003,3.361773968,3.361774206,3.387748003,3.387748003,3.387748003,3.744090796,3.387748003,3.387748003,3.387748003,3.361773968,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.361774206,3.361774206,3.345603704,3.387748003,3.387748003]},"ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888311939437,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1714,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888311939437,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1714,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1279888311939437} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1714,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1279888311939437} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645886 bytes -~~ total memory freed........: 8645886 bytes -~~ total allocations/frees...: 140569/140569 +~~ total memory allocated....: 9410260 bytes +~~ total memory freed........: 9410260 bytes +~~ total allocations/frees...: 154535/154535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 2176 chars diff --git a/test/results/default/exe_download.pcap.out b/test/results/default/exe_download.pcap.out index c9c712dd6..f5d503b88 100644 --- a/test/results/default/exe_download.pcap.out +++ b/test/results/default/exe_download.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569434051004796} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569434051004796} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051004796,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434051004796,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051004796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569434051004796,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051324116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1569434051324116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="} @@ -9,7 +9,7 @@ 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051325236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569434051325236,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoBbEAAIAGO5OQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vAsEQAA"} 01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051623372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434051623372,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"144.91.69.195","domainame":"144.91.69.195","http": {"url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}} 01600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051760034,"flow_dst_last_pkt_time":1569434051659215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":13620,"midstream":0,"thread_ts_usec":1569434051760034,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"144.91.69.195"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13773,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1569434051760034} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13773,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1569434051760034} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645681 bytes -~~ total memory freed........: 8645681 bytes -~~ total allocations/frees...: 140564/140564 +~~ total memory allocated....: 9410055 bytes +~~ total memory freed........: 9410055 bytes +~~ total allocations/frees...: 154530/154530 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 1742 chars diff --git a/test/results/default/exe_download_as_png.pcap.out b/test/results/default/exe_download_as_png.pcap.out index 0a7eca352..a8fed0349 100644 --- a/test/results/default/exe_download_as_png.pcap.out +++ b/test/results/default/exe_download_as_png.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569434903040298} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569434903040298} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903040298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434903040298,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903040298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569434903040298,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903440451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1569434903440451,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="} @@ -10,7 +10,7 @@ 01478{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434903441012,"flow_dst_last_pkt_time":1569434904053845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434904053845,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"185.98.87.185","domainame":"185.98.87.185","http": {"url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}} 02576{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434904481632,"flow_dst_last_pkt_time":1569434904508320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":25916,"midstream":0,"thread_ts_usec":1569434904508320,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":93850.2,"max":613012,"stddev":192589.9,"var":37090865152.0,"ent":2.7,"data": [400153,400486,228,717,612677,12,613012,424,482,834,426,507,936,1134,423,1552,361,732,1082,417726,1390,103,419479,654,405,941,2596,154,2784,26602,344]},"pktlen": {"min":40,"avg":855.0,"max":1500,"stddev":664.6,"var":441668.3,"ent":4.4,"data": [52,44,40,189,40,1500,1308,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404]},"bins": {"c_to_s": [10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.593450069,4.921897411,4.734183788,5.453228951,4.630641460,3.420540333,0.300011843,4.784183979,0.284853339,4.608477116,4.784183979,4.479417324,3.353007078,4.684184074,3.253508806,3.476947546,4.734183788,4.057516575,5.282192707,4.734183788,5.523138046,4.632616997,4.955163479,4.715311527,4.361701965,2.729017735,4.734184265,6.268059254,4.366500378,4.734183788,4.014078617,2.777677774]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"185.98.87.185"}} 01367{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":67,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434904944506,"flow_dst_last_pkt_time":1569434904944721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":88660,"midstream":0,"thread_ts_usec":1569434904944721,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"185.98.87.185"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88809,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1569434904944721} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88809,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1569434904944721} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647896 bytes -~~ total memory freed........: 8647896 bytes -~~ total allocations/frees...: 140641/140641 +~~ total memory allocated....: 9412270 bytes +~~ total memory freed........: 9412270 bytes +~~ total allocations/frees...: 154607/154607 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 2581 chars diff --git a/test/results/default/facebook.pcap.out b/test/results/default/facebook.pcap.out index fb54216a6..491086b26 100644 --- a/test/results/default/facebook.pcap.out +++ b/test/results/default/facebook.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1472393122365661} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1472393122365661} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393122365661,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122365661,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122668038,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="} @@ -20,7 +20,7 @@ 02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124118414,"flow_dst_last_pkt_time":1472393124118402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":992,"flow_dst_tot_l4_payload_len":15090,"midstream":0,"thread_ts_usec":1472393124118414,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":36622.1,"max":154982,"stddev":57898.8,"var":3352273664.0,"ent":3.3,"data": [132117,132136,193,154701,485,154982,244,3282,129361,125921,442,418,797,119231,4520,123730,627,605,1230,4940,621,5568,8878,7797,16680,916,530,1441,790,657,1444]},"pktlen": {"min":52,"avg":555.1,"max":1440,"stddev":613.3,"var":376153.1,"ent":4.1,"data": [60,60,52,569,52,198,52,103,438,133,90,90,94,52,1440,431,52,1440,576,52,1440,1440,52,1440,1440,52,1440,1440,52,1440,1440,52]},"bins": {"c_to_s": [10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.760014057,5.194312096,5.053297043,6.165235996,5.091758251,6.462422371,5.053297043,5.523866653,7.463335991,6.461145878,5.587870598,5.919519901,5.958845615,5.014835358,7.843218803,7.552490711,5.025067806,7.863905430,7.631061554,5.025067329,7.860723495,7.881686687,5.063529015,7.870133877,7.854965687,5.063529015,7.867281437,7.861505032,5.025067329,7.849763870,7.860621929,5.025067329]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393123408152,"flow_dst_last_pkt_time":1472393123665163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":743,"flow_dst_tot_l4_payload_len":3732,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124218612,"flow_dst_last_pkt_time":1472393124229315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":20642,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1472393124229315} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1472393124229315} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8752797 bytes -~~ total memory freed........: 8752797 bytes -~~ total allocations/frees...: 140639/140639 +~~ total memory allocated....: 9517236 bytes +~~ total memory freed........: 9517236 bytes +~~ total allocations/frees...: 154606/154606 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2196 chars diff --git a/test/results/default/false_positives.pcapng.out b/test/results/default/false_positives.pcapng.out index 097a2a472..45132c077 100644 --- a/test/results/default/false_positives.pcapng.out +++ b/test/results/default/false_positives.pcapng.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211795792449} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211795792449} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795792449,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795792449} 00468{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAGTH7QAAQBF0ZgqGGUwKhA+wCGgIaABQydQw\/wBAA9RPVEUAAEAAAEAAPgafJwqM5xqfQQyp7xIBu70k08cAAAAAsAL\/\/zWOAAACBAW0AQMDBQEBCApIjJmXAAAAAAQCAAA="} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795871687,"packet_id":2,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795871687} @@ -8,7 +8,7 @@ 00882{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":435,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":435,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAZ3JqAAAQBFxcgqGGUwKhA+wCGgIaAGJx2Iw\/wF5A9RPVEUAAXkAAEAAPgad7gqM5xqfQQyp7xIBu70k08h64qnngBgQIDa1AAABAQgKSIyaGnITADZHRVQgL3dzIEhUVFAvMS4xDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogd2x1ZG8uc3VwZXJraW5nbGFicy5jb206NDQzDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiAyZUJpallVakdXQkhENFdZRDA1ekhnPT0NCk9yaWdpbjogaHR0cDovL3dsdWRvLnN1cGVya2luZ2xhYnMuY29tOjQ0Mw0KU2VjLVdlYlNvY2tldC1Qcm90b2NvbDogZGVmYXVsdC1wcm90b2NvbA0KU2VjLVdlYlNvY2tldC1FeHRlbnNpb25zOiANClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCg0K"} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795991725,"packet_id":4,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795991725} 00702{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":298,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQANQoEAAHEIAEUAARTtiwAAOxFTSAqED7AKhhlMCGgIaAEAAAAw\/wDwHEN000UAAPCpt0AAMAYCwJ9BDKkKjOcaAbvvEnriqee9JNUNgBgA68D6AAABAQgKchMAVEiMmhpIVFRQLzEuMSAxMDEgU3dpdGNoaW5nIFByb3RvY29scw0KU2VydmVyOiBuZ2lueC8xLjEyLjINCkRhdGU6IFdlZCwgMTkgT2N0IDIwMjIgMjA6MzY6MzUgR01UDQpDb25uZWN0aW9uOiB1cGdyYWRlDQpVcGdyYWRlOiB3ZWJzb2NrZXQNClNlYy1XZWJTb2NrZXQtQWNjZXB0OiBwVURxeGNYdy9zd2dQU2Y4aFdtM2JBMXZKUU09DQoNCg=="} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1715158193086997} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1715158193086997} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193086997,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193086997} 00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgAAUAAfBFgjgrAXFEKiCtFy2ZSOAC0HY2ACA9iQ21r\/DQSeFbV1dVV1dXV1dXV1VVV1dVVVVVVVVVVVVVVVVVV1VXV1dXV1dXV1dXV1dXVVdVVVVXVVVVVVVXV1VVVVVXV1VXV1dVV1dXVVVVV1dVVVVVVVVVVVVXVVdVVVdVVVVVVVdVV1dVV1VXV1dVV1VXV1VXVVVVVVdXV1VVVVVVVVVXV1VVVVdXV1dVV1VVV1dVVVVVVVVXV1dXVVVVVVdXVVdXV"} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193106355,"packet_id":6,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193106355} @@ -48,7 +48,7 @@ 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216983863,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1715158217003863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217003863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAEQAB+EZfbCn5GQwrsB+Fc6MPwALQAAIAIDOAbyM0ONBJ4VlVV1dXVVVXVVVVV1dXV1dXV1dVVVVVVVVVV1dVVVdXV1dXVVdXV1dXVVVVVVdXVVdXV1VVVVVXV1VXV1dVV1dXV1dXVVVVVVVXV1dXV1VXV1dXV1VVVVdXV1VVVVVVVVVXVVdVV1dXVVVXV1dVVVVVV1VVVVdVVVVVV1dVV1dXV1dXV1VVV1dVVVdXVVVVVVdXVVdVV1dXV1dXVVVVVVdU="} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1715158217023923,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217023923,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAFQAB+EZfaCn5GQwrsB+Fc6MPwALQAAIAIDOEbyM2uNBJ4VtXVVVXV1dXVVdVVVVVV1VVVVVXVVdXV1dXV1dVVVVVVVVXVVVXVVVVVVVXVVdXVVVXV1dXV1VVV1VXV1VVVVVVVVdXV1dXVVVXV1VXV1VVV1dVVVVXVVVXV1dXV1dVVVVVV1dVV1dVV1VVVVdXV1dXV1dXV1VVV1VVV1dVV1VVVVVXVVdXV1dXV1dXVVVVVVVXV1dVVVVXV1dVVVdVV1dU="} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":95,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1715244365850069} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":95,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1715244365850069} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365850069,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365850069} 00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvZnwAAOxGNmwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjKyKAdgMAFxyoAEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365870420,"packet_id":96,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365870420} @@ -81,7 +81,7 @@ 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvgigAAOxGGsAru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjIlSAdgMOFxywwEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366150574,"packet_id":110,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366150574} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvhHwAAOxGGGwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjobKAdgMPFxyxYEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":115,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1722795102659035} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":115,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1722795102659035} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102659035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722795102659035,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102659035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1722795102659035,"pkt":"CL6sCxduJjb1W8R1CABFLgA6GMRAAEARbpvAqAycOYCsYZMRJv0AJqszaAAPUYSgbEfxN9Y8wUZQdfxtl0Qa5VQhmMi9Nk0X"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102683745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1722795102683745,"pkt":"Jjb1W8R1CL6sCxduCABFAgA6zLVAAC0RzdU5gKxhwKgMnCb9kxEAJt9aNAAPK4SgbEfxN9Y7wUZQdfxtl0Qa5VQhmMi9Nk0X"} @@ -89,7 +89,7 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722795103171662,"flow_dst_last_pkt_time":1722795103195033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1722795103195033,"pkt":"Jjb1W8R1CL6sCxduCABFAgA+zl1AAC0RzCk5gKxhwKgMnCb9kxEAKhcefIARV9hiP0T1f\/Fgd1gOKpUqyBFtfSnaAZ6RACupnbgY0Q=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103195033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1722795103670366,"pkt":"CL6sCxduJjb1W8R1CABFLgBEGRVAAEARbkDAqAycOYCsYZMRJv0AMPyVD4AUTLPML0b7cBNBNNvKcqA4d1QFMSncQBKGQnoA2FojtdNgQfDokw=="} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158217284062,"flow_dst_last_pkt_time":1715158217274095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1722795103693084,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":121,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":92,"global_ts_usec":1729281221506087} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":121,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":92,"global_ts_usec":1729281221506087} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729281221506087,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1729281221506087,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAANBgFQABwBjmQW+61FVkfTwyMMA099+lCngAAAACAwiAAwSsAAAIEBbQBAwMIAQEEAg=="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1729281221540090,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1729281221540090,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAAKBgHQABwBjmaW+61FVkfTwyMMA099+lCnzr+l11QEAEAT1MAAAAAsF5ivw=="} @@ -100,7 +100,7 @@ 01701{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1729281221579370,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":""}} 01038{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1729281221579370,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1729281221579370,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":126,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6631,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":103,"global_ts_usec":1753435931000907} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":126,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6631,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":103,"global_ts_usec":1753435931000907} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1753435931000907,"flow_src_last_pkt_time":1753435931000907,"flow_dst_last_pkt_time":1753435931000907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1753435931000907,"l3_proto":"ip4","src_ip":"10.17.24.50","dst_ip":"20.1.35.76","src_port":4343,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1753435931000907,"flow_dst_last_pkt_time":1753435931000907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1753435931000907,"pkt":"AhrFAgAAAhrFAQAACABFAAA4t1pAACAGSdYKERgyFAEjTBD3ABkiq0BXAAAAAJACFqDywQAAAQEICqCQ53oAAAAAAgQFtA=="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1753435931000907,"flow_dst_last_pkt_time":1753435931000907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1753435931000907,"pkt":"AhrFAQAAAhrFAgAACABFAAA4NZFAACAGy58UASNMChEYMgAZEPeQd66jIqtAWJASFqArCQAAAQEICqCQ5\/ugkOd6AgQFtA=="} @@ -111,7 +111,7 @@ 02102{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1753435931000907,"flow_src_last_pkt_time":1753435931000910,"flow_dst_last_pkt_time":1753435931000910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":17350,"flow_dst_tot_l4_payload_len":594,"midstream":0,"thread_ts_usec":1753435931000910,"l3_proto":"ip4","src_ip":"10.17.24.50","dst_ip":"20.1.35.76","src_port":4343,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":0.2,"max":2,"stddev":0.5,"var":0.3,"ent":1.9,"data": [0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0]},"pktlen": {"min":52,"avg":613.0,"max":1500,"stddev":680.3,"var":462870.6,"ent":4.1,"data": [56,56,52,138,85,339,85,97,86,87,58,98,1500,1500,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1362,52,98,58,101,52,52,52]},"bins": {"c_to_s": [6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,11,0,0],"s_to_c": [4,5,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0],"entropies": [4.592034817,5.110576153,5.012470722,5.818453312,5.607757092,5.163115978,5.632461548,5.515374184,5.611857891,5.542898178,5.124717236,5.605163574,5.430507183,4.673416615,4.689605713,4.713969231,4.985800743,4.697263718,4.725033760,4.717308998,4.639083862,4.694829941,4.688250542,4.633277893,4.912499905,4.988526344,5.543939590,5.077219009,5.479640484,5.026988029,5.065449238,4.950064659]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"server-1402abab.example.int"}} 01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1753435931000907,"flow_src_last_pkt_time":1753435931000910,"flow_dst_last_pkt_time":1753435931000910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":17350,"flow_dst_tot_l4_payload_len":594,"midstream":0,"thread_ts_usec":1753435931000910,"l3_proto":"ip4","src_ip":"10.17.24.50","dst_ip":"20.1.35.76","src_port":4343,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"server-1402abab.example.int"}} 01703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1753435931000910,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":158,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24575,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":114,"global_ts_usec":1753435931000910} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":158,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24575,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":114,"global_ts_usec":1753435931000910} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 158/74 ~~ skipped flows.............: 0 @@ -120,9 +120,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8658610 bytes -~~ total memory freed........: 8658610 bytes -~~ total allocations/frees...: 140649/140649 +~~ total memory allocated....: 9423080 bytes +~~ total memory freed........: 9423080 bytes +~~ total allocations/frees...: 154615/154615 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 2234 chars diff --git a/test/results/default/false_positives2.pcapng.out b/test/results/default/false_positives2.pcapng.out index 3d50502f8..c287260b0 100644 --- a/test/results/default/false_positives2.pcapng.out +++ b/test/results/default/false_positives2.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725259225817145} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725259225817145} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725259225817145,"flow_src_last_pkt_time":1725259225817145,"flow_dst_last_pkt_time":1725259225817145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725259225817145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54900,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725259225817145,"flow_dst_last_pkt_time":1725259225817145,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725259225817145,"pkt":"AAADBAAGAAAAAAAAtfoIAEUAADywvEAAQAaL\/X8AAAF\/AAAB1nQE0gSSXbUAAAAAoAL\/1\/4wAAACBP\/XBAIICirlrdUAAAAAAQMDBw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725259225817145,"flow_dst_last_pkt_time":1725259225817149,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725259225817149,"pkt":"AAADBAAGAAAAAAAAykMIAEUAADwAAEAAQAY8un8AAAF\/AAABBNLWdOb3vLgEkl22oBL\/y\/4wAAACBP\/XBAIICirlrdUq5a3VAQMDBw=="} @@ -14,7 +14,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1725259303532842,"flow_dst_last_pkt_time":1725259303532854,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725259303532854,"pkt":"AAADBAAGAAAAAAAAgPIIAEUAADSDN0AAQAa5in8AAAF\/AAABBNLDTM\/EZqq63SAxgBAB+v4oAAABAQgKKubdaSrm3Wk="} 02001{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725259225817145,"flow_src_last_pkt_time":1725259366254253,"flow_dst_last_pkt_time":1725259366254239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":798,"flow_dst_max_l4_payload_len":2716,"flow_src_tot_l4_payload_len":2320,"flow_dst_tot_l4_payload_len":11149,"midstream":0,"thread_ts_usec":1725259366254253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54900,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":9060458.0,"max":139814845,"stddev":34337880.0,"var":1179090124013568.0,"ent":1.0,"data": [4,8,8464,8478,89748,89770,125,118,560,563,195914,195934,7938,7938,9289,9287,9388,9411,139814821,139814845,18,3816,3844,295667,295705,32,20,15,13,1229,1240]},"pktlen": {"min":52,"avg":473.9,"max":2768,"stddev":727.6,"var":529439.1,"ent":3.7,"data": [60,60,52,830,52,1566,52,2768,52,938,52,166,52,256,52,478,52,373,52,60,60,52,850,52,2100,52,2100,52,186,52,1534,52]},"bins": {"c_to_s": [12,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0,1,1,0,0,1,0,0,1,1,0,1,0,1,0,1,0],"entropies": [4.290281773,4.726748466,4.585552692,7.701568127,4.620844841,7.876086235,4.600069523,7.927463055,4.530653477,7.783354282,4.545560360,6.616910934,4.620844841,7.081049919,4.543921471,7.555677891,4.659306526,7.356009483,4.638531208,4.613301277,4.726748466,4.638531208,7.714006901,4.620844841,7.925951958,4.532573700,7.901313305,4.494112015,6.757308960,4.532573700,7.877298355,4.585552216]}} 00922{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725259225817145,"flow_src_last_pkt_time":1725259366254253,"flow_dst_last_pkt_time":1725259366254239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":798,"flow_dst_max_l4_payload_len":2716,"flow_src_tot_l4_payload_len":2320,"flow_dst_tot_l4_payload_len":11149,"midstream":0,"thread_ts_usec":1725259366254253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54900,"dst_port":1234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":46299,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1725259838197493} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":46299,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1725259838197493} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725259838197493,"flow_src_last_pkt_time":1725259838197493,"flow_dst_last_pkt_time":1725259838197493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725259838197493,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33550,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1725259838197493,"flow_dst_last_pkt_time":1725259838197493,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725259838197493,"pkt":"AAADBAAGAAAAAAAAuOMIAEUAADx2vUAAQAbF\/H8AAAF\/AAABgw4E0sCh1NwAAAAAoAL\/1\/4wAAACBP\/XBAIICirvBfIAAAAAAQMDBw=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1725259838197493,"flow_dst_last_pkt_time":1725259838197508,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725259838197508,"pkt":"AAADBAAGAAAAAAAAuCUIAEUAADwAAEAAQAY8un8AAAF\/AAABBNKDDn8p9EDAodTdoBL\/y\/4wAAACBP\/XBAIICirvBfIq7wXyAQMDBw=="} @@ -26,7 +26,7 @@ 00920{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1725259303530789,"flow_src_last_pkt_time":1725259303637609,"flow_dst_last_pkt_time":1725259303635378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":788,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":1635,"flow_dst_tot_l4_payload_len":6465,"midstream":0,"thread_ts_usec":1725259840378229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":1234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1725259303530789,"flow_src_last_pkt_time":1725259303637609,"flow_dst_last_pkt_time":1725259303635378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":788,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":1635,"flow_dst_tot_l4_payload_len":6465,"midstream":0,"thread_ts_usec":1725259840378229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":25,"flow_first_seen":1725259225817145,"flow_src_last_pkt_time":1725259366286829,"flow_dst_last_pkt_time":1725259366287290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":798,"flow_dst_max_l4_payload_len":9361,"flow_src_tot_l4_payload_len":2956,"flow_dst_tot_l4_payload_len":35243,"midstream":0,"thread_ts_usec":1725259840378229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54900,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":82,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52395,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1725259840378229} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/false_positives2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":82,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52395,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1725259840378229} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 82/82 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8658680 bytes -~~ total memory freed........: 8658680 bytes -~~ total allocations/frees...: 140652/140652 +~~ total memory allocated....: 9423118 bytes +~~ total memory freed........: 9423118 bytes +~~ total allocations/frees...: 154618/154618 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 563 chars ~~ json message max len.......: 2006 chars diff --git a/test/results/default/fastcgi.pcap.out b/test/results/default/fastcgi.pcap.out index b97a9aac5..b3c2e1c46 100644 --- a/test/results/default/fastcgi.pcap.out +++ b/test/results/default/fastcgi.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1280403893598699} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1280403893598699} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1280403893598699,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1280403893598699,"pkt":"ABzEfBq8AAvNgo+GCABFAAA8aJRAAEAGvhQKAAAJCgAAC5VuIyi+0TJPAAAAAKACFtD1nwAAAgQFtAQCCAoi61rbAAAAAAEDAwY="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1280403893598868,"pkt":"AAvNgo+GABzEfBq8CABFAAA8AABAAEAGJqkKAAALCgAACSMolW5v2bTavtEyUKASFqBTYwAAAgQFtAQCCAoN02\/TIuta2wEDAwc="} @@ -9,7 +9,7 @@ 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403893599034,"flow_dst_last_pkt_time":1280403893598868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1071,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1280403893599034,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403895619664,"flow_dst_last_pkt_time":1280403895619673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":14480,"midstream":0,"thread_ts_usec":1280403895619673,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":130385.1,"max":2020143,"stddev":496240.3,"var":246254469120.0,"ent":1.0,"data": [169,226,42,67,15,217,77,12,83,12,48,16,2019881,2020143,186,63,52,55,94,90,42,33,32,28,26,27,50,53,34,34,32]},"pktlen": {"min":52,"avg":539.2,"max":1500,"stddev":672.8,"var":452637.9,"ent":3.9,"data": [60,60,52,68,1107,60,52,60,60,52,52,52,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.423614979,4.926749229,4.700937271,4.233195782,6.033331394,4.550921917,4.686420441,4.550921917,4.550921917,4.686420441,4.624014378,4.686420441,4.724881649,7.641661644,4.854783535,7.763941288,4.854784012,7.761142254,4.777860165,7.844599247,4.891996861,7.826266289,4.815073490,7.841456413,4.815073490,7.847429752,4.815073490,7.852382183,4.891996861,7.847055912,4.815073490,7.805794239]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.openstreetmap.org"}} 01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":54,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403897015424,"flow_dst_last_pkt_time":1280403897015595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":64400,"midstream":0,"thread_ts_usec":1280403897015595,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.openstreetmap.org"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":65495,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1280403897015595} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":65495,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1280403897015595} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649843 bytes -~~ total memory freed........: 8649843 bytes -~~ total allocations/frees...: 140636/140636 +~~ total memory allocated....: 9414217 bytes +~~ total memory freed........: 9414217 bytes +~~ total allocations/frees...: 154602/154602 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2162 chars diff --git a/test/results/default/fins.pcap.out b/test/results/default/fins.pcap.out index 608fff3a5..a5b4789d0 100644 --- a/test/results/default/fins.pcap.out +++ b/test/results/default/fins.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1233089082809333} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1233089082809333} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082809333,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809333,"pkt":"ANADs6f8ABNyl6LUCABFAAAugitAAEAREyYKBA5mCoKCguViJYAAGv5TgAACAAAAAAAAegEBAMzMzAAB"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082809333,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -8,7 +8,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1233089082809410,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809410,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi5AAEAREyMKBA5mCoKCguViJYAAGn1SgAACAAAAAAAAegEBgczMzAAC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1233089082809435,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809435,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi9AAEAREyIKBA5mCoKCguViJYAAGnxSgAACAAAAAAAAegEBgszMzAAC"} 02050{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082810135,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082810135,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":25.9,"max":31,"stddev":1.6,"var":2.4,"ent":5.0,"data": [22,29,26,25,25,26,27,26,26,25,25,25,26,26,25,26,25,25,26,27,31,27,25,25,26,25,25,26,25,25,29]},"pktlen": {"min":44,"avg":47.2,"max":65,"stddev":3.5,"var":12.6,"ent":5.0,"data": [46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,52,48,44,48,50,46,46,46,46,46,50,48,65]},"bins": {"c_to_s": [31,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [3.966703415,3.990315914,4.006726265,4.050204754,4.015212536,4.077271938,4.033793926,4.077271938,4.093682766,4.093682766,4.093682766,4.093682766,4.050204754,4.093682766,4.093682766,4.093682766,4.093682766,4.050204277,4.077271938,4.222351551,4.000422955,3.952195406,3.979268074,4.288366795,3.913608313,3.913608313,3.913608789,3.913608313,3.837309122,4.107601166,3.918294430,3.660078049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1428095655145347} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1428095655145347} 00338{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655145347,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":66,"expected":70,"global_ts_usec":1428095655145347} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_usec":1233089082814433,"pkt":"ABkHJDzKPKn0ISL4CABFAAA0ZANAAIAGf24KAQGtCgEBpELuJYDc78x8AAAAAIACIAAl6QAAAgQFtAEDAwIBAQQC"} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655145347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655145347,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,7 +47,7 @@ 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":114,"thread_ts_usec":1428095676054158,"pkt":"PKn0ISL4ABkHJDzKCABFAACGCP0AABQRhhgKAQGkCgEBrSWA1kcAcoFswAACAGMAAMgA7wUBAABDUDFMLUVMMjBEUi1EAAAAICAgIDAxLjAwAAAAAAAwMS4wNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAEAAwAKFyoQCAAAAAAAAA=="} 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655734613,"flow_dst_last_pkt_time":1428095655734575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1428095675892372,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":54855,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":257,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1428095676054158} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":257,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1428095676054158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 257/257 ~~ skipped flows.............: 0 @@ -56,9 +56,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657163 bytes -~~ total memory freed........: 8657163 bytes -~~ total allocations/frees...: 140812/140812 +~~ total memory allocated....: 9421601 bytes +~~ total memory freed........: 9421601 bytes +~~ total allocations/frees...: 154778/154778 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 343 chars ~~ json message max len.......: 2055 chars diff --git a/test/results/default/firefox.pcap.out b/test/results/default/firefox.pcap.out index ddf2160ae..8cf8cfd18 100644 --- a/test/results/default/firefox.pcap.out +++ b/test/results/default/firefox.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620927997754367} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620927997754367} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927997754367,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927997754367,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927997781073,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="} @@ -54,7 +54,7 @@ 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999224233,"flow_dst_last_pkt_time":1620927999224319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":9203,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999213956,"flow_dst_last_pkt_time":1620927999214178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":12083,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999228482,"flow_dst_last_pkt_time":1620927999227832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":129,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1620927999228482} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":129,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1620927999228482} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 129/129 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8843856 bytes -~~ total memory freed........: 8843856 bytes -~~ total allocations/frees...: 140767/140767 +~~ total memory allocated....: 9608390 bytes +~~ total memory freed........: 9608390 bytes +~~ total allocations/frees...: 154733/154733 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1471 chars diff --git a/test/results/default/fix.pcap.out b/test/results/default/fix.pcap.out index 175095cff..de78d2b5f 100644 --- a/test/results/default/fix.pcap.out +++ b/test/results/default/fix.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1493755109242949} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1493755109242949} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1493755109242949,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_usec":1493755109242949,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="} 00909{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1493755109242949,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -101,7 +101,7 @@ 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1493755110328857,"flow_src_last_pkt_time":1493755132019095,"flow_dst_last_pkt_time":1493755132019254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1493755117668152,"flow_src_last_pkt_time":1493755127687637,"flow_dst_last_pkt_time":1493755127668953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":111,"flow_dst_packets_processed":111,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755131889470,"flow_dst_last_pkt_time":1493755131889670,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":9555,"flow_dst_tot_l4_payload_len":354,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1261,"packets-processed":1261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1493755132120045} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1261,"packets-processed":1261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1493755132120045} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1261/1261 ~~ skipped flows.............: 0 @@ -110,9 +110,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8732783 bytes -~~ total memory freed........: 8732783 bytes -~~ total allocations/frees...: 141927/141927 +~~ total memory allocated....: 9497509 bytes +~~ total memory freed........: 9497509 bytes +~~ total allocations/frees...: 155893/155893 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2214 chars diff --git a/test/results/default/fix2.pcap.out b/test/results/default/fix2.pcap.out index 303383a17..5ebf432d7 100644 --- a/test/results/default/fix2.pcap.out +++ b/test/results/default/fix2.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614758889587624} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614758889587624} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889588862,"flow_src_last_pkt_time":1614758889588862,"flow_dst_last_pkt_time":1614758889588862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614758889588862,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614758889588862,"flow_dst_last_pkt_time":1614758889588862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614758889588862,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889589020,"flow_dst_last_pkt_time":1614758889589020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614758889589020,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -18,7 +18,7 @@ 02059{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889590049,"flow_dst_last_pkt_time":1614758889590048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":762,"flow_dst_tot_l4_payload_len":801,"midstream":0,"thread_ts_usec":1614758889590049,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":66.4,"max":570,"stddev":137.8,"var":18986.0,"ent":3.3,"data": [568,570,2,146,145,106,1,105,2,16,6,26,48,7,14,19,2,2,18,19,48,49,27,0,12,37,4,6,27,0,25]},"pktlen": {"min":46,"avg":92.0,"max":160,"stddev":46.1,"var":2122.5,"ent":4.8,"data": [48,48,46,125,133,130,138,48,46,130,46,46,138,132,46,133,46,138,46,160,143,133,146,46,46,46,146,148,130,46,46,46]},"bins": {"c_to_s": [6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0],"entropies": [3.944233894,4.517892838,3.795586348,5.115859032,5.169412613,5.333189964,5.351288795,4.517892838,3.795586109,5.341800690,4.032184601,4.032184124,5.369617462,5.205471516,4.075662613,5.190125942,3.839064360,5.365781307,3.839064360,5.331775665,5.255437374,5.190015793,5.411532879,4.075662613,4.075662613,4.075662613,5.397834301,5.453368664,5.342391014,4.075662136,4.075662613,3.839064121]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":683,"flow_dst_packets_processed":1304,"flow_first_seen":1614758889588862,"flow_src_last_pkt_time":1614758889595345,"flow_dst_last_pkt_time":1614758889595344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":13395,"flow_dst_tot_l4_payload_len":26148,"midstream":0,"thread_ts_usec":1614758889595345,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":411,"flow_dst_packets_processed":648,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889595307,"flow_dst_last_pkt_time":1614758889595305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":10864,"flow_dst_tot_l4_payload_len":17549,"midstream":0,"thread_ts_usec":1614758889595345,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3049,"packets-processed":3046,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1614758889595345} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3049,"packets-processed":3046,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1614758889595345} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3049/3046 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8739702 bytes -~~ total memory freed........: 8739702 bytes -~~ total allocations/frees...: 143592/143592 +~~ total memory allocated....: 9504108 bytes +~~ total memory freed........: 9504108 bytes +~~ total allocations/frees...: 157558/157558 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2064 chars diff --git a/test/results/default/flow_risk_lists.pcapng.out b/test/results/default/flow_risk_lists.pcapng.out index dcb2c1249..88f85d1e9 100644 --- a/test/results/default/flow_risk_lists.pcapng.out +++ b/test/results/default/flow_risk_lists.pcapng.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748453775522485} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748453775522485} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453775522485,"flow_src_last_pkt_time":1748453775522485,"flow_dst_last_pkt_time":1748453775522485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453775522485,"l3_proto":"ip4","src_ip":"23.98.142.176","dst_ip":"8.8.8.8","src_port":53684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1748453775522485,"flow_dst_last_pkt_time":1748453775522485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1748453775522485,"pkt":"8tRBrmcJ8rX5LmCzCABFAAA8q89AAEAG2MoXYo6wCAgICNG0AFDQ4reOAAAAAKAC+vC\/EwAAAgQFtAQCCArWgqbhAAAAAAEDAwc="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453778016680,"flow_src_last_pkt_time":1748453778016680,"flow_dst_last_pkt_time":1748453778016680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453778016680,"l3_proto":"ip6","src_ip":"2a02:26f7:d198:400::1","dst_ip":"2001:db8:200::1","src_port":44878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -8,7 +8,7 @@ 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453778016680,"flow_src_last_pkt_time":1748453778016680,"flow_dst_last_pkt_time":1748453778016680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453778016680,"l3_proto":"ip6","src_ip":"2a02:26f7:d198:400::1","dst_ip":"2001:db8:200::1","src_port":44878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01195{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453775522485,"flow_src_last_pkt_time":1748453775522485,"flow_dst_last_pkt_time":1748453775522485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453778016680,"l3_proto":"ip4","src_ip":"23.98.142.176","dst_ip":"8.8.8.8","src_port":53684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453775522485,"flow_src_last_pkt_time":1748453775522485,"flow_dst_last_pkt_time":1748453775522485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453778016680,"l3_proto":"ip4","src_ip":"23.98.142.176","dst_ip":"8.8.8.8","src_port":53684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1748453778016680} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1748453778016680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647384 bytes -~~ total memory freed........: 8647384 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9411790 bytes +~~ total memory freed........: 9411790 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 568 chars ~~ json message max len.......: 1200 chars diff --git a/test/results/default/flute.pcapng.out b/test/results/default/flute.pcapng.out index b1dd1c941..65f48d46f 100644 --- a/test/results/default/flute.pcapng.out +++ b/test/results/default/flute.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710770492196928} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710770492196928} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770492196928,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_usec":1710770492196928,"pkt":"AQBeAQFf8C90rUP1CABFAAJ2YalAAAERDN7AqFjn7gEBX58NnJUCYgtkEBAIAAAAAAAAAAAAwBAAAkAEAAAAAAI2AAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTAyIiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIj4KICAgIDxGaWxlIFRPST0iMSIgQ29udGVudC1Mb2NhdGlvbj0iaGVsbG9fd29ybGQudHh0IiBDb250ZW50LUxlbmd0aD0iMTMiIFRyYW5zZmVyLUxlbmd0aD0iMTMiIENvbnRlbnQtTUQ1PSJqZDJMNUxGNXBTbXZwZkwvcmt1WVdBPT0iIENvbnRlbnQtVHlwZT0iYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtIj4KICAgICAgICA8bWJtczIwMDc6Q2FjaGUtQ29udHJvbD4KICAgICAgICAgICAgPG1ibXMyMDA3OkV4cGlyZXM+MTcxMDc3MDU1MjwvbWJtczIwMDc6RXhwaXJlcz4KICAgICAgICA8L21ibXMyMDA3OkNhY2hlLUNvbnRyb2w+CiAgICA8L0ZpbGU+CjwvRkRULUluc3RhbmNlPgo="} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770492196928,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FLUTE","proto_id":"406","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} @@ -7,7 +7,7 @@ 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1710770492197076,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_usec":1710770492197076,"pkt":"AQBeAQFf8C90rUP1CABFAAEuYatAAAERDiTAqFjn7gEBX58NnJUBGgocEBAIAAAAAAAAAAAAwBAAA0AEAAAAAADuAAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTAyIiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIi8+Cg=="} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1710770497188134,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_usec":1710770497188134,"pkt":"AQBeAQFf8C90rUP1CABFAAEuZedAAAERCejAqFjn7gEBX58NnJUBGgocEBAIAAAAAAAAAAAAwBAAA0AEAAAAAADuAAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTA3IiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIi8+Cg=="} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770497188134,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770497188134,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FLUTE","proto_id":"406","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1710770497188134} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1710770497188134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644930 bytes -~~ total memory freed........: 8644930 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409304 bytes +~~ total memory freed........: 9409304 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 1319 chars diff --git a/test/results/default/forticlient.pcap.out b/test/results/default/forticlient.pcap.out index 88b3ffe46..a0c501e74 100644 --- a/test/results/default/forticlient.pcap.out +++ b/test/results/default/forticlient.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621067203571879} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621067203571879} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067203571879,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067203571879,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067203633408,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} @@ -51,7 +51,7 @@ 01241{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067206681899,"flow_dst_last_pkt_time":1621067206738955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":3141,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01241{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067207801622,"flow_dst_last_pkt_time":1621067207860710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":384,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":751,"flow_dst_tot_l4_payload_len":6525,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01279{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1150,"flow_dst_packets_processed":751,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067222261499,"flow_dst_last_pkt_time":1621067222260652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1411,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":70643,"flow_dst_tot_l4_payload_len":206814,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1621067222261499} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1621067222261499} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8759594 bytes -~~ total memory freed........: 8759594 bytes -~~ total allocations/frees...: 142622/142622 +~~ total memory allocated....: 9524129 bytes +~~ total memory freed........: 9524129 bytes +~~ total allocations/frees...: 156589/156589 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2453 chars diff --git a/test/results/default/ftp-start-tls.pcap.out b/test/results/default/ftp-start-tls.pcap.out index 53343ebbb..935f58b82 100644 --- a/test/results/default/ftp-start-tls.pcap.out +++ b/test/results/default/ftp-start-tls.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1383123629078448} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1383123629078448} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383123629078448,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1383123629078448,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078863,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1383123629078863,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} @@ -12,7 +12,7 @@ 01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":13,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629101855,"flow_dst_last_pkt_time":1383123629103328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1447,"midstream":0,"thread_ts_usec":1383123629103328,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02589{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629152654,"flow_dst_last_pkt_time":1383123629153383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":3206,"midstream":0,"thread_ts_usec":1383123629153383,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4811.0,"max":40376,"stddev":9556.7,"var":91331016.0,"ent":3.2,"data": [415,134,1253,15030,72,17807,3947,60,788,5,4347,3279,113,1027,2,8,2,118,3,2582,8520,40376,68,34737,4456,749,2222,1775,305,2738,2203]},"pktlen": {"min":46,"avg":160.9,"max":552,"stddev":164.2,"var":26956.4,"ent":4.4,"data": [46,46,46,46,113,113,50,46,46,71,71,190,46,46,552,552,255,552,552,255,46,370,91,91,77,122,122,77,122,122,85,130]},"bins": {"c_to_s": [4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1],"entropies": [4.174477577,4.816402912,4.816402912,4.390829086,5.377844810,5.377844810,4.955727100,4.347350597,4.347350597,5.319664001,5.319664001,5.167058468,4.434307098,4.434307098,6.822389126,7.154568672,6.962697506,6.822389126,7.151652813,6.962697029,4.544876099,7.242094517,5.879006863,5.879006863,5.747309208,6.191079140,6.207472801,5.766408920,6.279234409,6.279234409,5.962334156,6.287871361]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01438{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":35,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629412168,"flow_dst_last_pkt_time":1383123629233523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":856,"flow_dst_tot_l4_payload_len":3834,"midstream":0,"thread_ts_usec":1383123629412168,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":51,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1383123629412168} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":51,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1383123629412168} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 51/51 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652705 bytes -~~ total memory freed........: 8652705 bytes -~~ total allocations/frees...: 140593/140593 +~~ total memory allocated....: 9417112 bytes +~~ total memory freed........: 9417112 bytes +~~ total allocations/frees...: 154560/154560 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2594 chars diff --git a/test/results/default/ftp.pcap.out b/test/results/default/ftp.pcap.out index aa6b5d2ba..8357520a4 100644 --- a/test/results/default/ftp.pcap.out +++ b/test/results/default/ftp.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1552590234892296} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1552590234892296} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1552590234892296,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234892296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1552590234892296,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234892296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1552590234892296,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234919708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1552590234919708,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} @@ -26,7 +26,7 @@ 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":78,"flow_first_seen":1552590241545143,"flow_src_last_pkt_time":1552590241697652,"flow_dst_last_pkt_time":1552590241697604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":109440,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1552590236580045,"flow_src_last_pkt_time":1552590236638093,"flow_dst_last_pkt_time":1552590236666222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FTP_DATA","proto_id":"175","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01198{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":27,"flow_first_seen":1552590234892296,"flow_src_last_pkt_time":1552590243340268,"flow_dst_last_pkt_time":1552590243371057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":241,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":889,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":209,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":111708,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1552590243371057} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":209,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":111708,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1552590243371057} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/209 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661938 bytes -~~ total memory freed........: 8661938 bytes -~~ total allocations/frees...: 140768/140768 +~~ total memory allocated....: 9426376 bytes +~~ total memory freed........: 9426376 bytes +~~ total allocations/frees...: 154734/154734 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2469 chars diff --git a/test/results/default/ftp_failed.pcap.out b/test/results/default/ftp_failed.pcap.out index 3f5f87ff3..0351ba01a 100644 --- a/test/results/default/ftp_failed.pcap.out +++ b/test/results/default/ftp_failed.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1574361625864342} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1574361625864342} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625864342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574361625864342,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625864342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1574361625864342,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625878212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1574361625878212,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="} @@ -8,7 +8,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1574361625977593,"flow_dst_last_pkt_time":1574361625977557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1574361625977593,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQaBgBAA4XzDAAABAQgKlgVfE1bTSNw="} 01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361631282407,"flow_dst_last_pkt_time":1574361631296434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1574361631296434,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"hello","password":"","auth_failed":1}}} 01218{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361633088930,"flow_dst_last_pkt_time":1574361633102738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1574361633102738,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1574361633102738} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1574361633102738} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647435 bytes -~~ total memory freed........: 8647435 bytes -~~ total allocations/frees...: 140553/140553 +~~ total memory allocated....: 9411809 bytes +~~ total memory freed........: 9411809 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 579 chars ~~ json message max len.......: 1236 chars diff --git a/test/results/default/fuzz-2006-06-26-2594.pcap.out b/test/results/default/fuzz-2006-06-26-2594.pcap.out index 1dfb243a0..ac1d307c6 100644 --- a/test/results/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/default/fuzz-2006-06-26-2594.pcap.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469540839312} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469540839312} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469540839312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYwAAIARTMHAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPU0FDQUNBQ0FDQUJNAAAgAAE="} 00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain","domainame":"eci_domain"}} @@ -649,7 +649,7 @@ 01089{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01218{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":282,"packets-processed":241,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":69,"total-detection-updates":21,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":652,"global_ts_usec":1120470141614697} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":282,"packets-processed":241,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":69,"total-detection-updates":21,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":652,"global_ts_usec":1120470141614697} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470141614697,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="} 01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr": []}}} @@ -1434,7 +1434,7 @@ 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120470733830076,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2742,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470588783128,"flow_src_last_pkt_time":1120470588783128,"flow_dst_last_pkt_time":1120470588783128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470685610738,"flow_src_last_pkt_time":1120470685610738,"flow_dst_last_pkt_time":1120470685610738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":490,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":14,"total-detected-flows":130,"total-detection-updates":46,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1437,"global_ts_usec":1120470764674629} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":490,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":14,"total-detected-flows":130,"total-detection-updates":46,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1437,"global_ts_usec":1120470764674629} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470764674629,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"re-.sippstar.com","domainame":"re-.sippstar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -2107,7 +2107,7 @@ 00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635045415,"flow_src_last_pkt_time":1120469635045415,"flow_dst_last_pkt_time":1120469635045415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01222{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635042587,"flow_src_last_pkt_time":1120469635042587,"flow_dst_last_pkt_time":1120469635042587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635042587,"flow_src_last_pkt_time":1120469635042587,"flow_dst_last_pkt_time":1120469635042587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":691,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":33,"total-detected-flows":185,"total-detection-updates":81,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2110,"global_ts_usec":1120471107427770} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":691,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":33,"total-detected-flows":185,"total-detection-updates":81,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2110,"global_ts_usec":1120471107427770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 691/569 ~~ skipped flows.............: 0 @@ -2116,9 +2116,9 @@ ~~ total active/idle flows...: 257/257 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9315237 bytes -~~ total memory freed........: 9315237 bytes -~~ total allocations/frees...: 143887/143887 +~~ total memory allocated....: 10087803 bytes +~~ total memory freed........: 10087803 bytes +~~ total allocations/frees...: 157853/157853 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 311 chars ~~ json message max len.......: 2325 chars diff --git a/test/results/default/fuzz-2006-09-29-28586.pcap.out b/test/results/default/fuzz-2006-09-29-28586.pcap.out index 9b7fb9d82..19c9d9ead 100644 --- a/test/results/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/default/fuzz-2006-09-29-28586.pcap.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1031854484481540} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1031854484481540} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854484481540,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_usec":1031854484481540} 00383{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854484481540,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854484481558,"flow_src_last_pkt_time":1031854484481558,"flow_dst_last_pkt_time":1031854484481558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854484481558,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -163,7 +163,7 @@ 01098{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854488668094,"flow_src_last_pkt_time":1031854488668094,"flow_dst_last_pkt_time":1031854488668094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854488668094,"flow_src_last_pkt_time":1031854488668094,"flow_dst_last_pkt_time":1031854488668094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535090106,"flow_src_last_pkt_time":1031854535090106,"flow_dst_last_pkt_time":1031854535090106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01210{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535021813,"flow_src_last_pkt_time":1031854535021813,"flow_dst_last_pkt_time":1031854535021813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01208{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535021813,"flow_src_last_pkt_time":1031854535021813,"flow_dst_last_pkt_time":1031854535021813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535021813,"flow_src_last_pkt_time":1031854535021813,"flow_dst_last_pkt_time":1031854535021813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01100{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854525903736,"flow_src_last_pkt_time":1031854525903736,"flow_dst_last_pkt_time":1031854525903736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854525903736,"flow_src_last_pkt_time":1031854525903736,"flow_dst_last_pkt_time":1031854525903736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -215,7 +215,7 @@ 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488426,"flow_src_last_pkt_time":1031854562488426,"flow_dst_last_pkt_time":1031854562488426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01102{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488164,"flow_src_last_pkt_time":1031854562488164,"flow_dst_last_pkt_time":1031854562488164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488164,"flow_src_last_pkt_time":1031854562488164,"flow_dst_last_pkt_time":1031854562488164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":131,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":22,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":218,"global_ts_usec":1031854568982740} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":131,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":22,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":218,"global_ts_usec":1031854568982740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 131/123 ~~ skipped flows.............: 0 @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8754255 bytes -~~ total memory freed........: 8754255 bytes -~~ total allocations/frees...: 141128/141128 +~~ total memory allocated....: 9519845 bytes +~~ total memory freed........: 9519845 bytes +~~ total allocations/frees...: 155094/155094 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 312 chars ~~ json message max len.......: 2512 chars diff --git a/test/results/default/fuzz-2020-02-16-11740.pcap.out b/test/results/default/fuzz-2020-02-16-11740.pcap.out index 14b558e48..3dfe65072 100644 --- a/test/results/default/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/default/fuzz-2020-02-16-11740.pcap.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1528996067791491} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1528996067791491} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996067791491,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996067791491,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528996067791491,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMZAAP8RAAAKDEAebOIZNXIQBxQCxwAAAQoCv14OK3h3MxRiiuPV6g7+kV4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADikDQM2NwZbIqDjATUwMzExNDgwMjeaNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XVkZpd2NjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLUlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RMYWI6DAAAN2MBBgAAAAIGBgAAAEQlAAAABRQ9BgAAABNABgAAAA1BBgAAAAZRRTU2TzoCAQA4ATAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996067791491,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996067791491,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -39,7 +39,7 @@ 01201{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_usec":1528996636345360,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996641548676,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996641548676,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_usec":1528996641548676,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1528996680540870} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1528996680540870} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996680808327,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996680808327,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1528996680808327,"pkt":"ABRP+4rqcNuYVcUnCABFAADA98dAAPwRXCPG4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996684582288,"flow_src_last_pkt_time":1528996684582288,"flow_dst_last_pkt_time":1528996684582288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996684582288,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -187,7 +187,7 @@ 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997212627458,"flow_src_last_pkt_time":1528997212627458,"flow_dst_last_pkt_time":1528997212627458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997105304205,"flow_src_last_pkt_time":1528997105304205,"flow_dst_last_pkt_time":1528997105304205,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":5} 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997109583874,"flow_src_last_pkt_time":1528997109583874,"flow_dst_last_pkt_time":1528997109583874,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":5} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":127,"packets-processed":104,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":39,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":190,"global_ts_usec":1528997294157193} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":127,"packets-processed":104,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":39,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":190,"global_ts_usec":1528997294157193} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997294408774,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -398,7 +398,7 @@ 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997260021140,"flow_src_last_pkt_time":1528997260021140,"flow_dst_last_pkt_time":1528997260021140,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":5} 01081{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997683835823,"flow_src_last_pkt_time":1528997683835823,"flow_dst_last_pkt_time":1528997683835823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997683835823,"flow_src_last_pkt_time":1528997683835823,"flow_dst_last_pkt_time":1528997683835823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":243,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":401,"global_ts_usec":1528997988607022} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":243,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":401,"global_ts_usec":1528997988607022} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997988838453,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_usec":1528997988838453} 00628{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997988607022,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="} 00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997989240618,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1528997989240618} @@ -583,7 +583,7 @@ 01440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1528998585268788,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528998585268788,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00329{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998585453134,"packet_id":348,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528998585453134} 00731{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998585268788,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":349,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":586,"global_ts_usec":1528998601376404} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":349,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":586,"global_ts_usec":1528998601376404} 01468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1528998601376404,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528998601376404,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWhAAP8RAAAKDEAexuIZNXIQBxQCxwAAAboCvwMeoZZ\/zB+Bk50RcisfPygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFDICQlXSVNQUjEwGgkAADghDQMwNwZbIqrJATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFDaXNjb4MGAAAAAR8TZjAtNzktdDAtZDEtN2QtMzceJTAwLWE3LTRVLWQwLWUwLTAwOlZlcml6b25XaUZpQWZjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDVjOWFhMjI1YiwgNWIyMmFhYzkvZjA6Nzk6bjA6ZDE6N2Q6MzcvMjQ0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAlAGNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6V2ANAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxrvAAA4IRQGAAABAhoMAFY4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS5kf6rm1Yn3hVOKVq3hvZUw=="} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1528998601376404,"flow_dst_last_pkt_time":1528998601561020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528998601561020,"pkt":"ABRP+4rqcNuYVcUnCABFAADhEBRAAPwRQ7bG4hk1CgxAHgcUchAA7U+kC7oAxe81RNsNL9nkCabTe8sTdH4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhYzkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjQ0T0oBAgBIFwEAAAEFAAB93OZOPyN1g5mAaIFbRevEAgUAAM9K59M2sAAACew7QKwfR6iLAQACCwUAAO6YBGpcBLQq1zvE8qMpnJxQcQNtupIsEGf0aXWvBvX8yPY="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998605741189,"flow_src_last_pkt_time":1528998605741189,"flow_dst_last_pkt_time":1528998605741189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998605741189,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -612,7 +612,7 @@ 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998576181572,"flow_src_last_pkt_time":1528998576181572,"flow_dst_last_pkt_time":1528998576181572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01113{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":5} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":366,"packets-processed":301,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":133,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":615,"global_ts_usec":1528998643334661} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":366,"packets-processed":301,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":133,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":615,"global_ts_usec":1528998643334661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 366/301 ~~ skipped flows.............: 0 @@ -621,9 +621,9 @@ ~~ total active/idle flows...: 79/79 ~~ total timeout flows.......: 13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8843836 bytes -~~ total memory freed........: 8843836 bytes -~~ total allocations/frees...: 141700/141700 +~~ total memory allocated....: 9610706 bytes +~~ total memory freed........: 9610706 bytes +~~ total allocations/frees...: 155666/155666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 312 chars ~~ json message max len.......: 2319 chars diff --git a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index 3d50ab288..21db6419c 100644 --- a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -1,10 +1,10 @@ -00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1953631155595384} -00366{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953631155595384} -00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} -00331{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_usec":1953631155595384} -00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1953631155595384} +00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1953635450562680} +00366{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953635450562680,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953635450562680} +00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953635450562680,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} +00331{"error_event_id":8,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953635450562680,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_usec":1953635450562680} +00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953635450562680,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1953635450562680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 336 chars ~~ json message max len.......: 831 chars diff --git a/test/results/default/fuzz-2021-10-13.pcap.out b/test/results/default/fuzz-2021-10-13.pcap.out index 9d82ecd9d..779d7d6a3 100644 --- a/test/results/default/fuzz-2021-10-13.pcap.out +++ b/test/results/default/fuzz-2021-10-13.pcap.out @@ -1,8 +1,8 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":980658803882137} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":980658803882137} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":980658803882137,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_usec":980658803882137} 00566{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":524501,"pkt_l4_len":0,"thread_ts_usec":980658803882137,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":980658803882137} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":980658803882137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 318 chars ~~ json message max len.......: 819 chars diff --git a/test/results/default/gaijin_mobile_mixed.pcap.out b/test/results/default/gaijin_mobile_mixed.pcap.out index 93c2863c2..b9a556d26 100644 --- a/test/results/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/default/gaijin_mobile_mixed.pcap.out @@ -1,14 +1,14 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707397560481026} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707397560481026} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560481026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707397560481026,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560481026,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707397560481026,"pkt":"RQAAPHqEQABABuuOCtetATZL5oW6MgG7Ussu4gAAAACgAv\/\/aUMAAAIEJugEAggKhDYnDAAAAAABAwMJ"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707397560552997,"pkt":"RQAAMAAAQABABmYfNkvmhQrXrQEBu7oyd+t361LLLuNwEgQAVL8AAAIEJugDAwkA"} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1707397560553103,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1707397560553103,"pkt":"RQAAKHqFQABABuuhCtetATZL5oW6MgG7Ussu43frd+xQEACArTcAAA=="} 01207{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1707397560555854,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":552,"pkt_l4_len":532,"thread_ts_usec":1707397560555854,"pkt":"RQACKHqGQABABumgCtetATZL5oW6MgG7Ussu43frd+xQEACAEFMAABYDAQIAAQAB\/AMDQLwVuf4WUTNDooXQ0wNqRO0W3Fi419hIQ9RqkmkF3C8g\/WpzjEM\/f8xg08L7eLA14QlvrLpPfJcHFG0BnPxXspwAPhMCEwMTAcAswDAAn8ypzKjMqsArwC8AnsAkwCgAa8AjwCcAZ8AKwBQAOcAJwBMAMwCdAJwAPQA8ADUALwD\/AQABdQAAABwAGgAAF3l1cG1hc3Rlci5nYWlqaW5lbnQuY29tAAsABAMAAQIACgAWABQAHQAXAB4AGQAYAQABAQECAQMBBDN0AAAAEAALAAkIaHR0cC8xLjEAFgAAABcAAAAxAAAADQAqACgEAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMDAQMCBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACCYG9RBOtTHAB1MyzJXjMhz9xK7OCclYSgI3TqdiZYlYAAVAKUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":45,"pkt_l4_len":25,"thread_ts_usec":1707397560555930,"pkt":"RQAALXqHQABABuuaCtetATZL5oW6MgG7Ussw43frd+xQGACAqyoAAAAAAAAA"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707397560555930,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","domainame":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h1_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707397560621636,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","domainame":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","server_names":"*.gaijinent.com,gaijinent.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d3113h1_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"CN=*.gaijinent.com","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"27:23:37:24:85:95:B7:8F:75:BE:79:18:DF:DC:11:D8:04:F7:1E:A2","blocks":0}}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1707398512218954} +01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707397560555930,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","domainame":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h1_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01561{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707397560621636,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","domainame":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","server_names":"*.gaijinent.com,gaijinent.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d3113h1_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"CN=*.gaijinent.com","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"27:23:37:24:85:95:B7:8F:75:BE:79:18:DF:DC:11:D8:04:F7:1E:A2","blocks":0}}} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1707398512218954} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512218954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512218954,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512218954,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707398512218954,"pkt":"RQAAPJK6QABABn9ZCtetAVGrHyWZkgG7j0wUqAAAAACgAv\/\/CrsAAAIEJugEAggKawZJHgAAAAABAwMJ"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512264128,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707398512264128,"pkt":"RQAAMAAAQABABhIgUasfJQrXrQEBu5mSd+t3649MFKlwEgQA\/xgAAAIEJugDAwkA"} @@ -26,8 +26,8 @@ 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1707398512312802,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":162,"pkt_l4_len":142,"thread_ts_usec":1707398512312802,"pkt":"RQAAoi8sQABAEfzACtetAV\/T9rKluE4rAI7abGVtYmVkZGVkdXBkYXRlci5zdG9wLGVudj1wcm9kdWN0aW9uLGNpcmN1aXQ9d3RtLXByb2R1Y3Rpb24sYXBwbGljYXRpb249Y2xpZW50LHByb2plY3Q9d2FydGh1bmRlcixwbGF0Zm9ybT1hbmRyb2lkLGhvc3Q9aG9zdF9jbGllbnQ6MXxj"} 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":4168,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":4168,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1707398512312802,"flow_src_last_pkt_time":1707398512312802,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":134,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":697,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"95.211.246.178","src_port":42424,"dst_port":20011,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1707398512312802} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1707398512312802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667029 bytes -~~ total memory freed........: 8667029 bytes -~~ total allocations/frees...: 140590/140590 +~~ total memory allocated....: 9431467 bytes +~~ total memory freed........: 9431467 bytes +~~ total allocations/frees...: 154556/154556 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 525 chars ~~ json message max len.......: 1637 chars diff --git a/test/results/default/gaijin_warthunder.pcap.out b/test/results/default/gaijin_warthunder.pcap.out index f9822eacc..f5181cd58 100644 --- a/test/results/default/gaijin_warthunder.pcap.out +++ b/test/results/default/gaijin_warthunder.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707407475013359} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707407475013359} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475013359,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1707407475013359,"pkt":"SKmKCiNt8C90rUP1CABFAABQKIpAAEARKY3AqFjnuf0U+ZBBTjUAPOjTj\/8AAYL\/AAEAAP\/\/AAAEsAABAAAAAAD\/AAAAAAAAAAAAABOIAAAAAAAAAACWmQpEACYAAA=="} 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475013359,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1707407475059508,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1707407475059508,"pkt":"SKmKCiNt8C90rUP1CABFAACjTw5AAEAReybAqFjnX9P2spHVTisAj3C2ZGxkYXRhLmxvYWRfZGVjYWxzX2lkeF9vayxlbnY9cHJvZHVjdGlvbixjaXJjdWl0PXByb2R1Y3Rpb24sYXBwbGljYXRpb249Y2xpZW50LHByb2plY3Q9d2FydGh1bmRlcixwbGF0Zm9ybT1saW51eDY0LGhvc3Q9aG9zdF9jbGllbnQ6MXxj"} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475043572,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":189,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1707407475059508,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1707407475059508,"flow_src_last_pkt_time":1707407475059508,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":178,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475059508,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.211.246.178","src_port":37333,"dst_port":20011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1707407475059508} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1707407475059508} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647591 bytes -~~ total memory freed........: 8647591 bytes -~~ total allocations/frees...: 140555/140555 +~~ total memory allocated....: 9411997 bytes +~~ total memory freed........: 9411997 bytes +~~ total allocations/frees...: 154521/154521 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 1125 chars diff --git a/test/results/default/gearman.pcap.out b/test/results/default/gearman.pcap.out index 6b6e2ac2f..2c3711c66 100644 --- a/test/results/default/gearman.pcap.out +++ b/test/results/default/gearman.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278690518812160} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278690518812160} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278690518812160,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518812160,"pkt":"AAwpVzzvAFBWwAAICABFAAA0BL9AAIAG1DLAqFABwKhQgFttEnpztNRBAAAAAIACgAAXaAAAAgQFtAEDAwABAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518812898,"pkt":"AFBWwAAIAAwpVzzvCABFAAA0AABAAEAGGPLAqFCAwKhQARJ6W23kPUpKc7TUQoASFtBR+wAAAgQFtAEBBAIBAwME"} @@ -8,7 +8,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518813921,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278690518813921,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Gearman","proto_id":"394","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1278690518814263,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518814263,"pkt":"AAwpVzzvAFBWwAAICABFAAA0BMJAAIAG1C\/AqFABwKhQgFttEnpztNRQ5D1KS1AYgADjywAAAFJFUQAAAAkAAAAA"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518814263,"flow_dst_last_pkt_time":1278690518815728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1278690518815728,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Gearman","proto_id":"394","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1278690518815728} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1278690518815728} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645071 bytes -~~ total memory freed........: 8645071 bytes -~~ total allocations/frees...: 140541/140541 +~~ total memory allocated....: 9409445 bytes +~~ total memory freed........: 9409445 bytes +~~ total allocations/frees...: 154507/154507 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 972 chars diff --git a/test/results/default/gearup_booster.pcap.out b/test/results/default/gearup_booster.pcap.out index 2ef09bda6..0289e556a 100644 --- a/test/results/default/gearup_booster.pcap.out +++ b/test/results/default/gearup_booster.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740590517836147} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740590517836147} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740590517836147,"flow_src_last_pkt_time":1740590517836147,"flow_dst_last_pkt_time":1740590517836147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740590517836147,"l3_proto":"ip4","src_ip":"192.168.0.21","dst_ip":"129.227.37.102","src_port":50374,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1740590517836147,"flow_dst_last_pkt_time":1740590517836147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1740590517836147,"pkt":"YDjgxTWgDJ2SEKN0CABFAAAkVJgAAIARfirAqAAVgeMlZsTGJw8AECh075yC4BEAAAAAAAAAAAAAAAAA"} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740590517836147,"flow_src_last_pkt_time":1740590517836147,"flow_dst_last_pkt_time":1740590517836147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740590517836147,"l3_proto":"ip4","src_ip":"192.168.0.21","dst_ip":"129.227.37.102","src_port":50374,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -15,7 +15,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1740590591506719,"flow_dst_last_pkt_time":1740590591696152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1740590591696152,"pkt":"DJ2SEKN0YDjgxTWgCABFAAAka6MAAG4ReR+B4yVmwKgAFScP6F8AEAdcA\/BrDBIAAAA="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1740590591841803,"flow_dst_last_pkt_time":1740590591696152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1740590591841803,"pkt":"YDjgxTWgDJ2SEKN0CABFAAAkVKQAAIARfh7AqAAVgeMlZuhfJw8AEJE7RhCfDBIAAAAAAAAAAAAAAAAA"} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1740590517836147,"flow_src_last_pkt_time":1740590519397573,"flow_dst_last_pkt_time":1740590519588468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1740590592702761,"l3_proto":"ip4","src_ip":"192.168.0.21","dst_ip":"129.227.37.102","src_port":50374,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1741282725846703} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1741282725846703} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282725846703,"flow_src_last_pkt_time":1741282725846703,"flow_dst_last_pkt_time":1741282725846703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282725846703,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"104.16.159.112","src_port":37119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1741282725846703,"flow_dst_last_pkt_time":1741282725846703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741282725846703,"pkt":"YDjgxTWhrtN2H7LXCABFAAA8dpJAAEAG+OnAqAMXaBCfcJD\/AbvS0RnGAAAAAKAC\/\/9\/yQAAAgQFtAQCCAqUvOjiAAAAAAEDAww="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1741282725846703,"flow_dst_last_pkt_time":1741282725863273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741282725863273,"pkt":"rtN2H7LXYDjgxTWhCABFAAA8AABAADoGdXxoEJ9wwKgDFwG7kP+OFOFR0tEZx6AS\/\/82GAAAAgQFeAQCCArH7RKHlLzo4gEDAw0="} @@ -55,15 +55,15 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1741282743098457,"flow_dst_last_pkt_time":1741282743115412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741282743115412,"pkt":"rtN2H7LXYDjgxTWhCABFAAA8AABAADcG\/w4CE37bwKgDFwG7qc7pqTZn08k4BKAS\/og82gAAAgQFaAQCCAqK1nW+3fASPQEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1741282743118791,"flow_dst_last_pkt_time":1741282743115412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1741282743118791,"pkt":"YDjgxTWhrtN2H7LXCABFAAA0+K9AAEAG\/WbAqAMXAhN+26nOAbvTyTgE6ak2aIAQABBpvwAAAQEICt3wElGK1nW+"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1741282743122955,"flow_dst_last_pkt_time":1741282743115412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1741282743122955,"pkt":"YDjgxTWhrtN2H7LXCABFAAI5+LBAAEAG+2DAqAMXAhN+26nOAbvTyTgE6ak2aIAYABCO7AAAAQEICt3wElaK1nW+FgMBAgABAAH8AwOoRRAc9wUwuWfrH\/1hpgv2gY7DClbnjLupMITFC7jqrCBqyuE7gdF2IZVwEDJ6ZV5i4ToVRf3F753EAIflpucDZwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAiACAAAB1maWxlLmJvb3N0ZXIuZ2VhcnVwcG9ydGFsLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAglHoRch8Z3u4uLsDp5DmJ48aCh\/Gc5aOgIMn\/igNg2RMALQACAQEAKwAFBAMEAwMAFQDfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1741282743098457,"flow_src_last_pkt_time":1741282743122955,"flow_dst_last_pkt_time":1741282743115412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282743122955,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"2.19.126.219","src_port":43470,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN","hostname":"file.booster.gearupportal.com","domainame":"file.booster.gearupportal.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1741282743098457,"flow_src_last_pkt_time":1741282743122955,"flow_dst_last_pkt_time":1741282743115412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282743122955,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"2.19.126.219","src_port":43470,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN","hostname":"file.booster.gearupportal.com","domainame":"file.booster.gearupportal.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1741282743122955,"flow_dst_last_pkt_time":1741282743139693,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1741282743139693,"pkt":"rtN2H7LXYDjgxTWhCABFAAA01W1AADcGKakCE37bwKgDFwG7qc7pqTZo08k6CYAQAfplswAAAQEICorWddbd8BJW"} -01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1741282743098457,"flow_src_last_pkt_time":1741282743122955,"flow_dst_last_pkt_time":1741282743149746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1741282743149746,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"2.19.126.219","src_port":43470,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN","hostname":"file.booster.gearupportal.com","domainame":"file.booster.gearupportal.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1741282743098457,"flow_src_last_pkt_time":1741282743122955,"flow_dst_last_pkt_time":1741282743149746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1741282743149746,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"2.19.126.219","src_port":43470,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN","hostname":"file.booster.gearupportal.com","domainame":"file.booster.gearupportal.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563893,"flow_src_last_pkt_time":1741282759563893,"flow_dst_last_pkt_time":1741282759563893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759563893,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49183,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759563893,"flow_dst_last_pkt_time":1741282759563893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759563893,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgMLVAAEARf8LAqAMXEqKz9MAfJw8ADFvw+2028w=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563893,"flow_src_last_pkt_time":1741282759563893,"flow_dst_last_pkt_time":1741282759563893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759563893,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49183,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563893,"flow_src_last_pkt_time":1741282759563893,"flow_dst_last_pkt_time":1741282759563893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759563893,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49183,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563963,"flow_src_last_pkt_time":1741282759563963,"flow_dst_last_pkt_time":1741282759563963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759563963,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":45624,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759563963,"flow_dst_last_pkt_time":1741282759563963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759563963,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgE0hAAEARuRnAqAMXErmX87I4Jw8ADP4I2nPfpQ=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563963,"flow_src_last_pkt_time":1741282759563963,"flow_dst_last_pkt_time":1741282759563963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759563963,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":45624,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563963,"flow_src_last_pkt_time":1741282759563963,"flow_dst_last_pkt_time":1741282759563963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759563963,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":45624,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563993,"flow_src_last_pkt_time":1741282759563993,"flow_dst_last_pkt_time":1741282759563993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759563993,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":41825,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759563993,"flow_dst_last_pkt_time":1741282759563993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759563993,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg5y5AAEAR1g\/AqAMXFO2k4qNhJw8ADCyXC3N\/zA=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563993,"flow_src_last_pkt_time":1741282759563993,"flow_dst_last_pkt_time":1741282759563993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759563993,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":41825,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -76,7 +76,7 @@ 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759588978,"flow_src_last_pkt_time":1741282759588978,"flow_dst_last_pkt_time":1741282759588978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759588978,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.98.151.3","src_port":49987,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759590462,"flow_src_last_pkt_time":1741282759590462,"flow_dst_last_pkt_time":1741282759590462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759590462,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49995,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759590462,"flow_dst_last_pkt_time":1741282759590462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759590462,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgE1BAAEARuRHAqAMXErmX88NLJw8ADLjPsZM8rA=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759590462,"flow_src_last_pkt_time":1741282759590462,"flow_dst_last_pkt_time":1741282759590462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759590462,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49995,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759590462,"flow_src_last_pkt_time":1741282759590462,"flow_dst_last_pkt_time":1741282759590462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759590462,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49995,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759594446,"flow_src_last_pkt_time":1741282759594446,"flow_dst_last_pkt_time":1741282759594446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759594446,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":37686,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759594446,"flow_dst_last_pkt_time":1741282759594446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759594446,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg+uFAAEAR9MfAqAMXIrBktJM2Jw8ADJalI4xAOw=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759594446,"flow_src_last_pkt_time":1741282759594446,"flow_dst_last_pkt_time":1741282759594446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759594446,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":37686,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -89,24 +89,24 @@ 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759618745,"flow_src_last_pkt_time":1741282759618745,"flow_dst_last_pkt_time":1741282759618745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759618745,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":44799,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759623762,"flow_src_last_pkt_time":1741282759623762,"flow_dst_last_pkt_time":1741282759623762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759623762,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46763,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759623762,"flow_dst_last_pkt_time":1741282759623762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759623762,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgyAxAAEARHezAqAMXNE1cyLarJw8ADLH6Qm7Y3Q=="} -00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759623762,"flow_src_last_pkt_time":1741282759623762,"flow_dst_last_pkt_time":1741282759623762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759623762,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46763,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759623762,"flow_src_last_pkt_time":1741282759623762,"flow_dst_last_pkt_time":1741282759623762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759623762,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46763,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759632096,"flow_src_last_pkt_time":1741282759632096,"flow_dst_last_pkt_time":1741282759632096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759632096,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40390,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759632096,"flow_dst_last_pkt_time":1741282759632096,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759632096,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgMMZAAEARf7HAqAMXEqKz9J3GJw8ADO2u1Rzt3g=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759632096,"flow_src_last_pkt_time":1741282759632096,"flow_dst_last_pkt_time":1741282759632096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759632096,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40390,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759632096,"flow_src_last_pkt_time":1741282759632096,"flow_dst_last_pkt_time":1741282759632096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759632096,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40390,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759634991,"flow_src_last_pkt_time":1741282759634991,"flow_dst_last_pkt_time":1741282759634991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759634991,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":40581,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759634991,"flow_dst_last_pkt_time":1741282759634991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759634991,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgnKJAAEARESfAqAMXA3LF0p6FJw8ADMXsXjaJGg=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759634991,"flow_src_last_pkt_time":1741282759634991,"flow_dst_last_pkt_time":1741282759634991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759634991,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":40581,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759634991,"flow_src_last_pkt_time":1741282759634991,"flow_dst_last_pkt_time":1741282759634991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759634991,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":40581,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759588978,"flow_dst_last_pkt_time":1741282759641321,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759641321,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg2DAAAHMRsndiYpcDwKgDFycPw0MADJWXKnWYUQ=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759643789,"flow_src_last_pkt_time":1741282759643789,"flow_dst_last_pkt_time":1741282759643789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759643789,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":39478,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759643789,"flow_dst_last_pkt_time":1741282759643789,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759643789,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgNa5AAEARy1XAqAMXgeP0Jpo2Jw8ADNMj3pdTCw=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759643789,"flow_src_last_pkt_time":1741282759643789,"flow_dst_last_pkt_time":1741282759643789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759643789,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":39478,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759647434,"flow_src_last_pkt_time":1741282759647434,"flow_dst_last_pkt_time":1741282759647434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759647434,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":42921,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759647434,"flow_dst_last_pkt_time":1741282759647434,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759647434,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgMMpAAEARf63AqAMXEqKz9KepJw8ADJaLf7yQfw=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759647434,"flow_src_last_pkt_time":1741282759647434,"flow_dst_last_pkt_time":1741282759647434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759647434,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":42921,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759647434,"flow_src_last_pkt_time":1741282759647434,"flow_dst_last_pkt_time":1741282759647434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759647434,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":42921,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759583825,"flow_dst_last_pkt_time":1741282759647595,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759647595,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgLNYAAHYRr2cXWo12wKgDFycPpGkADKlmuTJpNA=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759655472,"flow_src_last_pkt_time":1741282759655472,"flow_dst_last_pkt_time":1741282759655472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759655472,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":45553,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759655472,"flow_dst_last_pkt_time":1741282759655472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759655472,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgAklAAEAR1AXAqAMXAxidp7HxJw8ADNFNVWmbnw=="} -00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759655472,"flow_src_last_pkt_time":1741282759655472,"flow_dst_last_pkt_time":1741282759655472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759655472,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":45553,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759655472,"flow_src_last_pkt_time":1741282759655472,"flow_dst_last_pkt_time":1741282759655472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759655472,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":45553,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759659088,"flow_src_last_pkt_time":1741282759659088,"flow_dst_last_pkt_time":1741282759659088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759659088,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":49487,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759659088,"flow_dst_last_pkt_time":1741282759659088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759659088,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg7WdAAEARQSrAqAMXwm6GDcFPJw8ADJ3X1YqX2Q=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759659088,"flow_src_last_pkt_time":1741282759659088,"flow_dst_last_pkt_time":1741282759659088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759659088,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":49487,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -126,7 +126,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759713607,"flow_dst_last_pkt_time":1741282759758820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759758820,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgaQYAAHkRqQ8iWEmgwKgDFycPu6cADE9kl20Glg=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759763400,"flow_src_last_pkt_time":1741282759763400,"flow_dst_last_pkt_time":1741282759763400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759763400,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":47189,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759763400,"flow_dst_last_pkt_time":1741282759763400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759763400,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgzlxAAEAR1jHAqAMXD7XCyrhVJw8ADBYrGcRaQw=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759763400,"flow_src_last_pkt_time":1741282759763400,"flow_dst_last_pkt_time":1741282759763400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759763400,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":47189,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759763400,"flow_src_last_pkt_time":1741282759763400,"flow_dst_last_pkt_time":1741282759763400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759763400,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":47189,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759746285,"flow_dst_last_pkt_time":1741282759798315,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759798315,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg2E8AAHMRslhiYpcDwKgDFycPrj0ADNcyCKyNhQ=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759806487,"flow_src_last_pkt_time":1741282759806487,"flow_dst_last_pkt_time":1741282759806487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759806487,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"101.46.59.21","src_port":42764,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759806487,"flow_dst_last_pkt_time":1741282759806487,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759806487,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgtnxAAEARIE7AqAMXZS47FacMJw8ADLqXq4tnlA=="} @@ -138,7 +138,7 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759819829,"flow_src_last_pkt_time":1741282759819829,"flow_dst_last_pkt_time":1741282759819829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759819829,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":41680,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759823498,"flow_src_last_pkt_time":1741282759823498,"flow_dst_last_pkt_time":1741282759823498,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759823498,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45941,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759823498,"flow_dst_last_pkt_time":1741282759823498,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759823498,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgyChAAEARHdDAqAMXNE1cyLN1Jw8ADGv7AXZjCw=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759823498,"flow_src_last_pkt_time":1741282759823498,"flow_dst_last_pkt_time":1741282759823498,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759823498,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45941,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759823498,"flow_src_last_pkt_time":1741282759823498,"flow_dst_last_pkt_time":1741282759823498,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759823498,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45941,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759643789,"flow_dst_last_pkt_time":1741282759839037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759839037,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgPqkAAG4R1FqB4\/QmwKgDFycPmjYADNMj3pdTCw=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759845614,"flow_src_last_pkt_time":1741282759845614,"flow_dst_last_pkt_time":1741282759845614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759845614,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.100.183.43","src_port":45045,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759845614,"flow_dst_last_pkt_time":1741282759845614,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759845614,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgOmRAAEARYxrAqAMXImS3K6\/1Jw8ADK8A+qLh3g=="} @@ -150,7 +150,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759763400,"flow_dst_last_pkt_time":1741282759895611,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759895611,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgjv0AAG4RJ5EPtcLKwKgDFycPuFUADBYrGcRaQw=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759904655,"flow_src_last_pkt_time":1741282759904655,"flow_dst_last_pkt_time":1741282759904655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759904655,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37783,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759904655,"flow_dst_last_pkt_time":1741282759904655,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759904655,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgznRAAEAR1hnAqAMXD7XCypOXJw8ADPuRvwn0VA=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759904655,"flow_src_last_pkt_time":1741282759904655,"flow_dst_last_pkt_time":1741282759904655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759904655,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37783,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759904655,"flow_src_last_pkt_time":1741282759904655,"flow_dst_last_pkt_time":1741282759904655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759904655,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37783,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759949678,"flow_src_last_pkt_time":1741282759949678,"flow_dst_last_pkt_time":1741282759949678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759949678,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":46392,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1741282759949678,"flow_dst_last_pkt_time":1741282759949678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282759949678,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgblVAAEARDznAqAMXI8nVtrU4Jw8ADNq8dhIVgA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759949678,"flow_src_last_pkt_time":1741282759949678,"flow_dst_last_pkt_time":1741282759949678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282759949678,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":46392,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -163,7 +163,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759863525,"flow_dst_last_pkt_time":1741282760001607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760001607,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgZtIAAHQRqxewYcDCwKgDFycPmDEADO4OTEHRYQ=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760003636,"flow_src_last_pkt_time":1741282760003636,"flow_dst_last_pkt_time":1741282760003636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760003636,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":42726,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1741282760003636,"flow_dst_last_pkt_time":1741282760003636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760003636,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgyC5AAEARHcrAqAMXNE1cyKbmJw8ADKI4fc+9Aw=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760003636,"flow_src_last_pkt_time":1741282760003636,"flow_dst_last_pkt_time":1741282760003636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760003636,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":42726,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760003636,"flow_src_last_pkt_time":1741282760003636,"flow_dst_last_pkt_time":1741282760003636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760003636,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":42726,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759845614,"flow_dst_last_pkt_time":1741282760008816,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760008816,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgzrcAAHoR1MYiZLcrwKgDFycPr\/UADK8A+qLh3g=="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1741282759819829,"flow_dst_last_pkt_time":1741282760033803,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760033803,"pkt":"rtN2H7LXYDjgxTWhCABFAAAglgIAAHoRX6cisGS0wKgDFycPotAADMVX20BKOg=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760038171,"flow_src_last_pkt_time":1741282760038171,"flow_dst_last_pkt_time":1741282760038171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760038171,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":39220,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -193,12 +193,12 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1741282760038171,"flow_dst_last_pkt_time":1741282760304541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760304541,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg+KpAADoRiuMjydW2wKgDFycPmTQADK8g4gbxKw=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760340868,"flow_src_last_pkt_time":1741282760340868,"flow_dst_last_pkt_time":1741282760340868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760340868,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":44205,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1741282760340868,"flow_dst_last_pkt_time":1741282760340868,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760340868,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg\/xpAAEARlUDAqAMXDXzVNqytJw8ADE93tF2B0g=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760340868,"flow_src_last_pkt_time":1741282760340868,"flow_dst_last_pkt_time":1741282760340868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760340868,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":44205,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760340868,"flow_src_last_pkt_time":1741282760340868,"flow_dst_last_pkt_time":1741282760340868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760340868,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":44205,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1741282760053134,"flow_dst_last_pkt_time":1741282760350361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760350361,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg9RZAACgRoe9BNLbTwKgDFycPq1gADGCE69MlTw=="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1741282760193204,"flow_dst_last_pkt_time":1741282760367821,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760367821,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgMmkAAGkRodUU7aTiwKgDFycPu48ADNhcLlqY8Q=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760375944,"flow_src_last_pkt_time":1741282760375944,"flow_dst_last_pkt_time":1741282760375944,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760375944,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37008,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1741282760375944,"flow_dst_last_pkt_time":1741282760375944,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760375944,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgzuFAAEAR1azAqAMXD7XCypCQJw8ADLKbvPZCZQ=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760375944,"flow_src_last_pkt_time":1741282760375944,"flow_dst_last_pkt_time":1741282760375944,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760375944,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37008,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760375944,"flow_src_last_pkt_time":1741282760375944,"flow_dst_last_pkt_time":1741282760375944,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760375944,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37008,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1741282760375944,"flow_dst_last_pkt_time":1741282760509403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760509403,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgjz8AAG4RJ08PtcLKwKgDFycPkJAADLKbvPZCZQ=="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1741282760340868,"flow_dst_last_pkt_time":1741282760582415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282760582415,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg3slAADARxZENfNU2wKgDFycPrK0ADE93tF2B0g=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760645927,"flow_src_last_pkt_time":1741282760645927,"flow_dst_last_pkt_time":1741282760645927,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282760645927,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"103.198.202.8","src_port":49429,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -235,10 +235,10 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1741282761133394,"flow_dst_last_pkt_time":1741282761286379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282761286379,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgGG4AAGoRFoViYPu6wKgDFycPuGMADD78yYb2BQ=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566157,"flow_src_last_pkt_time":1741282764566157,"flow_dst_last_pkt_time":1741282764566157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764566157,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38459,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764566157,"flow_dst_last_pkt_time":1741282764566157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764566157,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgM0VAAEARfTLAqAMXEqKz9JY7Jw8ADIw\/zMBfNQ=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566157,"flow_src_last_pkt_time":1741282764566157,"flow_dst_last_pkt_time":1741282764566157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764566157,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38459,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566157,"flow_src_last_pkt_time":1741282764566157,"flow_dst_last_pkt_time":1741282764566157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764566157,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38459,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566214,"flow_src_last_pkt_time":1741282764566214,"flow_dst_last_pkt_time":1741282764566214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764566214,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":43552,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764566214,"flow_dst_last_pkt_time":1741282764566214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764566214,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgFFZAAEARuAvAqAMXErmX86ogJw8ADCftzCjMJA=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566214,"flow_src_last_pkt_time":1741282764566214,"flow_dst_last_pkt_time":1741282764566214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764566214,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":43552,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566214,"flow_src_last_pkt_time":1741282764566214,"flow_dst_last_pkt_time":1741282764566214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764566214,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":43552,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566243,"flow_src_last_pkt_time":1741282764566243,"flow_dst_last_pkt_time":1741282764566243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764566243,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":42232,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764566243,"flow_dst_last_pkt_time":1741282764566243,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764566243,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg6E5AAEAR1O\/AqAMXFO2k4qT4Jw8ADCqStJrXEg=="} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566243,"flow_src_last_pkt_time":1741282764566243,"flow_dst_last_pkt_time":1741282764566243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764566243,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":42232,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -254,23 +254,23 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764596080,"flow_src_last_pkt_time":1741282764596080,"flow_dst_last_pkt_time":1741282764596080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764596080,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":49704,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764601255,"flow_src_last_pkt_time":1741282764601255,"flow_dst_last_pkt_time":1741282764601255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764601255,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":46385,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764601255,"flow_dst_last_pkt_time":1741282764601255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764601255,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgFFdAAEARuArAqAMXErmX87UxJw8ADEYSGe5VKQ=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764601255,"flow_src_last_pkt_time":1741282764601255,"flow_dst_last_pkt_time":1741282764601255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764601255,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":46385,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764601255,"flow_src_last_pkt_time":1741282764601255,"flow_dst_last_pkt_time":1741282764601255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764601255,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":46385,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764608860,"flow_src_last_pkt_time":1741282764608860,"flow_dst_last_pkt_time":1741282764608860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764608860,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":37678,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764608860,"flow_dst_last_pkt_time":1741282764608860,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764608860,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgOblAAEAReXjAqAMXF1qsgpMuJw8ADBjrmacLag=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764608860,"flow_src_last_pkt_time":1741282764608860,"flow_dst_last_pkt_time":1741282764608860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764608860,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":37678,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764601255,"flow_dst_last_pkt_time":1741282764620433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764620433,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgk8BAADgRQKESuZfzwKgDFycPtTEADEYSGe5VKQ=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764625398,"flow_src_last_pkt_time":1741282764625398,"flow_dst_last_pkt_time":1741282764625398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764625398,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":48031,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764625398,"flow_dst_last_pkt_time":1741282764625398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764625398,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgzGFAAEARGZfAqAMXNE1cyLufJw8ADEbjiMf4pw=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764625398,"flow_src_last_pkt_time":1741282764625398,"flow_dst_last_pkt_time":1741282764625398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764625398,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":48031,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764625398,"flow_src_last_pkt_time":1741282764625398,"flow_dst_last_pkt_time":1741282764625398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764625398,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":48031,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764631000,"flow_src_last_pkt_time":1741282764631000,"flow_dst_last_pkt_time":1741282764631000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764631000,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":38633,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764631000,"flow_dst_last_pkt_time":1741282764631000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764631000,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgXKlAAEARrmzAqAMXIlhJoJbpJw8ADCdYoJ5KLw=="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764631000,"flow_src_last_pkt_time":1741282764631000,"flow_dst_last_pkt_time":1741282764631000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764631000,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":38633,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764633295,"flow_src_last_pkt_time":1741282764633295,"flow_dst_last_pkt_time":1741282764633295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764633295,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38761,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764633295,"flow_dst_last_pkt_time":1741282764633295,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764633295,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgM1pAAEARfR3AqAMXEqKz9JdpJw8ADHGxNkYPEA=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764633295,"flow_src_last_pkt_time":1741282764633295,"flow_dst_last_pkt_time":1741282764633295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764633295,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38761,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764633295,"flow_src_last_pkt_time":1741282764633295,"flow_dst_last_pkt_time":1741282764633295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764633295,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38761,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764635747,"flow_src_last_pkt_time":1741282764635747,"flow_dst_last_pkt_time":1741282764635747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764635747,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":39858,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764635747,"flow_dst_last_pkt_time":1741282764635747,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764635747,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgoKFAAEARDSjAqAMXA3LF0puyJw8ADH7BvWRz6g=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764635747,"flow_src_last_pkt_time":1741282764635747,"flow_dst_last_pkt_time":1741282764635747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764635747,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":39858,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764635747,"flow_src_last_pkt_time":1741282764635747,"flow_dst_last_pkt_time":1741282764635747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764635747,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":39858,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764592030,"flow_dst_last_pkt_time":1741282764641922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764641922,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg2QgAAHMRsZ9iYpcDwKgDFycPqlgADHMAEZfssQ=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764643916,"flow_src_last_pkt_time":1741282764643916,"flow_dst_last_pkt_time":1741282764643916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764643916,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":46109,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764643916,"flow_dst_last_pkt_time":1741282764643916,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764643916,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgN+hAAEARyRvAqAMXgeP0JrQdJw8ADNcjl\/F7yg=="} @@ -278,10 +278,10 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764586361,"flow_dst_last_pkt_time":1741282764648767,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764648767,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgMGwAAHURrNEXWo12wKgDFycPnHAADKGdtPx9LA=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764649181,"flow_src_last_pkt_time":1741282764649181,"flow_dst_last_pkt_time":1741282764649181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764649181,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38313,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764649181,"flow_dst_last_pkt_time":1741282764649181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764649181,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgM1xAAEARfRvAqAMXEqKz9JWpJw8ADOYnDzPDbA=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764649181,"flow_src_last_pkt_time":1741282764649181,"flow_dst_last_pkt_time":1741282764649181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764649181,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38313,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764649181,"flow_src_last_pkt_time":1741282764649181,"flow_dst_last_pkt_time":1741282764649181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764649181,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38313,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764656717,"flow_src_last_pkt_time":1741282764656717,"flow_dst_last_pkt_time":1741282764656717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764656717,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":43478,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764656717,"flow_dst_last_pkt_time":1741282764656717,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764656717,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgBGlAAEAR0eXAqAMXAxidp6nWJw8ADNhiJcLMTA=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764656717,"flow_src_last_pkt_time":1741282764656717,"flow_dst_last_pkt_time":1741282764656717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764656717,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":43478,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764656717,"flow_src_last_pkt_time":1741282764656717,"flow_dst_last_pkt_time":1741282764656717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764656717,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":43478,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764661173,"flow_src_last_pkt_time":1741282764661173,"flow_dst_last_pkt_time":1741282764661173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764661173,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":39502,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764661173,"flow_dst_last_pkt_time":1741282764661173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764661173,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg7uhAAEARP6nAqAMXwm6GDZpOJw8ADGAttqUbag=="} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764661173,"flow_src_last_pkt_time":1741282764661173,"flow_dst_last_pkt_time":1741282764661173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764661173,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":39502,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -297,7 +297,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764566243,"flow_dst_last_pkt_time":1741282764746215,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764746215,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgNHIAAGgRoMwU7aTiwKgDFycPpPgADCqStJrXEg=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764753493,"flow_src_last_pkt_time":1741282764753493,"flow_dst_last_pkt_time":1741282764753493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764753493,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":40959,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764753493,"flow_dst_last_pkt_time":1741282764753493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764753493,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0eVAAEAR0qjAqAMXD7XCyp\/\/Jw8ADEB\/qvS3FA=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764753493,"flow_src_last_pkt_time":1741282764753493,"flow_dst_last_pkt_time":1741282764753493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764753493,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":40959,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764753493,"flow_src_last_pkt_time":1741282764753493,"flow_dst_last_pkt_time":1741282764753493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764753493,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":40959,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764753531,"flow_src_last_pkt_time":1741282764753531,"flow_dst_last_pkt_time":1741282764753531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764753531,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"101.46.59.21","src_port":49407,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764753531,"flow_dst_last_pkt_time":1741282764753531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764753531,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgua9AAEARHRvAqAMXZS47FcD\/Jw8ADHUCqnyURQ=="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764753531,"flow_src_last_pkt_time":1741282764753531,"flow_dst_last_pkt_time":1741282764753531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764753531,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"101.46.59.21","src_port":49407,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -306,7 +306,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764596080,"flow_dst_last_pkt_time":1741282764811233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764811233,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgl\/8AADoRnaoisGS0wKgDFycPwigADG3ItHSpPQ=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764812739,"flow_src_last_pkt_time":1741282764812739,"flow_dst_last_pkt_time":1741282764812739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764812739,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":41578,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764812739,"flow_dst_last_pkt_time":1741282764812739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764812739,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgzHdAAEARGYHAqAMXNE1cyKJqJw8ADA2D4cryOQ=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764812739,"flow_src_last_pkt_time":1741282764812739,"flow_dst_last_pkt_time":1741282764812739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764812739,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":41578,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764812739,"flow_src_last_pkt_time":1741282764812739,"flow_dst_last_pkt_time":1741282764812739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764812739,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":41578,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764819574,"flow_src_last_pkt_time":1741282764819574,"flow_dst_last_pkt_time":1741282764819574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764819574,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.96.251.186","src_port":43653,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764819574,"flow_dst_last_pkt_time":1741282764819574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764819574,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgnClAAEARfMnAqAMXYmD7uqqFJw8ADFjiydPpsA=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764819574,"flow_src_last_pkt_time":1741282764819574,"flow_dst_last_pkt_time":1741282764819574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764819574,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.96.251.186","src_port":43653,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -325,7 +325,7 @@ 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764889664,"flow_src_last_pkt_time":1741282764889664,"flow_dst_last_pkt_time":1741282764889664,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764889664,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"40.115.242.242","src_port":45458,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764890022,"flow_src_last_pkt_time":1741282764890022,"flow_dst_last_pkt_time":1741282764890022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764890022,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49819,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764890022,"flow_dst_last_pkt_time":1741282764890022,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764890022,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0ftAAEAR0pLAqAMXD7XCysKbJw8ADHwvXwektQ=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764890022,"flow_src_last_pkt_time":1741282764890022,"flow_dst_last_pkt_time":1741282764890022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764890022,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49819,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764890022,"flow_src_last_pkt_time":1741282764890022,"flow_dst_last_pkt_time":1741282764890022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764890022,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49819,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764656717,"flow_dst_last_pkt_time":1741282764956460,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764956460,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgy4JAADIRGMwDGJ2nwKgDFycPqdYADNhiJcLMTA=="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764819574,"flow_dst_last_pkt_time":1741282764970937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764970937,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgGLoAAGoRFjliYPu6wKgDFycPqoUADFjiydPpsA=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764971880,"flow_src_last_pkt_time":1741282764971880,"flow_dst_last_pkt_time":1741282764971880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764971880,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":48217,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -337,7 +337,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764812739,"flow_dst_last_pkt_time":1741282764981417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764981417,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg\/4ZAADQR8nE0TVzIwKgDFycPomoADA2D4cryOQ=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764988888,"flow_src_last_pkt_time":1741282764988888,"flow_dst_last_pkt_time":1741282764988888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764988888,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49500,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1741282764988888,"flow_dst_last_pkt_time":1741282764988888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282764988888,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgzH9AAEARGXnAqAMXNE1cyMFcJw8ADJr\/DsYY0A=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764988888,"flow_src_last_pkt_time":1741282764988888,"flow_dst_last_pkt_time":1741282764988888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764988888,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49500,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764988888,"flow_src_last_pkt_time":1741282764988888,"flow_dst_last_pkt_time":1741282764988888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282764988888,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49500,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764866308,"flow_dst_last_pkt_time":1741282765002454,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765002454,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgaYYAAHQRqGOwYcDCwKgDFycPqaEADGWeScxK1w=="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764845472,"flow_dst_last_pkt_time":1741282765002918,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765002918,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg0RYAADoREmgiZLcrwKgDFycPrGoADLG8bA5xQg=="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764890022,"flow_dst_last_pkt_time":1741282765019222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765019222,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgkMUAAG4RJckPtcLKwKgDFycPwpsADHwvXwektQ=="} @@ -365,7 +365,7 @@ 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765199333,"flow_src_last_pkt_time":1741282765199333,"flow_dst_last_pkt_time":1741282765199333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282765199333,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.195.224.215","src_port":40074,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765200277,"flow_src_last_pkt_time":1741282765200277,"flow_dst_last_pkt_time":1741282765200277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282765200277,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":39588,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1741282765200277,"flow_dst_last_pkt_time":1741282765200277,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765200277,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgASlAAEARkzLAqAMXDXzVNpqkJw8ADAuMgKALhA=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765200277,"flow_src_last_pkt_time":1741282765200277,"flow_dst_last_pkt_time":1741282765200277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282765200277,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":39588,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765200277,"flow_src_last_pkt_time":1741282765200277,"flow_dst_last_pkt_time":1741282765200277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282765200277,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":39588,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1741282764971880,"flow_dst_last_pkt_time":1741282765235455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765235455,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg+4ZAADoRiAcjydW2wKgDFycPvFkADFKmL2LdJQ=="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1741282765039585,"flow_dst_last_pkt_time":1741282765302452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765302452,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg+45AADoRh\/8jydW2wKgDFycPszMADJdOy9AFNQ=="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1741282765059134,"flow_dst_last_pkt_time":1741282765358742,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765358742,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg+fBAACURoBVBNLbTwKgDFycPlLYADD98Y+Dk7A=="} @@ -373,7 +373,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1741282765199333,"flow_dst_last_pkt_time":1741282765404690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765404690,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgzh8AAGsRyFMUw+DXwKgDFycPnIoADPa9gKALhA=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765409487,"flow_src_last_pkt_time":1741282765409487,"flow_dst_last_pkt_time":1741282765409487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282765409487,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46825,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1741282765409487,"flow_dst_last_pkt_time":1741282765409487,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765409487,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0fxAAEAR0pHAqAMXD7XCyrbpJw8ADHDOHF\/+cA=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765409487,"flow_src_last_pkt_time":1741282765409487,"flow_dst_last_pkt_time":1741282765409487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282765409487,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46825,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765409487,"flow_src_last_pkt_time":1741282765409487,"flow_dst_last_pkt_time":1741282765409487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282765409487,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46825,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_src_last_pkt_time":1741282765200277,"flow_dst_last_pkt_time":1741282765441229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765441229,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg4OxAADARw24NfNU2wKgDFycPmqQADAuMgKALhA=="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765448658,"flow_src_last_pkt_time":1741282765448658,"flow_dst_last_pkt_time":1741282765448658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282765448658,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.249.1.0","src_port":38354,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1741282765448658,"flow_dst_last_pkt_time":1741282765448658,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282765448658,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgDF1AAEARVLjAqAMXFPkBAJXSJw8ADNJtsfPk2g=="} @@ -413,10 +413,10 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":1741282766093605,"flow_dst_last_pkt_time":1741282766244263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282766244263,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgGMEAAGoRFjJiYPu6wKgDFycPwYYADAwKzSscMA=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562505,"flow_src_last_pkt_time":1741282769562505,"flow_dst_last_pkt_time":1741282769562505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769562505,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39859,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769562505,"flow_dst_last_pkt_time":1741282769562505,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769562505,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgN7RAAEAReMPAqAMXEqKz9JuzJw8ADN4NwGYUSQ=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562505,"flow_src_last_pkt_time":1741282769562505,"flow_dst_last_pkt_time":1741282769562505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769562505,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39859,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562505,"flow_src_last_pkt_time":1741282769562505,"flow_dst_last_pkt_time":1741282769562505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769562505,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39859,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562574,"flow_src_last_pkt_time":1741282769562574,"flow_dst_last_pkt_time":1741282769562574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769562574,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39236,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769562574,"flow_dst_last_pkt_time":1741282769562574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769562574,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgF3RAAEARtO3AqAMXErmX85lEJw8ADD9z5iSrfg=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562574,"flow_src_last_pkt_time":1741282769562574,"flow_dst_last_pkt_time":1741282769562574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769562574,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39236,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562574,"flow_src_last_pkt_time":1741282769562574,"flow_dst_last_pkt_time":1741282769562574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769562574,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39236,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562603,"flow_src_last_pkt_time":1741282769562603,"flow_dst_last_pkt_time":1741282769562603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769562603,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":41423,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769562603,"flow_dst_last_pkt_time":1741282769562603,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769562603,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg6dBAAEAR023AqAMXFO2k4qHPJw8ADIzsUAzcbw=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562603,"flow_src_last_pkt_time":1741282769562603,"flow_dst_last_pkt_time":1741282769562603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769562603,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":41423,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -426,7 +426,7 @@ 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769585724,"flow_src_last_pkt_time":1741282769585724,"flow_dst_last_pkt_time":1741282769585724,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769585724,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.141.118","src_port":38514,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769587005,"flow_src_last_pkt_time":1741282769587005,"flow_dst_last_pkt_time":1741282769587005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769587005,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39779,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769587005,"flow_dst_last_pkt_time":1741282769587005,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769587005,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgF39AAEARtOLAqAMXErmX85tjJw8ADNV6X5CZ7A=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769587005,"flow_src_last_pkt_time":1741282769587005,"flow_dst_last_pkt_time":1741282769587005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769587005,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39779,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769587005,"flow_src_last_pkt_time":1741282769587005,"flow_dst_last_pkt_time":1741282769587005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769587005,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39779,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769593350,"flow_src_last_pkt_time":1741282769593350,"flow_dst_last_pkt_time":1741282769593350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769593350,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.98.151.3","src_port":41897,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769593350,"flow_dst_last_pkt_time":1741282769593350,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769593350,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgbuBAAEARDsjAqAMXYmKXA6OpJw8ADAUzZhsMqg=="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769593350,"flow_src_last_pkt_time":1741282769593350,"flow_dst_last_pkt_time":1741282769593350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769593350,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.98.151.3","src_port":41897,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -442,13 +442,13 @@ 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769611238,"flow_src_last_pkt_time":1741282769611238,"flow_dst_last_pkt_time":1741282769611238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769611238,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":48516,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769626403,"flow_src_last_pkt_time":1741282769626403,"flow_dst_last_pkt_time":1741282769626403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769626403,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45904,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769626403,"flow_dst_last_pkt_time":1741282769626403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769626403,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgzblAAEARGD\/AqAMXNE1cyLNQJw8ADMe3rBBc2Q=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769626403,"flow_src_last_pkt_time":1741282769626403,"flow_dst_last_pkt_time":1741282769626403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769626403,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45904,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769626403,"flow_src_last_pkt_time":1741282769626403,"flow_dst_last_pkt_time":1741282769626403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769626403,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45904,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769633468,"flow_src_last_pkt_time":1741282769633468,"flow_dst_last_pkt_time":1741282769633468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769633468,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49078,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769633468,"flow_dst_last_pkt_time":1741282769633468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769633468,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgN7dAAEAReMDAqAMXEqKz9L+2Jw8ADJgCOwu7rA=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769633468,"flow_src_last_pkt_time":1741282769633468,"flow_dst_last_pkt_time":1741282769633468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769633468,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49078,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769633468,"flow_src_last_pkt_time":1741282769633468,"flow_dst_last_pkt_time":1741282769633468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769633468,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49078,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769635425,"flow_src_last_pkt_time":1741282769635425,"flow_dst_last_pkt_time":1741282769635425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769635425,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":48164,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769635425,"flow_dst_last_pkt_time":1741282769635425,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769635425,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgo3hAAEARClHAqAMXA3LF0rwkJw8ADHQuxB1XUg=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769635425,"flow_src_last_pkt_time":1741282769635425,"flow_dst_last_pkt_time":1741282769635425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769635425,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":48164,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769635425,"flow_src_last_pkt_time":1741282769635425,"flow_dst_last_pkt_time":1741282769635425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769635425,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":48164,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769643773,"flow_src_last_pkt_time":1741282769643773,"flow_dst_last_pkt_time":1741282769643773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769643773,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":48710,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769643773,"flow_dst_last_pkt_time":1741282769643773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769643773,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgPOVAAEARxB7AqAMXgeP0Jr5GJw8ADJg2iUS\/Ow=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769643773,"flow_src_last_pkt_time":1741282769643773,"flow_dst_last_pkt_time":1741282769643773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769643773,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":48710,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -456,11 +456,11 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_src_last_pkt_time":1741282769593350,"flow_dst_last_pkt_time":1741282769646314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769646314,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg3S4AAHMRrXliYpcDwKgDFycPo6kADAUzZhsMqg=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769649825,"flow_src_last_pkt_time":1741282769649825,"flow_dst_last_pkt_time":1741282769649825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769649825,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40431,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769649825,"flow_dst_last_pkt_time":1741282769649825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769649825,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgN7hAAEAReL\/AqAMXEqKz9J3vJw8ADPupiawrKw=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769649825,"flow_src_last_pkt_time":1741282769649825,"flow_dst_last_pkt_time":1741282769649825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769649825,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40431,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769649825,"flow_src_last_pkt_time":1741282769649825,"flow_dst_last_pkt_time":1741282769649825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769649825,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40431,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1741282769611238,"flow_dst_last_pkt_time":1741282769653546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769653546,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgbXMAAHkRpKIiWEmgwKgDFycPvYQADKuAEiAt6g=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769659682,"flow_src_last_pkt_time":1741282769659682,"flow_dst_last_pkt_time":1741282769659682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769659682,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":46332,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769659682,"flow_dst_last_pkt_time":1741282769659682,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769659682,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgBsBAAEARz47AqAMXAxidp7T8Jw8ADL8TIVTe4w=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769659682,"flow_src_last_pkt_time":1741282769659682,"flow_dst_last_pkt_time":1741282769659682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769659682,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":46332,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769659682,"flow_src_last_pkt_time":1741282769659682,"flow_dst_last_pkt_time":1741282769659682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769659682,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":46332,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769659721,"flow_src_last_pkt_time":1741282769659721,"flow_dst_last_pkt_time":1741282769659721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769659721,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.155.128.54","src_port":39432,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769659721,"flow_dst_last_pkt_time":1741282769659721,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769659721,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgp\/ZAAEARLEbAqAMXIpuANpoIJw8ADNf1IVTe4w=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769659721,"flow_src_last_pkt_time":1741282769659721,"flow_dst_last_pkt_time":1741282769659721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769659721,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.155.128.54","src_port":39432,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -485,11 +485,11 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_src_last_pkt_time":1741282769562603,"flow_dst_last_pkt_time":1741282769783576,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769783576,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgNWQAAGgRn9oU7aTiwKgDFycPoc8ADIzsUAzcbw=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769787752,"flow_src_last_pkt_time":1741282769787752,"flow_dst_last_pkt_time":1741282769787752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769787752,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":45088,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769787752,"flow_dst_last_pkt_time":1741282769787752,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769787752,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0uRAAEAR0anAqAMXD7XCyrAgJw8ADGA63exUQA=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769787752,"flow_src_last_pkt_time":1741282769787752,"flow_dst_last_pkt_time":1741282769787752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769787752,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":45088,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769787752,"flow_src_last_pkt_time":1741282769787752,"flow_dst_last_pkt_time":1741282769787752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769787752,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":45088,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_src_last_pkt_time":1741282769626403,"flow_dst_last_pkt_time":1741282769796107,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769796107,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgAblAADQR8D80TVzIwKgDFycPs1AADMe3rBBc2Q=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769799880,"flow_src_last_pkt_time":1741282769799880,"flow_dst_last_pkt_time":1741282769799880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769799880,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49928,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769799880,"flow_dst_last_pkt_time":1741282769799880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769799880,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgzeNAAEARGBXAqAMXNE1cyMMIJw8ADJ6xnzeDAA=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769799880,"flow_src_last_pkt_time":1741282769799880,"flow_dst_last_pkt_time":1741282769799880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769799880,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49928,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769799880,"flow_src_last_pkt_time":1741282769799880,"flow_dst_last_pkt_time":1741282769799880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769799880,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49928,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_src_last_pkt_time":1741282769596208,"flow_dst_last_pkt_time":1741282769812847,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769812847,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgmyYAAHoRWoMisGS0wKgDFycPwxYADHam9VhejQ=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769816957,"flow_src_last_pkt_time":1741282769816957,"flow_dst_last_pkt_time":1741282769816957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769816957,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.96.251.186","src_port":48544,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769816957,"flow_dst_last_pkt_time":1741282769816957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769816957,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgoDlAAEAReLnAqAMXYmD7ur2gJw8ADC8zNSeU8Q=="} @@ -509,7 +509,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_src_last_pkt_time":1741282769787752,"flow_dst_last_pkt_time":1741282769919328,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769919328,"pkt":"rtN2H7LXYDjgxTWhCABFAAAglDAAAG4RIl4PtcLKwKgDFycPsCAADGA63exUQA=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769926489,"flow_src_last_pkt_time":1741282769926489,"flow_dst_last_pkt_time":1741282769926489,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769926489,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44684,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769926489,"flow_dst_last_pkt_time":1741282769926489,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769926489,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0uVAAEAR0ajAqAMXD7XCyq6MJw8ADJROdCSLiA=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769926489,"flow_src_last_pkt_time":1741282769926489,"flow_dst_last_pkt_time":1741282769926489,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769926489,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44684,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769926489,"flow_src_last_pkt_time":1741282769926489,"flow_dst_last_pkt_time":1741282769926489,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769926489,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44684,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769946582,"flow_src_last_pkt_time":1741282769946582,"flow_dst_last_pkt_time":1741282769946582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769946582,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":48644,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":1741282769946582,"flow_dst_last_pkt_time":1741282769946582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282769946582,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgd\/9AAEARBY\/AqAMXI8nVtr4EJw8ADIaEpM4yMA=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769946582,"flow_src_last_pkt_time":1741282769946582,"flow_dst_last_pkt_time":1741282769946582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282769946582,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":48644,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -530,7 +530,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_src_last_pkt_time":1741282769926489,"flow_dst_last_pkt_time":1741282770058949,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770058949,"pkt":"rtN2H7LXYDjgxTWhCABFAAAglEQAAG4RIkoPtcLKwKgDFycProwADJROdCSLiA=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770061265,"flow_src_last_pkt_time":1741282770061265,"flow_dst_last_pkt_time":1741282770061265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770061265,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46201,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1741282770061265,"flow_dst_last_pkt_time":1741282770061265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770061265,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgzgNAAEARF\/XAqAMXNE1cyLR5Jw8ADP6e9vbZ4g=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770061265,"flow_src_last_pkt_time":1741282770061265,"flow_dst_last_pkt_time":1741282770061265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770061265,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46201,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770061265,"flow_src_last_pkt_time":1741282770061265,"flow_dst_last_pkt_time":1741282770061265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770061265,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46201,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770064617,"flow_src_last_pkt_time":1741282770064617,"flow_dst_last_pkt_time":1741282770064617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770064617,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"195.181.163.225","src_port":40665,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1741282770064617,"flow_dst_last_pkt_time":1741282770064617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770064617,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgNutAAEAR2IvAqAMXw7Wj4Z7ZJw8ADF5eZalKjw=="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770064617,"flow_src_last_pkt_time":1741282770064617,"flow_dst_last_pkt_time":1741282770064617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770064617,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"195.181.163.225","src_port":40665,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -549,14 +549,14 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_src_last_pkt_time":1741282769910222,"flow_dst_last_pkt_time":1741282770208905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770208905,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgE0FAACcRYWcoc\/LywKgDFycPlDYADL2l\/LSrEA=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770215121,"flow_src_last_pkt_time":1741282770215121,"flow_dst_last_pkt_time":1741282770215121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770215121,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":38445,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":1741282770215121,"flow_dst_last_pkt_time":1741282770215121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770215121,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgBe5AAEARjm3AqAMXDXzVNpYtJw8ADML06ZHvoA=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770215121,"flow_src_last_pkt_time":1741282770215121,"flow_dst_last_pkt_time":1741282770215121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770215121,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":38445,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770215121,"flow_src_last_pkt_time":1741282770215121,"flow_dst_last_pkt_time":1741282770215121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770215121,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":38445,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_src_last_pkt_time":1741282770061265,"flow_dst_last_pkt_time":1741282770231326,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770231326,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgAe9AADQR8Ak0TVzIwKgDFycPtHkADP6e9vbZ4g=="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_src_last_pkt_time":1741282770037122,"flow_dst_last_pkt_time":1741282770303367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770303367,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg\/m5AADoRhR8jydW2wKgDFycPvb8ADEHhjQaO4A=="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_src_last_pkt_time":1741282770053816,"flow_dst_last_pkt_time":1741282770353643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770353643,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg\/WZAACURnJ9BNLbTwKgDFycPsDAADKpAFVatOA=="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1741282770199258,"flow_dst_last_pkt_time":1741282770377859,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770377859,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgNecAAGgRn1cU7aTiwKgDFycPwJkADEhEgWHQ+A=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770393033,"flow_src_last_pkt_time":1741282770393033,"flow_dst_last_pkt_time":1741282770393033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770393033,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":39270,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_src_last_pkt_time":1741282770393033,"flow_dst_last_pkt_time":1741282770393033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770393033,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0z9AAEAR0U7AqAMXD7XCyplmJw8ADFBOwauXJw=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770393033,"flow_src_last_pkt_time":1741282770393033,"flow_dst_last_pkt_time":1741282770393033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770393033,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":39270,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770393033,"flow_src_last_pkt_time":1741282770393033,"flow_dst_last_pkt_time":1741282770393033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770393033,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":39270,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_src_last_pkt_time":1741282770197977,"flow_dst_last_pkt_time":1741282770444881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770444881,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgz8kAAGMRzqkUw+DXwKgDFycPtgsADPoy+md0xg=="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_src_last_pkt_time":1741282770393033,"flow_dst_last_pkt_time":1741282770524655,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282770524655,"pkt":"rtN2H7LXYDjgxTWhCABFAAAglIoAAGwRJAQPtcLKwKgDFycPmWYADFBOwauXJw=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770530686,"flow_src_last_pkt_time":1741282770530686,"flow_dst_last_pkt_time":1741282770530686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282770530686,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"138.199.41.102","src_port":44304,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -597,10 +597,10 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_src_last_pkt_time":1741282771014845,"flow_dst_last_pkt_time":1741282771165879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282771165879,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgGsYAAGoRFC1iYPu6wKgDFycPwtEADNc5WojCWA=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573593,"flow_src_last_pkt_time":1741282774573593,"flow_dst_last_pkt_time":1741282774573593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774573593,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":41580,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774573593,"flow_dst_last_pkt_time":1741282774573593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774573593,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgPQJAAEARc3XAqAMXEqKz9KJsJw8ADH5MLbr\/\/Q=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573593,"flow_src_last_pkt_time":1741282774573593,"flow_dst_last_pkt_time":1741282774573593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774573593,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":41580,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573593,"flow_src_last_pkt_time":1741282774573593,"flow_dst_last_pkt_time":1741282774573593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774573593,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":41580,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573641,"flow_src_last_pkt_time":1741282774573641,"flow_dst_last_pkt_time":1741282774573641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774573641,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49992,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774573641,"flow_dst_last_pkt_time":1741282774573641,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774573641,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgHAdAAEARsFrAqAMXErmX88NIJw8ADHTbkFWh4Q=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573641,"flow_src_last_pkt_time":1741282774573641,"flow_dst_last_pkt_time":1741282774573641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774573641,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49992,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573641,"flow_src_last_pkt_time":1741282774573641,"flow_dst_last_pkt_time":1741282774573641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774573641,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49992,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573669,"flow_src_last_pkt_time":1741282774573669,"flow_dst_last_pkt_time":1741282774573669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774573669,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":46619,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774573669,"flow_dst_last_pkt_time":1741282774573669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774573669,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg6pJAAEAR0qvAqAMXFO2k4rYbJw8ADH9yPqDnCQ=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573669,"flow_src_last_pkt_time":1741282774573669,"flow_dst_last_pkt_time":1741282774573669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774573669,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":46619,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -619,29 +619,29 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774573641,"flow_dst_last_pkt_time":1741282774618585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774618585,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgl0xAADgRPRUSuZfzwKgDFycPw0gADHTbkFWh4Q=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774623541,"flow_src_last_pkt_time":1741282774623541,"flow_dst_last_pkt_time":1741282774623541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774623541,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":44962,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774623541,"flow_dst_last_pkt_time":1741282774623541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774623541,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgHBpAAEARsEfAqAMXErmX86+iJw8ADDZHs\/\/QcQ=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774623541,"flow_src_last_pkt_time":1741282774623541,"flow_dst_last_pkt_time":1741282774623541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774623541,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":44962,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774623541,"flow_src_last_pkt_time":1741282774623541,"flow_dst_last_pkt_time":1741282774623541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774623541,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":44962,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774626161,"flow_src_last_pkt_time":1741282774626161,"flow_dst_last_pkt_time":1741282774626161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774626161,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":39070,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774626161,"flow_dst_last_pkt_time":1741282774626161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774626161,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0MhAAEARFTDAqAMXNE1cyJieJw8ADMeVGkkJdQ=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774626161,"flow_src_last_pkt_time":1741282774626161,"flow_dst_last_pkt_time":1741282774626161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774626161,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":39070,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774626161,"flow_src_last_pkt_time":1741282774626161,"flow_dst_last_pkt_time":1741282774626161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774626161,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":39070,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774633621,"flow_src_last_pkt_time":1741282774633621,"flow_dst_last_pkt_time":1741282774633621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774633621,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39075,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774633621,"flow_dst_last_pkt_time":1741282774633621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774633621,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgPRlAAEARc17AqAMXEqKz9JijJw8ADL\/hO626Pg=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774633621,"flow_src_last_pkt_time":1741282774633621,"flow_dst_last_pkt_time":1741282774633621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774633621,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39075,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774633621,"flow_src_last_pkt_time":1741282774633621,"flow_dst_last_pkt_time":1741282774633621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774633621,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39075,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774635284,"flow_src_last_pkt_time":1741282774635284,"flow_dst_last_pkt_time":1741282774635284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774635284,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":43680,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774635284,"flow_dst_last_pkt_time":1741282774635284,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774635284,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgqFRAAEARBXXAqAMXA3LF0qqgJw8ADMztCU3K5w=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774635284,"flow_src_last_pkt_time":1741282774635284,"flow_dst_last_pkt_time":1741282774635284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774635284,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":43680,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774635284,"flow_src_last_pkt_time":1741282774635284,"flow_dst_last_pkt_time":1741282774635284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774635284,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":43680,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774643970,"flow_src_last_pkt_time":1741282774643970,"flow_dst_last_pkt_time":1741282774643970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774643970,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":37742,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774643970,"flow_dst_last_pkt_time":1741282774643970,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774643970,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgPzxAAEARwcfAqAMXgeP0JpNuJw8ADCo5O0WmEA=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774643970,"flow_src_last_pkt_time":1741282774643970,"flow_dst_last_pkt_time":1741282774643970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774643970,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":37742,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774623541,"flow_dst_last_pkt_time":1741282774649095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774649095,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgl1NAADgRPQ4SuZfzwKgDFycPr6IADDZHs\/\/QcQ=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774649302,"flow_src_last_pkt_time":1741282774649302,"flow_dst_last_pkt_time":1741282774649302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774649302,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":43812,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774649302,"flow_dst_last_pkt_time":1741282774649302,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774649302,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgPRpAAEARc13AqAMXEqKz9KskJw8ADDkWGqtPiw=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774649302,"flow_src_last_pkt_time":1741282774649302,"flow_dst_last_pkt_time":1741282774649302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774649302,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":43812,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774649302,"flow_src_last_pkt_time":1741282774649302,"flow_dst_last_pkt_time":1741282774649302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774649302,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":43812,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774652475,"flow_src_last_pkt_time":1741282774652475,"flow_dst_last_pkt_time":1741282774652475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774652475,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":42845,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774652475,"flow_dst_last_pkt_time":1741282774652475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774652475,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgZDFAAEARpuTAqAMXIlhJoKddJw8ADLUJu6iQ\/w=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774652475,"flow_src_last_pkt_time":1741282774652475,"flow_dst_last_pkt_time":1741282774652475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774652475,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":42845,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774660350,"flow_src_last_pkt_time":1741282774660350,"flow_dst_last_pkt_time":1741282774660350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774660350,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":49989,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774660350,"flow_dst_last_pkt_time":1741282774660350,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774660350,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgDE1AAEARygHAqAMXAxidp8NFJw8ADHXks5WHiA=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774660350,"flow_src_last_pkt_time":1741282774660350,"flow_dst_last_pkt_time":1741282774660350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774660350,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":49989,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774660350,"flow_src_last_pkt_time":1741282774660350,"flow_dst_last_pkt_time":1741282774660350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774660350,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":49989,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774662330,"flow_src_last_pkt_time":1741282774662330,"flow_dst_last_pkt_time":1741282774662330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774662330,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":37603,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774662330,"flow_dst_last_pkt_time":1741282774662330,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774662330,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg9ItAAEAROgbAqAMXwm6GDZLjJw8ADOnJLKsjMw=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774662330,"flow_src_last_pkt_time":1741282774662330,"flow_dst_last_pkt_time":1741282774662330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774662330,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":37603,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -662,7 +662,7 @@ 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774786171,"flow_src_last_pkt_time":1741282774786171,"flow_dst_last_pkt_time":1741282774786171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774786171,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.98.151.3","src_port":39693,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774786777,"flow_src_last_pkt_time":1741282774786777,"flow_dst_last_pkt_time":1741282774786777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774786777,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49432,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774786777,"flow_dst_last_pkt_time":1741282774786777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774786777,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg1bxAAEARztHAqAMXD7XCysEYJw8ADL9Xt\/UKIg=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774786777,"flow_src_last_pkt_time":1741282774786777,"flow_dst_last_pkt_time":1741282774786777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774786777,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49432,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774786777,"flow_src_last_pkt_time":1741282774786777,"flow_dst_last_pkt_time":1741282774786777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774786777,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49432,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774608474,"flow_dst_last_pkt_time":1741282774825911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774825911,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgnPcAAHkRWbIisGS0wKgDFycPpBwADPsuh2Rm8w=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774829394,"flow_src_last_pkt_time":1741282774829394,"flow_dst_last_pkt_time":1741282774829394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774829394,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.96.251.186","src_port":43597,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774829394,"flow_dst_last_pkt_time":1741282774829394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774829394,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgoj5AAEARdrTAqAMXYmD7uqpNJw8ADBFwx3wzsg=="} @@ -683,11 +683,11 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774626161,"flow_dst_last_pkt_time":1741282774882196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774882196,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgBCBAADQR7dg0TVzIwKgDFycPmJ4ADMeVGkkJdQ=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774885508,"flow_src_last_pkt_time":1741282774885508,"flow_dst_last_pkt_time":1741282774885508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774885508,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":44646,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774885508,"flow_dst_last_pkt_time":1741282774885508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774885508,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0P9AAEARFPnAqAMXNE1cyK5mJw8ADK8ge3+q6w=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774885508,"flow_src_last_pkt_time":1741282774885508,"flow_dst_last_pkt_time":1741282774885508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774885508,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":44646,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774885508,"flow_src_last_pkt_time":1741282774885508,"flow_dst_last_pkt_time":1741282774885508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774885508,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":44646,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774786777,"flow_dst_last_pkt_time":1741282774918825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774918825,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgltAAAGwRIb4PtcLKwKgDFycPwRgADL9Xt\/UKIg=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774927493,"flow_src_last_pkt_time":1741282774927493,"flow_dst_last_pkt_time":1741282774927493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774927493,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44328,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774927493,"flow_dst_last_pkt_time":1741282774927493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774927493,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg1b1AAEARztDAqAMXD7XCyq0oJw8ADHIwMePxSw=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774927493,"flow_src_last_pkt_time":1741282774927493,"flow_dst_last_pkt_time":1741282774927493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774927493,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44328,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774927493,"flow_src_last_pkt_time":1741282774927493,"flow_dst_last_pkt_time":1741282774927493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774927493,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44328,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774660350,"flow_dst_last_pkt_time":1741282774961978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774961978,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgz+tAADARFmMDGJ2nwKgDFycPw0UADHXks5WHiA=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774963945,"flow_src_last_pkt_time":1741282774963945,"flow_dst_last_pkt_time":1741282774963945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282774963945,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":38002,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1741282774963945,"flow_dst_last_pkt_time":1741282774963945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282774963945,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgeF1AAEARBTHAqAMXI8nVtpRyJw8ADA\/muau9gw=="} @@ -715,7 +715,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774885508,"flow_dst_last_pkt_time":1741282775075963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775075963,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgBEFAADQR7bc0TVzIwKgDFycPrmYADK8ge3+q6w=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775080271,"flow_src_last_pkt_time":1741282775080271,"flow_dst_last_pkt_time":1741282775080271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775080271,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":37972,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1741282775080271,"flow_dst_last_pkt_time":1741282775080271,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775080271,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg0RdAAEARFOHAqAMXNE1cyJRUJw8ADMO9iHyjYw=="} -00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775080271,"flow_src_last_pkt_time":1741282775080271,"flow_dst_last_pkt_time":1741282775080271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775080271,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":37972,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775080271,"flow_src_last_pkt_time":1741282775080271,"flow_dst_last_pkt_time":1741282775080271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775080271,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":37972,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_src_last_pkt_time":1741282775061459,"flow_dst_last_pkt_time":1741282775195241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775195241,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgXj0AAHMRvjnDtaPhwKgDFycPmscADMQmrlOgLg=="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774984194,"flow_dst_last_pkt_time":1741282775198691,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775198691,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgnRYAAHoRWJMisGS0wKgDFycPqeoADLGx\/xQy8g=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775202920,"flow_src_last_pkt_time":1741282775202920,"flow_dst_last_pkt_time":1741282775202920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775202920,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.195.224.215","src_port":37747,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -731,14 +731,14 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_src_last_pkt_time":1741282774980932,"flow_dst_last_pkt_time":1741282775275517,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775275517,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgF4pAACMRYR4oc\/LywKgDFycPveMADPn9udGH7g=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775279576,"flow_src_last_pkt_time":1741282775279576,"flow_dst_last_pkt_time":1741282775279576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775279576,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":45605,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":1741282775279576,"flow_dst_last_pkt_time":1741282775279576,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775279576,"pkt":"YDjgxTWhrtN2H7LXCABFAAAgBgBAAEARjlvAqAMXDXzVNrIlJw8ADDjPhtXAig=="} -00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775279576,"flow_src_last_pkt_time":1741282775279576,"flow_dst_last_pkt_time":1741282775279576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775279576,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":45605,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775279576,"flow_src_last_pkt_time":1741282775279576,"flow_dst_last_pkt_time":1741282775279576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775279576,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":45605,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":1741282775053839,"flow_dst_last_pkt_time":1741282775291004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775291004,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg\/39AACwRk4ZBNLbTwKgDFycPuKUADChatlqFpQ=="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":1741282775053790,"flow_dst_last_pkt_time":1741282775310953,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775310953,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgAX5AADoRghAjydW2wKgDFycPudYADNYGVUI2aA=="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_src_last_pkt_time":1741282775080271,"flow_dst_last_pkt_time":1741282775334578,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775334578,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgBHJAADQR7YY0TVzIwKgDFycPlFQADMO9iHyjYw=="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_src_last_pkt_time":1741282775202967,"flow_dst_last_pkt_time":1741282775420524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775420524,"pkt":"rtN2H7LXYDjgxTWhCABFAAAgNzEAAGcRnw0U7aTiwKgDFycPtwQADG\/P5AJQYQ=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775425695,"flow_src_last_pkt_time":1741282775425695,"flow_dst_last_pkt_time":1741282775425695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775425695,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46702,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":1741282775425695,"flow_dst_last_pkt_time":1741282775425695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775425695,"pkt":"YDjgxTWhrtN2H7LXCABFAAAg1fZAAEARzpfAqAMXD7XCyrZuJw8ADHfe9B0gHQ=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775425695,"flow_src_last_pkt_time":1741282775425695,"flow_dst_last_pkt_time":1741282775425695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775425695,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46702,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775425695,"flow_src_last_pkt_time":1741282775425695,"flow_dst_last_pkt_time":1741282775425695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282775425695,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46702,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1741282775202920,"flow_dst_last_pkt_time":1741282775444051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775444051,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg0akAAGMRzMkUw+DXwKgDFycPk3MADFeV5AJQYQ=="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1741282775279576,"flow_dst_last_pkt_time":1741282775541518,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775541518,"pkt":"rtN2H7LXYDjgxTWhCABFAAAg5eRAADARvnYNfNU2wKgDFycPsiUADDjPhtXAig=="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_src_last_pkt_time":1741282775425695,"flow_dst_last_pkt_time":1741282775556725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1741282775556725,"pkt":"rtN2H7LXYDjgxTWhCABFAAAglysAAGwRIWMPtcLKwKgDFycPtm4ADHfe9B0gHQ=="} @@ -781,75 +781,75 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769659721,"flow_src_last_pkt_time":1741282769659721,"flow_dst_last_pkt_time":1741282769687329,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.155.128.54","src_port":39432,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764680995,"flow_src_last_pkt_time":1741282764680995,"flow_dst_last_pkt_time":1741282764710702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.155.128.54","src_port":39470,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775927854,"flow_src_last_pkt_time":1741282775927854,"flow_dst_last_pkt_time":1741282776031488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"121.127.42.118","src_port":46627,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764649181,"flow_src_last_pkt_time":1741282764649181,"flow_dst_last_pkt_time":1741282764649181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38313,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764649181,"flow_src_last_pkt_time":1741282764649181,"flow_dst_last_pkt_time":1741282764649181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38313,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770648520,"flow_src_last_pkt_time":1741282770648520,"flow_dst_last_pkt_time":1741282770752892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"121.127.42.118","src_port":47274,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566157,"flow_src_last_pkt_time":1741282764566157,"flow_dst_last_pkt_time":1741282764566157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38459,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764633295,"flow_src_last_pkt_time":1741282764633295,"flow_dst_last_pkt_time":1741282764633295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38761,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764566157,"flow_src_last_pkt_time":1741282764566157,"flow_dst_last_pkt_time":1741282764566157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38459,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764633295,"flow_src_last_pkt_time":1741282764633295,"flow_dst_last_pkt_time":1741282764633295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":38761,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770907972,"flow_src_last_pkt_time":1741282770907972,"flow_dst_last_pkt_time":1741282771011123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"121.127.42.118","src_port":47921,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774633621,"flow_src_last_pkt_time":1741282774633621,"flow_dst_last_pkt_time":1741282774633621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39075,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562505,"flow_src_last_pkt_time":1741282769562505,"flow_dst_last_pkt_time":1741282769562505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39859,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759632096,"flow_src_last_pkt_time":1741282759632096,"flow_dst_last_pkt_time":1741282759632096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40390,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769649825,"flow_src_last_pkt_time":1741282769649825,"flow_dst_last_pkt_time":1741282769649825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40431,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764656717,"flow_src_last_pkt_time":1741282764656717,"flow_dst_last_pkt_time":1741282764956460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":43478,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774633621,"flow_src_last_pkt_time":1741282774633621,"flow_dst_last_pkt_time":1741282774633621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39075,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769562505,"flow_src_last_pkt_time":1741282769562505,"flow_dst_last_pkt_time":1741282769562505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":39859,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759632096,"flow_src_last_pkt_time":1741282759632096,"flow_dst_last_pkt_time":1741282759632096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40390,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769649825,"flow_src_last_pkt_time":1741282769649825,"flow_dst_last_pkt_time":1741282769649825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":40431,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764656717,"flow_src_last_pkt_time":1741282764656717,"flow_dst_last_pkt_time":1741282764956460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":43478,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759594446,"flow_src_last_pkt_time":1741282759594446,"flow_dst_last_pkt_time":1741282759809580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":37686,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573593,"flow_src_last_pkt_time":1741282774573593,"flow_dst_last_pkt_time":1741282774573593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":41580,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774573593,"flow_src_last_pkt_time":1741282774573593,"flow_dst_last_pkt_time":1741282774573593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":41580,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765800540,"flow_src_last_pkt_time":1741282765800540,"flow_dst_last_pkt_time":1741282765918822,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"45.33.103.81","src_port":42026,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760375944,"flow_src_last_pkt_time":1741282760375944,"flow_dst_last_pkt_time":1741282760509403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37008,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760375944,"flow_src_last_pkt_time":1741282760375944,"flow_dst_last_pkt_time":1741282760509403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37008,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769748692,"flow_src_last_pkt_time":1741282769748692,"flow_dst_last_pkt_time":1741282769748692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"101.46.59.21","src_port":39141,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770785386,"flow_src_last_pkt_time":1741282770785386,"flow_dst_last_pkt_time":1741282770903342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"45.33.103.81","src_port":42677,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759904655,"flow_src_last_pkt_time":1741282759904655,"flow_dst_last_pkt_time":1741282760039215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37783,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759904655,"flow_src_last_pkt_time":1741282759904655,"flow_dst_last_pkt_time":1741282760039215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":37783,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765059134,"flow_src_last_pkt_time":1741282765059134,"flow_dst_last_pkt_time":1741282765358742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"65.52.182.211","src_port":38070,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759647434,"flow_src_last_pkt_time":1741282759647434,"flow_dst_last_pkt_time":1741282759647434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":42921,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759655472,"flow_src_last_pkt_time":1741282759655472,"flow_dst_last_pkt_time":1741282759958679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":45553,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769659682,"flow_src_last_pkt_time":1741282769659682,"flow_dst_last_pkt_time":1741282769960861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":46332,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774649302,"flow_src_last_pkt_time":1741282774649302,"flow_dst_last_pkt_time":1741282774649302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":43812,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770393033,"flow_src_last_pkt_time":1741282770393033,"flow_dst_last_pkt_time":1741282770524655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":39270,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759647434,"flow_src_last_pkt_time":1741282759647434,"flow_dst_last_pkt_time":1741282759647434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":42921,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759655472,"flow_src_last_pkt_time":1741282759655472,"flow_dst_last_pkt_time":1741282759958679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":45553,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769659682,"flow_src_last_pkt_time":1741282769659682,"flow_dst_last_pkt_time":1741282769960861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":46332,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774649302,"flow_src_last_pkt_time":1741282774649302,"flow_dst_last_pkt_time":1741282774649302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":43812,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770393033,"flow_src_last_pkt_time":1741282770393033,"flow_dst_last_pkt_time":1741282770524655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":39270,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759670564,"flow_src_last_pkt_time":1741282759670564,"flow_dst_last_pkt_time":1741282759702597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.155.128.54","src_port":46317,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775061459,"flow_src_last_pkt_time":1741282775061459,"flow_dst_last_pkt_time":1741282775195241,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"195.181.163.225","src_port":39623,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764978448,"flow_src_last_pkt_time":1741282764978448,"flow_dst_last_pkt_time":1741282765194226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":41387,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769562574,"flow_src_last_pkt_time":1741282769562574,"flow_dst_last_pkt_time":1741282769583602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39236,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769562574,"flow_src_last_pkt_time":1741282769562574,"flow_dst_last_pkt_time":1741282769583602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39236,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759819829,"flow_src_last_pkt_time":1741282759819829,"flow_dst_last_pkt_time":1741282760033803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":41680,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774608474,"flow_src_last_pkt_time":1741282774608474,"flow_dst_last_pkt_time":1741282774825911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":42012,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775806894,"flow_src_last_pkt_time":1741282775806894,"flow_dst_last_pkt_time":1741282775922040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"45.33.103.81","src_port":45864,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769587005,"flow_src_last_pkt_time":1741282769587005,"flow_dst_last_pkt_time":1741282769607561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39779,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769587005,"flow_src_last_pkt_time":1741282769587005,"flow_dst_last_pkt_time":1741282769607561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":39779,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770064617,"flow_src_last_pkt_time":1741282770064617,"flow_dst_last_pkt_time":1741282770193030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"195.181.163.225","src_port":40665,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764753493,"flow_src_last_pkt_time":1741282764753493,"flow_dst_last_pkt_time":1741282764883971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":40959,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764753493,"flow_src_last_pkt_time":1741282764753493,"flow_dst_last_pkt_time":1741282764883971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":40959,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759806487,"flow_src_last_pkt_time":1741282759806487,"flow_dst_last_pkt_time":1741282759806487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"101.46.59.21","src_port":42764,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775202920,"flow_src_last_pkt_time":1741282775202920,"flow_dst_last_pkt_time":1741282775444051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.195.224.215","src_port":37747,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774715615,"flow_src_last_pkt_time":1741282774715615,"flow_dst_last_pkt_time":1741282774769011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.155.128.54","src_port":48196,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775564700,"flow_src_last_pkt_time":1741282775564700,"flow_dst_last_pkt_time":1741282775670336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"138.199.41.102","src_port":37181,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774984194,"flow_src_last_pkt_time":1741282774984194,"flow_dst_last_pkt_time":1741282775198691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":43498,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282774841011,"flow_src_last_pkt_time":1741282774841011,"flow_dst_last_pkt_time":1741282774841011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"101.46.59.21","src_port":43985,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774660350,"flow_src_last_pkt_time":1741282774660350,"flow_dst_last_pkt_time":1741282774961978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":49989,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774660350,"flow_src_last_pkt_time":1741282774660350,"flow_dst_last_pkt_time":1741282774961978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.24.157.167","src_port":49989,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774963945,"flow_src_last_pkt_time":1741282774963945,"flow_dst_last_pkt_time":1741282775220732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":38002,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775671108,"flow_src_last_pkt_time":1741282775671108,"flow_dst_last_pkt_time":1741282775735810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"103.198.202.8","src_port":38712,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760886770,"flow_src_last_pkt_time":1741282760886770,"flow_dst_last_pkt_time":1741282761005330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"45.33.103.81","src_port":48276,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760053134,"flow_src_last_pkt_time":1741282760053134,"flow_dst_last_pkt_time":1741282760350361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"65.52.182.211","src_port":43864,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765199333,"flow_src_last_pkt_time":1741282765199333,"flow_dst_last_pkt_time":1741282765404690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.195.224.215","src_port":40074,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775080271,"flow_src_last_pkt_time":1741282775080271,"flow_dst_last_pkt_time":1741282775334578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":37972,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769633468,"flow_src_last_pkt_time":1741282769633468,"flow_dst_last_pkt_time":1741282769633468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49078,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775080271,"flow_src_last_pkt_time":1741282775080271,"flow_dst_last_pkt_time":1741282775334578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":37972,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282769633468,"flow_src_last_pkt_time":1741282769633468,"flow_dst_last_pkt_time":1741282769633468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49078,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765567304,"flow_src_last_pkt_time":1741282765567304,"flow_dst_last_pkt_time":1741282765674003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"138.199.41.102","src_port":39572,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563893,"flow_src_last_pkt_time":1741282759563893,"flow_dst_last_pkt_time":1741282759563893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49183,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774927493,"flow_src_last_pkt_time":1741282774927493,"flow_dst_last_pkt_time":1741282775057725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44328,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282759563893,"flow_src_last_pkt_time":1741282759563893,"flow_dst_last_pkt_time":1741282759563893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.162.179.244","src_port":49183,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774927493,"flow_src_last_pkt_time":1741282774927493,"flow_dst_last_pkt_time":1741282775057725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44328,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760038171,"flow_src_last_pkt_time":1741282760038171,"flow_dst_last_pkt_time":1741282760304541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":39220,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764566214,"flow_src_last_pkt_time":1741282764566214,"flow_dst_last_pkt_time":1741282764586788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":43552,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769926489,"flow_src_last_pkt_time":1741282769926489,"flow_dst_last_pkt_time":1741282770058949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44684,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764566214,"flow_src_last_pkt_time":1741282764566214,"flow_dst_last_pkt_time":1741282764586788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":43552,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769926489,"flow_src_last_pkt_time":1741282769926489,"flow_dst_last_pkt_time":1741282770058949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":44684,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770053816,"flow_src_last_pkt_time":1741282770053816,"flow_dst_last_pkt_time":1741282770353643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"65.52.182.211","src_port":45104,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769787752,"flow_src_last_pkt_time":1741282769787752,"flow_dst_last_pkt_time":1741282769919328,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":45088,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774626161,"flow_src_last_pkt_time":1741282774626161,"flow_dst_last_pkt_time":1741282774882196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":39070,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769787752,"flow_src_last_pkt_time":1741282769787752,"flow_dst_last_pkt_time":1741282769919328,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":45088,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774626161,"flow_src_last_pkt_time":1741282774626161,"flow_dst_last_pkt_time":1741282774882196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":39070,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760041456,"flow_src_last_pkt_time":1741282760041456,"flow_dst_last_pkt_time":1741282760297592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.195.224.215","src_port":41692,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765025879,"flow_src_last_pkt_time":1741282765025879,"flow_dst_last_pkt_time":1741282765159206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"195.181.163.225","src_port":45530,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774623541,"flow_src_last_pkt_time":1741282774623541,"flow_dst_last_pkt_time":1741282774649095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":44962,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759563963,"flow_src_last_pkt_time":1741282759563963,"flow_dst_last_pkt_time":1741282759585597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":45624,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775425695,"flow_src_last_pkt_time":1741282775425695,"flow_dst_last_pkt_time":1741282775556725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46702,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765409487,"flow_src_last_pkt_time":1741282765409487,"flow_dst_last_pkt_time":1741282765540479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46825,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774623541,"flow_src_last_pkt_time":1741282774623541,"flow_dst_last_pkt_time":1741282774649095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":44962,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759563963,"flow_src_last_pkt_time":1741282759563963,"flow_dst_last_pkt_time":1741282759585597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":45624,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775425695,"flow_src_last_pkt_time":1741282775425695,"flow_dst_last_pkt_time":1741282775556725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46702,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765409487,"flow_src_last_pkt_time":1741282765409487,"flow_dst_last_pkt_time":1741282765540479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":46825,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775053839,"flow_src_last_pkt_time":1741282775053839,"flow_dst_last_pkt_time":1741282775291004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"65.52.182.211","src_port":47269,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764608860,"flow_src_last_pkt_time":1741282764608860,"flow_dst_last_pkt_time":1741282764743214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":37678,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759763400,"flow_src_last_pkt_time":1741282759763400,"flow_dst_last_pkt_time":1741282759895611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":47189,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764601255,"flow_src_last_pkt_time":1741282764601255,"flow_dst_last_pkt_time":1741282764620433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":46385,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759763400,"flow_src_last_pkt_time":1741282759763400,"flow_dst_last_pkt_time":1741282759895611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":47189,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764601255,"flow_src_last_pkt_time":1741282764601255,"flow_dst_last_pkt_time":1741282764620433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":46385,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764631000,"flow_src_last_pkt_time":1741282764631000,"flow_dst_last_pkt_time":1741282764673423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":38633,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282764753531,"flow_src_last_pkt_time":1741282764753531,"flow_dst_last_pkt_time":1741282764753531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"101.46.59.21","src_port":49407,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764812739,"flow_src_last_pkt_time":1741282764812739,"flow_dst_last_pkt_time":1741282764981417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":41578,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764812739,"flow_src_last_pkt_time":1741282764812739,"flow_dst_last_pkt_time":1741282764981417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":41578,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769585724,"flow_src_last_pkt_time":1741282769585724,"flow_dst_last_pkt_time":1741282769644907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.141.118","src_port":38514,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769977676,"flow_src_last_pkt_time":1741282769977676,"flow_dst_last_pkt_time":1741282770191348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":49395,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770640038,"flow_src_last_pkt_time":1741282770640038,"flow_dst_last_pkt_time":1741282770772066,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":38800,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -857,28 +857,28 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764596080,"flow_src_last_pkt_time":1741282764596080,"flow_dst_last_pkt_time":1741282764811233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":49704,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774786129,"flow_src_last_pkt_time":1741282774786129,"flow_dst_last_pkt_time":1741282774829790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":39684,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769596208,"flow_src_last_pkt_time":1741282769596208,"flow_dst_last_pkt_time":1741282769812847,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.176.100.180","src_port":49942,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760003636,"flow_src_last_pkt_time":1741282760003636,"flow_dst_last_pkt_time":1741282760185586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":42726,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760003636,"flow_src_last_pkt_time":1741282760003636,"flow_dst_last_pkt_time":1741282760185586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":42726,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760044606,"flow_src_last_pkt_time":1741282760044606,"flow_dst_last_pkt_time":1741282760181845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"195.181.163.225","src_port":48743,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760759034,"flow_src_last_pkt_time":1741282760759034,"flow_dst_last_pkt_time":1741282760886077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":39515,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770530686,"flow_src_last_pkt_time":1741282770530686,"flow_dst_last_pkt_time":1741282770640992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"138.199.41.102","src_port":44304,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760652134,"flow_src_last_pkt_time":1741282760652134,"flow_dst_last_pkt_time":1741282760764364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"138.199.41.102","src_port":44470,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774786777,"flow_src_last_pkt_time":1741282774786777,"flow_dst_last_pkt_time":1741282774918825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49432,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774786777,"flow_src_last_pkt_time":1741282774786777,"flow_dst_last_pkt_time":1741282774918825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49432,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764719696,"flow_src_last_pkt_time":1741282764719696,"flow_dst_last_pkt_time":1741282764761922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":40513,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764586361,"flow_src_last_pkt_time":1741282764586361,"flow_dst_last_pkt_time":1741282764648767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.141.118","src_port":40048,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770785345,"flow_src_last_pkt_time":1741282770785345,"flow_dst_last_pkt_time":1741282770878152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"154.93.36.41","src_port":39220,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774643970,"flow_src_last_pkt_time":1741282774643970,"flow_dst_last_pkt_time":1741282774843509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":37742,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764890022,"flow_src_last_pkt_time":1741282764890022,"flow_dst_last_pkt_time":1741282765019222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49819,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764890022,"flow_src_last_pkt_time":1741282764890022,"flow_dst_last_pkt_time":1741282765019222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"15.181.194.202","src_port":49819,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770197977,"flow_src_last_pkt_time":1741282770197977,"flow_dst_last_pkt_time":1741282770444881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.195.224.215","src_port":46603,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759863525,"flow_src_last_pkt_time":1741282759863525,"flow_dst_last_pkt_time":1741282760001607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"176.97.192.194","src_port":38961,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774876530,"flow_src_last_pkt_time":1741282774876530,"flow_dst_last_pkt_time":1741282775024502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.100.183.43","src_port":38399,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774885508,"flow_src_last_pkt_time":1741282774885508,"flow_dst_last_pkt_time":1741282775075963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":44646,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774885508,"flow_src_last_pkt_time":1741282774885508,"flow_dst_last_pkt_time":1741282775075963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":44646,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774608401,"flow_src_last_pkt_time":1741282774608401,"flow_dst_last_pkt_time":1741282774679576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.141.118","src_port":41457,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1741282725846703,"flow_src_last_pkt_time":1741282726010885,"flow_dst_last_pkt_time":1741282726030770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3130,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"104.16.159.112","src_port":37119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765813623,"flow_src_last_pkt_time":1741282765813623,"flow_dst_last_pkt_time":1741282765905473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"154.93.36.41","src_port":40633,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765039585,"flow_src_last_pkt_time":1741282765039585,"flow_dst_last_pkt_time":1741282765302452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":45875,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774880535,"flow_src_last_pkt_time":1741282774880535,"flow_dst_last_pkt_time":1741282775016725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"176.97.192.194","src_port":39594,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774573641,"flow_src_last_pkt_time":1741282774573641,"flow_dst_last_pkt_time":1741282774618585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49992,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759590462,"flow_src_last_pkt_time":1741282759590462,"flow_dst_last_pkt_time":1741282759612862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49995,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774573641,"flow_src_last_pkt_time":1741282774573641,"flow_dst_last_pkt_time":1741282774618585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49992,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759590462,"flow_src_last_pkt_time":1741282759590462,"flow_dst_last_pkt_time":1741282759612862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"18.185.151.243","src_port":49995,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774786171,"flow_src_last_pkt_time":1741282774786171,"flow_dst_last_pkt_time":1741282774838087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.98.151.3","src_port":39693,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759643789,"flow_src_last_pkt_time":1741282759643789,"flow_dst_last_pkt_time":1741282759839037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":39478,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759949678,"flow_src_last_pkt_time":1741282759949678,"flow_dst_last_pkt_time":1741282760204426,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":46392,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -886,13 +886,13 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282760212368,"flow_src_last_pkt_time":1741282760212368,"flow_dst_last_pkt_time":1741282760212368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"80.238.226.80","src_port":37131,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774652475,"flow_src_last_pkt_time":1741282774652475,"flow_dst_last_pkt_time":1741282774712543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":42845,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770567383,"flow_src_last_pkt_time":1741282770567383,"flow_dst_last_pkt_time":1741282770631880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"103.198.202.8","src_port":47410,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769626403,"flow_src_last_pkt_time":1741282769626403,"flow_dst_last_pkt_time":1741282769796107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45904,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759823498,"flow_src_last_pkt_time":1741282759823498,"flow_dst_last_pkt_time":1741282759995605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45941,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769626403,"flow_src_last_pkt_time":1741282769626403,"flow_dst_last_pkt_time":1741282769796107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45904,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759823498,"flow_src_last_pkt_time":1741282759823498,"flow_dst_last_pkt_time":1741282759995605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":45941,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774662330,"flow_src_last_pkt_time":1741282774662330,"flow_dst_last_pkt_time":1741282774857518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":37603,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770061265,"flow_src_last_pkt_time":1741282770061265,"flow_dst_last_pkt_time":1741282770231326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46201,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770061265,"flow_src_last_pkt_time":1741282770061265,"flow_dst_last_pkt_time":1741282770231326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46201,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282776047822,"flow_src_last_pkt_time":1741282776047822,"flow_dst_last_pkt_time":1741282776203250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.96.251.186","src_port":41618,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775053790,"flow_src_last_pkt_time":1741282775053790,"flow_dst_last_pkt_time":1741282775310953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"35.201.213.182","src_port":47574,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759623762,"flow_src_last_pkt_time":1741282759623762,"flow_dst_last_pkt_time":1741282759816302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46763,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759623762,"flow_src_last_pkt_time":1741282759623762,"flow_dst_last_pkt_time":1741282759816302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":46763,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1741282741893902,"flow_src_last_pkt_time":1741282741961377,"flow_dst_last_pkt_time":1741282741980382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":218,"flow_src_tot_l4_payload_len":2637,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"104.18.50.182","src_port":38726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769608426,"flow_src_last_pkt_time":1741282769608426,"flow_dst_last_pkt_time":1741282769744576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":43718,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765567730,"flow_src_last_pkt_time":1741282765567730,"flow_dst_last_pkt_time":1741282765631024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"103.198.202.8","src_port":48774,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -907,7 +907,7 @@ 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769910222,"flow_src_last_pkt_time":1741282769910222,"flow_dst_last_pkt_time":1741282770208905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"40.115.242.242","src_port":37942,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760645927,"flow_src_last_pkt_time":1741282760645927,"flow_dst_last_pkt_time":1741282760712099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"103.198.202.8","src_port":49429,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759606347,"flow_src_last_pkt_time":1741282759606347,"flow_dst_last_pkt_time":1741282759739092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":44547,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764625398,"flow_src_last_pkt_time":1741282764625398,"flow_dst_last_pkt_time":1741282764805710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":48031,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764625398,"flow_src_last_pkt_time":1741282764625398,"flow_dst_last_pkt_time":1741282764805710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":48031,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764661173,"flow_src_last_pkt_time":1741282764661173,"flow_dst_last_pkt_time":1741282764858230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":39502,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774829394,"flow_src_last_pkt_time":1741282774829394,"flow_dst_last_pkt_time":1741282774980501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.96.251.186","src_port":43597,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282770177008,"flow_src_last_pkt_time":1741282770177008,"flow_dst_last_pkt_time":1741282770177008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"80.238.226.80","src_port":40083,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -916,33 +916,33 @@ 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764592030,"flow_src_last_pkt_time":1741282764592030,"flow_dst_last_pkt_time":1741282764641922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.98.151.3","src_port":43608,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775807836,"flow_src_last_pkt_time":1741282775807836,"flow_dst_last_pkt_time":1741282775939502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":45757,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774608447,"flow_src_last_pkt_time":1741282774608447,"flow_dst_last_pkt_time":1741282774669980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.98.151.3","src_port":43795,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764635747,"flow_src_last_pkt_time":1741282764635747,"flow_dst_last_pkt_time":1741282764883214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":39858,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764988888,"flow_src_last_pkt_time":1741282764988888,"flow_dst_last_pkt_time":1741282765158009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49500,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764635747,"flow_src_last_pkt_time":1741282764635747,"flow_dst_last_pkt_time":1741282764883214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":39858,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764988888,"flow_src_last_pkt_time":1741282764988888,"flow_dst_last_pkt_time":1741282765158009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49500,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769562603,"flow_src_last_pkt_time":1741282769562603,"flow_dst_last_pkt_time":1741282769783576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":41423,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765448658,"flow_src_last_pkt_time":1741282765448658,"flow_dst_last_pkt_time":1741282765448658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.249.1.0","src_port":38354,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01107{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1741282769715796,"flow_src_last_pkt_time":1741282769751076,"flow_dst_last_pkt_time":1741282769801138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":169,"flow_dst_tot_l4_payload_len":2688,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"142.251.143.54","src_port":47302,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1741282769715796,"flow_src_last_pkt_time":1741282769751076,"flow_dst_last_pkt_time":1741282769801138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":169,"flow_dst_tot_l4_payload_len":2688,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"142.251.143.54","src_port":47302,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769799880,"flow_src_last_pkt_time":1741282769799880,"flow_dst_last_pkt_time":1741282770053942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49928,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769799880,"flow_src_last_pkt_time":1741282769799880,"flow_dst_last_pkt_time":1741282770053942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"52.77.92.200","src_port":49928,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759563993,"flow_src_last_pkt_time":1741282759563993,"flow_dst_last_pkt_time":1741282759754827,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":41825,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759634991,"flow_src_last_pkt_time":1741282759634991,"flow_dst_last_pkt_time":1741282759975308,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":40581,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759634991,"flow_src_last_pkt_time":1741282759634991,"flow_dst_last_pkt_time":1741282759975308,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":40581,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764845472,"flow_src_last_pkt_time":1741282764845472,"flow_dst_last_pkt_time":1741282765002918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.100.183.43","src_port":44138,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759746285,"flow_src_last_pkt_time":1741282759746285,"flow_dst_last_pkt_time":1741282759798315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.98.151.3","src_port":44605,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764566243,"flow_src_last_pkt_time":1741282764566243,"flow_dst_last_pkt_time":1741282764746215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":42232,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770215121,"flow_src_last_pkt_time":1741282770215121,"flow_dst_last_pkt_time":1741282770546037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":38445,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770215121,"flow_src_last_pkt_time":1741282770215121,"flow_dst_last_pkt_time":1741282770546037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":38445,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775565036,"flow_src_last_pkt_time":1741282775565036,"flow_dst_last_pkt_time":1741282775565036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.249.1.0","src_port":39378,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759713607,"flow_src_last_pkt_time":1741282759713607,"flow_dst_last_pkt_time":1741282759758820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":48039,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759845614,"flow_src_last_pkt_time":1741282759845614,"flow_dst_last_pkt_time":1741282760008816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.100.183.43","src_port":45045,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1741282731720400,"flow_src_last_pkt_time":1741282731778965,"flow_dst_last_pkt_time":1741282731797781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3122,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"104.18.53.166","src_port":42942,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769611238,"flow_src_last_pkt_time":1741282769611238,"flow_dst_last_pkt_time":1741282769653546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":48516,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765200277,"flow_src_last_pkt_time":1741282765200277,"flow_dst_last_pkt_time":1741282765441229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":39588,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765200277,"flow_src_last_pkt_time":1741282765200277,"flow_dst_last_pkt_time":1741282765441229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":39588,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282765173279,"flow_src_last_pkt_time":1741282765173279,"flow_dst_last_pkt_time":1741282765173279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"80.238.226.80","src_port":43221,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1741282743098457,"flow_src_last_pkt_time":1741282743122955,"flow_dst_last_pkt_time":1741282743149769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3657,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"2.19.126.219","src_port":43470,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1741282743098457,"flow_src_last_pkt_time":1741282743122955,"flow_dst_last_pkt_time":1741282743149769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3657,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"2.19.126.219","src_port":43470,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769704074,"flow_src_last_pkt_time":1741282769704074,"flow_dst_last_pkt_time":1741282769746006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"34.88.73.160","src_port":48995,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282764643916,"flow_src_last_pkt_time":1741282764643916,"flow_dst_last_pkt_time":1741282764838937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"129.227.244.38","src_port":46109,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282761133394,"flow_src_last_pkt_time":1741282761133394,"flow_dst_last_pkt_time":1741282761286379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.96.251.186","src_port":47203,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282761013128,"flow_src_last_pkt_time":1741282761013128,"flow_dst_last_pkt_time":1741282761122851,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"121.127.42.118","src_port":39583,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760892773,"flow_src_last_pkt_time":1741282760892773,"flow_dst_last_pkt_time":1741282760987365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"154.93.36.41","src_port":48846,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774635284,"flow_src_last_pkt_time":1741282774635284,"flow_dst_last_pkt_time":1741282774972742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":43680,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282774635284,"flow_src_last_pkt_time":1741282774635284,"flow_dst_last_pkt_time":1741282774972742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":43680,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765676991,"flow_src_last_pkt_time":1741282765676991,"flow_dst_last_pkt_time":1741282765805209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"23.90.172.130","src_port":49818,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1741282742765157,"flow_src_last_pkt_time":1741282742784575,"flow_dst_last_pkt_time":1741282742800935,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3127,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"104.16.159.112","src_port":45668,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GearUP_Booster","proto_id":"91.445","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769816957,"flow_src_last_pkt_time":1741282769816957,"flow_dst_last_pkt_time":1741282769969869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"98.96.251.186","src_port":48544,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -961,14 +961,14 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760768698,"flow_src_last_pkt_time":1741282760768698,"flow_dst_last_pkt_time":1741282760878732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"121.127.42.118","src_port":43033,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282765681557,"flow_src_last_pkt_time":1741282765681557,"flow_dst_last_pkt_time":1741282765788866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"121.127.42.118","src_port":43269,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760193204,"flow_src_last_pkt_time":1741282760193204,"flow_dst_last_pkt_time":1741282760367821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":48015,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760340868,"flow_src_last_pkt_time":1741282760340868,"flow_dst_last_pkt_time":1741282760582415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":44205,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282760340868,"flow_src_last_pkt_time":1741282760340868,"flow_dst_last_pkt_time":1741282760582415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":44205,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759982191,"flow_src_last_pkt_time":1741282759982191,"flow_dst_last_pkt_time":1741282760301552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"40.115.242.242","src_port":47617,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741282775243666,"flow_src_last_pkt_time":1741282775243666,"flow_dst_last_pkt_time":1741282775243666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"80.238.226.80","src_port":48934,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282770199258,"flow_src_last_pkt_time":1741282770199258,"flow_dst_last_pkt_time":1741282770377859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"20.237.164.226","src_port":49305,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769635425,"flow_src_last_pkt_time":1741282769635425,"flow_dst_last_pkt_time":1741282769904599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":48164,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775279576,"flow_src_last_pkt_time":1741282775279576,"flow_dst_last_pkt_time":1741282775541518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":45605,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282769635425,"flow_src_last_pkt_time":1741282769635425,"flow_dst_last_pkt_time":1741282769904599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"3.114.197.210","src_port":48164,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282775279576,"flow_src_last_pkt_time":1741282775279576,"flow_dst_last_pkt_time":1741282775541518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"13.124.213.54","src_port":45605,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1741282759659088,"flow_src_last_pkt_time":1741282759659088,"flow_dst_last_pkt_time":1741282759855814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":4,"midstream":0,"thread_ts_usec":1741282776203250,"l3_proto":"ip4","src_ip":"192.168.3.23","dst_ip":"194.110.134.13","src_port":49487,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GearUP_Booster","proto_id":"445","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":424,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22436,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":191,"total-detection-updates":5,"total-updates":1,"current-active-flows":0,"total-active-flows":192,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":971,"global_ts_usec":1741282776203250} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/gearup_booster.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":424,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22436,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":191,"total-detection-updates":5,"total-updates":1,"current-active-flows":0,"total-active-flows":192,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":971,"global_ts_usec":1741282776203250} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 424/424 ~~ skipped flows.............: 0 @@ -977,9 +977,9 @@ ~~ total active/idle flows...: 192/192 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9168583 bytes -~~ total memory freed........: 9168583 bytes -~~ total allocations/frees...: 143084/143084 +~~ total memory allocated....: 9939069 bytes +~~ total memory freed........: 9939069 bytes +~~ total allocations/frees...: 157050/157050 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 2222 chars diff --git a/test/results/default/geforcenow.pcapng.out b/test/results/default/geforcenow.pcapng.out index f25191f6d..bc6b93c49 100644 --- a/test/results/default/geforcenow.pcapng.out +++ b/test/results/default/geforcenow.pcapng.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1684671871380890} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1684671871380890} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871380890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871380890,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871380890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1684671871380890,"pkt":"ILAB4IZiNObXAhsnCABFAAA8bnNAAEAGEYnAqAH1UFSnzuCSv8zOL1q0AAAAAKAC+vC67gAAAgQFtAQCCAp\/iNNhAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871422093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1684671871422093,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAAC4GkfxQVKfOwKgB9b\/M4JLTvM+Mzi9ataAS\/ojy\/AAAAgQFtAQCCAq2cyW7f4jTYQEDAwo="} @@ -22,7 +22,7 @@ 02307{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872714424,"flow_dst_last_pkt_time":1684671872714517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":2033,"midstream":0,"thread_ts_usec":1684671872714517,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":64764.7,"max":689508,"stddev":136017.0,"var":18500616192.0,"ent":3.2,"data": [66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261]},"pktlen": {"min":53,"avg":156.4,"max":689,"stddev":133.9,"var":17933.5,"ent":4.7,"data": [124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105]},"bins": {"c_to_s": [0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1],"entropies": [5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956]},"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":33,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872721652,"flow_dst_last_pkt_time":1684671872745627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":1180,"flow_src_tot_l4_payload_len":2573,"flow_dst_tot_l4_payload_len":15508,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671872718418,"flow_dst_last_pkt_time":1684671871771400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":6969,"flow_dst_tot_l4_payload_len":38102,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":108,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1684671872745627} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":108,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1684671872745627} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 108/108 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8788805 bytes -~~ total memory freed........: 8788805 bytes -~~ total allocations/frees...: 140675/140675 +~~ total memory allocated....: 9553244 bytes +~~ total memory freed........: 9553244 bytes +~~ total allocations/frees...: 154642/154642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 4444 chars diff --git a/test/results/default/genshin-impact.pcap.out b/test/results/default/genshin-impact.pcap.out index 1b8b04a4b..f89a4b45c 100644 --- a/test/results/default/genshin-impact.pcap.out +++ b/test/results/default/genshin-impact.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1615497372822667} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1615497372822667} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1615497372822667,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1615497372822667,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1615497372822667,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1615497372883763,"flow_dst_last_pkt_time":1615497372843789,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_usec":1615497372883763,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1615497372883763,"flow_dst_last_pkt_time":1615497372914092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1615497372914092,"pkt":"YDjgxTWgeJS0JASgCABFAACCK5BAADcRlYQv9Y9VwKgCZFZV5Y4Abu3mMhgDABWiDTpSAAABg6QlIwAAAAACAAAAAAAAADIYAwAVog06UgAAAYOkJSMBAAAAAgAAAAAAAAAyGAMAFaINOlEAAAHepCUjAAAAAAIAAAASAAAA6MqpBXDmSov1t3fu\/jnV8Vij"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1615497372922682,"flow_dst_last_pkt_time":1615497372914092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1615497372922682,"pkt":"eJS0JASgYDjgxTWgCABFAAA4+mEAAD8R\/vzAqAJkL\/WPVeWOVlUAJJKtMhgDABWiDTpSAAAB3qQlIwAAAAABAAAAAAAAAA=="} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1617969465739661} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1617969465739661} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1617969465739661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1617969465739661,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1617969465739661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1617969465796897,"flow_dst_last_pkt_time":1617969465822356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1617969465822356,"pkt":"YDjgxTWgeJS0JASgCABFAAA4mnVAADcRDMgv\/qltwKgCZFZW5wkAJNCqrCICAM3EmrpSAAABbMl+tgAAAAABAAAAAAAAAA=="} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1617969465796897,"flow_dst_last_pkt_time":1617969466442121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1617969466442121,"pkt":"YDjgxTWgeJS0JASgCABFAADDnBFAADcRCqEv\/qltwKgCZFZW5wkAr58vrCICAM3EmrpRAAABP8x+tgAAAAABAAAAiwAAAOjKqWVw7UqL9cV3tYWQZx8+3lVfAt\/cHNmWKr5HDFui7AF186oJD92EHtODJcp3zBYr48tD1h1Wy1znPkPfrQyOdDY0xX4woCkAFe\/M0qGOOXqx5KQ032vvPu3M8qe6WA1GLKlWVI5iU9E1q9MYvSH7QLzYypooMZ9tX0Ab4QCSgJ54yulHLEquC+U="} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497374420722,"flow_dst_last_pkt_time":1615497374454886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":606,"flow_dst_max_l4_payload_len":1181,"flow_src_tot_l4_payload_len":1075,"flow_dst_tot_l4_payload_len":3232,"midstream":0,"thread_ts_usec":1617969467485845,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1618759616491441} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1618759616491441} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618759616491441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1618759616491441,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618759616491441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1618759616572945,"flow_dst_last_pkt_time":1618759616601044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1618759616601044,"pkt":"YDjgxTWgeJS0JASgCABFAACCBNZAADYRLfkI0UW\/wKgCZFZVzV8AbgXrXPECABn4gxJSAAAB+IeX5QAAAAACAAAAAAAAAFzxAgAZ+IMSUgAAAfiHl+UBAAAAAgAAAAAAAABc8QIAGfiDElEAAAFMiJflAAAAAAIAAAASAAAA6MqpBXDmSov1t3ei1GLU8Vij"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1618759616612938,"flow_dst_last_pkt_time":1618759616601044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1618759616612938,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/jQAAD8Ra+TAqAJkCNFFv81fVlUAJJbpXPECABn4gxJSAAABTIiX5QAAAAABAAAAAAAAAA=="} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969467485845,"flow_dst_last_pkt_time":1617969467482889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":298,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":943,"midstream":0,"thread_ts_usec":1618759618761347,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1650541441246000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1650541441246000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441246000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650541441246000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441246000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650541441246000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hmVAAD8GAmXAqAJkMTO+spuOAFDYKxQrAAAAAKAC\/\/\/VsQAAAgQFtAQCCAoNnimHAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441413000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650541441413000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GmdIxM76ywKgCZABQm44lLXPY2CsULIAScUgpvgAAAgQFhgEBBAIBAwMC"} @@ -34,7 +34,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441416000,"flow_dst_last_pkt_time":1650541441413000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650541441416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1650541441416000,"flow_dst_last_pkt_time":1650541441582000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650541441582000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo12pAAC4GwnMxM76ywKgCZABQm44lLXPZ2CsUVlAQHFK\/KQAAAAAAAAAA"} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759618715293,"flow_dst_last_pkt_time":1618759618761347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":606,"flow_dst_max_l4_payload_len":354,"flow_src_tot_l4_payload_len":1681,"flow_dst_tot_l4_payload_len":964,"midstream":0,"thread_ts_usec":1650541441932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1650813582412000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1650813582412000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582412000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650813582412000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582412000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650813582412000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8XGBAAD8GNXTAqAJkMTO1qJsGAFBg5zJJAAAAAKAC\/\/\/zjAAAAgQFtAQCCAo+Nj3MAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650813582583000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZABQmwaucKQhYOcySoAScUjS6QAAAgQFhgEBBAIBAwMC"} @@ -43,7 +43,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813582588000,"flow_dst_last_pkt_time":1650813582583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650813582588000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1650813582588000,"flow_dst_last_pkt_time":1650813582759000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650813582759000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoY7JAAC4GPzYxM7WowKgCZABQmwaucKQiYOcydFAQHFJoVQAAAAAAAAAA"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441932000,"flow_dst_last_pkt_time":1650541441930000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1414,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1788,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1650813583121000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1655043605088000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1655043605088000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043605088000,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605088000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043605088000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605088000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655043605088000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8y9BAAD8GxgPAqAJkMTO1qLC+Jxyp+mQnAAAAAKAC\/\/\/OLAAAAgQFtAQCCArRkRhbAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605260000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043605260000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZCccsL7ZMHkgqfpkKIAScUgbtQAAAgQFhgEBBAIBAwMC"} @@ -53,7 +53,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1655043605265000,"flow_dst_last_pkt_time":1655043605436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655043605436000,"pkt":"YDjgxTWgeJS0JASgCABFAAAocDRAAC4GMrQxM7WowKgCZCccsL7ZMHkhqfpkUlAQHFKxIAAAAAAAAAAA"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655043605088000,"flow_src_last_pkt_time":1655043605840000,"flow_dst_last_pkt_time":1655043606011000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":492,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1655043606011000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813583121000,"flow_dst_last_pkt_time":1650813583117000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1414,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1821,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1655043606011000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":90,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1655043606011000} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":90,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1655043606011000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 ~~ skipped flows.............: 0 @@ -62,9 +62,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8665810 bytes -~~ total memory freed........: 8665810 bytes -~~ total allocations/frees...: 140683/140683 +~~ total memory allocated....: 9430344 bytes +~~ total memory freed........: 9430344 bytes +~~ total allocations/frees...: 154649/154649 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1121 chars diff --git a/test/results/default/git.pcap.out b/test/results/default/git.pcap.out index 493ebde3c..ec38b6f9c 100644 --- a/test/results/default/git.pcap.out +++ b/test/results/default/git.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1460821630164056} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1460821630164056} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630164056,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460821630164056,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630164056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460821630164056,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630221958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460821630221958,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="} @@ -9,7 +9,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1460821630222080,"flow_dst_last_pkt_time":1460821630278031,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1460821630278031,"pkt":"PJcOZtCOnJcm0ghCCABFCAA0J+9AAC8GdikFmecVwKgATSTKu3dqwE5WfoYLioAQAHLGLwAAAQEICiuNabkBp0gh"} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821630544728,"flow_dst_last_pkt_time":1460821630545903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":605,"flow_dst_tot_l4_payload_len":19825,"midstream":0,"thread_ts_usec":1460821630545903,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":24597.4,"max":99851,"stddev":28614.0,"var":818762240.0,"ent":3.8,"data": [57902,57964,60,56073,43848,99851,54739,54730,537,49455,48900,45519,29,17836,63404,1849,203,2031,860,202,1063,209,208,710,439,1139,50571,205,50785,547,651]},"pktlen": {"min":52,"avg":690.9,"max":2932,"stddev":773.9,"var":598945.8,"ent":4.1,"data": [60,60,52,121,52,253,52,948,52,579,52,61,52,60,1492,52,1492,1492,52,1492,1492,52,2932,52,1492,1492,52,1492,1492,52,1492,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1],"entropies": [4.739262104,5.279368877,5.115703106,5.628006458,5.195351124,5.731617451,5.115702629,4.962421417,5.154164791,5.045848370,5.195351601,5.288749218,5.233812809,5.389901161,4.890160084,5.154164791,6.262699604,7.849300385,5.154164791,7.861139297,7.866855145,5.154164791,7.887691021,5.024262905,7.851975918,7.853373528,5.154164791,7.871936798,7.800623894,5.115703106,7.834641933,7.837094784]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","proto_id":"226","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":49,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821631220936,"flow_dst_last_pkt_time":1460821631269756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":605,"flow_dst_tot_l4_payload_len":67444,"midstream":0,"thread_ts_usec":1460821631269756,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","proto_id":"226","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":90,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1460821631269756} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":90,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1460821631269756} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647448 bytes -~~ total memory freed........: 8647448 bytes -~~ total allocations/frees...: 140623/140623 +~~ total memory allocated....: 9411822 bytes +~~ total memory freed........: 9411822 bytes +~~ total allocations/frees...: 154589/154589 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 2176 chars diff --git a/test/results/default/glbp.pcapng.out b/test/results/default/glbp.pcapng.out index 3aa816f3e..7d2c0132d 100644 --- a/test/results/default/glbp.pcapng.out +++ b/test/results/default/glbp.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1213876152935412} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1213876152935412} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213876152935412,"flow_src_last_pkt_time":1213876152935412,"flow_dst_last_pkt_time":1213876152935412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213876152935412,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"224.0.0.102","src_port":3222,"dst_port":3222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1213876152935412,"flow_dst_last_pkt_time":1213876152935412,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1213876152935412,"pkt":"AQBeAABmwgB8uAAACABFwABEAAAAAP8RGdDAqAAK4AAAZgyWDJYAMNR8AQAAAQAAwgB8uAAAARwAIADIAAAAAAu4AAAnEAJYOEAAAAEEwKgAAQ=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213876152935412,"flow_src_last_pkt_time":1213876152935412,"flow_dst_last_pkt_time":1213876152935412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213876152935412,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"224.0.0.102","src_port":3222,"dst_port":3222,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GLBP","proto_id":"452","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -13,7 +13,7 @@ 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213876153471387,"flow_src_last_pkt_time":1213876153471387,"flow_dst_last_pkt_time":1213876153471387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213876153471463,"l3_proto":"ip4","src_ip":"192.168.0.30","dst_ip":"224.0.0.102","src_port":3222,"dst_port":3222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GLBP","proto_id":"452","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213876152935412,"flow_src_last_pkt_time":1213876152935412,"flow_dst_last_pkt_time":1213876152935412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213876153471463,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"224.0.0.102","src_port":3222,"dst_port":3222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GLBP","proto_id":"452","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1213876153463383,"flow_src_last_pkt_time":1213876153463383,"flow_dst_last_pkt_time":1213876153471463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1213876153471463,"l3_proto":"ip4","src_ip":"192.168.0.30","dst_ip":"192.168.0.10","src_port":3222,"dst_port":3222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GLBP","proto_id":"452","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1213876153471463} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/glbp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1213876153471463} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649774 bytes -~~ total memory freed........: 8649774 bytes -~~ total allocations/frees...: 140557/140557 +~~ total memory allocated....: 9414212 bytes +~~ total memory freed........: 9414212 bytes +~~ total allocations/frees...: 154523/154523 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 555 chars ~~ json message max len.......: 969 chars diff --git a/test/results/default/gnutella.pcap.out b/test/results/default/gnutella.pcap.out index ff99452ca..fc877bfdb 100644 --- a/test/results/default/gnutella.pcap.out +++ b/test/results/default/gnutella.pcap.out @@ -1,4 +1,4 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00269{"error_event_id":4,"error_event_name":"Packet too short","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":22,"packet_id":1,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","size":4,"expected":14,"global_ts_usec":22} 00278{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":4,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":22,"pkt":"AAAAAA=="} 00704{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":9752391,"flow_src_last_pkt_time":9752391,"flow_dst_last_pkt_time":9752391,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":9752391,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -1405,7 +1405,7 @@ 01472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":2,"flow_src_last_pkt_time":95923657,"flow_dst_last_pkt_time":96048683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_usec":96048683,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBQAAEARafBJ+rPtCgACD1FwcAkC30eYWMIxAuib5nRI0KcHRTGrFEQAAMACAAAGR1RLRwAA1jyfIL1wKx4dMkSe+\/yFksXUYD4ESfqz7VFwAQAAAASK6DCmFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1265,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":96049643,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":96049643,"pkt":"UlQAEjUCCAAn5uVZCABFAABtwDYAAIARi2oKAAIPU6CPMHAJkKwAWa9gWsoxAsGbN6aupxEpyf\/jN0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1265,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":96049643,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1265,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":96049643,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049781,"flow_src_last_pkt_time":96049781,"flow_dst_last_pkt_time":96049781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":96049781,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_src_last_pkt_time":96049781,"flow_dst_last_pkt_time":96049781,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":96049781,"pkt":"UlQAEjUCCAAn5uVZCABFAABtFDIAAIARzrMKAAIPZAHninAJ3O4AWZFZFoUxAuK7tbNnNS+8oB5EGUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049781,"flow_src_last_pkt_time":96049781,"flow_dst_last_pkt_time":96049781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":96049781,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} @@ -1867,7 +1867,7 @@ 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2225,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122468,"flow_src_last_pkt_time":134428222,"flow_dst_last_pkt_time":101122468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":153295108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2225,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122346,"flow_src_last_pkt_time":134428360,"flow_dst_last_pkt_time":101122346,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":153295108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2225,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95893440,"flow_src_last_pkt_time":95893440,"flow_dst_last_pkt_time":95893440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":153295108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} -01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2225,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":153295108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} +01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2225,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":153295108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2225,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":101122636,"flow_src_last_pkt_time":123877109,"flow_dst_last_pkt_time":123911503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":2181,"midstream":0,"thread_ts_usec":153295108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2225,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":96049954,"flow_src_last_pkt_time":129345403,"flow_dst_last_pkt_time":96049954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":153295108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01082{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2225,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95923657,"flow_src_last_pkt_time":139669839,"flow_dst_last_pkt_time":139892044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":153295108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} @@ -2262,7 +2262,7 @@ 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122346,"flow_src_last_pkt_time":134428360,"flow_dst_last_pkt_time":101122346,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01082{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":168555545,"flow_src_last_pkt_time":176659427,"flow_dst_last_pkt_time":176694176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95893440,"flow_src_last_pkt_time":95893440,"flow_dst_last_pkt_time":95893440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} -01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} +01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":101122636,"flow_src_last_pkt_time":168321077,"flow_dst_last_pkt_time":168840075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":2413,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":96049954,"flow_src_last_pkt_time":129345403,"flow_dst_last_pkt_time":96049954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01082{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95923657,"flow_src_last_pkt_time":139669839,"flow_dst_last_pkt_time":139892044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} @@ -3001,7 +3001,7 @@ 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95893440,"flow_src_last_pkt_time":95893440,"flow_dst_last_pkt_time":95893440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":191702410,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} -01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} +01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":253023892,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":71536330,"flow_src_last_pkt_time":243620132,"flow_dst_last_pkt_time":243855304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} @@ -3962,7 +3962,7 @@ 00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974915,"flow_src_last_pkt_time":61974915,"flow_dst_last_pkt_time":149634723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95893440,"flow_src_last_pkt_time":95893440,"flow_dst_last_pkt_time":95893440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95754317,"flow_src_last_pkt_time":95754317,"flow_dst_last_pkt_time":95754317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} -01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} +01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} 01109{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975321,"flow_src_last_pkt_time":61975321,"flow_dst_last_pkt_time":149634575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00745{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975321,"flow_src_last_pkt_time":61975321,"flow_dst_last_pkt_time":149634575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -6622,7 +6622,7 @@ 00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3901,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":599426218,"flow_src_last_pkt_time":599426218,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599426218,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3902,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":2,"flow_src_last_pkt_time":599529292,"flow_dst_last_pkt_time":599415510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_usec":599529292,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3903,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":2,"flow_src_last_pkt_time":599747316,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_usec":599747316,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"} -00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3904,"packets-processed":3882,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":18,"total-guessed-flows":0,"total-detected-flows":712,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6625,"global_ts_usec":600247140} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3904,"packets-processed":3882,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":18,"total-guessed-flows":0,"total-detected-flows":712,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6625,"global_ts_usec":600247140} 00896{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":12513795,"flow_src_last_pkt_time":14765980,"flow_dst_last_pkt_time":12513795,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":599325330,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":595449220,"flow_src_last_pkt_time":598465934,"flow_dst_last_pkt_time":595449220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":274,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} @@ -6863,7 +6863,7 @@ 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65063303,"flow_src_last_pkt_time":74092991,"flow_dst_last_pkt_time":65063303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00999{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71204511,"flow_src_last_pkt_time":80232141,"flow_dst_last_pkt_time":71204511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71204511,"flow_src_last_pkt_time":80232141,"flow_dst_last_pkt_time":71204511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3905,"packets-processed":3882,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":89,"total-guessed-flows":0,"total-detected-flows":712,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6866,"global_ts_usec":600247226} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3905,"packets-processed":3882,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":89,"total-guessed-flows":0,"total-detected-flows":712,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6866,"global_ts_usec":600247226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3905/3882 ~~ skipped flows.............: 0 @@ -6872,9 +6872,9 @@ ~~ total active/idle flows...: 801/801 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10822907 bytes -~~ total memory freed........: 10822907 bytes -~~ total allocations/frees...: 153458/153458 +~~ total memory allocated....: 11612881 bytes +~~ total memory freed........: 11612881 bytes +~~ total allocations/frees...: 167424/167424 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 274 chars ~~ json message max len.......: 2354 chars diff --git a/test/results/default/google_chat.pcapng.out b/test/results/default/google_chat.pcapng.out index 914bb9450..180f513a8 100644 --- a/test/results/default/google_chat.pcapng.out +++ b/test/results/default/google_chat.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1704623922342164} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1704623922342164} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922342164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704623922342164,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922342164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1704623922342164,"pkt":"SKmKCiNt8C90rUP1CABFAAA8Y99AAEAGLO7AqFjnjvsBZLRcAbvnTZHrAAAAAKACfXiqHQAAAgQFtAQCCAoK8tkcAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922362193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1704623922362193,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAAHoGVs2O+wFkwKhY5wG7tFxjuRz6502R7KAS\/\/+xnQAAAgQFhAQCCAqcHrxfCvLZHAEDAwg="} @@ -9,7 +9,7 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1704623922383034,"pkt":"8C90rUP1SKmKCiNtCABFAAA0sD0AAHoG5peO+wFkwKhY5wG7tFxjuRz7502Ug4AQAQbccwAAAQEICpwevHQK8tkx"} 01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1704623922383651,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"chat.google.com","domainame":"chat.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1704623922383651,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1704623922383651} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1704623922383651} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8651937 bytes -~~ total memory freed........: 8651937 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9416311 bytes +~~ total memory freed........: 9416311 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 1450 chars diff --git a/test/results/default/google_meet.pcapng.out b/test/results/default/google_meet.pcapng.out index 4da8ab52a..639de3e6f 100644 --- a/test/results/default/google_meet.pcapng.out +++ b/test/results/default/google_meet.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1703652259039627} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1703652259039627} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259039627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703652259039627,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259039627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703652259039627,"pkt":"SKmKCiNt8C90rUP1CABFAAA8yC9AAEAGYdXAqFjnrcJJZakEAbv5xd30AAAAAKACfXgQ5gAAAgQFtAQCCAoH2CG3AAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259056157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703652259056157,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAAHoG8AStwkllwKhY5wG7qQQhsMvn+cXd9aAS\/\/9kSwAAAgQFhAQCCAr2okLXB9ghtwEDAwg="} @@ -17,7 +17,7 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1703652259281814,"flow_dst_last_pkt_time":1703652259281787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1703652259281814,"pkt":"SKmKCiNt8C90rUP1CABFAABDWL5AAEAR0TTAqFjnrcJJZefpAbsALxD44wAAAAEI4xgnxg0H7jsAQBY\/UHCZ5amHNV483U22omo4yv0J4LBc"} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259073582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":535,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":535,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1703652259298957,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMeet","proto_id":"91.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1703652259263021,"flow_src_last_pkt_time":1703652259281814,"flow_dst_last_pkt_time":1703652259298957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":1289,"flow_dst_tot_l4_payload_len":5000,"midstream":0,"thread_ts_usec":1703652259298957,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":59369,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleMeet","proto_id":"188.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"meet.google.com"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1703652259298957} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1703652259298957} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8666522 bytes -~~ total memory freed........: 8666522 bytes -~~ total allocations/frees...: 140584/140584 +~~ total memory allocated....: 9430928 bytes +~~ total memory freed........: 9430928 bytes +~~ total allocations/frees...: 154550/154550 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2224 chars diff --git a/test/results/default/google_ssl.pcap.out b/test/results/default/google_ssl.pcap.out index 630874fbd..a0061dd28 100644 --- a/test/results/default/google_ssl.pcap.out +++ b/test/results/default/google_ssl.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434443394683939} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434443394683939} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394683939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434443394683939,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394683939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1434443394683939,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394717671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1434443394717671,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"} @@ -8,7 +8,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1434443394995795,"flow_dst_last_pkt_time":1434443395030206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1434443395030206,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAoeX0AADMGsbTYOtRkrB8D4AG7p1PuIxEUemdzaVAQp5QVigAAAAAAAAAA"} 00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443401353810,"flow_dst_last_pkt_time":1434443401308882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":6924,"midstream":0,"thread_ts_usec":1434443401353810,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00790{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443401353810,"flow_dst_last_pkt_time":1434443401308882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":6924,"midstream":0,"thread_ts_usec":1434443401353810,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1434443401353810} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1434443401353810} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647803 bytes -~~ total memory freed........: 8647803 bytes -~~ total allocations/frees...: 140565/140565 +~~ total memory allocated....: 9412177 bytes +~~ total memory freed........: 9412177 bytes +~~ total allocations/frees...: 154531/154531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 942 chars diff --git a/test/results/default/googledns_android10.pcap.out b/test/results/default/googledns_android10.pcap.out index 3282313f1..de21da6da 100644 --- a/test/results/default/googledns_android10.pcap.out +++ b/test/results/default/googledns_android10.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592552824409182} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592552824409182} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552824409182,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552824409182,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824409182,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592552824632762,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824632762,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"} @@ -74,7 +74,7 @@ 02348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553013061132,"flow_dst_last_pkt_time":1592553013091250,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":5862,"midstream":0,"thread_ts_usec":1592553013091250,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":78,"avg":389623.4,"max":5703762,"stddev":1387530.2,"var":1925240193024.0,"ent":1.5,"data": [14386,41870,9180,49912,17551,119,78,32502,535,103,15369,30822,15661,19948,22571,85476,5640736,5703762,20528,7552,6167,13685,17563,31103,85377,103703,33240,18803,6257,16181,17586]},"pktlen": {"min":52,"avg":268.2,"max":1470,"stddev":356.7,"var":127227.7,"ent":4.1,"data": [60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551]},"bins": {"c_to_s": [9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1],"entropies": [4.338340282,5.027645111,4.884933472,5.431665897,4.776611805,7.047077656,7.517809868,7.078123569,4.923395157,4.961856842,4.884933472,5.934261322,7.043113232,6.764406681,4.891996861,7.507923126,5.000318527,6.783365250,4.853535175,6.745207787,7.564836025,4.961856842,4.815073490,7.579652309,4.808010578,6.780797958,4.587473392,6.752651691,7.539085865,4.961856842,4.878231525,7.529703617]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01154{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":65,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552996489587,"flow_dst_last_pkt_time":1592552996502369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":5210,"flow_dst_tot_l4_payload_len":14618,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":121,"flow_dst_packets_processed":120,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553079303170,"flow_dst_last_pkt_time":1592553079299653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":11059,"flow_dst_tot_l4_payload_len":37798,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":532,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1592553079303170} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":532,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1592553079303170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 532/532 ~~ skipped flows.............: 0 @@ -83,9 +83,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8715974 bytes -~~ total memory freed........: 8715974 bytes -~~ total allocations/frees...: 141213/141213 +~~ total memory allocated....: 9480671 bytes +~~ total memory freed........: 9480671 bytes +~~ total allocations/frees...: 155182/155182 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 2353 chars diff --git a/test/results/default/gquic.pcap.out b/test/results/default/gquic.pcap.out index 63bc0dbce..51cc031f1 100644 --- a/test/results/default/gquic.pcap.out +++ b/test/results/default/gquic.pcap.out @@ -1,10 +1,10 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591876186378535} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591876186378535} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1591876186378535,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"} 01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","quic": {"quic_version":"Q050"}}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1591876186378535} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1591876186378535} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655221 bytes -~~ total memory freed........: 8655221 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9419562 bytes +~~ total memory freed........: 9419562 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 2348 chars diff --git a/test/results/default/gquic_only_from_server.pcap.out b/test/results/default/gquic_only_from_server.pcap.out index 5047bba85..c38238b62 100644 --- a/test/results/default/gquic_only_from_server.pcap.out +++ b/test/results/default/gquic_only_from_server.pcap.out @@ -1,5 +1,5 @@ -00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251989197119} +00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251989197119} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989197119,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4qFAglQtqrsDUxewFr5JIXeWAY6RF86CpAAQOlAQAGAKABAltSRUoABwAAAFNUSwA4AAAAU05PAGwAAABQUk9GbAEAAFNDRkfzAQAAUlJFSvcBAABTVFRM\/wEAAENSVP8bAgAAT7lEuqmgqtYH+ijEiKaPQIy+ZChskOUCQEOXCVQHODgEUDi4gK+Y2fknYCMPTuXF5o7P1p2Q09HWj67E\/GVB22m2zd3BwWxvWGnHbEMibFDsKh7Y\/Frv41cGn7hjXqEcbAsNpcVd7dzeyErmKzuNIO0vP5FIw0+Q18PdyZGT3x5dWqDzeh010yoNKDztLTRTGgLmFqmPSHrDGNj0ZjRIJ5YLMvzSsofddd\/pmSWWU\/br7MLE0U3uy5GheQ5rsuvfCxr\/3wS5OodpK\/U6uXoiWDCp\/9jJhgLW1RH8KH+AsqOcR83lhenQiRYYWJ7UcXeHR72CiYaDsMjStdV6yUsD2KUn3OuVTfPYSZOd0CfePbKnOIouDsGc7zpamsdSnCTdELRk5aZqs2Bks\/aS0+qcPSL+nMD5wTfTmv6hbPMmnqhE75+hj5BLcSaQVPfTdSHo82q2odiSmYlJ6syER6cP9lc6uWo6jxmhn29mPlNDRkcGAAAAQUVBRAgAAABTQ0lEGAAAAFBVQlM7AAAAS0VYUz8AAABPQklURwAAAEVYUFlPAAAAQUVTR0NDMjANAns7u4LJoHrRQPcY9PuYIAAA4D7eqlM679heUJOOpLBttHaQi+6STlpRUkjX5oqSpndDMjU1GjfRB2GCZa2q1+liAAAAAA0AAABUjOgAAAAAAAIjIdJ88ECivwIeTWKjZk57pwLCmOM1SIo0xwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} @@ -8,7 +8,7 @@ 02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4fIQAFXUInh+Nj46SUAklw7faHf2lL9QCzuRO2td6KNKev\/JAr5eYL9lbo6W7jpopveWBQmWLK\/fr+P6D32bulPZ1TfPYQWzoAa9AwZxwvKH7I0RRXjumRndqUFv2dzEysBdzscsuwCtuQig8EBcrgyhirTLG5oXc4aw8zCyni5+Ov3z15t5jbII4zM9bYLybkdJyMYG4X3cMqIlfoPiOYEKKb3u7c3FpUt+feGrTXJ+OGCzmC9UwL6My0kVjrRblnPCYv18Vc27CawuoN6Hc7yzsZ5JDxa+vP6Mjhwi0kfo+Mhh57CRwmahnAvlT4gBXgrcZbKRC+SZbL7i\/YuEY+IpYnfadX27oIHnX1fWz\/V420PqUI7e95pehRMQZ6t6EHIhSwQQQsZAt3KoIErSCjrSeWoo2BmqsG3YQEYg1M0X55ZRl2L38k2ISSv34XlgzWOf3f+MddKHNUwyNXGc8KZppw8FF9qo9UTRB46k0OJypFH+fW92hUuO5vZdaM4zsIT66YcJBKGqNkD\/VBer\/jx5GJVGfplZHgYjiDI38PF8Bo4z89DoeXKcVEGPnQk6TZcCO0YZbjPEsApoYfIeVKzouW\/o3A9PYEjSEXi5EPMlZQs4pi5l+jJz31+mq0VAI5j2CT4vJoFQT8ilbKMSgYlqpHl7+qbW85929Fr436\/KEx1MrKk75ShODFrcxTxXvgg8NKYT6SPGNBWa7fHkd12VRwAmTSQFAGc2ZfMVD4sPtrL0PSqapPxeO\/S3HlmtTYXHaEZIETuHHfZS3qfkPtV6MK+OGOHZlzjaYR9qi4NxDwM+nSx3MusIV0GrwCounlN1Qf1XbGFqK27rbvFzhA6dgYSVf5Qmb9HT58ff3INYOVFOLwRdnBI0YDTKk+O6czdlW3XVUQ5s2GorzADWyzZTY7PbgEJIn7poFIn9uUVTp5UAJMqDLpblGRBUOCJVenp+CgORIPzH10Ws3e09dvA\/f\/bvHxBWpQalg425S5DVD6cL0yGLZPTUIi3Kcu+cJjnO1G5NQLzpSx7IWXxnSk86S71vtGsqOU86H4f\/ksGHQV9A8p6t\/poWk\/tBKOdID\/dEjW4bXAJT0H+2Q2schG601Imnywksf\/f8THazPOEcCN2dDDQuzs3BWJIFBXhX1cwBVWK2PrQ\/E\/TKr+5z9adr8icv2Hu0UuOj3nz7WVuDBmrb2spouZtb5jOxb\/vYtE3DwxmOOFHKlG7eYLzJTXnA2oyp2XLYqdMdvIxb+0Nmy\/CEpdguWPdvFdgjb4wl0RhMZU7u7Mp39Zxb5X2cDd9SYHS0jVLXqEPphDaT+6VxcXBI+2kSKRAuycjV0Dxcj+OYZhIl6N1iF07WojGOCnnA5474iE\/B4xwl4XNFqJbOV+IiDf\/Fqh4yrj1qYwsbNhv4zuatsKfNSjxxwMmSLEXcedHxAQNf3A9fwD64CRauPnxtI8iXLYEogGOjX3zJBMF6oy7VGxEyCVt1hG2PWmBSUd1cAlQjmvt\/sJRYwNZ21mlwvQwQDgg+wNUDTislkwZZQQWVtYeKParYH8R5n8GNqFUEZINDtWrJORbhfPNR4VFBGJ3HFWEGZ+SxpoCjgXNndSNTYutzd0ch7s0R42PRxraYQWA+oh5FuzNn3ijXwQcz3+yP0dh3FmlqeoDDo\/lRld4+VDSzS7EZWc5SE9QMSCUgpfoy340\/g6o1c3bJRphxcLTkH5d1sOp560ym7D6B2HPO9596qoMD4C6X2MxixEo8\/OduHV4aoXgwZG0mas4KjTiLp4QsrvbnTCJDdxp866IaotBQ=="} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgACQABxEaKg1coHGgq9ekcBu+xsBU5w1QAHq\/m9vTr7O5IAzcdS9wk7Ddox7LZfFBxkY2AqLA6FdJac+irakSOuazN4u6hF1R+\/y2HQI+W+79jJkogrQXvngngx2k8dz0wx\/N3Epp4s2\/DhaDZbD7E8nnX2GV2f+ArjgYIr++2bCze927VDqUt6Y\/68rP90Dg5aiaouPSp1+ZMB+0priHJ21yHSthsfaaRWkLP8bV2MAUFf6i5R0YWAgrrRmAwwogiVZQe09Es154tnRchNEu98YkbAfLLvcPbpracl43kyDxfL+\/8jl\/gKgFzMYaHqP6XWb8PJMKxHtKpSfHFxOBwTV0XDOI75sw\/BZKR1W4z0Nsb4mdVi0sIFKhMB3fXrHgitYLfiaaoDrP9DeqAkU6dMZmBDCrMo5HdnJyEpOXJ1UbeQ7eYYxcanlqt8Fj\/Y3gwsRDKXE22Ok4hD9r52oj5au9bvsrCgT6XypMW5pRd6wjMO3QOua1tHWohCjg\/krUjbJarjnPYdrtoltjrSw\/C0+rFmBNxuxUNvwo0bHNhAf+8XyrjYG2JtluYIvbu1YwvVWMlBRk\/YVRI8e4XK\/ehJHdoci9motArqGvfVOjJ4i+2Gywd4FF2DaiGP6hAsLnVHdDNaiTRAYEyr2EIRLQgPZqDTaKDnMFicXzhGn+vl9g0GXP+fRolWnHkCpYK8mkbBruef4DpgBfyw1yiJrQ5biSh+7Txw1UNXcTvLRcH3SQ1wGFFsLAwlOqKq\/O18uxaWbuDNkf7Tutjjn3rQE76FKl6GoLaLKweX1GuQi8HIqoUAix35NM\/ju7+cTbahGDl2CxcErvOq6UNJPYSWobPEoX49OLRB0qtIyS\/wM2XFnQkNdQUCOBkzCMd0J01rLbY4Lr7s0iuVUr63CZDK1dgOwmVLXv61JXHWu4sT1tJ84McL3p\/\/k36EhzDX0MYq9JgXRber3t4ia2auuqfnTuTlnw\/kpFdbENgipApABNauXwGnbI+vQABkmrYVkjcMWAXcDTLz+aRlN1XeZuC13IkWEo7R3ty3KHiCMDYIay9tAIBcEFuUyFCrYhPNbCmDs+969TJUnuqMAyRDWqPCg8mIz8Okt9fcwEoVuiA44iMsYi5LYE9lXm16iKO8KPDjuRYtdBDd8EgpmnjfXDlKdurHbkfaeBwEaSVPWpmaqX0rxrsfFoo7fxpCPutb6bVmrXAfC6MSgWy9H+oW11QeAHTH+iZO+FqGj5bdQFbSu7QfMTLmw9nr093b3rzaHOYG5o54g3jVj1aZzWVb99OR9XQd3UCxHElmXwmfrvYQAVt4Eb97Q05XlEBP9cFasgBmlDsX4l1xr9Yp2xS3u81yyfr2ipR22A+06D8pe8rJ5E6Fs7Yhj\/aleRleF7Mu0+LDx4nFdkGwlrCw7laAkIOZfJW2bIKe+vV9WUQ3qA3aj+wmD7AYUslve3YPjBjGHUrs6Qu8tl\/d\/2eUGn5J4x8S3NMSQJtrnvl5hukCYgkNOvWZhd+iz4tenCYr9\/PG21ldnyflnyWr1zBHEzKnFkceryn\/\/t+CUSLFfvYY\/P\/J41LIrJ8d3PaSJJTdOuT8WyPs3mJe9AIJHowDSLwFWfKsLi\/VfBNzyT3POBy69MGQGwAKcfsb3uHjVmhSQpmhexTOAyMqbuowRQAwPDkotu5vUw\/9ez4kPcjsBfw5DSjmAd6Wso0OWTaLSpB\/ZI6im+FBMfwKlNfirWLGUYp+tN7x7zIzgQhKbgMusNCyPeL8tfUXei+VO8gqS5XXJQZsAhiqrHuYWyEiuverFKZLBXushLyqd1P2W0n5f+jWkfek4A=="} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989290808,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989290808,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1644251989290808} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1644251989290808} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645745 bytes -~~ total memory freed........: 8645745 bytes -~~ total allocations/frees...: 140564/140564 +~~ total memory allocated....: 9410086 bytes +~~ total memory freed........: 9410086 bytes +~~ total allocations/frees...: 154529/154529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2391 chars diff --git a/test/results/default/gre.pcapng.out b/test/results/default/gre.pcapng.out index 859080b81..fbe26de54 100644 --- a/test/results/default/gre.pcapng.out +++ b/test/results/default/gre.pcapng.out @@ -1,10 +1,10 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483501349095788} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483501349095788} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"192.168.10.210","dst_ip":"192.168.103.40","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","vlan_id":142,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":58,"pkt_l4_offset":78,"pkt_len":384,"pkt_l4_len":306,"thread_ts_usec":1483501349095788,"pkt":"AAAAAAACnDf0fG6RgQAAjggARQABbq+lAADyL1hPbWnk\/QqxYlQwgYgLAUqYUAAAAGoAAACM\/wMAIUWgAUY4wQAAPxFN+8CoCtLAqGcoE8QTxAEyV9VTSVAvMi4wIDEwMCBUcnlpbmcNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xMDMuNDA6NTA2MDtycG9ydD01MDYwO3JlY2VpdmVkPTE5Mi4xNjguMTAzLjQwO2JyYW5jaD16OWhHNGJLX0FJMjAwMEF1ZzA2NDkxMzY3MjI3MTEwDQpUbzogPHNpcDoyNzFAMTkyLjE2OC4xMC4yMTA+DQpGcm9tOiA8c2lwOjI4MUAxOTIuMTY4LjEwMy40MD47dGFnPUFJQ0NGODA1RTU3OENFNjQwMw0KQ2FsbC1JRDogQUkxNzM3QUI1NDkxQURDMzkyQDE5Mi4xNjguMTAzLjQwDQpDU2VxOiAxIElOVklURQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"192.168.10.210","dst_ip":"192.168.103.40","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=AICCF805E578CE6403","to":""}}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"192.168.10.210","dst_ip":"192.168.103.40","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1483501349095788} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1483501349095788} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644944 bytes -~~ total memory freed........: 8644944 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409318 bytes +~~ total memory freed........: 9409318 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1042 chars diff --git a/test/results/default/gtp.pcap.out b/test/results/default/gtp.pcap.out index 00a377d23..535518ba8 100644 --- a/test/results/default/gtp.pcap.out +++ b/test/results/default/gtp.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052949303785} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052949303785} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052949303785,"flow_src_last_pkt_time":1639052949303785,"flow_dst_last_pkt_time":1639052949303785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052949303785,"vlan_id":708,"l3_proto":"ip4","src_ip":"10.238.71.40","dst_ip":"10.238.18.86","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","vlan_id":708,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052949303785,"flow_dst_last_pkt_time":1639052949303785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1639052949303785,"pkt":"AAAAAAAAAAcAAAAIgQACxAgARWgAJD85AAD+EQ3OCu5HKAruElYIaAhoABAAADD+AAA8FZFYAAAAAAAA"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052949303785,"flow_src_last_pkt_time":1639052949303785,"flow_dst_last_pkt_time":1639052949303785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052949303785,"vlan_id":708,"l3_proto":"ip4","src_ip":"10.238.71.40","dst_ip":"10.238.18.86","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -23,10 +23,10 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052985157839,"flow_src_last_pkt_time":1639052985157839,"flow_dst_last_pkt_time":1639052985157839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053305542656,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.238.143.24","dst_ip":"10.238.71.40","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052962041946,"flow_src_last_pkt_time":1639052962041946,"flow_dst_last_pkt_time":1639052962041946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053305542656,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.238.143.10","dst_ip":"10.238.71.40","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052949303785,"flow_src_last_pkt_time":1639052949303785,"flow_dst_last_pkt_time":1639052949303785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053305542656,"vlan_id":708,"l3_proto":"ip4","src_ip":"10.238.71.40","dst_ip":"10.238.18.86","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1639053891263595} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1639053891263595} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1639053305542656,"flow_dst_last_pkt_time":1639053891263595,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1639053891263595,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARVgAJCVGAAD+Ec15Cu5HKAqEbRcIaAhoABAAADD+AAByJjN\/AAAAAAAA"} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639053305542656,"flow_src_last_pkt_time":1639053305542656,"flow_dst_last_pkt_time":1639053891263595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1639053891263595,"vlan_id":808,"l3_proto":"ip4","src_ip":"10.132.109.23","dst_ip":"10.238.71.40","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00805{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1639053891263595} +00805{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1639053891263595} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657225 bytes -~~ total memory freed........: 8657225 bytes -~~ total allocations/frees...: 140595/140595 +~~ total memory allocated....: 9421759 bytes +~~ total memory freed........: 9421759 bytes +~~ total allocations/frees...: 154561/154561 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 988 chars diff --git a/test/results/default/gtp_c.pcap.out b/test/results/default/gtp_c.pcap.out index c578807e1..6d0dc7708 100644 --- a/test/results/default/gtp_c.pcap.out +++ b/test/results/default/gtp_c.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614767558813421} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614767558813421} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614767558813421,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1614767558813421,"pkt":"5kBKB+riApXG95NLCABFAAETmxkAAIARAAAKZQACCmYAAgQACEsA\/wAASCAA8wAAAABLVGIAAQAIAIlnRREiM0T1TAAGAJh2VBI0VksACAA0VniQEgEC81YADQAYmHZUEjSYdlQSNFZ4UwADAIlHVlIAAQAGTQACAAAAVwAJAIY1UpIECmUAAkcACQAIaW50ZXJuZXSAAAEAAGMAAQABTwAFAAEhFxcBfwABAAJIAAgAAAAnDwAAJw9JAAEABV0APQBJAAEABVQADQAhMQEJEMCoAQH\/\/\/8AVwAJAoQ1UpIFCmUAAlAAFgAYBwAAAAAAAAAAAAAAAAAAAAAAAAAAhAAHAAGsEGtxAAGEAAcBAawQa3IAAXIAAgAAAF8AAgAAAQ=="} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614767558813421,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","proto_id":"152.272","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -7,7 +7,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558814579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1614767558814595,"pkt":"5kBKB+riApXG95NLCABFAAA+mxoAAIARAAAKZQACCmYAAgQACEsAKgAASCQAHjVSkgZLVGIASQABAAVWAA0AGJh2VBI0mHZUEjRWeA=="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558815505,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1614767558815505,"pkt":"ApXG95NL5kBKB+riCABFAAAzmxIAAH8Ri9kKZgACCmUAAghLBAAAHwAASCUAEzVSkgRLVGIAAgACABAAAwABAAE="} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558815505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":235,"midstream":0,"thread_ts_usec":1614767558815505,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","proto_id":"152.272","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614767558815505} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614767558815505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644958 bytes -~~ total memory freed........: 8644958 bytes -~~ total allocations/frees...: 140537/140537 +~~ total memory allocated....: 9409332 bytes +~~ total memory freed........: 9409332 bytes +~~ total allocations/frees...: 154503/154503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/gtp_false_positive.pcapng.out b/test/results/default/gtp_false_positive.pcapng.out index 079cd33aa..053f89761 100644 --- a/test/results/default/gtp_false_positive.pcapng.out +++ b/test/results/default/gtp_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638856441836839} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638856441836839} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856441836839,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856441836839,"pkt":"AAAAAAAAAAEAm1OyCABFAABDuMQAAD8R0IIYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1638856442050829,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856442050829,"pkt":"AAAAAAAAAAEAm1OyCABFAABDLq0AAD8RWpoYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"} @@ -7,19 +7,19 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638856501912725,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1638856501912725,"pkt":"AAAAAAAAAAEAm1OyCABFAABL0zoAAD8RtgQYASFCPjh66HJHDToANyFgLwAAAALBDwDIAAEAAADTFLeVMl6lbwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1638856511476253,"pkt":"AAAAAAAAAAEAm1OyCABFAABKCqAAAD8RfqAYASFCPjh66HJHDToANrRYLgAAAAIpAwDIADJepW\/TFLeVlbt0kwAAAAAAAAAAAAAAAAAAAAB\/vnSTfQEAAA=="} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856511476253,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1639664897536021} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1639664897536021} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1639664897536021,"pkt":"AAAAAAAAAAgAcgnYCABFaAAk3R5AADMR+TQyB2+GZ+Fnn0JoCEsAEMsJNwMAAEIAAAAAAAAAAAA="} 01042{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1640630605457589} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1640630605457589} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_usec":1640630605457589,"pkt":"AAAAAAAAAAgAF2izCABFAAFiEjRAAD0RTyh3ub6tQlZicghLw9wBTnl2RgEAAAJ5AwDIAMWLvaZzN8g7AAAAAHAALV6UJ\/cTHdx+UcbekdlVsrIQyORBtJYGjhwit4VPN8cgIpZwuzYVz0TO+kH8rnowgXXPb2P\/JTt2WeT4FCyPlfScgvudUxqPf1kwZMd0KmXiXleYPXTNqftx0xJj\/Kb2FN1yrSOQIVUjnqcH8TbL6jgJymGUAAAAfj1DGkvghwUAAAAAAQAAAAABAAAAAAAAAAAAAgBvbQcAAAAAAAAASgABBwAAAAgAYXV0b0FsZ28BADEQAGF1dG9Jbml0TGltaXRSZXMBADAMAGF1dG9MaW1pdFJlcwEAMAcAYndlQWxnbwEAMQwAZG91Ymxlaml0dGVyAQAwCQBwcm9iZVN0cmEBADAGAHNka2JiciAAYWNrVGltZU91dDoyMDB8YWNrVGltZUxlbmd0aDo2MDA="} 01071{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01177{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1640630605457589} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1640630605457589} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649946 bytes -~~ total memory freed........: 8649946 bytes -~~ total allocations/frees...: 140563/140563 +~~ total memory allocated....: 9414384 bytes +~~ total memory freed........: 9414384 bytes +~~ total allocations/frees...: 154529/154529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1182 chars diff --git a/test/results/default/gtp_prime.pcapng.out b/test/results/default/gtp_prime.pcapng.out index ade7d0819..3f210058f 100644 --- a/test/results/default/gtp_prime.pcapng.out +++ b/test/results/default/gtp_prime.pcapng.out @@ -1,8 +1,8 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1424882324190538} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1424882324190538} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1424882324190538,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1424882324190538} 00699{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":300,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":300,"pkt_l4_len":0,"thread_ts_usec":1424882324190538,"pkt":"tjL\/AAFBtij\/AAFBgQAAZIEAAGcIAEXAARYAAAAAPxEI+QoKNgEKCicK\/EQNOgEC27Eu8AD0AAR+AfwA7wEBHAYA6b9gggDkgAFggwgTACEAAAAA8KQGgAQKCjUBhQQHkAAAhwVlaHJwZIgC8SGpCKAGgAQBAAAGiwEBrIIAKjAogwIDSIQCA0iFAQKGCRUCJRY4RCsAAKkQgQEIhgEJhwNMS0CIA0xLQI0JFQIlFjgBKwAAjgErjwEAsCKkIAYOKwYBBAGyfwMBAkYEAQCBAQCiCzAJAgEBAgEBgQEOkgpBTFUtTk9ERTAxlAEBlQEAlwIBAJgBA54BA58iAQG\/JAaABAoKBgOfJQMTIBCfJgkVAiUWOAArAACfJwkVAiUWOEQrAACfKAQHkAAA"} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1424882324190538} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1424882324190538} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 304 chars ~~ json message max len.......: 816 chars diff --git a/test/results/default/guildwars2.pcapng.out b/test/results/default/guildwars2.pcapng.out index f2bb4db96..3d4d39fe1 100644 --- a/test/results/default/guildwars2.pcapng.out +++ b/test/results/default/guildwars2.pcapng.out @@ -1,14 +1,14 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1747394731988820} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1747394731988820} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747394731988820,"flow_src_last_pkt_time":1747394731988820,"flow_dst_last_pkt_time":1747394731988820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747394731988820,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.64.34.254","src_port":33959,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1747394731988820,"flow_dst_last_pkt_time":1747394731988820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747394731988820,"pkt":"WJz8EPJu8C90rUP1CABFAAA8P3BAAEAGE1XAqAERA0Ai\/oSnF+D+T3KOAAAAAKAC+vDoJQAAAgQFtAQCCAoFPvbKAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1747394731988820,"flow_dst_last_pkt_time":1747394732025363,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747394732025363,"pkt":"8C90rUP1WJz8EPJuCABFAAA8TOBAAHQG0eQDQCL+wKgBERfghKeE95EF\/k9yj6ASIAC4qgAAAgQFoAEDAwgEAggKYPgG\/AU+9so="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1747394732025380,"flow_dst_last_pkt_time":1747394732025363,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1747394732025380,"pkt":"WJz8EPJu8C90rUP1CABFAAA0P3FAAEAGE1zAqAERA0Ai\/oSnF+D+T3KPhPeRBoAQAfboHQAAAQEICgU+9u9g+Ab8"} 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1747394732025396,"flow_dst_last_pkt_time":1747394732025363,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_usec":1747394732025396,"pkt":"WJz8EPJu8C90rUP1CABFAAFRP3JAAEAGEj7AqAERA0Ai\/oSnF+D+T3KPhPeRBoAYAfbpOgAAAQEICgU+9u9g+Ab8UCAvU3RzL0Nvbm5lY3QgU1RTLzEuMA0KbDoyNTINCg0KPENvbm5lY3Q+CjxDb25uVHlwZT40MDA8L0Nvbm5UeXBlPgo8QWRkcmVzcz4xMjcuMC4wLjE8L0FkZHJlc3M+CjxQcm9kdWN0VHlwZT4wPC9Qcm9kdWN0VHlwZT4KPFByb2R1Y3ROYW1lPkd3Mi02NDwvUHJvZHVjdE5hbWU+CjxBcHBJbmRleD4xPC9BcHBJbmRleD4KPEVwb2NoPjc2OTA4NzUyMzwvRXBvY2g+CjxQcm9ncmFtPjEwMTwvUHJvZ3JhbT4KPEJ1aWxkPjEwMDQ8L0J1aWxkPgo8UHJvY2Vzcz4yODg8L1Byb2Nlc3M+CjwvQ29ubmVjdD4K"} -00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1747394731988820,"flow_src_last_pkt_time":1747394732025396,"flow_dst_last_pkt_time":1747394732025363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747394732025396,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.64.34.254","src_port":33959,"dst_port":6112,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GuildWars2","proto_id":"109","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1747394731988820,"flow_src_last_pkt_time":1747394732025396,"flow_dst_last_pkt_time":1747394732025363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747394732025396,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.64.34.254","src_port":33959,"dst_port":6112,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GuildWars2","proto_id":"109","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1747394732025396,"flow_dst_last_pkt_time":1747394732091006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1747394732091006,"pkt":"8C90rUP1WJz8EPJuCABFAAA0TOFAAHQG0esDQCL+wKgBERfghKeE95EG\/k9zrIAQAgEEGgAAAQEICmD4BwMFPvbv"} -00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1747394731988820,"flow_src_last_pkt_time":1747394735137331,"flow_dst_last_pkt_time":1747394735137077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":855,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":1231,"midstream":0,"thread_ts_usec":1747394735137331,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.64.34.254","src_port":33959,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GuildWars2","proto_id":"109","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2031,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1747394735137331} +00974{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1747394731988820,"flow_src_last_pkt_time":1747394735137331,"flow_dst_last_pkt_time":1747394735137077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":855,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":1231,"midstream":0,"thread_ts_usec":1747394735137331,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.64.34.254","src_port":33959,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GuildWars2","proto_id":"109","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/guildwars2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2031,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1747394735137331} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645650 bytes -~~ total memory freed........: 8645650 bytes -~~ total allocations/frees...: 140561/140561 +~~ total memory allocated....: 9410024 bytes +~~ total memory freed........: 9410024 bytes +~~ total allocations/frees...: 154527/154527 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars -~~ json message max len.......: 981 chars -~~ json message avg len.......: 758 chars +~~ json message max len.......: 979 chars +~~ json message avg len.......: 757 chars diff --git a/test/results/default/h323-overflow.pcap.out b/test/results/default/h323-overflow.pcap.out index 3e34b9b7c..949744240 100644 --- a/test/results/default/h323-overflow.pcap.out +++ b/test/results/default/h323-overflow.pcap.out @@ -1,10 +1,10 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":946681200000000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="} 01088{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":946681200000000} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646919 bytes -~~ total memory freed........: 8646919 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9411293 bytes +~~ total memory freed........: 9411293 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 1093 chars diff --git a/test/results/default/h323.pcap.out b/test/results/default/h323.pcap.out index b40de4380..dfbd29046 100644 --- a/test/results/default/h323.pcap.out +++ b/test/results/default/h323.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1027664341625073} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1027664341625073} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1027664341625073,"flow_src_last_pkt_time":1027664341625073,"flow_dst_last_pkt_time":1027664341625073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1027664341625073,"l3_proto":"ip4","src_ip":"10.1.3.143","dst_ip":"10.1.6.18","src_port":32803,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1027664341625073,"flow_dst_last_pkt_time":1027664341625073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1027664341625073,"pkt":"ANBQEAFmAAR2IiAXCABFAAA8pKlAAEAGeHAKAQOPCgEGEoAjBrjLcSVhAAAAAKACFtAZygAAAgQFtAQCCAoAVIHIAAAAAAEDAwA="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1027664341625073,"flow_dst_last_pkt_time":1027664341627057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1027664341627057,"pkt":"AAR2IiAXANBQEAFmCABFAAAwcyoAAEAG6fsKAQYSCgEDjwa4gCPda6+9y3ElYnASIABBlAAAAgQFtAEDAwA="} @@ -14,7 +14,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1027664342675887,"flow_dst_last_pkt_time":1027664342849776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1027664342849776,"pkt":"AAR2IiAXANBQEAFmCABFCABEczYAAEAG6dMKAQYSCgEDjwTQgCTdcJG+zA+GfFAYIACuPgAAAwAAHAIwAQYACIF1AAUAgBvFIEAdAIAAAAAbxQ=="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1027664342673754,"flow_src_last_pkt_time":1027664342675887,"flow_dst_last_pkt_time":1027664342849776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1027664342849776,"l3_proto":"ip4","src_ip":"10.1.3.143","dst_ip":"10.1.6.18","src_port":32804,"dst_port":1232,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1027664342849846,"flow_dst_last_pkt_time":1027664342849776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1027664342849846,"pkt":"ANBQEAFmAAR2IiAXCABFAAAoBExAAEAGGOIKAQOPCgEGEoAkBNDMD4Z83XCR2lAQFtA0lgAA"} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1003,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1140001613762117} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1003,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1140001613762117} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1140001613762117,"flow_src_last_pkt_time":1140001613762117,"flow_dst_last_pkt_time":1140001613762117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1140001613762117,"l3_proto":"ip4","src_ip":"192.168.0.208","dst_ip":"192.168.0.1","src_port":56837,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1140001613762117,"flow_dst_last_pkt_time":1140001613762117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1140001613762117,"pkt":"AAxu6d4pAED0u9kNCABFAAAsTBgAAEAGrJLAqADQwKgAAd4FBrjjKVsYAAAAAGACIADTDAAAAgQFrDI6"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1140001613762117,"flow_dst_last_pkt_time":1140001613762634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1140001613762634,"pkt":"AED0u9kNAAxu6d4pCABFAAAsB0hAAIAGcWLAqAABwKgA0Aa43gXl\/6kj4ylbGWASRBAfwAAAAgQFtA=="} @@ -24,7 +24,7 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1140001613763449,"flow_dst_last_pkt_time":1140001613766500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1140001613766500,"pkt":"AED0u9kNAAxu6d4pCABFAAAsB0lAAIAGcWHAqAABwKgA0Aa43gXl\/6kk4ylbl1AYQ5KCQAAAAwAAKw=="} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1027664342673754,"flow_src_last_pkt_time":1027664343230116,"flow_dst_last_pkt_time":1027664343229818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1140001613950196,"l3_proto":"ip4","src_ip":"10.1.3.143","dst_ip":"10.1.6.18","src_port":32804,"dst_port":1232,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1027664341625073,"flow_src_last_pkt_time":1027664342671930,"flow_dst_last_pkt_time":1027664342671881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":450,"midstream":0,"thread_ts_usec":1140001613950196,"l3_proto":"ip4","src_ip":"10.1.3.143","dst_ip":"10.1.6.18","src_port":32803,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":59,"packets-processed":58,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1198747079978922} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":59,"packets-processed":58,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1198747079978922} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1198747079978922,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1198747079978922,"pkt":"ABj+bZZlABMh8GpfCABFAABCx9cAAIART7MRAgB8EQIAoQfyBrcALv7LAiAAAAYACJFKAAQAEQIAfAfyIgCuAQA9AAEDAIXImlEggAMBQAA="} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1198747079978922,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -38,7 +38,7 @@ 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1198747081344407,"flow_dst_last_pkt_time":1198747081402254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1198747081402254,"pkt":"ABMh8GpfABMh8GmQCABFAABWwtdAAIAGFNERAgB6EQIAfAa4C9gY+jaHDVDbaVAY\/2aqggAAAwAALggCgAFafgAiBSXABgAIkUoABFgIEQAkqxVydvoYEJpYABMh8GmQAoABAA=="} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1140001613762117,"flow_src_last_pkt_time":1140001658714557,"flow_dst_last_pkt_time":1140001658714755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":1198747081402254,"l3_proto":"ip4","src_ip":"192.168.0.208","dst_ip":"192.168.0.1","src_port":56837,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747080556295,"flow_dst_last_pkt_time":1198747160184990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":539,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1198747160184990,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1331741717182968} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1331741717182968} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1331741717182968,"flow_src_last_pkt_time":1331741717182968,"flow_dst_last_pkt_time":1331741717182968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1331741717182968,"l3_proto":"ip4","src_ip":"10.47.208.204","dst_ip":"10.47.208.50","src_port":1719,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1331741717182968,"flow_dst_last_pkt_time":1331741717182968,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1331741717182968,"pkt":"ABDzD2WgAFBgBANPCABFAAFtAABAAEARhCMKL9DMCi\/QMga3BrcBWUayDoBGkgYACJFKAAYAAQAKL9DMBrgBAAov0MwGtyLAggEBAAdUYW5kYmVyZwIyNTdQggEBAAhUYW5kYmVyZ8ACQAsAMgAwADIAMAAzAEAAYQBtAC4AcwBvAGwBgFPLYIIBAQAHVGFuZGJlcmcCMjU3NA8QMAABgE9MAGIAZAAwADIAMABiADgAMAAtADYAZAA0ADEALQAxADEAZQAxAC0AYQA3AGYAYgAtADAAMAAxADAAZgAzADAAZgA2ADUAYQAwAF8AMQA3AQABAAEAFhgCAAASELh2wpHFUhHalfQADPE+s\/1tAVAg34kDWW9FGZ8nc8ClknSvAABQIN+JA1lvRRmfJ3PApZJ0rwBGPGFzc2VudD48YXNzZW50X3R5cGU+Y2xpZW50PC9hc3NlbnRfdHlwZT48dmVyc2lvbj4xPC92ZXJzaW9uPjwvYXNzZW50Pg=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1331741717182968,"flow_src_last_pkt_time":1331741717182968,"flow_dst_last_pkt_time":1331741717182968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1331741717182968,"l3_proto":"ip4","src_ip":"10.47.208.204","dst_ip":"10.47.208.50","src_port":1719,"dst_port":1719,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -49,7 +49,7 @@ 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1331741747299202,"flow_dst_last_pkt_time":1331741747300886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1331741747300886,"pkt":"AFBgBANPABDzD2WgCABFAAEaAABAAEARhHYKL9AyCi\/QzAa3BrcBBmDOEsBGkwYACJFKAAYBAAov0DIGuAJACwAyADAAMgAwADMAQABhAG0ALgBzAG8AbAGAU8sOAGEAbQAtAHYAYwBzAC0AMEwAYgBkADAAMgAwAGIAOAAwAC0ANgBkADQAMQAtADEAMQBlADEALQBhADcAZgBiAC0AMAAwADEAMABmADMAMABmADYANQBhADAAXwAxADcnioAAXgNACi\/QNga3FABBAGwAdABlAHIAbgBhAHQAZQAgADGBQAov0DMGtxQAQQBsAHQAZQByAG4AYQB0AGUAIAAygUAKL9A1BrcUAEEAbAB0AGUAcgBuAGEAdABlACAAM4ECADsBAAEAAQA="} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1331741777425141,"flow_dst_last_pkt_time":1331741747300886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1331741777425141,"pkt":"ABDzD2WgAFBgBANPCABFAAFtAABAAEARhCMKL9DMCi\/QMga3BrcBWUawDoBGlAYACJFKAAYAAQAKL9DMBrgBAAov0MwGtyLAggEBAAdUYW5kYmVyZwIyNTdQggEBAAhUYW5kYmVyZ8ACQAsAMgAwADIAMAAzAEAAYQBtAC4AcwBvAGwBgFPLYIIBAQAHVGFuZGJlcmcCMjU3NA8QMAABgE9MAGIAZAAwADIAMABiADgAMAAtADYAZAA0ADEALQAxADEAZQAxAC0AYQA3AGYAYgAtADAAMAAxADAAZgAzADAAZgA2ADUAYQAwAF8AMQA3AQABAAEAFhgCAAASELh2wpHFUhHalfQADPE+s\/1tAVAg34kDWW9FGZ8nc8ClknSvAABQIN+JA1lvRRmfJ3PApZJ0rwBGPGFzc2VudD48YXNzZW50X3R5cGU+Y2xpZW50PC9hc3NlbnRfdHlwZT48dmVyc2lvbj4xPC92ZXJzaW9uPjwvYXNzZW50Pg=="} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1331741717182968,"flow_src_last_pkt_time":1331741777425141,"flow_dst_last_pkt_time":1331741747300886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":337,"flow_dst_max_l4_payload_len":254,"flow_src_tot_l4_payload_len":1011,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1331741777425141,"l3_proto":"ip4","src_ip":"10.47.208.204","dst_ip":"10.47.208.50","src_port":1719,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":75,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1331741777425141} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":75,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1331741777425141} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 75/75 ~~ skipped flows.............: 0 @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661257 bytes -~~ total memory freed........: 8661257 bytes -~~ total allocations/frees...: 140665/140665 +~~ total memory allocated....: 9425791 bytes +~~ total memory freed........: 9425791 bytes +~~ total allocations/frees...: 154631/154631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 1096 chars diff --git a/test/results/default/hamachi.pcapng.out b/test/results/default/hamachi.pcapng.out index 2327a0bd7..25ce5476e 100644 --- a/test/results/default/hamachi.pcapng.out +++ b/test/results/default/hamachi.pcapng.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748436528273543} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748436528273543} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748436528273543,"flow_src_last_pkt_time":1748436528273543,"flow_dst_last_pkt_time":1748436528273543,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748436528273543,"l3_proto":"ip4","src_ip":"192.168.1.30","dst_ip":"158.120.16.201","src_port":61356,"dst_port":12975,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1748436528273543,"flow_dst_last_pkt_time":1748436528273543,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1748436528273543,"pkt":"WJz8EPJuCAAnneLLCABFAAA0yyBAAIAGAADAqAEenngQye+sMq9rsMlQAAAAAIAC+vBxLgAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1748436528273543,"flow_dst_last_pkt_time":1748436528315457,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1748436528315457,"pkt":"CAAnneLLWJz8EPJuCABFAAA0SilAAHgGR5OeeBDJwKgBHjKv76zdVMt6a7DJUYAS\/\/\/93gAAAgQFoAEDAwgBAQQC"} @@ -22,7 +22,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1748436644677165,"flow_src_last_pkt_time":1748436644717194,"flow_dst_last_pkt_time":1748436644717006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":352,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748436644717194,"l3_proto":"ip4","src_ip":"192.168.1.30","dst_ip":"158.120.16.205","src_port":56766,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Hamachi","proto_id":"91.451","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1748436644717194,"flow_src_last_pkt_time":1748436644717194,"flow_dst_last_pkt_time":1748436644717194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":628,"midstream":0,"thread_ts_usec":1748436644717194,"l3_proto":"ip4","src_ip":"192.168.1.30","dst_ip":"158.120.24.193","src_port":55865,"dst_port":17771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Hamachi","proto_id":"451","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1748436528273543,"flow_src_last_pkt_time":1748436528321447,"flow_dst_last_pkt_time":1748436528315457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748436644717194,"l3_proto":"ip4","src_ip":"192.168.1.30","dst_ip":"158.120.16.201","src_port":61356,"dst_port":12975,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Hamachi","proto_id":"451","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1748436644717194} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/hamachi.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1748436644717194} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652314 bytes -~~ total memory freed........: 8652314 bytes -~~ total allocations/frees...: 140576/140576 +~~ total memory allocated....: 9416752 bytes +~~ total memory freed........: 9416752 bytes +~~ total allocations/frees...: 154542/154542 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 1332 chars diff --git a/test/results/default/haproxy.pcap.out b/test/results/default/haproxy.pcap.out index 2b18cdfbc..2a03afc2d 100644 --- a/test/results/default/haproxy.pcap.out +++ b/test/results/default/haproxy.pcap.out @@ -1,10 +1,10 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687864379191181} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687864379191181} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1687864379191181,"pkt":"+hY+jaKQ+hY+\/yO1CABFAAFpvu5AAD8GAgoBAQEBAgICAr12Abu3rOLhYNsr0IAYAebcfgAAAQEICj6dk6a+omhcUFJPWFkgVENQNCAxMS4xMTEuMTEuMTExIDIyMi4yMjIuMjIyLjIyIDUyMTc2IDQ0Mw0KFgMBAP0BAAD5AwNlfFlZ28HZabWEzRLxYxkQw8ZEWOpFUKuCCl2ET+sPiyCZoEcV\/EP3q9ibNr\/\/S8YKnRMNZ3pfRaKXBGknrdMLPAAkEwETAhMDwC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAjAAAABgAFgAAE2FhYWFhYWFhYWFhYWFhYWEueHgAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIC9wHtbeNV7Yhsp5eQYXtT7TM0R+9NA5\/A60gExAg7ZMAC0AAgEBACsABQQDBAMD"} 01025{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HAProxy","proto_id":"350","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} 01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HAProxy","proto_id":"350","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1687864379191181} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1687864379191181} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646948 bytes -~~ total memory freed........: 8646948 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9411322 bytes +~~ total memory freed........: 9411322 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 1069 chars diff --git a/test/results/default/hart_ip.pcap.out b/test/results/default/hart_ip.pcap.out index 583a3fed6..f825c6264 100644 --- a/test/results/default/hart_ip.pcap.out +++ b/test/results/default/hart_ip.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1332169969950823} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1332169969950823} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332169969950823,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1332169969950823,"pkt":"ACYWAADSAAwpUKn8CABFAAApAABAAEARuQTAqABlwKgACsLxE+YAFXSoAQAAAAACAA0BAAB1MA=="} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332169969950823,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -21,7 +21,7 @@ 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":14,"flow_first_seen":1332170006682110,"flow_src_last_pkt_time":1332170040778581,"flow_dst_last_pkt_time":1332170040778475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49559,"dst_port":5094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1332169969956063,"flow_src_last_pkt_time":1332170004665691,"flow_dst_last_pkt_time":1332170004664457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":173,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.101","src_port":5095,"dst_port":49905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":65,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1332170040778581} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":65,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1332170040778581} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 65/65 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8651594 bytes -~~ total memory freed........: 8651594 bytes -~~ total allocations/frees...: 140620/140620 +~~ total memory allocated....: 9416032 bytes +~~ total memory freed........: 9416032 bytes +~~ total allocations/frees...: 154586/154586 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2158 chars diff --git a/test/results/default/hcl_notes.pcapng.out b/test/results/default/hcl_notes.pcapng.out index 94bd37e29..e96bc8099 100644 --- a/test/results/default/hcl_notes.pcapng.out +++ b/test/results/default/hcl_notes.pcapng.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1745344099164594} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1745344099164594} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1745344099164594,"flow_src_last_pkt_time":1745344099164594,"flow_dst_last_pkt_time":1745344099164594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745344099164594,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"192.168.1.30","src_port":49779,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1745344099164594,"flow_dst_last_pkt_time":1745344099164594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1745344099164594,"pkt":"CAAnneLLCAAn0IAdCABFAAA0iC1AAIAGAADAqAEfwKgBHsJzBUjLmStqAAAAAIAC+vCDtAAAAgQFtAEDAwgBAQQC"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1745344099164594,"flow_dst_last_pkt_time":1745344099164895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1745344099164895,"pkt":"CAAn0IAdCAAnneLLCABFAAA01eNAAIAGoVLAqAEewKgBHwVIwnOsKJ1Oy5kra4AS\/\/\/jOgAAAgQFtAEDAwgBAQQC"} @@ -8,7 +8,7 @@ 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1745344099164594,"flow_src_last_pkt_time":1745344099178040,"flow_dst_last_pkt_time":1745344099164895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745344099178040,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"192.168.1.30","src_port":49779,"dst_port":1352,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HCL_Notes","proto_id":"150","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1745344099178040,"flow_dst_last_pkt_time":1745344099178282,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_usec":1745344099178282,"pkt":"CAAn0IAdCAAnneLLCABFAACm1eRAAIAGoN\/AqAEewKgBHwVIwnOsKJ1Py5ksRVAYIBR4XQAAfAAAAHEAAAADAABAAg8AJwA9JU9C\/tceAwAAAAACAC8AFAAAAAAAAACgH\/YxPiXRckdkEzQL46JduLlDTj1UZXN0U2VydmVyL089VGVzdAUAEADJFwIIAQAAAAAAAAAAAAAACQAIAL7OYQB0jCUADwAEAGhvbWUSAAIACAAA"} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1745344099164594,"flow_src_last_pkt_time":1745344099178371,"flow_dst_last_pkt_time":1745344099179351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":522,"midstream":0,"thread_ts_usec":1745344099179351,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"192.168.1.30","src_port":49779,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HCL_Notes","proto_id":"150","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1126,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1745344099179351} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/hcl_notes.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1126,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1745344099179351} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645042 bytes -~~ total memory freed........: 8645042 bytes -~~ total allocations/frees...: 140540/140540 +~~ total memory allocated....: 9409416 bytes +~~ total memory freed........: 9409416 bytes +~~ total allocations/frees...: 154506/154506 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 990 chars diff --git a/test/results/default/heuristic_tcp_ack_payload.pcap.out b/test/results/default/heuristic_tcp_ack_payload.pcap.out index 78c827a91..3382e821f 100644 --- a/test/results/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/default/heuristic_tcp_ack_payload.pcap.out @@ -1,5 +1,5 @@ -00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681478090730262} +00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681478090730262} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681478090730262,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090730262,"pkt":"QHGDrEAwoDafLnO8CABFAAA0UOtAAH0GbxHC4scVNBJ\/veMrAbsAeoaaAAAAAIAC+vDKXAAAAgQFtAEDAwgBAQQC"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090780521,"pkt":"oDafLnO8QHGDrEAwCABFAAA0AABAAOkGU\/w0En+9wuLHFQG74yuLkuWcAHqGm4ASaQPrCQAAAgQFtAEBBAIBAwMI"} @@ -7,15 +7,15 @@ 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1681478090781920,"pkt":"QHGDrEAwoDafLnO8CABFAAItUO1AAH0GbRbC4scVNBJ\/veMrAbsAeoabi5LlnVAYAgHa5QAAFgMBAgABAAH8AwO2b8k+LCOftweDZWjvdeyR90vCYVJRMgT0j8Pik75VmCBg6yWVhOtcb9ut7Hy59sTpKH6uJec\/kZz0GzKsEDEcaAAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAbAAMCAAIAIwBp+6R1+qIJHZG7jowoeY3hRbjOQoOBSjubfpFQW9nxqfD0S5qRCzYtZk0T2UZ7jb\/+pwGkVmJwdmFtm3YHm6ODfcntPcAS93\/vLSJrkHutEM1HolLRM4QVmCnTlceE8Q\/R5iQVvIN9NJOjABIAAAALAAIBAAAKAAoACIqKAB0AFwAYADMAKwApiooAAQAAHQAg0bBrRvkzsBdk4f0tRyz\/mG183djoFkcSb2nq6iq3WmBEaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjH\/AQABAAAFAAUBAAAAAAAtAAIBAQAXAAAAAAAQAA4AAAtiaXRyaXguaW5mbwANABIAEAQDCAQEAQUDCAUFAQgGBgEAKwAHBnp6AwQDA7q6AAEAABUAYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090832249,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1681478090832249,"pkt":"oDafLnO8QHGDrEAwCABFAAAuXV1AAOkG9qQ0En+9wuLHFQG74yuLkuWdAHqIoFAQAG6SZwAAAAAAAAAA"} 01988{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1860474.4,"max":28647677,"stddev":7030273.0,"var":49424738811904.0,"ent":1.1,"data": [50259,51105,553,51728,128,0,97,51293,1354,0,1851,500,202,193,0,51721,0,48,140,50129,407,8135,0,8098,85064,28647677,19,62,28613926,13,0]},"pktlen": {"min":42,"avg":308.7,"max":2960,"stddev":576.0,"var":331721.9,"ent":3.6,"data": [52,52,42,557,46,153,1500,2960,42,378,49,42,166,145,502,550,160,91,118,46,42,78,439,78,42,46,113,86,1125,46,46,86]},"bins": {"c_to_s": [6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1],"entropies": [4.700937748,4.839770317,4.678030014,5.790879726,4.390829086,5.801830769,7.220153809,7.298819065,4.678030014,7.385129929,4.797285557,4.725648880,6.228291035,6.284518242,7.567343235,7.646277905,6.609186172,5.432500839,6.074527264,4.434307575,4.678030014,5.448187351,7.460664272,5.370555878,4.678030014,4.477785587,5.985470772,5.565127373,7.818080425,4.434307575,4.477785587,5.465760708]}} -01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681887368538349} +01071{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681887368538349} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681887368538349,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368538349,"pkt":"QHGDrEAwoDafLnO8CABFAAA0sahAAEAGEuHC4sfiCPfifoU1AFBr1P3sAAAAAIAC+vAOnwAAAgQFtAEBBAIBAwMH"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368549865,"pkt":"oDafLnO8QHGDrEAwCABFAAA0+VoAADkGEi8I9+J+wuLH4gBQhTVLutKfa9T97YASpWRFuwAAAgQFtAEBBAIBAwMM"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1681887368549922,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1681887368549922,"pkt":"QHGDrEAwoDafLnO8CABFAAAqsalAAEAGEurC4sfiCPfifoU1AFBr1P3tS7rSoFAQAfYp\/wAAAAA="} 01211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1681887368549922,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":550,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":550,"pkt_l4_len":516,"thread_ts_usec":1681887368549922,"pkt":"QHGDrEAwoDafLnO8CABFAAIYsapAAEAGEPvC4sfiCPfifoU1AFBr1P3tS7rSoFAYAfYVeQAAR0VUIC9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9iNGYyNzUxNC0xNjE4LTQ3YTAtYmNkNC01ZmNiNDY5ZWRiNjM\/UDE9MTY4MTg4ODA1OCZQMj00MDQmUDM9MiZQND1WSjJRdiUyYlVYekJHT1VMWm15c2h4bGM4WFh4NHBMbDdob0ZjTGdmMWlTMzNyREdmbTB0Q1ZyVFB2Wk44dG44eVdCU3JBMGlkd2R0T0JGTFFNalpDVWt3JTNkJTNkIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KUmFuZ2U6IGJ5dGVzPTAtMQ0KVXNlci1BZ2VudDogTWljcm9zb2Z0LURlbGl2ZXJ5LU9wdGltaXphdGlvbi8xMC4wDQpNUy1DVjogdGIxWkFueW9kRWVlaE1vai4xLjAuMi4xLjEuMC4wLjE5LjIuNi4yLjEuMQ0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IDMudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20NClZpYTogMS4xIHByb3h5LmFhbmV0LnJ1IChzcXVpZC8zLjUuMjgpDQpYLUZvcndhcmRlZC1Gb3I6IDEwLjEzLjM4LjE2MA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0wDQoNCg=="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1681887368549922,"flow_dst_last_pkt_time":1681887368561681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1681887368561681,"pkt":"oDafLnO8QHGDrEAwCABFAAAu+VwAADkGEjMI9+J+wuLH4gBQhTVLutKga9T\/3VAQAAsp9gAAAAAAAAAA"} -01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478221324232,"flow_dst_last_pkt_time":1681478221373883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1493,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":5265,"flow_dst_tot_l4_payload_len":7081,"midstream":0,"thread_ts_usec":1681887368574945,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01110{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478221324232,"flow_dst_last_pkt_time":1681478221373883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1493,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":5265,"flow_dst_tot_l4_payload_len":7081,"midstream":0,"thread_ts_usec":1681887368574945,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887518918488,"flow_dst_last_pkt_time":1681887518918488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681887518918488,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1681887518918488,"flow_dst_last_pkt_time":1681887518918488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887518918488,"pkt":"QHGDrEAwoDafLnO8CABFAAA0EMZAAH4GNFfC4sc9I\/EJlms9AbvPt5\/HAAAAAIACIAC68QAAAgQFtAEDAwgBAQQC"} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1681887518918488,"flow_dst_last_pkt_time":1681887518942556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887518942556,"pkt":"oDafLnO8QHGDrEAwCABFIAA0AABAAHwGRv0j8QmWwuLHPQG7az2esooQz7efyIAS\/\/+yTQAAAgQFhAEBBAIBAwMI"} @@ -26,7 +26,7 @@ 01074{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887519032454,"flow_dst_last_pkt_time":1681887519031452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":321,"flow_dst_max_l4_payload_len":2824,"flow_src_tot_l4_payload_len":867,"flow_dst_tot_l4_payload_len":19359,"midstream":0,"thread_ts_usec":1681887519032454,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00998{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1682070081976502} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1682070081976502} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682070081976502,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081976502,"pkt":"QHGDrEAwoDafLnO8CABFAAA01rdAAH4G1SvC4scJXN9qFcJcAbti0BbiAAAAAIAC+vDldAAAAgQFtAEDAwgBAQQC"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081986323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081986323,"pkt":"oDafLnO8QHGDrEAwCABFoAA0AABAADsG7kNc32oVwuLHCQG7wlyvphSeYtAW44ASpWR2qgAAAgQFtAEBBAIBAwMJ"} @@ -49,12 +49,12 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1682070124530631,"flow_dst_last_pkt_time":1682070122490627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070124530631,"pkt":"QHGDrEAwoDafLnO8CABFAAA04TxAAH0GZ5fC4sc9AhYouhsiAbvsZqDdAAAAAIAC+vAVDgAAAgQFtAEDAwgBAQQC"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1682070124532429,"flow_dst_last_pkt_time":1682070122490627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":1682070124532429,"pkt":"QHGDrEAwoDafLnO8CABFAAAq4T5AAH0GZ5\/C4sc9AhYouhsiAbvsZqDeIQ+6sFAQAQB0AAAAAAA="} 02016{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070127475501,"flow_dst_last_pkt_time":1682070127468714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":3416,"flow_dst_tot_l4_payload_len":10610,"midstream":0,"thread_ts_usec":1682070127475501,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":323009.5,"max":2634777,"stddev":687597.7,"var":472790597632.0,"ent":2.8,"data": [9842,15325,2065171,1798,114,2048180,1988,1777,823,1,2161,39414,217233,215957,433218,854700,2634777,793,114791,2391,133538,311,1201538,215,30,1,210,55,15686,389,868]},"pktlen": {"min":42,"avg":481.7,"max":2960,"stddev":697.2,"var":486142.7,"ent":3.8,"data": [52,52,52,52,42,561,52,52,46,2960,1216,1500,52,46,1500,1500,1500,52,52,42,42,120,138,46,311,327,46,101,71,1500,658,673]},"bins": {"c_to_s": [8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [9,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,1]},"directions": [0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0],"entropies": [4.767184734,4.961856842,4.961856842,4.767184734,4.617807865,6.804517746,4.961856842,4.961856842,4.565872192,7.936507702,7.812016487,7.865312576,4.834680557,5.055958748,7.863229275,7.863562107,7.864302158,4.873142242,4.834680557,4.725648880,4.773267746,6.283937454,6.596406460,4.609350204,7.253105640,7.293287277,4.609350204,6.180341721,5.790450096,7.859360218,7.630677700,7.711422920]}} -01068{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070127475501,"flow_dst_last_pkt_time":1682070127468714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":3416,"flow_dst_tot_l4_payload_len":10610,"midstream":0,"thread_ts_usec":1682070127475501,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01069{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070127475501,"flow_dst_last_pkt_time":1682070127468714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":3416,"flow_dst_tot_l4_payload_len":10610,"midstream":0,"thread_ts_usec":1682070127475501,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01065{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070082251822,"flow_dst_last_pkt_time":1682070082232484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2636,"flow_src_tot_l4_payload_len":618,"flow_dst_tot_l4_payload_len":4888,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070082251822,"flow_dst_last_pkt_time":1682070082232484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2636,"flow_src_tot_l4_payload_len":618,"flow_dst_tot_l4_payload_len":4888,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":47,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070140586728,"flow_dst_last_pkt_time":1682070140596749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":24070,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":47,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070140586728,"flow_dst_last_pkt_time":1682070140596749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":24070,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095296597,"flow_dst_last_pkt_time":1682070095295909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":9570,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":303,"packets-processed":303,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1682070140596749} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":303,"packets-processed":303,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1682070140596749} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 303/303 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8678346 bytes -~~ total memory freed........: 8678346 bytes -~~ total allocations/frees...: 140905/140905 +~~ total memory allocated....: 9442880 bytes +~~ total memory freed........: 9442880 bytes +~~ total allocations/frees...: 154871/154871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2021 chars diff --git a/test/results/default/hislip.pcap.out b/test/results/default/hislip.pcap.out index 0fa88c3d0..918793bde 100644 --- a/test/results/default/hislip.pcap.out +++ b/test/results/default/hislip.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1395234992923478} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1395234992923478} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1395234992923478,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395234992923478,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51053,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992923478,"pkt":"AOAz2gNE+LFWq9DWCABFAAA0O7NAAIAGAAAKQAB\/CkAASMdtExCcmBGeAAAAAIACIAAVbQAAAgQFtAEDAwgBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992923722,"pkt":"+LFWq9DWAOAz2gNECABFAAA0RotAAIAGnvIKQABICkAAfxMQx23MdkTbnJgRn4ASIACfsgAAAgQFtAEDAwgBAQQC"} @@ -36,7 +36,7 @@ 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":16,"flow_first_seen":1395234992935199,"flow_src_last_pkt_time":1395235239784812,"flow_dst_last_pkt_time":1395235239784744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51054,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":20,"flow_first_seen":1395235022698475,"flow_src_last_pkt_time":1395235237017565,"flow_dst_last_pkt_time":1395235237017484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51055,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":23,"flow_first_seen":1395235022714729,"flow_src_last_pkt_time":1395235237016961,"flow_dst_last_pkt_time":1395235237016867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":313,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51056,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":184,"packets-processed":184,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1395235239785411} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":184,"packets-processed":184,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1395235239785411} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 184/184 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657470 bytes -~~ total memory freed........: 8657470 bytes -~~ total allocations/frees...: 140750/140750 +~~ total memory allocated....: 9421940 bytes +~~ total memory freed........: 9421940 bytes +~~ total allocations/frees...: 154716/154716 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2241 chars diff --git a/test/results/default/hl7.pcap.out b/test/results/default/hl7.pcap.out index 8eabf7d42..c12c29d09 100644 --- a/test/results/default/hl7.pcap.out +++ b/test/results/default/hl7.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1517275422250397} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1517275422250397} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275422250397,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422250397,"pkt":"CAAnHabCAAwptbZICABFAAA0emVAAIAGa0YKAACbCgAAfsBaGgVdWCFsAAAAAIACIADg0wAAAgQFtAEDAwgBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422250397,"pkt":"CAAnHabCAAOxtbZICABFAAA0emVAAIAGa0YKAACbCgAAfsBaGgVdWCFsAAAAAIACIADg0wAAAgQFtAEDAwgBAQQC"} @@ -24,7 +24,7 @@ 00952{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1517275751439468,"flow_dst_last_pkt_time":1517275751434678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1517275751439468,"pkt":"CAAnHabCAAwptbZICABFAAFneuxAAIAGaYwKAACbCgAAfsBkGgVMiwpturfRrFAYAQCkEgAAWVogTEFCfA1PQlh8MTF8Tk18bWN2Xk1jdl5Mb2NhbF43ODctMl5NY3ZeTE58fDgwfGZsfDc3LTk4fHx8fEZ8fHwyMDEyMDQxMDE2MDIyN3xsYWJ8MTJeWFlaIExBQnwNT0JYfDEyfE5NfG1jaF5NY2h8fDMwfHBnfDI3LTM1fHx8fEZ8fHwyMDEyMDQxMDE2MDIyN3xsYWJ8MTJeWFlaIExBQnwNT0JYfDEzfE5NfG1jaGNeTWNoY3x8MzJ8Zy9kbHwzMi0zNXx8fHxGfHx8MjAxMjA0MTAxNjAyMjd8bGFifDEyXlhZWiBMQUJ8DU9CWHwxNHxOTXxwbHReUGxhdGVsZXRzfHwyMjF8L25sfDE0MC00MDB8fHx8Rnx8fDIwMTIwNDEwMTYwMjI3fGxhYnwxMl5YWVogTEFCfA0cDQ=="} 01093{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1517275687767046,"flow_src_last_pkt_time":1517275687786637,"flow_dst_last_pkt_time":1517275687786209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":613,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":613,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1517275751462001,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49250,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} 01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1517275751433916,"flow_src_last_pkt_time":1517275751462001,"flow_dst_last_pkt_time":1517275751459723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":1779,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1517275751462001,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49252,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4571,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1517275751462001} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4571,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1517275751462001} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657275 bytes -~~ total memory freed........: 8657275 bytes -~~ total allocations/frees...: 140608/140608 +~~ total memory allocated....: 9421713 bytes +~~ total memory freed........: 9421713 bytes +~~ total allocations/frees...: 154574/154574 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 2480 chars diff --git a/test/results/default/hls.pcapng.out b/test/results/default/hls.pcapng.out index 258be4042..d1dbe9206 100644 --- a/test/results/default/hls.pcapng.out +++ b/test/results/default/hls.pcapng.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721055013596325} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721055013596325} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721055013596325,"flow_src_last_pkt_time":1721055013596325,"flow_dst_last_pkt_time":1721055013596325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721055013596325,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"192.168.88.231","src_port":41644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1721055013596325,"flow_dst_last_pkt_time":1721055013596325,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1721055013596325,"pkt":"RQAAPMH2QABABqddCtetAcCoWOeirB+Q4VphPwAAAACgAv\/\/omMAAAIEJugEAggKkY4cmQAAAAABAwMJ"} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1721055013596325,"flow_dst_last_pkt_time":1721055013597886,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1721055013597886,"pkt":"RQAAMAAAQABABmlgwKhY5wrXrQEfkKKsd+t36+FaYUBwEgQAkMQAAAIEJugDAwkA"} @@ -9,7 +9,7 @@ 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1721055013598580,"flow_dst_last_pkt_time":1721055013598686,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1721055013598686,"pkt":"RQAAKAAAQABABmlowKhY5wrXrQEfkKKsd+t37OFaYdRQEAP\/5SkAAA=="} 01401{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1721055013596325,"flow_src_last_pkt_time":1721055013598580,"flow_dst_last_pkt_time":1721055013600022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1721055013600022,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"192.168.88.231","src_port":41644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.HLS","proto_id":"7.418","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"192.168.88.231","domainame":"192.168.88.231","http": {"url":"192.168.88.231:8080\/output.m3u8","code":200,"content_type":"application\/vnd.apple.mpegurl","user_agent":"VLC\/3.0.18 LibVLC\/3.0.18"}}} 01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1721055013596325,"flow_src_last_pkt_time":1721055018937325,"flow_dst_last_pkt_time":1721055018937476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":323,"midstream":0,"thread_ts_usec":1721055018937476,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"192.168.88.231","src_port":41644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.HLS","proto_id":"7.418","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"192.168.88.231"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1721055018937476} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1721055018937476} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645397 bytes -~~ total memory freed........: 8645397 bytes -~~ total allocations/frees...: 140553/140553 +~~ total memory allocated....: 9409771 bytes +~~ total memory freed........: 9409771 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 511 chars ~~ json message max len.......: 1406 chars diff --git a/test/results/default/hots.pcapng.out b/test/results/default/hots.pcapng.out index f509bc838..e95f91039 100644 --- a/test/results/default/hots.pcapng.out +++ b/test/results/default/hots.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654637718943449} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654637718943449} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654637718943449,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1654637718943449,"pkt":"XKbmnXAsHIcsX1wrCABFAAA0\/EkAAIARAADAqABJGGk4DdVGDowAIBGZ5l00AJcnFPc\/largPjZAABq8Y7Mqyf2l"} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654637718943449,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -9,7 +9,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1654637719137613,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1654637719137613,"pkt":"XKbmnXAsHIcsX1wrCABFAAA0\/E0AAIARAADAqABJGGk4DdVGDowAIBGZ5l00AE+Qups7r8mPrXxAABrIY9cLO2D3"} 02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811243833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":540,"midstream":0,"thread_ts_usec":1654637811243833,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3612,"avg":2995064.8,"max":91418317,"stddev":16143814.0,"var":260622725939200.0,"ent":0.2,"data": [39885,24383,63734,66162,61944,34445,30828,61113,3612,33342,62853,57422,6903,91418317,63443,62525,36602,26359,63168,62882,63116,62919,63469,62673,63217,32441,30200,63038,62887,26082,37046]},"pktlen": {"min":48,"avg":54.9,"max":60,"stddev":5.0,"var":25.2,"ent":5.0,"data": [52,48,52,52,52,52,48,52,48,52,52,52,48,52,60,60,60,48,60,60,60,60,60,60,60,60,48,60,60,60,48,60]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.946224213,4.767892838,4.792377472,4.869300842,4.946224213,4.946224213,4.809559822,4.869300842,4.767892838,4.907762527,4.946224213,4.907762527,4.752166748,4.946224213,4.432916641,4.366249561,4.366250038,3.700824261,4.366250038,4.432916641,4.332916737,4.399583340,4.199582577,4.302914619,4.287001610,4.366250038,3.742490768,4.353668213,4.366249561,4.399583340,3.742490768,4.366249561]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":21,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811370381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1654637811370381,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1654783675054709} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1654783675054709} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783675054709,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1654783675054709,"pkt":"HIcsX1wrXKbmnXAsCABFAAAwCHlAADMRLDMYaTm3wKgASQRfxbEAHHLGAAAAAAAAAAAAAAAAAABAAAnvZd4="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783675054709,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -18,7 +18,7 @@ 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1654783675117304,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1654783675117304,"pkt":"HIcsX1wrXKbmnXAsCABFAAB2CIBAADMRK+YYaTm3wKgASQRfxbEAYiR2AAAAAAAAAAAAAAAAAABAAAoeZeIql8nUybw4tw4pKpHcbVwYH7G3wB9ObHfM9+DMqRG8+TeH21hXAHBJ3yp55piT47VgIlh7bWtACKd7vLtppv9EBjqF2v+b"} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1654783675154334,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1654783675154334,"pkt":"HIcsX1wrXKbmnXAsCABFAAB2CJ1AADMRK8kYaTm3wKgASQRfxbEAYiRmAAAAAAAAAAAAAAAAAABAEAoeZeIql8nUybw4tw4pKpHcbVwYH7G3wB9ObHfM9+DMqRG8+TeH21hXAHBJ3yp55piT47VgIlh7bWtACKd7vLtppv9EBjqF2v+b"} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":21,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811370381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1654783675999278,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1654785317878340} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1654785317878340} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":83,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785317878340,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_usec":1654785317878340,"pkt":"HIcsX1wrXKbmnXAsCABFAABvGAZAADMRHQ4YaTkQwKgASQ6MxbEAW4bbAAAAAAAAAAAAAAAAAABAAEsqg3hSe3s95phNudnvfQibOs38xR2pLkVG09Ss9ri5OJJni8tOOzlPJsNzb+raB889CpbXTuIgbs4COoyi16z\/8Gg="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":83,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785317878340,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -29,7 +29,7 @@ 02198{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785318886180,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2479,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785318886180,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1113,"avg":32511.0,"max":62822,"stddev":18812.4,"var":353907232.0,"ent":4.7,"data": [31758,14744,16286,4737,58380,5040,58167,42440,20509,62822,16348,46993,45239,18003,62811,27060,19191,16374,50151,13098,1113,62335,31570,31017,31934,30736,13221,50259,34089,29278,62137]},"pktlen": {"min":48,"avg":105.5,"max":150,"stddev":33.5,"var":1124.4,"ent":4.9,"data": [111,111,48,132,132,103,103,121,121,103,109,109,103,48,150,109,109,48,109,48,150,150,146,48,129,48,138,138,121,48,123,109]},"bins": {"c_to_s": [7,0,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.727404118,5.736169815,3.659157991,5.974259377,6.029637337,5.373315811,5.410210133,5.896153450,5.877972126,5.645791054,5.660812855,5.713362217,5.521955967,3.700824261,6.180423737,5.754983425,5.770836353,3.742490768,5.748058796,3.700824261,6.267391682,6.252244949,6.277539730,3.742491007,6.034878731,3.742490768,6.026935577,6.097950459,5.911030293,3.700824499,5.963339806,5.665075302]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675999278,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785319138383,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785319138383,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3073,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785319138383,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1654785319138383} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1654785319138383} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652614 bytes -~~ total memory freed........: 8652614 bytes -~~ total allocations/frees...: 140655/140655 +~~ total memory allocated....: 9417052 bytes +~~ total memory freed........: 9417052 bytes +~~ total allocations/frees...: 154621/154621 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2203 chars diff --git a/test/results/default/hpvirtgrp.pcap.out b/test/results/default/hpvirtgrp.pcap.out index c27ee6355..1bf6ecf06 100644 --- a/test/results/default/hpvirtgrp.pcap.out +++ b/test/results/default/hpvirtgrp.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614852331255737} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614852331255737} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614852331255737,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331255737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614852331255737,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331255737,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614852331255737,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614852331284558,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"} @@ -7,7 +7,7 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614852331296153,"pkt":"eJS0JASgYDjgxTWgCABFAACs5ERAAD8GMYzAqAJkoCzCQrXqFGfdahKKAppmxVAY\/\/8HHQAAFgCEAKqIQmLfq0myi1Ms5EEjm+6cqoVS+bxA3bvOHHc5Gr2Pc4fCkAGOamMfQ3uS+B4J5cuhz68jJKVEgot70CvKeNsy83XzEd14C9vITFbQomfEQv2BBG44aXbDk7QFABdKzsf570s20zguGi2FIzxy4bDOl\/aEx4b8vTDa5Lopbwqr"} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614852331255737,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614852331296153,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331324408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614852331324408,"pkt":"YDjgxTWgeJS0JASgCABFAAAoPalAADQG46ugLMJCwKgCZBRnteoCmmbF3WoTDlAQchD0HgAAAAAAAAAA"} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614861892925577} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614861892925577} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614861892925577,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892925577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614861892925577,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892925577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614861892925577,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892952589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614861892952589,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"} @@ -23,7 +23,7 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998752102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614861998769322,"pkt":"eJS0JASgYDjgxTWgCABFAACsbURAAD8GqIzAqAJkoCzCQue8FGe3KQNadGbIs1AY\/\/+TrQAAFgCEAAiEIm75Zy9VjUl+5IerSq31im9iiLiR7yC1EKTt3UZUDIvzmJzS8h4KLbNPThmQ1QigRVFIS+UyNjRfUWaAtxQmjZpmMmOXCehX0iRvSqjyAHMyTpdZ0ZK8tTSp4KvvS4Z8D9n4XXG7+pf9mkL4Vd7qfMcpPZN7co6napRCuwTA"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614861998723587,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998752102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614861998769322,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998797954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614861998797954,"pkt":"YDjgxTWgeJS0JASgCABFAAAoFkhAADQGCw2gLMJCwKgCZBRn57x0ZsiztykD3lAQchAkAwAAAAAAAAAA"} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1614876808445263} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1614876808445263} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614876808445263,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808445263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614876808445263,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808445263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614876808445263,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808474414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614876808474414,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"} @@ -33,7 +33,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1614876811615624,"flow_dst_last_pkt_time":1614876811644558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614876811644558,"pkt":"YDjgxTWgeJS0JASgCABFAAAoo01AADQGfgegLMJCwKgCZBRn6hA0hHo6h+Mp3lAQchC5UAAAAAAAAAAA"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614861892925577,"flow_src_last_pkt_time":1614861898114372,"flow_dst_last_pkt_time":1614861898108226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614876811951912,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614861998723587,"flow_src_last_pkt_time":1614862060685520,"flow_dst_last_pkt_time":1614862060713776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614876811951912,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1614877863379823} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1614877863379823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863379823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614877863379823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863379823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614877863379823,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614877863406025,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"} @@ -41,7 +41,7 @@ 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614877863430508,"pkt":"eJS0JASgYDjgxTWgCABFAACsnQRAAD8GeMzAqAJkoCzCQpzYFGd4ZLUT\/nJevFAY\/\/9h2wAAFgCEAFeCoLQYkZVucFSlTilhAUO4J2Gc\/xNv4bSVAhSEOKUK9H1p9TyCs4HXw0uhyo2PPSWpxWiXGIKnoP1IQOXwjxvjoWs1kUpThTMlaAQYVgOcRiK1tZrmLAdDEfrq3WNHZxnudDyECwqpv67F1VqOqftf2asba7gyuRDMInsQPi\/4"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614877863430508,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863456632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614877863456632,"pkt":"YDjgxTWgeJS0JASgCABFAAAorPZAADQGdF6gLMJCwKgCZBRnnNj+cl68eGS1l1AQchDb3QAAAAAAAAAA"} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1614880256676767} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1614880256676767} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256676767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614880256676767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256676767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614880256676767,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614880256703598,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"} @@ -49,7 +49,7 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614880256732594,"pkt":"eJS0JASgYDjgxTWgCABFAACs7gVAAD8GJ8vAqAJkoCzCQosyFGf2oDFfiaoPnFAY\/\/8f0QAAFgCEAJPbSCaIgYJAv72t6+9wMSbhbGCpMIHq4QEiFn9cVpoUpAzAhIkL4Drs1AaCxzLUFgA09j+Bl+RpSUp6DtaLWuhIO9Gnvu5XUzJAq3+jgAYYgyeP7mDgv3z04Kw3cGmW8nIjjnTadh4CWlfCP+aNEWF\/psIZrRbRsmwZNT1hV3yi"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614880256732594,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256758583,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614880256758583,"pkt":"YDjgxTWgeJS0JASgCABFAAAoeIFAADQGqNOgLMJCwKgCZBRnizKJqg+c9qAx41AQchC25AAAAAAAAAAA"} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1614892184461059} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1614892184461059} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614892184461059,"flow_src_last_pkt_time":1614892184461059,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614892184461059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1614892184461059,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614892184461059,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1614892184487051,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614892184487051,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="} @@ -60,7 +60,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877864310689,"flow_dst_last_pkt_time":1614877864559887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":621,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614876808445263,"flow_src_last_pkt_time":1614876926772711,"flow_dst_last_pkt_time":1614876907442799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880490543211,"flow_dst_last_pkt_time":1614880490568599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1614894888601792} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1614894888601792} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888601792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614894888601792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888601792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614894888601792,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614894888628926,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"} @@ -68,7 +68,7 @@ 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614894888640676,"pkt":"eJS0JASgYDjgxTWgCABFAACsczhAAD8GopjAqAJkoCzCQqY4FGfLLz4Z1Us2RlAY\/\/9TSQAAFgCEALAY6sFBRYGCJimG0Yasbc4USwZsJQL+15UsYRSuD34UJT0hT\/I2HwIAh0S2LuxxZ9L1ox\/LsKTAy33IDcyC7gG8qaAvQ8rXlqULmrLWq5FGmibZ+6UKLMjpqZv1GBBNOyGaMw5A5AWqgUlWQ\/HDmuJLLH3YYviE23k6BUVyxAi7"} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614894888640676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888667157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614894888667157,"pkt":"YDjgxTWgeJS0JASgCABFAAAojUpAADQGlAqgLMJCwKgCZBRnpjjVSzZGyy8+nVAQchBISgAAAAAAAAAA"} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1614898090218683} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1614898090218683} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614898090218683,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090218683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614898090218683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090218683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614898090218683,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090245916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614898090245916,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"} @@ -79,7 +79,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614895277741473,"flow_dst_last_pkt_time":1614895277767885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614898090218683,"flow_src_last_pkt_time":1614898324146735,"flow_dst_last_pkt_time":1614898324173693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614892184461059,"flow_src_last_pkt_time":1614892314018583,"flow_dst_last_pkt_time":1614892314046506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":87,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":135,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1614898324173693} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":135,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1614898324173693} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 135/135 ~~ skipped flows.............: 0 @@ -88,9 +88,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8686641 bytes -~~ total memory freed........: 8686641 bytes -~~ total allocations/frees...: 140765/140765 +~~ total memory allocated....: 9451271 bytes +~~ total memory freed........: 9451271 bytes +~~ total allocations/frees...: 154731/154731 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 986 chars diff --git a/test/results/default/hsrp0.pcap.out b/test/results/default/hsrp0.pcap.out index 2809dbe04..a691644b0 100644 --- a/test/results/default/hsrp0.pcap.out +++ b/test/results/default/hsrp0.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1126551970888102} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1126551970888102} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","vlan_id":10,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551970888102,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":12,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1126551971931931} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1126551971931931} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652154 bytes -~~ total memory freed........: 8652154 bytes -~~ total allocations/frees...: 140566/140566 +~~ total memory allocated....: 9416624 bytes +~~ total memory freed........: 9416624 bytes +~~ total allocations/frees...: 154532/154532 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/hsrp2.pcap.out b/test/results/default/hsrp2.pcap.out index fbe50795c..b50eb5e10 100644 --- a/test/results/default/hsrp2.pcap.out +++ b/test/results/default/hsrp2.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643795481192281} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643795481192281} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481192281,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643795481192281,"pkt":"AQBeAABmcA9q7\/W\/CABFwABQAAAAAP8R88QKNNx94AAAZgfBB8EAPOmuASgCAAUEA5hwD2rv9b8AAABaAAALuAAAJxAKNNx+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481192281,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481220314,"flow_src_last_pkt_time":1643795481220314,"flow_dst_last_pkt_time":1643795481220314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481220314,"flow_src_last_pkt_time":1643795481220314,"flow_dst_last_pkt_time":1643795481220314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643795481220314} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643795481220314} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647280 bytes -~~ total memory freed........: 8647280 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9411686 bytes +~~ total memory freed........: 9411686 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 966 chars diff --git a/test/results/default/hsrp2_ipv6.pcapng.out b/test/results/default/hsrp2_ipv6.pcapng.out index d26fa2762..5db8b32a6 100644 --- a/test/results/default/hsrp2_ipv6.pcapng.out +++ b/test/results/default/hsrp2_ipv6.pcapng.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589369101819741} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589369101819741} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369101819741,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} 01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -20,7 +20,7 @@ 01108{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369219022262,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369219022262,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369235852564,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369240383629,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1098,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1589369240383629} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1589369240383629} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648310 bytes -~~ total memory freed........: 8648310 bytes -~~ total allocations/frees...: 140580/140580 +~~ total memory allocated....: 9412716 bytes +~~ total memory freed........: 9412716 bytes +~~ total allocations/frees...: 154546/154546 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 573 chars ~~ json message max len.......: 1113 chars diff --git a/test/results/default/http-basic-auth.pcap.out b/test/results/default/http-basic-auth.pcap.out index 8fd93630f..e0c022bfa 100644 --- a/test/results/default/http-basic-auth.pcap.out +++ b/test/results/default/http-basic-auth.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844035028385} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844035028385} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028385,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035028385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028385,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54317,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035028385,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028385,"pkt":"TBfruiThKM\/pITwrCABFAABA\/zNAAEAG\/C\/AqAAEwP69qdQtAFChp4vUAAAAALAC\/\/\/9NwAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028541,"flow_src_last_pkt_time":1381844035028541,"flow_dst_last_pkt_time":1381844035028541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028541,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -213,7 +213,7 @@ 01132{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":36,"flow_first_seen":1381844112303792,"flow_src_last_pkt_time":1381844127675006,"flow_dst_last_pkt_time":1381844127871377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2153,"flow_dst_tot_l4_payload_len":34743,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} 00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844127674931,"flow_dst_last_pkt_time":1381844127867249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844127674931,"flow_dst_last_pkt_time":1381844127867249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":688,"packets-processed":688,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307822,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":16,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":25,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1381844127871377} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":688,"packets-processed":688,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307822,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":16,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":25,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1381844127871377} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 688/688 ~~ skipped flows.............: 0 @@ -222,9 +222,9 @@ ~~ total active/idle flows...: 25/25 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8727737 bytes -~~ total memory freed........: 8727737 bytes -~~ total allocations/frees...: 141650/141650 +~~ total memory allocated....: 9492879 bytes +~~ total memory freed........: 9492879 bytes +~~ total allocations/frees...: 155616/155616 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2465 chars diff --git a/test/results/default/http-crash-content-disposition.pcap.out b/test/results/default/http-crash-content-disposition.pcap.out index 13e7679a1..e846bdb56 100644 --- a/test/results/default/http-crash-content-disposition.pcap.out +++ b/test/results/default/http-crash-content-disposition.pcap.out @@ -1,14 +1,14 @@ -00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492518365663977} +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492518365663977} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365663977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365663977,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365663977,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1492518365663977,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1492518365767814,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1492518365789907,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1492518365789907,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="} 01120{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1492518365809063,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":480,"pkt_l4_len":460,"thread_ts_usec":1492518365809063,"pkt":"RQAB4NS9QABABvS\/wKgAZ66BAArH4wBQe0Wpb5FXH2uAGADlVxoAAAEBCAoAFH3uK6FboVBPU1QgL2ltZXNzYWdlcy5waHA\/c29uZ2lmeV9hPTNoMjQ4Zklid0ombmV3IEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMjIwDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGE7IGJvdW5kYXJ5PTV2N0xoYm5hMnJld0hyajBlX0Y4d3IwV0FWVHBZOTNFVDlpUUhEeQ0KSG9zdDoga2h1LnNoDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQoNCi0tNXY3TGhibmEycmV3SHJqMGVfRjh3cjBXQVZUcFk5M0VUOWlRSER5DQpDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5hbWU9ImlzYW5kcm9pZCINCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VUy1BU0NJSQ0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdA0KDQox"} -01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809063,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":428,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365809063,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"khu.sh","domainame":"khu.sh","http": {"url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"text\/plain"}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809063,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":428,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365809063,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"khu.sh","domainame":"khu.sh","http": {"url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"text\/plain"}}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":99,"pkt_l4_len":79,"thread_ts_usec":1492518365809375,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"} -01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365968183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":2369,"midstream":0,"thread_ts_usec":1492518365968183,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"khu.sh"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1492518365968183} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365968183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":2369,"midstream":0,"thread_ts_usec":1492518365968183,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"khu.sh"}} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1492518365968183} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645256 bytes -~~ total memory freed........: 8645256 bytes -~~ total allocations/frees...: 140550/140550 +~~ total memory allocated....: 9409630 bytes +~~ total memory freed........: 9409630 bytes +~~ total allocations/frees...: 154516/154516 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars -~~ json message max len.......: 1178 chars -~~ json message avg len.......: 858 chars +~~ json message max len.......: 1176 chars +~~ json message avg len.......: 857 chars diff --git a/test/results/default/http-lines-split.pcap.out b/test/results/default/http-lines-split.pcap.out index 11e74e7ab..f13be68ad 100644 --- a/test/results/default/http-lines-split.pcap.out +++ b/test/results/default/http-lines-split.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593713340401681} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593713340401681} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593713340401681,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593713340401681,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401724,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593713340401724,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593713340402042,"flow_dst_last_pkt_time":1593713340402061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1593713340402061,"pkt":"YDjgxTWgABjzZLGICABFAAAoPVdAALIGChPAqAAUwKgAAXppmUT8ca\/BK6JZ2FAQAfaBgAAA"} 01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340402236,"flow_dst_last_pkt_time":1593713340402061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593713340402236,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"toni.lan","domainame":"toni.lan","http": {"url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":"uclient-fetch"}}} 01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340404575,"flow_dst_last_pkt_time":1593713340404597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":1632,"midstream":0,"thread_ts_usec":1593713340404597,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"toni.lan"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1593713340404597} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1593713340404597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645338 bytes -~~ total memory freed........: 8645338 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9409712 bytes +~~ total memory freed........: 9409712 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 1296 chars diff --git a/test/results/default/http-manipulated.pcap.out b/test/results/default/http-manipulated.pcap.out index 8e04ed0cb..a637dbeb7 100644 --- a/test/results/default/http-manipulated.pcap.out +++ b/test/results/default/http-manipulated.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946727901369326} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946727901369326} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946727901369326,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946727901369326,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946727901369648,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"} @@ -7,7 +7,7 @@ 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":946727901369701,"pkt":"0h+5iIqPABjzZLGICABFAAB0umtAAI8Gr6zAqAAUwKgAB4NgH5BugXMfildOJFAYAfaB0gAAR0VUIC8gSFRUUC8xLjENCmhPc1Q6d3d3dy5sYW46ODA4MA0KVXNlci1BZ2VudDogY3VybC83LjY0LjANCkFjY2VwdDogKi8qDQoNCg=="} 01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946727901369701,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wwww.lan","domainame":"wwww.lan","http": {"url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":946727901369854,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoC+pAAEAGrXrAqAAHwKgAFB+Qg2CKV04kboFza1AQA+vNJAAAAAAAAAAA"} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":946729142063151} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":946729142063151} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946729142063151,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946729142063151,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946729142063151,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946729142063378,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"} @@ -17,7 +17,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946729142063498,"flow_dst_last_pkt_time":946729142063714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":946729142063714,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoDhZAAEAGq07AqAAHwKgAFB+Qg5SNfRmcETdutlAQA+pgUwAAAAAAAAAA"} 01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901370537,"flow_dst_last_pkt_time":946727901370531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":577,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":946729142137586,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wwww.lan"}} 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946729142063151,"flow_src_last_pkt_time":946729142137542,"flow_dst_last_pkt_time":946729142137586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":5840,"flow_src_tot_l4_payload_len":721,"flow_dst_tot_l4_payload_len":41457,"midstream":0,"thread_ts_usec":946729142137586,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.lan"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":40,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":946729142137586} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":40,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":946729142137586} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 40/40 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648704 bytes -~~ total memory freed........: 8648704 bytes -~~ total allocations/frees...: 140597/140597 +~~ total memory allocated....: 9413110 bytes +~~ total memory freed........: 9413110 bytes +~~ total allocations/frees...: 154563/154563 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 1319 chars diff --git a/test/results/default/http-proxy.pcapng.out b/test/results/default/http-proxy.pcapng.out index b983051d8..58947e087 100644 --- a/test/results/default/http-proxy.pcapng.out +++ b/test/results/default/http-proxy.pcapng.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631403550651097} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631403550651097} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631403550651097,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631403550651097,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0dTpAAIAGAUDAqAFnwKgBkgTZH5Av6J9fAAAAAIAC+vD8JAAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631403550651156,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBNkyQHzDL+ifYIAS+vCEcAAAAgQFtAEBBAIBAwMH"} @@ -8,7 +8,7 @@ 01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403550652392,"flow_dst_last_pkt_time":1631403550651156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":294,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631403550652392,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"http.com","domainame":"http.com","http": {"url":"http:\/\/http.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko\/20100101 Firefox\/91.0","detected_os":"Windows 10"}}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631403550652392,"flow_dst_last_pkt_time":1631403550654092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631403550654092,"pkt":"KBaoBOm8AAwpTU5kCABFAAAoVkZAAEAGYEDAqAGSwKgBZx+QBNkyQHzEL+ighlAQAfWEZAAA"} 01114{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403555894600,"flow_dst_last_pkt_time":1631403555894620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":294,"flow_dst_max_l4_payload_len":716,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":716,"midstream":0,"thread_ts_usec":1631403555894620,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"http.com"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631403555894620} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631403555894620} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645344 bytes -~~ total memory freed........: 8645344 bytes -~~ total allocations/frees...: 140551/140551 +~~ total memory allocated....: 9409718 bytes +~~ total memory freed........: 9409718 bytes +~~ total allocations/frees...: 154517/154517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 1288 chars diff --git a/test/results/default/http-pwd.pcapng.out b/test/results/default/http-pwd.pcapng.out index a2e3b3eee..3db6a3066 100644 --- a/test/results/default/http-pwd.pcapng.out +++ b/test/results/default/http-pwd.pcapng.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730389991421152} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730389991421152} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730389991421152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421152,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1730389991421152,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB3IMLuM2poQEAAAAAsAL\/\/\/40AAACBD\/YAQMDBgEBCApDaaEzAAAAAAQCAAA="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421176,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1730389991421176,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7jcg4DfELnNqaECsBL\/\/\/40AAACBD\/YAQMDBgEBCArdWitYQ2mhMwQCAAA="} @@ -10,7 +10,7 @@ 01527{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421516,"flow_dst_last_pkt_time":1730389991421475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730389991421516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","http": {"url":"localhost:3000\/authorize.html","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/18.1 Safari\/605.1.15","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Intel Mac OS X 10_15_7"}}} 01423{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421516,"flow_dst_last_pkt_time":1730389991422019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":250,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":1730389991422019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost","domainame":"localhost","http": {"url":"localhost:3000\/authorize.html","code":302,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/18.1 Safari\/605.1.15","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Intel Mac OS X 10_15_7"}}} 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991426436,"flow_dst_last_pkt_time":1730389991426455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":250,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":1730389991426455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":997,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1730389991426455} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":997,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1730389991426455} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645912 bytes -~~ total memory freed........: 8645912 bytes -~~ total allocations/frees...: 140560/140560 +~~ total memory allocated....: 9410286 bytes +~~ total memory freed........: 9410286 bytes +~~ total allocations/frees...: 154526/154526 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1532 chars diff --git a/test/results/default/http.pcapng.out b/test/results/default/http.pcapng.out index 867e72233..c4e384e7b 100644 --- a/test/results/default/http.pcapng.out +++ b/test/results/default/http.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441023341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441023341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8mDFAAEAGN5nAqAGA2DrQjqS6AFARiJzNAAAAAKAC+vCG+AAAAgQFtAQCCArCG0WpAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441030591,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8NRsAAHgGoi\/YOtCOwKgBgABQpLoKOrN\/EYiczqAS\/\/9o0gAAAgQFlgQCCArUwoamwhtFqQEDAwg="} @@ -8,7 +8,7 @@ 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441030691,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com","domainame":"google.com","http": {"url":"google.com\/","code":0,"content_type":"","user_agent":"curl\/7.68.0"}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441038384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643129441038384,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA0NSMAAHgGoi\/YOtCOwKgBgABQpLoKOrOAEYidGIAQAQCWKAAAAQEICtTChq7CG0Ww"} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441065505,"flow_dst_last_pkt_time":1643129441065458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":528,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1643129441065505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645177 bytes -~~ total memory freed........: 8645177 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9409551 bytes +~~ total memory freed........: 9409551 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1070 chars diff --git a/test/results/default/http2.pcapng.out b/test/results/default/http2.pcapng.out index fea93a51b..7a4376964 100644 --- a/test/results/default/http2.pcapng.out +++ b/test/results/default/http2.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591863460344658} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591863460344658} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591863460344658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":132,"pkt_l4_len":96,"thread_ts_usec":1591863460344658,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAHTWREAAQAZmPX8AAAF\/AAABk8BzThxFL\/aifuWbgBgCAP5oAAABAQgK5nwLseZ8C7FQUkkgKiBIVFRQLzIuMA0KDQpTTQ0KDQoAABIEAAAAAAAAAgAAAAAABABAAAAABgCgAAAAAAQIAAAAAABAAAAA"} 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591863460344658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP2","proto_id":"349","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} @@ -8,7 +8,7 @@ 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344901,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":101,"pkt_l4_len":65,"thread_ts_usec":1591863460344901,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAFUcL0AAQAYgcn8AAAF\/AAABc06TwKJ+5ZscRTEsgBgCAP5JAAABAQgK5nwLseZ8C7EAABgEAAAAAAAABQAQAAAAAwAAAPoABgAQAUAABAAQAAA="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344921,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":90,"pkt_l4_len":54,"thread_ts_usec":1591863460344921,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAEocMEAAQAYgfH8AAAF\/AAABc06TwKJ+5bwcRTEsgBgCAP4+AAABAQgK5nwLseZ8C7EAAAAEAQAAAAAAAAQIAAAAAAAADwAB"} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460346370,"flow_dst_last_pkt_time":1591863460348007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":272,"midstream":1,"thread_ts_usec":1591863460348007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP2","proto_id":"349","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":591,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1591863460348007} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":591,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1591863460348007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647180 bytes -~~ total memory freed........: 8647180 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9411554 bytes +~~ total memory freed........: 9411554 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 962 chars diff --git a/test/results/default/http_asymmetric.pcapng.out b/test/results/default/http_asymmetric.pcapng.out index 33b6eeb3b..72676785d 100644 --- a/test/results/default/http_asymmetric.pcapng.out +++ b/test/results/default/http_asymmetric.pcapng.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394414,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631378210394414,"pkt":"AAwpnvCVKBao9vgDCABFAAA0WexAAIAGAADAqAABCgoKAQQUAFAzLWQXAAAAAIAC+vADxAAAAgQFtAEDAwgBAQQC"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210394789,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394789,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -18,7 +18,7 @@ 01413{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210504093,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210504093,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378215504662,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local"}} 01403{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1631378215504945} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1631378215504945} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648820 bytes -~~ total memory freed........: 8648820 bytes -~~ total allocations/frees...: 140593/140593 +~~ total memory allocated....: 9413226 bytes +~~ total memory freed........: 9413226 bytes +~~ total allocations/frees...: 154559/154559 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2520 chars diff --git a/test/results/default/http_auth.pcap.out b/test/results/default/http_auth.pcap.out index 78bffa976..7dfcfb133 100644 --- a/test/results/default/http_auth.pcap.out +++ b/test/results/default/http_auth.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844050222515} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844050222515} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844050222515,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844050222515,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844050402547,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} @@ -10,7 +10,7 @@ 01480{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050802943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1381844050802943,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":401,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}} 02450{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844055865656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057134728,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":405011.4,"max":4861829,"stddev":1193509.9,"var":1424465723392.0,"ent":2.2,"data": [180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016]},"pktlen": {"min":52,"avg":626.9,"max":1500,"stddev":665.6,"var":443042.2,"ent":4.1,"data": [64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0],"entropies": [4.441382408,5.118823051,5.130219936,5.854406357,5.046594620,5.442737579,5.621041775,5.077241421,5.402398586,5.024262905,5.623777390,5.077241421,5.441255569,5.120078564,4.955154419,5.048518181,5.069016457,5.130219936,5.089414597,5.056834221,5.053296566,5.097548008,5.174168587,5.115702629,5.356103420,5.382487297,5.046594620,5.653643131,5.038779736,5.046595097,5.130219936,5.085056305]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":19,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844057320871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057320871,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1381844057320871} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1381844057320871} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646112 bytes -~~ total memory freed........: 8646112 bytes -~~ total allocations/frees...: 140578/140578 +~~ total memory allocated....: 9410486 bytes +~~ total memory freed........: 9410486 bytes +~~ total allocations/frees...: 154544/154544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2455 chars diff --git a/test/results/default/http_connect.pcap.out b/test/results/default/http_connect.pcap.out index a58b2d061..84acfc609 100644 --- a/test/results/default/http_connect.pcap.out +++ b/test/results/default/http_connect.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744004980473} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744004980473} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744004980473,"flow_src_last_pkt_time":1618744004980473,"flow_dst_last_pkt_time":1618744004980473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744004980473,"vlan_id":1606,"l3_proto":"ip4","src_ip":"10.10.109.10","dst_ip":"10.100.3.133","src_port":3128,"dst_port":50474,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","vlan_id":1606,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744004980473,"flow_dst_last_pkt_time":1618744004980473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1618744004980473,"pkt":"AAAAAAAAAAgAAAAGgQAGRggARQAAND5YQAA+BnlvCgptCgpkA4UMOMUqxAmU4ziM8SaAEvoAnQIAAAIEBbQBAwMGBAIAAA=="} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","vlan_id":1606,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744004993629,"flow_dst_last_pkt_time":1618744004980473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1518,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1518,"pkt_l4_len":1480,"thread_ts_usec":1618744004993629,"pkt":"AAAAAAAAAAgAAAAGgQAGRggARQAF3D9kQAA+BnK7CgptCgpkA4UMOMUqxAmU5DiM8YlQEAPq0MUAAEhUVFAvMS4xIDQwNyBQcm94eSBBdXRoZW50aWNhdGlvbiBSZXF1aXJlZA0KTWltZS1WZXJzaW9uOiAxLjANCkRhdGU6IFN1biwgMTggQXByIDIwMjEgMTE6MDY6NDUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KUHJveHktQXV0aGVudGljYXRlOiBOVExNDQpQcm94eS1BdXRoZW50aWNhdGU6IEJhc2ljIHJlYWxtPSJDaXNjbyBJcm9uUG9ydCBXZWIgU2VjdXJpdHkgQXBwbGlhbmNlIg0KQ29ubmVjdGlvbjogY2xvc2UNClByb3h5LUNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjE2Nw0KDQo8IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wMSBUcmFuc2l0aW9uYWwvL0VOIgoiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQvbG9vc2UuZHRkIj4KPGh0bWw+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCI+Cjx0aXRsZT5Ob3RpZmljYXRpb246IFByb3h5IEF1dGhvcml6YXRpb24gUmVxdWlyZWQ8L3RpdGxlPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgpib2R5IHsKICBmb250LWZhbWlseTogQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsKICBmb250LXNpemU6IDE0cHg7CiAgY29sb3I6IzMzMzMzMzsKICBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmZmZmOwp9CmgxIHsKICBmb250LXNpemU6IDE4cHg7CiAgZm9udC13ZWlnaHQ6IGJvbGQ7CiAgdGV4dC1kZWNvcmF0aW9uOiBub25lOwogIHBhZGRpbmctdG9wOiAwcHg7CiAgY29sb3I6ICMyOTcwQTY7Cn0KYTpsaW5rIHsKICAgIGNvbG9yOiAjMjk3MEE2OwogIHRleHQtZGVjb3JhdGlvbjogbm9uZTsKfQphOmhvdmVyIHsKICAgIGNvbG9yOiAjMjk3MEE2OwogIHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOwp9CnAuYnV0dG9ubGluayB7CiAgbWFyZ2luLWJvdHRvbTogMjRweDsKfQouY29weXJpZ2h0IHsKICBmb250LXNpemU6IDEycHg7CiAgY29sb3I6ICM2NjY2NjY7CiAgbWFyZ2luOiA1cHggNXB4IDBweCAzMHB4OwoKfQouZGV0YWlscyB7CiAgZm9udC1zaXplOiAxNHB4OwogIGNvbG9yOiAjOTY5Njk2OwogIGJvcmRlcjogbm9uZTsKICBwYWRkaW5nOiAyMHB4IDIwcHggMjBweCAyMHB4OwogIG1hcmdpbjogMHB4IDEwcHggMTBweCAzNXB4Owp9Cgouc2hhZG93IHsKICBib3JkZXI6IDNweCBzb2xpZCAjOWY5ZjlmOwogIHBhZGRpbmc6IDEwcHggMjVweCAxMHB4IDI1cHg7CiAgbWFyZ2luOiAxMHB4IDM1cHggMHB4IDMwcHg7CiAgYmFja2dyb3VuZC1jb2xvcjogI2ZmZmZmZjsKICB3aWR0aDogNjAwcHg7CgogIC1tb3otYm94LXNoYWRvdzogM3B4IDNweCAzcHggI2NjY2NjYzsKICAtd2Via2l0LWJveC1zaGFkb3c6IDNweCAzcHggM3B4ICNjY2NjY2M7CiAgYm94LXNoYWRvdzogM3B4IDNweCAzcHggI2NjY2NjYzsKICAvKiBGb3IgSUUgOCAqLwogIC1tcy1maWx0ZXI6ICJwcm9naWQ6"} @@ -8,7 +8,7 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","vlan_id":1606,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744507183394,"flow_dst_last_pkt_time":1618744507182045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1618744507183394,"pkt":"AAAAAAAAAAgAAAAGgQAGRggARQAANHl5QAA+Bj5OCgptCgpkA4UMOMUq6SNu4EM41w+AEvoArVYAAAIEBbQBAwMGBAIAAA=="} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","vlan_id":1606,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618744507183394,"flow_dst_last_pkt_time":1618744507186381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":157,"pkt_l4_len":119,"thread_ts_usec":1618744507186381,"pkt":"AAAAAAAAAAgAAAAGgQAGRggARQAAi0ToQAB\/BjGICmQDhQoKbQrFKgw4QzjXD+kjbuFQGAIBKGYAAENPTk5FQ1QgZmUzY3IuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbTo0NDMgSFRUUC8xLjENCkhvc3Q6IGZlM2NyLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb206NDQzDQoNCg=="} 01515{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1618744004980473,"flow_src_last_pkt_time":1618744507183394,"flow_dst_last_pkt_time":1618744507186381,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1618744507186381,"vlan_id":1606,"l3_proto":"ip4","src_ip":"10.10.109.10","dst_ip":"10.100.3.133","src_port":3128,"dst_port":50474,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Connect.WindowsUpdate","proto_id":"130.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"fe3cr.delivery.mp.microsoft.com","domainame":"fe3cr.delivery.mp.microsoft.com","http": {"url":"fe3cr.delivery.mp.microsoft.com:443","code":0,"content_type":"","user_agent":""}}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631454722864133} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631454722864133} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631454722864133,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722864133,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722864165,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"} @@ -35,7 +35,7 @@ 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":30,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722977215,"flow_dst_last_pkt_time":1631454722977251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1384,"flow_src_tot_l4_payload_len":1701,"flow_dst_tot_l4_payload_len":30951,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apache.org"}} 01355{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":2,"flow_first_seen":1618744004980473,"flow_src_last_pkt_time":1618744507187911,"flow_dst_last_pkt_time":1618744507186381,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":3919,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1631454722977251,"vlan_id":1606,"l3_proto":"ip4","src_ip":"10.10.109.10","dst_ip":"10.100.3.133","src_port":3128,"dst_port":50474,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Connect.WindowsUpdate","proto_id":"130.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":22,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722976969,"flow_dst_last_pkt_time":1631454722977036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5536,"flow_src_tot_l4_payload_len":1904,"flow_dst_tot_l4_payload_len":22723,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Connect","proto_id":"130","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apache.org"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":108,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":61391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1631454722977251} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":108,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":61391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1631454722977251} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 108/108 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8735478 bytes -~~ total memory freed........: 8735478 bytes -~~ total allocations/frees...: 140700/140700 +~~ total memory allocated....: 9499981 bytes +~~ total memory freed........: 9499981 bytes +~~ total allocations/frees...: 154667/154667 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 2507 chars diff --git a/test/results/default/http_guessed_host_and_guessed.pcapng.out b/test/results/default/http_guessed_host_and_guessed.pcapng.out index 54cb91b15..1aed7a906 100644 --- a/test/results/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/default/http_guessed_host_and_guessed.pcapng.out @@ -1,10 +1,10 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1662455432036237} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1662455432036237} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1662455432036237,"pkt":"AAEC+XM\/AAAA511OCABFSABtI0VAAOcG+C2qIQ0FwKgAAQBuALMAAGWhAAAAxaD\/\/\/9CugAAAgT+OgQCCArnAWpiC3VqYgEDAw6Eya9BxX8AAPZJNc84IkHxNiBIVFRQLzEuMQ0KSG9zdDogcG9ybmh1Yi5jb20NCg0K"} 01545{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"POP3","proto_id":"2","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}} 00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1662455432036237} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1662455432036237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646987 bytes -~~ total memory freed........: 8646987 bytes -~~ total allocations/frees...: 140538/140538 +~~ total memory allocated....: 9411361 bytes +~~ total memory freed........: 9411361 bytes +~~ total allocations/frees...: 154504/154504 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 613 chars ~~ json message max len.......: 1550 chars diff --git a/test/results/default/http_invalid_server.pcap.out b/test/results/default/http_invalid_server.pcap.out index d8368783b..dcc58522b 100644 --- a/test/results/default/http_invalid_server.pcap.out +++ b/test/results/default/http_invalid_server.pcap.out @@ -1,15 +1,15 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610492040,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1689351610492040,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdj8wOt8lQAFD6kEYtAAAAALAC\/\/9gewAAAgQFtAEDAwYBAQgKTnqLxQAAAAAEAgAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1689351610504245,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAAPIGKHOPzA63wKgBHQBQyVB61nu9+pBGLqAS\/\/+ARwAAAgQFoAQCCAoTAnk8TnqLxQEDAwk="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1689351610504338,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610504338,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdj8wOt8lQAFD6kEYuetZ7voAQCARgbwAAAQEICk56i9ETAnk8"} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1689351610504451,"pkt":"EBMx8Tl2nFg8p+7MCABFAACGAABAAEAGAADAqAEdj8wOt8lQAFD6kEYuetZ7voAYCARgwQAAAQEICk56i9ETAnk8R0VUIC8gSFRUUC8xLjENCkhvc3Q6IG9jc3Aucm9vdGcyLmFtYXpvbnRydXN0LmNvbQ0KVXNlci1BZ2VudDogKioNCkFjY2VwdDogKi8qDQoNCg=="} -01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610504451,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":0,"content_type":"","user_agent":"**"}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610504451,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":0,"content_type":"","user_agent":"**"}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610516723,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA07CcAAPIGfFOPzA63wKgBHQBQyVB61nu++pBGgIAQAICuFwAAAQEIChMCeUhOeovR"} -01386{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":402,"midstream":0,"thread_ts_usec":1689351610516826,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":200,"content_type":"application\/ocsp-response","user_agent":"**"}}} -01254{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610530140,"flow_dst_last_pkt_time":1689351610529997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":407,"midstream":0,"thread_ts_usec":1689351610530140,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} +01391{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":402,"midstream":0,"thread_ts_usec":1689351610516826,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":200,"content_type":"application\/ocsp-response","user_agent":"**"}}} +01259{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610530140,"flow_dst_last_pkt_time":1689351610529997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":407,"midstream":0,"thread_ts_usec":1689351610530140,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com"}} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645336 bytes -~~ total memory freed........: 8645336 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9409710 bytes +~~ total memory freed........: 9409710 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 557 chars -~~ json message max len.......: 1391 chars -~~ json message avg len.......: 958 chars +~~ json message max len.......: 1396 chars +~~ json message avg len.......: 959 chars diff --git a/test/results/default/http_ipv6.pcap.out b/test/results/default/http_ipv6.pcap.out index 3ea9615f1..99ccb5ec6 100644 --- a/test/results/default/http_ipv6.pcap.out +++ b/test/results/default/http_ipv6.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1448269123954061} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1448269123954061} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123954061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269123954061,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123954061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269123954061,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269123971846,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="} @@ -82,23 +82,23 @@ 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1448269146905115,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1448269146912258,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1448269146912275,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269146912275,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="} 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146912188,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":310,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":310,"pkt_l4_len":256,"thread_ts_usec":1448269146912481,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAQAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBgA4dVWAAABAQgKEg1\/Sxvn+wEWAwEA2wEAANcDA983Ohoy\/qhBKvCaVPmNiUY3vp8oIoa+qbmtm60AZHnPAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACO\/wEAAQAAAAAdABsAABhzLXN0YXRpYy5hay5mYWNlYm9vay5jb20AFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146912188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269146912481,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146912188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269146912481,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":310,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":310,"pkt_l4_len":256,"thread_ts_usec":1448269146912613,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAQAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBgA4dVWAAABAQgKEg1\/Sxvn+wEWAwEA2wEAANcDA2fZZiw9kTAlONWXaPhqH8RvUelTTuaSCvPTIzelaImLAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACO\/wEAAQAAAAAdABsAABhzLXN0YXRpYy5hay5mYWNlYm9vay5jb20AFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269146912613,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269146912613,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146919451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269146919451,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTfEj67UgBADiC68AAABAQgKG+f7CBINf0s="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146919741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269146919741,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmUALSrwKgBADiNv9AAABAQgKG+f7CBINf0s="} -01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146921030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":3547,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1448269146921030,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A","blocks":0}}} -01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146921142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1448269146921142,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","blocks":0}}} -01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146921170,"flow_dst_last_pkt_time":1448269146921369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1448269146921369,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A","blocks":0}}} -01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146970056,"flow_dst_last_pkt_time":1448269146931566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":3789,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146966054,"flow_dst_last_pkt_time":1448269146929757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":3547,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":3789,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01762{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146921030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":3547,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1448269146921030,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A","blocks":0}}} +01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146921142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1448269146921142,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","blocks":0}}} +01762{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146921170,"flow_dst_last_pkt_time":1448269146921369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1448269146921369,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612h1_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A","blocks":0}}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146970056,"flow_dst_last_pkt_time":1448269146931566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":3789,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146966054,"flow_dst_last_pkt_time":1448269146929757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":3547,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":3789,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01008{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269127922059,"flow_src_last_pkt_time":1448269127922059,"flow_dst_last_pkt_time":1448269127940031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269127922059,"flow_src_last_pkt_time":1448269127922059,"flow_dst_last_pkt_time":1448269127940031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00950{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269139314022,"flow_src_last_pkt_time":1448269139314022,"flow_dst_last_pkt_time":1448269139321037,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00951{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269139314022,"flow_src_last_pkt_time":1448269139314022,"flow_dst_last_pkt_time":1448269139321037,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269139314022,"flow_src_last_pkt_time":1448269139314022,"flow_dst_last_pkt_time":1448269139321037,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00968{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -112,7 +112,7 @@ 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1448269127395120,"flow_src_last_pkt_time":1448269127450459,"flow_dst_last_pkt_time":1448269127510990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":506,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":751,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01044{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":29,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269138520009,"flow_dst_last_pkt_time":1448269138494637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":5695,"flow_dst_tot_l4_payload_len":6438,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":193,"packets-processed":193,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":115,"global_ts_usec":1448269146970056} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":193,"packets-processed":193,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":115,"global_ts_usec":1448269146970056} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 193/193 ~~ skipped flows.............: 0 @@ -121,9 +121,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8782289 bytes -~~ total memory freed........: 8782289 bytes -~~ total allocations/frees...: 140955/140955 +~~ total memory allocated....: 9547078 bytes +~~ total memory freed........: 9547078 bytes +~~ total allocations/frees...: 154920/154920 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 579 chars ~~ json message max len.......: 2386 chars diff --git a/test/results/default/http_on_sip_port.pcap.out b/test/results/default/http_on_sip_port.pcap.out index 900380133..54bfa4c98 100644 --- a/test/results/default/http_on_sip_port.pcap.out +++ b/test/results/default/http_on_sip_port.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744016209720} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744016209720} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016209720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744016209720,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016209720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1618744016209720,"pkt":"AAAAAAAAAAsAxhT1CABFAAA8sxJAAD4GBd5Ssm\/dLTqUAhPEIrha1ycbAAAAAKAC\/\/9M3wAAAgQFUAQCCAoQxK6EAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016342703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744016342703,"pkt":"AAAAAAAAAAUAQPTMCABFAAA0AABAADMGw\/gtOpQCUrJv3SK4E8QPDztmWtcnHIAS\/\/\/oTwAAAgQFtAEBBAIBAwMI"} @@ -8,7 +8,7 @@ 02355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1618744016532140,"pkt":"AAAAAAAAAAUAQPTMCABFAAV45dJAADMG2OEtOpQCUrJv3SK4E8QPDztnWtcn+1AQAQUxMQAASFRUUC8xLjEgNDAzIEZvcmJpZGRlbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRGF0ZTogU3VuLCAxOCBBcHIgMjAyMSAxMTowNDo0MCBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxMTY3DQpTZXJ2ZXI6IEZsdXNzb25pYw0KWC1Sb3V0ZS1UaW1lOiAxMTINClgtUnVuLVRpbWU6IDI0MQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBHRVQsIFBVVCwgREVMRVRFLCBPUFRJT05TDQpBY2Nlc3MtQ29udHJvbC1FeHBvc2UtSGVhZGVyczogU2VydmVyLCByYW5nZSwgWC1SdW4tVGltZSwgQ29udGVudC1MZW5ndGgsIExvY2F0aW9uDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXZzYWFzLXNlc3Npb24sIHgtbm8tcmVkaXJlY3QsIG9yaWdpbiwgYXV0aG9yaXphdGlvbiwgeC1yZWFsLWlwLCBhY2NlcHQsIHJhbmdlDQpYLURlbnktUmVhc29uOiBjYWNoZWRfbmVnYXRpdmUNCg0KPCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICA8dGl0bGU+Rmx1c3NvbmljIHN0cmVhbWluZyBzZXJ2ZXI8L3RpdGxlPgogIDxtZXRhIG5hbWU9ImZyYWdtZW50IiBjb250ZW50PSIhIiAvPgogIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICA8bWV0YSBjaGFyc2V0PSJ1dGY4Ij4KPC9oZWFkPgo8Ym9keT4KCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CmJvZHkgewogIGZvbnQtZmFtaWx5OiAiSGVsdmV0aWNhIE5ldWUiLCBIZWx2ZXRpY2EsIEFyaWFsLCBzYW5zLXNlcmlmOwogIGZvbnQtc2l6ZTogMTRweDsKICBsaW5lLWhlaWdodDogMS40Mjg1NzE0Mjk7CiAgY29sb3I6ICMzMzMzMzM7Cn0KLmNvbnRhaW5lciB7CiAgbWFyZ2luLXJpZ2h0OiBhdXRvOwogIG1hcmdpbi1sZWZ0OiBhdXRvOwogIHBhZGRpbmctbGVmdDogMTVweDsKICBwYWRkaW5nLXJpZ2h0OiAxNXB4Owp9CkBtZWRpYSAobWluLXdpZHRoOiA3NjhweCkgeyAuY29udGFpbmVyIHsgbWF4LXdpZHRoOiA3NTBweDsgfSB9CkBtZWRpYSAobWluLXdpZHRoOiA5OTJweCkgeyAuY29udGFpbmVyIHsgbWF4LXdpZHRoOiA5NzBweDsgfSB9CkBtZWRpYSAobWluLXdpZHRoOiAxMjAwcHgpIHsgLmNvbnRhaW5lciB7IG1heC13aWR0aDogMTE3MHB4OyB9IH0KLnBhZ2UtaGVhZGVyIHsKICBwYWRkaW5nLWJvdHRvbTogOXB4OwogIG1hcmdpbjogNDBweCAwIDIwcHg7CiAgYm9yZGVyLWJvdHRvbTogMXB4IHNvbGlkICNlZWVlZWU7Cn0KaDEgewogIGZvbnQtc2l6ZTogMzZweDsKICBtYXJnaW4tdG9wOiAyMHB4OwogIG1hcmdpbi1ib3R0b206IDEwcHg7CiAgZm9udC13ZWlnaHQ6IDUwMDsKICBsaW5lLWhlaWdodA=="} 01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744016532140,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"45.58.148.2","domainame":"45.58.148.2","http": {"url":"45.58.148.2\/star-123456\/index.m3u8?token=89b198b8844824ca15b8b379c26fc1b7dfcba368-5KUJTJ5Y73AGIAOV-1618753174-1618742374","code":403,"content_type":"","user_agent":"exoplayer-codelab"}}} 01354{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744016532140,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"45.58.148.2"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1618744016532140} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1618744016532140} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645344 bytes -~~ total memory freed........: 8645344 bytes -~~ total allocations/frees...: 140546/140546 +~~ total memory allocated....: 9409718 bytes +~~ total memory freed........: 9409718 bytes +~~ total allocations/frees...: 154512/154512 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 558 chars ~~ json message max len.......: 2360 chars diff --git a/test/results/default/http_origin_different_than_host.pcap.out b/test/results/default/http_origin_different_than_host.pcap.out index 6d5fa7a70..91bd4f690 100644 --- a/test/results/default/http_origin_different_than_host.pcap.out +++ b/test/results/default/http_origin_different_than_host.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211829809412} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211829809412} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211829809412,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211829809412} 00479{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAEAAAACgQBNQoEAQHEIAEUwAGCpgAAAQBGTHgqGGQUKhA+wCGgIaABMB\/0w\/wA8B+ApokUAADz3BkAAPQaM8QqMzkoSh85mhugAUDlR2BoAAAAAoAL\/\/8ZVAAACBAW0BAIICgAlLxwAAAAAAQMDCA=="} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211829952951,"packet_id":2,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211829952951} @@ -8,7 +8,7 @@ 01273{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":717,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":717,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAEAAAACgQBNQoEAQHEIAEUwArevqQAAQBGKngqGGQUKhA+wCGgIaAKjA08w\/wKTB+ApokUAApP3CEAAPQaKmAqMzkoSh85mhugAUDlR2Bva3fe5gBgBVxwmAAABAQgKACUvS\/xqn1tHRVQgLz90b3ByZWZlcmVyPW9wdGF3aWRnZXRzLjM2NXNjb3Jlcy5jb20gSFRUUC8xLjENCkhvc3Q6IGNzYi5wZXJmb3JtZ3JvdXAuaW8NCkNvbm5lY3Rpb246IFVwZ3JhZGUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgSktNLUxYMSBCdWlsZC9IVUFXRUlKS00tTFgxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzEwNi4wLjUyNDkuMTE4IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpVcGdyYWRlOiB3ZWJzb2NrZXQNCk9yaWdpbjogaHR0cDovL29wdGF3aWRnZXRzLjM2NXNjb3Jlcy5jb20NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBhci1PTSxhcjtxPTAuOSxlbi1VUztxPTAuOCxlbjtxPTAuNw0KU2VjLVdlYlNvY2tldC1LZXk6IHNiOUgzWXpZc1ZQUi9xUGdtaUxlRVE9PQ0KU2VjLVdlYlNvY2tldC1FeHRlbnNpb25zOiBwZXJtZXNzYWdlLWRlZmxhdGU7IGNsaWVudF9tYXhfd2luZG93X2JpdHMNCg0K"} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211830159716,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211830159716} 00685{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":276,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAECAAD6gQANQoEAAHEIAEUAAP4wwgAAOxEQbwqED7AKhhkFCGgIaADqAAAw\/wDa39WxhkUAANrwJ0AA3wbxMRKHzmYKjM5KAFCG6Nrd97k5Udp6gBgAbjGkAAABAQgK\/GqgKwAlL0tIVFRQLzEuMSAxMDEgU3dpdGNoaW5nIFByb3RvY29scw0KRGF0ZTogV2VkLCAxOSBPY3QgMjAyMiAyMDozNzoxMCBHTVQNCkNvbm5lY3Rpb246IHVwZ3JhZGUNClVwZ3JhZGU6IHdlYnNvY2tldA0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IHhFNmRMWHh4TWFpSGFsYzcrTFFoQ01HdzNYST0NCg0K"} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1666211830159716} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1666211830159716} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/0 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 324 chars ~~ json message max len.......: 1278 chars diff --git a/test/results/default/http_starting_with_reply.pcapng.out b/test/results/default/http_starting_with_reply.pcapng.out index 7b1381b22..082878def 100644 --- a/test/results/default/http_starting_with_reply.pcapng.out +++ b/test/results/default/http_starting_with_reply.pcapng.out @@ -1,5 +1,5 @@ -00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210397220} +00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210397220} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1631378210397220,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1631378210397220,"pkt":"KBaoBOm8AAwpTU5kCABFAAXcUgZAAEAGXszAqAGSwKgBZwBQBBTvVdXBMy1lhFAQAfUyfwAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDExIFNlcCAyMDIxIDE2OjM2OjUwIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjQxIChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDA2IFNlcCAyMDIxIDAyOjAyOjE5IEdNVA0KRVRhZzogIjJhYTYtNWNiNGEwOWZmM2I5YS1nemlwIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KQ29udGVudC1MZW5ndGg6IDMxMzgNCktlZXAtQWxpdmU6IHRpbWVvdXQ9NSwgbWF4PTEwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCg0KH4sIAAAAAAAAA71a63PbNhL\/7r8CVafTJCeRlpO6siJ7JvFj0pmk8STK3fWTDyIhCWOI4AGgZDXt\/367AEjxJcrJNdXEkUgC+8Lubx\/S0eS7q\/eX099ur8nSrAS5\/fT67S+XpDcIw389vwzDq+kV+feb6bu3ZBgck6miieaGy4SKMLz+tUd6S2PScRhuNptg8zyQahFOP4QPSGuIm\/3HgSntDGIT9y6OJpbhw0ok+ryFzPDs7MzthrWETL4bDOCNkHcy5nPOYjJXckXMkpErNuM0IVLxBQfyZC4V+TTLEpPZDW+pNiRLY2pYPCYnx8PTwXA4GJ7ahx8ZGxNkroG7oFkSLVMaBwkz4Sxb6HB4Mhqdnh3D2sHAirFkNL6wWycrZqjdO2D\/zfj6vHcpE8MSM5huU9Yjkbs67xn2YEJU5CWJllRpZs4\/TW8Gox4JPSXDjWAXr1IaLdmJlx3UmtNMGHJLFyDjL4ZspLrXk9Atdhu12QpGDPDzbCKte2TFYk7PezpSjCXWes\/IZ7thRRXYaEyO04fy30v7EBSPebJoffrnEfw3k\/G27\/zkc3XHc1hZ+nt5ZB\/PaHS\/UDJL4kEkhVRj8v3V6Or19Yl\/PgcLDeZ0xcV2TP7JVEwT2icaPGWgmeLzl7tVmv8ORhgOU+NuorIDKvgClInAykwVUsZ8HawoT+5SMFwuqHTONyaKCWr4mjkyMdepoMDd0JlgXqwNj81yTEbHx4Umzm6DmTRGrsZOxdJ9weZmTGhmZOU2OOSycn+\/hZ29pIqZGnj+JzkTfzs34cnw5Ofno8oj6wZjoqXg8X7b39iXf37AgGi7O\/R1prwJl8xpc3aWy+XlHB4f\/9DB9Keb05uf99LWKURu1TeHP5WM89POOmU\/GCHL4ubGizaTIt7Lia8WNUbPS3xe1E9h3BoBSNS6yp2c3\/kA155sJBiFbegLudeAD+SH2XCmLwiavQfneHXJdscNW+0VsHmCuWwv2h30gGz5zWP7akbqY+WltZM6LUlzWjsOv\/NOswgjvOWM\/2Ib1xje4eI6HqL5RuhW7r3DPGWvPnZe3c0pVaym48hbZtQK5iP\/ZFQRpQo1wxrUeDyJAe5Y3ApCuQqHwr6ko6PJDdg1eoSaFSUL5D1w+m5vJvr7HwredVjDOoN8bwULK3nv1LvXaZd7ja7PLl+f1Pwg97m9QFZLfic\/PCr5VUW+U1Arfd4n1+XVyfDFTdf2hWLb\/fvPbs6ej06L\/cFcSEivyeKOCbYC0Q7kX7v8C3Ch33XsOWpY88Qskoo6nolMWIeVD3IdC57c9w8tWnPQkcUH19EI9c8xuQEJh6VZynXhiS1HUgnNpqt1h05V1z1LSpp2Laso2lYLXl7dXJ\/uxcZDgn6NGXKWJeprCCToDaQj9aerq0OLVrbgD\/OKf4Llr6+7YSOkU6qhcylKzZ57Vn1arkDqsVFsgC1YnWgVnfdCDurqMLM9wEDIhQzSZNEjVEAn4TuDt3C3l3M="} 01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1631378210397220,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} @@ -9,7 +9,7 @@ 01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210486956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":403,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":403,"pkt_l4_len":369,"thread_ts_usec":1631378210486956,"pkt":"AAwpTU5kKBaoBOm8CABFAAGFWfBAAIAGAADAqAFnwKgBkgQUAFAzLWWE71XjVlAYBAKFwQAAR0VUIC9pY29ucy91YnVudHUtbG9nby5wbmcgSFRUUC8xLjENCkhvc3Q6IHByb3h5LndpcmVzaGFya2Zlc3QuYWNyb3BvbGlzLmxvY2FsDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjANCkFjY2VwdDogaW1hZ2Uvd2VicCwqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KRE5UOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vcHJveHkud2lyZXNoYXJrZmVzdC5hY3JvcG9saXMubG9jYWwvDQoNCg=="} 01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210486956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":557,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":3477,"flow_dst_tot_l4_payload_len":349,"midstream":1,"thread_ts_usec":1631378210486956,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local","domainame":"proxy.wiresharkfest.acropolis.local","http": {"url":"proxy.wiresharkfest.acropolis.local\/icons\/ubuntu-logo.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko\/20100101 Firefox\/91.0","detected_os":"Windows 10"}}} 01148{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378215504662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":688,"midstream":1,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8301,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1631378215504945} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8301,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1631378215504945} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645696 bytes -~~ total memory freed........: 8645696 bytes -~~ total allocations/frees...: 140561/140561 +~~ total memory allocated....: 9410070 bytes +~~ total memory freed........: 9410070 bytes +~~ total allocations/frees...: 154527/154527 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2529 chars diff --git a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out index 711fed186..233d4d500 100644 --- a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out +++ b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out @@ -1,5 +1,5 @@ -00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1506664814072079} +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1506664814072079} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814072079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1506664814072079,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814072079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1506664814072079,"pkt":"AAAAgIP1SEb77F8hCABFAAA81NpAAD8GNx7+fYeAQphnLVNvAFDG58bVAAAAAKAC\/\/8jsQAAAgQFeAQCCAoBPBIPAAAAAAEDAwc="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814272267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1506664814272267,"pkt":"AAAAgIP1SEb77F8hCABFAAA8AABAAOcGY\/hCmGct\/n2HgABQU28gJ4bfxufG1qASaN\/42QAAAgQFtAQCCAonS\/NXATwSDwEDAwg="} @@ -10,7 +10,7 @@ 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1506664814304061,"flow_dst_last_pkt_time":1506664814506288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1506664814506288,"pkt":"AAAAgIP1SEb77F8hCABFAAC1dXxAAOcG7gJCmGct\/n2HgABQU28gJ4bgxufNVYAYAHwEBgAAAQEICidL854BPBI6SFRUUC8xLjEgMjAwIA0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpEYXRlOiBGcmksIDI5IFNlcCAyMDE3IDA2OjAwOjE0IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 02326{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506664884688466,"flow_dst_last_pkt_time":1506664884891709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":16613,"flow_dst_tot_l4_payload_len":1748,"midstream":0,"thread_ts_usec":1506664884891709,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2278,"avg":4562452.0,"max":23451757,"stddev":7140164.0,"var":50981941280768.0,"ent":3.5,"data": [200188,228774,3208,234021,1087486,3262,1090830,5345683,5834,5351689,23448878,3179,23451757,8290030,3196,8292329,1123787,3421,1127523,8802271,4342,8806776,19530296,2278,19532387,1784873,3657,1788814,938512,3420,943316]},"pktlen": {"min":60,"avg":626.3,"max":1440,"stddev":557.2,"var":310424.4,"ent":4.5,"data": [60,60,1440,327,181,1440,259,181,1440,535,410,1440,257,181,1440,327,181,1440,257,181,1440,461,410,1440,258,181,1440,313,181,1440,259,181]},"bins": {"c_to_s": [1,0,0,0,0,0,5,0,3,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0],"s_to_c": [1,0,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [4.739262104,5.106893539,5.867009163,5.823337078,5.714051723,5.877876282,5.739666462,5.708738327,5.861988068,5.999320984,5.770567417,5.882071018,5.723089695,5.732763290,5.864256382,5.841103554,5.697688103,5.890019894,5.735716343,5.730837822,5.881994724,5.957257271,5.801627636,5.887722969,5.723830700,5.705350399,5.852463722,5.804970741,5.650331974,5.849934578,5.692368984,5.757890701]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"va.origin.startappservice.com"}} 01038{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":39,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506665200702631,"flow_dst_last_pkt_time":1506665200902775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":62424,"flow_dst_tot_l4_payload_len":6280,"midstream":0,"thread_ts_usec":1506665200902775,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"va.origin.startappservice.com"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":115,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1506665200902775} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":115,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1506665200902775} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 115/115 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648209 bytes -~~ total memory freed........: 8648209 bytes -~~ total allocations/frees...: 140650/140650 +~~ total memory allocated....: 9412583 bytes +~~ total memory freed........: 9412583 bytes +~~ total allocations/frees...: 154616/154616 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 2428 chars diff --git a/test/results/default/i3d.pcap.out b/test/results/default/i3d.pcap.out index 561a16383..97ea661bb 100644 --- a/test/results/default/i3d.pcap.out +++ b/test/results/default/i3d.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643566147188000} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643566147188000} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643566147188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643566147188000,"pkt":"eJS0JASgYDjgxTWgCABFAABmU1sAAH8R+EzAqAJk1aNXL+w8w1QAUphQAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA95U="} 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643566147188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1643566147224000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1643566147224000,"pkt":"eJS0JASgYDjgxTWgCABFAACoU10AAH8R+AjAqAJk1aNXL+w8w1QAlAApkHiUJQdnxvIAA8+ovt4AAfZr38uFzZsIi8ZCCYTQPXHtOHv0CzWfwBUspYBgwVoFrs7CIolbntTbNC\/JUzHrMPTo+XsMJQLsyF07SXVZB\/s4ty9sKDXZEitaLRpRsI4IOF0cfX+Uc0Uf1VgbctkHIRIB7WkAQW7E9Ft4IwjFcGTVfDpX71058AMMAIA="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643566147248000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1643566147248000,"pkt":"eJS0JASgYDjgxTWgCABFAACrU14AAH8R+ATAqAJk1aNXL+w8w1QAl9LykHiUJgdnyrIAA8+ovt4AAUA1qdRM+p5pr\/oqX0DhEzCeQnh79unVEDHbUO6dzrEHo2ZrwkpnXYNjri9KSft0NfMTwIic7YV89\/hFWxptbKzflgOcvR8B2Shl\/WZiU1Z\/KdIDbewpUyY21lOye5L\/XBpzfqg5wywFSTueNycE9miVE9BmO5SMOudQFQQMAIA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643566147266000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1643566147266000,"pkt":"eJS0JASgYDjgxTWgCABFAACpU18AAH8R+AXAqAJk1aNXL+w8w1QAlT\/NkHiUJwdnznIAA8+ovt4AAaP5Ah92yNJfzjWLY8WE\/BTJnxusxn0vEFtrrFPiJ6xYLwBoyHyq9NbUJFz9dnZHmE98BUSEEm1g\/uLK67zcvjWDSrCKLxOx4sj+Tlk9Iq149UdWaGtJ\/sUWb\/A24Vz1gJvdeF4k3J4DeZ1+PNY96GPVMAZTD3\/NwRsFDACA"} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643572927206000} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643572927206000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643572927206000,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643572927206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643572927206000,"pkt":"eJS0JASgYDjgxTWgCABFAABmU0sAAH8R+FzAqAJk1aNXL9elw1QAUhLaAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkaM="} 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643572927206000,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643572927206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 01004{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1643572927260000,"flow_dst_last_pkt_time":1643572927231000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"thread_ts_usec":1643572927260000,"pkt":"eJS0JASgYDjgxTWgCABFAAGIU08AAH8R9zbAqAJk1aNXL9elw1QBdHLBkHjAYRrNp\/IAA8+ovt4AAQHk2SbeSru+vmqqbBAlqKnhi8VOiprTRfevAGdGL56u0jSjwF44BlGyfOIsOe9k0bILizQNN9KH2Zs3ouDH7gMA9MStaqggeVFFdLPjTFIOSwvUil8bbIvJDO17475aYHIEDMOMgQstUnNA1RgrYS2\/2kVGl7KJZGY\/L7D3V\/CVrqy8Mdz69R1bcRh4OUlMGYs20rRHySB1Dhuk3gj5oX3QZZFzW5+1AKlyFgaMG20J+gfaDs7fR+LJlT0e6ZIGmglv7IbxFn2ezOoMl1oHeUBvAHNKh2tBHj\/gvzBn3\/p9RQD7uVLnyG8g2NlN1VCjLyvFh8dNYVS+\/1yAqn2zPJoP+JrJzw9WOJbDrEms0RCwLivIgUxmOAjwuWkis3CQGN4xLBnm5cm+kzvuz3uOJtKDlrGmtcqqXSMQb0l4w2rAPaz+w\/ddGa7GkvH8mbylSiRSECJE2x\/+OAYZgA=="} 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643572927277000,"flow_dst_last_pkt_time":1643572927231000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1643572927277000,"pkt":"eJS0JASgYDjgxTWgCABFAAGSU1AAAH8R9yvAqAJk1aNXL9elw1QBfqV4kHjAYhrNq7IAA8+ovt4AAaUWvsT0DCayFUbzabzV8jrCDKi9xfLgbBSBd+F0MC5A+pFm70pntapcdGBWkcOJ2oBsj+J4Zj69ESkk995NOgz4qWa9pVXVwvtTkiJzlG54oXs0w5VAZ2rxJEg5VEqP+nv1E5RDoKP2xPW8K5HGyKJiu0\/uTpIYXdCxbJI2WdJND01cc6LoQfKwTvwIAKPWe0VI5agSTTuy7uGlybczfeWU99AcaDWIBivRoBkrqFIBd4hohB5csBM+jGqze6sHojZJ+Bp84hb\/kpOEfRWPRRuFJYkInwdmn\/rgt0qrGDGY7Nx6Q+l4Q7yCAdXGlZZvWRHal998LFuUaEsGR7CY01GlVfOg284fA6pzmM3AdmuhBDB+OioFOQS1sl\/4XCLOCRDdbDU7EeqPTo7TztdlkwgXxffBx0jewOZjWR3XfjE5CAFbhNK9B1i9zRJljHex1EUOznrGM6z2tTbOvpxOAz0IvjkGGYA="} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147407000,"flow_dst_last_pkt_time":1643566147319000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":331,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":2349,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1643572927312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1643574967215000} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1643574967215000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643574967215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643574967215000,"pkt":"eJS0JASgYDjgxTWgCABFAABm4pkAAH8RaQ7AqAJk1aNXL\/Scw1QAUnfBAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8U="} 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643574967215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -34,7 +34,7 @@ 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643575387255000,"flow_dst_last_pkt_time":1643575387247000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1643575387255000,"pkt":"eJS0JASgYDjgxTWgCABFAATb+uwAAH8RTEbAqAJk1aNXL\/P9w1QEx8XFkGfzn+7YC1wAA8+pvt4AA8\/rBnO98lR\/HxLTpIP\/EbMQx2RnswfttY95fPW12k+sMZPRUpXQ6rdFgdvebGO7p1UVM3QV79HT48Lutvo7rBD1EQGn3G1lnzMH\/HYoOApYSztH3SoK71xEoS1y8yXoqwttVhKJwdDpP0dYo+6JgRJC8a80fv+q8dukV27\/jVfVPNuEOGAKsYLKK3d3pDVBr3zFRvp+CUrx4k8Q3SmQ3FdvyBKUErJJCQMDIji2wBw\/6oOgUQdC4DfvZgCq2ehheOE\/QsbTet00OotAumju1CQN9Ie6XatcDMZEuVkd\/D\/4BNSUP8nLk2iECQ5jtpH0za6z9XycB9r30SzB4diSF71CS3FM8x6aWeAPxHuthE+qizcIjWCTi+uD+tksuJ3IgwTOIYtLJAmqBWmSSbw6uqz8LcdkStr7tMJaqmyNp0jfhJUWKXSVLeeaB7dE8vLAU\/AaDLNlX7cI97Q9sT4yJ7Ck0Xf38Wbaf70ad0+uLgBbGKMZzc0Qinka6L0063NVp3KQEb0W7+ZtTH+F7khBVzSgEGbYSk5P6L4+w1W84JNRtMzWLexqMRbia63\/XlTmx3sjYEiOU7SeNg\/VV7tUmAh00XrF94xyB5IuISYVkB63iOTwwjLGd+XPIC+xHPrVpy7d5\/0MnalC+TtBhFqQnVaipTWP5pTB6aF4HDpdAG\/Rsi\/jlYTPiwR\/+06YhuScTKbIDskrucwHhjvSpnvj6KdX7eJb+0f\/dGV1IR6XpjxXnm16GYSfek2plgRY7BcmryqhO8+u57C4lQPTdhp9tFjWMl1dmpGwleRQLABunADSt5n52m5UHlaEuruXoTSXj9yg5uc8GO3+7UV8mGSRFe35dZLCx1fvxLHAWLieOXgy10+sPWgTzBqbHdVA8G9uU1gL0jJCQ+ge4NIeEvEK2v26py+DrxUZ60wRYOUn0g+EctdA6BkYQ7axrLaAByXKmU+xaI8PcDwzjV5piTIMfvW5xrMWnuL8uImiF2SPyss62VgrI3kAwzdR1oqaEPB3uwvPTduUQ+N4uIEjkeW8TelrAHdYXTVkcW+KD\/qD9R4sMNfYyWoSviEKw0OOIkW3\/U0JwSQqOjw1KSUDkqHq\/KyJv++I37PjSRk9mkJHQKggsRDYpWzlCTtryb8Uw1N9dk2juxtTHXxH5dFsqFyNr7JLXTkJTh7bfr6gqnKuzSbbt6h0jpTjdtLTrNwDnd+cljHqP32B+son64QJeY+jueVGuppoG7wUpq9JyqWs0peerVl4SqbRUoTVTImfH4YMaQgSagkAM1uLSfdEHTdncPe4QqZpCf6Ay8IVOgBWQUUUGJ5tOIqcY9sNHfHZj+UXJJzimbNgyQmLAVgGyrWp1k3cCO9aHcm70ZW\/fksx8g38UefAJrWV5AcZKxBoIRLhAQKQrUJrNFP2Yu7+3wkMjdrjMpb0eLnX749AFyY0EfVxc8EaD1Zvrdq9MJLJbzBl00Bvh3hnjWjJNNa8ogp\/jNsv03rLCsySZbzzJq10nEyw\/TWESfJ1nM1aVj21VveY1DdXxYRzhGtEydneMsYwjGJ8zEkLQm++YbhIJDKJH2vuRum8N8aCn074\/\/PAqyWA"} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1643575387216000,"flow_src_last_pkt_time":1643575387266000,"flow_dst_last_pkt_time":1643575387247000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1216,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":15879,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643575387266000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62461,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967460000,"flow_dst_last_pkt_time":1643574967246000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1210,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":4511,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643575387266000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1643575387266000} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1643575387266000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653890 bytes -~~ total memory freed........: 8653890 bytes -~~ total allocations/frees...: 140626/140626 +~~ total memory allocated....: 9418360 bytes +~~ total memory freed........: 9418360 bytes +~~ total allocations/frees...: 154592/154592 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 2172 chars diff --git a/test/results/default/iax.pcap.out b/test/results/default/iax.pcap.out index e18adf16c..c15bec53b 100644 --- a/test/results/default/iax.pcap.out +++ b/test/results/default/iax.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1123840005963862} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1123840005963862} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1123840005963862,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1123840005963862,"pkt":"AMDwli5rAOCBJ2JwCABFEABeAABAAEARAJ1SbiRUwKgCeBHZEdYASpLMgAQAAAAAAAEAAAYBCwIAAgEMNDQyMDg4MjA1MTU1Agw0NDc3ODIyNjc5NDkEAAoCZW7\/BAAAAAIMAgAAHwQLDFXW"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1123840005963862,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -9,7 +9,7 @@ 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1123840005971515,"flow_dst_last_pkt_time":1123840005995531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1123840005995531,"pkt":"AOCBJ2JwAMDwli5rCABFAAAoV79AAEARqSPAqAJ4Um4kVBHWEdkAFBz1gBcABAAAAB8BAQQE"} 02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":5,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840006456930,"flow_dst_last_pkt_time":1123840006059195,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3882,"flow_dst_tot_l4_payload_len":372,"midstream":0,"thread_ts_usec":1123840006456930,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":948,"avg":18980.7,"max":51403,"stddev":10969.1,"var":120322248.0,"ent":4.7,"data": [2173,5097,7653,24399,24352,24724,16912,51403,9638,12261,14097,6869,22758,16765,31325,17887,20048,11489,43190,21320,13940,17067,22553,948,20517,34133,6854,21003,19904,17982,29140]},"pktlen": {"min":40,"avg":161.5,"max":200,"stddev":59.5,"var":3538.2,"ent":4.9,"data": [94,40,40,46,40,46,192,200,200,46,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192]},"bins": {"c_to_s": [3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.666565895,4.339823723,4.439823151,4.354552269,4.384184837,4.354552269,1.312757373,1.546443224,1.322564363,4.327484608,1.142194629,1.312757373,1.944322586,1.302340746,1.312757373,1.312757373,1.312757373,1.302340746,1.312757373,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.321057439,1.335405827,1.335405827,1.335405827,1.335405827]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840006472888,"flow_dst_last_pkt_time":1123840006489877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":4046,"flow_dst_tot_l4_payload_len":3008,"midstream":0,"thread_ts_usec":1123840006489877,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1123840006489877} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1123840006489877} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646292 bytes -~~ total memory freed........: 8646292 bytes -~~ total allocations/frees...: 140583/140583 +~~ total memory allocated....: 9410666 bytes +~~ total memory freed........: 9410666 bytes +~~ total allocations/frees...: 154549/154549 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 524 chars ~~ json message max len.......: 2186 chars diff --git a/test/results/default/icmp-tunnel.pcap.out b/test/results/default/icmp-tunnel.pcap.out index d0f80d937..b65bddb31 100644 --- a/test/results/default/icmp-tunnel.pcap.out +++ b/test/results/default/icmp-tunnel.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1360227866458898} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1360227866458898} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1360227866459330,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAFvrPQgAAS1uE1EtSQYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.703333}} @@ -20,7 +20,7 @@ 01178{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":98,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228358273374,"flow_dst_last_pkt_time":1360228358272926,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":20874,"flow_dst_tot_l4_payload_len":16482,"midstream":0,"thread_ts_usec":1360228358273374,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":107,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228402597860,"flow_dst_last_pkt_time":1360228402596581,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22210,"flow_dst_tot_l4_payload_len":17950,"midstream":0,"thread_ts_usec":1360228402597860,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":109,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228442640689,"flow_dst_last_pkt_time":1360228442640274,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22290,"flow_dst_tot_l4_payload_len":18030,"midstream":0,"thread_ts_usec":1360228442640689,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":298,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1360228467662193} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":298,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1360228467662193} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":114,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228485957206,"flow_dst_last_pkt_time":1360228485957682,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22995,"flow_dst_tot_l4_payload_len":18623,"midstream":0,"thread_ts_usec":1360228485957682,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":154,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228522817624,"flow_dst_last_pkt_time":1360228522818134,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":28272,"flow_dst_tot_l4_payload_len":23795,"midstream":0,"thread_ts_usec":1360228522818134,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":192,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228557159010,"flow_dst_last_pkt_time":1360228557159568,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":33486,"flow_dst_tot_l4_payload_len":28699,"midstream":0,"thread_ts_usec":1360228557159568,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -36,7 +36,7 @@ 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":371,"flow_dst_packets_processed":337,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228942890883,"flow_dst_last_pkt_time":1360228942891404,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":51973,"flow_dst_tot_l4_payload_len":46675,"midstream":0,"thread_ts_usec":1360228942891404,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":423,"flow_dst_packets_processed":390,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228984799284,"flow_dst_last_pkt_time":1360228984799441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":57434,"flow_dst_tot_l4_payload_len":52234,"midstream":0,"thread_ts_usec":1360228984799441,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":448,"flow_dst_packets_processed":415,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228988973603,"flow_dst_last_pkt_time":1360228988973740,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":83334,"flow_dst_tot_l4_payload_len":78134,"midstream":0,"thread_ts_usec":1360228988973740,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":961,"packets-processed":863,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1360228988973740} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":961,"packets-processed":863,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1360228988973740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 961/863 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8669920 bytes -~~ total memory freed........: 8669920 bytes -~~ total allocations/frees...: 141398/141398 +~~ total memory allocated....: 9434294 bytes +~~ total memory freed........: 9434294 bytes +~~ total allocations/frees...: 155364/155364 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 593 chars ~~ json message max len.......: 2472 chars diff --git a/test/results/default/iec60780-5-104.pcap.out b/test/results/default/iec60780-5-104.pcap.out index 2e42b8962..c7c95c11a 100644 --- a/test/results/default/iec60780-5-104.pcap.out +++ b/test/results/default/iec60780-5-104.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1219992231267238} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1219992231267238} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992231267238,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992231267238,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267238,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267345,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} @@ -45,12 +45,12 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819944348,"pkt":"ABXFGNTMABNy14eKCABFAAAubkZAAIAGQ4+sG\/htrBv4TwYqCWRBsBqQ+cLui1AY\/\/+jsAAAaAQHAAAA"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992819944348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819947305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819947305,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZdAAIAGcD6sG\/hPrBv4bQlkBir5wu6LQbAallAY\/\/lJFQAAaAQLAAAA"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1219992852463357} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1219992852463357} 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1219992590188368,"flow_src_last_pkt_time":1219992781349438,"flow_dst_last_pkt_time":1219992781349461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1219992910077446,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1219992782348776,"flow_src_last_pkt_time":1219992818955088,"flow_dst_last_pkt_time":1219992818955112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":6,"midstream":0,"thread_ts_usec":1219992961194617,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992991664467,"flow_dst_last_pkt_time":1219992991860370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":207,"midstream":0,"thread_ts_usec":1219992991860370,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":133,"avg":11085131.0,"max":32516052,"stddev":10877058.0,"var":118310385483776.0,"ent":4.1,"data": [133,283,1182,4289,153898,32516052,32485009,17329020,17462619,171223,19844571,20033163,171510,19860294,20118307,25436246,25352045,204330,19828922,20215237,5341755,5765246,10455867,10671339,13934,15202,139861,131307,218735,19641453,20056039]},"pktlen": {"min":40,"avg":51.6,"max":104,"stddev":11.5,"var":132.4,"ent":5.0,"data": [48,48,46,46,46,46,56,46,56,104,46,46,56,46,46,40,56,62,46,46,40,56,46,56,62,56,62,46,63,46,46,40]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1],"entropies": [4.558206558,4.926427364,4.435436726,4.740953922,4.740953445,4.478915215,4.605515957,4.522393703,4.811381817,4.822690010,4.522393703,4.922443390,4.864342690,4.462504864,4.862554550,4.781687260,5.115302563,5.039213181,4.478915215,4.878964901,4.781687260,4.824862003,4.478915215,5.079588413,4.986872673,4.972445488,4.999047756,4.478915215,4.964986324,4.478915215,4.922443390,4.781687260]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":19,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219993055118751,"flow_dst_last_pkt_time":1219993055118603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":263,"midstream":0,"thread_ts_usec":1219993055118751,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":147,"packets-processed":147,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1219993055118751} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":147,"packets-processed":147,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1219993055118751} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 147/147 ~~ skipped flows.............: 0 @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661267 bytes -~~ total memory freed........: 8661267 bytes -~~ total allocations/frees...: 140735/140735 +~~ total memory allocated....: 9425801 bytes +~~ total memory freed........: 9425801 bytes +~~ total allocations/frees...: 154701/154701 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2259 chars diff --git a/test/results/default/ieee_c37118.pcap.out b/test/results/default/ieee_c37118.pcap.out index a18d903d2..92831da38 100644 --- a/test/results/default/ieee_c37118.pcap.out +++ b/test/results/default/ieee_c37118.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1218021007698753} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1218021007698753} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007698753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218021007698753,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007698753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1218021007698753,"pkt":"ADCnAA06AAlrk3uDCABFAAA846tAAEAG1LrAqAAUwKgA8Y\/jEmgIDYWkAAAAAKACFtAWCwAAAgQFtAQCCAoCxGYPAAAAAAEDAwY="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007699989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1218021007699989,"pkt":"AAlrk3uDADCnAA06CABFAABAZWQAAEAGkv7AqADxwKgAFBJoj+PZe3k4CA2FpbASIfAmuQAAAgQFtAEDAwABAQQCAQEICnGgDcwCxGYP"} @@ -8,7 +8,7 @@ 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007700230,"flow_dst_last_pkt_time":1218021007699989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218021007700230,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1218021007700230,"flow_dst_last_pkt_time":1218021007701832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1218021007701832,"pkt":"AAlrk3uDADCnAA06CABFAAA0ZWUAAEAGkwnAqADxwKgAFBJoj+PZe3k5CA2Ft4AQId5ngwAAAQEICnGgDcwCxGYQ"} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007982488,"flow_dst_last_pkt_time":1218021007965319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":890,"midstream":0,"thread_ts_usec":1218021007982488,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":207,"avg":17751.6,"max":40001,"stddev":13277.6,"var":176295104.0,"ent":4.5,"data": [1236,1270,207,1843,699,2315,976,1753,1047,20120,38956,19861,2840,19920,19921,20016,39141,19972,20168,38019,19966,20020,40000,19866,22584,20167,20073,37505,19862,19977,40001]},"pktlen": {"min":52,"avg":81.6,"max":186,"stddev":31.5,"var":989.7,"ent":4.9,"data": [60,64,52,70,52,186,52,70,52,106,106,52,106,52,106,52,106,52,106,106,52,106,106,52,106,52,106,106,52,106,106,52]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,14,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0],"entropies": [4.496836185,5.048533440,4.931210041,4.651202679,4.969671726,4.443276405,4.931210041,4.690558434,4.969671249,5.657071114,5.579102516,4.969671249,5.555610657,4.969671726,5.699430466,4.969671726,5.692310333,5.008132935,5.652293205,5.602812290,4.931209564,5.597970963,5.583358288,4.931209564,5.605093002,4.931209564,5.657070637,5.635706902,5.008132935,5.642828465,5.594747066,5.008132935]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":418,"packets-processed":417,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1218023578251598} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":418,"packets-processed":417,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1218023578251598} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218023578251598,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1218023578251598,"pkt":"AKD0AaNIAB1gY4VACABFAAAualcAAIARTtHAqAAKwKgAPBJoEmkAGlB5qkEAEgA8SJmQmgA0LtUAAVYL"} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218023578251598,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -19,7 +19,7 @@ 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578622812,"flow_dst_last_pkt_time":1218023579169239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":374,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1718,"midstream":0,"thread_ts_usec":1218023579169239,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19796,"avg":41576.0,"max":318010,"stddev":73009.0,"var":5330315264.0,"ent":3.9,"data": [316833,318010,54381,59605,20198,20004,19807,20001,20003,20201,19799,19994,20205,19798,20210,19796,20005,19991,20008,20200,19801,19996,20004,20000,20202,19800,20004,20000,20002,20201,19796]},"pktlen": {"min":46,"avg":83.4,"max":402,"stddev":57.9,"var":3351.1,"ent":4.8,"data": [46,46,402,46,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76]},"bins": {"c_to_s": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,28,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.419025898,4.245112896,4.107680798,4.419026375,4.914726734,4.888411045,4.977291107,4.801239491,4.941042423,4.941042423,4.977291107,4.950975418,4.950975418,4.941042423,5.003606796,4.860224247,4.898343563,4.924659729,4.977291107,4.950975418,5.024288177,4.814043045,4.950975418,4.902923107,5.076920033,4.801239491,4.814043045,4.929238796,4.924659729,4.898343563,4.925475597,4.899159908]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":258,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021012734335,"flow_dst_last_pkt_time":1218021012734317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":13742,"midstream":0,"thread_ts_usec":1218023585746411,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":357,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023585746411,"flow_dst_last_pkt_time":1218023585729395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":374,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":17462,"midstream":0,"thread_ts_usec":1218023585746411,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":778,"packets-processed":778,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1218023585746411} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":778,"packets-processed":778,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1218023585746411} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 778/778 ~~ skipped flows.............: 0 @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8669835 bytes -~~ total memory freed........: 8669835 bytes -~~ total allocations/frees...: 141322/141322 +~~ total memory allocated....: 9434241 bytes +~~ total memory freed........: 9434241 bytes +~~ total allocations/frees...: 155288/155288 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2195 chars diff --git a/test/results/default/imap-starttls.pcap.out b/test/results/default/imap-starttls.pcap.out index f456d6f7b..e4232ed5e 100644 --- a/test/results/default/imap-starttls.pcap.out +++ b/test/results/default/imap-starttls.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437584567812552} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437584567812552} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584567812552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437584567812552,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584567812552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1437584567812552,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584568002342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437584568002342,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"} @@ -12,7 +12,7 @@ 01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584568767550,"flow_dst_last_pkt_time":1437584568769690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":5492,"midstream":0,"thread_ts_usec":1437584568769690,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 02540{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":188486.4,"max":1677753,"stddev":378167.8,"var":143010873344.0,"ent":3.3,"data": [189790,189950,188317,188305,133,192463,259,192553,155,186504,9,186418,431,197380,166,197053,2043,207,2163,90,3747,191586,187876,1486951,1677753,168,190848,49,279,1,189432]},"pktlen": {"min":40,"avg":235.2,"max":1500,"stddev":424.6,"var":180326.2,"ent":3.6,"data": [64,52,40,311,40,54,46,267,40,52,72,46,40,358,1500,1500,40,1500,622,40,40,166,91,40,79,119,71,40,40,71,40,46]},"bins": {"c_to_s": [15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1],"entropies": [4.577819824,4.737868309,4.461769104,5.374657631,4.734183788,5.080696583,4.457919598,5.160151482,4.684183598,5.024262428,5.301461220,4.501398087,4.784183979,5.382153988,6.856912613,7.178915024,4.665312290,7.104553223,7.666580677,4.403056622,4.684184551,6.516188145,5.466528416,4.684184074,5.702392578,6.104408741,5.134844303,4.665312290,4.734184265,5.452422619,4.492897511,3.926021099]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01337{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1437584570828629} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1437584570828629} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8664220 bytes -~~ total memory freed........: 8664220 bytes -~~ total allocations/frees...: 140579/140579 +~~ total memory allocated....: 9428627 bytes +~~ total memory freed........: 9428627 bytes +~~ total allocations/frees...: 154546/154546 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2545 chars diff --git a/test/results/default/imap.pcap.out b/test/results/default/imap.pcap.out index 9d1c902b0..3433f9995 100644 --- a/test/results/default/imap.pcap.out +++ b/test/results/default/imap.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1213095262213846} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1213095262213846} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213095262213846,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213095262213846,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213095262213972,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="} @@ -9,7 +9,7 @@ 01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266594138,"flow_dst_last_pkt_time":1213095262264097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":65,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1213095266594138,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","imap": {"user":"samir","password":"pfres","auth_failed":0}}} 02377{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266780228,"flow_dst_last_pkt_time":1213095266780369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":1401,"midstream":0,"thread_ts_usec":1213095266780369,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":88,"avg":294609.8,"max":4331408,"stddev":1060070.4,"var":1123749068800.0,"ent":1.4,"data": [126,150,12887,12906,231,444,36852,36794,135,4330018,4331408,1394,16846,17272,39867,39540,93,199,596,39710,39393,88,905,1344,39009,38693,107,104,10836,47768,37190]},"pktlen": {"min":52,"avg":101.9,"max":748,"stddev":125.9,"var":15857.5,"ent":4.4,"data": [60,60,52,94,52,71,117,52,84,52,78,79,52,72,73,52,109,52,72,73,52,109,52,73,64,52,311,52,125,164,52,748]},"bins": {"c_to_s": [18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1],"entropies": [4.466519356,4.994044781,4.884933472,5.545080185,4.923395157,5.188045025,5.565508366,4.846471786,5.532327652,4.923395157,5.445330620,5.491897583,4.961857319,5.242550373,5.321550369,4.892440796,5.645212650,4.899451256,5.225256920,5.331891060,4.961856842,5.594664574,4.961857319,5.357347012,5.240169048,4.961857319,5.602889538,4.923395157,5.631970406,5.824433327,4.923395157,5.541430473]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266780387,"flow_dst_last_pkt_time":1213095266780369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":1401,"midstream":0,"thread_ts_usec":1213095266780387,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1213095266780387} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1213095266780387} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647870 bytes -~~ total memory freed........: 8647870 bytes -~~ total allocations/frees...: 140568/140568 +~~ total memory allocated....: 9412244 bytes +~~ total memory freed........: 9412244 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2382 chars diff --git a/test/results/default/imaps.pcap.out b/test/results/default/imaps.pcap.out index ca82d4068..4d210c486 100644 --- a/test/results/default/imaps.pcap.out +++ b/test/results/default/imaps.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590857744659641} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590857744659641} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744659641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1590857744659641,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744659641,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1590857744659641,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744706356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1590857744706356,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="} @@ -9,7 +9,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744749621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1590857744749621,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NrtAADQGz1CnY9ekwKgBCAPhxUrMi6Lb0TTQsYAQAfwWAAAAAQEICqnD6BkUTZ1k"} 01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1590857744765146,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1590857744765232,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1610477173150912} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1610477173150912} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173150912,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477173150912,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1610477173150912,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1610477173150912,"pkt":"AAAAAAAAAAUA1\/WMCABFAABAAABAAEAGZgTAqAABCgoKAclJA+FNynXdAAAAALAC\/\/82MwAAAgQFggEDAwUBAQgKD7SLwQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1610477173152406,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1610477173152406,"pkt":"AAAAAAAAAAwAMjBoCABFAABAAABAAD4GaATAqAABCgoKAclJA+FNynXdAAAAALAC\/\/82PQAAAgQFeAEDAwUBAQgKD7SLwQAAAAAEAgAA"} @@ -20,7 +20,7 @@ 01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173290274,"flow_dst_last_pkt_time":1610477173366776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1610477173366776,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744949604,"flow_dst_last_pkt_time":1590857744987000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3308,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173290274,"flow_dst_last_pkt_time":1610477173366841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":2776,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7666,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1610477173366841} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7666,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1610477173366841} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661869 bytes -~~ total memory freed........: 8661869 bytes -~~ total allocations/frees...: 140584/140584 +~~ total memory allocated....: 9426275 bytes +~~ total memory freed........: 9426275 bytes +~~ total allocations/frees...: 154550/154550 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 1244 chars diff --git a/test/results/default/imo.pcap.out b/test/results/default/imo.pcap.out index 6affde34a..bfa152aa3 100644 --- a/test/results/default/imo.pcap.out +++ b/test/results/default/imo.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646579366752245} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646579366752245} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579366752245,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646579366752245,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646579366752245,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_usec":1646579366752245,"pkt":"CL6sCxdumt9Y+uvcCABFAADkB2xAAEARIpLAqAypuZuJHsA3jrcA0NESgTwOaEjDNFXzxmxamfOGor3xFD3A7FnCXNc+hJhFKrJOPpMIHUdqj1x7ZYe+fmL104ZlZ8QSGjgMDxxGQ47M5ARZG9YmBTkKmoomp0C2r5k7+UuqXgkHofa9I06kfQJKjgPnNwBdZocQSlex2Z6G1oBdByRvxIbfLnB1AU5Z2+ssSUPzcUN05190AJa8ogAW0Cie1vmNKFuiNZVeV2v82D2eARVTcN232VacWZMHJ\/PcqQx4XLqiWe9HSh0LDQkCIZoCAAAAAAA="} 00953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1646579366752641,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1646579366752641,"pkt":"CL6sCxdumt9Y+uvcCABFAAFlB21AAEARIhDAqAypuZuJHsA3jrcBUW71gkcNAABefWxEZ6P52eWWE1NsVUgX\/f\/SEU49gh0z128SrDnndBBJ7Xzv30Qrd+KJJN6jW88s97nwOxW1SXOJ19HPmvCIhrHR5EVDIS67bqqmEITlpL2AWZxihzDdfZ9+dgCuOQIy4YhI67L+NII4MlG7p6wa+Z43u8VCM7MQ94E5SdjxWl3zDFPxVycVf7KV2xCPfzi+nLVEj6bW7qHP3SW0XSDmXsZYCq\/fkVzkG6GD9VCFwOzRvPlMFOvXxrdNScJnQTp3jwA9ixJO\/EZEvZGmxF8KX1lLWK60\/AnhsK8ResfH4lG\/M+7QsKf8h+0F6\/JreyOlSKUahDlCIMAkz9CNbMMyQvDt1lT9Ujr+5G5FKQSNp7Os7CbxgGOrC+XUDj1qcRw+csAXbivPEt1405allpHSrfAa3hDWEw734vz46COasfJjrLY="} @@ -18,7 +18,7 @@ 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579368878172,"flow_dst_last_pkt_time":1646579368918568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1224,"flow_dst_max_l4_payload_len":224,"flow_src_tot_l4_payload_len":11806,"flow_dst_tot_l4_payload_len":720,"midstream":0,"thread_ts_usec":1646579368918568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":138459.7,"max":1002796,"stddev":305661.1,"var":93428727808.0,"ent":2.8,"data": [396,41304,49,43405,10843,2151,275,10533,8077,9421,9986,55709,51,24,9743,18469,13472,314,9827,9743,9558,13513,46,69283,127192,99850,16582,835382,861703,1002796,1002553]},"pktlen": {"min":38,"avg":419.4,"max":1252,"stddev":488.9,"var":239046.1,"ent":4.1,"data": [228,357,39,146,1252,1252,210,228,1252,1252,1252,1252,108,252,39,1252,38,1252,228,38,38,38,38,39,212,125,347,124,228,39,228,39]},"bins": {"c_to_s": [0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1],"entropies": [6.951599121,7.408638477,4.155817986,6.605685711,7.827155590,7.851851463,6.958688259,6.942827225,7.823550224,7.844932079,7.851901054,7.830797195,6.188582897,7.144678593,4.053254128,7.818601608,4.339262486,7.858332157,6.930744171,4.391894341,4.391894341,4.391894341,4.391894341,4.155817986,6.930866241,6.293650627,7.455466747,6.412575722,6.928594112,4.207099915,6.941227913,4.207099915]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579369944784,"flow_dst_last_pkt_time":1646579369921382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1224,"flow_dst_max_l4_payload_len":224,"flow_src_tot_l4_payload_len":12230,"flow_dst_tot_l4_payload_len":731,"midstream":0,"thread_ts_usec":1646579370091576,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":37,"flow_first_seen":1646579366870607,"flow_src_last_pkt_time":1646579370069590,"flow_dst_last_pkt_time":1646579370091576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1052,"flow_dst_max_l4_payload_len":1039,"flow_src_tot_l4_payload_len":6713,"flow_dst_tot_l4_payload_len":11506,"midstream":0,"thread_ts_usec":1646579370091576,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1646579370091576} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1646579370091576} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650191 bytes -~~ total memory freed........: 8650191 bytes -~~ total allocations/frees...: 140644/140644 +~~ total memory allocated....: 9414597 bytes +~~ total memory freed........: 9414597 bytes +~~ total allocations/frees...: 154610/154610 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 512 chars ~~ json message max len.......: 2199 chars diff --git a/test/results/default/instagram.pcap.out b/test/results/default/instagram.pcap.out index da710cb14..bf906c465 100644 --- a/test/results/default/instagram.pcap.out +++ b/test/results/default/instagram.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436720898354402} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436720898354402} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898354402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720898354402,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898354402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720898354402,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720898386781,"flow_src_last_pkt_time":1436720898386781,"flow_dst_last_pkt_time":1436720898386781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1365,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1365,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1436720898386781,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -196,14 +196,14 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1436720952563081,"flow_dst_last_pkt_time":1436720952563081,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1436720952563081,"pkt":"ABsv8H60QPMIw47hCABFAABH\/7VAAEARadHAqABnCAgICGn0ADUAM87BrqQBAAABAAAAAAAACHBob3Rvcy1iAmFrCWluc3RhZ3JhbQNjb20AAAEAAQ=="} 01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720952563081,"flow_src_last_pkt_time":1436720952563081,"flow_dst_last_pkt_time":1436720952563081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952563081,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"photos-b.ak.instagram.com","domainame":"photos-b.ak.instagram.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 01971{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1436720952553865,"flow_src_last_pkt_time":1436720952574830,"flow_dst_last_pkt_time":1436720952572908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1418,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24106,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1436720952574830,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":31,"avg":1290.6,"max":3846,"stddev":1167.1,"var":1362190.6,"ent":4.3,"data": [122,2106,427,3387,31,3174,2289,427,946,1892,213,2563,1831,3785,61,3846,183,1342,1312,367,183,213,275,519,519,885,854,2075,2106,2014,61]},"pktlen": {"min":52,"avg":805.3,"max":1470,"stddev":707.6,"var":500717.4,"ent":4.3,"data": [1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,1470]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0],"entropies": [7.838996410,5.123517990,7.796014309,7.834145069,5.123517990,5.085056305,7.799090385,5.085056305,7.778009892,7.746161938,5.046594620,5.085056305,7.694964409,5.085056305,7.722822666,7.781306744,5.161979675,5.109000683,7.744096756,5.161979675,7.786537647,5.161979675,7.830977440,5.161979675,7.801307678,5.123517990,7.796917439,5.123517990,7.805510998,5.123517990,7.825653553,7.826405048]}} -00980{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1436720952553865,"flow_src_last_pkt_time":1436720952574830,"flow_dst_last_pkt_time":1436720952572908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1418,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24106,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1436720952574830,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00981{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1436720952553865,"flow_src_last_pkt_time":1436720952574830,"flow_dst_last_pkt_time":1436720952572908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1418,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24106,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1436720952574830,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720952611482,"flow_src_last_pkt_time":1436720952611482,"flow_dst_last_pkt_time":1436720952611482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611482,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1436720952611482,"flow_dst_last_pkt_time":1436720952611482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720952611482,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1436720952611482,"flow_dst_last_pkt_time":1436720952611635,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720952611635,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1436720906017091,"flow_src_last_pkt_time":1436720906024293,"flow_dst_last_pkt_time":1436720906017091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00780{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906025422,"flow_src_last_pkt_time":1436720906025422,"flow_dst_last_pkt_time":1436720906025422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906022462,"flow_src_last_pkt_time":1436720906022462,"flow_dst_last_pkt_time":1436720906022462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":103,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":635,"packets-processed":633,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":408166,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":24,"total-detection-updates":12,"total-updates":4,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1568796253770116} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":635,"packets-processed":633,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":408166,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":24,"total-detection-updates":12,"total-updates":4,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1568796253770116} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253770116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796253770116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253770116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1568796253770116,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253782515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1568796253782515,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="} @@ -252,7 +252,7 @@ 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1436720906070589,"flow_src_last_pkt_time":1436720908431856,"flow_dst_last_pkt_time":1436720908431917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":949,"flow_src_tot_l4_payload_len":4303,"flow_dst_tot_l4_payload_len":949,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908216981,"flow_src_last_pkt_time":1436720908432710,"flow_dst_last_pkt_time":1436720908432649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":949,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":949,"flow_dst_tot_l4_payload_len":3690,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":34,"flow_first_seen":1436720898386781,"flow_src_last_pkt_time":1436720908442842,"flow_dst_last_pkt_time":1436720908442750,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1365,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":3311,"flow_dst_tot_l4_payload_len":37889,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00980{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1436720942507631,"flow_src_last_pkt_time":1436720942524171,"flow_dst_last_pkt_time":1436720942524385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":605,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21875,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00981{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1436720942507631,"flow_src_last_pkt_time":1436720942524171,"flow_dst_last_pkt_time":1436720942524385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":605,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21875,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1436720942507631,"flow_src_last_pkt_time":1436720942524171,"flow_dst_last_pkt_time":1436720942524385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":605,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21875,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1436720908464754,"flow_src_last_pkt_time":1436720911139558,"flow_dst_last_pkt_time":1436720908464754,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00906{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906025422,"flow_src_last_pkt_time":1436720906025422,"flow_dst_last_pkt_time":1436720906025422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} @@ -269,7 +269,7 @@ 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1436720908521089,"flow_src_last_pkt_time":1436720908542604,"flow_dst_last_pkt_time":1436720908542421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00969{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1436720952611482,"flow_src_last_pkt_time":1436720952611482,"flow_dst_last_pkt_time":1436720952611635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1436720952611482,"flow_src_last_pkt_time":1436720952611482,"flow_dst_last_pkt_time":1436720952611635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1436720952553865,"flow_src_last_pkt_time":1436720952593324,"flow_dst_last_pkt_time":1436720952591005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1418,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35450,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1436720952553865,"flow_src_last_pkt_time":1436720952593324,"flow_dst_last_pkt_time":1436720952591005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1418,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35450,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":20,"flow_first_seen":1436720901182283,"flow_src_last_pkt_time":1436720908544038,"flow_dst_last_pkt_time":1436720908543916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":26795,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1436720908523744,"flow_src_last_pkt_time":1436720908523744,"flow_dst_last_pkt_time":1436720908570222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":263,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":263,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"igcdn-photos-h-a.akamaihd.net"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1436720908572816,"flow_src_last_pkt_time":1436720908746828,"flow_dst_last_pkt_time":1436720908741762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":877,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} @@ -296,7 +296,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1568796254524506,"flow_src_last_pkt_time":1568796254539348,"flow_dst_last_pkt_time":1568796254552721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":932,"flow_dst_tot_l4_payload_len":2243,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":10,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265177487,"flow_dst_last_pkt_time":1568796265178429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1014,"flow_dst_tot_l4_payload_len":6430,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1568796265147078,"flow_src_last_pkt_time":1568796265178757,"flow_dst_last_pkt_time":1568796265176036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":1014,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":847,"packets-processed":846,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":530270,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":30,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":299,"global_ts_usec":1568796268054084} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":847,"packets-processed":846,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":530270,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":30,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":299,"global_ts_usec":1568796268054084} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 847/846 ~~ skipped flows.............: 0 @@ -305,9 +305,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8994320 bytes -~~ total memory freed........: 8994320 bytes -~~ total allocations/frees...: 141924/141924 +~~ total memory allocated....: 9759878 bytes +~~ total memory freed........: 9759878 bytes +~~ total allocations/frees...: 155890/155890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 2493 chars diff --git a/test/results/default/ip_fragmented_garbage.pcap.out b/test/results/default/ip_fragmented_garbage.pcap.out index bdecf5e06..588861fae 100644 --- a/test/results/default/ip_fragmented_garbage.pcap.out +++ b/test/results/default/ip_fragmented_garbage.pcap.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534244024697756} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534244024697756} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244024697756,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244024697756,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"} 00328{"error_event_id":12,"error_event_name":"TCP packet smaller than expected","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697792,"packet_id":2,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697792} @@ -48,7 +48,7 @@ 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244024697756,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00914{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244025001741,"flow_src_last_pkt_time":1534244025001741,"flow_dst_last_pkt_time":1534244025001741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244025001741,"flow_src_last_pkt_time":1534244025001741,"flow_dst_last_pkt_time":1534244025001741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1252,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1534244025612419} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1252,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1534244025612419} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1252/4 ~~ skipped flows.............: 0 @@ -57,9 +57,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652154 bytes -~~ total memory freed........: 8652154 bytes -~~ total allocations/frees...: 140566/140566 +~~ total memory allocated....: 9416624 bytes +~~ total memory freed........: 9416624 bytes +~~ total allocations/frees...: 154532/154532 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 333 chars ~~ json message max len.......: 919 chars diff --git a/test/results/default/iphone.pcap.out b/test/results/default/iphone.pcap.out index 022dea22f..dbb7e8335 100644 --- a/test/results/default/iphone.pcap.out +++ b/test/results/default/iphone.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_usec":1582454552576659,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -108,7 +108,7 @@ 01134{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598373077,"flow_src_last_pkt_time":1582454598373077,"flow_dst_last_pkt_time":1582454598412843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1582454598412843,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mesu.apple.com","domainame":"mesu.apple.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.253.105.202,ttl=15","17.253.53.203,ttl=15"]}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598413932,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598413932,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598414051,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/WnAqAIRX2UZNcWQAbugppiojD2gk4AYBAtyOwAAAQEIChHf524i0AShFgMBAgABAAH8AwMW\/vdiXnKGt2kAM475LRdq4DAZD5IWJivMSs32aPZe4CBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABwAGgAAF2dzcGUzNS1zc2wubHMuYXBwbGUuY29tABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBRvQycnSvLFzO5Ac0Wc91U3eqgFfR5Utrll4x2uEjNDgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598414051,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598414051,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598416547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598416547,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598416547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598416547,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598418108,"flow_dst_last_pkt_time":1582454598418108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598418108,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -116,7 +116,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598387073,"flow_dst_last_pkt_time":1582454598426588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598426588,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598385187,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598427688,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598447691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598447691,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0RA0AADUGBmRfZRk1wKgCEQG7xZCMPaCToKaarYAQAOvqKgAAAQEICiLQBMUR3+du"} -01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598449324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598449324,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598449324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598449324,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598418108,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598453979,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598459069,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598542807,"flow_src_last_pkt_time":1582454598542807,"flow_dst_last_pkt_time":1582454598542807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598542807,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -212,18 +212,18 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598888448,"flow_dst_last_pkt_time":1582454598888448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598888448,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598888916,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598888916,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598889102,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGHTfAqAIRXHr8UsWWAbuHn+lThYjGHYAYBAsDXwAAAQEIChHf6Ur\/dyjxFgMBAgABAAH8AwPBzadgheRj5PvWKLwSvBgHRWReYUBmRY58bZ7Lfe7D+CBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9QA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABgAFgAAE2lwaG9uZS1sZC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg8pt2q3lQ9HWbBRi6RvIDs4431U3XsDOQIuUc1COGcGsALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598889102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598889102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598892865,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598892865,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598893224,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqrTAqAIREfi5V8WVAbuoGt7pnxPiJoAYBAtl8wAAAQEIChHf6VPpLCwFFgMBAgABAAH8AwPupC\/\/Idf\/TKV61u4UD47k+sXPhTWRB8OAqYTTHEr2LyB7RNdSKNgM9EL2qrN2iyDWEEsm1843GXQB9crRbp8tlwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACMAIQAAHnAyNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCDleNDTQhj0xF8bnwK051jtivCaSKiZkunSXcl4Va+AgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAL8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598893224,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598925453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598925453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0z7EAADUGmoxcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOuwTQAAAQEICv93KWwR3+lK"} -01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598926093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598926093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598926093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598926093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598888448,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598926741,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598934682,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598934682,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598934804,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG0JzAqAIRaEk9HsWXAbvBeeAbaSF1XIAYBAsuXAAAAQEIChHf6XagrSHdFgMBAgABAAH8AwNtBQ39ZZolUQlIKZvwJ9K7La1xqdRBloywOH0GLRPkhCDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWNsNC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgkut+xvbl0enT8wHxxvt3I2L9WcgyzsmX6TenEv+j7w0ALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598934804,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598934804,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598972842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598972842,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0b4QAADUGrh9oST0ewKgCEQG7xZdpIXVcwXniIIAQAOsGOAAAAQEICqCtIgsR3+l2"} -01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598974332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598974332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598974332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598974332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599039138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599039138,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0NCoAADEGx5ER+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6sCYwAAAQEICuksLLIR3+lT"} 01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599041842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599041842,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 03999{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599054383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454599054383,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F","blocks":0}}} @@ -282,11 +282,11 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599934729,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599967985,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1582454600080813,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600080813,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454600080888,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGzG7AqAIRXHtNGsWbAbupO4D6VGVqJ4AYBAvCNgAAAQEIChHf7eAzMbcgFgMBAgABAAH8AwOVQZ8FnUDf4cuVlN3Dfe\/tO8oLU\/pP+UZ2rTRx02gYWCC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXBsYXkuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCvIr1kF5VgJNd\/0ntXVaysO1Tdse1BkZg8MzZDFY0NfAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600080888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600080888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600115292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600115292,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cJ0AADUGqNhce00awKgCEQG7xZtUZWonqTuC\/4AQAOtswQAAAQEICjMxt7IR3+3g"} -01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600116695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600116695,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600116695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600116695,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454600252426,"flow_dst_last_pkt_time":1582454600287478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1018,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2233,"flow_dst_tot_l4_payload_len":5676,"midstream":0,"thread_ts_usec":1582454600287478,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":67409.2,"max":654765,"stddev":146324.1,"var":21410738176.0,"ent":2.9,"data": [34116,36074,120,34743,1609,104,2287,55,140235,397,7279,143339,13,33865,58,1492,19,11,252,423,44,150,34850,6,1213,30,128241,155238,167955,510701,654765]},"pktlen": {"min":40,"avg":299.4,"max":1492,"stddev":449.8,"var":202280.4,"ent":3.8,"data": [64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52]},"bins": {"c_to_s": [9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1],"entropies": [4.410132408,5.160978794,5.101186275,4.520410061,5.142373085,6.747455597,7.544580936,7.534257412,7.316954136,4.932822704,5.009746075,6.044896126,5.671187878,6.038887501,4.985801220,5.024262905,5.722696304,5.781558990,5.543742657,7.804463387,5.504428864,7.447539806,5.482206821,4.932822704,5.457657814,4.988526344,4.974009514,4.894361019,7.697007179,5.009746075,4.521928787,5.089394093]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600290030,"flow_dst_last_pkt_time":1582454600371223,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":5165,"midstream":0,"thread_ts_usec":1582454600371223,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":25541.8,"max":147307,"stddev":44603.2,"var":1989448704.0,"ent":3.2,"data": [33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566]},"pktlen": {"min":52,"avg":322.1,"max":1492,"stddev":461.1,"var":212650.1,"ent":3.9,"data": [64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1],"entropies": [4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600290030,"flow_dst_last_pkt_time":1582454600371223,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":5165,"midstream":0,"thread_ts_usec":1582454600371223,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":25541.8,"max":147307,"stddev":44603.2,"var":1989448704.0,"ent":3.2,"data": [33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566]},"pktlen": {"min":52,"avg":322.1,"max":1492,"stddev":461.1,"var":212650.1,"ent":3.9,"data": [64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1],"entropies": [4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 02207{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454600432880,"flow_dst_last_pkt_time":1582454600398737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":13211,"flow_dst_tot_l4_payload_len":8177,"midstream":0,"thread_ts_usec":1582454600432880,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":109285.4,"max":803512,"stddev":185220.7,"var":34306707456.0,"ent":3.4,"data": [145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245]},"pktlen": {"min":52,"avg":721.0,"max":1492,"stddev":667.3,"var":445284.8,"ent":4.3,"data": [64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492]},"bins": {"c_to_s": [8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0],"entropies": [4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454600454021,"flow_src_last_pkt_time":1582454600454021,"flow_dst_last_pkt_time":1582454600454021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600454021,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1582454600454021,"flow_dst_last_pkt_time":1582454600454021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1582454600454021,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} @@ -298,9 +298,9 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1582454600508065,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454600541627,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1582454600545275,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600545275,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454600545389,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/mnAqAIRX2UYNcWcAbsi3fgfxZi1QIAYBAuKRgAAAQEIChHf76yI0z6tFgMBAgABAAH8AwOiR+2o6dU1g3+Svap+gZcnw25M6wGbHtuAePAdQo0oAiAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXN5bmMuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBtkoBkQDrwLLXqjG5TumykfSzBBltHwjkMpbOHvdDHVQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600545389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600545389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600579000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600579000,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0r2YAADUGnApfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOsTGQAAAQEICojTPtMR3++s"} -01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600580592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600580592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600580592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600580592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1582454553219847,"flow_src_last_pkt_time":1582454596366527,"flow_dst_last_pkt_time":1582454553219847,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}} 00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454595354441,"flow_src_last_pkt_time":1582454595354441,"flow_dst_last_pkt_time":1582454595354441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454556158287,"flow_src_last_pkt_time":1582454586170857,"flow_dst_last_pkt_time":1582454556158287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -318,7 +318,7 @@ 00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599054579,"flow_src_last_pkt_time":1582454599054579,"flow_dst_last_pkt_time":1582454599054579,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598373077,"flow_src_last_pkt_time":1582454598373077,"flow_dst_last_pkt_time":1582454598412843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mesu.apple.com"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598212900,"flow_src_last_pkt_time":1582454598212900,"flow_dst_last_pkt_time":1582454598252214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gsp85-ssl.ls.apple.com"}} -00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454599079456,"flow_dst_last_pkt_time":1582454599077950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6498,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454599079456,"flow_dst_last_pkt_time":1582454599077950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6498,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598209581,"flow_src_last_pkt_time":1582454598209581,"flow_dst_last_pkt_time":1582454598248721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gspe35-ssl.ls.apple.com"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454599065380,"flow_src_last_pkt_time":1582454599065380,"flow_dst_last_pkt_time":1582454599105084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gsa.apple.com"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713413,"flow_src_last_pkt_time":1582454598713413,"flow_dst_last_pkt_time":1582454598760726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":170,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cl4.apple.com"}} @@ -335,8 +335,8 @@ 00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454560698945,"flow_src_last_pkt_time":1582454560698947,"flow_dst_last_pkt_time":1582454560698945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454598373420,"flow_src_last_pkt_time":1582454599396209,"flow_dst_last_pkt_time":1582454598373420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1582454553606988,"flow_src_last_pkt_time":1582454586688849,"flow_dst_last_pkt_time":1582454553606988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1926,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"luca’s imac._odisk._tcp.local"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598754938,"flow_dst_last_pkt_time":1582454598750144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1018,"flow_dst_tot_l4_payload_len":8028,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600678062,"flow_dst_last_pkt_time":1582454600676472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2685,"flow_dst_tot_l4_payload_len":6914,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598754938,"flow_dst_last_pkt_time":1582454598750144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1018,"flow_dst_tot_l4_payload_len":8028,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600678062,"flow_dst_last_pkt_time":1582454600676472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2685,"flow_dst_tot_l4_payload_len":6914,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454582628608,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1582454553607048,"flow_src_last_pkt_time":1582454586688899,"flow_dst_last_pkt_time":1582454553607048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"luca’s imac._odisk._tcp.local"}} 01006{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1582454598387073,"flow_src_last_pkt_time":1582454598716744,"flow_dst_last_pkt_time":1582454598589196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":131,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":131,"flow_dst_tot_l4_payload_len":696,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","proto_id":"7.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"captive.apple.com"}} @@ -345,15 +345,15 @@ 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":21,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454600734115,"flow_dst_last_pkt_time":1582454600748726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":65051,"flow_dst_tot_l4_payload_len":8177,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454600252426,"flow_dst_last_pkt_time":1582454600287478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1018,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2233,"flow_dst_tot_l4_payload_len":5676,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454600279222,"flow_dst_last_pkt_time":1582454600277877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1018,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2309,"flow_dst_tot_l4_payload_len":5604,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598934663,"flow_dst_last_pkt_time":1582454598926730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5298,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600426939,"flow_dst_last_pkt_time":1582454600393972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":6110,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com"}} +00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598934663,"flow_dst_last_pkt_time":1582454598926730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5298,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600426939,"flow_dst_last_pkt_time":1582454600393972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":6110,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454600719221,"flow_dst_last_pkt_time":1582454598791328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":4859,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454600719163,"flow_dst_last_pkt_time":1582454598750163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":999,"flow_dst_tot_l4_payload_len":4859,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454599058356,"flow_dst_last_pkt_time":1582454598935201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1049,"flow_dst_tot_l4_payload_len":4265,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454585624880,"flow_src_last_pkt_time":1582454585624880,"flow_dst_last_pkt_time":1582454585624880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454585625038,"flow_src_last_pkt_time":1582454585625038,"flow_dst_last_pkt_time":1582454585625038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454600252093,"flow_dst_last_pkt_time":1582454600443725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":3842,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":500,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":356,"global_ts_usec":1582454600748726} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":500,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":356,"global_ts_usec":1582454600748726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/486 ~~ skipped flows.............: 0 @@ -362,9 +362,9 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9304107 bytes -~~ total memory freed........: 9304107 bytes -~~ total allocations/frees...: 141864/141864 +~~ total memory allocated....: 10070213 bytes +~~ total memory freed........: 10070213 bytes +~~ total allocations/frees...: 155834/155834 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 4004 chars diff --git a/test/results/default/ipp.pcap.out b/test/results/default/ipp.pcap.out index aa2c4c139..e690c5c64 100644 --- a/test/results/default/ipp.pcap.out +++ b/test/results/default/ipp.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1210953938216729} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1210953938216729} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953938217203,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217203,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217778,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="} @@ -25,7 +25,7 @@ 01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938237615,"flow_dst_last_pkt_time":1210953938237601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":430,"flow_dst_tot_l4_payload_len":501,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}} 01258{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":84,"flow_first_seen":1210953938235230,"flow_src_last_pkt_time":1210953939433071,"flow_dst_last_pkt_time":1210953939433061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":201,"flow_src_tot_l4_payload_len":227621,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}} 01253{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1210953939430652,"flow_src_last_pkt_time":1210953939492942,"flow_dst_last_pkt_time":1210953939492928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":267,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":279,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1210953939492942} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":279,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1210953939492942} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 279/277 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8658038 bytes -~~ total memory freed........: 8658038 bytes -~~ total allocations/frees...: 140850/140850 +~~ total memory allocated....: 9422476 bytes +~~ total memory freed........: 9422476 bytes +~~ total allocations/frees...: 154816/154816 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 2430 chars diff --git a/test/results/default/ipsec_isakmp_esp.pcap.out b/test/results/default/ipsec_isakmp_esp.pcap.out index 194b67cb0..d4d57d0a9 100644 --- a/test/results/default/ipsec_isakmp_esp.pcap.out +++ b/test/results/default/ipsec_isakmp_esp.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946744635161000} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946744635161000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946744635161000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_usec":946744635161000,"pkt":"eJS0JASgYDjgxTWgCABFAANMRLRAAD8RBzLAqAJkbe27wTikEZQDOKGBAAAAALZO8yExpIlShrq9OQSIaVUuICMIAAAAAQAAAywjAAMQxP+M24ss5zxVviUOnYt8V91Yfad7H5TKYI1AzQJmVQ1775vqK4lAOGdGsvlvOkX2Namze+gxnoVLyUAsp8SwHxJQwtql3LAOZXSDDfTnjzJHUODCqYiBpOt6uikxP095kw8q3tMwzSSPxcuj7XnW6PzRBCGEtG5neD4sVk+l1JkUVcikyt4uOcC\/FA8QvmxhLpkegjtMpjAsxLE3vpMBtiZj+zT0jhYqc9k6vSPwaeAn85HWGyImbG4DzrmeTU5UQgHG42GPzTrJc4WLmObte9S00AsQVQ9A9LBK7HPddpmzlyoydy05a7OrcGa87mSenEZtlJg6Srp22ovHxgUAaNXH5mPObtMfqQ\/ZO07eMESAHqJ0a5Gd6IHROQKUZIGLAHdP0GpNPOgz2hcQhC5MCG8SlPoyqs7YHAhIq7dkn82ncfrQg5LG4rFBalatIKS6za3YCBaUd6HgjP76noPl8Do6aqlBwL8fyDSwzzm05t4rCUJTqDfHbdLklbf0nPbCgstxAP6c4hbiTTjn\/qk7utZRt9YQcbWpqDJcanmCdmb1nL0mJbhqNJKT0laV1UV3x3fjRglRQgmAhhs2hUSJo0d4NihfES7R2EorTgVqgQI4yo5XdLXhVuIgKP4Ku8zRjlfJmEVoLMy3a7RLdjn6RWIc0T1R9cczYK8i8MjgqoZquR76DAlISwr878UZk6Dw9jKHBkUClj00siMfCWOzBAbTMxpNKDHfy5dB\/OC4DjkU8Jx5Ww4kZ1bGo0YToz8QCnkfhb905KjwaC0BtYJKhTYqKepBpdMk1ABAYnlGAgpGml\/BnBm2gK1KR+5V00l\/SciWQJHFxEldf+2DOoJtw884NKtF1vFW7EhPfWqLyLXCFeo6LZks4jdktwG9EUQtt4BLPuvVyXAU3LtPeLt60tAwN\/SuEqqQh6CheihsGUzntaWNdK9vF\/rZwhofpjFdB6Jch8YOvyjSwYpP+j6pyZmT7Nw0n6FlxB2xOH4XiWJP3RrVBIW46wWavhUPTR1GC0LhX7Jubx5eaacA"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946744635161000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -16,13 +16,13 @@ 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946744683923000,"flow_dst_last_pkt_time":946744638499000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946744683923000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkUf9AAD8R+g7AqAJkbe27wSkEAfQDEIC\/ptvAsDZxz3MAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAKPdYigCp+92KcKsuEXZlhnHEhuifLSZc8ZATBK6Am\/FFkwLlLxi01\/su8846WqabjAARNRwfB5z5193Pwphmzmp266RnBoUl\/3pz4mlU\/n9muh+gHNxHK+YFKeysDnwZmLXN750iFjSq5jxx6VyhfOwRA8rRoUTc\/7ouz932qxpKQAAJLQ7vRlmydL+Ul7bbDT08bC8+Hw80zjeO6j+Uiw0ZsUfKQAAHAAAQAQxxY4jLA7mgVTyahplR1WBbxOGLAAAABwAAEAFT\/jiVZwITEymCyywlo+4FnUs+\/Q="} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946744683965000,"flow_dst_last_pkt_time":946744683994000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946744683994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744638478000,"flow_dst_last_pkt_time":946744638499000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":416,"flow_src_tot_l4_payload_len":6820,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":946744683994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":946745300340000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":946745300340000} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745300381000,"flow_dst_last_pkt_time":946745300411000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946745301909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745301909000,"flow_dst_last_pkt_time":946745301906000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":11540,"flow_dst_tot_l4_payload_len":3360,"midstream":0,"thread_ts_usec":946745301909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 02243{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745723299000,"flow_dst_last_pkt_time":946745723443000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":12356,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":946745723443000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":70207096.0,"max":662067000,"stddev":185660096.0,"var":34469670203424768.0,"ent":2.0,"data": [122000,677000,771000,222000,34000,2372000,0,1000,23000,2387000,0,0,22000,24000,661960000,662067000,681000,743000,195000,34000,407000,0,0,421000,0,4000,138000,188000,12771000,421390000,408766000]},"pktlen": {"min":108,"avg":528.1,"max":1360,"stddev":468.7,"var":219671.5,"ent":4.5,"data": [844,236,140,108,124,444,1360,1360,928,1360,160,160,160,928,160,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236]},"bins": {"c_to_s": [0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0],"s_to_c": [0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1],"entropies": [7.741627216,6.965078831,6.116603374,5.779674053,6.059063911,7.410885334,7.860165119,7.863566875,7.772638798,7.854592800,6.636003017,6.657938480,6.612657070,7.764769077,6.596687317,7.754736900,6.881987095,6.222157478,5.801217556,6.004589081,7.442288876,7.852550507,7.852631569,7.794322968,6.638905048,6.506283283,6.772091866,7.817639828,6.695438385,5.748310089,7.756398201,6.820323944]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745723231000,"flow_dst_last_pkt_time":946745723263000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":6304,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":946745725650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745725650000,"flow_dst_last_pkt_time":946745725647000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":16260,"flow_dst_tot_l4_payload_len":5568,"midstream":0,"thread_ts_usec":946745725650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":946747247312000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":946747247312000} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745723231000,"flow_dst_last_pkt_time":946745723263000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":6304,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":946747248846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":30,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747248843000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7776,"midstream":0,"thread_ts_usec":946747248846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946747261671000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946747261671000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":946747358471000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946747358471000,"pkt":"eJS0JASgYDjgxTWgCABFAAMky5lAAD8RgHTAqAJkbe27wSkEAfQDENE8Xx5ARHc3sUwAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALUzPvLATEvPAmt1+v3XgV5BrU6J8VIxBpzDlj7BbeRNWAeR+8a6CYsZa06yqW3zsF6dcdKcWUe6Yw5aaNYgBvSZpq61fWVMVSdZ8vTOeYSlweaX2ssPB\/CLmB1N5ipdRNjAgrEkk9c1K4SgeaBkstUpKGoCBtx3xfTXB+gmzf1VKQAAJNNNASfat4S6z1UcMvvGsu3JcFrPuvzdGt3NKTAK0PVQKQAAHAAAQASzXyQsxaFEsHhWCH0QAz432xWiKQAAABwAAEAFGLDWKxL5PHcyhK2S4pdCoubwZjU="} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946747358511000,"flow_dst_last_pkt_time":946747358542000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946747358542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7856,"midstream":0,"thread_ts_usec":946747358542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":946748116878000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":946748116878000} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7856,"midstream":0,"thread_ts_usec":946748116945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946748116917000,"flow_dst_last_pkt_time":946748116945000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748116945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748252067000,"flow_dst_last_pkt_time":946748252067000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946748252067000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -61,11 +61,11 @@ 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":946748298621000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946748298621000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk81pAAD8RWLHAqAJkbe27wykEAfQDEL4wXlzqAsgd3NEAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAABGkLDJYlvimMVikZIJao0l8nDn5kMqeV19l95wHRHg9qC4yVoqQEAO1wxZCuFKvX1LBIU3s3wsGe2N4evBpjao\/Pny14kuwEp6ydRCF3auK2xgcGKEllo4hRl7tYj+cK0SHIn+CMGzAqT3kd2PlYpMZaQJfJG+3Ev+EkkpdUOoeKQAAJP6NnJfRkTTcKCv\/VqdU4oNffpYomKHKD1rwmiNSWBc0KQAAHAAAQATpeanOKc+14oR62Hrez\/POQ4Wy9QAAABwAAEAF\/Ci4af9LO9\/uVfyqcmROV6J9p6c="} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946748116917000,"flow_dst_last_pkt_time":946748116945000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748298684000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748253414000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946748298684000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":127,"packets-processed":126,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":946748870137000} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":127,"packets-processed":126,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":946748870137000} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748266345000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748870175000,"flow_dst_last_pkt_time":946748870202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748871542000,"flow_dst_last_pkt_time":946748871538000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4336,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":68,"global_ts_usec":946749778334000} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":68,"global_ts_usec":946749778334000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946749778334000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946749778334000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk5zNAAD8RZNnAqAJkbe27wikEAfQDEPyMUUmluBAEMEQAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEoKTmI3ubu6ZxWhplC\/I3GrOhdR2Ahrzg1cl5K7CGOqmD9LmmvBVQSrauKwYuvsfoAIPoWocHQoMo7f5ymv4IPWL+HbeAEosPePp10VCe7il3eMSwG\/INdrGrGu21qwlO\/+efSCGs3uGrG1SV6gA+E\/oPdzfBUNqf\/aMnkpkFwcKQAAJMgQNb6ePi189Vo1zI09B5mQSHqhnrJrpjWKCSmy16flKQAAHAAAQATK6hMad2HUkIE350RaQYXRyGPbFgAAABwAAEAFiTzfmy4vUiSu\/dsxMvaGgLvptZw="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946749778334000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -81,13 +81,13 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":946749779343000,"flow_dst_last_pkt_time":946749779338000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":946749779343000,"pkt":"eJS0JASgYDjgxTWgCABFAAB8539AAD8RZzXAqAJkbe27wjikEZQAaLvWAAAAAFFJpbgQBDBELFuvwAKAaBsuICMIAAAAAwAAAFwnAABAaLDB2lNfq5sjiritMiyPVcJ5MmrNl4SJCasAkAUouZiTrZ8tDkbm1r1Trbr79D49MfumEFkLpOp1YiWs"} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748870175000,"flow_dst_last_pkt_time":946748870202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946749779886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748871542000,"flow_dst_last_pkt_time":946748884718000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":946749779886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":946750800427000} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":946750800427000} 01562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946749778401000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946750802633000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkr8NAAD8RnEnAqAJkbe27wikEAfQDELXOkEkalVBl\/K0AAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAPyiRqRb\/A0IFjOXjhDiq5RFCImpZ68NNwcQxBZvgJzrKNK3+3xuRAJ7jQNQpEgz+2L\/Td5c14rGxSZM6w9sUYgwqqMGXpA72jiv\/4czuKxD6SbMc+8pGVZ\/1CSN9hccLjaN\/KNarwgaRjmkaTYnGsewHe4MLp6coknVTYnEyT2TKQAAJEJGvKF8VnGtvSnxxMrOeTU3kL1E+nVj3FJ6ZUXX52S9KQAAHAAAQATEmVA1Ayed3Mzf6OPwNFqxXeNCkgAAABwAAEAFVSBGs\/2jTbJ\/AAS7m7ud3qwGOy8="} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802633000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946750802633000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946749778420000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9588,"flow_dst_tot_l4_payload_len":4224,"midstream":0,"thread_ts_usec":946750802633000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946750900940000,"flow_dst_last_pkt_time":946750900970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946750900970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946749778420000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9588,"flow_dst_tot_l4_payload_len":4224,"midstream":0,"thread_ts_usec":946750900970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":188,"packets-processed":187,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":946752053636000} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":188,"packets-processed":187,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":946752053636000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946752053636000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946752053636000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkWWVAAD8R8ojAqAJkbe274SkEAfQDENTXeUX3Y1A5a1kAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALThkEvRFh99w4WJc3PWJxtg4Z5V\/W3ZXRxrm6NQH9u7KE06SIwEbersniw6hQWHyxhQ\/2rtv\/KS8MHCWu0\/UpEV6GCC8Jwl2D64n3IinW1UqpoDH3zgj5vP09DAsAYR\/lGdfNJjst9m4S0ICUVBjGwV2UlMv+ec0yUwblf\/QpdFKQAAJBN5hRLS4vKI93k9Qqglp8VdaUkpxICKhR0a7HBjyUJnKQAAHAAAQATaubyY8VWsI4Z6WQt6ODtfgtlAogAAABwAAEAFkYhaxcMPMkFLeVrj\/VCjsI8u34M="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946752053636000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -118,11 +118,11 @@ 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":946752615801000,"flow_dst_last_pkt_time":946752615796000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":946752615801000,"pkt":"eJS0JASgYDjgxTWgCABFAAB8YjtAAD8R7LjAqAJkbe27gzikEZQAaKKDAAAAAJOFGPFj\/apXtO8xDwLcetkuICMIAAAAAwAAAFwnAABAYgQABklwqk19f3RLLUrXcdZeQThgHvokOw7ZgiIiV+xRm\/Vegbdr0vddHFArr2AxvmIdMXYfOPpikICD"} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053676000,"flow_dst_last_pkt_time":946752053697000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":1576,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":946752616641000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01193{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946752053740000,"flow_src_last_pkt_time":946752055364000,"flow_dst_last_pkt_time":946752068592000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946752616641000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":226,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":946753056378000} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":226,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":946753056378000} 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":946753056378000,"flow_dst_last_pkt_time":946752614899000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946753056378000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk4A9AAD8RbDzAqAJkbe27gykEAfQDEL8VqoLIT\/EzCLAAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAOdvu1j09owjt9UvseK9VIuxoPZR\/bYWO5S4TN7oD3jev443nVodeHch6RFayzZEki5emMomRCrgNFuvlRgaeRpHEemxNYFdAWJKFtbMtNDl30\/geXBa5nSc5USTy9ixtngfOPCaTM957Vt8FfYS+xLvKJ1ZIlggi4aea4oqGzEWKQAAJB64swUSkLQn4x1pHHMTfvky6JcWpGBjhuSQsyO5UHP2KQAAHAAAQATXS05uAu8\/AgvnrnqUJli+KXDKcwAAABwAAEAFE4a6Haq4k5w5SGwuMbDqbj1ZWRI="} 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946752614840000,"flow_src_last_pkt_time":946753056415000,"flow_dst_last_pkt_time":946753056444000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946753058099000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":946752614924000,"flow_src_last_pkt_time":946753058099000,"flow_dst_last_pkt_time":946753058095000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4336,"midstream":0,"thread_ts_usec":946753058099000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":245,"packets-processed":244,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":946756085796000} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":245,"packets-processed":244,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":946756085796000} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946756085796000,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946756085796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_usec":946756085796000,"pkt":"eJS0JASgYDjgxTWgCABFAAHMAuBAAP0RjIXAqAJkbe27wasjEZQBuEiAAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMIAAAAAQAAAawjAAGQQF79b6huHtPKErITdIUO\/QjlpSHswO\/9ioYhBnLYsJUoIUmfnUpBr3Po\/OdJJVNMepzAOvSeggL2pjZTj9dKmnR3\/PM3fhBDF8NcMDQbBXvC7QxTKJZTnUfkk881X5a\/g77eRsDByk24BKRFupHgXm9JxMuUqz9AuVOnm4NBfwKTMVXjUNEQtkAzVuhsDcyqKusYnJ81cfYdIk5LwLgUQczUBvlDCka3OorgvxScDCOZppjI661UpcnKSAOl10AUzitOXX4Sf1q4\/2+eSwMmz9NIx5gR4C8OsKHWrS46IlJialinycMwsZsTGmE66+bCHIal8y8Ar1mZux6G9skkXM0\/xDcT8HX0NJm3xHn4rYAEy6+FVyThDICTkGOQ8\/OGbAHfatyTPGmM7gUHR\/CIqk2d\/5qVY\/q+N89fy1rlbMoNv1B8muSwUse4B1yQM9+HJ7F8cmircdWKEpZAIvPkrObfa2jQuXUNlIRVLPokutIPku+Rs972Lm4Ub8AH5EGOnNdgwZBbtxuUUUg4"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946756085796000,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946756085796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -139,7 +139,7 @@ 01147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":946756088542000,"flow_dst_last_pkt_time":946756088542000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_usec":946756088542000,"pkt":"eJS0JASgYDjgxTWgCABFAAHsAt5AAP0RjGfAqAJkbe27wasjAfQB2PjuV1VaYDODcC0AAAAAAAAAACEgIggAAAAAAAAB0CIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAA4DAAAIBAAABQAAAAgEAAACKAABCAAOAAASaTFF62fUXHpfs421Rj\/gYaPc2AkWEe7D1IKcm3l6qaEq6h066W69gZ+A399DYsfZndmEGgax9bhjEGbDeL91KQ5kk8G\/ZkID33MXl58dgACMQOV2mwGoscE8xtRB+E32RcQuG7Nonwhc00cnnFpxVz54FULdUSbtCVV\/NJupUcqjc6oaj9SBnERU6TDP8ODv30ZRO8RPNYMJ\/Ci\/se1NSrmxSgCJbX4M7XFLRP+h1qNGc6gcZZyTDUYfAjaqE5Mcwoz2lDCUcBdmnuShzdw+sjHtwCatv+tdhBkIHppgjI3v+rdOmcf6h4xWdhiO2fobg7Zsnzmo+WEBgaX0p7s5KQAAGFc4NCc5\/VYp3Uji1ua\/t8i0d0i9KQAAHAAAQARFpSuayCZd17VHTR3uyF2NADufcwAAABwAAEAFsrc\/ZzzlOYJlIxNu77WxSEj0O24="} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946752614840000,"flow_src_last_pkt_time":946753056415000,"flow_dst_last_pkt_time":946753056444000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946756088542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946752614924000,"flow_src_last_pkt_time":946753058099000,"flow_dst_last_pkt_time":946753071332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":946756088542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":268,"packets-processed":267,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":142,"global_ts_usec":946763512822000} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":268,"packets-processed":267,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":142,"global_ts_usec":946763512822000} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946763512822000,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946763512822000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946763512822000,"pkt":"eJS0JASgYDjgxTWgCABFAAMktR9AAD8Rly7AqAJkbe27gSkEAfQDENJ58zGl\/JiX39YAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAEvBr7sbEdUTWJ9k0dBABmZc7Ejd5+fgls2LInhXPIXof0NGEf3ShDQhLWvQwyrTOHoJp6BSg\/WQ2FpE\/0RoQC4TiwB6y71I8UIovX\/cQ1SapOMuGfW9hy4WHSvXuIUgOPrCXk2h1ct5lmyWAa1qglm\/4yOrGLSsZjKKjJ5jEBzKQAAJL+95CschzVY1HdnEYlr8vcXlCOBsIZVHpL4JvobbKxYKQAAHAAAQAROj53iX5wS\/J4WHCSCKNNw1F6keAAAABwAAEAF52RZaVEd3q0Q2WSKx4bLcB8WYWw="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946763512822000,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946763512822000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -318,7 +318,7 @@ 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":33,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":18700,"flow_dst_tot_l4_payload_len":13920,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946763512920000,"flow_src_last_pkt_time":946763514604000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":834,"packets-processed":834,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":416694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":20,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":321,"global_ts_usec":946763527783000} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":834,"packets-processed":834,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":416694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":20,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":321,"global_ts_usec":946763527783000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 834/834 ~~ skipped flows.............: 0 @@ -327,9 +327,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8754382 bytes -~~ total memory freed........: 8754382 bytes -~~ total allocations/frees...: 141755/141755 +~~ total memory allocated....: 9519876 bytes +~~ total memory freed........: 9519876 bytes +~~ total allocations/frees...: 155721/155721 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 573 chars ~~ json message max len.......: 2248 chars diff --git a/test/results/default/ipv6_in_gtp.pcap.out b/test/results/default/ipv6_in_gtp.pcap.out index 61474d87e..5cf18a748 100644 --- a/test/results/default/ipv6_in_gtp.pcap.out +++ b/test/results/default/ipv6_in_gtp.pcap.out @@ -1,11 +1,11 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1536839120404326} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1536839120404326} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536839120404326,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536839120404326} 00500{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1536840494424533} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1536840494424533} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536840494424533,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536840494424533} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1536840494424533} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1536840494424533} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/0 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 304 chars ~~ json message max len.......: 816 chars diff --git a/test/results/default/iqiyi.pcap.out b/test/results/default/iqiyi.pcap.out index fbf76e167..6e3d2b419 100644 --- a/test/results/default/iqiyi.pcap.out +++ b/test/results/default/iqiyi.pcap.out @@ -1,11 +1,11 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713802717628036} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713802717628036} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713802717628036,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802717628036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713802717628036,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"116.211.199.199","src_port":50412,"dst_port":16600,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802717628036,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":163,"pkt_l4_len":143,"thread_ts_usec":1713802717628036,"pkt":"RQAAo3XeQABAEc\/4CtetAXTTx8fE7EDYAI85khxAhwBEdHF6pPgrtzAH9GsCAAAAAAAAFJfdTmBscmVis14SaQ7j4ckAAAAAAACgIYIEAQAIAAwoAQIAAAAAAAAAAAAAAAoAAQAYAAUIAAD\/\/wAAAAAAAAAAAAAAAAAAAFBQU3RyZWFtAABAHbT1QnoJAAEMwIrER+lAn7VOD3NGKPXiYWT40w=="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713802717628036,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802717628036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713802717628036,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"116.211.199.199","src_port":50412,"dst_port":16600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"iQIYI","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802718068540,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":164,"pkt_l4_len":144,"thread_ts_usec":1713802718068540,"pkt":"RQAApAAAQABAEUXWdNPHxwrXrQFA2MTsAJAAAJxgiABVdRd6pPgrtzAH9BsKAAAAAAAAFJfdTmBscmVis14SaQ7j4ckAAAAAAAAUAAAAAAAAADwA\/nj\/RhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMO\/nl5WrwE="} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1713802717628036,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802718068540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1713802718068540,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"116.211.199.199","src_port":50412,"dst_port":16600,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"iQIYI","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1713802718068540} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1713802718068540} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644900 bytes -~~ total memory freed........: 8644900 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409274 bytes +~~ total memory freed........: 9409274 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 974 chars diff --git a/test/results/default/irc.pcap.out b/test/results/default/irc.pcap.out index 7598fc22b..b2e6acf04 100644 --- a/test/results/default/irc.pcap.out +++ b/test/results/default/irc.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1387554241634815} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1387554241634815} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241634815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387554241634815,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241634815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387554241634815,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241665525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387554241665525,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="} @@ -8,7 +8,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1387554241665610,"flow_dst_last_pkt_time":1387554241695656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1387554241695656,"pkt":"ABNyxPHhANAr0XYACABFAAA0CCBAADIGK\/4m5UYUCrSc+R9As2GRFS02aTHw6YAQAFtTTgAAAQEICjBIJRa+wg9E"} 01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554241695673,"flow_dst_last_pkt_time":1387554241695929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":62,"midstream":0,"thread_ts_usec":1387554241695929,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IRC","proto_id":"65","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":9,"category":"Chat"}} 01309{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554256171358,"flow_dst_last_pkt_time":1387554256201831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":114,"flow_dst_tot_l4_payload_len":6901,"midstream":0,"thread_ts_usec":1387554256201831,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IRC","proto_id":"65","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":9,"category":"Chat"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1387554256201831} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1387554256201831} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647775 bytes -~~ total memory freed........: 8647775 bytes -~~ total allocations/frees...: 140565/140565 +~~ total memory allocated....: 9412149 bytes +~~ total memory freed........: 9412149 bytes +~~ total allocations/frees...: 154531/154531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 1314 chars diff --git a/test/results/default/iso9506-1-mms.pcap.out b/test/results/default/iso9506-1-mms.pcap.out index 55e6ae903..76dfbfac4 100644 --- a/test/results/default/iso9506-1-mms.pcap.out +++ b/test/results/default/iso9506-1-mms.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1216384411913551} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1216384411913551} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411913551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216384411913551,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411913551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1216384411913551,"pkt":"AAAjBjHKABshAvedCABFAAAwHcpAAIAGunKsEABlrBDKBQVBAGaSqRQbAAAAAHAC\/\/+0KAAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411916598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1216384411916598,"pkt":"ABshAvedAAAjBjHKCABFAAAsDFVAAEAGC+ysEMoFrBAAZQBmBUFKLAn9kqkUHGASIABU9QAAAgQFtAAA"} @@ -8,7 +8,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1216384411916691,"flow_dst_last_pkt_time":1216384411922643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1216384411922643,"pkt":"ABshAvedAAAjBjHKCABFAAAoDFZAAEAGC++sEMoFrBAAZQBmBUFKLAn+kqkUMlAQH+5srgAAAAAAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384411923486,"flow_dst_last_pkt_time":1216384411923392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":189,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1216384411923486,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ISO9506-1-MMS","proto_id":"366","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384412526501,"flow_dst_last_pkt_time":1216384412526472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":374,"flow_dst_tot_l4_payload_len":283,"midstream":0,"thread_ts_usec":1216384412526501,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ISO9506-1-MMS","proto_id":"366","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1216384412526501} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1216384412526501} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647525 bytes -~~ total memory freed........: 8647525 bytes -~~ total allocations/frees...: 140556/140556 +~~ total memory allocated....: 9411899 bytes +~~ total memory freed........: 9411899 bytes +~~ total allocations/frees...: 154522/154522 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 992 chars diff --git a/test/results/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/default/ja3_lots_of_cipher_suites.pcap.out index 73c7b588b..1ea65ed48 100644 --- a/test/results/default/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites.pcap.out @@ -1,5 +1,5 @@ -00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1557818846743554} +00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1557818846743554} 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846743554,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846743554} 00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="} 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846744536,"packet_id":2,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846744536} @@ -22,7 +22,7 @@ 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="} 00315{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846965822,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846965822} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1557818846965822} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1557818846965822} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/0 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 318 chars ~~ json message max len.......: 2360 chars diff --git a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index 421d6f629..f883a631e 100644 --- a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505724520744830} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505724520744830} 00366{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724520744830,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1505724520744830} 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1505724520744830,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505724520744830,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 00368{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501639,"packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526501639} 00462{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724526501623,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724526501639,"flow_dst_last_pkt_time":1505724526702991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1160,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2974,"flow_dst_tot_l4_payload_len":2858,"midstream":0,"thread_ts_usec":1505724526702991,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1505724526702991} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1505724526702991} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645625 bytes -~~ total memory freed........: 8645625 bytes -~~ total allocations/frees...: 140560/140560 +~~ total memory allocated....: 9409999 bytes +~~ total memory freed........: 9409999 bytes +~~ total allocations/frees...: 154526/154526 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 371 chars ~~ json message max len.......: 1948 chars diff --git a/test/results/default/jabber.pcap.out b/test/results/default/jabber.pcap.out index 93f2721a1..824eb6160 100644 --- a/test/results/default/jabber.pcap.out +++ b/test/results/default/jabber.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502379693992994} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502379693992994} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502379723841804,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723841804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502379723841804,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57094,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723841804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1502379723841804,"pkt":"Tl6SKSKGaFs1pN2oCABFAABAZ6hAAEAGAACsEAA+rBABit8GFGbDqJX1AAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKTgMEJwAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723842248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1502379723842248,"pkt":"aFs1pN2oTl6SKSKGCABFAAA8AABAAEAG4NOsEAGKrBAAPhRm3wagxQKCw6iV9qASOJCmRgAAAgQFtAQCCAoAGMyaTgMEJwEDAwc="} @@ -30,7 +30,7 @@ 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1502380249631374,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_usec":1502380249634488,"pkt":"aFs1pN2oTl6SKSKGCABFAAE1Pq1AAEAGoS2sEAGKrBAAPhRm3ylj1cyM0mps5oAYALXYFQAAAQEICgAg0ohOCwBMPGlxIHhtbDpsYW5nPSdlbicgdG89J3RvbUBjcy14bXBwLmxhbi9kYXJrc3RhcicgZnJvbT0nY3MteG1wcC5sYW4nIHR5cGU9J3Jlc3VsdCcgaWQ9J3B1cnBsZWRkZTgwZmRhJz48Y29tbWFuZCBzdGF0dXM9J2NvbXBsZXRlZCcgc2Vzc2lvbmlkPScyMDE3LTA4LTEwVDE1OjUxOjAxLjI1MjkxMlonIG5vZGU9J3BpbmcnIHhtbG5zPSdodHRwOi8vamFiYmVyLm9yZy9wcm90b2NvbC9jb21tYW5kcyc+PG5vdGU+UG9uZzwvbm90ZT48L2NvbW1hbmQ+PC9pcT4="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1502380249634544,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380249634544,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0YMNAAEAGAACsEAA+rBABit8pFGbSamzmY9XNjYAQH+9aDwAAAQEICk4LAE8AINKI"} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1502380277582533,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1502380277582533,"pkt":"Tl6SKSKGaFs1pN2oCABFAADNNV5AAEAGAACsEAA+rBABit8pFGbSamzmY9XNjYAYIABaqAAAAQEICk4LbPsAINKIPGlxIHR5cGU9J3NldCcgaWQ9J3B1cnBsZWRkZTgwZmRiJyB0bz0ndG9tQGNzLXhtcHAubGFuL2RhcmtzdGFyJz48Y29tbWFuZCB4bWxucz0naHR0cDovL2phYmJlci5vcmcvcHJvdG9jb2wvY29tbWFuZHMnIG5vZGU9J3BpbmcnIGFjdGlvbj0nZXhlY3V0ZScvPjwvaXE+"} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":192,"packets-processed":189,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1502380393542116} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":192,"packets-processed":189,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1502380393542116} 00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1502380213387324,"flow_src_last_pkt_time":1502380213388002,"flow_dst_last_pkt_time":1502380213388141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1502380400412342,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57126,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502380724652555,"flow_src_last_pkt_time":1502380724652555,"flow_dst_last_pkt_time":1502380724652555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502380724652555,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1502380724652555,"flow_dst_last_pkt_time":1502380724652555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1502380724652555,"pkt":"Tl6SKSKGaFs1pN2oCABFAABA60NAAEAGAACsEAA+rBABit87FGY\/5vETAAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKThI3ywAAAAAEAgAA"} @@ -47,9 +47,9 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1502380915486271,"flow_dst_last_pkt_time":1502380915486217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380915486271,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0E55AAEAGAACsEAA+rBABit89FGZwJ5T3nxoW8IAQH+ZaDwAAAQEICk4VHZ0AKvuW"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1502380915486274,"flow_dst_last_pkt_time":1502380915486217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380915486274,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0YBZAAEAGAACsEAA+rBABit89FGZwJ5T3nxoXaIAQH99aDwAAAQEICk4VHZ0AKvuW"} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1502380724652555,"flow_src_last_pkt_time":1502380725074115,"flow_dst_last_pkt_time":1502380725074074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":285,"flow_src_tot_l4_payload_len":654,"flow_dst_tot_l4_payload_len":772,"midstream":0,"thread_ts_usec":1502380919392608,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":260,"packets-processed":243,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1502381519875958} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":260,"packets-processed":243,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1502381519875958} 02299{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1502380915481182,"flow_src_last_pkt_time":1502381566576939,"flow_dst_last_pkt_time":1502381566616902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":1086,"flow_dst_tot_l4_payload_len":2076,"midstream":1,"thread_ts_usec":1502381566616902,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":42007464.0,"max":600487770,"stddev":147104800.0,"var":21639823353708544.0,"ent":1.4,"data": [5033,2,5089,3,217021,217977,974,3684463,3688323,3876,600484177,600487770,3,3561,6,1107,1119,7791,47498,39730,447,62982,63440,253,504,186,80,2,90,46583978,46623992]},"pktlen": {"min":52,"avg":150.8,"max":515,"stddev":117.9,"var":13893.8,"ent":4.6,"data": [291,460,172,52,52,234,515,52,234,179,52,202,256,158,106,52,272,52,100,52,100,52,274,52,100,153,52,52,157,52,187,52]},"bins": {"c_to_s": [9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1],"entropies": [5.572191238,5.460877895,5.502878189,4.891996861,4.853535175,5.455323696,5.262341499,4.891996861,5.508277893,5.549472332,4.853535175,5.489766598,5.608968258,5.516506672,5.456765175,4.747577667,5.601363182,4.800556183,5.462725163,4.870416641,5.430274010,4.908877850,5.580210686,4.647958755,5.434380531,5.509377956,4.699688911,4.762538910,5.683691025,4.646709919,5.424290180,4.908878326]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":289,"packets-processed":270,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1504181789350325} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":289,"packets-processed":270,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1504181789350325} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1504181789350325,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789350325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1504181789350325,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789350325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1504181789350325,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789365849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1504181789365849,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"} @@ -61,7 +61,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":42,"flow_first_seen":1502380175298881,"flow_src_last_pkt_time":1502380177456026,"flow_dst_last_pkt_time":1502380177455920,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":611,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2785,"flow_dst_tot_l4_payload_len":11026,"midstream":0,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57122,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1502380249631374,"flow_src_last_pkt_time":1502380673059689,"flow_dst_last_pkt_time":1502380673059601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":415,"flow_src_tot_l4_payload_len":1810,"flow_dst_tot_l4_payload_len":1679,"midstream":1,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57129,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1502380915481182,"flow_src_last_pkt_time":1502381571702000,"flow_dst_last_pkt_time":1502381571701912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":2292,"midstream":1,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":302,"packets-processed":283,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1642668994159000} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":302,"packets-processed":283,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1642668994159000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994159000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642668994159000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994159000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642668994159000,"pkt":"eJS0JASgYDjgxTWgCABFAAA800FAAD8GO9vAqAJkoCzJZoWqFGdT1L5OAAAAAKAC\/\/8mUQAAAgQFtAQCCAoBJke0AAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1642668994188000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnhar53fA8U9S+T2ASchBjHgAAAgQFrAAA"} @@ -70,7 +70,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1642668994258000,"flow_dst_last_pkt_time":1642668994287000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1642668994287000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoSzhAADQGzvigLMlmwKgCZBRnhar53fA9U9S+lFAQchB6jgAAAAAAAAAA"} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642668994559000,"flow_dst_last_pkt_time":1642668994588000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1642668994588000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1504181789350325,"flow_src_last_pkt_time":1504181789417901,"flow_dst_last_pkt_time":1504181789418468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642669000423000,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":317,"packets-processed":298,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1642778258433000} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":317,"packets-processed":298,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1642778258433000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258433000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642778258433000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258433000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642778258433000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d8hAAD8Gl1TAqAJkoCzJZpLuFGecNBm6AAAAAKAC\/\/9wIgAAAgQFtAQCCAoBEkznAAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258461000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1642778258461000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnku46NBuqnDQZu2ASchBGSwAAAgQFrAAA"} @@ -79,7 +79,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1642778258489000,"flow_dst_last_pkt_time":1642778258516000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1642778258516000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo48VAADQGNmugLMlmwKgCZBRnku46NBurnDQaAFAQchBduwAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778258571000,"flow_dst_last_pkt_time":1642778258598000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1642778258598000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642669300326000,"flow_dst_last_pkt_time":1642669300354000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1642778258609000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":332,"packets-processed":313,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1643022225544000} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":332,"packets-processed":313,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1643022225544000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225544000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643022225544000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225544000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643022225544000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zN5AAD8GQj7AqAJkoCzJZuQUFGd9pY4kAAAAAKAC\/\/92oQAAAgQFtAQCCAoAzZ+rAAAAAAEDAwg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225570000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1643022225570000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRn5BT7kgHsfaWOJWASchD3qAAAAgQFrAAA"} @@ -88,7 +88,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1643022225794000,"flow_dst_last_pkt_time":1643022225820000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1643022225820000,"pkt":"YDjgxTWgeJS0JASgCABFAAAonCxAADQGfgSgLMlmwKgCZBRn5BT7kgHtfaWOalAQchAPGQAAAAAAAAAA"} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022225968000,"flow_dst_last_pkt_time":1643022225994000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1643022225994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778652194000,"flow_dst_last_pkt_time":1642778652221000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1643022226078000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":347,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1644679789249000} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":347,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1644679789249000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789249000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644679789249000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789249000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1644679789249000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86SVAAD8GJffAqAJkoCzJZqHMFGfTtLH2AAAAAKAC\/\/\/oLAAAAgQFtAQCCAoAcfbiAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789279000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1644679789279000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnocwJMPUa07Sx92ASchC\/QwAAAgQFrAAA"} @@ -97,7 +97,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1644679789350000,"flow_dst_last_pkt_time":1644679789379000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1644679789379000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo8ipAADQGKAagLMlmwKgCZBRnocwJMPUb07SyPFAQchDWswAAAAAAAAAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679789719000,"flow_dst_last_pkt_time":1644679789612000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":305,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1644679789719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022526171000,"flow_dst_last_pkt_time":1643022526197000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":303,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1644679789757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":362,"packets-processed":343,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":100,"global_ts_usec":1655985683694000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":362,"packets-processed":343,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":100,"global_ts_usec":1655985683694000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683694000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655985683694000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683694000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655985683694000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eV5AAD8Glb7AqAJkoCzJZoUWFGfmtmUZAAAAAKAC\/\/8wrwAAAgQFtAQCCAoAZQT+AAAAAAEDAwg="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683717000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655985683717000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADQGGimgLMlmwKgCZBRnhRZwZZi25rZlGnASchD1\/AAAAgQFrAEBBAI="} @@ -107,7 +107,7 @@ 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985683850000,"flow_dst_last_pkt_time":1655985683872000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1655985683872000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679824897000,"flow_dst_last_pkt_time":1644679789748000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":339,"flow_dst_tot_l4_payload_len":69,"midstream":0,"thread_ts_usec":1655985690292000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985963380000,"flow_dst_last_pkt_time":1655985963406000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1655985963406000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":376,"packets-processed":358,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1655985963406000} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":376,"packets-processed":358,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1655985963406000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 376/358 ~~ skipped flows.............: 0 @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8706923 bytes -~~ total memory freed........: 8706923 bytes -~~ total allocations/frees...: 141035/141035 +~~ total memory allocated....: 9471649 bytes +~~ total memory freed........: 9471649 bytes +~~ total allocations/frees...: 155001/155001 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2304 chars diff --git a/test/results/default/jrmi.pcap.out b/test/results/default/jrmi.pcap.out index 9b2e7439a..a4ae4bedb 100644 --- a/test/results/default/jrmi.pcap.out +++ b/test/results/default/jrmi.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1718291266163791} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1718291266163791} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1718291266163791,"flow_src_last_pkt_time":1718291266163791,"flow_dst_last_pkt_time":1718291266163791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1718291266163791,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":34450,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1718291266163791,"flow_dst_last_pkt_time":1718291266163791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1718291266163791,"pkt":"AAAAAAAAAAAAAAAACABFAAA8\/GFAAEAGP1h\/AAABfwABAYaSBEv5xj3yAAAAAKAC\/9f\/MAAAAgT\/1wQCCAr\/Ca0RAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1718291266163791,"flow_dst_last_pkt_time":1718291266163822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1718291266163822,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGO7p\/AAEBfwAAAQRLhpIUECmA+cY986AS\/8v\/MAAAAgT\/1wQCCAryONNh\/wmtEQEDAwc="} @@ -8,7 +8,7 @@ 00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1718291266163791,"flow_src_last_pkt_time":1718291266174673,"flow_dst_last_pkt_time":1718291266163822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1718291266174673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":34450,"dst_port":1099,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"JRMI","proto_id":"416","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1718291266174673,"flow_dst_last_pkt_time":1718291266174736,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1718291266174736,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AI9AAEAGOzN\/AAEBfwAAAQRLhpIUECmB+cY9+oAQAgD\/KAAAAQEICvI402z\/Ca0c"} 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":7,"flow_first_seen":1718291266163791,"flow_src_last_pkt_time":1718291266325817,"flow_dst_last_pkt_time":1718291266325789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":323,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1718291266325817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":34450,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"JRMI","proto_id":"416","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1718291266325817} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1718291266325817} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645389 bytes -~~ total memory freed........: 8645389 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9409763 bytes +~~ total memory freed........: 9409763 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 961 chars diff --git a/test/results/default/jsonrpc.pcap.out b/test/results/default/jsonrpc.pcap.out index 631de8605..33c6839bc 100644 --- a/test/results/default/jsonrpc.pcap.out +++ b/test/results/default/jsonrpc.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702942987672326} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702942987672326} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702942987672326,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702942987672326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702942987672326,"pkt":"AAAAAAAAAAAAAAAACABFAAA8+WJAAEAGQ1d\/AAABfwAAAY8mH5DaosURAAAAAKACggD+MAAAAgT\/1wQCCAofUODzAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672335,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702942987672335,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAR+QjyZvObaZ2qLFEqASggD+MAAAAgT\/1wQCCAofUODzH1Dg8wEDAwc="} @@ -17,7 +17,7 @@ 01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1702942987682387,"flow_src_last_pkt_time":1702942987682387,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1070,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"192.168.8.251","dst_ip":"179.99.210.200","src_port":51084,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.JSON-RPC","proto_id":"7.375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"mdotti.dyndns.org","domainame":"mdotti.dyndns.org","http": {"url":"mdotti.dyndns.org\/zabbix\/jsrpc.php?output=json-rpc","code":200,"content_type":"application\/json-rpc","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/39.0.2171.95 Safari\/537.36","request_content_type":"application\/json-rpc","detected_os":"Intel Mac OS X 10_9_2"}}} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702942987672326,"flow_src_last_pkt_time":1702942987682379,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"JSON-RPC","proto_id":"375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702942987682387,"flow_src_last_pkt_time":1702942987682387,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1070,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":615,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"192.168.8.251","dst_ip":"179.99.210.200","src_port":51084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.JSON-RPC","proto_id":"7.375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"mdotti.dyndns.org"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1791,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1702942987682387} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1791,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1702942987682387} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650188 bytes -~~ total memory freed........: 8650188 bytes -~~ total allocations/frees...: 140572/140572 +~~ total memory allocated....: 9414594 bytes +~~ total memory freed........: 9414594 bytes +~~ total allocations/frees...: 154538/154538 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 1964 chars diff --git a/test/results/default/kafka.pcapng.out b/test/results/default/kafka.pcapng.out index ccf700bc5..2c900faa6 100644 --- a/test/results/default/kafka.pcapng.out +++ b/test/results/default/kafka.pcapng.out @@ -1,21 +1,21 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681844706292198} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681844706292198} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681844706292198,"flow_src_last_pkt_time":1681844706292198,"flow_dst_last_pkt_time":1681844706292198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681844706292198,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":49280,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1681844706292198,"flow_dst_last_pkt_time":1681844706292198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1681844706292198,"pkt":"+hY+WLcoABY+cE49CABFAABNF75AAEAGuGysEBFlrB4A7cCAI4TCbO0Rtom0OoAYAepqwAAAAQEICh9sM73hRtgfAAAAFQASAAAAAACBAAdyZGthZmthAAAAAA=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681844706292198,"flow_src_last_pkt_time":1681844706292198,"flow_dst_last_pkt_time":1681844706292198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681844706292198,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":49280,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1681844706292198,"flow_dst_last_pkt_time":1681844706319485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1681844706319485,"pkt":"ABY+cE49+hY+WLcoCABFAAGStuRAAD0GGwGsHgDtrBARZSOEwIC2ibQ6wmztKoAYgAB26gAAAQEICuFG2DwfbDO9AAABWgAAAIEAAAAAADgAAAAAAAkAAQAAAAwAAgAAAAYAAwAAAAsABAAAAAUABQAAAAMABgAAAAcABwAAAAMACAAAAAgACQAAAAcACgAAAAMACwAAAAcADAAAAAQADQAAAAQADgAAAAUADwAAAAUAEAAAAAQAEQAAAAEAEgAAAAMAEwAAAAcAFAAAAAYAFQAAAAIAFgAAAAQAFwAAAAQAGAAAAAMAGQAAAAMAGgAAAAMAGwAAAAEAHAAAAAMAHQAAAAIAHgAAAAIAHwAAAAIAIAAAAAQAIQAAAAIAIgAAAAIAIwAAAAIAJAAAAAIAJQAAAAMAJgAAAAIAJwAAAAIAKAAAAAIAKQAAAAIAKgAAAAIAKwAAAAIALAAAAAEALQAAAAAALgAAAAAALwAAAAAAMAAAAAEAMQAAAAEAMgAAAAAAMwAAAAAAOAAAAAAAOQAAAAAAPAAAAAAAPQAAAAA="} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1681845006101184,"flow_dst_last_pkt_time":1681844706319485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1681845006101184,"pkt":"+hY+WLcoABY+cE49CABFAABgF8BAAEAGuFesEBFlrB4A7cCAI4TCbO0qtom1mIAYAehq0wAAAQEICh9wxuDhRtg8AAAAKAADAAIAAACCAAdyZGthZmthAAAAAQARTEJfTUFJTl9MT0dfSU5QVVQ="} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1681845006101184,"flow_dst_last_pkt_time":1681845006128992,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681845006128992,"pkt":"ABY+cE49+hY+WLcoCABFAACstuZAAD0GG+WsHgDtrBARZSOEwIC2ibWYwmztVoAYgACshwAAAQEICuFLa10fcMbgAAAAdAAAAIIAAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":539,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1681845606130644} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":539,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1681845606130644} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1681845006101184,"flow_dst_last_pkt_time":1681845606130644,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681845606130644,"pkt":"ABY+cE49+hY+WLcoCABFAACstuhAAD0GG+OsHgDtrBARZSOEwIC2ibYQwmztgoAYgABcSAAAAQEICuFUkx8fee6mAAAAdAAAAIMAAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":659,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681849206507695} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":659,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681849206507695} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681849206507695,"flow_src_last_pkt_time":1681849206507695,"flow_dst_last_pkt_time":1681849206507695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681849206507695,"l3_proto":"ip4","src_ip":"172.30.0.237","dst_ip":"172.16.17.101","src_port":9092,"dst_port":58052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01012{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1681849206507695,"flow_dst_last_pkt_time":1681849206507695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1681849206507695,"pkt":"ABY+cE49+hY+WLcoCABFAAGSoXxAAD0GMGmsHgDtrBARZSOE4sSUXCuwa5w4kYAYgAC0VAAAAQEICuGLgxkfsN6\/AAABWgAAAIwAAAAAADgAAAAAAAkAAQAAAAwAAgAAAAYAAwAAAAsABAAAAAUABQAAAAMABgAAAAcABwAAAAMACAAAAAgACQAAAAcACgAAAAMACwAAAAcADAAAAAQADQAAAAQADgAAAAUADwAAAAUAEAAAAAQAEQAAAAEAEgAAAAMAEwAAAAcAFAAAAAYAFQAAAAIAFgAAAAQAFwAAAAQAGAAAAAMAGQAAAAMAGgAAAAMAGwAAAAEAHAAAAAMAHQAAAAIAHgAAAAIAHwAAAAIAIAAAAAQAIQAAAAIAIgAAAAIAIwAAAAIAJAAAAAIAJQAAAAMAJgAAAAIAJwAAAAIAKAAAAAIAKQAAAAIAKgAAAAIAKwAAAAIALAAAAAEALQAAAAAALgAAAAAALwAAAAAAMAAAAAEAMQAAAAEAMgAAAAAAMwAAAAAAOAAAAAAAOQAAAAAAPAAAAAAAPQAAAAA="} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1681849506130446,"flow_dst_last_pkt_time":1681849206507695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681849506130446,"pkt":"ABY+cE49+hY+WLcoCABFAACsoX5AAD0GMU2sHgDtrBARZSOE4sSUXC0Oa5w4vYAYgADrYgAAAQEICuGQFYEftXEqAAAAdAAAAI0AAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1681849506130446,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1681849806180390,"pkt":"+hY+WLcoABY+cE49CABFAABg\/Z1AAEAG0nmsEBFlrB4A7eLEI4RrnDi9lFwthoAYAehq0wAAAQEICh+6BVvhkBWBAAAAKAADAAIAAACOAAdyZGthZmthAAAAAQARTEJfTUFJTl9MT0dfSU5QVVQ="} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1681849806209304,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681849806209304,"pkt":"ABY+cE49+hY+WLcoCABFAACsoYBAAD0GMUusHgDtrBARZSOE4sSUXC2Ga5w46YAYgADCVQAAAQEICuGUqa8fugVbAAAAdAAAAI4AAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1681849806209304,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681849806209304,"pkt":"ABY+cE49+hY+WLcoCABFAACsoYBAAD0GMUusHgDtrBARZSOE4sSUXC2Ga5w46YAYgADCVQAAAQEICuGUqa8fugVbAAAAdAAAAI4AAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1681858206109620} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1681858206109620} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681858206109620,"flow_src_last_pkt_time":1681858206109620,"flow_dst_last_pkt_time":1681858206109620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681858206109620,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":40042,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1681858206109620,"flow_dst_last_pkt_time":1681858206109620,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1681858206109620,"pkt":"+hY+WLcoABY+cE49CABFAABgBT9AAEAGytisEBFlrB4A7ZxqI4Q9lP9C7RFkxIAYAehq0wAAAQEICiA6MeDiC6+6AAAAKAADAAIAAACkAAdyZGthZmthAAAAAQARTEJfTUFJTl9MT0dfSU5QVVQ="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681858206109620,"flow_src_last_pkt_time":1681858206109620,"flow_dst_last_pkt_time":1681858206109620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681858206109620,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":40042,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -23,12 +23,12 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1681844706292198,"flow_src_last_pkt_time":1681845006101184,"flow_dst_last_pkt_time":1681845606130644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":350,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":590,"midstream":1,"thread_ts_usec":1681858206137402,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":49280,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1681849206507695,"flow_src_last_pkt_time":1681849806209304,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":350,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":710,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1681858206137402,"l3_proto":"ip4","src_ip":"172.30.0.237","dst_ip":"172.16.17.101","src_port":9092,"dst_port":58052,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1681849206507695,"flow_src_last_pkt_time":1681849806209304,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":350,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":710,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1681858206137402,"l3_proto":"ip4","src_ip":"172.30.0.237","dst_ip":"172.16.17.101","src_port":9092,"dst_port":58052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1577,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1681860006461064} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1577,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1681860006461064} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681860006461064,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006461064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681860006461064,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":56556,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006461064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1681860006461064,"pkt":"+hY+WLcoABY+cE49CABFAABN+I1AAEAG15ysEBFlrB4A7dzsI4Si6W0AVXZVa4AYAepqwAAAAQEICiBVqpDiME5qAAAAFQASAAAAAACoAAdyZGthZmthAAAAAA=="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681860006461064,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006461064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681860006461064,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":56556,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01012{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006489735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1681860006489735,"pkt":"ABY+cE49+hY+WLcoCABFAAGSQEpAAD0GkZusHgDtrBARZSOE3OxVdlVroultGYAYgADK3AAAAQEICuIwToggVaqQAAABWgAAAKgAAAAAADgAAAAAAAkAAQAAAAwAAgAAAAYAAwAAAAsABAAAAAUABQAAAAMABgAAAAcABwAAAAMACAAAAAgACQAAAAcACgAAAAMACwAAAAcADAAAAAQADQAAAAQADgAAAAUADwAAAAUAEAAAAAQAEQAAAAEAEgAAAAMAEwAAAAcAFAAAAAYAFQAAAAIAFgAAAAQAFwAAAAQAGAAAAAMAGQAAAAMAGgAAAAMAGwAAAAEAHAAAAAMAHQAAAAIAHgAAAAIAHwAAAAIAIAAAAAQAIQAAAAIAIgAAAAIAIwAAAAIAJAAAAAIAJQAAAAMAJgAAAAIAJwAAAAIAKAAAAAIAKQAAAAIAKgAAAAIAKwAAAAIALAAAAAEALQAAAAAALgAAAAAALwAAAAAAMAAAAAEAMQAAAAEAMgAAAAAAMwAAAAAAOAAAAAAAOQAAAAAAPAAAAAAAPQAAAAA="} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1952,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1681878308076966} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1952,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1681878308076966} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681878308076966,"flow_src_last_pkt_time":1681878308076966,"flow_dst_last_pkt_time":1681878308076966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":448,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":448,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681878308076966,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":38176,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1681878308076966,"flow_dst_last_pkt_time":1681878308076966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_usec":1681878308076966,"pkt":"+hY+WLcoABY+cE49CABFAAH0JpZAAEAGp+2sEBFlrB4A7ZUgI4RBpO5PlVpho4AYAehsZwAAAQEICiFs7eTjR5EYAAABvAAAAAMAAAACAAdyZGthZmth\/\/8AAQAAE4gAAAABABFMQl9NQUlOX0xPR19JTlBVVAAAAAEAAAAAAAABgAAAAAAAAAAAAAABdAAAAAACQ2zQNQAAAAAAAAAAAYeXwlC4AAABh5fCULj\/\/\/\/\/\/\/\/\/\/wAA\/\/\/\/\/wAAAAGCBQAAAAH0BHsidGltZXN0YW1wIjoiMTY4MTg3ODMwNyIsInJlY2VpdmVkIjoiMTY4MTg3ODMwNyIsIm1lc3NhZ2UiOiJBcHIgMTkgMDY6MjU6MDcgcnN5c2xvZ2Q6ICBbb3JpZ2luIHNvZnR3YXJlPVwicnN5c2xvZ2RcIiBzd1ZlcnNpb249XCI4LjMyLjBcIiB4LXBpZD1cIjE5OVwiIHgtaW5mbz1cImh0dHA6Ly93d3cucnN5c2xvZy5jb21cIl0gcnN5c2xvZ2Qgd2FzIEhVUGVkIiwiaG9zdCI6ImxvZy1jb2xsZWN0b3IiLCJzZXZlcml0eSI6ImluZm8iLCJmYWNpbGl0eSI6InN5c2xvZyIsInByb2dyYW1uYW1lIjoicnN5c2xvZ2QiLCJ0YWciOiJyc3lzbG9nZDoifQ0KAA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681878308076966,"flow_src_last_pkt_time":1681878308076966,"flow_dst_last_pkt_time":1681878308076966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":448,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":448,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681878308076966,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":38176,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -41,15 +41,15 @@ 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1681878308632420,"flow_dst_last_pkt_time":1681878308660971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1681878308660971,"pkt":"ABY+cE49+hY+WLcoCABFAABxeTpAAD0GWcysHgDtrBARZSOElSCVWmHgQaTxjIAYhDCRegAAAQEICuNHk2EhbPAQAAAAOQAAAAMAAAABABFMQl9NQUlOX0xPR19JTlBVVAAAAAEAAAAAAAAAAAAAAKs8Iv\/\/\/\/\/\/\/\/\/\/AAAAAA=="} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1681860006461064,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006489735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":350,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":350,"midstream":1,"thread_ts_usec":1681878308660971,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":56556,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1681858206109620,"flow_src_last_pkt_time":1681858206109620,"flow_dst_last_pkt_time":1681858206137402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":120,"midstream":1,"thread_ts_usec":1681878308660971,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":40042,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3328,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1681879208222000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3328,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1681879208222000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681879208222000,"flow_src_last_pkt_time":1681879208222000,"flow_dst_last_pkt_time":1681879208222000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681879208222000,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":58300,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1681879208222000,"flow_dst_last_pkt_time":1681879208222000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1681879208222000,"pkt":"+hY+WLcoABY+cE49CABFAABN1nxAAEAG+a2sEBFlrB4A7eO8I4TXshQ4goGTkYAYAepqwAAAAQEICiF6qh3jVU1JAAAAFQASAAAAAAAEAAdyZGthZmthAAAAAA=="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681879208222000,"flow_src_last_pkt_time":1681879208222000,"flow_dst_last_pkt_time":1681879208222000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681879208222000,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":58300,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3353,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":7,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1681883408373461} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3353,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":7,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1681883408373461} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681883408373461,"flow_src_last_pkt_time":1681883408373461,"flow_dst_last_pkt_time":1681883408373461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681883408373461,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":53052,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1681883408373461,"flow_dst_last_pkt_time":1681883408373461,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1681883408373461,"pkt":"+hY+WLcoABY+cE49CABFAABNsmNAAEAGHcesEBFlrB4A7c88I4SykL7z5TL1+oAYAepqwAAAAQEICiG6wRvjlWQgAAAAFQASAAAAAAAPAAdyZGthZmthAAAAAA=="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681883408373461,"flow_src_last_pkt_time":1681883408373461,"flow_dst_last_pkt_time":1681883408373461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681883408373461,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":53052,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3378,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":8,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1703132756328165} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3378,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":8,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1703132756328165} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703132756328165,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703132756328165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46136,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703132756328165,"pkt":"AAAAAAAAAAAAAAAACABFAAA8Eq5AAEAGKgx\/AAABfwAAAbQ4I4TC+vYrAAAAAKACQQD+MAAAAgT\/1wQCCApRp0SoAAAAAAEDAwA="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703132756328170,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASOEtDhFvmxLwvr2LKASyyD+MAAAAgT\/1wQCCApRp0SoUadEqAEDAwA="} @@ -62,7 +62,7 @@ 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681879208222000,"flow_src_last_pkt_time":1681879208222000,"flow_dst_last_pkt_time":1681879208222000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1703132763110994,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":58300,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1681878308076966,"flow_src_last_pkt_time":1681878308632420,"flow_dst_last_pkt_time":1681878308660971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":381,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":1210,"flow_dst_tot_l4_payload_len":122,"midstream":1,"thread_ts_usec":1703132763110994,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":38176,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":7,"flow_first_seen":1703132756328165,"flow_src_last_pkt_time":1703132769960435,"flow_dst_last_pkt_time":1703132769960418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":307,"flow_dst_tot_l4_payload_len":660,"midstream":0,"thread_ts_usec":1703132769960435,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46136,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4345,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1703132769960435} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4345,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1703132769960435} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667535 bytes -~~ total memory freed........: 8667535 bytes -~~ total allocations/frees...: 140662/140662 +~~ total memory allocated....: 9432165 bytes +~~ total memory freed........: 9432165 bytes +~~ total allocations/frees...: 154628/154628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 1166 chars diff --git a/test/results/default/kcp.pcap.out b/test/results/default/kcp.pcap.out index df4d381aa..7a7123cc5 100644 --- a/test/results/default/kcp.pcap.out +++ b/test/results/default/kcp.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1704996858262666} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1704996858262666} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996858262666,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996858262666,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47356,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1534,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1534,"pkt_l4_len":1480,"thread_ts_usec":1704996858262666,"pkt":"AAAAAAAAAAAAAAAAht1gD7F6BcgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABuPwfQAXIBdsKAAAAUQKAABQAAAAAAAAAAAAAAKgFAAAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmpw=="} 00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996858262666,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996858262666,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47356,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -33,7 +33,7 @@ 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996873963581,"flow_src_last_pkt_time":1704996873963581,"flow_dst_last_pkt_time":1704996873963581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":43926,"dst_port":41488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":17,"flow_first_seen":1704996858262666,"flow_src_last_pkt_time":1704996864252409,"flow_dst_last_pkt_time":1704996864252351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":19536,"flow_dst_tot_l4_payload_len":4816,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47356,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996864362941,"flow_src_last_pkt_time":1704996864362941,"flow_dst_last_pkt_time":1704996864362941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":52761,"dst_port":8661,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1704996873963581} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1704996873963581} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8660908 bytes -~~ total memory freed........: 8660908 bytes -~~ total allocations/frees...: 140649/140649 +~~ total memory allocated....: 9425474 bytes +~~ total memory freed........: 9425474 bytes +~~ total allocations/frees...: 154615/154615 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 2540 chars diff --git a/test/results/default/kerberos-error.pcap.out b/test/results/default/kerberos-error.pcap.out index f7891256b..ce78914a1 100644 --- a/test/results/default/kerberos-error.pcap.out +++ b/test/results/default/kerberos-error.pcap.out @@ -1,11 +1,11 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515964250491} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515964250491} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","vlan_id":2008,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":333,"pkt_l4_len":295,"thread_ts_usec":1645515964250491,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQABO06GQAA5EXItlJdPt5DHCumGqQBYASfB3GqCARswggEXoQMCAQWiAwIBCqNYMFYwSKEDAgECokEEPzA9oAMCAReiNgQ0tg4LUF+YEEIG9iUDuODnyC2ELm8B5cfw4VQNHqTH6JGB5paR4MQdd1ZJvX+lrEsYdKkZFTAKoQQCAgCVogIEAKSBsDCBraAHAwUAAIEAAKEfMB2gAwIBAaEWMBQbBGhvc3QbDG11cy1uLWNqMDcwOaIRGw9MSU5VWC5TSEVMTC5DT02jJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTaURGA8yMDIyMDIyMzA3NDYwM1qmERgPMjAyMjAzMDQwNzQ2MDNapwYCBEeh+pmoGjAYAgEXAgESAgERAgEUAgETAgEQAgEZAgEa"} 01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"linux.shell.com","username":"mus-n-cj0709"}}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","vlan_id":2008,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":148,"pkt_l4_len":110,"thread_ts_usec":1645515964609203,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQAAgkf1AABzEX93kMcK6ZSXT7cAWIapAG6BuH5kMGKgAwIBBaEDAgEepBEYDzIwMjIwMjIyMDc0NjA0WqUFAgMOwm2mAwIBNKkRGw9MSU5VWC5TSEVMTC5DT02qJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTQ=="} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1645515964609203,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1645515964609203} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1645515964609203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644872 bytes -~~ total memory freed........: 8644872 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409246 bytes +~~ total memory freed........: 9409246 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 596 chars ~~ json message max len.......: 1042 chars diff --git a/test/results/default/kerberos-login.pcap.out b/test/results/default/kerberos-login.pcap.out index c8640b41a..743f9649c 100644 --- a/test/results/default/kerberos-login.pcap.out +++ b/test/results/default/kerberos-login.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946716066779388} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946716066779388} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1253,"pkt_l4_len":1219,"thread_ts_usec":946716066779388,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATXAJUAAIAREnkKAQwCCgUDAQQlAFgEw4XHbIIEtzCCBLOhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgGCx7fTnQzvvnXnzi9LJ0rtprAMBwPNDorbgvJI4BV8TZb2vtoAMBvn\/H0kv3attbzNMWzuI4cmR96epkzzc9Em+P1ZASZGSdvfOcM7pYzUfVYcU+almrfJGc226OPAiNqdT5WqhctEEk6M\/WBsVhSCIKFwQ0F6xriZzYptSncn2pHIwcKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoyEwH6ADAgEDoRgwFhsEaG9zdBsOeHAxLmRlbnlkYy5jb22lERgPMjAzNzA5MTMwMjQ4MDVapwYCBAvCgSioGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="} 00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}} @@ -55,7 +55,7 @@ 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067819225,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1208,"flow_dst_max_l4_payload_len":1186,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":1186,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089644907,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1233,"flow_dst_max_l4_payload_len":1237,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":1237,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089757898,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":946724453221239} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":946724453221239} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946724453221239,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221239,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221278,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="} @@ -77,7 +77,7 @@ 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140476142,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1235,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":1228,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140774135,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":1202,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":1202,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453222354,"flow_dst_last_pkt_time":946724453222308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1555,"flow_dst_max_l4_payload_len":1554,"flow_src_tot_l4_payload_len":3110,"flow_dst_tot_l4_payload_len":3108,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":946724453222354} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":946724453222354} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8675201 bytes -~~ total memory freed........: 8675201 bytes -~~ total allocations/frees...: 140704/140704 +~~ total memory allocated....: 9439959 bytes +~~ total memory freed........: 9439959 bytes +~~ total allocations/frees...: 154670/154670 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2199 chars diff --git a/test/results/default/kerberos.pcap.out b/test/results/default/kerberos.pcap.out index 9baf4c740..bb4da9dcf 100644 --- a/test/results/default/kerberos.pcap.out +++ b/test/results/default/kerberos.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1549337929790448} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1549337929790448} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337929790448,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} 01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}} @@ -187,7 +187,7 @@ 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":190,"global_ts_usec":1549337952283232} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":190,"global_ts_usec":1549337952283232} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -196,9 +196,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8783435 bytes -~~ total memory freed........: 8783435 bytes -~~ total allocations/frees...: 141009/141009 +~~ total memory allocated....: 9548929 bytes +~~ total memory freed........: 9548929 bytes +~~ total allocations/frees...: 154975/154975 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 580 chars ~~ json message max len.......: 2499 chars diff --git a/test/results/default/kerberos_fuzz.pcapng.out b/test/results/default/kerberos_fuzz.pcapng.out index 87611b650..1e518560c 100644 --- a/test/results/default/kerberos_fuzz.pcapng.out +++ b/test/results/default/kerberos_fuzz.pcapng.out @@ -1,10 +1,10 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1633884084000000} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1633884084000000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_usec":1633884084000000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"} 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1633884084000000} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1633884084000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644843 bytes -~~ total memory freed........: 8644843 bytes -~~ total allocations/frees...: 140533/140533 +~~ total memory allocated....: 9409217 bytes +~~ total memory freed........: 9409217 bytes +~~ total allocations/frees...: 154499/154499 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 1044 chars diff --git a/test/results/default/kismet.pcap.out b/test/results/default/kismet.pcap.out index 7c9420c17..23d222bb4 100644 --- a/test/results/default/kismet.pcap.out +++ b/test/results/default/kismet.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1144004385285325} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1144004385285325} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1144004385285325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1144004385285325,"pkt":"AAAAAAAAAAAAAAAACABFAAA0PIZAAIAGwDt\/AAABfwAAAYURCcWza5HWAAAAAIACf\/\/iowAAAgRADAEBBAIBAwMC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1144004385285353,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAIAG\/MF\/AAABfwAAAQnFhRGzPp6Js2uR14ASf\/+QygAAAgRADAEBBAIBAwMC"} @@ -9,7 +9,7 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1144004385285602,"flow_dst_last_pkt_time":1144004385285561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1144004385285602,"pkt":"AAAAAAAAAAAAAAAACABFAAAoPIhAAIAGwEV\/AAABfwAAAYURCcWza5HXsz6fUVAQIABrKAAA"} 02234{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004397698680,"flow_dst_last_pkt_time":1144004398798485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1045,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":1045,"flow_dst_tot_l4_payload_len":1777,"midstream":0,"thread_ts_usec":1144004398798485,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":28,"avg":836339.2,"max":1099852,"stddev":406205.2,"var":165002641408.0,"ent":4.7,"data": [28,42,208,235,399947,399927,615244,615286,399575,399620,1099784,1099782,1099835,1099834,1099815,1099816,1099834,1099831,1099838,1099839,1099849,1099852,1099837,1099839,1099821,1099818,1099833,1099833,1099842,1099843,1099828]},"pktlen": {"min":40,"avg":128.9,"max":1085,"stddev":184.2,"var":33913.2,"ent":4.2,"data": [52,52,40,239,40,58,40,1085,40,115,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.152935505,4.370187283,4.291446209,5.295236588,4.191446304,4.892910004,4.291446209,4.891900063,4.458695412,4.585392952,4.341446400,5.037372112,4.341446400,5.005887508,4.291446686,5.014514446,4.341446400,4.979419708,4.291446686,5.025943279,4.341446400,5.016745567,4.291446686,4.993078232,4.341446400,5.021629810,4.341446400,5.025943279,4.341446400,5.025943279,4.291446209,5.037371635]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Kismet","proto_id":"309","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004399898338,"flow_dst_last_pkt_time":1144004399898316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1045,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":1045,"flow_dst_tot_l4_payload_len":1912,"midstream":0,"thread_ts_usec":1144004399898338,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kismet","proto_id":"309","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":35,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1144004399898338} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":35,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1144004399898338} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 35/35 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647902 bytes -~~ total memory freed........: 8647902 bytes -~~ total allocations/frees...: 140569/140569 +~~ total memory allocated....: 9412276 bytes +~~ total memory freed........: 9412276 bytes +~~ total allocations/frees...: 154535/154535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2239 chars diff --git a/test/results/default/knxip.pcapng.out b/test/results/default/knxip.pcapng.out index ec05757b3..d8a307607 100644 --- a/test/results/default/knxip.pcapng.out +++ b/test/results/default/knxip.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713288329876632} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713288329876632} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876632,"flow_src_last_pkt_time":1713288329876632,"flow_dst_last_pkt_time":1713288329876632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713288329876632,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"224.0.23.12","src_port":41343,"dst_port":3671,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1713288329876632,"flow_dst_last_pkt_time":1713288329876632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1713288329876632,"pkt":"AQBeABcM8C90rUP1CABFAAAwVd9AAAERE0LAqFjn4AAXDKF\/DlcAHBDKBhACCwAUCAHAqFjnoX8GBAECBgc="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876632,"flow_src_last_pkt_time":1713288329876632,"flow_dst_last_pkt_time":1713288329876632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713288329876632,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"224.0.23.12","src_port":41343,"dst_port":3671,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KNXnet_IP","proto_id":"410","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -9,7 +9,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876649,"flow_src_last_pkt_time":1713288329876649,"flow_dst_last_pkt_time":1713288329876649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1713288329876649,"l3_proto":"ip4","src_ip":"192.168.1.28","dst_ip":"192.168.1.24","src_port":3671,"dst_port":54445,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"KNXnet_IP","proto_id":"410","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876649,"flow_src_last_pkt_time":1713288329876649,"flow_dst_last_pkt_time":1713288329876649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1713288329876649,"l3_proto":"ip4","src_ip":"192.168.1.28","dst_ip":"192.168.1.24","src_port":3671,"dst_port":54445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KNXnet_IP","proto_id":"410","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876632,"flow_src_last_pkt_time":1713288329876649,"flow_dst_last_pkt_time":1713288329876632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713288329876649,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"224.0.23.12","src_port":41343,"dst_port":3671,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KNXnet_IP","proto_id":"410","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1713288329876649} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1713288329876649} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647337 bytes -~~ total memory freed........: 8647337 bytes -~~ total allocations/frees...: 140546/140546 +~~ total memory allocated....: 9411743 bytes +~~ total memory freed........: 9411743 bytes +~~ total allocations/frees...: 154512/154512 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/lagofast.pcap.out b/test/results/default/lagofast.pcap.out index 2e5760bd6..894d77dbb 100644 --- a/test/results/default/lagofast.pcap.out +++ b/test/results/default/lagofast.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740132668398312} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740132668398312} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740132668398312,"flow_src_last_pkt_time":1740132668398312,"flow_dst_last_pkt_time":1740132668398312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740132668398312,"l3_proto":"ip4","src_ip":"77.134.62.224","dst_ip":"43.83.218.54","src_port":59607,"dst_port":1189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1740132668398312,"flow_dst_last_pkt_time":1740132668398312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1740132668398312,"pkt":"YIBzeIpShQQBNkgdCABFAABSFUQAAIARk2dNhj7gK1PaNujXBKUAPjfwAG5dAwAw2bff97k4xZrtwcVOWgWVxQnXr9+XTn4rBnxxZ8TGYdPcVFalhGemBATn307eT4F6"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740132668398312,"flow_src_last_pkt_time":1740132668398312,"flow_dst_last_pkt_time":1740132668398312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740132668398312,"l3_proto":"ip4","src_ip":"77.134.62.224","dst_ip":"43.83.218.54","src_port":59607,"dst_port":1189,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LagoFast","proto_id":"444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -36,7 +36,7 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740132669098026,"flow_src_last_pkt_time":1740132669098026,"flow_dst_last_pkt_time":1740132669098026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740132669098026,"l3_proto":"ip4","src_ip":"50.245.97.76","dst_ip":"104.30.90.163","src_port":59607,"dst_port":7864,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1740132669098026,"flow_dst_last_pkt_time":1740132669098026,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1740132669098026,"pkt":"YLjJfr\/ei39lrqv8CABFAABSuqUAAIARKPMy9WFMaB5ao+jXHrgAPiGcAG5dAwAwvFgupvP1LwakGMAQj1M8IJuXOUImU7\/53DNO22jv7bhVjWIwLJ5eZ\/h8ErVKVw7f"} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740132669098026,"flow_src_last_pkt_time":1740132669098026,"flow_dst_last_pkt_time":1740132669098026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740132669098026,"l3_proto":"ip4","src_ip":"50.245.97.76","dst_ip":"104.30.90.163","src_port":59607,"dst_port":7864,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LagoFast","proto_id":"444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1740133967197295} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1740133967197295} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967197295,"flow_src_last_pkt_time":1740133967197295,"flow_dst_last_pkt_time":1740133967197295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740133967197295,"l3_proto":"ip4","src_ip":"216.47.212.93","dst_ip":"26.156.197.59","src_port":49790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1740133967197295,"flow_dst_last_pkt_time":1740133967197295,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1740133967197295,"pkt":"rkD43kASmpQZOg3sCABFAABB\/CJAAEARsiTYL9RdGpzFO8J+ADUALWYjQlsBAAABAAAAAAAACWdhYm9vc3RlcgU2ZmFzdANjb20AAAEAAQ=="} 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967197295,"flow_src_last_pkt_time":1740133967197295,"flow_dst_last_pkt_time":1740133967197295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740133967197295,"l3_proto":"ip4","src_ip":"216.47.212.93","dst_ip":"26.156.197.59","src_port":49790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gabooster.6fast.com","domainame":"gabooster.6fast.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -57,7 +57,7 @@ 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967535846,"flow_src_last_pkt_time":1740133967535846,"flow_dst_last_pkt_time":1740133967535846,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740133967535846,"l3_proto":"ip4","src_ip":"40.105.164.193","dst_ip":"99.193.243.15","src_port":43932,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"report.lagofast.com","domainame":"report.lagofast.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967885642,"flow_src_last_pkt_time":1740133967885642,"flow_dst_last_pkt_time":1740133967885642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133967885642,"l3_proto":"ip4","src_ip":"180.239.121.250","dst_ip":"23.200.86.51","src_port":44636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1740133967885642,"flow_dst_last_pkt_time":1740133967885642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740133967885642,"pkt":"YKN47ITo3jd\/kAQTCABFAAItyU5AAEAG0pe073n6F8hWM65cAbt\/VFzBIitnwlAYABB0AgAAFgMBAgABAAH8AwMUP+aJ5WOS71Yvz3DTcEnQ4kZsBt75JbbLdLi6H0aWqCCTTMfl6CllrgUkkGjCMX9e65\/bTIIUFne3K+CGQeCfBgAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAABUAEwAAEGNicy5sYWdvZmFzdC5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIHRql8RHX3W5ByISaN5xsyj\/SSVrcgslG2vbe63IkJk0AC0AAgEBACsABQQDBAMDABUA7QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967885642,"flow_src_last_pkt_time":1740133967885642,"flow_dst_last_pkt_time":1740133967885642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133967885642,"l3_proto":"ip4","src_ip":"180.239.121.250","dst_ip":"23.200.86.51","src_port":44636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LagoFast","proto_id":"91.444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN","hostname":"cbs.lagofast.com","domainame":"cbs.lagofast.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967885642,"flow_src_last_pkt_time":1740133967885642,"flow_dst_last_pkt_time":1740133967885642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133967885642,"l3_proto":"ip4","src_ip":"180.239.121.250","dst_ip":"23.200.86.51","src_port":44636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LagoFast","proto_id":"91.444","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN","hostname":"cbs.lagofast.com","domainame":"cbs.lagofast.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967887645,"flow_src_last_pkt_time":1740133967887645,"flow_dst_last_pkt_time":1740133967887645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133967887645,"l3_proto":"ip4","src_ip":"99.189.94.53","dst_ip":"185.5.215.83","src_port":45702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1740133967887645,"flow_dst_last_pkt_time":1740133967887645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740133967887645,"pkt":"rkNBL1AL1Zuk9IyHCABFAAItrItAAEAGOfRjvV41uQXXU7KGAbsLPfSVYUbC61AYABBY2wAAFgMBAgABAAH8AwOXFwliS23AjDnwgA\/XdTL\/ZJPaAL4puzUVzMPloJ957iDdSxw\/Uwbb52ezrZPGrxGOgcY1G7uJ7bXrXn8Y+DVO+AAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAABgAFgAAE3JlcG9ydC5sYWdvZmFzdC5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AINPkY26ScgSGF6c4u1xEcU0QxfhR6\/1TfH\/TcHv5G\/VUAC0AAgEBACsABQQDBAMDABUA6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967887645,"flow_src_last_pkt_time":1740133967887645,"flow_dst_last_pkt_time":1740133967887645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133967887645,"l3_proto":"ip4","src_ip":"99.189.94.53","dst_ip":"185.5.215.83","src_port":45702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LagoFast","proto_id":"91.444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN","hostname":"report.lagofast.com","domainame":"report.lagofast.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} @@ -116,12 +116,12 @@ 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133968267511,"flow_src_last_pkt_time":1740133968267511,"flow_dst_last_pkt_time":1740133968267511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"157.117.212.161","dst_ip":"124.69.119.132","src_port":7725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740132669066371,"flow_src_last_pkt_time":1740132669066371,"flow_dst_last_pkt_time":1740132669066371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"38.210.140.253","dst_ip":"248.126.41.103","src_port":59607,"dst_port":8190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LagoFast","proto_id":"444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133968325025,"flow_src_last_pkt_time":1740133968325025,"flow_dst_last_pkt_time":1740133968325025,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"105.60.130.195","dst_ip":"186.249.185.190","src_port":44642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LagoFast","proto_id":"91.444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} -00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967885642,"flow_src_last_pkt_time":1740133967885642,"flow_dst_last_pkt_time":1740133967885642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"180.239.121.250","dst_ip":"23.200.86.51","src_port":44636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LagoFast","proto_id":"91.444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967885642,"flow_src_last_pkt_time":1740133967885642,"flow_dst_last_pkt_time":1740133967885642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"180.239.121.250","dst_ip":"23.200.86.51","src_port":44636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LagoFast","proto_id":"91.444","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133968329664,"flow_src_last_pkt_time":1740133968329664,"flow_dst_last_pkt_time":1740133968329664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"136.238.7.95","dst_ip":"231.209.192.237","src_port":443,"dst_port":44640,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740132668989604,"flow_src_last_pkt_time":1740132668989604,"flow_dst_last_pkt_time":1740132668989604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"196.228.157.219","dst_ip":"206.16.55.103","src_port":59607,"dst_port":4750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LagoFast","proto_id":"444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967887645,"flow_src_last_pkt_time":1740133967887645,"flow_dst_last_pkt_time":1740133967887645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"99.189.94.53","dst_ip":"185.5.215.83","src_port":45702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LagoFast","proto_id":"91.444","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":2,"category":"VPN"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740133967197424,"flow_src_last_pkt_time":1740133967197424,"flow_dst_last_pkt_time":1740133967197424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740133968504736,"l3_proto":"ip4","src_ip":"251.113.201.83","dst_ip":"202.196.158.89","src_port":53,"dst_port":49790,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gabooster.6fast.com"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10830,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":30,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":124,"global_ts_usec":1740133968504736} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lagofast.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10830,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":30,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":124,"global_ts_usec":1740133968504736} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -130,9 +130,9 @@ ~~ total active/idle flows...: 30/30 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8742691 bytes -~~ total memory freed........: 8742691 bytes -~~ total allocations/frees...: 140893/140893 +~~ total memory allocated....: 9507993 bytes +~~ total memory freed........: 9507993 bytes +~~ total allocations/frees...: 154859/154859 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 564 chars ~~ json message max len.......: 2503 chars diff --git a/test/results/default/ldp.pcap.out b/test/results/default/ldp.pcap.out index cefa09ad3..d99aea642 100644 --- a/test/results/default/ldp.pcap.out +++ b/test/results/default/ldp.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1216142593122052} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1216142593122052} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216142593122052,"flow_src_last_pkt_time":1216142593122052,"flow_dst_last_pkt_time":1216142593122052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216142593122052,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"224.0.0.2","src_port":646,"dst_port":646,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1216142593122052,"flow_dst_last_pkt_time":1216142593122052,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1216142593122052,"pkt":"AQBeAAACwgVjTQAACABFwAA+AAAAAAERzusKAAAC4AAAAgKGAoYAKvMyAAEAHgoAAAYAAAEAABQAAAAABAAABAAPAAAEAQAECgAABg=="} 00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216142593122052,"flow_src_last_pkt_time":1216142593122052,"flow_dst_last_pkt_time":1216142593122052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216142593122052,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"224.0.0.2","src_port":646,"dst_port":646,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LDP","proto_id":"409","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216142595491091,"flow_src_last_pkt_time":1216142595491091,"flow_dst_last_pkt_time":1216142595491091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216142597402306,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.2","src_port":646,"dst_port":646,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LDP","proto_id":"409","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1216142593122052,"flow_src_last_pkt_time":1216142597202298,"flow_dst_last_pkt_time":1216142593122052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216142597402306,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"224.0.0.2","src_port":646,"dst_port":646,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LDP","proto_id":"409","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1216142597274254,"flow_src_last_pkt_time":1216142597346274,"flow_dst_last_pkt_time":1216142597402306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":244,"midstream":1,"thread_ts_usec":1216142597402306,"l3_proto":"ip4","src_ip":"10.0.1.1","dst_ip":"10.0.0.6","src_port":45334,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LDP","proto_id":"409","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":604,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1216142597402306} +00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":604,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1216142597402306} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649861 bytes -~~ total memory freed........: 8649861 bytes -~~ total allocations/frees...: 140560/140560 +~~ total memory allocated....: 9414299 bytes +~~ total memory freed........: 9414299 bytes +~~ total allocations/frees...: 154526/154526 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 962 chars diff --git a/test/results/default/line.pcap.out b/test/results/default/line.pcap.out index 01ee7b02a..2673be397 100644 --- a/test/results/default/line.pcap.out +++ b/test/results/default/line.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00795{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":608455689} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00795{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":608455689} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":914,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":914,"pkt_l4_len":880,"thread_ts_usec":608455689,"pkt":"UlQAEjUCCAAn5uVZCABFAAOEak4AAIARRmgKAAIPfdH80saTUIIDcGeR22QAuQYCG2FDK1vv9fugGrOT8etA8A80AvZDaYmouGz3h3IHV1X5ElUpOC9dlDONLPAPfVgIYt5yAAAAKxpqxcwsrZxwhx1xKWqCFVz8ThMLekrlMqzL884f90GP2NtK7Ce8hzDQNrwRj9rBBTjTz8s6H2gTPjSg0VDLz20S\/lg6tSMQGiPk18OAgr8Cvvp\/hozCjTC4rWGtBZMNzWhsdRZ0vEFqySrtoCKzbjIs8sYLfeI\/Srmdhg38hXlV6rP9b8ENgYDmhrGulF6otA0UNGy35B4kYdo\/MhPSqQjQ8pcsGIy70IR4UFuSLysmmi75oS+WVNM3dgKIvi143xwOy7qgdOdPV5c+gyBB3mtuSgX0e6xOZRh+2kBmE1\/y0Gdj0dNsXH1vof4pPU4HsRVsS0JvYE0U4YlCdanTAcZNPEnmP1noc5qyuh3us6i5xZtmZnUx0T0dXCf0c9mjorZc3Lgg0l497C2CPwMYdagIqBvgEBhiD2cLJ1VerQb93JW2WKPOLzzLgg0\/tyC748UEXnP1gVpyk34Qd6ThuEIyp\/P3Utszr2wDnYN9cXknXxovlsHtIUI308PKUR7uibVl6bPutV6morvNcIbC58Fk8I1neHuYJPbML1G3OCQjgPc+UH2RxL9dDmY3xJLGPaDlORHwLn0Y9UQRY8Lhk7amd4Z88RICqBguRbixN34f9ZzfQZMdoKSWIV7icBWCmxX4crcCBO1D2278Obn+4x7poeFXGeVaVtHFvQ6rkr5dyofRWaIN1msakDrm5L5U8AF0mUYN0+12kJO8yLievpdn6xzNd4bKeYsb3C1FFeKFwSAPzqOUDv9aT+WW4SKHyylw0pdUVK4cuveXzIF5ZRqBwY2i+cjXDSGbNnaKBH2ErXqKoIrNiwz6KvRlsA2pt5TBITtHSGuD8PCKzt2UbnDxqzPIw8XsLbhafMorn0W89jxSC0Q8Vcy5wNKz19TflD1049Gv1NMbjNbekdfzuC5B7dQh0znvHrAE2PGpwN4BiBtJYQuHSvS+0685SuSAtdMbRHQMsckK4xIqoTfFa8AuUNh26FRzuRQPpkBBXrr2KepLiEo\/cCleIvjlciTpS1Gl7qHYI81WnNc9aJzRlAfia2MhNrGqry00clXMkM3NxH01kLKkBz0CIEQ="} 00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -8,7 +8,7 @@ 01495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_usec":609533458,"pkt":"CAAn5uVZUlQAEjUCCABFAAMAuboAAEARN4B90fzSCgACD1CCxpMC7Cmf2uAAZwYCV\/RJTq5P8eXNYO9XdF70Fj9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKpZJyG\/GGz9dcm\/Mr8\/7LWMlqzk54MO7ELXqtqSqfd\/YBdqlDZSVUrL97nZoyannQ+4sHLstSS32UsGeYFShNlIkPzze5YiNYv50x\/mH\/A9pbgu69Q+WF2ip97UNP5700H4+qhxbmcY9HS8ZIxXwfhRpVqXecYovPU98m66ZIHMk3AxDUggZJzXM8Cg9Ioa5PEOWCC0RQ\/+ZM\/xmE25dREFZwuEuTY4v54VaBEf\/1fcmWRmuO56S4CdHmd3r6UrJgdv7HOPYh1FHZImH9K6Vp5v43+PDFYehvgjuZevIzB9KNNpgRaXiJIoH9HKjsrlk8bFBNxGh\/Z3wVkNzkk6aZPEyGQfpJxhMdxxwGT2MsqjyEwRxvenqN6ZiCnhNKvKa1MoubR4Q69dsKI5vcArBU28dcnpBI49S+Gue7Y63pIbagOo3yJzlth5QkSgGoh3WTgewJUJPSW2CESchMymRIYmXZ453SQiLQDUOijjH9BTXQLRM1Jktgb1Ku3YtQhwOuoynAJXV8IgsD1XNcPeHVXH4cjiPxry8hY2LXG+Dpn0+ElcIAmuYGLXgyIWmFgMDccUsS4PEmO+H98\/37Xgd\/JFCN+BdEPL8h+w8JjEm76kq4pMrFkodu9TWUlq\/f5btNgcE3NZ5tj5unKE3tunn\/9XLrY2YdRaUSo3NFlLxzIy1Ls5OLl\/yp4rUeg\/491eKamydkxVOtbP5kUPMBZAToihwFzkbtaPi\/sHlzwamjGpc5urLdFERd4ubko4hgkGPbUQFvpEefL+PiNep0MCAfLSiIccfs7kEszIxBA1tUC\/E7ZoDjNG8bd9x9za\/H5o\/i6SrM4jgqtlvtdLcuIQKuEI0hJJAH84pOvAZwnqFLwqt9Aj1HWP7oTHWsPEdIMwTkD1+nw0mJ4o="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":609557906,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":609557906,"pkt":"UlQAEjUCCAAn5uVZCABFAAA6alAAAIARSbAKAAIPfdH80saTUIIAJgbQgOUAAQAAOrIJvaZ41xf3vWhbythM\/0LTmd0td5YJ"} 02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1663913332980371} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1663913332980371} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1663913332980371,"pkt":"iJCNB9vohKk4ukxYCABFAABkhQ9AAIAGAAAKyAN9k1ylwuHxAbtdIq0\/pMNUV1AYBAFHugAAFwMDADdo++xFfUkOJQ\/QhCWutve1sws40Q+84WpHcqg5rtUCVtgRpFPRgdwDdzjyMyfjtUsn0c73u5RW"} 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -25,7 +25,7 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333480027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333480027,"pkt":"hKk4ukxYwurksClYCABFAAAoWBhAACoGZC6TXPLoCsgDfQG74zCmOsdjcOgfO1AQAO03sAAAAAAAAAAA"} 01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","domainame":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3s":"567bb420d39046dbfd1f68b558d86382","ja4":"t13d461100_5052069a8e11_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","blocks":0}}} 01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3261,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","domainame":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","server_names":"*.line-apps.com,line-apps.com","ja3s":"567bb420d39046dbfd1f68b558d86382","ja4":"t13d461100_5052069a8e11_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","fingerprint":"3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96","blocks":0}}} -02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913336388129,"flow_dst_last_pkt_time":1663913336380823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":296,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":1142,"flow_dst_tot_l4_payload_len":1292,"midstream":1,"thread_ts_usec":1663913336388129,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6905,"avg":219619.7,"max":2533141,"stddev":601190.4,"var":361429958656.0,"ent":2.8,"data": [74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143]},"pktlen": {"min":40,"avg":118.1,"max":374,"stddev":90.9,"var":8262.1,"ent":4.6,"data": [100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]},"bins": {"c_to_s": [1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913336388129,"flow_dst_last_pkt_time":1663913336380823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":296,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":1142,"flow_dst_tot_l4_payload_len":1292,"midstream":1,"thread_ts_usec":1663913336388129,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6905,"avg":219619.7,"max":2533141,"stddev":601190.4,"var":361429958656.0,"ent":2.8,"data": [74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143]},"pktlen": {"min":40,"avg":118.1,"max":374,"stddev":90.9,"var":8262.1,"ent":4.6,"data": [100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]},"bins": {"c_to_s": [1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 02325{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913342823022,"flow_dst_last_pkt_time":1663913342822836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4192,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":633542.9,"max":7306445,"stddev":1725177.1,"var":2976235913216.0,"ent":2.7,"data": [237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727]},"pktlen": {"min":40,"avg":272.5,"max":1500,"stddev":367.3,"var":134881.6,"ent":4.1,"data": [52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40]},"bins": {"c_to_s": [6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0],"entropies": [4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":608455689,"flow_src_last_pkt_time":610324653,"flow_dst_last_pkt_time":610390479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":3018,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":853,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":853,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913345063942,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -48,7 +48,7 @@ 01149{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":290,"packets-processed":290,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1663913418926686} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":290,"packets-processed":290,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1663913418926686} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 290/290 ~~ skipped flows.............: 0 @@ -57,9 +57,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8682109 bytes -~~ total memory freed........: 8682109 bytes -~~ total allocations/frees...: 140881/140881 +~~ total memory allocated....: 9446611 bytes +~~ total memory freed........: 9446611 bytes +~~ total allocations/frees...: 154847/154847 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2330 chars diff --git a/test/results/default/linecall_falsepositve.pcap.out b/test/results/default/linecall_falsepositve.pcap.out index a68e15991..e91c9e0d9 100644 --- a/test/results/default/linecall_falsepositve.pcap.out +++ b/test/results/default/linecall_falsepositve.pcap.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444966772848} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444966772848} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444966772848,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444966772848} 00561{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":191,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":191,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAAKkwrEAAPhGgXAoNgR4KCtYG2+cT5QCV4AsAAA9iAAAAAC0fSDcsMC0xQzl+eyp0QERROjMpPT1ARFJIPiU1KzJFUkh9MSFhcnIweGckSj5BYG9WQXtmW2JTX1hbKTpAQ0dIOkAlTEBBRVJnWDFrVFdiZmNbJEo+QWRsaVR7YFtVYG9IPilKXVtmaF5bJV5ZXkVSSF0xZF9XW29cWSRnPkFFUkg+ewA="} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444966785736,"packet_id":2,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444966785736} @@ -64,7 +64,7 @@ 00932{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":466,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":466,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAAbwR40AAPhG+EgoNgR4KCtYG2+cT5QGo\/XgAAA92AAAAAC0fSDcsMC0xQzl+eyp0QERROjMpPT1ARFJIPiU1KzJFUkhuMShyZHwwcT4kSj4zNEUyKXtMQEM3PzQuKTktLzhAO0AlTEAtRFFHMDE7LjA0PzY9JEk9diUhJ257Ki4yJyI7MSk4PUBEYltRJVg9QERDOikxNisuLz40PSRJPVdYcWlUe0k9QGNvZF8pV1RPO2FiXyVaV1VgSCJ8MUk9QDc\/NDAkODEtNTw3PXtJPTMyPjgtKTksMi9FRz0lSTAuMUU2KDE3KS0wUUc9JDwrLTVBNyx7OykrRFFHLSk7LEBEUTs9JUk9M0RRRzAxPT1AREVHPSRJbW51LyNvezovI3RFOzApST1AJj43MSU8LC8jPDh+MTctLDMzMy4kLHx9MEM2LXs1MX0zPygvKUk9QEdUSkAlTEA0R1RKMTFMQEM4T0UxJEc7PjhPOzt7RzE+QkVFOylHO0NHVEg+JUpdW2ZoXlsxXlleRVJIXSRkX1dbb1xZe2c+QUVxYl8pYFReWW1lPiVKPmBfc15UMWdSXGJSSD4kSj5BAA=="} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673445117157636,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673445117157636} 00706{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":298,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAARQvkwAAdhGpCgoK1gYKDYEeE+Xb5wEADn4AAA92AAAAAC0fSDcsMC0xQzl+eyp0QUVSX1spU0FdWGheUSVVTUFFUjQ9MUk9MzZCNy0kNyxARFF9fXt4fHElQjkgKXkxNDNRRz0lWlFUU1FHPTE7MCwxPzUoJDYqQERRXlF7aV9XRFFHXClnWmJSaFY0JVlYYlVrXFkxQHcgRFFHMCQ3KjMzRTQuezQtQERROispNi4wND85LCU8PUBERDUqMT0sKzI9NCkkST1ANz80Lns5LS42QDs9KUk9MDZARz0lSTFARFE6PTFJPTM4UUc9JD09QEQidW57J3hyNUMqbSk9MTNEUUc+JUo+NEVSSDExSj5BAA=="} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":42,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1673445117157636} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":42,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1673445117157636} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 42/0 ~~ skipped flows.............: 0 @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 314 chars ~~ json message max len.......: 1290 chars diff --git a/test/results/default/lisp_registration.pcap.out b/test/results/default/lisp_registration.pcap.out index cf0cce128..5cb48a838 100644 --- a/test/results/default/lisp_registration.pcap.out +++ b/test/results/default/lisp_registration.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597152685554430} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597152685554430} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597152685554430,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1597152685554430,"pkt":"qrvMAAEAqrvMAAIACABFwAB0AJYAAP8RsB8KAHsCCgB7ARD2EPYAYGa4MgABAWerkx+ei5dKAAEAFLdG1odgiOW+z\/RAIKtUGCaiNO0QAAAFoAEgEAAAAAABCgAAAhYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597152685554430,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -32,7 +32,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685555426,"flow_dst_last_pkt_time":1597152685560246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":400,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1597152687289150,"flow_src_last_pkt_time":1597152687645409,"flow_dst_last_pkt_time":1597152687439147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":452,"flow_src_tot_l4_payload_len":448,"flow_dst_tot_l4_payload_len":467,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1597152711673703,"flow_src_last_pkt_time":1597152712034854,"flow_dst_last_pkt_time":1597152711822587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":660,"flow_dst_max_l4_payload_len":532,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1597152712034854} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1597152712034854} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657110 bytes -~~ total memory freed........: 8657110 bytes -~~ total allocations/frees...: 140598/140598 +~~ total memory allocated....: 9421580 bytes +~~ total memory freed........: 9421580 bytes +~~ total allocations/frees...: 154564/154564 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 1436 chars diff --git a/test/results/default/log4j-webapp-exploit.pcap.out b/test/results/default/log4j-webapp-exploit.pcap.out index a8ce7ac83..0e01788ec 100644 --- a/test/results/default/log4j-webapp-exploit.pcap.out +++ b/test/results/default/log4j-webapp-exploit.pcap.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639425815407353} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639425815407353} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639425815407353,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425815407353,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407353,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407353,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407439,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407439,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="} @@ -64,7 +64,7 @@ 01484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1639425815407353,"flow_src_last_pkt_time":1639425834697105,"flow_dst_last_pkt_time":1639425834693853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":646,"flow_dst_max_l4_payload_len":223,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":223,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.13.31"}} 01377{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1639425815910226,"flow_src_last_pkt_time":1639425815918224,"flow_dst_last_pkt_time":1639425815918340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1352,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1548,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"172.16.238.11"}} 01377{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1639425834639606,"flow_src_last_pkt_time":1639425834642327,"flow_dst_last_pkt_time":1639425834642463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1352,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1548,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"172.16.238.11"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":426,"packets-processed":422,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1639425834697105} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":426,"packets-processed":422,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1639425834697105} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 426/422 ~~ skipped flows.............: 0 @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8678738 bytes -~~ total memory freed........: 8678738 bytes -~~ total allocations/frees...: 141055/141055 +~~ total memory allocated....: 9443304 bytes +~~ total memory freed........: 9443304 bytes +~~ total allocations/frees...: 155021/155021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 1934 chars diff --git a/test/results/default/lol_wild_rift_udp.pcap.out b/test/results/default/lol_wild_rift_udp.pcap.out index 54cdd77c1..9e3871ee9 100644 --- a/test/results/default/lol_wild_rift_udp.pcap.out +++ b/test/results/default/lol_wild_rift_udp.pcap.out @@ -1,33 +1,33 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710911302293916} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710911302293916} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302293916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911302293916,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302293916,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1710911302293916,"pkt":"RaAAYWQaQABAEQQWCtetATMU5s+5ZjqcAE2CrwQAAACh9XQVvynm3jlTFezfZZqyfZoXyZsTCGjMLyjs+Y3tCAEUfeFcvT\/yKWqSsdjGNUvABjA9CDZgnH3gykdzsp0jgQ=="} 00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1710911302381932,"pkt":"RQABgwAAQABAEWeuMxTmzwrXrQE6nLlmAW8AABAAAADTKHtCW8tRXckVVQkLpT\/aWfbg1Lmx7lculXBv4U0dQQZcx8zU\/q24iJtXX7sGEupLbx3GjC6mfunWQPiiCNqPo69FyyLtT\/tA+RZxBX66xbwWY5BugzEwtVbxMQCHCDFZWummpaHL0Qj8dD6KVzPystUdtEGtJihnqek1GPXpljG6Ety3qsU9X4nXcdT3eVz\/43SuquNG6d\/XAMAzNli7syQ9c5dFVn\/d2T9Iy6DGoeJOtrag8MXh1HhyrJe91tGEPgtsQIvG9FvBnb\/1rXrLGEzbCAemdMNenqnDO\/ue+cDxJL7gyVUTqMkNl21tpyI7dXmopr5pqntSmOHIk0I1ZDn\/ftXVx\/gC\/qz7yTT79NsVZORBwhSEFmcKGQzXmaRSJxaJzUJkIm8hPIC25WHoN1mqRY78rBple094RjMNz2I1Nqu7nGYcckXXMKuoaklHCuRLCMosRNx2TZQLmpAcJ1jw"} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710911302381932,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1710946531679896} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710911302381932,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1710946531679896} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531679896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946531679896,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531679896,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1710946531679896,"pkt":"RaAAYeWHQABAEbnVCtetAQ0z1YOqpjqfAE0i0AQAAAAhE+HV\/OESvjMRa9EQGci8CKwOM7i6HIRDu9XsSlqH420oYREY\/NhdqMY9iLOQjWQm2z\/45VJYnKqhlugCbIrYnA=="} 00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1710946531710705,"pkt":"RQABgwAAQABAEZ7bDTPVgwrXrQE6n6qmAW8AABAAAAAjmCl9zbSxZT2LhK\/0kLs0YAweDzs9Vagi0Uudkts7mDChXZpEk4H0Q6zPLQV84oQLChe53JwCr24wJyrgU2c6kx3nN35rITQV5kGmwXXou2V4iyaSshImtCozbrYH6tTo1cBsP4CDrdOHCWWiu2vFT2bqrsg7gXU0J3LHCYMURuPJvASKZ6mmhp12rbl1kwrk2vPOL+G7SATENzWYxsHd8sZ0OeAaq3GdR1YwicjlyJr3lQRZzAKoOZ4Rl0j\/i\/9HOZPJck4U7xF86ZzZGY6fYyHBinsuzC8vhIeq+uePSRb+juH2SNJFZsSsMX491JJQBx94W548vqB\/dsq7amx+tz+\/KIeOYLRtG+tYMCmo2VZb2Htj499t2dEZEu8MLyywkoFOepy1zfS+ErPMv1W5KXu3OTIlocbaoXN8tjs44z+CtaLNt\/8DpizZLEebDeNK8wZ84cILoJ7rsJonPfrx2019"} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710946531710705,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710946531710705,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1711107097463454} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710946531710705,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710946531710705,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1711107097463454} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097463454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711107097463454,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097463454,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1711107097463454,"pkt":"RaAAYWulQABAEfyKCtetATMU5s+2bjqfAE3yWgQAAABkObg21AeJfuTSNfG+n9sxT5Ti\/xrRPIt\/\/gSOX2Ei5azZk+jNjaa16ReYrT1AZqjhbsD5bPvYW7XZqK\/CIPXArg=="} 00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1711107097538920,"pkt":"RQABgwAAQABAEWeuMxTmzwrXrQE6n7ZuAW8AABAAAADwPdK8Ol+RTuXwrJRgWUKTNvFNmNv68s\/3rogA\/tIc5B1eaa2qC9cdkQEKyGLMKXJ+Q5rzt5IaNlzS4DPUh6lqlzCdMSfRBucDYjyNulavYm2xWGQTE9VRb21wtDxvpkfoLEZ1aPcyV\/JA7h0PBFPNXCRs8lO0uNnoZ0wcad9B+JKlM9dDEi0V7Ppz0JKi3roz1oWOKRGZ0tNqlXFTGPwwiK16Jw18t2v\/fO2GG6LBuJOfAdbqGtN3lHxPRN76f2ltEKFTpZpK3nysHZU\/6bV2ej3lzSUBSqGpU7heakpEU+UnOoZ\/5p5r86FRaz\/pXa3wfebFrhyGSdY8cTc\/xO7D5LehUXK5Ui\/kyo+ci7kaYBQy+Sjp\/rfJFqbpYzPrtaLbERbwnSVgF3ccggGQSdoviAElTyq032pwFaUMXT0VoGAUUv46u2gBXCck9nIP+8Ra+Z6FsXffRLdeNuS0po2KFLuj"} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711107097538920,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711107097538920,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1711524139588152} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711107097538920,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711107097538920,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1711524139588152} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1711524139588152,"pkt":"RQAAMh6VQABAER0HCtetAQ01OhKt4UZRAB6\/kgECyEEAAAABAAEAAAAeAAQABEEwQjE="} -00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1711534335502177} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1711534335502177} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1711534335502177,"pkt":"RQAAMhjdQABAESK\/CtetAQ01OhKh4EZRAB7LTQECyEEAAAABAAEAAABkAAQABEEwQjE="} -00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1328,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1711534335502177} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1328,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1711534335502177} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654821 bytes -~~ total memory freed........: 8654821 bytes -~~ total allocations/frees...: 140585/140585 +~~ total memory allocated....: 9419323 bytes +~~ total memory freed........: 9419323 bytes +~~ total allocations/frees...: 154551/154551 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 996 chars diff --git a/test/results/default/long_tls_certificate.pcap.out b/test/results/default/long_tls_certificate.pcap.out index 8d7f8c409..973fef5d5 100644 --- a/test/results/default/long_tls_certificate.pcap.out +++ b/test/results/default/long_tls_certificate.pcap.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1609756181300869} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1609756181300869} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181300869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609756181300869,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181300869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1609756181300869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181671657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1609756181671657,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} @@ -11,7 +11,7 @@ 05427{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182035731,"flow_dst_last_pkt_time":1609756182035821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6858,"midstream":0,"thread_ts_usec":1609756182035821,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","domainame":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA","blocks":0}}} 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182512712,"flow_dst_last_pkt_time":1609756182787262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":906,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1609756182787262,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":87039.9,"max":370939,"stddev":130477.0,"var":17024251904.0,"ent":3.4,"data": [370788,370939,9373,360927,2844,76,70,354425,123,125,124,131,8073,8089,5763,200299,194564,174299,34,174324,4,2275,71,66,101,117,94097,91476,274609,24,6]},"pktlen": {"min":40,"avg":370.7,"max":1492,"stddev":546.6,"var":298744.2,"ent":3.7,"data": [64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1],"entropies": [4.353732109,4.287687778,4.680641651,4.404402256,4.565872192,6.234030724,4.660021305,4.709488392,4.630641460,6.835905075,4.680641651,7.511188984,4.580641747,7.512306690,4.740514278,6.280318737,6.238153934,4.870416164,5.914383888,6.170372486,4.680641651,4.680641651,5.707346439,5.695815086,5.241580486,6.007335186,5.319273472,6.145098209,4.778975964,5.063529015,5.025067329,5.063529015]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01034{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756183156414,"flow_dst_last_pkt_time":1609756183162351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1073,"flow_dst_tot_l4_payload_len":11027,"midstream":0,"thread_ts_usec":1609756183162351,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1609756183162351} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1609756183162351} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9045520 bytes -~~ total memory freed........: 9045520 bytes -~~ total allocations/frees...: 140775/140775 +~~ total memory allocated....: 9809927 bytes +~~ total memory freed........: 9809927 bytes +~~ total allocations/frees...: 154742/154742 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 5432 chars diff --git a/test/results/default/lru_ipv6_caches.pcapng.out b/test/results/default/lru_ipv6_caches.pcapng.out index 9ecade20e..f0c462309 100644 --- a/test/results/default/lru_ipv6_caches.pcapng.out +++ b/test/results/default/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} 00835{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} @@ -84,7 +84,7 @@ 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1639052981556623} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1639052981556623} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -93,9 +93,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8688775 bytes -~~ total memory freed........: 8688775 bytes -~~ total allocations/frees...: 140760/140760 +~~ total memory allocated....: 9453501 bytes +~~ total memory freed........: 9453501 bytes +~~ total allocations/frees...: 154726/154726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 580 chars ~~ json message max len.......: 2401 chars diff --git a/test/results/default/lustre.pcapng.out b/test/results/default/lustre.pcapng.out index d4931cb7f..cb9d279b3 100644 --- a/test/results/default/lustre.pcapng.out +++ b/test/results/default/lustre.pcapng.out @@ -1,4 +1,4 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":33797609,"flow_src_last_pkt_time":33797609,"flow_dst_last_pkt_time":33797609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":33797609,"l3_proto":"ip4","src_ip":"192.168.88.132","dst_ip":"192.168.88.131","src_port":1022,"dst_port":988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":33797609,"flow_dst_last_pkt_time":33797609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":33797609,"pkt":"CAAn2I68CAAnL2M6CABFAAA8y3hAAEAGPOvAqFiEwKhYgwP+A9zvSIOYAAAAAKACchDPdgAAAgQFtAQCCAr8LF04AAAAAAEDAwc="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":33797609,"flow_dst_last_pkt_time":33797676,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":33797676,"pkt":"CAAnL2M6CAAn2I68CABFAAA8AABAAEAGCGTAqFiDwKhYhAPcA\/4IwIVt70iDmaAScSDm9QAAAgQFtAQCCApoePK5\/CxdOAEDAwc="} @@ -15,7 +15,7 @@ 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":117287839,"flow_dst_last_pkt_time":117287695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":117287839,"pkt":"CAAn2rO9CAAn\/ppgCABFAAHcueVAAEAGTPjAqFh2wKhYdwP\/A9wz0HPLv84EwIAYAP5WigAAAQEICqDGlVtngMkgwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd1iowAAAAgB2WKjAAAACADkwAAA5MAAAAQAAAEgBAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/gAAA4nVtBgAAAAAAAAAAABoAAAAAAAAAAgAAAAAAAAPTC9ALWAEAAAAAAAADAAAAAAAAAAAAAAC4AAAAaAAAAERXnpmaENjUZxIAAAMABABlAAAABgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAACwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAOJ1bQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAbHVzdHJlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMN3XXQVdaVUAAAAAAAAAAA=="} 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":33797609,"flow_src_last_pkt_time":33797888,"flow_dst_last_pkt_time":33797935,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":117289748,"l3_proto":"ip4","src_ip":"192.168.88.132","dst_ip":"192.168.88.131","src_port":1022,"dst_port":988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Lustre","proto_id":"425","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":117287477,"flow_src_last_pkt_time":117289748,"flow_dst_last_pkt_time":117288580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":3512,"flow_dst_tot_l4_payload_len":2128,"midstream":1,"thread_ts_usec":117289748,"l3_proto":"ip4","src_ip":"192.168.88.118","dst_ip":"192.168.88.119","src_port":1023,"dst_port":988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Lustre","proto_id":"425","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":117289748} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":117289748} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652008 bytes -~~ total memory freed........: 8652008 bytes -~~ total allocations/frees...: 140568/140568 +~~ total memory allocated....: 9416414 bytes +~~ total memory freed........: 9416414 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 523 chars ~~ json message max len.......: 1375 chars diff --git a/test/results/default/malformed_dns.pcap.out b/test/results/default/malformed_dns.pcap.out index 9290ced2c..5f4bd4a4c 100644 --- a/test/results/default/malformed_dns.pcap.out +++ b/test/results/default/malformed_dns.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591551760342902} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591551760342902} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551760342902,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com","domainame":"www.xt.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -9,7 +9,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551760372114,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551765342879,"pkt":"AAAAAAAAAAAAAAAACABFAAA4ny8AAEAR3YN\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} 02726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765355529,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_usec":1591551765355529,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="} 01328{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765368813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":5552,"midstream":0,"thread_ts_usec":1591551765368813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591551765368813} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591551765368813} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645060 bytes -~~ total memory freed........: 8645060 bytes -~~ total allocations/frees...: 140541/140541 +~~ total memory allocated....: 9409434 bytes +~~ total memory freed........: 9409434 bytes +~~ total allocations/frees...: 154507/154507 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 559 chars ~~ json message max len.......: 2731 chars diff --git a/test/results/default/malformed_icmp.pcap.out b/test/results/default/malformed_icmp.pcap.out index fca57d9c0..c9a4049bc 100644 --- a/test/results/default/malformed_icmp.pcap.out +++ b/test/results/default/malformed_icmp.pcap.out @@ -1,10 +1,10 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593066612951269} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593066612951269} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"thread_ts_usec":1593066612951269,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"} 01019{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01058{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1593066612951269} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1593066612951269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644898 bytes -~~ total memory freed........: 8644898 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409272 bytes +~~ total memory freed........: 9409272 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 519 chars ~~ json message max len.......: 1063 chars diff --git a/test/results/default/malware.pcap.out b/test/results/default/malware.pcap.out index 99a7f4c59..bb24f2a78 100644 --- a/test/results/default/malware.pcap.out +++ b/test/results/default/malware.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569571466977364} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569571466977364} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571466977364,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1569571466977364,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="} 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571466977364,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -10,7 +10,7 @@ 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571470672893,"flow_src_last_pkt_time":1569571470672893,"flow_dst_last_pkt_time":1569571470672893,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571470672893,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.297900}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571476362891,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569571476362891,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1569579408876326} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1569579408876326} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569579408876326,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1569579408876326,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="} 01178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569579408876326,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","http": {"url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0","detected_os":"Windows 10"}}} @@ -28,7 +28,7 @@ 01091{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571467001085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1698873191201916} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1698873191201916} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191201916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698873191201916,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191201916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698873191201916,"pkt":"YDjgxTWgABjzZLGICABFAAA08cpAAJsGFlTAqAAUwW1Ve6EYAbv2WX9aAAAAAIAC+vDXywAAAgQFtAEBBAIBAwMH"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698873191268235,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADYGbR\/BbVV7wKgAFAG7oRhDPWNP9ll\/W4ASchBmPgAAAgQFrAEBBAIBAwMH"} @@ -42,7 +42,7 @@ 01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579417280185,"flow_dst_last_pkt_time":1569579417280169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":674,"flow_dst_tot_l4_payload_len":5344,"midstream":0,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","proto_id":"91.225","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":52,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873192090163,"flow_dst_last_pkt_time":1698873192090406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":793,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2794,"flow_dst_tot_l4_payload_len":46132,"midstream":0,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579409087861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":55513,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1698873192090406} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":55513,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1698873192090406} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8708335 bytes -~~ total memory freed........: 8708335 bytes -~~ total allocations/frees...: 140762/140762 +~~ total memory allocated....: 9472902 bytes +~~ total memory freed........: 9472902 bytes +~~ total allocations/frees...: 154729/154729 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2805 chars diff --git a/test/results/default/massscan.pcap.out b/test/results/default/massscan.pcap.out index 14726835c..3d8179960 100644 --- a/test/results/default/massscan.pcap.out +++ b/test/results/default/massscan.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748003896052109} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748003896052109} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748003896052109,"flow_src_last_pkt_time":1748003896052109,"flow_dst_last_pkt_time":1748003896052109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748003896052109,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.208","src_port":43895,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1748003896052109,"flow_dst_last_pkt_time":1748003896052109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1748003896052109,"pkt":"BBjWBrNafMJVS2K8CABFAAAoaTYAAP8GzDvAqAI9wKgC0Kt3AFBl+Wu2AAAAAFACBACoDQAA"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748003896152174,"flow_src_last_pkt_time":1748003896152174,"flow_dst_last_pkt_time":1748003896152174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748003896152174,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.99","src_port":43895,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -40,7 +40,7 @@ 00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748003896152174,"flow_src_last_pkt_time":1748003896152174,"flow_dst_last_pkt_time":1748003896152174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748003896152191,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.99","src_port":43895,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01202{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748003896052109,"flow_src_last_pkt_time":1748003896052109,"flow_dst_last_pkt_time":1748003896052109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748003896152191,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.208","src_port":43895,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748003896052109,"flow_src_last_pkt_time":1748003896052109,"flow_dst_last_pkt_time":1748003896052109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748003896152191,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.208","src_port":43895,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":10,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1748003896152191} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/massscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":10,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1748003896152191} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667736 bytes -~~ total memory freed........: 8667736 bytes -~~ total allocations/frees...: 140662/140662 +~~ total memory allocated....: 9432398 bytes +~~ total memory freed........: 9432398 bytes +~~ total allocations/frees...: 154628/154628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 1207 chars diff --git a/test/results/default/matter_onoff.pcapng.out b/test/results/default/matter_onoff.pcapng.out new file mode 100644 index 000000000..c29ae482d --- /dev/null +++ b/test/results/default/matter_onoff.pcapng.out @@ -0,0 +1,43 @@ +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1641326674723287} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641326674723287,"flow_src_last_pkt_time":1641326674723287,"flow_dst_last_pkt_time":1641326674723287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641326674723287,"l3_proto":"ip4","src_ip":"192.168.86.49","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} +01116{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1641326674723287,"flow_dst_last_pkt_time":1641326674723287,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":484,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":484,"pkt_l4_len":448,"thread_ts_usec":1641326674723287,"pkt":"AAQAAQAGfCoxCQjQokYIAEUAAdRPy0AAQBHxeMCoVjHgAAD7FOkU6QHAuVoAAIAAAAAACgAAAAYJX3NlcnZpY2VzB19kbnMtc2QEX3VkcAVsb2NhbAAADAABAAAAeAALCF9tYXR0ZXJjwB7ADAAMAAEAAAB4AA4GX1Y5MDUwBF9zdWLANMAMAAwAAQAAAHgABwRfUzE1wFLADAAMAAEAAAB4AAkGX0wzODQwwFLADAAMAAEAAAB4AAYDX0NNwFLANAAMAAEAAAB4ABMQQTk0MzBGMDg1ODlCNTE1RsA0wEsADAABAAAAeAACwJ\/AZQAMAAEAAAB4AALAn8B4AAwAAQAAAHgAAsCfwI0ADAABAAAAeAACwJ\/AnwAhAAEAAAB4ABkAAAAAFaQQRUVBQUJBREFCQUQwRERDQcAjwPwAHAABAAAAeAAQ\/V6kPf7dAACvE7Kz\/Gn34MD8ABwAAQAAAHgAEP1epD3+3QAAQAMoengKRfTA\/AAcAAEAAAB4ABD+gAAAAAAAAJ9QdNeWxRpPwPwAAQABAAAAeAAEwKhWMcCfABAAAQAAEZQAOQ1WUD05MDUwKzY1Mjc5CENSST01MDAwB0NSQT0zMDADVD0xBkQ9Mzg0MARDTT0xBVBIPTMzA1BJPQ=="} +01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641326674723287,"flow_src_last_pkt_time":1641326674723287,"flow_dst_last_pkt_time":1641326674723287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641326674723287,"l3_proto":"ip4","src_ip":"192.168.86.49","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_services._dns-sd._udp.local","domainame":"_services._dns-sd._udp.local","mdns": {}}} +00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641326674726821,"flow_src_last_pkt_time":1641326674726821,"flow_dst_last_pkt_time":1641326674726821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641326674726821,"l3_proto":"ip6","src_ip":"fe80::9f50:74d7:96c5:1a4f","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} +01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1641326674726821,"flow_dst_last_pkt_time":1641326674726821,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":504,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":504,"pkt_l4_len":448,"thread_ts_usec":1641326674726821,"pkt":"AAQAAQAGfCoxCQjQNEmG3WAKEEYBwBFA\/oAAAAAAAACfUHTXlsUaT\/8CAAAAAAAAAAAAAAAAAPsU6RTpAcDtdAAAgAAAAAAKAAAABglfc2VydmljZXMHX2Rucy1zZARfdWRwBWxvY2FsAAAMAAEAAAB4AAsIX21hdHRlcmPAHsAMAAwAAQAAAHgADgZfVjkwNTAEX3N1YsA0wAwADAABAAAAeAAHBF9TMTXAUsAMAAwAAQAAAHgACQZfTDM4NDDAUsAMAAwAAQAAAHgABgNfQ03AUsA0AAwAAQAAAHgAExBBOTQzMEYwODU4OUI1MTVGwDTASwAMAAEAAAB4AALAn8BlAAwAAQAAAHgAAsCfwHgADAABAAAAeAACwJ\/AjQAMAAEAAAB4AALAn8CfACEAAQAAAHgAGQAAAAAVpBBFRUFBQkFEQUJBRDBERENBwCPA\/AAcAAEAAAB4ABD9XqQ9\/t0AAK8TsrP8affgwPwAHAABAAAAeAAQ\/V6kPf7dAABAAyh6eApF9MD8ABwAAQAAAHgAEP6AAAAAAAAAn1B015bFGk\/A\/AABAAEAAAB4AATAqFYxwJ8AEAABAAARlAA5DVZQPTkwNTArNjUyNzkIQ1JJPTUwMDAHQ1JBPTMwMANUPTEGRD0zODQwBENNPTEFUEg9MzMDUEk9"} +01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641326674726821,"flow_src_last_pkt_time":1641326674726821,"flow_dst_last_pkt_time":1641326674726821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641326674726821,"l3_proto":"ip6","src_ip":"fe80::9f50:74d7:96c5:1a4f","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_services._dns-sd._udp.local","domainame":"_services._dns-sd._udp.local","mdns": {}}} +01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1641326674728655,"flow_dst_last_pkt_time":1641326674726821,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":504,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":504,"pkt_l4_len":448,"thread_ts_usec":1641326674728655,"pkt":"AAQAAQAGfCoxCQjQAACG3WAKEEYBwBFA\/oAAAAAAAACfUHTXlsUaT\/8CAAAAAAAAAAAAAAAAAPsU6RTpAcDtdAAAgAAAAAAKAAAABglfc2VydmljZXMHX2Rucy1zZARfdWRwBWxvY2FsAAAMAAEAAAB4AAsIX21hdHRlcmPAHsAMAAwAAQAAAHgADgZfVjkwNTAEX3N1YsA0wAwADAABAAAAeAAHBF9TMTXAUsAMAAwAAQAAAHgACQZfTDM4NDDAUsAMAAwAAQAAAHgABgNfQ03AUsA0AAwAAQAAAHgAExBBOTQzMEYwODU4OUI1MTVGwDTASwAMAAEAAAB4AALAn8BlAAwAAQAAAHgAAsCfwHgADAABAAAAeAACwJ\/AjQAMAAEAAAB4AALAn8CfACEAAQAAAHgAGQAAAAAVpBBFRUFBQkFEQUJBRDBERENBwCPA\/AAcAAEAAAB4ABD9XqQ9\/t0AAK8TsrP8affgwPwAHAABAAAAeAAQ\/V6kPf7dAABAAyh6eApF9MD8ABwAAQAAAHgAEP6AAAAAAAAAn1B015bFGk\/A\/AABAAEAAAB4AATAqFYxwJ8AEAABAAARlAA5DVZQPTkwNTArNjUyNzkIQ1JJPTUwMDAHQ1JBPTMwMANUPTEGRD0zODQwBENNPTEFUEg9MzMDUEk9"} +01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1641326674730504,"flow_dst_last_pkt_time":1641326674726821,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":504,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":504,"pkt_l4_len":448,"thread_ts_usec":1641326674730504,"pkt":"AAQAAQAGfCoxCQjQAACG3WAKEEYBwBFA\/oAAAAAAAACfUHTXlsUaT\/8CAAAAAAAAAAAAAAAAAPsU6RTpAcDtdAAAgAAAAAAKAAAABglfc2VydmljZXMHX2Rucy1zZARfdWRwBWxvY2FsAAAMAAEAAAB4AAsIX21hdHRlcmPAHsAMAAwAAQAAAHgADgZfVjkwNTAEX3N1YsA0wAwADAABAAAAeAAHBF9TMTXAUsAMAAwAAQAAAHgACQZfTDM4NDDAUsAMAAwAAQAAAHgABgNfQ03AUsA0AAwAAQAAAHgAExBBOTQzMEYwODU4OUI1MTVGwDTASwAMAAEAAAB4AALAn8BlAAwAAQAAAHgAAsCfwHgADAABAAAAeAACwJ\/AjQAMAAEAAAB4AALAn8CfACEAAQAAAHgAGQAAAAAVpBBFRUFBQkFEQUJBRDBERENBwCPA\/AAcAAEAAAB4ABD9XqQ9\/t0AAK8TsrP8affgwPwAHAABAAAAeAAQ\/V6kPf7dAABAAyh6eApF9MD8ABwAAQAAAHgAEP6AAAAAAAAAn1B015bFGk\/A\/AABAAEAAAB4AATAqFYxwJ8AEAABAAARlAA5DVZQPTkwNTArNjUyNzkIQ1JJPTUwMDAHQ1JBPTMwMANUPTEGRD0zODQwBENNPTEFUEg9MzMDUEk9"} +01116{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1641326674735323,"flow_dst_last_pkt_time":1641326674723287,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":484,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":484,"pkt_l4_len":448,"thread_ts_usec":1641326674735323,"pkt":"AAQAAQAGfCoxCQjQYx0IAEUAAdRPzUAAQBHxdsCoVjHgAAD7FOkU6QHAuVoAAIAAAAAACgAAAAYJX3NlcnZpY2VzB19kbnMtc2QEX3VkcAVsb2NhbAAADAABAAAAeAALCF9tYXR0ZXJjwB7ADAAMAAEAAAB4AA4GX1Y5MDUwBF9zdWLANMAMAAwAAQAAAHgABwRfUzE1wFLADAAMAAEAAAB4AAkGX0wzODQwwFLADAAMAAEAAAB4AAYDX0NNwFLANAAMAAEAAAB4ABMQQTk0MzBGMDg1ODlCNTE1RsA0wEsADAABAAAAeAACwJ\/AZQAMAAEAAAB4AALAn8B4AAwAAQAAAHgAAsCfwI0ADAABAAAAeAACwJ\/AnwAhAAEAAAB4ABkAAAAAFaQQRUVBQUJBREFCQUQwRERDQcAjwPwAHAABAAAAeAAQ\/V6kPf7dAACvE7Kz\/Gn34MD8ABwAAQAAAHgAEP1epD3+3QAAQAMoengKRfTA\/AAcAAEAAAB4ABD+gAAAAAAAAJ9QdNeWxRpPwPwAAQABAAAAeAAEwKhWMcCfABAAAQAAEZQAOQ1WUD05MDUwKzY1Mjc5CENSST01MDAwB0NSQT0zMDADVD0xBkQ9Mzg0MARDTT0xBVBIPTMzA1BJPQ=="} +01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1641326674738133,"flow_dst_last_pkt_time":1641326674726821,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":504,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":504,"pkt_l4_len":448,"thread_ts_usec":1641326674738133,"pkt":"AAQAAQAGfCoxCQjQBAaG3WAKEEYBwBFA\/oAAAAAAAACfUHTXlsUaT\/8CAAAAAAAAAAAAAAAAAPsU6RTpAcDtdAAAgAAAAAAKAAAABglfc2VydmljZXMHX2Rucy1zZARfdWRwBWxvY2FsAAAMAAEAAAB4AAsIX21hdHRlcmPAHsAMAAwAAQAAAHgADgZfVjkwNTAEX3N1YsA0wAwADAABAAAAeAAHBF9TMTXAUsAMAAwAAQAAAHgACQZfTDM4NDDAUsAMAAwAAQAAAHgABgNfQ03AUsA0AAwAAQAAAHgAExBBOTQzMEYwODU4OUI1MTVGwDTASwAMAAEAAAB4AALAn8BlAAwAAQAAAHgAAsCfwHgADAABAAAAeAACwJ\/AjQAMAAEAAAB4AALAn8CfACEAAQAAAHgAGQAAAAAVpBBFRUFBQkFEQUJBRDBERENBwCPA\/AAcAAEAAAB4ABD9XqQ9\/t0AAK8TsrP8affgwPwAHAABAAAAeAAQ\/V6kPf7dAABAAyh6eApF9MD8ABwAAQAAAHgAEP6AAAAAAAAAn1B015bFGk\/A\/AABAAEAAAB4AATAqFYxwJ8AEAABAAARlAA5DVZQPTkwNTArNjUyNzkIQ1JJPTUwMDAHQ1JBPTMwMANUPTEGRD0zODQwBENNPTEFUEg9MzMDUEk9"} +01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1641326674739925,"flow_dst_last_pkt_time":1641326674726821,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":504,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":504,"pkt_l4_len":448,"thread_ts_usec":1641326674739925,"pkt":"AAQAAQAGfCoxCQjQctiG3WAKEEYBwBFA\/oAAAAAAAACfUHTXlsUaT\/8CAAAAAAAAAAAAAAAAAPsU6RTpAcDtdAAAgAAAAAAKAAAABglfc2VydmljZXMHX2Rucy1zZARfdWRwBWxvY2FsAAAMAAEAAAB4AAsIX21hdHRlcmPAHsAMAAwAAQAAAHgADgZfVjkwNTAEX3N1YsA0wAwADAABAAAAeAAHBF9TMTXAUsAMAAwAAQAAAHgACQZfTDM4NDDAUsAMAAwAAQAAAHgABgNfQ03AUsA0AAwAAQAAAHgAExBBOTQzMEYwODU4OUI1MTVGwDTASwAMAAEAAAB4AALAn8BlAAwAAQAAAHgAAsCfwHgADAABAAAAeAACwJ\/AjQAMAAEAAAB4AALAn8CfACEAAQAAAHgAGQAAAAAVpBBFRUFBQkFEQUJBRDBERENBwCPA\/AAcAAEAAAB4ABD9XqQ9\/t0AAK8TsrP8affgwPwAHAABAAAAeAAQ\/V6kPf7dAABAAyh6eApF9MD8ABwAAQAAAHgAEP6AAAAAAAAAn1B015bFGk\/A\/AABAAEAAAB4AATAqFYxwJ8AEAABAAARlAA5DVZQPTkwNTArNjUyNzkIQ1JJPTUwMDAHQ1JBPTMwMANUPTEGRD0zODQwBENNPTEFUEg9MzMDUEk9"} +01116{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1641326674744849,"flow_dst_last_pkt_time":1641326674723287,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":484,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":484,"pkt_l4_len":448,"thread_ts_usec":1641326674744849,"pkt":"AAQAAQAGfCoxCQjQZAAIAEUAAdRPzkAAQBHxdcCoVjHgAAD7FOkU6QHAslQAAIAAAAAACgAAAAYJX3NlcnZpY2VzB19kbnMtc2QEX3VkcAVsb2NhbAAADAABAAAAeAALCF9tYXR0ZXJjwB7ADAAMAAEAAAB4AA4GX1Y5MDUwBF9zdWLANMAMAAwAAQAAAHgABwRfUzE1wFLADAAMAAEAAAB4AAkGX0wzODQwwFLADAAMAAEAAAB4AAYDX0NNwFLANAAMAAEAAAB4ABMQNEQ5QUJEMzQ2OTIxMjU4RcA0wEsADAABAAAAeAACwJ\/AZQAMAAEAAAB4AALAn8B4AAwAAQAAAHgAAsCfwI0ADAABAAAAeAACwJ\/AnwAhAAEAAAB4ABkAAAAAFaQQRUVBQUJBREFCQUQwRERDQcAjwPwAHAABAAAAeAAQ\/V6kPf7dAACvE7Kz\/Gn34MD8ABwAAQAAAHgAEP1epD3+3QAAQAMoengKRfTA\/AAcAAEAAAB4ABD+gAAAAAAAAJ9QdNeWxRpPwPwAAQABAAAAeAAEwKhWMcCfABAAAQAAEZQAOQ1WUD05MDUwKzY1Mjc5CENSST01MDAwB0NSQT0zMDADVD0xBkQ9Mzg0MARDTT0xBVBIPTMzA1BJPQ=="} +00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641326694097666,"flow_src_last_pkt_time":1641326694097666,"flow_dst_last_pkt_time":1641326694097666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641326694097666,"l3_proto":"ip6","src_ip":"fd5e:a43d:fedd::af13:b2b3:fc69:f7e0","dst_ip":"fd5e:a43d:fedd::af13:b2b3:fc69:f7e0","src_port":5542,"dst_port":5540,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1641326694097666,"flow_dst_last_pkt_time":1641326694097666,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":134,"pkt_l4_len":78,"thread_ts_usec":1641326694097666,"pkt":"AAADBAAGAAAAAAAAzTWG3WAAyqcAThFA\/V6kPf7dAACvE7Kz\/Gn34P1epD3+3QAArxOys\/xp9+AVphWkAE7teAAAAAAPMfg4BSB2vwAAFTABIMFOb1Ni\/GPpLdu9R2IKpGTVl4VTmEzNcniYf4UBhbcHJAIBJAMAKAQ1BSUBiBMlAiwBGBg="} +00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641326694097666,"flow_src_last_pkt_time":1641326694097666,"flow_dst_last_pkt_time":1641326694097666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641326694097666,"l3_proto":"ip6","src_ip":"fd5e:a43d:fedd::af13:b2b3:fc69:f7e0","dst_ip":"fd5e:a43d:fedd::af13:b2b3:fc69:f7e0","src_port":5542,"dst_port":5540,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Matter","proto_id":"457","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} +00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1641326694097666,"flow_dst_last_pkt_time":1641326694098420,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":193,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":193,"pkt_l4_len":137,"thread_ts_usec":1641326694098420,"pkt":"AAADBAAGAAAAAAAAnYWG3WADdNgAiRFA\/V6kPf7dAACvE7Kz\/Gn34P1epD3+3QAArxOys\/xp9+AVpBWmAIntswAAAABcP4fFBiF2vwAADzH4OBUwASDBTm9TYvxj6S3bvUdiCqRk1ZeFU5hMzXJ4mH+FAYW3BzACIP3Yzt3dEoN8OzIL7QMxCJWZjVBYDt0H5kg0YH6w0bayJAMBNQQkAWQwAhBTUEFLRTJQIEtleSBTYWx0GDUFJQGIEyUCLAEYGA=="} +00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1641326694099157,"flow_dst_last_pkt_time":1641326694098420,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":152,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":152,"pkt_l4_len":96,"thread_ts_usec":1641326694099157,"pkt":"AAADBAAGAAAAAAAAOBqG3WAAyqcAYBFA\/V6kPf7dAACvE7Kz\/Gn34P1epD3+3QAArxOys\/xp9+AVphWkAGDtigAAAAAQMfg4ByJ2vwAAXD+HxRUwAUEErmVgUJrtQ0v+Befk2+9L8mh9AyPG9s+q0bJVBF+oqvgN5CnFiI4NUwMXU0Xm3wS29tMpe9g\/9n+cf+tjFFELMhg="} +00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1641326694099157,"flow_dst_last_pkt_time":1641326694100910,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":187,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":187,"pkt_l4_len":131,"thread_ts_usec":1641326694100910,"pkt":"AAADBAAGAAAAAAAAAAGG3WADdNgAgxFA\/V6kPf7dAACvE7Kz\/Gn34P1epD3+3QAArxOys\/xp9+AVpBWmAIPtrQAAAABdP4fFBiN2vwAAEDH4OBUwAUEEXGiQYBVKdYkVlBXwzaNuPmo3Zq6hTDVDBGg2DPD4F4nPktOHIwXnetKa8qhCuF3dmQrlhHEUK2Z+\/xmVMT+lGDACIAbE7r3TBH+vG2VrnaMHKCAznzIO39vuBE7x8zDhm6lxGA=="} +00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1641326694101693,"flow_dst_last_pkt_time":1641326694100910,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":119,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":119,"pkt_l4_len":63,"thread_ts_usec":1641326694101693,"pkt":"AAADBAAGAAAAAAAAQACG3WAAyqcAPxFA\/V6kPf7dAACvE7Kz\/Gn34P1epD3+3QAArxOys\/xp9+AVphWkAD\/taQAAAAARMfg4ByR2vwAAXT+HxRUwASBgTliTgyhJ9jDz57ikvrZsboSDP4ggfhzqG60LDaiA7Bg="} +01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1641326694119599,"flow_dst_last_pkt_time":1641326674723287,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":547,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":547,"pkt_l4_len":511,"thread_ts_usec":1641326694119599,"pkt":"AAQAAQAGfCoxCQjQyoAIAEUAAhNRUUAAQBHvs8CoVjHgAAD7FOkU6QH\/cnoAAIQAAAAADgAAAAIJX3NlcnZpY2VzB19kbnMtc2QEX3VkcAVsb2NhbAAADAABAAAAeAAPB19tYXR0ZXIEX3RjcMAjwAwADAABAAAAeAAaEl9JREVCMEEzMDAxN0UzREIzOQRfc3ViwDTANAAMAAEAAAB4ACQhREVCMEEzMDAxN0UzREIzOS0wMDAwMDAwMDAwMDAwMDAxwDTATwAMAAEAAAB4AALAdcAMAAwAAQAAAHgACwhfbWF0dGVyY8AewAwADAABAAAAeAAOBl9WOTA1MARfc3ViwLPADAAMAAEAAAB4AAcEX1MxNcDRwAwADAABAAAAeAAJBl9MMzg0MMDRwAwADAABAAAAeAAGA19DTcDRwLMADAABAAAAeAATEDREOUFCRDM0NjkyMTI1OEXAs8DKAAwAAQAAAHgAExA0RDlBQkQzNDY5MjEyNThFwLPA5AAMAAEAAAB4ABMQNEQ5QUJEMzQ2OTIxMjU4RcCzwPcADAABAAAAeAATEDREOUFCRDM0NjkyMTI1OEXAswNfQ03A0QAMAAEAAAB4ABMQNEQ5QUJEMzQ2OTIxMjU4RcCzwHUAIQABAAAAeAAZAAAAABWkEEVFQUFCQURBQkFEMEREQ0HAI8B1ABAAAQAAEZQAFQhDUkk9NTAwMAdDUkE9MzAwA1Q9MQ=="} +02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1641326694097666,"flow_src_last_pkt_time":1641326694125479,"flow_dst_last_pkt_time":1641326694123752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":559,"flow_src_tot_l4_payload_len":1958,"flow_dst_tot_l4_payload_len":2420,"midstream":0,"thread_ts_usec":1641326694125479,"l3_proto":"ip6","src_ip":"fd5e:a43d:fedd::af13:b2b3:fc69:f7e0","dst_ip":"fd5e:a43d:fedd::af13:b2b3:fc69:f7e0","src_port":5542,"dst_port":5540,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":1738.7,"max":7389,"stddev":1916.1,"var":3671347.2,"ent":4.2,"data": [754,1491,2490,2536,980,481,74,791,1137,129,1879,1785,137,1211,1055,130,1146,986,130,2911,5249,180,4300,2712,217,2235,989,129,7389,7345,921]},"pktlen": {"min":66,"avg":184.8,"max":607,"stddev":162.2,"var":26323.5,"ent":4.6,"data": [118,177,136,171,103,74,114,66,112,117,82,112,107,82,585,107,82,607,139,82,458,139,82,422,344,82,112,604,82,118,82,216]},"bins": {"c_to_s": [1,11,6,0,0,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,4,1,1,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [5.707329750,6.364796162,6.126908779,6.566694260,5.641691208,4.480421543,5.992292881,4.747190952,5.934601307,5.976493359,5.304888725,6.086561203,5.916059971,5.368854046,7.584079742,5.848347664,5.411656380,7.636106491,6.291174412,5.411656380,7.470847130,6.330708981,5.353669643,7.469085217,7.220839500,5.396471977,6.086561680,7.546925068,5.387265682,6.060663223,5.286477089,6.635004044]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Matter","proto_id":"457","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} +01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1641326694132594,"flow_dst_last_pkt_time":1641326674723287,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":547,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":547,"pkt_l4_len":511,"thread_ts_usec":1641326694132594,"pkt":"AAQAAQAGfCoxCQjQWiIIAEUAAhNRVUAAQBHvr8CoVjHgAAD7FOkU6QH\/cnoAAIQAAAAADgAAAAIJX3NlcnZpY2VzB19kbnMtc2QEX3VkcAVsb2NhbAAADAABAAAAeAAPB19tYXR0ZXIEX3RjcMAjwAwADAABAAAAeAAaEl9JREVCMEEzMDAxN0UzREIzOQRfc3ViwDTANAAMAAEAAAB4ACQhREVCMEEzMDAxN0UzREIzOS0wMDAwMDAwMDAwMDAwMDAxwDTATwAMAAEAAAB4AALAdcAMAAwAAQAAAHgACwhfbWF0dGVyY8AewAwADAABAAAAeAAOBl9WOTA1MARfc3ViwLPADAAMAAEAAAB4AAcEX1MxNcDRwAwADAABAAAAeAAJBl9MMzg0MMDRwAwADAABAAAAeAAGA19DTcDRwLMADAABAAAAeAATEDREOUFCRDM0NjkyMTI1OEXAs8DKAAwAAQAAAHgAExA0RDlBQkQzNDY5MjEyNThFwLPA5AAMAAEAAAB4ABMQNEQ5QUJEMzQ2OTIxMjU4RcCzwPcADAABAAAAeAATEDREOUFCRDM0NjkyMTI1OEXAswNfQ03A0QAMAAEAAAB4ABMQNEQ5QUJEMzQ2OTIxMjU4RcCzwHUAIQABAAAAeAAZAAAAABWkEEVFQUFCQURBQkFEMEREQ0HAI8B1ABAAAQAAEZQAFQhDUkk9NTAwMAdDUkE9MzAwA1Q9MQ=="} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":14,"flow_first_seen":1641326694097666,"flow_src_last_pkt_time":1641326694131777,"flow_dst_last_pkt_time":1641326694131305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":732,"flow_src_tot_l4_payload_len":2665,"flow_dst_tot_l4_payload_len":3242,"midstream":0,"thread_ts_usec":1641326694137888,"l3_proto":"ip6","src_ip":"fd5e:a43d:fedd::af13:b2b3:fc69:f7e0","dst_ip":"fd5e:a43d:fedd::af13:b2b3:fc69:f7e0","src_port":5542,"dst_port":5540,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Matter","proto_id":"457","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} +01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1641326674723287,"flow_src_last_pkt_time":1641326694136499,"flow_dst_last_pkt_time":1641326674723287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641326694137888,"l3_proto":"ip4","src_ip":"192.168.86.49","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_services._dns-sd._udp.local"}} +01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1641326674726821,"flow_src_last_pkt_time":1641326694137888,"flow_dst_last_pkt_time":1641326674726821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641326694137888,"l3_proto":"ip6","src_ip":"fe80::9f50:74d7:96c5:1a4f","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_services._dns-sd._udp.local"}} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/matter_onoff.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":63,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16559,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1641326694137888} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 63/63 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 16559 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 9415923 bytes +~~ total memory freed........: 9415923 bytes +~~ total allocations/frees...: 154582/154582 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 596 chars +~~ json message max len.......: 2209 chars +~~ json message avg len.......: 1393 chars diff --git a/test/results/default/melsec.pcapng.out b/test/results/default/melsec.pcapng.out index 00b799362..e83af383e 100644 --- a/test/results/default/melsec.pcapng.out +++ b/test/results/default/melsec.pcapng.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1699010867473965} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1699010867473965} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1699010867473965,"flow_src_last_pkt_time":1699010867473965,"flow_dst_last_pkt_time":1699010867473965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1699010867473965,"l3_proto":"ip4","src_ip":"172.17.0.158","dst_ip":"172.17.0.134","src_port":40260,"dst_port":5007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1699010867473965,"flow_dst_last_pkt_time":1699010867473965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1699010867473965,"pkt":"AFBWsElDAFBWi07dCABFAAA0Q\/pAAIAGAACsEQCerBEAhp1EE49pXqXyAAAAAIAC+vBZbQAAAgQFtAEDAwgBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1699010867473965,"flow_dst_last_pkt_time":1699010867475164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1699010867475164,"pkt":"AFBWi07dAFBWsElDCABFAAAsAAEAAD8GIoWsEQCGrBEAnhOPnUQAAVMBaV6l82ASLaD+BwAAAgQFtAAA"} @@ -16,7 +16,7 @@ 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1699010867473965,"flow_src_last_pkt_time":1699010867488269,"flow_dst_last_pkt_time":1699010867488244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":71,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":75,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1699010867488269,"l3_proto":"ip4","src_ip":"172.17.0.158","dst_ip":"172.17.0.134","src_port":40260,"dst_port":5007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MELSEC","proto_id":"75","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1699010867488269,"flow_src_last_pkt_time":1699010867488269,"flow_dst_last_pkt_time":1699010867488269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1699010867488269,"l3_proto":"ip4","src_ip":"192.168.3.250","dst_ip":"255.255.255.255","src_port":5560,"dst_port":49156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MELSEC","proto_id":"75","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1699010867488269,"flow_src_last_pkt_time":1699010867488269,"flow_dst_last_pkt_time":1699010867488269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1699010867488269,"l3_proto":"ip4","src_ip":"192.168.3.101","dst_ip":"255.255.255.255","src_port":49156,"dst_port":5560,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MELSEC","proto_id":"75","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1699010867488269} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/melsec.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1699010867488269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652080 bytes -~~ total memory freed........: 8652080 bytes -~~ total allocations/frees...: 140567/140567 +~~ total memory allocated....: 9416518 bytes +~~ total memory freed........: 9416518 bytes +~~ total allocations/frees...: 154533/154533 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/memcached.cap.out b/test/results/default/memcached.cap.out index 107ae061a..20ca75db0 100644 --- a/test/results/default/memcached.cap.out +++ b/test/results/default/memcached.cap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534343745954071} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534343745954071} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534343745954071,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1534343745954071,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1534343745954090,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="} @@ -8,7 +8,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1534343745954230,"flow_dst_last_pkt_time":1534343745954238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1534343745954238,"pkt":"AAAAAAAAAAAAAAAACABFAAA0B5VAAEAGNS1\/AAABfwAAASvL6NTLJnx7LJHe2IAQAVb+KAAAAQEICikge+4pIHvu"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954230,"flow_dst_last_pkt_time":1534343745954346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":1028,"midstream":0,"thread_ts_usec":1534343745954346,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","proto_id":"40","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954749,"flow_dst_last_pkt_time":1534343745954737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":1028,"midstream":0,"thread_ts_usec":1534343745954749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","proto_id":"40","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1534343745954749} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1534343745954749} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647176 bytes -~~ total memory freed........: 8647176 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9411550 bytes +~~ total memory freed........: 9411550 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 973 chars diff --git a/test/results/default/merakicloud.pcapng.out b/test/results/default/merakicloud.pcapng.out index 90ab99333..57ffaad6c 100644 --- a/test/results/default/merakicloud.pcapng.out +++ b/test/results/default/merakicloud.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444916586594} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444916586594} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673444916586594,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1673444916586594,"pkt":"AAAAAAAAAAEC+qKgCABFAACM6EcAAPkR334CJOqF0c47IrjFHLcAeI5V\/vcokQ0BAHAGihtOAAAAACpmyZcAAAAAAFYCCGO+vhsqCRUEAyQc8x5t8LeScWQ7JhVYfzr5StSHn5mSLCeBOnIKUwGFNtdHnBkECAAAAHcAUa57BQgAAIDsAACAXAcIAAAAAjgFaqcGAQQIA+DLvA=="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673444916586594,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445216593721,"flow_dst_last_pkt_time":1673445216785656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2231,"flow_dst_tot_l4_payload_len":1338,"midstream":0,"thread_ts_usec":1673445216785656,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445266594530,"flow_dst_last_pkt_time":1673445266791083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2455,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1673445266791083,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445316595722,"flow_dst_last_pkt_time":1673445316799009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2679,"flow_dst_tot_l4_payload_len":1522,"midstream":0,"thread_ts_usec":1673445316799009,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1673445316799009} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1673445316799009} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646118 bytes -~~ total memory freed........: 8646118 bytes -~~ total allocations/frees...: 140577/140577 +~~ total memory allocated....: 9410492 bytes +~~ total memory freed........: 9410492 bytes +~~ total allocations/frees...: 154543/154543 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 2307 chars diff --git a/test/results/default/mgcp.pcap.out b/test/results/default/mgcp.pcap.out index fdf08adca..788649951 100644 --- a/test/results/default/mgcp.pcap.out +++ b/test/results/default/mgcp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1008850756991000} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1008850756991000} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850756991683,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -8,7 +8,7 @@ 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1008850833713523,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1008850833713523,"pkt":"AJD4ADLsABCk62CzCABFAAAvAABAAEAR37KsEAF0rBABdwl7CXsAG7oNMjAwIDMxNjU2ODYwIG9rDQoNCg=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1008850833723445,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850833723445,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1008850837740350,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1463066849887905} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1463066849887905} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1463066849887905,"pkt":"AFBWWvA7AAtFuLlqCABFaABPAQAAAP4RztYKCuRICgr0Agl7CXsAO7a8UlNJUCAyNjI2NjIxMzQgKkB2ZzIyNCBNR0NQIDAuMQpSTTogZ3JhY2VmdWwKUkQ6IDAK"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -17,23 +17,23 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":1463066853412310,"pkt":"AAtFuLlqAFBWWvA7CABFYAArAABAAEARTgMKCvQCCgrkSAl7CXsAF5IpMjAwIDI2MjY2MjEzNiAK"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1463066853412475,"pkt":"AAtFuLlqAFBWWvA7CABFYABaAABAAEARTdQKCvQCCgrkSAl7CXsARu+2UlFOVCA4MCBBQUxOL1MyLzFAdmcyMjQgTUdDUCAwLjEKWDogMgpSOiBML2hkClE6IHByb2Nlc3MsbG9vcAo="} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1463066856144135,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1686372010814355} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1686372010814355} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686372010814355,"pkt":"ilE1KSR8ZJY1Gdp3CABFAABUWtAAAG4RuMu7KyW8xKc7fJ9eCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066856143684,"flow_dst_last_pkt_time":1463066856144135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":166,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"vg224"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1686543048544843} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1686543048544843} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686543048544843,"pkt":"K5AY5etoTv\/LX0MOCABFAABUkT8AAGwRhFxD6LT6unCAs5VeCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":29,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1686675230897603} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":29,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1686675230897603} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686675230897603,"pkt":"7\/8xXMRAPxLVY\/fxCABFAABUIe0AAG4R8bJcrabVU\/rvIcryCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":29,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1686675230897603} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":29,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1686675230897603} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/23 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655253 bytes -~~ total memory freed........: 8655253 bytes -~~ total allocations/frees...: 140600/140600 +~~ total memory allocated....: 9419755 bytes +~~ total memory freed........: 9419755 bytes +~~ total allocations/frees...: 154566/154566 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 1003 chars diff --git a/test/results/default/mikrotik_mndp.pcap.out b/test/results/default/mikrotik_mndp.pcap.out index 9c8b3ff6c..d8ff9872f 100644 --- a/test/results/default/mikrotik_mndp.pcap.out +++ b/test/results/default/mikrotik_mndp.pcap.out @@ -1,19 +1,19 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104390741932} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104390741932} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_usec":1470104390741932,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} 01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:9A:EC:54","version":"6.35.1 (stable)","software_id":"3DXY-KHGD","board":"CRS125-24G-1S","ipv6_addr":"fe80::4e5e:cff:fe9a:ec54","uptime":2096332544}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1470104402518258,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="} 01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1731593241768332} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1731593241768332} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731593241768332,"flow_src_last_pkt_time":1731593241768332,"flow_dst_last_pkt_time":1731593241768332,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip4","src_ip":"192.168.2.106","dst_ip":"255.255.255.255","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731593241768332,"flow_dst_last_pkt_time":1731593241768332,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1731593241768332,"pkt":"\/\/\/\/\/\/\/\/SKmKDeSdCABFAADNAAAAAEARtw7AqAJq\/\/\/\/\/xYuFi4AuZvifQUCAAABAAZIqYoN5J0ABQAMTWlrcm9UaWsgQXgzAAcAITcuNyAoc3RhYmxlKSBKYW4vMTIvMjAyMyAwNzozNTo0NQAIAAhNaWtyb1RpawAKAATLC7EAAAsACUFUTEYtQVBFRAAMABNDNTNVaUcrNUhQYXhEMkhQYXhEAA4AAQEADwAQ\/oAAAAAAAABKqYr\/\/g3knQAQABFicmlkZ2VfbGFuL2V0aGVyMQARAATAqAJq"} 01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731593241768332,"flow_src_last_pkt_time":1731593241768332,"flow_dst_last_pkt_time":1731593241768332,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip4","src_ip":"192.168.2.106","dst_ip":"255.255.255.255","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"48:A9:8A:0D:E4:9D","identity":"MikroTik Ax3","version":"7.7 (stable) Jan\/12\/2023 07:35:45","software_id":"ATLF-APED","board":"C53UiG+5HPaxD2HPaxD","iface_name":"bridge_lan\/ether1","ipv6_addr":"fe80::4aa9:8aff:fe0d:e49d","uptime":3406541056}}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731593241768332,"flow_src_last_pkt_time":1731593241768332,"flow_dst_last_pkt_time":1731593241768332,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip4","src_ip":"192.168.2.106","dst_ip":"255.255.255.255","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":435,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1731593241768332} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":435,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1731593241768332} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649717 bytes -~~ total memory freed........: 8649717 bytes -~~ total allocations/frees...: 140555/140555 +~~ total memory allocated....: 9414155 bytes +~~ total memory freed........: 9414155 bytes +~~ total allocations/frees...: 154521/154521 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 595 chars ~~ json message max len.......: 1218 chars diff --git a/test/results/default/mining.pcapng.out b/test/results/default/mining.pcapng.out index 951408c67..c5030256c 100644 --- a/test/results/default/mining.pcapng.out +++ b/test/results/default/mining.pcapng.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484655421797845} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484655421797845} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421797845,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484655421797845,"pkt":"AASWHU4wHG9l2GloCABFAAA0A\/tAAIAGAACT5Q3euUdCJ8CbJw\/zdEGlAAAAAIACIACdWAAAAgQFtAEDAwIBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421816250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484655421816250,"pkt":"HG9l2GloAASWHU4wCABFAAAoAABAADEGrJ65R0Ink+UN3icPwJv+A6hh83RBplASAABPdQAAAAAAAAAA"} @@ -8,7 +8,7 @@ 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1484655421843996,"pkt":"AASWHU4wHG9l2GloCABFAADWA\/1AAIAGAACT5Q3euUdCJ8CbJw\/zdEGm\/gOoYlAY\/3Cd+gAAeyJ3b3JrZXIiOiAiZXRoMS4wIiwgImpzb25ycGMiOiAiMi4wIiwgInBhcmFtcyI6IFsiMHg5Yzk5ZDIxMmY3ZTVkYWExOGFiNTA4MTBlMGZkMjU1ZDFmMDQzMDNiL3Rlc3Rlci53b3JrZXIxL3Z2ZXNlbHlAbWFpbGluYXRvciIsICJ4Il0sICJpZCI6IDIsICJtZXRob2QiOiAiZXRoX3N1Ym1pdExvZ2luIn0K"} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421843996,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655452163379,"flow_dst_last_pkt_time":1484655451963831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":243,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":2226,"midstream":0,"thread_ts_usec":1484655452163379,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1952629.6,"max":9791290,"stddev":3004713.0,"var":9028300177408.0,"ent":3.5,"data": [18405,18478,27683,27673,25791,11368,1,37175,8284,48338,236647,209260,12613,9755422,9791290,235473,2439803,2440063,7323703,7588500,64939,25659,10296,234651,3831832,3833133,885298,890088,5008744,5252462,238448]},"pktlen": {"min":40,"avg":131.1,"max":283,"stddev":104.0,"var":10823.6,"ent":4.6,"data": [52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40]},"bins": {"c_to_s": [11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0],"entropies": [4.421030521,4.206097126,4.730641365,4.390829086,5.638098717,4.565871716,5.435059071,5.159528255,4.561769485,5.337047100,5.173661709,4.730641365,5.160906792,4.680641174,5.323744297,5.159528255,4.730641365,5.122583389,4.680641651,4.630837917,4.652828693,5.353575706,4.652828693,5.170008659,4.711769104,5.164538860,4.780641556,5.164218426,4.680641651,5.337047100,5.144396782,4.780641556]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1514196094240063} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1514196094240063} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094240063,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094240063,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094322725,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} @@ -33,12 +33,12 @@ 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196197053838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1514196197053838,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"} 02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1514196703786322} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1514196703786322} 02379{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":62,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514197248783309,"flow_dst_last_pkt_time":1514197248783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":4723,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":673,"packets-processed":673,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1514197279769698} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":673,"packets-processed":673,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1514197279769698} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 673/673 ~~ skipped flows.............: 0 @@ -47,9 +47,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8679843 bytes -~~ total memory freed........: 8679843 bytes -~~ total allocations/frees...: 141243/141243 +~~ total memory allocated....: 9444313 bytes +~~ total memory freed........: 9444313 bytes +~~ total allocations/frees...: 155209/155209 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2384 chars diff --git a/test/results/default/mismatching_hostname.pcap.out b/test/results/default/mismatching_hostname.pcap.out new file mode 100644 index 000000000..4da869818 --- /dev/null +++ b/test/results/default/mismatching_hostname.pcap.out @@ -0,0 +1,29 @@ +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1760686200815296} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1760686200815296,"flow_src_last_pkt_time":1760686200815296,"flow_dst_last_pkt_time":1760686200815296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760686200815296,"l3_proto":"ip4","src_ip":"192.168.2.7","dst_ip":"51.38.65.98","src_port":35162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1760686200815296,"flow_dst_last_pkt_time":1760686200815296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760686200815296,"pkt":"nlg8eiJk0rgBu6fgCABFAAA81S9AAEAGLlXAqAIHMyZBYolaAbtG8\/aXAAAAAKAC\/\/8iDAAAAgQFtAQCCAqIN53hAAAAAAEDAwo="} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1760686200815296,"flow_dst_last_pkt_time":1760686200865185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1760686200865185,"pkt":"0rgBu6fgnlg8eiJkCABFAAA8AAAAACoGWYUzJkFiwKgCBwG7iVoX0LoyRvP2mKAS\/oj6jQAAAgQFrAQCCAoWd0B1iDed4QEDAwc="} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1760686200869147,"flow_dst_last_pkt_time":1760686200865185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760686200869147,"pkt":"nlg8eiJk0rgBu6fgCABFAAA01TBAAEAGLlzAqAIHMyZBYolaAbtG8\/aYF9C6M4AQAEAnXQAAAQEICog3nh8Wd0B1"} +00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1760686200873516,"flow_dst_last_pkt_time":1760686200865185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_usec":1760686200873516,"pkt":"nlg8eiJk0rgBu6fgCABFAAEy1TFAAEAGLV3AqAIHMyZBYolaAbtG8\/aYF9C6M4AYAEBnmgAAAQEICog3niMWd0B1FgMBAPkBAAD1AwOS4EPvwHgN8G1nhGUl7Nyjn6+fzmaYw8z8qZs3W3Im0iDaHFu3StpECFus15IMMJa\/W6KllI\/NtnAuwm1965xhNgAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAIoAAAARAA8AAAxmYWNlYm9vay5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAgGkrcBuPx14sthDV040XSGQy1\/3lNPz0xAdft7LrfTgQALQACAQEAKwAFBAMEAwM="} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1760686200815296,"flow_src_last_pkt_time":1760686200873516,"flow_dst_last_pkt_time":1760686200865185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":254,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1760686200873516,"l3_proto":"ip4","src_ip":"192.168.2.7","dst_ip":"51.38.65.98","src_port":35162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d171000_5b57614c22b0_86dd91ae2a36","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1760686200873516,"flow_dst_last_pkt_time":1760686200905133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1760686200905133,"pkt":"0rgBu6fgnlg8eiJkCABFAAA0KwcAACoGLoYzJkFiwKgCBwG7iVoX0LozRvP3loAQAfwkZQAAAQEIChZ3QK+IN54j"} +01371{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1760686200815296,"flow_src_last_pkt_time":1760686200873516,"flow_dst_last_pkt_time":1760686200907218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":254,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1760686200907218,"l3_proto":"ip4","src_ip":"192.168.2.7","dst_ip":"51.38.65.98","src_port":35162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d171000_5b57614c22b0_86dd91ae2a36","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02330{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1760686200815296,"flow_src_last_pkt_time":1760686201483204,"flow_dst_last_pkt_time":1760686201478562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1038,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1711,"flow_dst_tot_l4_payload_len":5791,"midstream":0,"thread_ts_usec":1760686201483204,"l3_proto":"ip4","src_ip":"192.168.2.7","dst_ip":"51.38.65.98","src_port":35162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":42941.1,"max":312973,"stddev":63431.0,"var":4023491328.0,"ent":3.9,"data": [49889,53851,4369,39948,2085,112,7,39750,2472,2,2652,43034,74,36580,13260,12743,24878,24888,89899,89590,35956,7045,87216,192273,312973,76605,34738,691,36324,8677,8593]},"pktlen": {"min":52,"avg":286.9,"max":1492,"stddev":411.5,"var":169326.6,"ent":4.0,"data": [60,60,52,306,52,1492,1492,279,52,52,52,116,307,307,87,114,52,1154,1090,52,122,52,574,52,90,52,264,52,142,52,450,52]},"bins": {"c_to_s": [9,2,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,3,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0],"entropies": [4.771797657,5.260978699,5.118428230,6.109217167,5.171406746,7.856598377,7.879835606,7.200346947,5.180834293,5.103910923,5.180834293,6.022691250,7.287860394,7.204682350,5.817579746,6.303006649,5.142372608,7.848276138,7.838791847,5.171406746,6.371196747,5.132945538,7.614748001,5.156889915,5.901170731,5.209868431,7.135586262,5.248330116,6.601037025,5.233812809,7.481281757,5.233812809]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01508{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1760686200815296,"flow_src_last_pkt_time":1760686201483204,"flow_dst_last_pkt_time":1760686201478562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1038,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1711,"flow_dst_tot_l4_payload_len":5791,"midstream":0,"thread_ts_usec":1760686201483204,"l3_proto":"ip4","src_ip":"192.168.2.7","dst_ip":"51.38.65.98","src_port":35162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d171000_5b57614c22b0_86dd91ae2a36","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01292{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":45,"flow_dst_packets_processed":55,"flow_first_seen":1760686200815296,"flow_src_last_pkt_time":1760686203211886,"flow_dst_last_pkt_time":1760686203207702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1038,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":26473,"midstream":0,"thread_ts_usec":1760686203211886,"l3_proto":"ip4","src_ip":"192.168.2.7","dst_ip":"51.38.65.98","src_port":35162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com"}} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/mismatching_hostname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1760686203211886} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 100/100 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 33332 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 9453095 bytes +~~ total memory freed........: 9453095 bytes +~~ total allocations/frees...: 154614/154614 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 558 chars +~~ json message max len.......: 2335 chars +~~ json message avg len.......: 1413 chars diff --git a/test/results/default/modbus.pcap.out b/test/results/default/modbus.pcap.out index ce0d4ef3c..4a1f1ea0f 100644 --- a/test/results/default/modbus.pcap.out +++ b/test/results/default/modbus.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1223541953927963} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1223541953927963} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1223541953927963,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1223541953927963,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1223541953927963,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -9,7 +9,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1223541954942774,"flow_dst_last_pkt_time":1223541953930003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1223541954942774,"pkt":"ABzAX0kKAArkxYMKCABFAAA0jABAAIAGEGXAqG6DwKhuiggaAfZB0ure4RU65FAY\/LAAGAAAANMAAAAGAQMAAQAB"} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541960939284,"flow_dst_last_pkt_time":1223541960940128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":176,"midstream":1,"thread_ts_usec":1223541960940128,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":835,"avg":452370.5,"max":1014211,"stddev":497296.8,"var":247304159232.0,"ent":3.8,"data": [1135,1208,905,1013603,1014211,1539,891,986516,986873,1217,900,1000224,1000513,1187,905,1000230,1000558,1232,911,1000222,1000609,1645,915,999845,1000447,1173,835,1000242,1000645,1238,912]},"pktlen": {"min":51,"avg":51.5,"max":52,"stddev":0.5,"var":0.2,"ent":5.0,"data": [52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.526987553,4.730195045,4.438603878,4.877732754,4.429176807,4.636961937,4.429176331,4.877732754,4.622483730,4.730195045,4.589393616,4.838517189,4.622483730,4.730195045,4.550931931,4.916948318,4.569504738,4.769410610,4.627855301,4.916948318,4.622483730,4.730195045,4.627855301,4.916948795,4.622483730,4.769410610,4.627855301,4.862931252,4.607966423,4.769410610,4.627855301,4.916948318]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":51,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541977036283,"flow_dst_last_pkt_time":1223541977037227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":612,"flow_dst_tot_l4_payload_len":561,"midstream":1,"thread_ts_usec":1223541977037227,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1223541977037227} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1223541977037227} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647800 bytes -~~ total memory freed........: 8647800 bytes -~~ total allocations/frees...: 140635/140635 +~~ total memory allocated....: 9412174 bytes +~~ total memory freed........: 9412174 bytes +~~ total allocations/frees...: 154601/154601 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2185 chars diff --git a/test/results/default/monero.pcap.out b/test/results/default/monero.pcap.out index 9f7d1e473..7d0921ba4 100644 --- a/test/results/default/monero.pcap.out +++ b/test/results/default/monero.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1701104895769153} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1701104895769153} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1701104895769153,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895769153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1701104895769153,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"159.69.36.66","src_port":48882,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895769153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1701104895769153,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f\/1AAKYGzjLAqAJkn0UkQr7yRqCc4ZKwAAAAAIAC+vC4ZwAAAgQFtAEBBAIBAwMH"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895788356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1701104895788356,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADUGvzCfRSRCwKgCZEagvvI97mFBnOGSsYAS+vAZLwAAAgQFrAEBBAIBAwMH"} @@ -32,7 +32,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1701104939473517,"flow_src_last_pkt_time":1701104939579240,"flow_dst_last_pkt_time":1701104939579219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":14520,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.56.22.89","src_port":39378,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1701104939579240,"flow_src_last_pkt_time":1701104939579240,"flow_dst_last_pkt_time":1701104939579240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":13068,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"62.210.127.86","src_port":42810,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1701104895769153,"flow_src_last_pkt_time":1701104895815129,"flow_dst_last_pkt_time":1701104895814555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":7260,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":14520,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"159.69.36.66","src_port":48882,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1701104941815016} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1701104941815016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662070 bytes -~~ total memory freed........: 8662070 bytes -~~ total allocations/frees...: 140630/140630 +~~ total memory allocated....: 9426540 bytes +~~ total memory freed........: 9426540 bytes +~~ total allocations/frees...: 154596/154596 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 992 chars diff --git a/test/results/default/mongo_false_positive.pcapng.out b/test/results/default/mongo_false_positive.pcapng.out index 490b7e83b..6ce8e68f3 100644 --- a/test/results/default/mongo_false_positive.pcapng.out +++ b/test/results/default/mongo_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593581341477440} +00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593581341477440} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341477440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593581341477440,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341477440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593581341477440,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0JV9AAH8G7i28S7gU+7Z4IMGGAbvEY9K7AAAAAIACIAAM3AAAAgQFUAEDAwgBAQQC"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341641115,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593581341641115,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0AABAADIGYI37tnggvEu4FAG7wYZmWxUYxGPSvIAS\/\/+x9gAAAgQFtAEDAwYEAgAA"} @@ -8,7 +8,7 @@ 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593581357451506,"flow_dst_last_pkt_time":1593581341827549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1248,"pkt_l4_len":1214,"thread_ts_usec":1593581357451506,"pkt":"AAAAAAAAAAUAoyAkCABFAATSKtxAAH8G5BK8S7gU+7Z4IMGGAbvEY9ZmZlsVoFAYAQP4xQAAS0UAAAIIAVUAAASeAQAAAI\/gqM9riCEBZYhSLZSYIvOnmKRFB1NH6SXBoy7HXkHy40xvUKjvN0P2kmQjQ6DOJ\/5cEoTXNc9mpVRRLoaSI0cG53iUIfmCUiYw+Y2Sl96EE3U2XAkcPoGzDfTJB\/4Q3V2JDnKBv7l1qffhqhUQAIC6t6pZb99IWuexXkN6yB+mvcOEgMwSBf+h+EUCXgsmqP0yLGzvhkgeX28Bw3eETrEPbqAcZrSLobMjufoukl580KLwDyb2crXEgXjGPeF78olOb7Pg6sYD\/BN2j6yyAilyS\/tsTsWdhE+MCi3x5py9sPxTra7gQ0k4JVWelsjoabSCP1lmKLze8v5MMRAJvDPMj62ID+lDhFnbLhlQC6f5chGBrpOPgdJC7YHTTF4Yaf6L2LV9kjRaUcpKIzDRzI4KZEonFYhWkM5vOOS0rSPo37Rv1SVkW2EcWQ2nQMbuDtjp\/0tfEZD2geTmvG3etyx+TgAVYG\/awgCrGTG3iBmJ7IP7zvy92HfzRnvpcGwV33VQOmQy5VfPpKlN52Cr9V1cGuATB5Vh71AWy+ZYpCZzbZfNP2tvigsP0wsvXvelhfciLnm+AL8wmySYqBybE3J8dIwFlfoj7ne6sMBf4pGb7AOGBSpiJm38MExrzCRihBJLXRJ7gyu6wZOC7RBoSZhJFfDca7WbjzMcnjgrHhyKz7epOIMZ8KKfdXHIH30WC1WQoyV\/9CDm5Ir6TpnIabDx8aCrVGR2AUJbloUstI06uyojdmfgzlH2RmIEF2wn3MlvapkeTrV1P4YJJdmxgPb+FA1\/KyNKbcQxAZocuyqW5naMFGfnn8cKSFj9nazboTcTzqdyByCcDm0GrOo3lrIAZtJkE4CvuhkCMnF\/7JeMLrrHxrPW\/dOVxglbGTGZaX4aT3qhzlyIFJZcUHvZNd3L8oPPptY03zEYYfgWCY4GCrFbxLpdYS7o3iQ6k\/DOgQDA40F9R\/6bQJtbjUri8cebmGyUgBOFyL4HK+5LP6+wjr7LJLwLOZr12rvbCPH8a5EH0l1+xVGuaHOLPsAloGyPylmUINBBTcC0sBxRxaBR\/z80E26qGGDqcQyyURDhKppNliDigSFs8+fsUbS5ChJOzYl3IpHKfgGOcDcCR3WpoBdqmuOu1DoFstMVlUlLCVIoZpzTcK\/pDo3hPn1LcKZJSo+8BwXkti9ovEfAleUdmchy9h9nbK2GihR4oEJcIGKAmAFjAQTS\/er1a5369himCid2qwxR2G7q+GqiY8Cn5xeTqwJbetF0TDu5o6tQyVaRc80I8hhALVCzmghQGdamem8nIsmKHrqNvthCPs+00k05hS685h68ipvQ5I1mMeEDxQq1lu8OpLGal1I9Y3xEuO7SPNISELRvLy4gXrN6aofFkqLD8VWXc4G\/cbiW1E9zBGFi1T+pcQFhf1bs\/6QwJKdFYF5BC7W4O+tHL6pVuEXRZVBwUo+m8l\/ua1HBIbsTdUY+YmTTIi21zXssBXBCMdMJdRVAPaXcfXoiCOAqgS9a86IMwkmsfZDP8haAQx+y3AlmY8zPj52JGBOc0NBkRzLhTZ25JePs"} 01065{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581425760020,"flow_dst_last_pkt_time":1593581425923470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":135,"flow_src_tot_l4_payload_len":9246,"flow_dst_tot_l4_payload_len":1485,"midstream":0,"thread_ts_usec":1593581425923470,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581425760020,"flow_dst_last_pkt_time":1593581425923470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":135,"flow_src_tot_l4_payload_len":9246,"flow_dst_tot_l4_payload_len":1485,"midstream":0,"thread_ts_usec":1593581425923470,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":26,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1593581425923470} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":26,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1593581425923470} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647678 bytes -~~ total memory freed........: 8647678 bytes -~~ total allocations/frees...: 140561/140561 +~~ total memory allocated....: 9412052 bytes +~~ total memory freed........: 9412052 bytes +~~ total allocations/frees...: 154527/154527 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 560 chars ~~ json message max len.......: 2161 chars diff --git a/test/results/default/mongodb.pcap.out b/test/results/default/mongodb.pcap.out index 1fd9440e2..f3d308515 100644 --- a/test/results/default/mongodb.pcap.out +++ b/test/results/default/mongodb.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483459978959064} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483459978959064} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959064,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959064,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959080,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -9,7 +9,7 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301422,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANBx\/QAA+BhC3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="} 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":317,"pkt_l4_len":279,"thread_ts_usec":1483459979301746,"pkt":"LGv11hfFABsXAAIwgQABLAgARQABK\/fXQAA\/BjNnCgoKCgoKCgvKbmmJmGzsIz6ahkKAGBAaRyIAAAEBCApv\/F3CXOpDgPcAAACYNm5NAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAA\/\/\/\/\/9AAAAAQaXNtYXN0ZXIAAQAAAANjbGllbnQAtQAAAANkcml2ZXIAKgAAAAJuYW1lAAgAAABQeU1vbmdvAAJ2ZXJzaW9uAAYAAAAzLjQuMAAAA29zAFUAAAACdHlwZQAHAAAARGFyd2luAAJuYW1lAAcAAABEYXJ3aW4AAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAgAAAAxMC4xMS42AAACcGxhdGZvcm0AFwAAAENQeXRob24gMi43LjEwLmZpbmFsLjAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459979301746,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1483558834969479} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1483558834969479} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969479,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969479,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969493,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -22,7 +22,7 @@ 01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1483726705497076} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1483726705497076} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705497076,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483726705497076,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483726705499673,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} @@ -32,7 +32,7 @@ 01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1483737232974198} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1483737232974198} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232974198,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483737232974198,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483737232975899,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} @@ -40,7 +40,7 @@ 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":339,"pkt_l4_len":301,"thread_ts_usec":1483737232979308,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQABQQ0wQAA6BkpvCgoKEAoKChHInmmJ0eCpc+09z\/+AGBAaUdAAAAEBCAo+YNhYAY8GyA0BAAAAAAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAAOYAAAAQaXNNYXN0ZXIAAQAAAANjbGllbnQAywAAAANhcHBsaWNhdGlvbgAdAAAAAm5hbWUADgAAAE1vbmdvREIgU2hlbGwAAANkcml2ZXIAOgAAAAJuYW1lABgAAABNb25nb0RCIEludGVybmFsIENsaWVudAACdmVyc2lvbgAGAAAAMy40LjAAAANvcwBWAAAAAnR5cGUABwAAAERhcndpbgACbmFtZQAJAAAATWFjIE9TIFgAAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAcAAAAxNi4zLjAAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1483814916005019} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1483814916005019} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005019,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005019,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005036,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005036,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,7 +55,7 @@ 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1483814916005036,"flow_src_last_pkt_time":1483814916107729,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1483814916108514} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1483814916108514} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8664774 bytes -~~ total memory freed........: 8664774 bytes -~~ total allocations/frees...: 140641/140641 +~~ total memory allocated....: 9429372 bytes +~~ total memory freed........: 9429372 bytes +~~ total allocations/frees...: 154607/154607 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 567 chars ~~ json message max len.......: 1118 chars diff --git a/test/results/default/mpeg-dash.pcap.out b/test/results/default/mpeg-dash.pcap.out index a2a031665..73d555a4d 100644 --- a/test/results/default/mpeg-dash.pcap.out +++ b/test/results/default/mpeg-dash.pcap.out @@ -1,33 +1,33 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744212035234} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744212035234} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212035234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744212035234,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212035234,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1618744212035234,"pkt":"AAAAAAAAAAQAk2VwCABFAAA8XJFAAEAGk4MKVAFRpviYCu3+AFDXU1UdAAAAAKAC\/\/+5fwAAAgQFtAQCCArQulhbAAAAAAEDAwo="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744212169869,"pkt":"AAAAAAAAAAMAbDnzCABFAAA0AABAADAGAB2m+JgKClQBUQBQ7f6v9cxW11NVHoASchAbdQAAAgQFeAEBBAIBAwMK"} 00970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_usec":1618744212202980,"pkt":"AAAAAAAAAAQAk2VwCABFAAFwXJNAAEAGkk0KVAFRpviYCu3+AFDXU1Uer\/XMV1AYAFYA8wAAR0VUIC9hcy9iaWdvLWFkLWNyZWF0aXZlcy8zczMvMmxPVEE3Lm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BNzE1RiBCdWlsZC9SUDFBLjIwMDcyMC4wMTI7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODkuMC40Mzg5LjEwNSBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KYmlnby1oYXNoOiBWRkJOek8zaVZjdkdwV05kDQpIb3N0OiBnZGwubmV3cy1jZG4uc2l0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} 01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744212202980,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"gdl.news-cdn.site","domainame":"gdl.news-cdn.site","http": {"url":"gdl.news-cdn.site\/as\/bigo-ad-creatives\/3s3\/2lOTA7.mp4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; SM-A715F Build\/RP1A.200720.012; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/89.0.4389.105 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212338460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1618744212338460,"pkt":"AAAAAAAAAAMAbDnzCABFAAWg4TBAADEGGICm+JgKClQBUQBQ7f6v9cxX11NWZlAQAB7VHwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogU3VuLCAxOCBBcHIgMjAyMSAxMToxMDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogdmlkZW8vbXA0DQpDb250ZW50LUxlbmd0aDogNTczNDAyMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KS2VlcC1BbGl2ZTogdGltZW91dD0xODANCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzE1MzYwMDAwDQpBZ2U6IDUxMDMyMQ0KWC1CLUNIOiAxMg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBHRVQNCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCgAAABhmdHlwbXA0MgAAAABtcDQyaXNvbQAAJHhtb292AAAAbG12aGQAAAAA3Jn4utyZ+LoAAKxEAAoYKAABAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAGGlvZHMAAAAAEICAgAcAT\/\/\/Aij\/AAAV1HRyYWsAAABcdGtoZAAAAAHcmfi63Jn4ugAAAAEAAAAAAAoYKAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAHgAAABDgAAAAAFUxtZGlhAAAAIG1kaGQAAAAA3Jn4utyZ+LoAAAPoAAA6mVXEAAAAAAAhaGRscgAAAAAAAAAAdmlkZQAAAAAAAAAAAAAAAAAAABUDbWluZgAAABR2bWhkAAAAAQAAAAAAAAAAAAAAJGRpbmYAAAAcZHJlZgAAAAAAAAABAAAADHVybCAAAAABAAAUw3N0YmwAAACXc3RzZAAAAAAAAAABAAAAh2F2YzEAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAHgAQ4AEgAAABIAAAAAAAAAAEOSlZUL0FWQyBDb2RpbmcAAAAAAAAAAAAAAAAAAAAAAAAY\/\/8AAAAxYXZjQwFkACj\/4QAaZ2QAKKzTAeAIn5YQAAADABAAAAMDKPGDE4ABAARo6qXLAAAAKHN0dHMAAAAAAAAAAwAAAXUAAAAoAAAAAQAAACkAAAABAAAAKAAABfBzdHN6AAAAAAAAAAAAAAF3AAB17QAATqoAADwfAABKDQAALQ8AADvvAAAXxQAAXEwAAC1ZAAAr5QAAJm4AACAKAABLlQAAQr8AAE0YAABOtQAAUW8AAFpkAABHZgAAUdsAAEcyAABAngAAZToAAFcgAAAsRQAAKiMAAExwAAA7HwAAQeIAAEQlAABNNwAAU+0AAGDfAABbEQAAWSoAAGbxAAA8+wAAa4YAAFSgAABeNwAAYlYAAGMnAABCmAAAUk0AACoeAABQmwAAKhUAAGFUAAAojwAAUS0AABpWAABcPAAAHkwAACT0AABL3QAAJLwAACcJAABcSwAAXB8AADEmAABYNQAAOTYAACO4AAAUHgAAE7AAABFSAAAVwgAAEFwAAAn+AABsdgAATC4AACvgAABNFgAAXQwAAFqsAABYdQAAVGMAAFgYAABUZgAAU8cAAFryAABg8AAAqyMAAFolAAAkVAAAY10AACpxAAAwBwAAZMwAACwZAABKewAAV54AAGyKAAB+PwAAQKUAADHWAAB1LQAANx0AAGBIAAAwugAASkMAAC3mAABZGQAAMMwAAGUbAABEVwAASzkAAGchAAA8YwAAbrIAAC2hAABElwAAYSgAAC2YAAA="} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1652784807797513} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1652784807797513} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807797513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784807797513,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807797513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1652784807797513,"pkt":"tKXvZygQwDiWIaSpCABFAAA8gI1AAEAGWyfAqAJpNqFlVecGAFDeWzbUAAAAAKAC+vAGuAAAAgQFtAQCCArGziP6AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1652784807901734,"pkt":"wDiWIaSptKXvZygQCABFAAA8AABAAOwGL7Q2oWVVwKgCaQBQ5waq30sm3ls21aASaN+YUwAAAgQFrAQCCAqvHVtJxs4j+gEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1652784807901785,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1652784807901785,"pkt":"tKXvZygQwDiWIaSpCABFAAA0gI5AAEAGWy7AqAJpNqFlVecGAFDeWzbVqt9LJ4AQAfYtmQAAAQEICsbOJGKvHVtJ"} 00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1652784807901836,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1652784807901836,"pkt":"tKXvZygQwDiWIaSpCABFAADsgI9AAEAGWnXAqAJpNqFlVecGAFDeWzbVqt9LJ4AYAfYXswAAAQEICsbOJGKvHVtJR0VUIC9saXZlc2ltL3N0c18xNjUyNzgzODA5L3NpZF80MGMxMWUxMi9jaHVua2R1cl8xL2F0b183L3Rlc3RwaWM0XzhzL0E0OC9pbml0Lm1wNCBIVFRQLzEuMQ0KSG9zdDogbGl2ZXNpbS5kYXNoaWYub3JnDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KVXNlci1BZ2VudDogVkxDLzMuMC4xNiBMaWJWTEMvMy4wLjE2DQoNCg=="} -01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807901836,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784807901836,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"livesim.dashif.org","domainame":"livesim.dashif.org","http": {"url":"livesim.dashif.org\/livesim\/sts_1652783809\/sid_40c11e12\/chunkdur_1\/ato_7\/testpic4_8s\/A48\/init.mp4","code":0,"content_type":"","user_agent":"VLC\/3.0.16 LibVLC\/3.0.16"}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807901836,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784807901836,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"livesim.dashif.org","domainame":"livesim.dashif.org","http": {"url":"livesim.dashif.org\/livesim\/sts_1652783809\/sid_40c11e12\/chunkdur_1\/ato_7\/testpic4_8s\/A48\/init.mp4","code":0,"content_type":"","user_agent":"VLC\/3.0.16 LibVLC\/3.0.16"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784808500848,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500848,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1652784808500848,"pkt":"wDiWIaSptKXvZygQCABFAAXUcu5AAOwGty02oWVVwKgCaQBQ5wi4j+HSMIk\/coAQANuo3AAAAQEICq8dXZ\/GziZPSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUdWUsIDE3IE1heSAyMDIyIDEwOjUzOjI4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjUzICgpIE9wZW5TU0wvMS4wLjJrLWZpcHMgbW9kX3dzZ2kvNC43LjEgUHl0aG9uLzMuNw0KVXBncmFkZTogaDIsaDJjDQpDb25uZWN0aW9uOiBVcGdyYWRlDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkV4cGlyZXM6IC0xDQpEQVNILUxpdmUtU2ltdWxhdG9yOiBEQVNILUlGIGxpdmUgREFTSCBzaW11bGF0b3IgMi4wLjENCkFjY2Vzcy1Db250cm9sLUFsbG93LUhlYWRlcnM6IG9yaWdpbixyYW5nZSxhY2NlcHQtZW5jb2RpbmcscmVmZXJlcg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctTWV0aG9kczogR0VULEhFQUQsT1BUSU9OUw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1FeHBvc2UtSGVhZGVyczogU2VydmVyLHJhbmdlLENvbnRlbnQtTGVuZ3RoLENvbnRlbnQtUmFuZ2UsRGF0ZQ0KQ29udGVudC1MZW5ndGg6IDk0NA0KQ29udGVudC1UeXBlOiB2aWRlby9tcDQNCg0KAAAAHGZ0eXBpc281AAAAAWF2YzFpc281ZGFzaAAAAAhmcmVlAAAAYGZyZWVJc29NZWRpYSBGaWxlIFByb2R1Y2VkIHdpdGggR1BBQyAwLjUuMi1ERVYtcmV2VmVyc2lvbjogMC41LjItNDI2LWdjNWFkNGU0K2Rmc2c1LTFidWlsZDEAAAADLG1vb3YAAABsbXZoZAAAAAAAAAAAAAAAAAAAA+gAAAAAAAEAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAABIbXZleAAAABBtZWhkAAAAAAA27oAAAAAgdHJleAAAAAAAAAABAAAAAQAAAgAAAAAAAAEAAAAAABB0cmVwAAAAAAAAAAEAAAIOdHJhawAAAFx0a2hkAAAAAwAAAADVk9GpAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAUAAAAC0AAAAAAAJGVkdHMAAAAcZWxzdAAAAAAAAAABAAAAAAAABAAAAQAAAAABhm1kaWEAAAAgbWRoZAAAAAAAAAAAAAAAAAAAPAAAAAAAFccAAAAAAC1oZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW9IYW5kbGVyAAAAATFtaW5mAAAAFHZtaGQAAAABAAAAAAAAAAAAAAAkZGluZgAAABxkcmVmAAAAAAAAAAEAAAAMdXJsIAAAAAEAAADxc3RibAAAAKVzdHNkAAAAAAAAAAEAAACVYXZjMQAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAUAAtAASAAAAEgAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABj\/\/wAAAD9hdmNDAWQAH\/\/hACNnZAAfrNlAUAW6EAAAAwAQAAADA8ZKAAknwAEk\/mkwB4wYywEABWjr7LIs\/Pj4AAAAABBzdHRzAAAAAAAAAAAAAAAQc3RzYwAAAAAAAAAAAAAAFHN0c3oAAAAAAAAAAAAAAAAAAAAQc3RjbwAAAAAAAAAAAAAAYnVkdGEAAABabWV0YQAAAAAA"} -01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784808500848,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"","domainame":"","http": {}}} +01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784808500848,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"","domainame":"","http": {}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1652784808500868,"pkt":"tKXvZygQwDiWIaSpCABFAAA0NqpAAEAGpRLAqAJpNqFlVecIAFAwiT9yuI\/ncoAQAfUkJQAAAQEICsbOJrmvHV2f"} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808500868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1652784808501352,"pkt":"wDiWIaSptKXvZygQCABFAACBcu9AAOwGvH82oWVVwKgCaQBQ5wi4j+dyMIk\/coAYANvyTQAAAQEICq8dXZ\/GziZPAAAhaGRscgAAAAAAAAAAbWRpcmFwcGwAAAAAAAAAAAAAAAAtaWxzdAAAACWpdG9vAAAAHWRhdGEAAAABAAAAAExhdmY1Ni40MC4xMDE="} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1652784808514677,"pkt":"tKXvZygQwDiWIaSpCABFAADzNqxAAEAGpFHAqAJpNqFlVecIAFAwiT9yuI\/nv4AYAfXebgAAAQEICsbOJsevHV2fR0VUIC9saXZlc2ltL3N0c18xNjUyNzgzODA5L3NpZF80MGMxMWUxMi9jaHVua2R1cl8xL2F0b183L3Rlc3RwaWM0XzhzL1YyNDAwLzIwNjU5ODA5OC5tNHMgSFRUUC8xLjENCkhvc3Q6IGxpdmVzaW0uZGFzaGlmLm9yZw0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNClVzZXItQWdlbnQ6IFZMQy8zLjAuMTYgTGliVkxDLzMuMC4xNg0KDQo="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":191,"midstream":1,"thread_ts_usec":1652784808514677,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"livesim.dashif.org","domainame":"livesim.dashif.org","http": {"url":"livesim.dashif.org\/livesim\/sts_1652783809\/sid_40c11e12\/chunkdur_1\/ato_7\/testpic4_8s\/V2400\/206598098.m4s","code":0,"content_type":"","user_agent":"VLC\/3.0.16 LibVLC\/3.0.16"}}} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":191,"midstream":1,"thread_ts_usec":1652784808514677,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"livesim.dashif.org","domainame":"livesim.dashif.org","http": {"url":"livesim.dashif.org\/livesim\/sts_1652783809\/sid_40c11e12\/chunkdur_1\/ato_7\/testpic4_8s\/V2400\/206598098.m4s","code":0,"content_type":"","user_agent":"VLC\/3.0.16 LibVLC\/3.0.16"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1652784814543352,"pkt":"tKXvZygQwDiWIaSpCABFAADzRtZAAEAGlCfAqAJpNqFlVecKAFBASLN\/hVfSJoAYAfZzRwAAAQEICsbOPlSvHXU7R0VUIC9saXZlc2ltL3N0c18xNjUyNzgzODA5L3NpZF80MGMxMWUxMi9jaHVua2R1cl8xL2F0b183L3Rlc3RwaWM0XzhzL1YyNDAwLzIwNjU5ODA5OS5tNHMgSFRUUC8xLjENCkhvc3Q6IGxpdmVzaW0uZGFzaGlmLm9yZw0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNClVzZXItQWdlbnQ6IFZMQy8zLjAuMTYgTGliVkxDLzMuMC4xNg0KDQo="} -01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"livesim.dashif.org","domainame":"livesim.dashif.org","http": {"url":"livesim.dashif.org\/livesim\/sts_1652783809\/sid_40c11e12\/chunkdur_1\/ato_7\/testpic4_8s\/V2400\/206598099.m4s","code":0,"content_type":"","user_agent":"VLC\/3.0.16 LibVLC\/3.0.16"}}} -00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807901836,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":191,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"livesim.dashif.org","domainame":"livesim.dashif.org","http": {"url":"livesim.dashif.org\/livesim\/sts_1652783809\/sid_40c11e12\/chunkdur_1\/ato_7\/testpic4_8s\/V2400\/206598099.m4s","code":0,"content_type":"","user_agent":"VLC\/3.0.16 LibVLC\/3.0.16"}}} +00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807901836,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":191,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212338460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"gdl.news-cdn.site"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1652784814543352} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1652784814543352} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653265 bytes -~~ total memory freed........: 8653265 bytes -~~ total allocations/frees...: 140595/140595 +~~ total memory allocated....: 9417735 bytes +~~ total memory freed........: 9417735 bytes +~~ total allocations/frees...: 154561/154561 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 2481 chars diff --git a/test/results/default/mpeg.pcap.out b/test/results/default/mpeg.pcap.out index f23d1a526..a79e75911 100644 --- a/test/results/default/mpeg.pcap.out +++ b/test/results/default/mpeg.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434379491040018} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434379491040018} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491040018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434379491040018,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491040018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1434379491040018,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491117076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1434379491117076,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="} @@ -9,7 +9,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1434379491158095,"pkt":"PBXCt3IOyGyHABajCABFAAA0obBAADIGye4uZZ13wKhQoABQ2fyPIjpdT+vGvYAQAHamjgAAAQEICgC7m+0VKIZNJ8A="} 01121{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1434379491158121,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media","hostname":"luca.ntop.org","domainame":"luca.ntop.org","http": {"url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}} 01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491221137,"flow_dst_last_pkt_time":1434379491221072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":9215,"midstream":0,"thread_ts_usec":1434379491221137,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media","hostname":"luca.ntop.org"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1434379491221137} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1434379491221137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645483 bytes -~~ total memory freed........: 8645483 bytes -~~ total allocations/frees...: 140557/140557 +~~ total memory allocated....: 9409857 bytes +~~ total memory freed........: 9409857 bytes +~~ total allocations/frees...: 154523/154523 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 1126 chars diff --git a/test/results/default/mpegts.pcap.out b/test/results/default/mpegts.pcap.out index 8440b5166..59e636c6f 100644 --- a/test/results/default/mpegts.pcap.out +++ b/test/results/default/mpegts.pcap.out @@ -1,10 +1,10 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435209297954335} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435209297954335} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","vlan_id":3359,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"thread_ts_usec":1435209297954335,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1435209297954335} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1435209297954335} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644843 bytes -~~ total memory freed........: 8644843 bytes -~~ total allocations/frees...: 140533/140533 +~~ total memory allocated....: 9409217 bytes +~~ total memory freed........: 9409217 bytes +~~ total allocations/frees...: 154499/154499 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 588 chars ~~ json message max len.......: 2813 chars diff --git a/test/results/default/mqtt.pcap.out b/test/results/default/mqtt.pcap.out index 7ee2acb9d..bd19ec28b 100644 --- a/test/results/default/mqtt.pcap.out +++ b/test/results/default/mqtt.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643014009283854} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643014009283854} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009283854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643014009283854,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009283854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643014009283854,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009286927,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643014009286927,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"} @@ -12,7 +12,7 @@ 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"vlan_id":1008,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"vlan_id":1008,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014010067160,"flow_dst_last_pkt_time":1643014010972297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1643014349216221} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1643014349216221} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647511 bytes -~~ total memory freed........: 8647511 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9411917 bytes +~~ total memory freed........: 9411917 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/msdo.pcapng.out b/test/results/default/msdo.pcapng.out index b049a3492..be8fc1e3a 100644 --- a/test/results/default/msdo.pcapng.out +++ b/test/results/default/msdo.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1745343597063704} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1745343597063704} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1745343597063704,"flow_src_last_pkt_time":1745343597063704,"flow_dst_last_pkt_time":1745343597063704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745343597063704,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"192.168.1.30","src_port":49741,"dst_port":7680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1745343597063704,"flow_dst_last_pkt_time":1745343597063704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1745343597063704,"pkt":"CAAnneLLCAAn0IAdCABFAAA0hvRAAIAGAADAqAEfwKgBHsJNHgBh9H1+AAAAAIAC+vCDtAAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1745343597063704,"flow_dst_last_pkt_time":1745343597063950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1745343597063950,"pkt":"CAAn0IAdCAAnneLLCABFAAA00nVAAIAGpMDAqAEewKgBHx4Awk1olKsxYfR9f4AS\/\/8X6wAAAgQFtAEDAwgBAQQC"} @@ -8,7 +8,7 @@ 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1745343597063704,"flow_src_last_pkt_time":1745343597064084,"flow_dst_last_pkt_time":1745343597063950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":75,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745343597064084,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"192.168.1.30","src_port":49741,"dst_port":7680,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MSDO","proto_id":"448","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1745343597064084,"flow_dst_last_pkt_time":1745343597065347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_usec":1745343597065347,"pkt":"CAAn0IAdCAAnneLLCABFAABz0nZAAIAGpIDAqAEewKgBHx4Awk1olKsyYfR9ylAYIBRlsAAADlN3YXJtIHByb3RvY29sAAAAAAAQAACKgQYiTt1ql3\/NpyGCEuvDEsaWzWKD\/we2HnKjC2lCCCBGLBvaqgNOo9vt3pXqyMMAAAAA"} 00966{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1745343597063704,"flow_src_last_pkt_time":1745343597066087,"flow_dst_last_pkt_time":1745343597066051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1745343597066087,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"192.168.1.30","src_port":49741,"dst_port":7680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MSDO","proto_id":"448","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1745343597066087} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/msdo.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1745343597066087} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645129 bytes -~~ total memory freed........: 8645129 bytes -~~ total allocations/frees...: 140543/140543 +~~ total memory allocated....: 9409503 bytes +~~ total memory freed........: 9409503 bytes +~~ total allocations/frees...: 154509/154509 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 971 chars diff --git a/test/results/default/mssql_tds.pcap.out b/test/results/default/mssql_tds.pcap.out index 39a5dec08..ddf0cdfc7 100644 --- a/test/results/default/mssql_tds.pcap.out +++ b/test/results/default/mssql_tds.pcap.out @@ -1,12 +1,12 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1240877917888015} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1240877917888015} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1240877917888015,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":190,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1240877917888015,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1240877917888015,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1240877917888015,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":190,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1240877917888015,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1240877917888358,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} 00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1240877917918653,"flow_dst_last_pkt_time":1240877917888358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_usec":1240877917918653,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1240877917918653,"flow_dst_last_pkt_time":1240877918029044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1240877918029044,"pkt":"AFBWwAABAAwpiUrKCABFAAGaA29AAIAGchAKAAABCm9vbwWZBFdZIVC0PuQw2IAYQImkmQAAAQEICgABW84EC7DnBAEBZgA1AQCBBAAAAAAACQDvPAAJBNAANARuAGEAbQBlAAAAAAAJAO88AAkE0AA0B3MAdQByAG4AYQBtAGUAAAAAAAkA71AACQTQADQEYwBpAHQAeQAAAAAACAA4AmkAZADRPAB6AHoAegAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAA8AGIAYgBiACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFAAYwB4AHgAeAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAACAAAA\/xEAwQABAAAAAAAAAHkAAAAArAAAAAEAAAAAAAAmBAQBAAAA\/gAA4AAAAAAAAAAAAA=="} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1259762400004437} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1259762400004437} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762400004437,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1259762400004437,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762400004437,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} @@ -37,7 +37,7 @@ 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762482456090,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1259762482456090,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762482456090,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":35,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1278068444584977} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":35,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1278068444584977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444584977,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":218,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444584977,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1278068444584977,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444584977,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":218,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444584977,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} @@ -62,7 +62,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444650715,"flow_src_last_pkt_time":1278068444650715,"flow_dst_last_pkt_time":1278068444650715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":268,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444666075,"flow_src_last_pkt_time":1278068444666075,"flow_dst_last_pkt_time":1278068444666075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":320,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":320,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004540,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":17,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1278068444666075} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1278068444666075} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8674788 bytes -~~ total memory freed........: 8674788 bytes -~~ total allocations/frees...: 140693/140693 +~~ total memory allocated....: 9439514 bytes +~~ total memory freed........: 9439514 bytes +~~ total allocations/frees...: 154659/154659 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 557 chars ~~ json message max len.......: 2493 chars diff --git a/test/results/default/mudfish.pcap.out b/test/results/default/mudfish.pcap.out index 44b057535..d2ddd7742 100644 --- a/test/results/default/mudfish.pcap.out +++ b/test/results/default/mudfish.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740392849077905} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740392849077905} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740392849077905,"flow_src_last_pkt_time":1740392849077905,"flow_dst_last_pkt_time":1740392849077905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740392849077905,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"14.63.214.216","src_port":50023,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1740392849077905,"flow_dst_last_pkt_time":1740392849077905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740392849077905,"pkt":"YDjgxTWgCAAnmk\/+CABFAAA0EcJAAIAGQtzAqABmDj\/W2MNnJxpMBR6dAAAAAIAC+vB41QAAAgQFtAEDAwgBAQQC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1740392849077905,"flow_dst_last_pkt_time":1740392849351151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740392849351151,"pkt":"CAAnmk\/+YDjgxTWgCABFAAA0AABAACwGqJ4OP9bYwKgAZicaw2cVlFp\/TAUenoASOQjKogAAAgQFrAEBBAIBAwMH"} @@ -47,12 +47,12 @@ 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740392852797920,"flow_src_last_pkt_time":1740392852797920,"flow_dst_last_pkt_time":1740392852797920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740392852797920,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"172.233.67.67","src_port":60976,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1740392852797920,"flow_dst_last_pkt_time":1740392852797920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":9,"thread_ts_usec":1740392852797920,"pkt":"YDjgxTWgCAAnmk\/+CABFAAAdqHcAAIAR4R3AqABmrOlDQ+4wJxcACelYUAAAAAAAAAAAAAAAAAAAAAAA"} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1740392852797920,"flow_dst_last_pkt_time":1740392853123886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1740392853123886,"pkt":"CAAnmk\/+YDjgxTWgCABFAAAd0YhAAC0Rywys6UNDwKgAZicX7jAACelYUA=="} -00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392852797920,"flow_src_last_pkt_time":1740392852797920,"flow_dst_last_pkt_time":1740392853123886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392853123886,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"172.233.67.67","src_port":60976,"dst_port":10007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392852797920,"flow_src_last_pkt_time":1740392852797920,"flow_dst_last_pkt_time":1740392853123886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392853123886,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"172.233.67.67","src_port":60976,"dst_port":10007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1740392950120701,"flow_dst_last_pkt_time":1740392851863838,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":9,"thread_ts_usec":1740392950120701,"pkt":"YDjgxTWgCAAnmk\/+CABFAAAdOzMAAIARKHPAqABmI8nyUu4xJxcACcNoUAAAAAAAAAAAAAAAAAAAAAAA"} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1740392950120701,"flow_dst_last_pkt_time":1740392950370475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1740392950370475,"pkt":"CAAnmk\/+YDjgxTWgCABFAAAdLR1AADoRPIkjyfJSwKgAZicX7jEACcNoUA=="} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1740392851605917,"flow_src_last_pkt_time":1740392950120701,"flow_dst_last_pkt_time":1740392950370475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"35.201.242.82","src_port":60977,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392850738792,"flow_src_last_pkt_time":1740392850738792,"flow_dst_last_pkt_time":1740392851022154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"58.228.231.36","src_port":60976,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392852797920,"flow_src_last_pkt_time":1740392852797920,"flow_dst_last_pkt_time":1740392853123886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"172.233.67.67","src_port":60976,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392852797920,"flow_src_last_pkt_time":1740392852797920,"flow_dst_last_pkt_time":1740392853123886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"172.233.67.67","src_port":60976,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392852151028,"flow_src_last_pkt_time":1740392852151028,"flow_dst_last_pkt_time":1740392852383651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"45.120.157.78","src_port":60976,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392851270066,"flow_src_last_pkt_time":1740392851270066,"flow_dst_last_pkt_time":1740392851539576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"211.253.26.155","src_port":60976,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392852151028,"flow_src_last_pkt_time":1740392852151028,"flow_dst_last_pkt_time":1740392852176686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"176.10.111.130","src_port":60977,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -61,7 +61,7 @@ 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392851062032,"flow_src_last_pkt_time":1740392851062032,"flow_dst_last_pkt_time":1740392851217728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"46.173.30.40","src_port":60977,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392851062032,"flow_src_last_pkt_time":1740392851062032,"flow_dst_last_pkt_time":1740392851217720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"108.181.0.36","src_port":60976,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740392851920467,"flow_src_last_pkt_time":1740392851920467,"flow_dst_last_pkt_time":1740392852137146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1740392950370475,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"2.58.243.110","src_port":60976,"dst_port":10007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mudfish","proto_id":"454","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":89,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":72832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1740392950370475} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/mudfish.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":89,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":72832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1740392950370475} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 89/89 ~~ skipped flows.............: 0 @@ -70,9 +70,9 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673548 bytes -~~ total memory freed........: 8673548 bytes -~~ total allocations/frees...: 140723/140723 +~~ total memory allocated....: 9438242 bytes +~~ total memory freed........: 9438242 bytes +~~ total allocations/frees...: 154689/154689 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 2150 chars diff --git a/test/results/default/mullvad_dns.pcap.out b/test/results/default/mullvad_dns.pcap.out index cb5ae1b8a..d8d1f74b4 100644 --- a/test/results/default/mullvad_dns.pcap.out +++ b/test/results/default/mullvad_dns.pcap.out @@ -1,12 +1,12 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690989392454764} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690989392454764} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989392454764,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1690989392454764,"pkt":"LpGu0BOrUqbfQmqICABFAABU8HEAAD8RPmLAqHoLCQkJCcnwADUAQE0XWYYBIAABAAAAAAABA3d3dwdtdWxsdmFkA25ldAAAAQABAAApBNAAAAAAAAwACgAIwhcGhsoKkzM="} 01079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989392454764,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net","domainame":"www.mullvad.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1690989392507188,"pkt":"UqbfQmqILpGu0BOrCABFAABmAu0AADgRMtUJCQkJwKh6CwA1yfAAUpRhWYaBoAABAAIAAAABA3d3dwdtdWxsdmFkA25ldAAAAQABwAwABQABAAAG1wACwBDAEAABAAEAAAALAAQtU9\/RAAApBNAAAAAAAAA="} 01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1690989392507188,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net","domainame":"www.mullvad.net","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["45.83.223.209,ttl=11"]}}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1690989392507188,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1690989392507188} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1690989392507188} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644872 bytes -~~ total memory freed........: 8644872 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409246 bytes +~~ total memory freed........: 9409246 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 592 chars ~~ json message max len.......: 1116 chars diff --git a/test/results/default/mullvad_wireguard.pcap.out b/test/results/default/mullvad_wireguard.pcap.out index 65d9de416..a0f2971ad 100644 --- a/test/results/default/mullvad_wireguard.pcap.out +++ b/test/results/default/mullvad_wireguard.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690989590945292} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690989590945292} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989590945292,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989590945292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989590945292,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"198.54.131.98","src_port":22595,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989590945292,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1690989590945292,"pkt":"LpGu0BOrUqbfQmqICABFAAB83fQAAEARGDDAqHoLxjaDYlhDE8QAaITGBAAAABV2SXkTAAAAAAAAADvIU5XIGqFEsZ+W5jn7BLiciIB2fPEUKgOh7JJ8k\/FEcfAVrKf6uU7CHWMuDpSvWjtQYEvV9cMoDP4zIz5uBNzGTNEAB8QP+U4duw0xthm\/"} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989591192470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1690989591192470,"pkt":"UqbfQmqILpGu0BOrCABFCAB8BUcAACsRBdbGNoNiwKh6CxPEWEMAaIuGBAAAALBIEBwPAAAAAAAAAAsITpzs3Nqj\/mngBcwLuctA0JbR014xS\/DoFTXDrk8w1scffwPGXVQhk89PWb8vtw+pOPrZNyooWu5tHm9KcXVq4hier14EKnEpPtrq0py+"} @@ -8,7 +8,7 @@ 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1690989591192829,"flow_dst_last_pkt_time":1690989591192470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1690989591192829,"pkt":"LpGu0BOrUqbfQmqICABFAAC83hIAAEARF9LAqHoLxjaDYlhDE8QAqIUGBAAAABV2SXkVAAAAAAAAAJ2fNtGME5zwSTdTMQkGmaiCH+Wo\/9gCMeD01GNIb8pBUhJF3FFtz4RVJRfxx9PzIa8nYPqq4P5DoSH+YsbbogMXQb97+TfgyZWaD5D38iAu+73Y9mXDRYIdZgkSk3b17pGL+yVTFX7rQWUh\/xcnUYDcXFPo8xpMcVnDhl\/Gv\/0VmzIFSzjVfEcbvM2LkUIVmw=="} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1690989591192829,"flow_dst_last_pkt_time":1690989591426538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1690989591426538,"pkt":"UqbfQmqILpGu0BOrCABFCABsBWYAACsRBcfGNoNiwKh6CxPEWEMAWOEUBAAAALBIEBwQAAAAAAAAAOmugALEfSDtPyEnUa4GVP4WD6vx6vmcdq74p5uWI8wZndweTg2aIL6E2AQEi74KoRmz+vx\/BmWI2O6toM6+Rk0="} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1690989590945292,"flow_src_last_pkt_time":1690989591911796,"flow_dst_last_pkt_time":1690989591911742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":672,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":928,"midstream":0,"thread_ts_usec":1690989591911796,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"198.54.131.98","src_port":22595,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1690989591911796} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1690989591911796} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645156 bytes -~~ total memory freed........: 8645156 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9409530 bytes +~~ total memory freed........: 9409530 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 599 chars ~~ json message max len.......: 1121 chars diff --git a/test/results/default/mumble.pcapng.out b/test/results/default/mumble.pcapng.out index 4817b0411..994673781 100644 --- a/test/results/default/mumble.pcapng.out +++ b/test/results/default/mumble.pcapng.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705621398492193} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705621398492193} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705621398492193,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398492193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705621398492193,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"5.39.185.162","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398492193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1705621398492193,"pkt":"SKmKCiNtCAAniDE8CABFAAAo21MAAIARAADAqFjQBSe5osOl\/OIAFNhnAAAAAAPXIAD6dih+"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705621398533743,"flow_src_last_pkt_time":1705621398533743,"flow_dst_last_pkt_time":1705621398533743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705621398533743,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"87.122.110.156","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -19,7 +19,7 @@ 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1705621398492193,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398539803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"5.39.185.162","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mumble","proto_id":"387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705621398587907,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"151.101.66.217","src_port":50059,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Mumble","proto_id":"91.387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1705621398533743,"flow_src_last_pkt_time":1705621398533743,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"87.122.110.156","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mumble","proto_id":"387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2029,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1705621398587907} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2029,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1705621398587907} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654079 bytes -~~ total memory freed........: 8654079 bytes -~~ total allocations/frees...: 140567/140567 +~~ total memory allocated....: 9418517 bytes +~~ total memory freed........: 9418517 bytes +~~ total allocations/frees...: 154533/154533 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 1410 chars diff --git a/test/results/default/munin.pcap.out b/test/results/default/munin.pcap.out index f876835c5..d35fdfcc1 100644 --- a/test/results/default/munin.pcap.out +++ b/test/results/default/munin.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666226102691709} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666226102691709} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102691709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666226102691709,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102691709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666226102691709,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8V+BAAEAGaOisEBBsrBARZ7JWE1Uxv3OfAAAAAKAC9QCa0AAAAgQjAAQCCArNYOiDAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102717855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666226102717855,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsisEBFnrBAQbBNVslYbuawOMb9zoKAS\/+CLmwAAAgQFnAQCCAq\/Z5p4zWDogwEDAwc="} @@ -7,7 +7,7 @@ 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1666226102718825,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1666226102759806,"pkt":"ABY+T3\/T+hY+\/yO1CABFAABSYdhAAD4GYNqsEBFnrBAQbBNVslYbuawPMb9zoIAYAgB0FgAAAQEICr9nmqLNYOieIyBtdW5pbiBub2RlIGF0IGtpYmFuYS1ub2RlMDEK"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102718825,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1666226102759806,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666226102761116,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666226102761116,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0V+JAAEAGaO6sEBBsrBARZ7JWE1Uxv3OgG7msLYAQAeq3uQAAAQEICs1g6Mi\/Z5qi"} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1666249807376910} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1666249807376910} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807376910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666249807376910,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807376910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666249807376910,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8eSRAAEAGR6WsEBBsrBARZtfYE1VvZhzuAAAAAKAC9QC3lwAAAgQjAAQCCAr\/Q41iAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807402712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666249807402712,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsmsEBFmrBAQbBNV19hQR58Xb2Yc76AS\/+DsEwAAAgQFnAQCCAq2AziU\/0ONYgEDAwc="} @@ -16,7 +16,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807404027,"flow_dst_last_pkt_time":1666249807436639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":0,"thread_ts_usec":1666249807436639,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1666249807438107,"flow_dst_last_pkt_time":1666249807436639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666249807438107,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0eSZAAEAGR6usEBBsrBARZtfYE1VvZhzvUEefN4AQAeoYQgAAAQEICv9DjZ+2Azi1"} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102892589,"flow_dst_last_pkt_time":1666226102941764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":262,"midstream":0,"thread_ts_usec":1666249807610393,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"kibana-node01"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1666266002857038} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1666266002857038} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002857038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666266002857038,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002857038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666266002857038,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8yJJAAEAG+DesEBBsrBARZdBCE1WX5J9vAAAAAKAC9QDfsAAAAgQjAAQCCAp1q0t5AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002883378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666266002883378,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsqsEBFlrBAQbBNV0EJ2nLwRl+SfcKAS\/+DhLwAAAgQFnAQCCAqHPlcHdatLeQEDAwc="} @@ -25,7 +25,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266002884343,"flow_dst_last_pkt_time":1666266002914766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1666266002914766,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1666266002915853,"flow_dst_last_pkt_time":1666266002914766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666266002915853,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0yJRAAEAG+D2sEBBsrBARZdBCE1WX5J9wdpy8MIAQAeoNYgAAAQEICnWrS7SHPlcn"} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807564073,"flow_dst_last_pkt_time":1666249807610393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":267,"midstream":0,"thread_ts_usec":1666266003076418,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"elastic-node02"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":977,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1666274401982227} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":977,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1666274401982227} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666274401982227,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274401982227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666274401982227,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.1","src_port":59958,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274401982227,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666274401982227,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8CtBAAEAGtl6sEBBsrBARAeo2E1Wjl90YAAAAAKAC9QCoZQAAAgQjAAQCCAp4RB0\/AAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274402007121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666274402007121,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD8Gwi6sEBEBrBAQbBNV6ja\/dPxso5fdGaAS\/+B4GQAAAgQFnAQCCArx85TpeEQdPwEDAwc="} @@ -35,7 +35,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1666274402039419,"flow_dst_last_pkt_time":1666274402037918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666274402039419,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0CtJAAEAGtmSsEBBsrBARAeo2E1Wjl90Zv3T8g4AQAeqkVwAAAQEICnhEHXjx85UH"} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266003040348,"flow_dst_last_pkt_time":1666266003076418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":262,"midstream":0,"thread_ts_usec":1666274402201343,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"log-collector"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666274401982227,"flow_src_last_pkt_time":1666274402167889,"flow_dst_last_pkt_time":1666274402201343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":365,"midstream":0,"thread_ts_usec":1666274402201343,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.1","src_port":59958,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gw-ct"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1666274402201343} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1666274402201343} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653874 bytes -~~ total memory freed........: 8653874 bytes -~~ total allocations/frees...: 140626/140626 +~~ total memory allocated....: 9418344 bytes +~~ total memory freed........: 9418344 bytes +~~ total allocations/frees...: 154592/154592 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 1002 chars diff --git a/test/results/default/mysql.pcapng.out b/test/results/default/mysql.pcapng.out index 070c02c24..02aa6c7bf 100644 --- a/test/results/default/mysql.pcapng.out +++ b/test/results/default/mysql.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705960164821097} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705960164821097} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705960164821097,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705960164821097,"pkt":"CAAncIgi8C90rUP1CABFAAA82jtAAEAGLX\/AqFjnwKhYyY98DOp2PS8IAAAAAKACfXgzMAAAAgQFtAQCCAppS\/T6AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705960164821230,"pkt":"8C90rUP1CAAncIgiCABFAAA8AABAAEAGB7vAqFjJwKhY5wzqj3zoGIATdj0vCaAS\/oj7XQAAAgQFtAQCCAodC\/XcaUv0+gEDAwc="} @@ -7,7 +7,7 @@ 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1705960164821258,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1705960164821452,"pkt":"8C90rUP1CAAncIgiCABFCACi\/KRAAEAGCqjAqFjJwKhY5wzqj3zoGIAUdj0vCYAYAf4QPQAAAQEICh0L9dxpS\/T6agAAAAo1LjUuNS0xMC42LjEyLU1hcmlhREItMHVidW50dTAuMjIuMDQuMQAgAAAAR2dQPSErVEgA\/vctAgD\/gRUAAAAAAAAdAAAASXY3T2UvWVJtUjE+AG15c3FsX25hdGl2ZV9wYXNzd29yZAA="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960164821258,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":1705960164821452,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1705960164821461,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705960164821461,"pkt":"CAAncIgi8C90rUP1CABFCAA02j1AAEAGLX3AqFjnwKhYyY98DOp2PS8J6BiAgoAQAPszKAAAAQEICmlL9PodC\/Xc"} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1705961445154157} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1705961445154157} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705961445154157,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705961445154157,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.200","src_port":36272,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705961445154157,"pkt":"CAAnuVBs8C90rUP1CABFAAA8HqhAAEAG6RPAqFjnwKhYyI2wDOriY1z8AAAAAKACfXgzLwAAAgQFtAQCCApboWQSAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705961445154294,"pkt":"8C90rUP1CAAnuVBsCABFAAA8AABAAEAGB7zAqFjIwKhY5wzqjbCh\/Uwo4mNc\/aAS\/oihhAAAAgQFtAQCCAroGgTyW6FkEgEDAwc="} @@ -17,7 +17,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1705961445178850,"flow_dst_last_pkt_time":1705961445178841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705961445178850,"pkt":"CAAnuVBs8C90rUP1CABFAAA0HqpAAEAG6RnAqFjnwKhYyI2wDOriY1z9of1Md4AQAPszJwAAAQEICluhZCvoGgUK"} 00979{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1705961445154157,"flow_src_last_pkt_time":1705961447627544,"flow_dst_last_pkt_time":1705961447627529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":322,"flow_dst_max_l4_payload_len":2218,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":2981,"midstream":0,"thread_ts_usec":1705961447627544,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.200","src_port":36272,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960167087269,"flow_dst_last_pkt_time":1705960167087249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1705961447627544,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1705961447627544} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1705961447627544} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648459 bytes -~~ total memory freed........: 8648459 bytes -~~ total allocations/frees...: 140585/140585 +~~ total memory allocated....: 9412865 bytes +~~ total memory freed........: 9412865 bytes +~~ total allocations/frees...: 154551/154551 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 984 chars diff --git a/test/results/default/nano.pcapng.out b/test/results/default/nano.pcapng.out index 6a2b8c693..42d3acd74 100644 --- a/test/results/default/nano.pcapng.out +++ b/test/results/default/nano.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721295318976755} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721295318976755} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721295318976755,"flow_src_last_pkt_time":1721295318976755,"flow_dst_last_pkt_time":1721295318976755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721295318976755,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"37.120.187.138","src_port":59642,"dst_port":7075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1721295318976755,"flow_dst_last_pkt_time":1721295318976755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1721295318976755,"pkt":"SKmKCiNt8C90rUP1CABFAAA8jZVAAEAGspTAqFjnJXi7iuj6G6Ogx8U+AAAAAKAC+vD6wAAAAgQFtAQCCAoPwsSRAAAAAAEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1721295318976755,"flow_dst_last_pkt_time":1721295319028262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1721295319028262,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADQGTColeLuKwKhY5xuj6PpeKTrgoMfFP6AS\/ojNPwAAAgQFoAQCCApGamM8D8LEkQEDAwc="} @@ -8,7 +8,7 @@ 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1721295318976755,"flow_src_last_pkt_time":1721295319028342,"flow_dst_last_pkt_time":1721295319028262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721295319028342,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"37.120.187.138","src_port":59642,"dst_port":7075,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nano","proto_id":"420","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1721295319028342,"flow_dst_last_pkt_time":1721295319083243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1721295319083243,"pkt":"8C90rUP1SKmKCiNtCABFAAA0TKtAADQG\/4YleLuKwKhY5xuj6PpeKTrhoMfFZ4AQAf338wAAAQEICkZqY3APwsTF"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1721295318976755,"flow_src_last_pkt_time":1721295319028342,"flow_dst_last_pkt_time":1721295319083277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1721295319083277,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"37.120.187.138","src_port":59642,"dst_port":7075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nano","proto_id":"420","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1721295319083277} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1721295319083277} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645012 bytes -~~ total memory freed........: 8645012 bytes -~~ total allocations/frees...: 140539/140539 +~~ total memory allocated....: 9409386 bytes +~~ total memory freed........: 9409386 bytes +~~ total allocations/frees...: 154505/154505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/natpmp.pcap.out b/test/results/default/natpmp.pcap.out index 9ff8f5b8c..b96dc25ee 100644 --- a/test/results/default/natpmp.pcap.out +++ b/test/results/default/natpmp.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631961259127898} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631961259127898} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631961259127898,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_usec":1631961259127898,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAeV7pAAEARXkbAqAGAwKgB\/o\/0FOcACtYvAAA="} 01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631961259127898,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":0,"external_port":0,"external_address":"0.0.0.0"}}} @@ -8,7 +8,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961259156828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631961267470917,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAoXGBAAEARWZbAqAGAwKgB\/o\/0FOcAFDZeAAIAAMjVyNUAAA4Q"} 01041{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961259156828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1631961267470917,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":51413,"external_port":51413,"external_address":"10.201.213.174"}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961267496338,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1631961267496338,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAssMEAAEARRTHAqAH+wKgBgBTnj\/QAGPrFAIIAAAArOuXI1cjVAAAOEAAA"} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1663058610829000} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1663058610829000} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_usec":1663058610829000,"pkt":"eJS0JASgYDjgxTWgCABFAAAe7gNAAKIRZRXAqAJkwKgCAY\/tFOcACoXRAAA="} 01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":0,"external_port":0,"external_address":"0.0.0.0"}}} @@ -26,7 +26,7 @@ 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1663058622646000,"flow_src_last_pkt_time":1663058622897000,"flow_dst_last_pkt_time":1663058622646000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":59817,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1663058622897000,"flow_src_last_pkt_time":1663058622897000,"flow_dst_last_pkt_time":1663058622897000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":35763,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1663058622897000} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1663058622897000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652357 bytes -~~ total memory freed........: 8652357 bytes -~~ total allocations/frees...: 140573/140573 +~~ total memory allocated....: 9416827 bytes +~~ total memory freed........: 9416827 bytes +~~ total allocations/frees...: 154539/154539 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 516 chars ~~ json message max len.......: 1046 chars diff --git a/test/results/default/nats.pcap.out b/test/results/default/nats.pcap.out index a94332bf5..82bcd27af 100644 --- a/test/results/default/nats.pcap.out +++ b/test/results/default/nats.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1586288040558498} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1586288040558498} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1586288040558498,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1586288040558498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558498,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1586288040558498,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558594,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1586288040558594,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="} @@ -16,7 +16,7 @@ 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1586288040575502,"flow_src_last_pkt_time":1586288040575609,"flow_dst_last_pkt_time":1586288040577107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":1586288040577107,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1586288040558498,"flow_src_last_pkt_time":1586288040570938,"flow_dst_last_pkt_time":1586288040570821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":315,"midstream":0,"thread_ts_usec":1586288042776134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1586288040575502,"flow_src_last_pkt_time":1586288042776117,"flow_dst_last_pkt_time":1586288042776134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":321,"midstream":0,"thread_ts_usec":1586288042776134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1586288042776134} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1586288042776134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652149 bytes -~~ total memory freed........: 8652149 bytes -~~ total allocations/frees...: 140573/140573 +~~ total memory allocated....: 9416555 bytes +~~ total memory freed........: 9416555 bytes +~~ total allocations/frees...: 154539/154539 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 962 chars diff --git a/test/results/default/naver.pcap.out b/test/results/default/naver.pcap.out index e9f699746..59354d8a1 100644 --- a/test/results/default/naver.pcap.out +++ b/test/results/default/naver.pcap.out @@ -1,13 +1,13 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730387261423525} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730387261423525} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261423525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261423525,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261423525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1730387261423525,"pkt":"AgAAAAABAgAAAAACCABFAAA8GPlAAEAG\/eYK160BFzRU0JxaAbsaMFI+AAAAAKAC\/\/+b7AAAAgQm6AQCCArcYYAbAAAAAAEDAwk="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1730387261449768,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGFuwXNFTQCtetAQG7nFp363frGjBSP3ASBAA4owAAAgQm6AMDCQA="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1730387261449929,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387261449929,"pkt":"AgAAAAABAgAAAAACCABFAAAoGPpAAEAG\/fkK160BFzRU0JxaAbsaMFI\/d+t37FAQAICRGwAA"} 01213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1730387261453362,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1730387261453362,"pkt":"AgAAAAABAgAAAAACCABFAAIoGPtAAEAG+\/gK160BFzRU0JxaAbsaMFI\/d+t37FAQAIBUzAAAFgMBAgABAAH8AwPX38a3MCvLk8uZ1hRP4mrIcI\/KE5Ca09x0fVESciasXyAHVzLhzlLebn9ANLoi0ghqpVMwaJhABDq537sQ5LecrAAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAABAADgAAC20ubmF2ZXIuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACBTdWagI7SgZgL7PYcAj7Gok6yNBt0GqqRKhpu0eBDiIwAtAAIBAQArAAUEAwQDAwAVAPIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1730387261453362,"flow_dst_last_pkt_time":1730387261453466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387261453466,"pkt":"AgAAAAABAgAAAAACCABFAAAoAABAAEAGFvQXNFTQCtetAQG7nFp363fsGjBUP1AQA\/+LnAAA"} -01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261453466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261453544,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01198{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261453466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261453544,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAA8O\/FAAEAGOzUK160Bbl2dYKQ4AbsIxNkQAAAAAKAC\/\/9rfQAAAgQm6AQCCAotHELSAAAAAAEDAwk="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGdzJuXZ1gCtetAQG7pDh363frCMTZEXASBAAbpQAAAgQm6AMDCQA="} @@ -22,12 +22,12 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1730387269634949,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387269634949,"pkt":"AgAAAAABAgAAAAACCABFAAAoptBAAEAGWzEK160BuDLIw7IKAbuEfl3\/d+t37FAQAIDwagAA"} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1730387269636387,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1730387269636387,"pkt":"AgAAAAABAgAAAAACCABFAAIoptFAAEAGWTAK160BuDLIw7IKAbuEfl3\/d+t37FAQAIBuHgAAFgMBAgABAAH8AwNZH7rBuBt1xrwIbjDlhPOR+5G6F4LrPLdIPSTRSpxo7CA+vFrtGzprO63Vue4VRezFRaS1Ecv5l\/tFSXo37dw7hAAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAAB0AGwAAGGR0aHVtYi1waGluZi5wc3RhdGljLm5ldAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAg78Ojm6jaXZuX1wRTpsRNjRNdUV3aV2AqjZhzlffXTnkALQACAQEAKwAFBAMEAwMAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"thread_ts_usec":1730387269636423,"pkt":"AgAAAAABAgAAAAACCABFAAAtptJAAEAGWyoK160BuDLIw7IKAbuEfl\/\/d+t37FAYAIDuXQAAAAAAAAA="} -01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387269636423,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01597{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","server_names":"*.pstatic.net,pstatic.net","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Cloud Corp., CN=*.pstatic.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"97:14:4D:E1:78:70:D4:E8:6B:CD:80:41:48:2B:5E:D3:E8:34:7D:CB","blocks":0}}} -00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387269636423,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01598{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","server_names":"*.pstatic.net,pstatic.net","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Cloud Corp., CN=*.pstatic.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"97:14:4D:E1:78:70:D4:E8:6B:CD:80:41:48:2B:5E:D3:E8:34:7D:CB","blocks":0}}} +00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261663060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4356,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1730387269664358} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1730387269664358} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8674804 bytes -~~ total memory freed........: 8674804 bytes -~~ total allocations/frees...: 140609/140609 +~~ total memory allocated....: 9439242 bytes +~~ total memory freed........: 9439242 bytes +~~ total allocations/frees...: 154575/154575 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 1778 chars diff --git a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out index e5a6a1de4..29c41f616 100644 --- a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1258162014557086} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1258162014557086} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258162014557086,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258162014557086,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258162014557086,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1258162014557086,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} 02065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1258162014576991,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_usec":1258162014576991,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} @@ -7,9 +7,9 @@ 01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1258162014576991,"flow_dst_last_pkt_time":1258162014582846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_usec":1258162014582846,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1258162014587557,"flow_dst_last_pkt_time":1258162014582846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1258162014587557,"pkt":"AFBWmXinAB9ro6gACABFAAAoMZ1AADwGZmMKAwkTCkSJdp64H5sCrVUelwIr+1AQwhBt1wAAAAAAAAAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1258162014587557,"flow_dst_last_pkt_time":1258162020091627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1258162020091627,"pkt":"AAAMB6wcAFBWmXinCABFAAAoOz5AAIAGGMIKRIl2CgMJEx+bnriXAiv7Aq1VHlAR9jim6gAA"} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1258165452647609} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1258165452647609} 01289{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258165452688667,"flow_dst_last_pkt_time":1258165452688687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1126,"flow_dst_max_l4_payload_len":685,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1258165452688687,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"10.68.137.118"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1258165452688687} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1258165452688687} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645399 bytes -~~ total memory freed........: 8645399 bytes -~~ total allocations/frees...: 140553/140553 +~~ total memory allocated....: 9409773 bytes +~~ total memory freed........: 9409773 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 560 chars ~~ json message max len.......: 2070 chars diff --git a/test/results/default/nest_log_sink.pcap.out b/test/results/default/nest_log_sink.pcap.out index 3b297c980..92a9f47c1 100644 --- a/test/results/default/nest_log_sink.pcap.out +++ b/test/results/default/nest_log_sink.pcap.out @@ -1,15 +1,15 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1536712992228658} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1536712992228658} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992228658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536712992228658,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992228658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536712992228658,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992289465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536712992289465,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536712992289465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536713052295189,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536713052360453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536713052360453,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpVAAC0G7ecjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536713052805060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536713052805060,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpZAAC0G7eYjrlLtwKjyDytX92zEgGGECKi\/QFAQgdDz\/gAA"} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":51,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1536713593921755} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":51,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1536713593921755} 02069{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":60807,"avg":38820860.0,"max":60122070,"stddev":28558074.0,"var":815563555209216.0,"ent":4.3,"data": [60807,60066531,60070988,444607,512208,60052382,60122070,60064103,60058548,139368,204086,59876012,59944753,60065849,60071735,305546,379257,59710128,59782330,60066153,60065042,470660,541865,60021230,60097006,60071977,60059874,163527,227320,59833996,59896720]},"pktlen": {"min":40,"avg":43.0,"max":46,"stddev":3.0,"var":9.0,"ent":5.0,"data": [46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1],"entropies": [4.501398087,4.881687164,4.457920074,4.881687164,4.881687164,4.501398087,4.457919598,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.414441586,4.881687164,4.881687164,4.441509247,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164]}} -00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":101,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1536714195599741} +00951{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":101,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1536714195599741} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714602587299,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536714602587299,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714602587299,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","domainame":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -31,7 +31,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1536714607597463,"flow_dst_last_pkt_time":1536714607594881,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536714607597463,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7QAAP8GYsjAqPIPI65S7fdvK1cIymiQqq\/48lAQEgA8vQAAAAAAAAAA"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1536714608236238,"flow_dst_last_pkt_time":1536714607594881,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1536714608236238,"pkt":"AJD7JidrGLQwJjRACABFAAI7L7UAAP8GYLTAqPIPI65S7fdvK1cIymiQqq\/48lAYEgBXKQAAEQIAEwoDAAA2nicAADC0GAMAAAACMLQYEQqMBgQAAACBAAA5+ABtAAEAWiMlAFoj+yEEnLB3hmCjX\/9RpHiw8WQHtflYVJ9RsjEg6dtDwCGgTmdVcdp0jKObpMjSiVlQqEuNASCYIOjjq2KVBwA1ATABCGRioUb7JdsYJAIENwMnEwIAAADuMLQYGCYEvBKUGiYFvF68LTcGJxE2nicAADC0GBgkBwImCCUAWiMwCjkEJgNHeyfLyn8+Y4Q3KJESv6T1UZ7ximwyz0BZXSER6iqTRHr3ZzL\/QcomumvZXRQgQXcoi+vhk5Y1gykBGDWCKQEkAgUYNYQpATYCBAIEARgYNYEwAghG1Bj5qiAzNBg1gDACCE3B2i1iGUvgGDUMMAEdAIXDdHE3JrfWlel2eYaefOia8kf6YmRIxz7Xgq0wAh0Aqggyqhbk0\/a8FDNnwqqs7hWaOpuNhfC6EutljBgYGNUAAA4AAQAlAFojJAEFJAILJQMykCwEEDA1Q0EwMkFDNDQxNDAyOEYwBQgYtDAAACeeNjAGBhi0MCYAACwHCU5FU1QtOUUzNicKNp4nAAAwtBgnC4vxg94wk5+2LAkIMy4xLjRyYzMkDAEpZRiVCAAwARwhermfyMxoLyT9cAO1roHO9a7QqXANtx6N7Gh1MAIdAPyALwFEjYcRq6fbbb2YwAPqueLqb7bMgagmR3kY"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1536714608236238,"flow_dst_last_pkt_time":1536714608305894,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536714608305894,"pkt":"GLQwJjRAAJD7JidrCABFAAAoshtAAC0GcmEjrlLtwKjyDytX92+qr\/jyCMpqo1AQbODfyQAA"} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536714607530778,"flow_src_last_pkt_time":1536714609684326,"flow_dst_last_pkt_time":1536714608322352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":677,"midstream":0,"thread_ts_usec":1536714609684326,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536714607530778,"flow_src_last_pkt_time":1536714609684326,"flow_dst_last_pkt_time":1536714608322352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":677,"midstream":0,"thread_ts_usec":1536714609684326,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714610253460,"flow_src_last_pkt_time":1536714610253460,"flow_dst_last_pkt_time":1536714610253460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714610253460,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1536714610253460,"flow_dst_last_pkt_time":1536714610253460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1536714610253460,"pkt":"AJD7JidrGLQwJjRACABFAAAsL74AAP8GGt\/AqPIPI7yauvdwK1cI1a0HAAAAAGACEgA9hwAAAgQEgAAA"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1536714610253460,"flow_dst_last_pkt_time":1536714610314466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1536714610314466,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93Bcs3xVCNWtCGASbvAGcQAAAgQFjA=="} @@ -40,15 +40,15 @@ 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1536714613670783,"flow_dst_last_pkt_time":1536714610314466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1536714613670783,"pkt":"AJD7JidrGLQwJjRACABFAAI6L8MAAP8GGMzAqPIPI7yauvdwK1cI1a0IXLN8VlAYEgD6igAAEAIAEwwDAAA2nicAADC0GAQAAAACMLQYEQqSBgQAAACBAAA5+ABtAAEAWiMlAFojiiIEtkbpjQUSHUoTcWkXUWM9lVbNsoOuvfFUxmbNPsGiW\/wq5UMDWDxf2nPoFbYobKpXR6vLhI5RzviVBwA1ATABCGRioUb7JdsYJAIENwMnEwIAAADuMLQYGCYEvBKUGiYFvF68LTcGJxE2nicAADC0GBgkBwImCCUAWiMwCjkEJgNHeyfLyn8+Y4Q3KJESv6T1UZ7ximwyz0BZXSER6iqTRHr3ZzL\/QcomumvZXRQgQXcoi+vhk5Y1gykBGDWCKQEkAgUYNYQpATYCBAIEARgYNYEwAghG1Bj5qiAzNBg1gDACCE3B2i1iGUvgGDUMMAEdAIXDdHE3JrfWlel2eYaefOia8kf6YmRIxz7Xgq0wAh0Aqggyqhbk0\/a8FDNnwqqs7hWaOpuNhfC6EutljBgYGNUAAA4AAQAlAFojJAEFJAILJQMykCwEEDA1Q0EwMkFDNDQxNDAyOEYwBQgYtDAAACeeNjAGBhi0MCYAACwHCU5FU1QtOUUzNicKNp4nAAAwtBgnC4vxg94wk5+2LAkIMy4xLjRyYzMkDAEpZRiVCAAwARwghzo4rL9IB318LIxg\/LAqaKcA4fCuRscnp+mWMAIcBgUkZfHumFcJND3j932Gu2OJyi6\/7A8Wmb\/nLRg="} 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1536714610253460,"flow_src_last_pkt_time":1536714615108363,"flow_dst_last_pkt_time":1536714613730371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":678,"midstream":0,"thread_ts_usec":1536714615108363,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714675297074,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -02252{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1536714607530778,"flow_src_last_pkt_time":1536714735302616,"flow_dst_last_pkt_time":1536714735750574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":2066,"midstream":0,"thread_ts_usec":1536714735750574,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7081,"avg":8257794.5,"max":60077555,"stddev":19898212.0,"var":395938807939072.0,"ent":2.4,"data": [64103,66685,638775,711013,16458,201353,1246735,1463240,104910,69439,22020,94707,71220,78130,7081,87220,75789,84472,84342,76407,307337,280726,43263,5019615,5092313,178784,59560541,59727665,60063791,60077555,375945]},"pktlen": {"min":40,"avg":167.0,"max":717,"stddev":184.8,"var":34140.6,"ent":4.3,"data": [46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,201,46,332,102,46,46,40,46,40,40]},"bins": {"c_to_s": [9,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1],"entropies": [4.390829086,5.012806416,4.434307098,6.983462334,4.981687546,7.117225647,4.501398087,5.460370064,5.031687260,7.387540817,4.981687069,5.670276642,6.393791676,7.723265171,4.434307098,6.722110748,6.670401573,6.819778442,6.529592991,6.835218430,6.697788239,4.303872108,6.701543808,4.347350597,7.229048729,5.808568001,4.347350597,4.390829086,4.934183598,4.347350597,4.934183598,4.884183884]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1536714607530778,"flow_src_last_pkt_time":1536714735302616,"flow_dst_last_pkt_time":1536714735750574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":2066,"midstream":0,"thread_ts_usec":1536714735750574,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7081,"avg":8257794.5,"max":60077555,"stddev":19898212.0,"var":395938807939072.0,"ent":2.4,"data": [64103,66685,638775,711013,16458,201353,1246735,1463240,104910,69439,22020,94707,71220,78130,7081,87220,75789,84472,84342,76407,307337,280726,43263,5019615,5092313,178784,59560541,59727665,60063791,60077555,375945]},"pktlen": {"min":40,"avg":167.0,"max":717,"stddev":184.8,"var":34140.6,"ent":4.3,"data": [46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,201,46,332,102,46,46,40,46,40,40]},"bins": {"c_to_s": [9,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1],"entropies": [4.390829086,5.012806416,4.434307098,6.983462334,4.981687546,7.117225647,4.501398087,5.460370064,5.031687260,7.387540817,4.981687069,5.670276642,6.393791676,7.723265171,4.434307098,6.722110748,6.670401573,6.819778442,6.529592991,6.835218430,6.697788239,4.303872108,6.701543808,4.347350597,7.229048729,5.808568001,4.347350597,4.390829086,4.934183598,4.347350597,4.934183598,4.884183884]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":35,"flow_first_seen":1536714602612148,"flow_src_last_pkt_time":1536714607322501,"flow_dst_last_pkt_time":1536714607319686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":679,"flow_src_tot_l4_payload_len":12610,"flow_dst_tot_l4_payload_len":2221,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1536714610253460,"flow_src_last_pkt_time":1536714615546363,"flow_dst_last_pkt_time":1536714615544009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":42,"flow_dst_packets_processed":41,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536714607325706,"flow_dst_last_pkt_time":1536714607385830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":42,"flow_dst_packets_processed":41,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536714607325706,"flow_dst_last_pkt_time":1536714607385830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":276,"packets-processed":215,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1536714800447381} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":276,"packets-processed":215,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1536714800447381} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714795433354,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":326,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1536715402175361} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":376,"packets-processed":275,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1536716003807368} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":326,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1536715402175361} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":376,"packets-processed":275,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1536716003807368} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716402804764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536716402804764,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716402804764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","domainame":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -70,7 +70,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1536716407188905,"flow_dst_last_pkt_time":1536716407186187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536716407188905,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCEAAP8GYlvAqPIPI65S7fdyK1cI7G50n+oaPFAQEgAgMAAAAAAAAAAA"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1536716407823894,"flow_dst_last_pkt_time":1536716407186187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1536716407823894,"pkt":"AJD7JidrGLQwJjRACABFAAI7MCIAAP8GYEfAqPIPI65S7fdyK1cI7G50n+oaPFAYEgDwdwAAEQIAExADAAA2nicAADC0GAMAAAACMLQYEQqYBgQAAACBAAA5+ABtAAEAWiMlAFojzy4E7q5tuDPa8dqp3Tuoonw6y+EKFrq9iWLx7LT+wD9DJViy4PlSyQ0AFOPyw4FcNd3Y3goVAXIadNGVBwA1ATABCGRioUb7JdsYJAIENwMnEwIAAADuMLQYGCYEvBKUGiYFvF68LTcGJxE2nicAADC0GBgkBwImCCUAWiMwCjkEJgNHeyfLyn8+Y4Q3KJESv6T1UZ7ximwyz0BZXSER6iqTRHr3ZzL\/QcomumvZXRQgQXcoi+vhk5Y1gykBGDWCKQEkAgUYNYQpATYCBAIEARgYNYEwAghG1Bj5qiAzNBg1gDACCE3B2i1iGUvgGDUMMAEdAIXDdHE3JrfWlel2eYaefOia8kf6YmRIxz7Xgq0wAh0Aqggyqhbk0\/a8FDNnwqqs7hWaOpuNhfC6EutljBgYGNUAAA4AAQAlAFojJAEFJAILJQMykCwEEDA1Q0EwMkFDNDQxNDAyOEYwBQgYtDAAACeeNjAGBhi0MCYAACwHCU5FU1QtOUUzNicKNp4nAAAwtBgnC4vxg94wk5+2LAkIMy4xLjRyYzMkDAEpZRiVCAAwARxoTx\/J58YBVL8Z9uxN9RPfRr+Io40A8NhdTkJFMAIdAPDtk8tzNKB5VXXVQ39d1I8oQCKlkaNov5AmdiMY"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1536716407823894,"flow_dst_last_pkt_time":1536716407888603,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536716407888603,"pkt":"GLQwJjRAAJD7JidrCABFAAAoMm9AAC0G8g0jrlLtwKjyDytX93Kf6ho8COxwh1AQbODDPAAA"} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536716409280467,"flow_dst_last_pkt_time":1536716407903994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":677,"midstream":0,"thread_ts_usec":1536716409280467,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536716409280467,"flow_dst_last_pkt_time":1536716407903994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":677,"midstream":0,"thread_ts_usec":1536716409280467,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716409847406,"flow_src_last_pkt_time":1536716409847406,"flow_dst_last_pkt_time":1536716409847406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716409847406,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1536716409847406,"flow_dst_last_pkt_time":1536716409847406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1536716409847406,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCwAAP8GGnHAqPIPI7yauvdzK1cI9889AAAAAGACEgAbLAAAAgQEgAAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1536716409847406,"flow_dst_last_pkt_time":1536716409908176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1536716409908176,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93M4S\/jECPfPPmASbvCMDgAAAgQFjA=="} @@ -81,12 +81,12 @@ 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716472448121,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":35,"flow_first_seen":1536716402828004,"flow_src_last_pkt_time":1536716406969810,"flow_dst_last_pkt_time":1536716406967430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":12633,"flow_dst_tot_l4_payload_len":2220,"midstream":0,"thread_ts_usec":1536716532891336,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1536716409847406,"flow_src_last_pkt_time":1536716412657238,"flow_dst_last_pkt_time":1536716412651629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":679,"flow_src_tot_l4_payload_len":1413,"flow_dst_tot_l4_payload_len":846,"midstream":0,"thread_ts_usec":1536716532891336,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":56,"flow_first_seen":1536714607530778,"flow_src_last_pkt_time":1536716407001445,"flow_dst_last_pkt_time":1536716407068096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":2003,"flow_dst_tot_l4_payload_len":2066,"midstream":0,"thread_ts_usec":1536716532891336,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":56,"flow_first_seen":1536714607530778,"flow_src_last_pkt_time":1536716407001445,"flow_dst_last_pkt_time":1536716407068096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":2003,"flow_dst_tot_l4_payload_len":2066,"midstream":0,"thread_ts_usec":1536716532891336,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716532891336,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -02255{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536716592513963,"flow_dst_last_pkt_time":1536716532889304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":1905,"midstream":0,"thread_ts_usec":1536716592513963,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6654,"avg":10037526.0,"max":60065954,"stddev":21842106.0,"var":477077551710208.0,"ent":2.6,"data": [66203,68921,634989,702416,15391,245970,1210603,1481601,108755,76207,16822,97423,70982,72827,6654,85865,79238,75829,75050,77170,97357,2619475,2881135,371772,59569035,59778516,60065954,60063694,377489,447329,59622627]},"pktlen": {"min":40,"avg":162.2,"max":717,"stddev":185.8,"var":34538.8,"ent":4.3,"data": [46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,40,46,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0],"entropies": [4.390829086,5.012806416,4.434307098,6.960905552,4.931687355,7.109922409,4.501398087,5.422218800,4.931687355,7.525271416,4.762814999,5.747631550,6.463061810,7.686710835,4.434307098,6.746978760,6.772123814,6.796743393,6.668047905,6.846702099,6.720046520,4.457919121,7.263835907,5.855727196,4.441509247,4.501398087,4.981687546,4.501398087,4.981687546,4.981687546,4.501398087,4.501398087]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +02253{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536716592513963,"flow_dst_last_pkt_time":1536716532889304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":1905,"midstream":0,"thread_ts_usec":1536716592513963,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6654,"avg":10037526.0,"max":60065954,"stddev":21842106.0,"var":477077551710208.0,"ent":2.6,"data": [66203,68921,634989,702416,15391,245970,1210603,1481601,108755,76207,16822,97423,70982,72827,6654,85865,79238,75829,75050,77170,97357,2619475,2881135,371772,59569035,59778516,60065954,60063694,377489,447329,59622627]},"pktlen": {"min":40,"avg":162.2,"max":717,"stddev":185.8,"var":34538.8,"ent":4.3,"data": [46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,40,46,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0],"entropies": [4.390829086,5.012806416,4.434307098,6.960905552,4.931687355,7.109922409,4.501398087,5.422218800,4.931687355,7.525271416,4.762814999,5.747631550,6.463061810,7.686710835,4.434307098,6.746978760,6.772123814,6.796743393,6.668047905,6.846702099,6.720046520,4.457919121,7.263835907,5.855727196,4.441509247,4.501398087,4.981687546,4.501398087,4.981687546,4.981687546,4.501398087,4.501398087]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716592575967,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":547,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1536716652586979} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":595,"packets-processed":452,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1536717254253428} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":547,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1536716652586979} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":595,"packets-processed":452,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1536717254253428} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536717427961883,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536717427961883,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536717427961883,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","domainame":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -109,22 +109,22 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1536717450159277,"flow_dst_last_pkt_time":1536717450156309,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536717450159277,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHAAAP8GYgzAqPIPI65S7fd1K1cJDrE2z66DDlAQEgBEsgAAAAAAAAAA"} 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1536717450837688,"flow_dst_last_pkt_time":1536717450156309,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1536717450837688,"pkt":"AJD7JidrGLQwJjRACABFAAI6MHEAAP8GX\/nAqPIPI65S7fd1K1cJDrE2z66DDlAYEgBSBgAAEAIAExYDAAA2nicAADC0GAMAAAACMLQYEQqkBgQAAACBAAA5+ABtAAEAWiMlAFoj2CcE2BAp6wubGo\/z5ZfI2Dj3nJ\/pPMFz9Obhx2FH5jhpv2JCG87bpNJ5Ycrt7oCzqhBHmauw3H1NfeuVBwA1ATABCGRioUb7JdsYJAIENwMnEwIAAADuMLQYGCYEvBKUGiYFvF68LTcGJxE2nicAADC0GBgkBwImCCUAWiMwCjkEJgNHeyfLyn8+Y4Q3KJESv6T1UZ7ximwyz0BZXSER6iqTRHr3ZzL\/QcomumvZXRQgQXcoi+vhk5Y1gykBGDWCKQEkAgUYNYQpATYCBAIEARgYNYEwAghG1Bj5qiAzNBg1gDACCE3B2i1iGUvgGDUMMAEdAIXDdHE3JrfWlel2eYaefOia8kf6YmRIxz7Xgq0wAh0Aqggyqhbk0\/a8FDNnwqqs7hWaOpuNhfC6EutljBgYGNUAAA4AAQAlAFojJAEFJAILJQMykCwEEDA1Q0EwMkFDNDQxNDAyOEYwBQgYtDAAACeeNjAGBhi0MCYAACwHCU5FU1QtOUUzNicKNp4nAAAwtBgnC4vxg94wk5+2LAkIMy4xLjRyYzMkDAEpZRiVCAAwARwFhA9\/J8DrsWyMKxxx\/EFb6R7RspDZpiRINr3VMAIcZsnvKF9nvfwXd5pondluDtKf2pv4DH09MvS0FRg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1536717450837688,"flow_dst_last_pkt_time":1536717450903656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536717450903656,"pkt":"GLQwJjRAAJD7JidrCABFAAAooddAAC0GgqUjrlLtwKjyDytX93XProMOCQ6zSFAQbODnvwAA"} -00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536717452328815,"flow_dst_last_pkt_time":1536717450921163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":678,"midstream":0,"thread_ts_usec":1536717452328815,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536717452328815,"flow_dst_last_pkt_time":1536717450921163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":678,"midstream":0,"thread_ts_usec":1536717452328815,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01014{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":703,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717512610921,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1536717428089363,"flow_src_last_pkt_time":1536717431514012,"flow_dst_last_pkt_time":1536717431511560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":7728,"flow_dst_tot_l4_payload_len":1615,"midstream":0,"thread_ts_usec":1536717572672015,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":37,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536717449932250,"flow_dst_last_pkt_time":1536717449999275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":2003,"flow_dst_tot_l4_payload_len":1905,"midstream":0,"thread_ts_usec":1536717572672015,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":37,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536717449932250,"flow_dst_last_pkt_time":1536717449999275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":2003,"flow_dst_tot_l4_payload_len":1905,"midstream":0,"thread_ts_usec":1536717572672015,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01014{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717572672015,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717632764427,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -02258{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":713,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536717692809761,"flow_dst_last_pkt_time":1536717693064770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1740,"midstream":0,"thread_ts_usec":1536717693064770,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4297,"avg":15667489.0,"max":60116188,"stddev":26141992.0,"var":683403720523776.0,"ent":3.1,"data": [65118,68086,678411,747347,17507,94704,1396423,1507704,104371,70568,14503,87690,68949,72988,7038,83601,72569,4297,74338,110547,112155,137112,59606094,59757940,60076789,60061094,60093385,60092412,60108066,60116188,184155]},"pktlen": {"min":40,"avg":145.1,"max":718,"stddev":181.0,"var":32752.9,"ent":4.2,"data": [46,44,46,570,40,718,46,92,40,244,40,100,162,669,46,220,190,46,220,201,332,102,46,46,40,46,40,46,40,46,40,40]},"bins": {"c_to_s": [10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1],"entropies": [4.303872585,4.967351913,4.390829086,7.000074863,4.931686878,7.083823204,4.501398087,5.370536327,4.981687069,6.850469589,4.881687164,5.621728897,6.422999859,7.639559269,4.347350597,6.781757832,6.666656017,4.544876099,6.837507248,6.783583164,7.269664764,5.833524227,4.501398087,4.390829086,4.931686878,4.457919598,4.931686878,4.501398087,4.931686878,4.501398087,4.931686878,4.981687069]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":727,"packets-processed":562,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":3,"total-updates":6,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":119,"global_ts_usec":1536717873194026} +02256{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":713,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536717692809761,"flow_dst_last_pkt_time":1536717693064770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1740,"midstream":0,"thread_ts_usec":1536717693064770,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4297,"avg":15667489.0,"max":60116188,"stddev":26141992.0,"var":683403720523776.0,"ent":3.1,"data": [65118,68086,678411,747347,17507,94704,1396423,1507704,104371,70568,14503,87690,68949,72988,7038,83601,72569,4297,74338,110547,112155,137112,59606094,59757940,60076789,60061094,60093385,60092412,60108066,60116188,184155]},"pktlen": {"min":40,"avg":145.1,"max":718,"stddev":181.0,"var":32752.9,"ent":4.2,"data": [46,44,46,570,40,718,46,92,40,244,40,100,162,669,46,220,190,46,220,201,332,102,46,46,40,46,40,46,40,46,40,40]},"bins": {"c_to_s": [10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1],"entropies": [4.303872585,4.967351913,4.390829086,7.000074863,4.931686878,7.083823204,4.501398087,5.370536327,4.981687069,6.850469589,4.881687164,5.621728897,6.422999859,7.639559269,4.347350597,6.781757832,6.666656017,4.544876099,6.837507248,6.783583164,7.269664764,5.833524227,4.501398087,4.390829086,4.931686878,4.457919598,4.931686878,4.501398087,4.931686878,4.501398087,4.931686878,4.981687069]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":727,"packets-processed":562,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":3,"total-updates":6,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":119,"global_ts_usec":1536717873194026} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718052990525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536718052990525,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718052990525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1536718052990525,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718053059160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1536718053059160,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1536718053062757,"flow_dst_last_pkt_time":1536718053059160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536718053062757,"pkt":"AJD7JidrGLQwJjRACABFAAAoMIwAAP8GYfDAqPIPI65S7fd2K1cJGivYkMneU1AQEgCtowAAAAAAAAAA"} 01252{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1536718053697119,"flow_dst_last_pkt_time":1536718053059160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1536718053697119,"pkt":"AJD7JidrGLQwJjRACABFAAI7MI0AAP8GX9zAqPIPI65S7fd2K1cJGivYkMneU1AYEgDiowAAEQIAExgDAAA2nicAADC0GAMAAAACMLQYEQqrBgQAAACBAAA5+ABtAAEAWiMlAFojuSAEqqg\/GG3XZ7S+GVgdJAxV3FdXtYqDvNEkQ7I6nVFTXJVnaCjLkbfmPxhMrtnj9HDtKB+WM2\/s\/m+VBwA1ATABCGRioUb7JdsYJAIENwMnEwIAAADuMLQYGCYEvBKUGiYFvF68LTcGJxE2nicAADC0GBgkBwImCCUAWiMwCjkEJgNHeyfLyn8+Y4Q3KJESv6T1UZ7ximwyz0BZXSER6iqTRHr3ZzL\/QcomumvZXRQgQXcoi+vhk5Y1gykBGDWCKQEkAgUYNYQpATYCBAIEARgYNYEwAghG1Bj5qiAzNBg1gDACCE3B2i1iGUvgGDUMMAEdAIXDdHE3JrfWlel2eYaefOia8kf6YmRIxz7Xgq0wAh0Aqggyqhbk0\/a8FDNnwqqs7hWaOpuNhfC6EutljBgYGNUAAA4AAQAlAFojJAEFJAILJQMykCwEEDA1Q0EwMkFDNDQxNDAyOEYwBQgYtDAAACeeNjAGBhi0MCYAACwHCU5FU1QtOUUzNicKNp4nAAAwtBgnC4vxg94wk5+2LAkIMy4xLjRyYzMkDAEpZRiVCAAwARwd+O5CSMqBtmXz\/1zPm4DXlstlRUz7LE7UoUFYMAIdAPhoHjs\/jsC2DB0sdsJSNgiMwlY1m+Ig3\/2eM4AY"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1536718053697119,"flow_dst_last_pkt_time":1536718053761048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536718053761048,"pkt":"GLQwJjRAAJD7JidrCABFAAAosfNAAC0GcokjrlLtwKjyDytX93aQyd5TCRot61AQbOBQsAAA"} -00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718055162308,"flow_dst_last_pkt_time":1536718053776985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":677,"midstream":0,"thread_ts_usec":1536718055162308,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":779,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536718052988117,"flow_dst_last_pkt_time":1536718053058136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1622,"flow_dst_tot_l4_payload_len":1740,"midstream":0,"thread_ts_usec":1536718175916129,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718055162308,"flow_dst_last_pkt_time":1536718053776985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":677,"midstream":0,"thread_ts_usec":1536718055162308,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":779,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536718052988117,"flow_dst_last_pkt_time":1536718053058136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1622,"flow_dst_tot_l4_payload_len":1740,"midstream":0,"thread_ts_usec":1536718175916129,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536718202959606,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959606,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536718202959606,"pkt":"AJD7JidrGLQwJjRACABFAABEMJoAAP8RJazAqPIPwKjyAc5xADUAMPGqwpsBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536718202959606,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","domainame":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -140,12 +140,12 @@ 02223{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":812,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1536718202984094,"flow_src_last_pkt_time":1536718205917650,"flow_dst_last_pkt_time":1536718205903699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":679,"flow_src_tot_l4_payload_len":5202,"flow_dst_tot_l4_payload_len":1231,"midstream":0,"thread_ts_usec":1536718205917650,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":188811.6,"max":1484002,"stddev":352858.6,"var":124509216768.0,"ent":3.6,"data": [55511,58104,637607,698601,8299,132470,1319785,1484002,100866,62363,34,73666,66291,66062,64356,70801,72468,66245,63705,65435,67073,65571,63470,63974,64872,66987,66191,76434,5185,82369,64364]},"pktlen": {"min":40,"avg":241.9,"max":719,"stddev":219.8,"var":48309.8,"ent":4.4,"data": [46,44,46,570,40,719,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495]},"bins": {"c_to_s": [4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0],"entropies": [4.287461758,4.967351913,4.374418736,6.956398010,4.981687069,7.137421608,4.544876099,5.452163696,4.981687069,5.767633438,4.931687355,5.629675388,7.553267002,5.769243717,7.480807304,5.656034946,7.456930637,5.661194324,7.513911247,5.748190880,7.546221733,5.663398743,7.504794121,5.711246014,7.578598976,5.698748112,7.528614521,5.748191357,4.321323395,7.516432285,5.677087307,7.518935204]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536718206572751,"flow_dst_last_pkt_time":1536718206572751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536718206572751,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1536718206572751,"flow_dst_last_pkt_time":1536718206572751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1536718206572751,"pkt":"AJD7JidrGLQwJjRACABFAAAsMLcAAP8GYcHAqPIPI65S7fd4K1cJMSXhAAAAAGACEgAMJQAAAgQEgAAA"} -02251{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718206570249,"flow_dst_last_pkt_time":1536718206634864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1623,"flow_dst_tot_l4_payload_len":1739,"midstream":0,"thread_ts_usec":1536718206634864,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1252,"avg":9910454.0,"max":60155801,"stddev":20689402.0,"var":428051338887168.0,"ent":2.7,"data": [68635,72232,634362,701888,15937,150934,1314255,1491295,109213,70989,18037,93450,70186,72141,7151,80030,74076,77118,76505,41618,115484,208508,59946855,60155801,60057740,60124304,30586012,30652885,66856,1252,68314]},"pktlen": {"min":40,"avg":147.1,"max":717,"stddev":180.1,"var":32452.7,"ent":4.2,"data": [46,44,46,571,40,717,46,92,40,244,40,100,162,669,46,220,190,220,201,46,332,102,46,46,40,40,46,102,40,46,46,40]},"bins": {"c_to_s": [10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1],"entropies": [4.260394096,4.921897411,4.434307098,6.934753895,4.931686878,7.082575321,4.501398087,5.325510979,4.981687546,6.942802429,4.981687069,5.756309986,6.493349075,7.689117908,4.434307098,6.784736156,6.532172680,6.853400707,6.767163754,4.457919598,7.212311268,5.867391586,4.501398087,4.544876099,5.031687260,5.031687260,4.544876099,5.644305706,5.031687260,4.544876099,4.588354588,5.031687260]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +02249{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718206570249,"flow_dst_last_pkt_time":1536718206634864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1623,"flow_dst_tot_l4_payload_len":1739,"midstream":0,"thread_ts_usec":1536718206634864,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1252,"avg":9910454.0,"max":60155801,"stddev":20689402.0,"var":428051338887168.0,"ent":2.7,"data": [68635,72232,634362,701888,15937,150934,1314255,1491295,109213,70989,18037,93450,70186,72141,7151,80030,74076,77118,76505,41618,115484,208508,59946855,60155801,60057740,60124304,30586012,30652885,66856,1252,68314]},"pktlen": {"min":40,"avg":147.1,"max":717,"stddev":180.1,"var":32452.7,"ent":4.2,"data": [46,44,46,571,40,717,46,92,40,244,40,100,162,669,46,220,190,220,201,46,332,102,46,46,40,40,46,102,40,46,46,40]},"bins": {"c_to_s": [10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1],"entropies": [4.260394096,4.921897411,4.434307098,6.934753895,4.931686878,7.082575321,4.501398087,5.325510979,4.981687546,6.942802429,4.981687069,5.756309986,6.493349075,7.689117908,4.434307098,6.784736156,6.532172680,6.853400707,6.767163754,4.457919598,7.212311268,5.867391586,4.501398087,4.544876099,5.031687260,5.031687260,4.544876099,5.644305706,5.031687260,4.544876099,4.588354588,5.031687260]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1536718206572751,"flow_dst_last_pkt_time":1536718206638073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1536718206638073,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93jm8XvxCTEl4mASaQNQ+QAAAgQFtA=="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1536718206640512,"flow_dst_last_pkt_time":1536718206638073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536718206640512,"pkt":"AJD7JidrGLQwJjRACABFAAAoMLgAAP8GYcTAqPIPI65S7fd4K1cJMSXi5vF78lAQEgC\/uQAAAAAAAAAA"} 01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1536718207278052,"flow_dst_last_pkt_time":1536718206638073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_usec":1536718207278052,"pkt":"AJD7JidrGLQwJjRACABFAAI8MLkAAP8GX6\/AqPIPI65S7fd4K1cJMSXi5vF78lAYEgClVwAAEgIAExwDAAA2nicAADC0GAMAAAACMLQYEQq0BgQAAACBAAA5+ABtAAEAWiMlAFoj\/SgEKMFgOzjFAh2bh\/+MYHUU4BopBLCfWX8Y6psPgM4bRtkKZmsD1xhimK8uxopO+FeZ2babDK3JimOVBwA1ATABCGRioUb7JdsYJAIENwMnEwIAAADuMLQYGCYEvBKUGiYFvF68LTcGJxE2nicAADC0GBgkBwImCCUAWiMwCjkEJgNHeyfLyn8+Y4Q3KJESv6T1UZ7ximwyz0BZXSER6iqTRHr3ZzL\/QcomumvZXRQgQXcoi+vhk5Y1gykBGDWCKQEkAgUYNYQpATYCBAIEARgYNYEwAghG1Bj5qiAzNBg1gDACCE3B2i1iGUvgGDUMMAEdAIXDdHE3JrfWlel2eYaefOia8kf6YmRIxz7Xgq0wAh0Aqggyqhbk0\/a8FDNnwqqs7hWaOpuNhfC6EutljBgYGNUAAA4AAQAlAFojJAEFJAILJQMykCwEEDA1Q0EwMkFDNDQxNDAyOEYwBQgYtDAAACeeNjAGBhi0MCYAACwHCU5FU1QtOUUzNicKNp4nAAAwtBgnC4vxg94wk5+2LAkIMy4xLjRyYzMkDAEpZRiVCAAwAR0Akak\/+AWH18YGRw9lz94nM4pXoxLRu1AjxRwmojACHQC3kxLByOkWUHoVXcemERLIQ7+TSpCStfrsxdOGGA=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1536718207278052,"flow_dst_last_pkt_time":1536718207347887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536718207347887,"pkt":"GLQwJjRAAJD7JidrCABFAAAofmlAAC0GphMjrlLtwKjyDytX93jm8XvyCTEn9lAQbOBixQAA"} -00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536718208745973,"flow_dst_last_pkt_time":1536718207366595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1536718208745973,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536718208745973,"flow_dst_last_pkt_time":1536718207366595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1536718208745973,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536718209313555,"flow_src_last_pkt_time":1536718209313555,"flow_dst_last_pkt_time":1536718209313555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536718209313555,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1536718209313555,"flow_dst_last_pkt_time":1536718209313555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1536718209313555,"pkt":"AJD7JidrGLQwJjRACABFAAAsMMIAAP8GGdvAqPIPI7yauvd5K1cJPKL3AAAAAGACEgBHJwAAAgQEgAAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1536718209313555,"flow_dst_last_pkt_time":1536718209383517,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1536718209383517,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93le92HNCTyi+GASbvAoVQAAAgQFjA=="} @@ -156,15 +156,15 @@ 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":886,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718272046675,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1536718202984094,"flow_src_last_pkt_time":1536718206546300,"flow_dst_last_pkt_time":1536718206542604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":679,"flow_src_tot_l4_payload_len":7843,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1536718332214337,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1536718209313555,"flow_src_last_pkt_time":1536718211968199,"flow_dst_last_pkt_time":1536718211965770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1413,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1536718332214337,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718206570249,"flow_dst_last_pkt_time":1536718206634864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1623,"flow_dst_tot_l4_payload_len":1739,"midstream":0,"thread_ts_usec":1536718332214337,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718206570249,"flow_dst_last_pkt_time":1536718206634864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1623,"flow_dst_tot_l4_payload_len":1739,"midstream":0,"thread_ts_usec":1536718332214337,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718332214337,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536718392321066,"flow_dst_last_pkt_time":1536718332214337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536718392321066,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4658,"avg":10044835.0,"max":60173109,"stddev":21953530.0,"var":481957439864832.0,"ent":2.6,"data": [65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330]},"pktlen": {"min":40,"avg":162.2,"max":716,"stddev":185.8,"var":34529.8,"ent":4.3,"data": [46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0],"entropies": [4.347350597,4.967352390,4.434307098,6.920494080,4.981687546,7.105970383,4.544876099,5.378740311,4.881687164,7.440455914,4.812814713,5.615177631,6.437895298,7.618911266,4.434307098,6.860777378,6.737969398,6.892507076,6.603207111,6.959574699,6.884947777,4.457919598,7.273610592,5.848325729,4.414441586,4.501398087,4.831686974,4.544876099,4.881687164,4.501398087,4.881687164,4.544876099]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +02252{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536718392321066,"flow_dst_last_pkt_time":1536718332214337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536718392321066,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4658,"avg":10044835.0,"max":60173109,"stddev":21953530.0,"var":481957439864832.0,"ent":2.6,"data": [65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330]},"pktlen": {"min":40,"avg":162.2,"max":716,"stddev":185.8,"var":34529.8,"ent":4.3,"data": [46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0],"entropies": [4.347350597,4.967352390,4.434307098,6.920494080,4.981687546,7.105970383,4.544876099,5.378740311,4.881687164,7.440455914,4.812814713,5.615177631,6.437895298,7.618911266,4.434307098,6.860777378,6.737969398,6.892507076,6.603207111,6.959574699,6.884947777,4.457919598,7.273610592,5.848325729,4.414441586,4.501398087,4.831686974,4.544876099,4.881687164,4.501398087,4.881687164,4.544876099]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718392405835,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":900,"packets-processed":713,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":163,"global_ts_usec":1536718512170528} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":950,"packets-processed":743,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1536719113902134} -00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1000,"packets-processed":773,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":165,"global_ts_usec":1536719715232392} -00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":46,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536719715232392,"flow_dst_last_pkt_time":1536719655557559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536719715232392,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1000,"packets-processed":774,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":4,"total-updates":8,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":167,"global_ts_usec":1536719715232392} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":900,"packets-processed":713,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":163,"global_ts_usec":1536718512170528} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":950,"packets-processed":743,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1536719113902134} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1000,"packets-processed":773,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":165,"global_ts_usec":1536719715232392} +00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":46,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536719715232392,"flow_dst_last_pkt_time":1536719655557559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536719715232392,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1000,"packets-processed":774,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":4,"total-updates":8,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":167,"global_ts_usec":1536719715232392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/774 ~~ skipped flows.............: 0 @@ -173,10 +173,10 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8731612 bytes -~~ total memory freed........: 8731612 bytes -~~ total allocations/frees...: 141514/141514 +~~ total memory allocated....: 9496498 bytes +~~ total memory freed........: 9496498 bytes +~~ total allocations/frees...: 155480/155480 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars -~~ json message max len.......: 2263 chars -~~ json message avg len.......: 1400 chars +~~ json message max len.......: 2261 chars +~~ json message avg len.......: 1399 chars diff --git a/test/results/default/netbios.pcap.out b/test/results/default/netbios.pcap.out index 67cbe1426..73823eada 100644 --- a/test/results/default/netbios.pcap.out +++ b/test/results/default/netbios.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1447772210350540} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1447772210350540} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772210350540,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="} 00968{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"xstream_hy","domainame":"xstream_hy"}} @@ -66,7 +66,7 @@ 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772261156213,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1447772221882535,"flow_src_last_pkt_time":1447772239929129,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"muli"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":261,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":5,"current-active-flows":15,"total-active-flows":15,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1645514718788263} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":261,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":5,"current-active-flows":15,"total-active-flows":15,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1645514718788263} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","vlan_id":2308,"flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_usec":1645514718788263,"pkt":"AAAAAAAAAA8AAAAIgQAJBAgARQAAcA92QAB7BiK1ChNHuAoRcYHYwQCLJGKEaMHxGvdQGAEALEoAAIEAAEQgRUpFQ0VKRUdFSUZCREJEQkZIRkREQURDRERDQUNBQ0EAIEZDRVBGREVHRUlGQkRBREhGSEZEREFEQURFQ0FDQUFBAA=="} 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":""}} @@ -87,7 +87,7 @@ 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772251795162,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13799,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1645514718788263} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13799,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1645514718788263} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 261/261 ~~ skipped flows.............: 0 @@ -96,9 +96,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8690719 bytes -~~ total memory freed........: 8690719 bytes -~~ total allocations/frees...: 140950/140950 +~~ total memory allocated....: 9455573 bytes +~~ total memory freed........: 9455573 bytes +~~ total allocations/frees...: 154916/154916 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2230 chars diff --git a/test/results/default/netbios_wildcard_dns_query.pcap.out b/test/results/default/netbios_wildcard_dns_query.pcap.out index ce6cae037..efd6f2e91 100644 --- a/test/results/default/netbios_wildcard_dns_query.pcap.out +++ b/test/results/default/netbios_wildcard_dns_query.pcap.out @@ -1,10 +1,10 @@ -00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597866040493657} +00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597866040493657} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1597866040493657,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} 01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","domainame":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1597866040493657} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1597866040493657} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644843 bytes -~~ total memory freed........: 8644843 bytes -~~ total allocations/frees...: 140533/140533 +~~ total memory allocated....: 9409217 bytes +~~ total memory freed........: 9409217 bytes +~~ total allocations/frees...: 154499/154499 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 599 chars ~~ json message max len.......: 1134 chars diff --git a/test/results/default/netease_games.pcapng.out b/test/results/default/netease_games.pcapng.out index 4effde0ad..8fe5a1d79 100644 --- a/test/results/default/netease_games.pcapng.out +++ b/test/results/default/netease_games.pcapng.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1709433506952336} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1709433506952336} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433506952336,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1709433506952336,"pkt":"SKmKCiNt8C90rUP1CABFAABJMA1AAEARPKvAqFjnrBEIS8DhADUANc4y4I0BAAABAAAAAAAAC2RhdGEtZGV0ZWN0A25pZQdlYXNlYmFyA2NvbQAAAQAB"} 01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433506952336,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -13,17 +13,17 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1709433507070792,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1709433507351478,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAAO8GB4UjSUdewKhY5wG7xOIKaGYq1g0Eo6ASaN\/PXAAAAgQFoAQCCApB0ruuKdlSUQEDAww="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1709433507351502,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1709433507351502,"pkt":"SKmKCiNt8C90rUP1CABFAAA0+9VAAEAGurfAqFjnI0lHXsTiAbvWDQSjCmhmK4AQAPuEXQAAAQEICinZU2pB0ruu"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1709433507351873,"pkt":"SKmKCiNt8C90rUP1CABFAAI5+9ZAAEAGuLHAqFjnI0lHXsTiAbvWDQSjCmhmK4AYAPuGYgAAAQEICinZU2pB0ruuFgMBAgABAAH8AwPBdm3KPGzDPK22YgFlBXUjthtpiGGA5rsCuXWMw+VqOgAAeMAwwCzAKMAkwBTACgCjAJ8AawBqADkAOACIAIfAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCiAJ4AZwBAADMAMgCaAJkARQBEwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABPADcADAAoA\/wEAAVsAAAAgAB4AABtkYXRhLWRldGVjdC5uaWUuZWFzZWJhci5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433507351873,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433507351873,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1709433507632515,"pkt":"8C90rUP1SKmKCiNtCABFAAA06wpAAO8GHIIjSUdewKhY5wG7xOIKaGYr1g0GqIAQAAdiugAAAQEICkHSvMgp2VNq"} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1709433507632845,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1017,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1709434482083790} +01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1709433507632845,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1017,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1709434482083790} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709434482083790,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1709434482083790,"pkt":"SKmKCiNt8C90rUP1CABFAAAodiIAAEAR+AnAqFjnI\/bPE90MEaEAFAy\/AbXQAREqPQMAAQEB"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709434482083790,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1709434482120278,"pkt":"8C90rUP1SKmKCiNtCABFAAAo5LVAADsRTnYj9s8TwKhY5xGh3QwAFIL5ARTTAREqPQNIQRcBAAAAAAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1709434482121282,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1709434482121282,"pkt":"SKmKCiNt8C90rUP1CABFAAAodicAAEAR+ATAqFjnI\/bPE90MEaEAFAy\/AhbRAhIpPgBLQhQC"} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952340,"flow_dst_last_pkt_time":1709433507015335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":157,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":1709434482121282,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"data-detect.nie.easebar.com"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1053,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1709581314209472} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1053,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1709581314209472} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709581314209472,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1709581314209472,"pkt":"SKmKCiNt8C90rUP1CABFAAA6RO0AAEAR14HAqFjnI+Qg0aBQEEoAJl58s6+N6P8Aclc1XFxuZmNxakkvVFpnY3R0VVN6aUIr"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709581314209472,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -37,9 +37,9 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1709581314252567,"flow_dst_last_pkt_time":1709581314252567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1709581314252567,"pkt":"8C90rUP1SKmKCiNtCABFAABEJe1AADsRkkUijUtawKhY524r5kcAMK8ZBwgIDFPaFgkAAAABAAB+BAADAABSAIAAqokAAAAAAAABAAAAAAAAAA=="} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1709581314252567,"flow_src_last_pkt_time":1709581314252567,"flow_dst_last_pkt_time":1709581314252567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":97,"flow_dst_max_l4_payload_len":290,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":330,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"34.141.75.90","src_port":58951,"dst_port":28203,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482121282,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314252567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1709581314252567} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1709581314252567} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -48,10 +48,10 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659238 bytes -~~ total memory freed........: 8659238 bytes -~~ total allocations/frees...: 140599/140599 +~~ total memory allocated....: 9423740 bytes +~~ total memory freed........: 9423740 bytes +~~ total allocations/frees...: 154565/154565 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars -~~ json message max len.......: 1372 chars -~~ json message avg len.......: 955 chars +~~ json message max len.......: 1370 chars +~~ json message avg len.......: 954 chars diff --git a/test/results/default/netflix.pcap.out b/test/results/default/netflix.pcap.out index 853bf0264..1fefe0814 100644 --- a/test/results/default/netflix.pcap.out +++ b/test/results/default/netflix.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484319030789585} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484319030789585} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319030789585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319030789585,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032865799,"flow_dst_last_pkt_time":1484319032865799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032865799,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -22,53 +22,53 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032888907,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319032934932,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z3E0MsEbiRiohKASReqX9AAAAgQFtAQCCAqFp0\/bH2S4KwEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1484319032937482,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032937482,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mxZAAEAG2sfAqAEHNkXM8c9xAbuJGKiENDLBHIAQEBX8aAAAAQEICh9kuFmFp0\/b"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319032938079,"pkt":"gCqoTGHM5JjWH70UCABFAAEElg9AAEAG3v7AqAEHNkXM8c9xAbuJGKiENDLBHIAYEBXrWQAAAQEICh9kuFqFp0\/bFgMBAMsBAADHAwNYeOk4DbsWWYY8cJvWjkCo5DadBeFv01+sAqDDmGng8gAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAeAAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQABsAGQhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032938079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032938079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032896759,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319032943560,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z3pSqS+duzQzMqASOJAFFAAAAgQFtAQCCAqtijmlH2S4MgEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1484319032944993,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032944993,"pkt":"gCqoTGHM5JjWH70UCABFAAA0cYhAAEAGv5rAqAEHNr8RM896Abu7NDMyUqkvnoAQEBVcLgAAAQEICh9kuGCtijml"} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319032959853,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KnhAAEAGBKbAqAEHNr8RM896Abu7NDMyUqkvnoAYEBUG0wAAAQEICh9kuG6tijmlFgMBAgABAAH8AwPIzq7iU2TICMXjbnaJ8nYAFVnlxMLpFZucgYzvL7X8EAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032959853,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032959853,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319032984566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032984566,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319032984566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319032984566,"pkt":"gCqoTGHM5JjWH70UCABFAABAh8JAAEAG+QHAqAEHNCDEJM97AbvHy0puAAAAALAC\/\/\/BrQAAAgQFtAEDAwUBAQgKH2S4hgAAAAAEAgAA"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319032986624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032986624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319032986624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319032986624,"pkt":"gCqoTGHM5JjWH70UCABFAABAdf5AAEAGCsbAqAEHNCDEJM98AbvweU0rAAAAALAC\/\/+WPwAAAgQFtAEDAwUBAQgKH2S4iAAAAAAEAgAA"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032988935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032988935,"pkt":"5JjWH70UgCqoTGHMCABFIAA0jvtAACkG\/cI2RczxwKgBBwG7z3E0MsEciRipVIAQAEsLVQAAAQEICoWnT+gfZLha"} -01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032990546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319032990546,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032991535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319032991535,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032990546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319032990546,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01684{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032991535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319032991535,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033007001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033007001,"pkt":"5JjWH70UgCqoTGHMCABFIAA0Fi9AACkGMdQ2vxEzwKgBBwG7z3pSqS+euzQ1N4AQAD1p4wAAAQEICq2KObUfZLhu"} -01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033008803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033008803,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01684{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033017833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319033017833,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033008803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033008803,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01682{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033017833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319033017833,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033029291,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGl6g0IMQkwKgBBwG7z3ve3c1cx8tKb6ASRepkbwAAAgQFtAQCCAq2m8VuH2S4hgEDAwg="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033032121,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z3xLWYWT8HlNLKASReoUTgAAAgQFtAQCCAq2m8VvH2S4iAEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033032720,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033032720,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rMBAAEAG1A\/AqAEHNCDEJM97AbvHy0pv3t3NXYAQEBXI5wAAAQEICh9kuLC2m8Vu"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"thread_ts_usec":1484319033033170,"pkt":"gCqoTGHM5JjWH70UCABFAAEc3y1AAEAGoLrAqAEHNCDEJM97AbvHy0pv3t3NXYAYEBXi\/gAAAQEICh9kuLK2m8VuFgMBAOMBAADfAwNYeOk5dpq52Q92jK0dByt7moyBAevty9H6iponk2lhXQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAkAAAABsAGQAAFmFwaS1nbG9iYWwubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033033170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033033170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033038452,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033038452,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iIJAAEAG+E3AqAEHNCDEJM98AbvweU0sS1mFlIAQEBV4xgAAAQEICh9kuLK2m8Vv"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"thread_ts_usec":1484319033038729,"pkt":"gCqoTGHM5JjWH70UCABFAAEcC4pAAEAGdF7AqAEHNCDEJM98AbvweU0sS1mFlIAYEBVXdAAAAQEICh9kuLS2m8VvFgMBAOMBAADfAwNYeOk5CCoWDbSK0ezQ7KNuUeOfkDpWv85W1iHK1VuIfQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAkAAAABsAGQAAFmFwaS1nbG9iYWwubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033038729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033038729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033084527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033084527,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CCZAACkGj4o0IMQkwKgBBwG7z3ve3c1dx8tLV4AQAEvXuQAAAQEICrabxXwfZLiy"} -01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033086430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033086430,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033087423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033087423,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033086430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033086430,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033087423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033087423,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033098473,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QOhAACoGVcg0IMQkwKgBBwG7z3xLWYWU8HlOFIAQAEuHmAAAAQEICrabxX0fZLi0"} -01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033098983,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033112752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033112752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033098983,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033112752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033112752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033206431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033206431,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033206431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319033206431,"pkt":"gCqoTGHM5JjWH70UCABFAABAagpAAEAGFrrAqAEHNCDEJM99AbszkZRgAAAAALAC\/\/8LKQAAAgQFtAEDAwUBAQgKH2S5UQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033258390,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z33SmoRGM5GUYaASReoDCgAAAgQFtAQCCAq2m8WoH2S5UQEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033259678,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033259678,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319033261891,"pkt":"gCqoTGHM5JjWH70UCABFAAEEjf5AAEAG8gHAqAEHNCDEJM99AbszkZRh0pqER4AYEBXfdQAAAQEICh9kuYe2m8WoFgMBAMsBAADHAwNYeOk5L\/hvHF8lhL712a\/A3K+7eM0TUzNDC5BydZXwIiBWLEL7mQRMMcaBC1F+lWnOx+fqhp3XmUAyc5sg8zTJFwAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033261891,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033261891,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033311591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033311591,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QfNAACoGVL00IMQkwKgBBwG7z33SmoRHM5GVMYAQAEt2YwAAAQEICrabxbUfZLmH"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033312558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319033312558,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319033506287,"flow_dst_last_pkt_time":1484319033504279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5139,"midstream":0,"thread_ts_usec":1484319033506287,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":39766.2,"max":363670,"stddev":81851.3,"var":6699630080.0,"ent":3.2,"data": [46025,48575,597,54003,1611,989,54938,11050,13463,9437,301,377,58747,4648,50832,1878,237,59545,562,62143,8477,4734,310931,590,363670,5842,131,72,58058,152,137]},"pktlen": {"min":52,"avg":265.2,"max":1500,"stddev":396.8,"var":157454.8,"ent":3.9,"data": [64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.566831589,5.323234081,5.131024837,5.723237514,5.246409416,7.251158237,7.324303627,5.131024837,6.880544662,5.169486523,6.374709129,5.113821983,6.051860332,5.246409416,5.890006065,5.169486523,7.472100735,7.415780067,5.176993370,7.832669258,5.131024837,6.117320061,5.131024361,7.427300930,7.397639751,5.246409416,7.802502632,6.080207348,5.833016396,5.207947731,5.207947731,5.131024361]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033312558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319033312558,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319033506287,"flow_dst_last_pkt_time":1484319033504279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5139,"midstream":0,"thread_ts_usec":1484319033506287,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":39766.2,"max":363670,"stddev":81851.3,"var":6699630080.0,"ent":3.2,"data": [46025,48575,597,54003,1611,989,54938,11050,13463,9437,301,377,58747,4648,50832,1878,237,59545,562,62143,8477,4734,310931,590,363670,5842,131,72,58058,152,137]},"pktlen": {"min":52,"avg":265.2,"max":1500,"stddev":396.8,"var":157454.8,"ent":3.9,"data": [64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.566831589,5.323234081,5.131024837,5.723237514,5.246409416,7.251158237,7.324303627,5.131024837,6.880544662,5.169486523,6.374709129,5.113821983,6.051860332,5.246409416,5.890006065,5.169486523,7.472100735,7.415780067,5.176993370,7.832669258,5.131024837,6.117320061,5.131024361,7.427300930,7.397639751,5.246409416,7.802502632,6.080207348,5.833016396,5.207947731,5.207947731,5.131024361]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033631945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033631945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033631945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319033631945,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033678956,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGi7Y2RczxwKgBBwG7z36\/HDHnz76qQaASRepQUQAAAgQFtAQCCAqFp1CVH2S67gEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033680304,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033680304,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/p1AAEAGd0DAqAEHNkXM8c9+AbvPvqpBvxwx6IAQEBW0wwAAAQEICh9kux6Fp1CV"} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319033681980,"pkt":"gCqoTGHM5JjWH70UCABFAAEZsrxAAEAGwjzAqAEHNkXM8c9+AbvPvqpBvxwx6IAYEBWxNAAAAQEICh9kux+Fp1CVFgMBAOABAADcAwNYeOk5uUi+rD99Z+Le1911L3kiB9I95LIt9NFo8L\/pTgAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033681980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033681980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033732036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033732036,"pkt":"5JjWH70UgCqoTGHMCABFIAA0YUhAACoGKnY2RczxwKgBBwG7z36\/HDHoz76rJoAQAEvDmgAAAQEICoWnUKIfZLsf"} -01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033734598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033734598,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033735587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033735587,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033734598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033734598,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033735587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033735587,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033886061,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319033886061,"pkt":"AQBef\/\/65JjWH70UCABFAACWfwIAAAERiKvAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033886061,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250","domainame":"239.255.255.250","ssdp": {"METHOD":"M-SEARCH","MAN":"\"ssdp:discover\"","MX":"2","ST":": urn:mdx-netflix-com:service:target:0"}}} @@ -78,10 +78,10 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033990083,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033990083,"pkt":"gCqoTGHM5JjWH70UCABFAAA0N8lAAEAGPhXAqAEHNkXM8c9\/Abtb3TwXSCXhKoAQEBVdDAAAAQEICh9kvEiFp1Di"} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033993988,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1484319033993988,"pkt":"AQBef\/\/65JjWH70UCABFAACZ8KEAAAERFwnAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319033997529,"pkt":"gCqoTGHM5JjWH70UCABFAAEZ\/SBAAEAGd9jAqAEHNkXM8c9\/Abtb3TwXSCXhKoAYEBWh7QAAAQEICh9kvE+Fp1DiFgMBAOABAADcAwNYeOk6Kk2knMSNhioRrvxRb2utqcQBAlus3bTpE7nGoQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033997529,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033997529,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034046936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319034046936,"pkt":"5JjWH70UgCqoTGHMCABFIAA0scVAACkG2vg2RczxwKgBBwG7z39IJeEqW908\/IAQAEtr2wAAAQEICoWnUPEfZLxP"} -01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034048780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319034048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034049759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319034049759,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034048780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319034048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034049759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319034049759,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00740{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319034890998,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_usec":1484319034890998,"pkt":"AQBef\/\/65JjWH70UCABGAAAgKLUAAAECSnnAqAEH7\/\/\/+pQEAAAWAPoE7\/\/\/+gAAAAAAAAAAAAAAAAAA"} 00889{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319034890998,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -99,24 +99,24 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1484319035080111,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319035130944,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGNAk0WSeLwKgBBwG7z40HBfk7mRgRP6ASReoSOAAAAgQFtAQCCAqtiMj8H2TAbgEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035132214,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035132214,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YNFAAEAGvF\/AqAEHNFkni8+NAbuZGBE\/BwX5PIAQEBV2pwAAAQEICh9kwKGtiMj8"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035134770,"pkt":"gCqoTGHM5JjWH70UCABFAAEEsStAAEAGazXAqAEHNFkni8+MAbsc0sO15elB0YAYEBWGUAAAAQEICh9kwKOtiMj8FgMBAMsBAADHAwNYeOk76erORdznXBXvPSpQVtkmxHNGba3wUCSzaRztoSCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035134770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035134770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035136106,"pkt":"gCqoTGHM5JjWH70UCABFAAEEDNVAAEAGD4zAqAEHNFkni8+NAbuZGBE\/BwX5PIAYEBWJrgAAAQEICh9kwKStiMj8FgMBAMsBAADHAwNYeOk7lPRrg34Uu\/Y+HzZqHJ9SINdd1V+d8fl0kU8rKiCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035136106,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035136106,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035183349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035183349,"pkt":"5JjWH70UgCqoTGHMCABFIAA0iNlAACoGqjc0WSeLwKgBBwG7z4zl6UHRHNLEhYAQAEsn6gAAAQEICq2IyQkfZMCj"} -01350{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035185788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035185788,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035186784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035186784,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035185788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035185788,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01805{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035186784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035186784,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035199804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035199804,"pkt":"5JjWH70UgCqoTGHMCABFIAA0MDRAACkGA900WSeLwKgBBwG7z40HBfk8mRgSD4AQAEuFjwAAAQEICq2IyQsfZMCk"} -01350{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035200353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035200353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035215028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035215028,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035200353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035200353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01805{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035215028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035215028,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035342783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035342783,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035342783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319035342783,"pkt":"gCqoTGHM5JjWH70UCABFAABA3CdAAEAGQP3AqAEHNFkni8+OAbvRf5R9AAAAALAC\/\/8BVgAAAgQFtAEDAwUBAQgKH2TBaAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319035397916,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z47YAyXj0X+UfqASRepXrQAAAgQFtAQCCAqtiMk\/H2TBaAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035399304,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035399304,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035401110,"pkt":"gCqoTGHM5JjWH70UCABFAAEE6LNAAEAGM63AqAEHNFkni8+OAbvRf5R+2AMl5IAYEBVXjgAAAQEICh9kwZ6tiMk\/FgMBAMsBAADHAwNYeOk7vNJQcIWTHxOYmxRdvE73iLawThqSAEUf4RBG+yAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035401110,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035401110,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035449002,"pkt":"5JjWH70UgCqoTGHMCABFIAA07K5AACoGRmI0WSeLwKgBBwG7z47YAyXk0X+VToAQAEvLBgAAAQEICq2IyUwfZMGe"} -01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319035449894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02334{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035720714,"flow_dst_last_pkt_time":1484319035719060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2402,"flow_dst_tot_l4_payload_len":12882,"midstream":0,"thread_ts_usec":1484319035720714,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":143,"avg":41275.9,"max":350146,"stddev":77246.2,"var":5966969856.0,"ent":3.5,"data": [50833,52103,3892,68860,549,14675,80527,16948,16635,16128,355,222,66675,773,50716,3176,284,61420,291182,143,350146,11846,12750,24110,12460,12309,13854,13662,2679,13302,16338]},"pktlen": {"min":52,"avg":530.2,"max":1500,"stddev":630.5,"var":397553.6,"ent":4.0,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0],"entropies": [4.598081589,5.235815525,5.131024837,6.023412704,5.154969215,7.255973339,7.303249359,5.092563152,7.001137733,5.056022167,6.255658627,5.007929802,6.001976490,5.169486523,5.942530632,5.054101467,7.891292572,7.683557510,5.169486523,7.859122753,7.883965492,5.131024837,7.876591682,7.866814137,5.092563152,7.900776386,4.979098797,7.052536488,5.054101467,7.870380402,7.793371201,5.131024361]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319035449894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02332{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035720714,"flow_dst_last_pkt_time":1484319035719060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2402,"flow_dst_tot_l4_payload_len":12882,"midstream":0,"thread_ts_usec":1484319035720714,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":143,"avg":41275.9,"max":350146,"stddev":77246.2,"var":5966969856.0,"ent":3.5,"data": [50833,52103,3892,68860,549,14675,80527,16948,16635,16128,355,222,66675,773,50716,3176,284,61420,291182,143,350146,11846,12750,24110,12460,12309,13854,13662,2679,13302,16338]},"pktlen": {"min":52,"avg":530.2,"max":1500,"stddev":630.5,"var":397553.6,"ent":4.0,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0],"entropies": [4.598081589,5.235815525,5.131024837,6.023412704,5.154969215,7.255973339,7.303249359,5.092563152,7.001137733,5.056022167,6.255658627,5.007929802,6.001976490,5.169486523,5.942530632,5.054101467,7.891292572,7.683557510,5.169486523,7.859122753,7.883965492,5.131024837,7.876591682,7.866814137,5.092563152,7.900776386,4.979098797,7.052536488,5.054101467,7.870380402,7.793371201,5.131024361]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035889509,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319035889509,"pkt":"AQBef\/\/65JjWH70UCABFAACW0KMAAAERNwrAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035997063,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1484319035997063,"pkt":"AQBef\/\/65JjWH70UCABFAACZwp8AAAERRQvAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036827113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036827113,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -129,12 +129,12 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1484319036854344,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319036865722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwGsuNoVmGzwKgBBwG7z5WR\/xaXFztVhKAScSAP4QAAAgQFtAQCCAoCM2vSH2THJwEDAwU="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1484319036868771,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319036868771,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UCJAAEAGXunAqAEHaFZhs8+VAbsXO1WEkf8WmIAQEBWfqAAAAQEICh9kxzUCM2vS"} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1484319036870445,"pkt":"gCqoTGHM5JjWH70UCABFAAEXqU5AAEAGBNrAqAEHaFZhs8+VAbsXO1WEkf8WmIAYEBU64wAAAQEICh9kxzYCM2vSFgMBAN4BAADaAwNYeOk8NZkQnOsfGkUHC3oH4Rk0tFCgXSVuPClH26lOAAAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAiwAAABYAFAAAEWFydC1zLm5mbHhpbWcubmV0AAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAzN0AAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAUABQEAAAAAABIAAAAXAAA="} -01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036870445,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036870445,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036886851,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319036886851,"pkt":"5JjWH70UgCqoTGHMCABFIAA0fX9AADwGNWxoVmGzwKgBBwG7z5WR\/xaYFztWZ4AQA6urGQAAAQEICgIza+cfZMc2"} -01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036889708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319036889708,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01724{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036894463,"flow_dst_last_pkt_time":1484319036900382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1484319036900382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26","blocks":0}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036889708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319036889708,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01725{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036894463,"flow_dst_last_pkt_time":1484319036900382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1484319036900382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26","blocks":0}}} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1484319037897807,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319037897807,"pkt":"AQBef\/\/65JjWH70UCABFAACWcF0AAAERl1DAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} -02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":147,"avg":501615.3,"max":7507819,"stddev":1826252.6,"var":3335198867456.0,"ent":1.4,"data": [49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":520.7,"var":271128.8,"ent":3.8,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474]},"bins": {"c_to_s": [10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1],"entropies": [4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02322{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":147,"avg":501615.3,"max":7507819,"stddev":1826252.6,"var":3335198867456.0,"ent":1.4,"data": [49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":520.7,"var":271128.8,"ent":3.8,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474]},"bins": {"c_to_s": [10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1],"entropies": [4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1484319042988806,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"} 01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"artwork.akam.nflximg.net","domainame":"artwork.akam.nflximg.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -149,9 +149,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043041595,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043041595,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043042140,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043042140,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1484319043068353,"pkt":"gCqoTGHM5JjWH70UCABFAAEq43RAAEAGEHfAqAEHuBnMGc+cAFC2IFmDcAwqOIAYEBUNzAAAAQEICh9k3rv\/\/DsdR0VUIC9hZjdhNS8zNjI2NDM0MjRlNzc1ZDAzOTNkZGI0NmUxNDVjMjM3NTM2N2FmN2E1LndlYnAgSFRUUC8xLjENCkhvc3Q6IGFydC0yLm5mbHhpbWcubmV0DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUztxPTENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85LjEuMCAoaVBob25lOyBpT1MgMTAuMjsgU2NhbGUvMi4wMCkNCg0K"} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043068353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043068353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319043078953,"pkt":"gCqoTGHM5JjWH70UCABFAAEp\/qdAAEAG9UTAqAEHuBnMGc+dAFDU44WS0JNnRYAYEBWe1gAAAQEICh9k3rz\/\/DsiR0VUIC81NzU4Yy9iYjYzNmU0NGI4N2VmODU0YzMzMWVkN2I3YjZlMTU3ZTQ5NDU3NThjLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043078953,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043078953,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043092808,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043092808,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EWZAADwG51u4GcwZwKgBBwBQz5xwDCo4tiBaeYAQA6t46QAAAQEICv\/8O14fZN67"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043106058,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043106058,"pkt":"5JjWH70UgCqoTGHMCABFIAA0XCxAADwGnJW4GcwZwKgBBwBQz53Qk2dF1OOGh4AQA6uQdgAAAQEICv\/8O2kfZN68"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043665565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043665565,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -159,7 +159,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043688511,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043689999,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043689999,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319043691581,"pkt":"gCqoTGHM5JjWH70UCABFAAEpIqVAAEAG0UfAqAEHuBnMGc+eAFByPGEI7uw0L4AYEBW0VgAAAQEICh9k4SL\/\/D2rR0VUIC84N2IzMy9iZWQxMjIzYTAwNDBmZGM5N2JhYzRlOTA2MzMyZTQ2MmM2ZTg3YjMzLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043691581,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043691581,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043731268,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043731268,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CfxAADwG7sW4GcwZwKgBBwBQz57u7DQvcjxh\/YAQA6snlAAAAQEICv\/8PdMfZOEi"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484319044993872,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048757894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -172,15 +172,15 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319048824981,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1484319048826457,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319048826457,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"} 00967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1484319048830359,"pkt":"gCqoTGHM5JjWH70UCABFAAFtxNtAAEAGvLLAqAEHNsm\/hM+fAFA6e8d7bYFvxoAYEBUtNAAAAQEICh9k9LRXXrqDUE9TVCAvYXBwYm9vdC9ORkFQUEwtMDItIEhUVFAvMS4xDQpIb3N0OiBhcHBib290Lm5ldGZsaXguY29tDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpYLU5ldGZsaXguQVBJQWN0aW9uOiBhcHBib290DQpDb250ZW50LUxlbmd0aDogMjI5OQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQoNCg=="} -01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048830359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com","domainame":"appboot.netflix.com","http": {"url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048830359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com","domainame":"appboot.netflix.com","http": {"url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1484319048841019,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1484319048841019,"pkt":"gCqoTGHM5JjWH70UCABFAAXc5GhAAEAGmLbAqAEHNsm\/hM+fAFA6e8i0bYFvxoAQEBWdRQAAAQEICh9k9LVXXrqDeyJlbnRpdHlhdXRoZGF0YSI6eyJhdXRoZGF0YSI6eyJpZGVudGl0eSI6Ik5GQVBQTC0wMi1JUEhPTkU2PTEtODc1OUZDM0NFMDgzNjA2M0MyMTA3RDZBMDM1QUY3M0QyMzU2NzlBQ0Q2OUNBOTg4N0JGNjQ1NzBFQTJERkQ5OCJ9LCJzY2hlbWUiOiJNR0sifSwiaGVhZGVyZGF0YSI6ImV5SmphWEJvWlhKMFpYaDBJam9pVUVkVlp6Rk1OazE0TldkVlpXeDRhM2QxU2tkRFpUSmxObFY2Y0N0NUswWjNkVU41WVVKbVJHTnllblZZTVdkTldXcENTVEJ2U2xWVFRUVXZOamM0UldGcWJXVTRUelY0U21oQ01ubE9PWGcwTTJaTlQwNVJSRUkxYzAwME9IUlBRbU5KU2xab1dFWktORFl4TlZsclNsZGtlRVZaVFhSblNVcGtVVm9yWmtaMWQxcHpjek5JTTFJeFREYzRjWGcxU2s5d09IZFVORGRZWjFJMFIyb3lWVVJGZUZObVozRk9TalkwVHpKSE9IRktSVFJaYldGUmFGVnZkbTB4VGxremEyTnVPU3QyVnpGT0t6QjZVR1p1V2pCR1kwdEpSbkZSYjBKVmJDdGlWSFJaTms5dE55dDBRV3cxYUd0SE4xaFNVak5oUldsYVltSm5kMmMyUlhVd1JteHBSSHB2U0U5WFlYVmlkRGdyUmtnMlYyb3phWHBDYVc5bVYwRmhTREI0VkRJNGRuSkJXbW8zTlRsM1dHZHhWamhVVDFndmNFRXZObWtyZEZoSWQwOVpPVlZHUW14UVkxVlRaSFZXU3l0VWQzSTNVMGRqVVRkT1owZE1lRVp5YjFoQ1dHbzRibEl6ZVRGbFYzZHhVMlJVTm0xWllWUkJSbEZRVG1GaGVETmpiM0pSVGxoUFl6ZEtNbVV6VTJwdGVrbElhRlJ6YTBacldsSlNZa1p6ZWxCSFRFNWhMMVZZYnpGWWRtdGxjRnBhWTBzNFEyNHpaVzVCYlVGdk5EWjRMM1ZDYWxoUU5qZFFlR3RpVWtjMmJVOVJSMDlIVVdsSlZqSlRWbHBWTDFkS1NEUk1TbXRyZG1Wd2QwUXZhRmc0ZURKaFVFeDBRVkZPVDFBMVFtNUdiR2d4WmpOWVlVbG1OWG95U0VkRFFUTjVOMDVoYUVaNVZFWjZkV3RhU2tSYVZHc3pSME5KV21wamJrVkNkekJXZUZsbFVETjJhVWh3UzBwT1JTdHhiMWhFVFROb2VFMXdNalIwV25kRk0xbHdSSE42WTA5bWRIWlNOMnMxVTFoalVFZFFjV3ROY1c5YVIyVkNkM2hrVkRCWlNXVnlhR0ZFVEhsRFltRnROa3htTkhKTWVrbFdVbFZhU3pWYVpHWjFSbWMwY1d4dE9VRTlQU0lzSW1sMklqb2laWEZvVFZaak5VaFFiV1ZSZFZSUFYxZHJZemwxZHowOUlpd2lhMlY1YVdRaU9pSk9Sa0ZRVUV3dE1ESXRTVkJJVDA1Rk5qMHhMVGczTlRsR1F6TkRSVEE0TXpZd05qTkRNakV3TjBRMlFUQXpOVUZHTnpORU1qTTFOamM1UVVORU5qbERRVGs0T0RkQ1JqWTBOVGN3UlVFeVJFWkVPVGdpTENKemFHRXlOVFlpT2lKQlFUMDlJbjA9Iiwic2lnbmF0dXJlIjoieWZ5ZkVRQjVpTjVkeCttb1YyU0FhWnliK1NLMDdPVDVjazhPNE9VdjlZWT0ifXsicGF5bG9hZCI6ImV5SmphWEJvWlhKMFpYaDBJam9pUWpSS056SjFXRzQ1VUhRNVJqUmtRbk5ETUhsWVdWVlVRV3hYUVZwb1ptOURURWRETmpWMmJEaFNhbXhhTVZOUGMycDVhVGwwTmxaNVJsVXlNVUZOTWxOVGRVMVlWVXQ="} -02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319049236027,"flow_dst_last_pkt_time":1484319049229808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":21687,"midstream":0,"thread_ts_usec":1484319049236027,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":29165.1,"max":187154,"stddev":42322.7,"var":1791214592.0,"ent":4.0,"data": [44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463]},"pktlen": {"min":52,"avg":812.3,"max":1500,"stddev":674.9,"var":455511.9,"ent":4.4,"data": [64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0],"entropies": [4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com"}} +02248{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319049236027,"flow_dst_last_pkt_time":1484319049229808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":21687,"midstream":0,"thread_ts_usec":1484319049236027,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":29165.1,"max":187154,"stddev":42322.7,"var":1791214592.0,"ent":4.0,"data": [44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463]},"pktlen": {"min":52,"avg":812.3,"max":1500,"stddev":674.9,"var":455511.9,"ent":4.4,"data": [64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0],"entropies": [4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com"}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049465573,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049465573,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049510947,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049516159,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049516159,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"} 01415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":715,"pkt_l4_len":681,"thread_ts_usec":1484319049518619,"pkt":"gCqoTGHM5JjWH70UCABFAAK9sclAAEAGaN7AqAEHNFkni8+gAFCVL\/Ajgv2MUYAYEBXtIwAAAQEICh9k91StiNcHUE9TVCAvbXNsL25yZGpzLzIuMS4yIEhUVFAvMS4xDQpIb3N0OiBhcGktZ2xvYmFsLm5ldGZsaXguY29tDQpYLUdpYmJvbi1DYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXB0OiAqLyoNClgtTmV0ZmxpeC5yZXF1ZXN0LmV4cGlyeS50aW1lb3V0OiAxNTAwMA0KWC1BbGxvd0NvbXByZXNzaW9uOiBmYWxzZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KWC1OZXRmbGl4LnJlcXVlc3QuYXR0ZW1wdDogMQ0KQ29udGVudC1MZW5ndGg6IDg0MTYNClgtQ2xpZW50LVJlcXVlc3QtSWQ6IDE4NDQ2MzU2MTMzMDg2MjYxNjEyDQpVc2VyLUFnZW50OiBBcmdvLzkwMCBDRk5ldHdvcmsvODA4LjIuMTYgRGFyd2luLzE2LjMuMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ29va2llOiBtZW1jbGlkPTcwMWFkMzEyLTQ4MDEtNDdlNy1hYzAwLWNiMzdhZTJmNGFmZjsgbmZ2ZGlkPUJRRm1BQUVCRUpYJTJGOEFodHlLbFRicmt0TUhUSWRITkFYbUJNMFpuUEY2NDJwZW5HVEhPaXQzeDlyVTBwTG0wS0s3ZDhtb0J5ZDFROW9Fc2FRT1UwNXkxJTJGT1RRWWRPODZVVDFZVlVOTGpxVUR1WEU2V3MzVTdRJTNEJTNEDQoNCg=="} -01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":649,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049518619,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","http": {"url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":649,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049518619,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","http": {"url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049529760,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1484319049529760,"pkt":"gCqoTGHM5JjWH70UCABFAAXcGHxAAEAG\/wzAqAEHNFkni8+gAFCVL\/Ksgv2MUYAQEBU48AAAAQEICh9k91StiNcHeyJoZWFkZXJkYXRhIjoiZXlKamFYQm9aWEowWlhoMElqb2labkJwTWprNE1IVlpRbThyZDNkSlNYQnNjMWhMS3paQ1ZFaERhM2RrYTFOU09XbFVUbWx3TVVZMU9XVlRiV3BUYVd4VVRta3ZORlJQYnpSeFFsUk1ZVmh4VlZkUmFFNUtjQ3RaUzA5VVkyVlJVVkJVYVZWbmFVOVRaM1F5YmpjeWNFOVdhRlZhVW5GMWJuVm9TMmRZVHpaSWRqVkJWamR0ZVRZcmFWUnROVUZvU2t4TFZsTmtWMDFYVkd3eGRTOUJjbTR4ZUdSTFZtaHBjSGsxT0hSeVdrRnZlaXRDY3pKSVR6ZFJWVEJvZW0xWk9ERnRjR1JNZUcxYWFUSjZWSGhNYzNWd0wxWlVTRWhNT0hNNGIwNDJjVkpwWW5sWGNuVk9kRkV4Y21adVNsTndlbkp1UzJSck1VdHBLMWxVYmxOMFNqWTVkMEk1VUhBd2RpdHVObmhKZW5wRlMwTlRaRkpHVVdwNE56ZFZVbGRWYTI1VVZGUTBjWFpEY25BMlUwNXFOMGhaTjB0YWVpOTFUV3BKT1ZscU4xSlJZMWx3T0hKMU0xUTRjMDFEY2pCU2EzRm1SVVV2VHpCVU5VWlRPRFpyUTJkcVJXZFNSVlJFV1d0UmMzZE1jSGxCYW5ZdlYxZEtNazl3U0U5eE9HRk5iM3BMZERRd1Rqa3JaMnhyTnpSTU1UbGtkbUpQTXpOdlRFWnNNRUpEU1hadU5ISnhhaXRST1VGb1VtWndaMFZqWldoRFZWTllPV3RVZUZsMlduRmhTMHBzUkdVNFFUSjFUV0UwYjNaNlkwMWxhMEozWlRkc1JIazFNa042ZDBGR1NtWlhlbVl6YWxWUlZVMXllalZFUjJkWWVXRlJhVlp5UjFOaGREVnRSek4xUmtVMksyeHhaVEEwT1ZSUFVqaEZLMGRRV1d4eFptcGFiRTl5Vm0xQk1sTldlVWhLZGpkMVYwVkVNV1lyTTFWa00wNVBXamQzTVZWV2NYTTNaaTlpUTNnNWRuRjVVbGhWV0M4cmMwRjJNMUp1TkRNM2IzZHdlV0phY2pWSFFWZFRNRWhTYUhGemNtSXpURGxSY0VjNFIyNXFSamxOWTBwT1owMU9aVEZvSzNSb1JtcElaRzVZT0hsb1VrNXlVVmhDUWxoRFZXUk1aVnByU1dkR01qUkJia3RDUlc1RWFtazVWRTF6YTBwalpuUldWMWhOYUVWVlprdFZNV0o1ZGk5RFdXTlhVWFpEWVdSNFUzQlJOR1JQY2tkV1NVMUhWME4xWm5SalVrOTJWV1pPZFZRM01taG1SMFZ3UldaVVJrc3JaV3d5VkRoTFVFcHliMWRNYlVoeVVrdE5SM0ZYZGxSV1REaHdabGhrZG1OcGFVSldRMmhOZDNGTWEzRm5PV1UyVjNsWVZWRXJibWs1T1hGc2NHWkZkbWMyYXl0MUsyeDZjRXcxWVVOcFUwZHlaMHgwV0VkNlNXVk9OMWt2V1Vwc01VeFJhMWhYYW5oTlkzRXZNMFkyUlV0eE9GTnFkakJ6UzJkMWVuaG1URkJpWVVkd1FuSmFXV1pKZFZGWmR6RXlVMlJVU1dsNFZHSmtjbEZaWVVsRk9HMVlXRE5rTXk5UFNVcEZSM2xxZVRaeE9FVkdXWHBIS3pkM2NVODVZa1F5YkdkSlNEQnVXV3hEYm01MmIyWnZlamsxYzNBek9WUnRXbnAwZGpsMFRFbzNPVWRTTjNCeWJYTlpZemhRVGpseWJHNTZPRWgzVGpKMGRUZzNhVmhsZDFWbU1qQjBkRVJVU1ZWNFF6WnVTMWRIVEZBcmVrSmxPRUoxVjFVMU1VTjNjbE5DYjBseFp6RnRPVU12WVhkaVZXRmhUVlE1ZGtseFltRlpjR1V3Um5sRlE="} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049641053,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049641053,"pkt":"gCqoTGHM5JjWH70UCABFAABCJHQAAP8RE97AqAEHwKgBAcoQADUALkrZBBoBAAABAAAAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAE="} @@ -188,7 +188,7 @@ 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049645637,"pkt":"gCqoTGHM5JjWH70UCABFAABCunsAAEARPNfAqAEHwKgBAcx7ADUALmwlX+cBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="} 01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} -02261{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319049640319,"flow_dst_last_pkt_time":1484319049653906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":23168,"midstream":0,"thread_ts_usec":1484319049653906,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":590,"avg":428029.7,"max":6030936,"stddev":1231580.9,"var":1516791529472.0,"ent":2.3,"data": [22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068]},"pktlen": {"min":52,"avg":795.6,"max":1500,"stddev":706.6,"var":499284.2,"ent":4.3,"data": [64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1],"entropies": [4.570159912,5.187539101,5.118428230,5.866323471,5.308815956,7.539054394,7.823310852,5.094483852,7.811959267,5.038779736,7.799767494,7.796337128,5.156889439,7.762200832,7.778352737,7.834424973,7.823929787,7.799146652,7.830269337,7.869925976,7.880800724,7.877037048,5.357215405,5.224027157,5.307214737,5.376956940,5.259624004,5.233813286,5.195351601,5.825244904,7.190491676,7.824782848]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} +02262{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319049640319,"flow_dst_last_pkt_time":1484319049653906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":23168,"midstream":0,"thread_ts_usec":1484319049653906,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":590,"avg":428029.7,"max":6030936,"stddev":1231580.9,"var":1516791529472.0,"ent":2.3,"data": [22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068]},"pktlen": {"min":52,"avg":795.6,"max":1500,"stddev":706.6,"var":499284.2,"ent":4.3,"data": [64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1],"entropies": [4.570159912,5.187539101,5.118428230,5.866323471,5.308815956,7.539054394,7.823310852,5.094483852,7.811959267,5.038779736,7.799767494,7.796337128,5.156889439,7.762200832,7.778352737,7.834424973,7.823929787,7.799146652,7.830269337,7.869925976,7.880800724,7.877037048,5.357215405,5.224027157,5.307214737,5.376956940,5.259624004,5.233813286,5.195351601,5.825244904,7.190491676,7.824782848]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1484319049665892,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="} 01144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319049665892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net","domainame":"a803.dscg.akamai.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["184.25.204.24,ttl=12","184.25.204.40,ttl=12"]}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049672494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049672494,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -200,16 +200,16 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049697401,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049700208,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049700208,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1484319049703194,"pkt":"gCqoTGHM5JjWH70UCABFAAEMARZAAEAG8vTAqAEHuBnMGM+hAFBgKjK1ldAXCYAYEBWbUgAAAQEICh9k+AP\/\/IQ4R0VUIC90cGEzLzYxNi8yMDQxNzc5NjE2LmJpZiBIVFRQLzEuMQ0KSG9zdDogdHAuYWthbS5uZmx4aW1nLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCg0K"} -01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049703194,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049703194,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049725869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049725869,"pkt":"5JjWH70UgCqoTGHMCABFIAA0k1dAADwGZWu4GcwYwKgBBwBQz6GV0BcJYCozjYAQA6uA6gAAAQEICv\/8hF4fZPgD"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049740377,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049743556,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049743556,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319049748048,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KeBAAEAGBT7AqAEHNr8RM8+qAbupwyRbcKY8y4AYEBVJ9gAAAQEICh9k+C6tikoKFgMBAgABAAH8AwPYXvBe7OTKRo\/HluRIJZi3JSt\/Gg\/Ui4yLFjBV5BYvDAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049748048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049753726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049753726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049748048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049753726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049753726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049807153,"pkt":"5JjWH70UgCqoTGHMCABFIAA0dtFAACoG0DE2vxEzwKgBBwG7z6pwpjzLqcMmYIAQAD0OrAAAAQEICq2KShofZPgu"} -01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049807663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049850914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319049850914,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049807663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01684{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049850914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319049850914,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050652467,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319050652467,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319050677236,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="} @@ -335,7 +335,7 @@ 02519{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1058,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319061706774,"flow_dst_last_pkt_time":1484319061794702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061794702,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":240,"avg":355944.2,"max":3546297,"stddev":682699.4,"var":466078498816.0,"ent":3.5,"data": [43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168]},"pktlen": {"min":52,"avg":493.2,"max":1500,"stddev":638.4,"var":407523.4,"ent":3.9,"data": [64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1],"entropies": [4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} 02518{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1131,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319062638948,"flow_dst_last_pkt_time":1484319062680623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319062680623,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":414504.9,"max":4457097,"stddev":811357.3,"var":658300731392.0,"ent":3.6,"data": [41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793]},"pktlen": {"min":52,"avg":538.1,"max":1500,"stddev":656.8,"var":431419.8,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} 02513{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1162,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319062946776,"flow_dst_last_pkt_time":1484319063015567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":10653,"midstream":0,"thread_ts_usec":1484319063015567,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":682,"avg":435375.1,"max":4431980,"stddev":814478.7,"var":663375511552.0,"ent":3.6,"data": [43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669]},"pktlen": {"min":52,"avg":404.2,"max":1500,"stddev":589.2,"var":347103.4,"ent":3.7,"data": [64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500]},"bins": {"c_to_s": [22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1],"entropies": [4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} -02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1269,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":136,"avg":1958267.8,"max":30086001,"stddev":7379834.5,"var":54461959503872.0,"ent":1.1,"data": [47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822]},"pktlen": {"min":52,"avg":380.0,"max":1500,"stddev":556.9,"var":310128.2,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1],"entropies": [4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1269,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":136,"avg":1958267.8,"max":30086001,"stddev":7379834.5,"var":54461959503872.0,"ent":1.1,"data": [47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822]},"pktlen": {"min":52,"avg":380.0,"max":1500,"stddev":556.9,"var":310128.2,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1],"entropies": [4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064590230,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064590230,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1295,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319064593980,"flow_dst_last_pkt_time":1484319064593980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064593980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -363,30 +363,30 @@ 01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319064699948,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com","domainame":"ichnaea.geo.netflix.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.37.36.252,ttl=22","52.43.102.20,ttl=22","52.34.255.169,ttl=22","52.24.110.210,ttl=22"]}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064711690,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064711690,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"} -02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1317,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":1003326.9,"max":30431499,"stddev":5372888.5,"var":28867930619904.0,"ent":0.2,"data": [44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499]},"pktlen": {"min":52,"avg":379.5,"max":1500,"stddev":557.0,"var":310204.4,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52]},"bins": {"c_to_s": [10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0],"entropies": [4.598081589,5.256567001,5.131024837,5.819132805,5.246409416,7.227420330,7.332920074,5.092563152,6.984497547,5.169486046,6.274277210,5.113821983,5.948767662,5.284871101,6.050486565,5.246409416,7.870395660,7.873335838,7.867392540,5.246409416,7.876014709,7.339691162,5.169486046,5.284871101,5.284871101,7.775086403,6.215628147,5.873826027,5.246409416,5.169486046,5.154969215,5.003043175]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1317,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":1003326.9,"max":30431499,"stddev":5372888.5,"var":28867930619904.0,"ent":0.2,"data": [44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499]},"pktlen": {"min":52,"avg":379.5,"max":1500,"stddev":557.0,"var":310204.4,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52]},"bins": {"c_to_s": [10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0],"entropies": [4.598081589,5.256567001,5.131024837,5.819132805,5.246409416,7.227420330,7.332920074,5.092563152,6.984497547,5.169486046,6.274277210,5.113821983,5.948767662,5.284871101,6.050486565,5.246409416,7.870395660,7.873335838,7.867392540,5.246409416,7.876014709,7.339691162,5.169486046,5.284871101,5.284871101,7.775086403,6.215628147,5.873826027,5.246409416,5.169486046,5.154969215,5.003043175]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722112,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722814,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064723412,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064723412,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064724096,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064724096,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064728551,"pkt":"gCqoTGHM5JjWH70UCABFAAI52vZAAEAGVCfAqAEHNr8RM8\/JAbsptVYeqmuNy4AYEBU\/AQAAAQEICh9lMBGtilitFgMBAgABAAH8AwOssLX4r6P7GP1cyM+\/QL5jcos5eemrJxEB7qfdYiVRRQAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064728551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064728551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064729673,"pkt":"gCqoTGHM5JjWH70UCABFAAI526xAAEAGU3HAqAEHNr8RM8\/SAbtTxg2VXDZIdIAYEBX36QAAAQEICh9lMBOtilitFgMBAgABAAH8AwM\/Ud3IJ+zS9aVmySryI5irQf+M2+tqC0+UPSJWqvpDqAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064729673,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064729673,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064781140,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1333,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064782652,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064782652,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1334,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064783171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064783171,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EM5AACoGNjU2vxEzwKgBBwG7z9JcNkh0U8YPmoAQAD09hgAAAQEICq2KWL0fZTAT"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1337,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319064785302,"pkt":"gCqoTGHM5JjWH70UCABFAAEZfjdAAEAGoNfAqAEHNCUk\/M\/TAbvE99WTX4M6HoAYEBXgSwAAAQEICh9lMEiFpSALFgMBAOABAADcAwNYeOlYxBLS5gM2ky3bQNFyoxLviT91lQxxEizDalFYdwAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1337,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064785302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1337,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064785302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064796538,"pkt":"5JjWH70UgCqoTGHMCABFIAA01XFAACkGcpE2vxEzwKgBBwG7z8mqa43LKbVYI4AQAD2LiwAAAQEICq2KWL4fZTAR"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064796989,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064823890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064823890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064796989,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064823890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064823890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064836708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064836708,"pkt":"5JjWH70UgCqoTGHMCABFIAA0GgVAACoGG880JST8wKgBBwG7z9NfgzoexPfWeIAQAEtfkAAAAQEICoWlIB4fZTBI"} -01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1344,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064850606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064850606,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} -01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1348,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1349,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} -01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} -02338{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1408,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":182,"avg":52521.9,"max":282465,"stddev":58168.2,"var":3383536896.0,"ent":4.2,"data": [50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723]},"pktlen": {"min":52,"avg":552.5,"max":1500,"stddev":629.7,"var":396553.7,"ent":4.0,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52]},"bins": {"c_to_s": [10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0],"entropies": [4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":59431.0,"max":332646,"stddev":83335.9,"var":6944879104.0,"ent":3.8,"data": [69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549]},"pktlen": {"min":52,"avg":746.1,"max":1500,"stddev":703.8,"var":495333.0,"ent":4.2,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500]},"bins": {"c_to_s": [6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0],"s_to_c": [6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0],"entropies": [4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01685{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1344,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064850606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064850606,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1348,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01685{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1349,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +02336{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1408,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":182,"avg":52521.9,"max":282465,"stddev":58168.2,"var":3383536896.0,"ent":4.2,"data": [50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723]},"pktlen": {"min":52,"avg":552.5,"max":1500,"stddev":629.7,"var":396553.7,"ent":4.0,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52]},"bins": {"c_to_s": [10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0],"entropies": [4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":59431.0,"max":332646,"stddev":83335.9,"var":6944879104.0,"ent":3.8,"data": [69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549]},"pktlen": {"min":52,"avg":746.1,"max":1500,"stddev":703.8,"var":495333.0,"ent":4.2,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500]},"bins": {"c_to_s": [6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0],"s_to_c": [6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0],"entropies": [4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 02512{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1450,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5292,"avg":101928.1,"max":730898,"stddev":155663.8,"var":24231225344.0,"ent":4.0,"data": [30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720]},"pktlen": {"min":52,"avg":648.3,"max":1500,"stddev":653.4,"var":426995.3,"ent":4.2,"data": [64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0],"entropies": [4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070636683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319070636683,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"} @@ -426,10 +426,10 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319114455348,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1484319114457327,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114457327,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319114464321,"pkt":"gCqoTGHM5JjWH70UCABFAAI5Y7ZAAEAGyGPAqAEHNCAW1s\/2Abt+TgYKSUprD4AYEBXEQwAAAQEICh9l6gK2sSMxFgMBAgABAAH8AwPYD50dwaa6SBFM+FER3hNsABrlY\/SCFZdiIuSkbU7v5QAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114464321,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114464321,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114523056,"pkt":"5JjWH70UgCqoTGHMCABFIAA0SDFAACkG\/M00IBbWwKgBBwG7z\/ZJSmsPfk4ID4AQAD16GQAAAQEICraxIz8fZeoC"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1543,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319114523585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114556754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319114556754,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1543,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319114523585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01685{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114556754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319114556754,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1565,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1484319117511945,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="} 01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1565,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com","domainame":"api-global.latency.prodaa.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -442,17 +442,17 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117664151,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117667082,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117667082,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117668880,"pkt":"gCqoTGHM5JjWH70UCABFAAI59gxAAEAGLtXAqAEHNCkeBc\/3Abv7qhZUzpmKroAYEBUUlAAAAQEICh9l9feh\/Yo1FgMBAgABAAH8AwNYeOmNAe5Q0hcaTI2Ej50ifhjlODvil\/8YZ4JhR3RxkSAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAAGNAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMzdAAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQAFAAUBAAAAAAASAAAAFwAAABUA+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117668880,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117668880,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117703150,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117704525,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117704525,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117713351,"pkt":"gCqoTGHM5JjWH70UCABFAAI5taBAAEAGdnnAqAEHNCAW1tAAAbtmeMEhXwOe+oAYEBXylgAAAQEICh9l9hq2sSZcFgMBAgABAAH8AwN8q\/ZLhsSOm12ptnIT0OvNxxjn3f9+RlJ5hY7lfSkXAAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117713351,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117713351,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117734717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117734717,"pkt":"5JjWH70UgCqoTGHMCABFIAA0AOhAACkGPN80KR4FwKgBBwG7z\/fOmYqu+6oYWYAQAD3iAQAAAQEICqH9ikcfZfX3"} -01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117737656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117737656,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117738672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319117738672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117737656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117737656,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117738672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319117738672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117767728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117767728,"pkt":"5JjWH70UgCqoTGHMCABFIAA0uJNAACkGjGs0IBbWwKgBBwG70ABfA576ZnjDJoAQAD194wAAAQEICraxJm0fZfYa"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117770085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117770085,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1590,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117771052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319117771052,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117770085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117770085,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01685{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1590,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117771052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319117771052,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117826887,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117826887,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1599,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117827967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117827967,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -460,16 +460,16 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117879588,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117881117,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117881117,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117885772,"pkt":"gCqoTGHM5JjWH70UCABFAAEEKuFAAEAG+zXAqAEHNCkeBdABAbshc+wiWjzIs4AYEBUAlAAAAQEICh9l9sOh\/YpsFgMBAMsBAADHAwNYeOmNxGxgi8I9EIqk5oJkWnJI9VweKmO\/JyQkao7GaCDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1605,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117885772,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1605,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117885772,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117886937,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117890575,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117890575,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117892631,"pkt":"gCqoTGHM5JjWH70UCABFAAEEuTxAAEAGbNrAqAEHNCkeBdACAbuRqNIG4ZYSCoAYEBUMGAAAAQEICh9l9seh\/YptFgMBAMsBAADHAwNYeOmNE5tkHrD0G2XjxlOstOMmL3TKkSrM+b+7cNSu7CDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1608,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1608,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117929656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117929656,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QsRAACoG+gI0KR4FwKgBBwG70AFaPMizIXPs8oAQAD0c8QAAAQEICqH9ingfZfbD"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117941532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117941532,"pkt":"5JjWH70UgCqoTGHMCABFIAA0mHNAACkGpVM0KR4FwKgBBwG70ALhlhIKkajS1oAQAD32HgAAAQEICqH9insfZfbH"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1669,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":140,"avg":20407.3,"max":141407,"stddev":28956.2,"var":838464256.0,"ent":3.9,"data": [52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840]},"pktlen": {"min":52,"avg":420.8,"max":1500,"stddev":506.4,"var":256458.0,"ent":4.1,"data": [64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707]},"bins": {"c_to_s": [12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02316{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1669,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":140,"avg":20407.3,"max":141407,"stddev":28956.2,"var":838464256.0,"ent":3.9,"data": [52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840]},"pktlen": {"min":52,"avg":420.8,"max":1500,"stddev":506.4,"var":256458.0,"ent":4.1,"data": [64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707]},"bins": {"c_to_s": [12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1484319118629811,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"} 01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net","domainame":"a1907.dscg.akamai.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -484,28 +484,28 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1484319118658049,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319118674728,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1699,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1484319118675789,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118675789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1700,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319118676250,"pkt":"gCqoTGHM5JjWH70UCABFAAEppeRAAEAGThfAqAEHuBnMCtADAFAmSxL+8j0E\/YAYEBUliAAAAQEICh9l+cH\/\/WqNR0VUIC80ZTM2ZC82Mjg5ODg5MDIwZDZjYzZkZmIzMDM4YzM1NTY0YTQxZTFjYTRlMzZkLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1700,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118676250,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","domainame":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1700,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118676250,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","domainame":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319118687774,"pkt":"gCqoTGHM5JjWH70UCABFAAEp1+JAAEAGHBnAqAEHuBnMCtAEAFDFgkYiq+D9DIAYEBXuKgAAAQEICh9l+cj\/\/WqNR0VUIC84YjFmYS9lYWExYjc4Y2Q3MmNhNGRiZGNhYjUyNzY5MWQyZmNhYjM3YzhiMWZhLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1702,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118687774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","domainame":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1702,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118687774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","domainame":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118700093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118700093,"pkt":"5JjWH70UgCqoTGHMCABFIAA0blRAADwGiny4GcwKwKgBBwBQ0APyPQT9JksT84AQA6unowAAAQEICv\/9aqkfZfnB"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1707,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118713206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118713206,"pkt":"5JjWH70UgCqoTGHMCABFIAA0l79AADwGYRG4GcwKwKgBBwBQ0ASr4P0MxYJHF4AQA6sjgwAAAQEICv\/9arMfZfnI"} -02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1715,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":95,"avg":63539.0,"max":500942,"stddev":121518.7,"var":14766798848.0,"ent":3.3,"data": [58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945]},"pktlen": {"min":52,"avg":442.8,"max":1500,"stddev":552.3,"var":305076.8,"ent":4.0,"data": [64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500]},"bins": {"c_to_s": [10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -02260{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1759,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118854817,"flow_dst_last_pkt_time":1484319119584735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":34752,"midstream":0,"thread_ts_usec":1484319119584735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":508,"avg":36240.5,"max":99830,"stddev":21554.2,"var":464585632.0,"ent":4.7,"data": [16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489]},"pktlen": {"min":52,"avg":1146.7,"max":1500,"stddev":613.3,"var":376142.5,"ent":4.7,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} -02252{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1784,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120611345,"flow_dst_last_pkt_time":1484319120609765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":22387,"midstream":0,"thread_ts_usec":1484319120611345,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":241,"avg":126007.9,"max":1416280,"stddev":340787.6,"var":116136157184.0,"ent":2.6,"data": [15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156]},"pktlen": {"min":52,"avg":767.5,"max":1500,"stddev":698.9,"var":488505.9,"ent":4.3,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} +02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1715,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":95,"avg":63539.0,"max":500942,"stddev":121518.7,"var":14766798848.0,"ent":3.3,"data": [58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945]},"pktlen": {"min":52,"avg":442.8,"max":1500,"stddev":552.3,"var":305076.8,"ent":4.0,"data": [64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500]},"bins": {"c_to_s": [10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02261{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1759,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118854817,"flow_dst_last_pkt_time":1484319119584735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":34752,"midstream":0,"thread_ts_usec":1484319119584735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":508,"avg":36240.5,"max":99830,"stddev":21554.2,"var":464585632.0,"ent":4.7,"data": [16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489]},"pktlen": {"min":52,"avg":1146.7,"max":1500,"stddev":613.3,"var":376142.5,"ent":4.7,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} +02253{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1784,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120611345,"flow_dst_last_pkt_time":1484319120609765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":22387,"midstream":0,"thread_ts_usec":1484319120611345,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":241,"avg":126007.9,"max":1416280,"stddev":340787.6,"var":116136157184.0,"ent":2.6,"data": [15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156]},"pktlen": {"min":52,"avg":767.5,"max":1500,"stddev":698.9,"var":488505.9,"ent":4.3,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319113019284,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1976,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} -01047{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01045{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00772{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01008{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":32,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319085476120,"flow_dst_last_pkt_time":1484319085460132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":41992,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} -01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":10,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043232639,"flow_dst_last_pkt_time":1484319043341642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} -01008{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319075730913,"flow_dst_last_pkt_time":1484319075722109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} -01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":13,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049930810,"flow_dst_last_pkt_time":1484319050538865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":15928,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com"}} -01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":25,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120726362,"flow_dst_last_pkt_time":1484319120717893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":31755,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} -01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":29,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319120053813,"flow_dst_last_pkt_time":1484319119662360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":39096,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} -00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319063913670,"flow_dst_last_pkt_time":1484319063911664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":4205,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033206251,"flow_dst_last_pkt_time":1484319033328231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2482,"flow_dst_tot_l4_payload_len":6399,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01109{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319063914824,"flow_dst_last_pkt_time":1484319063913042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":923,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":1187,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01114{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319117555613,"flow_dst_last_pkt_time":1484319117553842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":4474,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117994811,"flow_dst_last_pkt_time":1484319117992103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4361,"flow_dst_tot_l4_payload_len":4406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01009{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":32,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319085476120,"flow_dst_last_pkt_time":1484319085460132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":41992,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":10,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043232639,"flow_dst_last_pkt_time":1484319043341642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} +01009{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319075730913,"flow_dst_last_pkt_time":1484319075722109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} +01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":13,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049930810,"flow_dst_last_pkt_time":1484319050538865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":15928,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":25,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120726362,"flow_dst_last_pkt_time":1484319120717893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":31755,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":29,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319120053813,"flow_dst_last_pkt_time":1484319119662360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":39096,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} +00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319063913670,"flow_dst_last_pkt_time":1484319063911664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":4205,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033206251,"flow_dst_last_pkt_time":1484319033328231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2482,"flow_dst_tot_l4_payload_len":6399,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319063914824,"flow_dst_last_pkt_time":1484319063913042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":923,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":1187,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319117555613,"flow_dst_last_pkt_time":1484319117553842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":4474,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117994811,"flow_dst_last_pkt_time":1484319117992103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4361,"flow_dst_tot_l4_payload_len":4406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032866374,"flow_dst_last_pkt_time":1484319032884052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114400480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net"}} @@ -513,29 +513,29 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319032882949,"flow_src_last_pkt_time":1484319032882949,"flow_dst_last_pkt_time":1484319032884500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ichnaea.us-west-2.prodaa.netflix.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com"}} -01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":17,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319096924088,"flow_dst_last_pkt_time":1484319096921856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20856,"flow_dst_tot_l4_payload_len":4094,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} -01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319119338372,"flow_dst_last_pkt_time":1484319119162139,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":21553,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":27,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118687018,"flow_dst_last_pkt_time":1484319118675176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4272,"flow_dst_tot_l4_payload_len":18162,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319118041692,"flow_dst_last_pkt_time":1484319118040132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1384,"flow_dst_max_l4_payload_len":1000,"flow_src_tot_l4_payload_len":2158,"flow_dst_tot_l4_payload_len":2014,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":17,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319096924088,"flow_dst_last_pkt_time":1484319096921856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20856,"flow_dst_tot_l4_payload_len":4094,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} +01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319119338372,"flow_dst_last_pkt_time":1484319119162139,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":21553,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":27,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118687018,"flow_dst_last_pkt_time":1484319118675176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4272,"flow_dst_tot_l4_payload_len":18162,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319118041692,"flow_dst_last_pkt_time":1484319118040132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1384,"flow_dst_max_l4_payload_len":1000,"flow_src_tot_l4_payload_len":2158,"flow_dst_tot_l4_payload_len":2014,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036847572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sha2.san.akam.nflximg.net"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"appboot.netflix.com"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"artwork.akam.nflximg.net"}} -01113{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319033215216,"flow_dst_last_pkt_time":1484319033213209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2185,"flow_dst_tot_l4_payload_len":4385,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01114{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319050696784,"flow_dst_last_pkt_time":1484319050693641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4473,"flow_dst_tot_l4_payload_len":8193,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064982710,"flow_dst_last_pkt_time":1484319064978926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4531,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01152{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065592399,"flow_dst_last_pkt_time":1484319065588591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6786,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com"}} -01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319063911876,"flow_dst_last_pkt_time":1484319063910283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5170,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} -01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319064012018,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} -01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064790823,"flow_dst_last_pkt_time":1484319064782569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4171,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} +01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319033215216,"flow_dst_last_pkt_time":1484319033213209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2185,"flow_dst_tot_l4_payload_len":4385,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319050696784,"flow_dst_last_pkt_time":1484319050693641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4473,"flow_dst_tot_l4_payload_len":8193,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064982710,"flow_dst_last_pkt_time":1484319064978926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4531,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01150{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065592399,"flow_dst_last_pkt_time":1484319065588591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6786,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com"}} +01012{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319063911876,"flow_dst_last_pkt_time":1484319063910283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5170,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} +01013{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319064012018,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} +01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064790823,"flow_dst_last_pkt_time":1484319064782569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4171,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com"}} -01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":26,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319080085510,"flow_dst_last_pkt_time":1484319080083748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":27820,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com"}} -00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":8,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036977437,"flow_dst_last_pkt_time":1484319036976156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1090,"flow_dst_tot_l4_payload_len":3533,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319081182418,"flow_dst_last_pkt_time":1484319081180537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9065,"flow_dst_tot_l4_payload_len":5638,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01154{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":18,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319073564849,"flow_dst_last_pkt_time":1484319073562707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":6263,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01155{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":39,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319073578996,"flow_dst_last_pkt_time":1484319073576827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4348,"flow_dst_tot_l4_payload_len":35028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01114{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319066108619,"flow_dst_last_pkt_time":1484319066106464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2624,"flow_dst_tot_l4_payload_len":3919,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":26,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319080085510,"flow_dst_last_pkt_time":1484319080083748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":27820,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":8,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036977437,"flow_dst_last_pkt_time":1484319036976156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1090,"flow_dst_tot_l4_payload_len":3533,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319081182418,"flow_dst_last_pkt_time":1484319081180537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9065,"flow_dst_tot_l4_payload_len":5638,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01152{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":18,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319073564849,"flow_dst_last_pkt_time":1484319073562707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":6263,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01153{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":39,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319073578996,"flow_dst_last_pkt_time":1484319073576827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4348,"flow_dst_tot_l4_payload_len":35028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319066108619,"flow_dst_last_pkt_time":1484319066106464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2624,"flow_dst_tot_l4_payload_len":3919,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 01271{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":32,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319052229556,"flow_dst_last_pkt_time":1484319052226562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":41059,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.145"}} 01269{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052292468,"flow_dst_last_pkt_time":1484319052290715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":4860,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.10.139"}} 01269{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":34,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319056189450,"flow_dst_last_pkt_time":1484319056186291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":42887,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140"}} @@ -554,7 +554,7 @@ 01272{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319065147554,"flow_dst_last_pkt_time":1484319065269365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":10445,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} 01270{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070825326,"flow_dst_last_pkt_time":1484319070905880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":8954,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133"}} 01273{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":18,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091498293,"flow_dst_last_pkt_time":1484319091694942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":22028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1793,"packets-processed":1793,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":69,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1484319120726362} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1793,"packets-processed":1793,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":69,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1484319120726362} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1793/1793 ~~ skipped flows.............: 0 @@ -563,9 +563,9 @@ ~~ total active/idle flows...: 61/61 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9402682 bytes -~~ total memory freed........: 9402682 bytes -~~ total allocations/frees...: 143511/143511 +~~ total memory allocated....: 10169273 bytes +~~ total memory freed........: 10169273 bytes +~~ total allocations/frees...: 157486/157486 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2539 chars diff --git a/test/results/default/netflow-fritz.pcap.out b/test/results/default/netflow-fritz.pcap.out index 9e4175623..3da1f2f45 100644 --- a/test/results/default/netflow-fritz.pcap.out +++ b/test/results/default/netflow-fritz.pcap.out @@ -1,10 +1,10 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1498072707863157} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1498072707863157} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1498072707863157,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1498072707863157} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1498072707863157} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644843 bytes -~~ total memory freed........: 8644843 bytes -~~ total allocations/frees...: 140533/140533 +~~ total memory allocated....: 9409217 bytes +~~ total memory freed........: 9409217 bytes +~~ total allocations/frees...: 154499/154499 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 595 chars ~~ json message max len.......: 979 chars diff --git a/test/results/default/netflowv9.pcap.out b/test/results/default/netflowv9.pcap.out index 4a5ac0116..7994a394b 100644 --- a/test/results/default/netflowv9.pcap.out +++ b/test/results/default/netflowv9.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568213026961189} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568213026961189} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026961189,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02373{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_usec":1568213026961189,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026961189,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568213026961481,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1568213026961481,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBlAAEARgtfAqAKGwKgC3r31CAkFNPSKAAkAECROCO5dZ6gMFm+miwAAAAEBAwR0AAoEJE2MQyRNjEMAAAAAAAAAKAAAAAAAAAABBoG7GHW5sBu2oskQ8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2N2iRNjdoAAAAAAAAAKAAAAAAAAAABBo1U+k3KfY5lynQNPQIAkwAAJVUAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE18SSRNfEkAAAAAAAAAKAAAAAAAAAABBoOfK0xgJbzk0x8idgIAkwAAQZMAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE138SRNd\/EAAAAAAAAAKAAAAAAAAAABBo0ow7ZcdiVKtb35CAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2GQyRNhkMAAAAAAAAAKAAAAAAAAAABBor0wQFcdiVKtb3HUgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DfiRNg34AAAAAAAAAKAAAAAAAAAABBor2FrZcdiVS2B5qjAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE18PyRNfD8AAAAAAAAAKAAAAAAAAAABBo1Up0FcdiVS2B5r1QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE17iyRNe4sAAAAAAAAAPAAAAAAAAAABBg3sBqCBu1q758J2XwIAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NhiRNjYYAAAAAAAAAKAAAAAAAAAABBor1iT+zPH\/q+PWRXwIAkwAEAA8AADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2S4iRNkuIAAAAAAAAAKAAAAAAAAAABBo1UPAVcdiVKtb3HQAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zyiRNf34AAAAAAAAAaAAAAAAAAAACBoG7N9cYhuyhXSkMOAIAkwAAemYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10QyRNicMAAAAAAAAOTQAAAAAAAAAOBkWtkIyNVA4cyLQBuxsAkwAAMhAAAGgrhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10VCRNiaAAAAAAAAAWCAAAAAAAAAAOBo1UDhxFrZCMAbvItBsAkwAAaCsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE19oiRNfaIAAAAAAAAAKAAAAAAAAAABBo0otGR9QF7TkZskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoBAgCkAAoEJE1+RiRNfkYAAAAAAAACnwAAAAAAAAABEY0or7OjrOWoV\/4TxACTAAAyTAAAMhDYZ9kYj9qEeKwVnUIAAAAAACAAAAAAAAAAAAAAAAAACgQkTYvDJE2LwwAAAAAAAABBAAAAAAAAAAERjVTKyMf3HnvTFQA1AJMAAE\/5AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="} 02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568213026961588,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_usec":1568213026961588,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVELBpAAEARgtrAqAKGwKgC3r31CAkFMBHrAAkAECROCO5dZ6gMFm+mjAAAAAEBAwUUAAoEJE2SMCRNkjAAAAAAAAAAKAAAAAAAAAABBo0oeEF9QF7TgbUkWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JaCRNiWgAAAAAAAAAKAAAAAAAAAABBo1UNRi50QAh4ToRYwIAkwAAl54AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEz5IiRNcjMAAAAAAAAZGgAAAAAAAAAUBhH4kiqK9g5D6DsBuxsAkwAAMhAAAALKhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEz5KyRNcicAAAAAAAA1qwAAAAAAAAAUBor2DkMR+JIqAbvoOxsAkwAAAsoAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2AfyRNgH8AAAAAAAAAKAAAAAAAAAABBor2smFcdiVS2B5l6QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1vXSRNb10AAAAAAAAAKAAAAAAAAAABBo0oMRxcd6AhqNceOgIAkwAAwWEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1wriRNcNYAAAAAAAADlQAAAAAAAAALBhcAJ1qBuwkVzSYBuxoAkwAAMhAAAEDxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1wtyRNcQcAAAAAAAARmgAAAAAAAAAIBoG7CRUXACdaAbvNJhoAkwAAQPEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1voCRNb6AAAAAAAAAAKAAAAAAAAAABBo1Ua7JcdiVKtb08AgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2SPCRNkjwAAAAAAAAAKAAAAAAAAAABBoOftxy5sBu2oskg6gIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zjiRNc44AAAAAAAAAKAAAAAAAAAABBor0fg92t70V0O4XDAIAkwAAECYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2SXiRNkl4AAAAAAAAAKAAAAAAAAAABBoG7fy+5sBu2oskgdQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zoCRNc6AAAAAAAAAAKAAAAAAAAAABBo0nrI+5sBv2sRRsPgIAkwADHowAAAKo2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MviRNj0UAAAAAAAAE2wAAAAAAAAAGBmj0KkiK9gKH15wBuxgAkwAAMhAAADRmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MxyRNjxMAAAAAAAAC1wAAAAAAAAAFBor2Aodo9CpIAbvXnBgAkwAANGYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE15TyRNeU8AAAAAAAAAKAAAAAAAAAABBor1eIW5sBu2oskcOQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAA"} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026962107,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1320,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13468,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026962107,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1568213026962107} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1568213026962107} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645126 bytes -~~ total memory freed........: 8645126 bytes -~~ total allocations/frees...: 140543/140543 +~~ total memory allocated....: 9409500 bytes +~~ total memory freed........: 9409500 bytes +~~ total allocations/frees...: 154509/154509 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 2379 chars diff --git a/test/results/default/nexon.pcapng.out b/test/results/default/nexon.pcapng.out index 75c964884..3e2144f5a 100644 --- a/test/results/default/nexon.pcapng.out +++ b/test/results/default/nexon.pcapng.out @@ -1,23 +1,23 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1742389906169830} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1742389906169830} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1742389906169830,"flow_src_last_pkt_time":1742389906169830,"flow_dst_last_pkt_time":1742389906169830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742389906169830,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"54.64.252.215","src_port":46824,"dst_port":9995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1742389906169830,"flow_dst_last_pkt_time":1742389906169830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1742389906169830,"pkt":"dNo47VMyYhO2esBpCABFAAA86N5AAEAGUdrAqAxDNkD817boJwvbrMopAAAAAKAC\/\/8djgAAAgQFtAQCCApapEv+AAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1742389906169830,"flow_dst_last_pkt_time":1742389906433489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1742389906433489,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAAO4GjLg2QPzXwKgMQycLtugTaPaR26zKKqASaN\/x+wAAAgQFtAQCCAo6uH3xWqRL\/gEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1742389906475959,"flow_dst_last_pkt_time":1742389906433489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1742389906475959,"pkt":"dNo47VMyYhO2esBpCABFAAA06N9AAEAGUeHAqAxDNkD817boJwvbrMoqE2j2koAQAKyHyAAAAQEIClqkTTE6uH3x"} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1742389906476780,"flow_dst_last_pkt_time":1742389906433489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1742389906476780,"pkt":"dNo47VMyYhO2esBpCABFAABM6OBAAEAGUcjAqAxDNkD817boJwvbrMoqE2j2koAYAKz7bQAAAQEIClqkTTI6uH3xGAAAAGQAAAC0NDDjE3C1GyyE9ny3hIgP"} -00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1742389906169830,"flow_src_last_pkt_time":1742389906476780,"flow_dst_last_pkt_time":1742389906433489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742389906476780,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"54.64.252.215","src_port":46824,"dst_port":9995,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1742389906169830,"flow_src_last_pkt_time":1742389906476780,"flow_dst_last_pkt_time":1742389906433489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742389906476780,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"54.64.252.215","src_port":46824,"dst_port":9995,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1742389906476780,"flow_dst_last_pkt_time":1742389906740075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1742389906740075,"pkt":"YhO2esBpdNo47VMyCABFAAA0MAJAAO4GXL42QPzXwKgMQycLtugTaPaS26zKQoAQANKGVwAAAQEICjq4fyNapE0y"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1742389980610107,"flow_src_last_pkt_time":1742389980610107,"flow_dst_last_pkt_time":1742389980610107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742389980610107,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"18.185.38.147","src_port":39908,"dst_port":7500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1742389980610107,"flow_dst_last_pkt_time":1742389980610107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1742389980610107,"pkt":"dNo47VMyYhO2esBpCABFAAA8cBMAAEAGBHLAqAxDErkmk5vkHUz673FcAAAAAKAC\/\/8ocgAAAgQFtAQCCAr\/kPRGAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1742389980610107,"flow_dst_last_pkt_time":1742389980623920,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1742389980623920,"pkt":"YhO2esBpdNo47VMyCABFAAA0ycFAAHcGM8sSuSaTwKgMQx1Mm+THenoX+u9xXYAS\/\/8BuQAAAgQFtAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1742389980630918,"flow_dst_last_pkt_time":1742389980623920,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1742389980630918,"pkt":"dNo47VMyYhO2esBpCABFAAAocBQAAEAGBIXAqAxDErkmk5vkHUz673Fdx3p6GFAQAKxB4AAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1742389980732321,"flow_dst_last_pkt_time":1742389980623920,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1742389980732321,"pkt":"dNo47VMyYhO2esBpCABFAAA8cBUAAEAGBHDAqAxDErkmk5vkHUz673Fdx3p6GFAYAKw6OgAAhLVv+xY6mS5Z13X38NvT+vV62U8="} -00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1742389980610107,"flow_src_last_pkt_time":1742389980732321,"flow_dst_last_pkt_time":1742389980623920,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742389980732321,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"18.185.38.147","src_port":39908,"dst_port":7500,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1742389980610107,"flow_src_last_pkt_time":1742389980732321,"flow_dst_last_pkt_time":1742389980623920,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1742389980732321,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"18.185.38.147","src_port":39908,"dst_port":7500,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1742389980732321,"flow_dst_last_pkt_time":1742389980745494,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1742389980745494,"pkt":"YhO2esBpdNo47VMyCABFAABMycJAAHcGM7ISuSaTwKgMQx1Mm+THenoY+u9xcVAYBAK+IQAAlhgj0hY6mS9Z1nXHQGzOb1uMItFcd39WoyyPGQ1P\/k451GZ2"} -02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1742389906169830,"flow_src_last_pkt_time":1742390001417221,"flow_dst_last_pkt_time":1742390001680430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1742390001680430,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"54.64.252.215","src_port":46824,"dst_port":9995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":44,"avg":6153483.5,"max":43050817,"stddev":11570571.0,"var":133878106816512.0,"ent":3.3,"data": [263659,306129,821,306586,44,307390,74,307185,313383,2118528,2477124,7517181,7472379,291234,291203,25327845,25327915,1611489,1610944,265504,265357,43050071,43050817,266877,266488,9059166,9059123,289475,289534,4522224,4522242]},"pktlen": {"min":52,"avg":81.1,"max":276,"stddev":43.7,"var":1910.2,"ent":4.8,"data": [60,60,52,76,52,60,100,52,80,52,108,52,108,52,108,52,276,52,108,52,116,52,116,52,108,52,108,52,108,52,116,52]},"bins": {"c_to_s": [5,8,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.813301563,5.346035480,5.195351124,5.435106754,5.325253010,5.093415737,6.106114388,5.156889439,5.743621826,5.118427753,6.171375751,5.286791325,6.270958900,5.209868431,6.164386272,5.248329639,7.040317535,5.171406746,6.261518478,5.248329639,6.273720264,5.118427753,6.418159008,5.171406746,6.134338379,5.171406746,6.159847260,5.209868431,6.194433689,5.171406269,6.331952095,5.130219936]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1742389980610107,"flow_src_last_pkt_time":1742389994061799,"flow_dst_last_pkt_time":1742389992891608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":271,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":369,"flow_dst_tot_l4_payload_len":1079,"midstream":0,"thread_ts_usec":1742390106138218,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"18.185.38.147","src_port":39908,"dst_port":7500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":48,"flow_first_seen":1742389906169830,"flow_src_last_pkt_time":1742390105875118,"flow_dst_last_pkt_time":1742390106138218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1742390106138218,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"54.64.252.215","src_port":46824,"dst_port":9995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":128,"packets-processed":128,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5604,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1742390106138218} +02227{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1742389906169830,"flow_src_last_pkt_time":1742390001417221,"flow_dst_last_pkt_time":1742390001680430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1742390001680430,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"54.64.252.215","src_port":46824,"dst_port":9995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":44,"avg":6153483.5,"max":43050817,"stddev":11570571.0,"var":133878106816512.0,"ent":3.3,"data": [263659,306129,821,306586,44,307390,74,307185,313383,2118528,2477124,7517181,7472379,291234,291203,25327845,25327915,1611489,1610944,265504,265357,43050071,43050817,266877,266488,9059166,9059123,289475,289534,4522224,4522242]},"pktlen": {"min":52,"avg":81.1,"max":276,"stddev":43.7,"var":1910.2,"ent":4.8,"data": [60,60,52,76,52,60,100,52,80,52,108,52,108,52,108,52,276,52,108,52,116,52,116,52,108,52,108,52,108,52,116,52]},"bins": {"c_to_s": [5,8,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.813301563,5.346035480,5.195351124,5.435106754,5.325253010,5.093415737,6.106114388,5.156889439,5.743621826,5.118427753,6.171375751,5.286791325,6.270958900,5.209868431,6.164386272,5.248329639,7.040317535,5.171406746,6.261518478,5.248329639,6.273720264,5.118427753,6.418159008,5.171406746,6.134338379,5.171406746,6.159847260,5.209868431,6.194433689,5.171406269,6.331952095,5.130219936]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1742389980610107,"flow_src_last_pkt_time":1742389994061799,"flow_dst_last_pkt_time":1742389992891608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":271,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":369,"flow_dst_tot_l4_payload_len":1079,"midstream":0,"thread_ts_usec":1742390106138218,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"18.185.38.147","src_port":39908,"dst_port":7500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":48,"flow_first_seen":1742389906169830,"flow_src_last_pkt_time":1742390105875118,"flow_dst_last_pkt_time":1742390106138218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1742390106138218,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"54.64.252.215","src_port":46824,"dst_port":9995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nexon","proto_id":"113","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nexon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":128,"packets-processed":128,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5604,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1742390106138218} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 128/128 ~~ skipped flows.............: 0 @@ -26,10 +26,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655078 bytes -~~ total memory freed........: 8655078 bytes -~~ total allocations/frees...: 140674/140674 +~~ total memory allocated....: 9419484 bytes +~~ total memory freed........: 9419484 bytes +~~ total allocations/frees...: 154640/154640 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars -~~ json message max len.......: 2234 chars -~~ json message avg len.......: 1341 chars +~~ json message max len.......: 2232 chars +~~ json message avg len.......: 1340 chars diff --git a/test/results/default/nfsv2.pcap.out b/test/results/default/nfsv2.pcap.out index c45844198..8d509b859 100644 --- a/test/results/default/nfsv2.pcap.out +++ b/test/results/default/nfsv2.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":944207338400000} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":944207338400000} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207338400000,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207338400000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":944207338400000,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZMIAAEAR0zSLGRYCixkWZgzZAG8ASG3iOEEWnwAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAABAAAAA3VkcAAAAAAAAAAAAA=="} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207338400000,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207338400000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -39,7 +39,7 @@ 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338440000,"flow_src_last_pkt_time":944207338440000,"flow_dst_last_pkt_time":944207338450000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3291,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338880000,"flow_src_last_pkt_time":944207338880000,"flow_dst_last_pkt_time":944207338890000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3293,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338450000,"flow_src_last_pkt_time":944207338450000,"flow_dst_last_pkt_time":944207338450000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3292,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":156,"packets-processed":156,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":944207338890000} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":156,"packets-processed":156,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":944207338890000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 156/156 ~~ skipped flows.............: 0 @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8664092 bytes -~~ total memory freed........: 8664092 bytes -~~ total allocations/frees...: 140760/140760 +~~ total memory allocated....: 9428658 bytes +~~ total memory freed........: 9428658 bytes +~~ total allocations/frees...: 154726/154726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2121 chars diff --git a/test/results/default/nfsv3.pcap.out b/test/results/default/nfsv3.pcap.out index a521716fb..b8ce94325 100644 --- a/test/results/default/nfsv3.pcap.out +++ b/test/results/default/nfsv3.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":944207397280000} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":944207397280000} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207397280000,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207397280000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":944207397280000,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZTwAAEAR0rqLGRYCixkWZgzfAG8ASDUOOENPaQAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAADAAAAA3VkcAAAAAAAAAAAAA=="} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207397280000,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207397280000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -44,7 +44,7 @@ 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397740000,"flow_src_last_pkt_time":944207397740000,"flow_dst_last_pkt_time":944207397740000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3299,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397290000,"flow_src_last_pkt_time":944207397290000,"flow_dst_last_pkt_time":944207397290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397330000,"flow_src_last_pkt_time":944207397330000,"flow_dst_last_pkt_time":944207397330000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3298,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":128,"packets-processed":128,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":944207397750000} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":128,"packets-processed":128,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":944207397750000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 128/128 ~~ skipped flows.............: 0 @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8665738 bytes -~~ total memory freed........: 8665738 bytes -~~ total allocations/frees...: 140744/140744 +~~ total memory allocated....: 9430336 bytes +~~ total memory freed........: 9430336 bytes +~~ total allocations/frees...: 154710/154710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2123 chars diff --git a/test/results/default/nintendo.pcap.out b/test/results/default/nintendo.pcap.out index 0ac64ff45..c8ad3da43 100644 --- a/test/results/default/nintendo.pcap.out +++ b/test/results/default/nintendo.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1500731320644357} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1500731320644357} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731320644357,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1500731320644357,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"} 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731320644357,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -23,12 +23,12 @@ 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1500731320979798,"flow_dst_last_pkt_time":1500731321061743,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1500731321061743,"pkt":"fLuKifuEAA6OGXEMCABFAABo978AADIRdX9bCPMjwKgMcsEYy5cAVLrwMquYZAJwBD01h5dfEXOjSMMnhE7iZD46YMnDkr8jZmjTQglcfQu6zfg6r2JZe7qSyngwDYb9e4yf4CuOQCs6Hv1CZlVtYn7j1CdgDw=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731322454625,"flow_src_last_pkt_time":1500731322454625,"flow_dst_last_pkt_time":1500731322454625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731322454625,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1500731322454625,"flow_dst_last_pkt_time":1500731322454625,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1500731322454625,"pkt":"fLuKifuEAA6OGXEMCABFAACYFZdAAOUGcTo2uwq5wKgMcgG7vMgz\/J5Zi2972IAYALkcKwAAAQEICgQM20EAGkXPFwMDAF\/eldsI13HzPlUjJzvSUWyEIzWGgbOyhWxdkIHfN3lgjdjjc7JiXYu\/ooQ\/gzWIbwSHhgUl7CbzYWzRlB2Fe4u0GxVFMrAIoxb4XR3ehSS5gi8Kq9fYRepj92tegMbl5w=="} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731322454625,"flow_src_last_pkt_time":1500731322454625,"flow_dst_last_pkt_time":1500731322454625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731322454625,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731322454625,"flow_src_last_pkt_time":1500731322454625,"flow_dst_last_pkt_time":1500731322454625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731322454625,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1500731322454625,"flow_dst_last_pkt_time":1500731322460902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1500731322460902,"pkt":"AA6OGXEMfLuKifuECABFAABnEVxAAEAGGqfAqAxyNrsKubzIAbuLb3vYM\/yevYAYBAhG+gAAAQEICgAaYTYEDNtBFwMDAC4AAAAAAAAAKH6viddQUv6VCP9kwNVv1cM5qFQr1yPk5rVuTEPwOaETSFnM6WhQ"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1500731322761757,"flow_dst_last_pkt_time":1500731322460902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731322761757,"pkt":"fLuKifuEAA6OGXEMCABFAAA0FZhAAOUGcZ02uwq5wKgMcgG7vMgz\/J69i298C4AQALmNxAAAAQEICgQM25wAGmE2"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731323269434,"flow_src_last_pkt_time":1500731323269434,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731323269434,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1500731323269434,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1500731323269434,"pkt":"AA6OGXEMfLuKifuECABFAABoEV8AAEARLjHAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731323269434,"flow_src_last_pkt_time":1500731323269434,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731323269434,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731323269434,"flow_src_last_pkt_time":1500731323269434,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731323269434,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1500731323270842,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1500731323270842,"pkt":"AA6OGXEMfLuKifuECABFAABoEWAAAEARLjDAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1500731323270871,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1500731323270871,"pkt":"AA6OGXEMfLuKifuECABFAABoEWEAAEARLi\/AqAxyI55KPcuXgjcAVCUqMquYZAIAAACgRgAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjeofEEG4mAZPKsmIYZ3XQPw=="} 02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731323575958,"flow_dst_last_pkt_time":1500731323714896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":812,"flow_src_tot_l4_payload_len":1264,"flow_dst_tot_l4_payload_len":2736,"midstream":0,"thread_ts_usec":1500731323714896,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":53,"avg":193617.4,"max":1729670,"stddev":331922.2,"var":110172323840.0,"ent":3.6,"data": [87919,239629,335441,89838,30639,131192,103304,499986,507312,130872,234805,19308,15810,5164,16850,12585,53490,8758,197,60833,14170,505639,501514,5142,514446,94641,233,1729670,53,52619,81]},"pktlen": {"min":88,"avg":153.0,"max":840,"stddev":179.5,"var":32207.0,"ent":4.5,"data": [88,88,184,216,104,88,136,104,88,104,136,120,104,104,104,840,104,840,88,88,104,88,88,88,88,88,104,104,104,104,104,104]},"bins": {"c_to_s": [0,7,7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,4,8,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1],"entropies": [6.054771423,6.070055008,6.784899235,6.928938866,6.170448780,6.114374638,6.682166576,6.236359596,6.114374638,6.332513809,6.593932629,6.402483463,6.228141308,6.167903423,6.240113258,6.264906406,6.300350189,5.915572166,5.837212563,5.851361752,6.208909988,5.936699867,6.078633785,6.168406963,6.024600983,5.979146481,6.063282490,6.067996502,6.005589962,6.166695118,6.181211948,6.193184376]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -46,10 +46,10 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1500731326644516,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1500731326676754,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZgg2wBvZwKgMcgG7oi3AHA3T0ixqRaAScSCE4wAAAgQFrAQCCAqn0Wp9ABpxjAEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1500731326680974,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731326680974,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXRAAEAGCZ3AqAxyNsAb2aItAbvSLGpFwBwN1IAQAg4imAAAAQEICgAaca+n0Wp9"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1500731326686105,"pkt":"AA6OGXEMfLuKifuECABFAAEIEXVAAEAGCMjAqAxyNsAb2aItAbvSLGpFwBwN1IAYAg7fBQAAAQEICgAacbOn0Wp9FgMBAM8BAADLAwPpevzeArLIKOrS51pZ0JeD5YrYSKYz0y0ak5UBe34eswAANMArwC\/MqcyowArACcATwCPAJ8AUAJ7MqgAzADIAZwA5ADgAawAWABMAnAAvADwANQA9AAoBAABuAAAANwA1AAAyZTBkNjdjNTA5ZmIyMDM4NThlYmNiMmZlM2Y4OGMyYWEuYmFhcy5uaW50ZW5kby5jb23\/AQABAAAKAAgABgAXABgAGQALAAIBAAANABgAFgQBBQEGAQIBBAMFAwYDAgMFAgQCAgI="} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731326686105,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731326686105,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326720507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731326720507,"pkt":"fLuKifuEAA6OGXEMCABFAAA0Z1VAAPUG\/ro2wBvZwKgMcgG7oi3AHA3U0ixrGYAQAHYjVAAAAQEICqfRaoEAGnGz"} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326729816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1348,"midstream":0,"thread_ts_usec":1500731326729816,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01725{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326731294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":2696,"midstream":0,"thread_ts_usec":1500731326731294,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94","blocks":0}}} +01413{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326729816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1348,"midstream":0,"thread_ts_usec":1500731326729816,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01730{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326731294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":2696,"midstream":0,"thread_ts_usec":1500731326731294,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731329336127,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329336127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731329336127,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329336127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1500731329336127,"pkt":"AA6OGXEMfLuKifuECABFAAAoEX5AAEAGM1vAqAxyNpLySi0OAbv6FA+Od8xLzVAQEsCrFwAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329520313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1500731329520313,"pkt":"fLuKifuEAA6OGXEMCABFAAAo9shAACwGYhA2kvJKwKgMcgG7LQ53zEvN+hQPj1AQn2AedgAA"} @@ -91,11 +91,11 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1500731341201471,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1500731341241134,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZtk2wBsIwKgMcgG7emF9lpyBV\/Ua8qAScSBo2gAAAgQFrAQCCAqoOPNAABqqagEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1500731341242243,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731341242243,"pkt":"AA6OGXEMfLuKifuECABFAAA0EZdAAEAGCkvAqAxyNsAbCHphAbtX9RryfZacgoAQAg4GiQAAAQEICgAaqpOoOPNA"} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1500731341246098,"pkt":"AA6OGXEMfLuKifuECABFAAEIEZhAAEAGCXbAqAxyNsAbCHphAbtX9RryfZacgoAYAg5SDAAAAQEICgAaqpeoOPNAFgMBAM8BAADLAwNvKK+fQ4F0D04V95LMArBCLWBC88S5\/t3m1SoEKefZLwAANMArwC\/MqcyowArACcATwCPAJ8AUAJ7MqgAzADIAZwA5ADgAawAWABMAnAAvADwANQA9AAoBAABuAAAANwA1AAAyZTBkNjdjNTA5ZmIyMDM4NThlYmNiMmZlM2Y4OGMyYWEuYmFhcy5uaW50ZW5kby5jb23\/AQABAAAKAAgABgAXABgAGQALAAIBAAANABgAFgQBBQEGAQIBBAMFAwYDAgMFAgQCAgI="} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731341246098,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731341246098,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341283400,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731341283400,"pkt":"fLuKifuEAA6OGXEMCABFAAA0b8ZAAPUG9xo2wBsIwKgMcgG7emF9lpyCV\/UbxoAQAHYHRQAAAQEICqg480QAGqqX"} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341285479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1348,"midstream":0,"thread_ts_usec":1500731341285479,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01725{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341285901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":2696,"midstream":0,"thread_ts_usec":1500731341285901,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94","blocks":0}}} -02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1500731322454625,"flow_src_last_pkt_time":1500731342015923,"flow_dst_last_pkt_time":1500731342041758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":1090,"flow_dst_tot_l4_payload_len":1094,"midstream":1,"thread_ts_usec":1500731342041758,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":1262852.6,"max":14019058,"stddev":3442938.0,"var":11853821378560.0,"ent":2.4,"data": [6277,307132,3508675,3481620,246,43,276417,18546,55237,145,35743,210876,214177,255332,13944464,14019058,757,51,5265,332523,29922,280387,254222,215658,3394,13561,231064,4335,258992,453544,730768]},"pktlen": {"min":52,"avg":120.2,"max":457,"stddev":98.4,"var":9678.6,"ent":4.6,"data": [152,103,52,119,52,110,99,52,103,152,152,52,52,103,52,457,52,99,386,152,52,103,52,368,52,109,99,52,103,52,152,103]},"bins": {"c_to_s": [8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1],"entropies": [6.479545116,5.785408020,5.038780212,5.979954243,4.955154419,6.040005207,6.008045197,5.003043652,5.726619720,6.592999458,6.614606380,4.988526344,5.077241898,5.668902874,5.000318527,7.493407249,5.115703106,6.091131687,7.370351791,6.507602692,5.003043175,5.784872532,5.077241898,7.341584682,5.077241898,6.192684174,5.995468616,5.079966545,5.751333237,5.077241898,6.654079914,5.719826698]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01413{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341285479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1348,"midstream":0,"thread_ts_usec":1500731341285479,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01730{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341285901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":2696,"midstream":0,"thread_ts_usec":1500731341285901,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94","blocks":0}}} +02198{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1500731322454625,"flow_src_last_pkt_time":1500731342015923,"flow_dst_last_pkt_time":1500731342041758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":1090,"flow_dst_tot_l4_payload_len":1094,"midstream":1,"thread_ts_usec":1500731342041758,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":1262852.6,"max":14019058,"stddev":3442938.0,"var":11853821378560.0,"ent":2.4,"data": [6277,307132,3508675,3481620,246,43,276417,18546,55237,145,35743,210876,214177,255332,13944464,14019058,757,51,5265,332523,29922,280387,254222,215658,3394,13561,231064,4335,258992,453544,730768]},"pktlen": {"min":52,"avg":120.2,"max":457,"stddev":98.4,"var":9678.6,"ent":4.6,"data": [152,103,52,119,52,110,99,52,103,152,152,52,52,103,52,457,52,99,386,152,52,103,52,368,52,109,99,52,103,52,152,103]},"bins": {"c_to_s": [8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1],"entropies": [6.479545116,5.785408020,5.038780212,5.979954243,4.955154419,6.040005207,6.008045197,5.003043652,5.726619720,6.592999458,6.614606380,4.988526344,5.077241898,5.668902874,5.000318527,7.493407249,5.115703106,6.091131687,7.370351791,6.507602692,5.003043175,5.784872532,5.077241898,7.341584682,5.077241898,6.192684174,5.995468616,5.079966545,5.751333237,5.077241898,6.654079914,5.719826698]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731342849734,"flow_src_last_pkt_time":1500731342849734,"flow_dst_last_pkt_time":1500731342849734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731342849734,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1500731342849734,"flow_dst_last_pkt_time":1500731342849734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1500731342849734,"pkt":"AA6OGXEMfLuKifuECABFAABoEaUAAAQRdQ7AqAxyuXapQdpra4AAVCIdMquYZAIAAADswAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4rX5hDUY6wfFQBAZE4XnJazusJzbVQnhevgQppjVzdvQ=="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731342849734,"flow_src_last_pkt_time":1500731342849734,"flow_dst_last_pkt_time":1500731342849734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731342849734,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -134,34 +134,34 @@ 02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1500731342849734,"flow_src_last_pkt_time":1500731344006747,"flow_dst_last_pkt_time":1500731344120690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":844,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":2472,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":1500731344120690,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":78321.6,"max":754134,"stddev":152593.1,"var":23284658176.0,"ent":3.2,"data": [280,397,210011,243,431,203806,304,212,311877,2339,183,754134,1127,30674,588,242272,245592,5517,2752,1899,125604,98,25,109131,222,10721,20118,10437,105846,2222,28907]},"pktlen": {"min":88,"avg":154.0,"max":872,"stddev":186.2,"var":34652.0,"ent":4.5,"data": [104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,88,104,104,104,104,872,88,872,104,104,88]},"bins": {"c_to_s": [0,2,18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,1,1,1,0,0,1,0,0,1,1,1],"entropies": [6.027614594,6.162230015,5.955404758,6.008383274,6.027614117,5.981129169,5.969922066,6.066075802,6.046844959,5.974635601,6.058817387,6.054103374,6.103913307,6.176122665,6.046596527,6.109002590,6.645735741,5.936699867,6.072710037,6.149633408,6.658484459,6.054296017,6.158073902,6.254228115,6.048765182,6.142750740,5.609991074,5.891245842,5.565810204,6.126870632,6.246969700,5.874088764]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1500731343061460,"flow_src_last_pkt_time":1500731344751616,"flow_dst_last_pkt_time":1500731344671142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":844,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":4168,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":1500731344751616,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":106446.4,"max":757918,"stddev":188381.8,"var":35487694848.0,"ent":3.4,"data": [726,2728,200750,236,363,313750,216,309,757918,67,245897,246,38434,238,116689,3047,25905,110485,1189,79734,7959,87905,10077,91853,20145,506365,607064,9714,10174,12917,36738]},"pktlen": {"min":88,"avg":207.0,"max":872,"stddev":231.8,"var":53743.0,"ent":4.4,"data": [104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,168,88,872,88,872,88,104,104,88,344,840,472,472]},"bins": {"c_to_s": [0,3,13,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,0,1,1,1,0,0,0,0,0],"entropies": [6.039587021,6.058817387,5.969922066,6.032328129,6.054103374,6.019590855,6.073334694,6.111796379,6.092565060,6.168863773,6.214584351,6.109002590,6.140205860,6.123519897,6.154723167,6.208508015,6.138843060,6.726152897,5.973575592,6.683043003,5.940660000,5.584841251,5.973575592,5.570620537,5.787140369,6.150815010,6.182018280,6.004880905,7.315718174,5.846724510,6.181584358,6.204835892]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 02187{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1500731343266581,"flow_src_last_pkt_time":1500731344811760,"flow_dst_last_pkt_time":1500731344805333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":844,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":2304,"flow_dst_tot_l4_payload_len":1712,"midstream":0,"thread_ts_usec":1500731344811760,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":137,"avg":99481.6,"max":649265,"stddev":183756.7,"var":33766533120.0,"ent":3.2,"data": [295,399,313495,260,289,284287,137,381,629371,5230,43658,5349,61371,137,131610,65365,7948,186,836,31052,435,67583,2946,484,7525,105852,5669,103301,9836,549379,649265]},"pktlen": {"min":88,"avg":153.5,"max":872,"stddev":186.3,"var":34709.8,"ent":4.4,"data": [104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,104,104,88,104,104,872,88,872,88,104,104,88]},"bins": {"c_to_s": [0,3,15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0],"entropies": [6.066075802,6.142999172,6.123768806,6.032328606,6.188719273,6.181460857,6.181460857,6.169488430,6.111796379,6.038962364,6.065451622,6.120974541,6.128233433,6.053479195,6.116261482,6.740974426,6.004880905,6.097030163,6.166695118,6.774616718,6.150815487,6.220480442,5.905394077,6.170046329,6.234997272,5.541868210,5.928121090,5.589448929,6.027608395,6.189277172,6.140205860,6.004880905]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -01175{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731326270619,"flow_src_last_pkt_time":1500731326270619,"flow_dst_last_pkt_time":1500731326270619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":688,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":688,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +01171{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731326270619,"flow_src_last_pkt_time":1500731326270619,"flow_dst_last_pkt_time":1500731326270619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":688,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":688,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731326270619,"flow_src_last_pkt_time":1500731326270619,"flow_dst_last_pkt_time":1500731326270619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":688,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":688,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":122,"flow_dst_packets_processed":38,"flow_first_seen":1500731343266581,"flow_src_last_pkt_time":1500731348756457,"flow_dst_last_pkt_time":1500731348740538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":844,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":41352,"flow_dst_tot_l4_payload_len":3672,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -01117{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731327201452,"flow_dst_last_pkt_time":1500731327200386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":2164,"flow_dst_tot_l4_payload_len":4197,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01176{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731340981415,"flow_src_last_pkt_time":1500731340981415,"flow_dst_last_pkt_time":1500731340981415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731327201452,"flow_dst_last_pkt_time":1500731327200386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":2164,"flow_dst_tot_l4_payload_len":4197,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01172{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731340981415,"flow_src_last_pkt_time":1500731340981415,"flow_dst_last_pkt_time":1500731340981415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731340981415,"flow_src_last_pkt_time":1500731340981415,"flow_dst_last_pkt_time":1500731340981415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1500731323269434,"flow_src_last_pkt_time":1500731323270871,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1500731323269434,"flow_src_last_pkt_time":1500731323270871,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1500731341194858,"flow_src_last_pkt_time":1500731341194858,"flow_dst_last_pkt_time":1500731341194969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":239,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":239,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1500731326599476,"flow_src_last_pkt_time":1500731326599476,"flow_dst_last_pkt_time":1500731326628959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":239,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":239,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com"}} -00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":20,"flow_first_seen":1500731322454625,"flow_src_last_pkt_time":1500731343995103,"flow_dst_last_pkt_time":1500731343774950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":917,"flow_src_tot_l4_payload_len":2222,"flow_dst_tot_l4_payload_len":2701,"midstream":1,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01072{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1500731340826449,"flow_src_last_pkt_time":1500731340827037,"flow_dst_last_pkt_time":1500731340826449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":20,"flow_first_seen":1500731322454625,"flow_src_last_pkt_time":1500731343995103,"flow_dst_last_pkt_time":1500731343774950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":917,"flow_src_tot_l4_payload_len":2222,"flow_dst_tot_l4_payload_len":2701,"midstream":1,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01068{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1500731340826449,"flow_src_last_pkt_time":1500731340827037,"flow_dst_last_pkt_time":1500731340826449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1500731340826449,"flow_src_last_pkt_time":1500731340827037,"flow_dst_last_pkt_time":1500731340826449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1500731340941838,"flow_src_last_pkt_time":1500731340946396,"flow_dst_last_pkt_time":1500731340941838,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +01069{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1500731340941838,"flow_src_last_pkt_time":1500731340946396,"flow_dst_last_pkt_time":1500731340941838,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1500731340941838,"flow_src_last_pkt_time":1500731340946396,"flow_dst_last_pkt_time":1500731340941838,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1500731343274328,"flow_src_last_pkt_time":1500731343874408,"flow_dst_last_pkt_time":1500731343274328,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00941{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1500731342860163,"flow_src_last_pkt_time":1500731343591759,"flow_dst_last_pkt_time":1500731342860163,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":16,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731325506189,"flow_dst_last_pkt_time":1500731323714896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":812,"flow_src_tot_l4_payload_len":1716,"flow_dst_tot_l4_payload_len":2736,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00949{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1500731340831670,"flow_src_last_pkt_time":1500731340837106,"flow_dst_last_pkt_time":1500731340889684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00945{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1500731340831670,"flow_src_last_pkt_time":1500731340837106,"flow_dst_last_pkt_time":1500731340889684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1500731340831670,"flow_src_last_pkt_time":1500731340837106,"flow_dst_last_pkt_time":1500731340889684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":122,"flow_dst_packets_processed":35,"flow_first_seen":1500731343061460,"flow_src_last_pkt_time":1500731348745514,"flow_dst_last_pkt_time":1500731348621566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1212,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":43208,"flow_dst_tot_l4_payload_len":3556,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1500731320774476,"flow_src_last_pkt_time":1500731321994236,"flow_dst_last_pkt_time":1500731322059821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":688,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1500731320764440,"flow_src_last_pkt_time":1500731321914139,"flow_dst_last_pkt_time":1500731321902107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":628,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341710614,"flow_dst_last_pkt_time":1500731341709143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":2165,"flow_dst_tot_l4_payload_len":4198,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341710614,"flow_dst_last_pkt_time":1500731341709143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":2165,"flow_dst_tot_l4_payload_len":4198,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":169,"flow_dst_packets_processed":278,"flow_first_seen":1500731342849734,"flow_src_last_pkt_time":1500731348730363,"flow_dst_last_pkt_time":1500731348749211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":844,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":54316,"flow_dst_tot_l4_payload_len":114584,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00929{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1500731329336127,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329520313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00927{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1500731329336127,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329520313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1500731329336127,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329520313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1500731340951426,"flow_src_last_pkt_time":1500731340966394,"flow_dst_last_pkt_time":1500731340966499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":232,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"g2df33d01-lp1.p.srv.nintendo.net"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1000,"packets-processed":996,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1500731348756457} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1000,"packets-processed":996,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1500731348756457} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/996 ~~ skipped flows.............: 0 @@ -170,10 +170,10 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8740381 bytes -~~ total memory freed........: 8740381 bytes -~~ total allocations/frees...: 141764/141764 +~~ total memory allocated....: 9505362 bytes +~~ total memory freed........: 9505362 bytes +~~ total allocations/frees...: 155729/155729 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars -~~ json message max len.......: 2209 chars -~~ json message avg len.......: 1370 chars +~~ json message max len.......: 2204 chars +~~ json message avg len.......: 1368 chars diff --git a/test/results/default/nntp.pcap.out b/test/results/default/nntp.pcap.out index 03c77ecea..102b1c0de 100644 --- a/test/results/default/nntp.pcap.out +++ b/test/results/default/nntp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1258844926423672} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1258844926423672} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423672,"pkt":"AEBj1fcCABQqM3R+CABFAAA8fZdAAEAGv7nAqL4UwKi+BdlOAHfZ0lWUAAAAAKACFtABzgAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423829,"pkt":"ABQqM3R+AEBj1fcCCABFAAA8AABAAEAGPVHAqL4FwKi+FAB32U6dVo1l2dJVlaASFqBxAwAAAgQFtAQCCAoKz1tgAMgoAwEDAwQ="} @@ -9,7 +9,7 @@ 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844993785292,"flow_dst_last_pkt_time":1258844993785209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1258844993785292,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":4345908.0,"max":25684268,"stddev":7782391.0,"var":60565611347968.0,"ent":3.1,"data": [157,178,17001,17072,178,379,673149,673694,608,343,40452,19518042,19565845,7986,4770071,4784435,14326,95,29,25683555,25684268,770,12078373,12090740,12467,209,55,4543973,116,4544308,283]},"pktlen": {"min":40,"avg":205.9,"max":1500,"stddev":397.4,"var":157950.1,"ent":3.6,"data": [60,60,52,176,52,65,52,99,78,52,101,52,65,1280,52,65,1500,52,172,52,83,102,52,63,1500,52,318,52,58,52,80,40]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0],"entropies": [4.471673489,4.918822765,4.878231525,5.476410866,4.931209564,5.179985523,4.961856842,5.561774254,5.435857296,5.000318050,5.478010178,4.892747879,5.210754871,5.673897266,4.969671249,5.291449070,5.852569103,4.878231049,5.413592815,4.878231049,5.543476105,5.549430847,4.931209564,5.298630238,5.766685963,4.767184258,5.374790192,4.825252533,4.982897282,4.817437172,5.532413483,3.670482159]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844993785292,"flow_dst_last_pkt_time":1258844993785209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1258844993785292,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1258844993785292} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1258844993785292} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647813 bytes -~~ total memory freed........: 8647813 bytes -~~ total allocations/frees...: 140566/140566 +~~ total memory allocated....: 9412187 bytes +~~ total memory freed........: 9412187 bytes +~~ total allocations/frees...: 154532/154532 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2198 chars diff --git a/test/results/default/no_sni.pcap.out b/test/results/default/no_sni.pcap.out index 5324e361d..3b53d8c00 100644 --- a/test/results/default/no_sni.pcap.out +++ b/test/results/default/no_sni.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1604822444474923} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1604822444474923} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1604822444474923,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -74,7 +74,7 @@ 01305{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447785923,"flow_dst_last_pkt_time":1604822447869770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1453,"flow_dst_tot_l4_payload_len":5913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01299{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447844256,"flow_dst_last_pkt_time":1604822447844195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3333,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01299{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447839595,"flow_dst_last_pkt_time":1604822447839532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3333,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":442,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1604822448523987} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":442,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1604822448523987} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 442/442 ~~ skipped flows.............: 0 @@ -83,9 +83,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8817701 bytes -~~ total memory freed........: 8817701 bytes -~~ total allocations/frees...: 141122/141122 +~~ total memory allocated....: 9582398 bytes +~~ total memory freed........: 9582398 bytes +~~ total allocations/frees...: 155091/155091 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2506 chars diff --git a/test/results/default/nomachine.pcapng.out b/test/results/default/nomachine.pcapng.out index 7f5b1a8a5..72a4bd1b9 100644 --- a/test/results/default/nomachine.pcapng.out +++ b/test/results/default/nomachine.pcapng.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1703593377933911} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1703593377933911} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703593377933911,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377933911,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703593377933911,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":48084,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377933911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703593377933911,"pkt":"CAAniDE88C90rUP1CABFAAA8XExAAEAGq2fAqFjnwKhY0LvUD6Ca7uG5AAAAAKACfXgzNwAAAgQFtAQCCAq5wW2uAAAAAAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377934101,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1703593377934101,"pkt":"8C90rUP1CAAniDE8CABFAAA0fEFAAIAGS3rAqFjQwKhY5w+gu9QTl9o0mu7huoAS\/\/8GDgAAAgQFtAEDAwgBAQQC"} @@ -17,7 +17,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1703593431350223,"flow_dst_last_pkt_time":1703593431337702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":52,"pkt_l4_len":18,"thread_ts_usec":1703593431350223,"pkt":"CAAniDE88C90rUP1CABFEAAmt+RAAEART8rAqFjnwKhY0NrTD6AAEjMsAQABAAoAAwAAAA=="} 01117{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1703593377933911,"flow_src_last_pkt_time":1703593388402510,"flow_dst_last_pkt_time":1703593388402639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1241,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":2598,"midstream":0,"thread_ts_usec":1703593431783751,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":48084,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"NoMachine","proto_id":"378","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1703593431289999,"flow_src_last_pkt_time":1703593431710396,"flow_dst_last_pkt_time":1703593431783751,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1703593431783751,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":56019,"dst_port":4000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"NoMachine","proto_id":"378","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":73,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1703593431783751} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":73,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1703593431783751} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 73/73 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649423 bytes -~~ total memory freed........: 8649423 bytes -~~ total allocations/frees...: 140619/140619 +~~ total memory allocated....: 9413829 bytes +~~ total memory freed........: 9413829 bytes +~~ total allocations/frees...: 154585/154585 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2301 chars diff --git a/test/results/default/nordvpn.pcap.out b/test/results/default/nordvpn.pcap.out index 96adbfc6c..0ef74c3d1 100644 --- a/test/results/default/nordvpn.pcap.out +++ b/test/results/default/nordvpn.pcap.out @@ -1,4 +1,4 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72956182,"flow_src_last_pkt_time":72956182,"flow_dst_last_pkt_time":72956182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72956182,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"138.199.54.231","src_port":53465,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":72956182,"flow_dst_last_pkt_time":72956182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":72956182,"pkt":"ILAB4IZiCAAnOk7TCABFAACwxYkAAIAR8JDAqAHMisc259DZymwAnGN7AQAAAHCugaGuyNQrgpjUMMvMRv7tce\/UxbPHmzgM4LnyLwPRKrv+f1lPN089Zz9DutclWxa2b9kbYJ9kEX3SHwseg9E6ZgGcSILv3pxypQ8XNJaJEu3uxCNItzEaZIvw5Da46v65wcrR8Sdsrbqt8UBCO8iPM7MsevZdJlISnocLHSzwAAAAAAAAAAAAAAAAAAAAAA=="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":72956182,"flow_dst_last_pkt_time":72980286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":72980286,"pkt":"CAAnOk7TILAB4IZiCABFiAB4BHgAADgR+VKKxzbnwKgBzMps0NkAZOQeAgAAAO40GlZwroGhVrO4D1FIBzFVRMFp83WK3C+jc+btex70OBI3KcNQUDYhwc581LFzWOk2ELMrgwg7HkxAgpDbawfT4PLuuWKO9QAAAAAAAAAAAAAAAAAAAAA="} @@ -34,7 +34,7 @@ 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":11,"flow_first_seen":87609474,"flow_src_last_pkt_time":91987482,"flow_dst_last_pkt_time":88825983,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":4297,"flow_dst_tot_l4_payload_len":6510,"midstream":0,"thread_ts_usec":143113117,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.145.125.35","src_port":63670,"dst_port":1198,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"NordVPN","proto_id":"426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":142201471,"flow_src_last_pkt_time":143113117,"flow_dst_last_pkt_time":142524666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2854,"flow_dst_tot_l4_payload_len":5148,"midstream":0,"thread_ts_usec":143113117,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"45.80.28.142","src_port":49788,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NordVPN","proto_id":"91.426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":27,"flow_first_seen":96300241,"flow_src_last_pkt_time":100257768,"flow_dst_last_pkt_time":99939060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5803,"flow_dst_tot_l4_payload_len":6441,"midstream":0,"thread_ts_usec":143113117,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"212.129.45.224","src_port":49766,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"POPS","proto_id":"23","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":143,"packets-processed":143,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39245,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":143113117} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/nordvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":143,"packets-processed":143,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39245,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":143113117} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 143/143 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8682074 bytes -~~ total memory freed........: 8682074 bytes -~~ total allocations/frees...: 140722/140722 +~~ total memory allocated....: 9446544 bytes +~~ total memory freed........: 9446544 bytes +~~ total allocations/frees...: 154688/154688 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 506 chars ~~ json message max len.......: 2004 chars diff --git a/test/results/default/ocs.pcap.out b/test/results/default/ocs.pcap.out index df000e61a..a93b2a482 100644 --- a/test/results/default/ocs.pcap.out +++ b/test/results/default/ocs.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449652784341686} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449652784341686} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652784341686,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652784341686,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652784341686,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786071163,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} @@ -46,7 +46,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787196993,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652787196993,"pkt":"RQAAQLBlQABABm0+wKi0Atg60C6hBwG7mRQzWuLMvMiwEADlffQAAAEBCAoANYLTGASmTQEBBQrizMI04szMyA=="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1449652787273902,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787273902,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1449652787289491,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":273,"pkt_l4_len":253,"thread_ts_usec":1449652787289491,"pkt":"RQABESFOQABABqYRwKi0AhcV5seZXwG7KAKjIVpZIEyAGADlY\/8AAAEBCAoANYLdl2cJ1hYDAQDYAQAA1AMBVmhd8h0B5s6XDqG2jAg9OuLJnsmZQXwY4InZKY+7bC8AAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAZQAAAB0AGwAAGHNldHRpbmdzLmNyYXNobHl0aWNzLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABkAIwAA"} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652787289491,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787289491,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","proto_id":"91.275","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":4,"category":"DataTransfer","hostname":"settings.crashlytics.com","domainame":"settings.crashlytics.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652787289491,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787289491,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","proto_id":"91.275","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":4,"category":"DataTransfer","hostname":"settings.crashlytics.com","domainame":"settings.crashlytics.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787439592,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787439592,"pkt":"RQAANCFPQABABqbtwKi0AhcV5seZXwG7KAKj\/lpZJECAEAEE+OkAAAEBCAoANYLsl2cKCg=="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787479949,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787479949,"pkt":"RQAANGAeQABABlqlwKi0AomHgc6vnwBQfAzi7h3gADyAEAD1OwIAAAEBCAoANYLwvXlNHw=="} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787507858,"flow_src_last_pkt_time":1449652787507858,"flow_dst_last_pkt_time":1449652787507858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787507858,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} @@ -126,7 +126,7 @@ 01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":0,"flow_first_seen":1449652842628827,"flow_src_last_pkt_time":1449652846380718,"flow_dst_last_pkt_time":1449652842628827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.ocs.fr"}} 00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786098261,"flow_src_last_pkt_time":1449652786098261,"flow_dst_last_pkt_time":1449652786098261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1449652798305095,"flow_src_last_pkt_time":1449652798887943,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":597,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":952,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01117{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652788767036,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","proto_id":"91.275","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} +01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652788767036,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","proto_id":"91.275","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652786135098,"flow_src_last_pkt_time":1449652787495655,"flow_dst_last_pkt_time":1449652786135098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":772,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCS","proto_id":"7.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652798230623,"flow_src_last_pkt_time":1449652798230623,"flow_dst_last_pkt_time":1449652798230623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01078{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1449652786395470,"flow_src_last_pkt_time":1449652787578542,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -136,7 +136,7 @@ 00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786934111,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652787596837,"flow_src_last_pkt_time":1449652818681770,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"Azure","proto_id":"276","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652787596837,"flow_src_last_pkt_time":1449652818681770,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":946,"packets-processed":946,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":2,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":139,"global_ts_usec":1449652846380718} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":946,"packets-processed":946,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":2,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":139,"global_ts_usec":1449652846380718} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 946/946 ~~ skipped flows.............: 0 @@ -145,9 +145,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8743448 bytes -~~ total memory freed........: 8743448 bytes -~~ total allocations/frees...: 141722/141722 +~~ total memory allocated....: 9508430 bytes +~~ total memory freed........: 9508430 bytes +~~ total allocations/frees...: 155688/155688 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 2403 chars diff --git a/test/results/default/ocsp.pcapng.out b/test/results/default/ocsp.pcapng.out index 60a6435dc..dbe26346f 100644 --- a/test/results/default/ocsp.pcapng.out +++ b/test/results/default/ocsp.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623221248283182} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623221248283182} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248283182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221248283182,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248283182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623221248283182,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"thread_ts_usec":1623221248292856,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"} @@ -8,7 +8,7 @@ 01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":385,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":385,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221248318158,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ocsp07.actalis.it","domainame":"ocsp07.actalis.it","http": {"url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248329809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"thread_ts_usec":1623221248329809,"pkt":"6CrqthSFpJGxgjQ5CABFAAAoCt1AADUGGp9tRvCCwKgB4wBQwpWhnw3RQJ5DoFAQAB+YzAAAAAAAAAAAGYERCQBRAFEBZAABAAACCAAAAAAAAAAAAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVd3OEQ=="} 01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248329809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":385,"flow_dst_max_l4_payload_len":355,"flow_src_tot_l4_payload_len":385,"flow_dst_tot_l4_payload_len":355,"midstream":0,"thread_ts_usec":1623221248329809,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp07.actalis.it","domainame":"ocsp07.actalis.it","http": {"url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":200,"content_type":"application\/ocsp-response","user_agent":"Microsoft-CryptoAPI\/10.0"}}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623222699655905} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623222699655905} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699655905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222699655905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699655905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222699655905,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699659281,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222699659281,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"} @@ -22,10 +22,10 @@ 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623222785863296,"flow_dst_last_pkt_time":1623222785875339,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222785875339,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGxC5cel\/rwKgBgABQqtACFmIrx0ULW6AScSDxGwAAAgQFtAQCCAqrs6x4tFZ4oAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8kYB7"} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1623222785879381,"flow_dst_last_pkt_time":1623222785875339,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623222785879381,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0JGJAAEAGl9TAqAGAXHpf66rQAFDHRQtbAhZiLIAQAfaPAgAAAQEICrRWeLCrs6x4GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcxJlyw=="} 01129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1623222785879661,"flow_dst_last_pkt_time":1623222785875339,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":504,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":504,"pkt_l4_len":418,"thread_ts_usec":1623222785879661,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAG2JGNAAEAGllHAqAGAXHpf66rQAFDHRQtbAhZiLIAYAfaHlAAAAQEICrRWeLCrs6x4UE9TVCAvIEhUVFAvMS4xDQpIb3N0OiByMy5vLmxlbmNyLm9yZw0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgVWJ1bnR1OyBMaW51eCB4ODZfNjQ7IHJ2Ojg5LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvODkuMA0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3NwLXJlcXVlc3QNCkNvbnRlbnQtTGVuZ3RoOiA4NQ0KRE5UOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjBTMFEwTzBNMEswCQYFKw4DAhoFAAQUSNrJoPsr0y1P8N5o0vVntzX5s8QEFBQusxe3WFbLrlAJQOYfr52LFMLGAhID84roU\/SCK12nFzAlhMg+ZEMZgREJAxwDHAFkAQEAAAIIAAAAAAAAAAADHAAAAAAAAAAAAAAAAAAAAAAAAAAAAACtRxQ5"} -01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222785879661,"flow_dst_last_pkt_time":1623222785875339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222785879661,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"r3.o.lencr.org","domainame":"r3.o.lencr.org","http": {"url":"r3.o.lencr.org\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0","request_content_type":"application\/ocsp-request","detected_os":"Ubuntu"}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222785879661,"flow_dst_last_pkt_time":1623222785875339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222785879661,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"r3.o.lencr.org","domainame":"r3.o.lencr.org","http": {"url":"r3.o.lencr.org\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0","request_content_type":"application\/ocsp-request","detected_os":"Ubuntu"}}} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1623222785879661,"flow_dst_last_pkt_time":1623222785894957,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623222785894957,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0t59AADgGDJdcel\/rwKgBgABQqtACFmIsx0UM3YAQAOuOeAAAAQEICquzrIu0VniwGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgbpHCw=="} 02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222817722827,"flow_dst_last_pkt_time":1623222807485567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":702,"flow_src_tot_l4_payload_len":788,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1623222817722827,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7286986.5,"max":10243102,"stddev":4408149.5,"var":19431782612992.0,"ent":4.5,"data": [3376,7013,0,7440,102951,109262,10007824,10012989,10151666,10151973,10240500,10240566,10243102,10242877,10236097,10235872,10239925,10240468,10239857,10239497,5617732,5617894,102927,109302,10148797,10155034,10236056,10236089,10239827,10239709,10239962]},"pktlen": {"min":104,"avg":173.0,"max":806,"stddev":189.1,"var":35745.5,"ent":4.5,"data": [112,112,104,498,104,806,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,498,104,806,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0],"entropies": [3.897244453,4.342274189,4.040620327,6.236268997,4.387147903,7.122592449,4.465434074,4.446203232,4.328273296,4.336050510,4.381251812,4.426972389,4.335968971,4.426972389,4.400482655,4.446203232,4.335968971,4.446203232,4.400482655,4.446203232,4.369279861,6.204105377,4.350049019,7.039563656,4.419713497,4.426972389,4.419713497,4.369279861,4.419713497,4.381252289,4.407741547,4.381689072]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.pki.goog"}} -02316{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222906298417,"flow_dst_last_pkt_time":1623222896069773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":889,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":1778,"midstream":0,"thread_ts_usec":1623222906298417,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":280,"avg":7440051.5,"max":10244049,"stddev":4398639.5,"var":19348030750720.0,"ent":4.5,"data": [12043,16085,280,19618,157130,176931,7779779,7796085,1344,16621,10045906,10060740,10239929,10239733,10239821,10240037,10244027,10243851,10239937,10239981,10236031,10236118,10243927,10244049,10235957,10235895,10239975,10239809,10240030,10240044,10239885]},"pktlen": {"min":104,"avg":184.2,"max":993,"stddev":228.7,"var":52281.3,"ent":4.4,"data": [112,112,104,490,104,993,104,490,104,993,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.854789734,4.210582733,4.061213493,6.305238724,4.330295086,6.969508171,4.388510704,6.307199955,4.399959564,6.995585918,4.388510704,4.446203232,4.362458229,4.407741547,4.380728722,4.362020969,4.380728722,4.407741547,4.342267036,4.388510704,4.335008621,4.362458229,4.335008621,4.381251812,4.373470306,4.369279861,4.335008621,4.407741547,4.354239464,4.400482655,4.354321003,4.343227386]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"r3.o.lencr.org"}} +02317{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222906298417,"flow_dst_last_pkt_time":1623222896069773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":889,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":1778,"midstream":0,"thread_ts_usec":1623222906298417,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":280,"avg":7440051.5,"max":10244049,"stddev":4398639.5,"var":19348030750720.0,"ent":4.5,"data": [12043,16085,280,19618,157130,176931,7779779,7796085,1344,16621,10045906,10060740,10239929,10239733,10239821,10240037,10244027,10243851,10239937,10239981,10236031,10236118,10243927,10244049,10235957,10235895,10239975,10239809,10240030,10240044,10239885]},"pktlen": {"min":104,"avg":184.2,"max":993,"stddev":228.7,"var":52281.3,"ent":4.4,"data": [112,112,104,490,104,993,104,490,104,993,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.854789734,4.210582733,4.061213493,6.305238724,4.330295086,6.969508171,4.388510704,6.307199955,4.399959564,6.995585918,4.388510704,4.446203232,4.362458229,4.407741547,4.380728722,4.362020969,4.380728722,4.407741547,4.342267036,4.388510704,4.335008621,4.362458229,4.335008621,4.381251812,4.373470306,4.369279861,4.335008621,4.407741547,4.354239464,4.400482655,4.354321003,4.343227386]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"r3.o.lencr.org"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623223090984057,"flow_src_last_pkt_time":1623223090984057,"flow_dst_last_pkt_time":1623223090984057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623223090984057,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1623223090984057,"flow_dst_last_pkt_time":1623223090984057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623223090984057,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8WOFAAEAGCBnAqAGAl4uADoYQAFC9BO7MAAAAAKAC+vBq5AAAAgQFtAQCCArLCQstAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABk1G4o"} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1623223090984057,"flow_dst_last_pkt_time":1623223091009779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623223091009779,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADAGcPqXi4AOwKgBgABQhhCFN\/R2vQTuzaAS\/ohuswAAAgQFtAQCCAoBgn1XywkLLQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKwfqN"} @@ -40,9 +40,9 @@ 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1623223091739953,"flow_dst_last_pkt_time":1623223091736393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":507,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":507,"pkt_l4_len":421,"thread_ts_usec":1623223091739953,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAG5XMBAAEAGAr3AqAGAl4uADoYkAFDUes8pRA46ZYAYAfYk5gAAAQEICssJDiF7mshzUE9TVCAvIEhUVFAvMS4xDQpIb3N0OiBvY3NwLnVzZXJ0cnVzdC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IFVidW50dTsgTGludXggeDg2XzY0OyBydjo4OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzg5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2NzcC1yZXF1ZXN0DQpDb250ZW50LUxlbmd0aDogODQNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQowUjBQME4wTDBKMAkGBSsOAwIaBQAEFKXiNE71djqc4vMem5gHsAdXJ6X5BBSzkKfYya9OzWE8n3ytXX9B\/Wkw6gIRAJnBdFpqwI6TIPvrQkILwY0ZgREJAxwDHAFkAQEAAAIIAAAAAAAAAAADHAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLKldi"} 01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623223091709422,"flow_src_last_pkt_time":1623223091739953,"flow_dst_last_pkt_time":1623223091736393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623223091739953,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.usertrust.com","domainame":"ocsp.usertrust.com","http": {"url":"ocsp.usertrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0","request_content_type":"application\/ocsp-request","detected_os":"Ubuntu"}}} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1623223091739953,"flow_dst_last_pkt_time":1623223091766742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623223091766742,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA09eZAAC8GfBuXi4AOwKgBgABQhiREDjpl1HrQroAQAQXUjAAAAQEICnuayJLLCQ4hGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JxURA=="} -01001{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222909833905,"flow_dst_last_pkt_time":1623222909829628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":889,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":1778,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"r3.o.lencr.org"}} +01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222909833905,"flow_dst_last_pkt_time":1623222909829628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":889,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":1778,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"r3.o.lencr.org"}} 01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":24,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222892672181,"flow_dst_last_pkt_time":1623222892670553,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":702,"flow_src_tot_l4_payload_len":788,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.pki.goog"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1623226796047107} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1623226796047107} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796047107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623226796047107,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796047107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623226796047107,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796050182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623226796050182,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"} @@ -53,13 +53,13 @@ 01010{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623223090984057,"flow_src_last_pkt_time":1623223156058732,"flow_dst_last_pkt_time":1623223156084748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":393,"flow_dst_max_l4_payload_len":728,"flow_src_tot_l4_payload_len":393,"flow_dst_tot_l4_payload_len":1199,"midstream":0,"thread_ts_usec":1623226796065242,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"geant.ocsp.sectigo.com"}} 01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623223091709422,"flow_src_last_pkt_time":1623223156773701,"flow_dst_last_pkt_time":1623223156800666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":917,"midstream":0,"thread_ts_usec":1623226796065242,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.usertrust.com"}} 02305{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226898935296,"flow_dst_last_pkt_time":1623226888697884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":2397,"midstream":0,"thread_ts_usec":1623226898935296,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":297,"avg":6307708.5,"max":10240173,"stddev":4932344.5,"var":24328020164608.0,"ent":4.3,"data": [3075,7547,2588,10413,297,8000,10198565,10205648,10239932,10239686,10240046,10239807,10240147,10240173,10239675,10239894,594543,595404,7786,346,7916,7271,10142015,10148632,10239909,10240023,10239943,10239865,10239954,10239944,10239922]},"pktlen": {"min":104,"avg":215.7,"max":903,"stddev":247.8,"var":61420.8,"ent":4.3,"data": [112,112,104,491,104,903,104,104,104,104,104,104,104,104,104,104,104,491,903,104,491,903,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0],"entropies": [3.868270159,4.279380798,4.030010700,6.270659924,4.342348576,7.048072815,4.407741547,4.407741547,4.327831268,4.388510704,4.373551369,4.383797169,4.361579418,4.395769119,4.336050510,4.388510704,4.327831268,6.267565727,7.008815289,4.357307434,6.261363029,7.018546581,4.348686218,4.395769119,4.303886890,4.330818176,4.342348576,4.395769119,4.342348576,4.414999962,4.272684097,4.376538277]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.digicert.com"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":208,"packets-processed":207,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1623227471703092} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":208,"packets-processed":207,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1623227471703092} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471703092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623227471703092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471703092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227471703092,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471715055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227471715055,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1623227471719571,"flow_dst_last_pkt_time":1623227471715055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623227471719571,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0CDpAAEAGLLHAqAGANFUPXMDmAFDpM3mMLf+Pt4AQAfaB9gAAAQEICsPaOecCPQtLGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYY2fOA=="} 01146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1623227471719950,"flow_dst_last_pkt_time":1623227471715055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":428,"thread_ts_usec":1623227471719950,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAHACDtAAEAGKyTAqAGANFUPXMDmAFDpM3mMLf+Pt4AYAfaP7AAAAQEICsPaOecCPQtLUE9TVCAvIEhUVFAvMS4xDQpIb3N0OiBvY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgVWJ1bnR1OyBMaW51eCB4ODZfNjQ7IHJ2Ojg5LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvODkuMA0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3NwLXJlcXVlc3QNCkNvbnRlbnQtTGVuZ3RoOiA4Mw0KRE5UOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjBRME8wTTBLMEkwCQYFKw4DAhoFAAQUM\/Wqxh1m5wVdAxc6TR8+GHE4hQ0EFFmkZgZSoHuVkjyjlAcnlnRb+T3QAhAMZKm9WnEBHCVPP9uq1it6GYERCQMcAxwBZAEBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAApQ1X+g=="} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227471719950,"flow_dst_last_pkt_time":1623227471715055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623227471719950,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.sca1b.amazontrust.com","domainame":"ocsp.sca1b.amazontrust.com","http": {"url":"ocsp.sca1b.amazontrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0","request_content_type":"application\/ocsp-request","detected_os":"Ubuntu"}}} +01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227471719950,"flow_dst_last_pkt_time":1623227471715055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623227471719950,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.sca1b.amazontrust.com","domainame":"ocsp.sca1b.amazontrust.com","http": {"url":"ocsp.sca1b.amazontrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0","request_content_type":"application\/ocsp-request","detected_os":"Ubuntu"}}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1623227471719950,"flow_dst_last_pkt_time":1623227471732149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623227471732149,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0PJsAAPMGhU80VQ9cwKgBgABQwOYt\/4+36TN7GIAQAIOBzAAAAQEICgI9C1zD2jnnGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NOMdg=="} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623227472211039,"flow_src_last_pkt_time":1623227472211039,"flow_dst_last_pkt_time":1623227472211039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623227472211039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1623227472211039,"flow_dst_last_pkt_time":1623227472211039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227472211039,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8cDxAAEAGbm3AqAGAl2UCheoSAFClxR9VAAAAAKAC+vA6IAAAAgQFtAQCCApcSasVAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbRut"} @@ -70,8 +70,8 @@ 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1623227472219362,"flow_dst_last_pkt_time":1623227472222531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623227472222531,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0sJJAADYGOB+XZQKFwKgBgABQ6hJzFOMEpcUg54AQAQmfZQAAAQEICgJKaWJcSasdGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkk6WYg=="} 01008{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":23,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226963037756,"flow_dst_last_pkt_time":1623226963033362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":2397,"midstream":0,"thread_ts_usec":1623227472228502,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.digicert.com"}} 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227472211039,"flow_src_last_pkt_time":1623227587349174,"flow_dst_last_pkt_time":1623227584757187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":401,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1998,"midstream":0,"thread_ts_usec":1623227587349174,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7344654.5,"max":10240632,"stddev":4532510.5,"var":20543650660352.0,"ent":4.5,"data": [3378,7400,923,8114,615,0,9140,0,10126876,10134843,10240392,10240491,10239169,10239578,10239933,10239705,10239910,10239519,10239942,10240185,10239877,10240084,10240632,10240175,10239571,10239443,10239518,10240005,10239975,10240013,2594877]},"pktlen": {"min":104,"avg":179.5,"max":1448,"stddev":263.0,"var":69147.6,"ent":4.2,"data": [112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.821438313,4.185985565,4.099675179,6.228553295,4.350049019,6.867750645,7.448840618,4.438944817,4.354762554,4.362021446,4.304766178,4.350049019,4.400483131,4.381252289,4.400483131,4.354762554,4.328273296,4.342790604,4.381252289,4.419713974,4.400483131,4.419713974,4.373993397,4.347504139,4.362021446,4.362021446,4.400483131,4.400483131,4.400483131,4.354762554,4.381252289,4.362021446]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.globalsign.com"}} -02336{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227587366039,"flow_dst_last_pkt_time":1623227587361645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":1006,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":1006,"midstream":0,"thread_ts_usec":1623227587366039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":379,"avg":7461984.0,"max":10240568,"stddev":4364520.0,"var":19049033498624.0,"ent":4.6,"data": [11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865]},"pktlen": {"min":104,"avg":148.3,"max":1110,"stddev":185.9,"var":34567.0,"ent":4.5,"data": [112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.872647047,4.259160519,4.034724236,6.288679600,4.284656048,6.962940216,4.381252289,4.381252289,4.315859318,4.362021446,4.250907898,4.362021446,4.335090160,4.354762554,4.277397633,4.283735275,4.335090160,4.381252289,4.315859318,4.362021446,4.284656048,4.381252289,4.284656048,4.323559761,4.335090160,4.335531712,4.296628475,4.362021446,4.315859318,4.329455853,4.250907898,4.369279861]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.sca1b.amazontrust.com"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":275,"packets-processed":274,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1623229632695852} +02341{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227587366039,"flow_dst_last_pkt_time":1623227587361645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":1006,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":1006,"midstream":0,"thread_ts_usec":1623227587366039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":379,"avg":7461984.0,"max":10240568,"stddev":4364520.0,"var":19049033498624.0,"ent":4.6,"data": [11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865]},"pktlen": {"min":104,"avg":148.3,"max":1110,"stddev":185.9,"var":34567.0,"ent":4.5,"data": [112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.872647047,4.259160519,4.034724236,6.288679600,4.284656048,6.962940216,4.381252289,4.381252289,4.315859318,4.362021446,4.250907898,4.362021446,4.335090160,4.354762554,4.277397633,4.283735275,4.335090160,4.381252289,4.315859318,4.362021446,4.284656048,4.381252289,4.284656048,4.323559761,4.335090160,4.335531712,4.296628475,4.362021446,4.315859318,4.329455853,4.250907898,4.369279861]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.sca1b.amazontrust.com"}} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":275,"packets-processed":274,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1623229632695852} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632695852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623229632695852,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632695852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229632695852,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632706990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229632706990,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"} @@ -79,19 +79,19 @@ 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1623229632711767,"flow_dst_last_pkt_time":1623229632706990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":431,"thread_ts_usec":1623229632711767,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAHD2HBAAEAGQOPAqAGAbUbwcrHKAFDtwUNX33KM0YAYAfaYmwAAAQEIChEpHLC9uUvmUE9TVCAvVkEvQVVUSE9WLUczIEhUVFAvMS4xDQpIb3N0OiBvY3NwMDkuYWN0YWxpcy5pdA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgVWJ1bnR1OyBMaW51eCB4ODZfNjQ7IHJ2Ojg5LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvODkuMA0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3NwLXJlcXVlc3QNCkNvbnRlbnQtTGVuZ3RoOiA4Mw0KRE5UOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjBRME8wTTBLMEkwCQYFKw4DAhoFAAQUNL+Cwfx\/WQT4r950hY4SzIQsVScEFJ+KsbXxsd6C9Cd8vojN3qlDgaNLAhBEbs9sHEJHnquPUoOLvrZ1GYERCQMcAxwBZAEBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOcd60g=="} 01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229632711767,"flow_dst_last_pkt_time":1623229632706990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":399,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623229632711767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp09.actalis.it","domainame":"ocsp09.actalis.it","http": {"url":"ocsp09.actalis.it\/VA\/AUTHOV-G3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0","request_content_type":"application\/ocsp-request","detected_os":"Ubuntu"}}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1623229632711767,"flow_dst_last_pkt_time":1623229632722154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623229632722154,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0xyRAADUGXr5tRvBywKgBgABQscrfcozR7cFE5oAQAOvNYAAAAQEICr25S\/YRKRywGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAArVMRVw=="} -01016{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227587366039,"flow_dst_last_pkt_time":1623227587361645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":1006,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":1006,"midstream":0,"thread_ts_usec":1623229632732239,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.sca1b.amazontrust.com"}} +01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227587366039,"flow_dst_last_pkt_time":1623227587361645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":1006,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":1006,"midstream":0,"thread_ts_usec":1623229632732239,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.sca1b.amazontrust.com"}} 01007{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1623227472211039,"flow_src_last_pkt_time":1623227587356728,"flow_dst_last_pkt_time":1623227587353093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":401,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1998,"midstream":0,"thread_ts_usec":1623229632732239,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.globalsign.com"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229850956311,"flow_dst_last_pkt_time":1623229850956311,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623229850956311,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1623229850956311,"flow_dst_last_pkt_time":1623229850956311,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229850956311,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8+shAAEAGBi7AqAGAFwxgkb+KAFDAJRPhAAAAAKAC+vCvFgAAAgQFtAQCCAqOHkIzAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxCLhj"} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1623229850956311,"flow_dst_last_pkt_time":1623229850968545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229850968545,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGCPcXDGCRwKgBgABQv4rZVTUewCUT4qAS\/ohT3AAAAgQFtAQCCAoG1UJIjh5CMwEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvS4I1"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1623229850972935,"flow_dst_last_pkt_time":1623229850968545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623229850972935,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0+slAAEAGBjXAqAGAFwxgkb+KAFDAJRPi2VU1H4AQAfZ\/KgAAAQEICo4eQkQG1UJIGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV7trsA=="} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1623229850973410,"flow_dst_last_pkt_time":1623229850968545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":504,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":504,"pkt_l4_len":418,"thread_ts_usec":1623229850973410,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAG2+spAAEAGBLLAqAGAFwxgkb+KAFDAJRPi2VU1H4AYAfYl6AAAAQEICo4eQkQG1UJIUE9TVCAvIEhUVFAvMS4xDQpIb3N0OiBvY3NwLmVudHJ1c3QubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBVYnVudHU7IExpbnV4IHg4Nl82NDsgcnY6ODkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC84OS4wDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVxdWVzdA0KQ29udGVudC1MZW5ndGg6IDgzDQpETlQ6IDENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KMFEwTzBNMEswSTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a\/vDh7s6DzAQUgqJwdN28Uz\/Pe9T3zX+nYMYKTL8CED2CSQGTfaX4BjrxOdvW3NcZgREJAxwDHAFkAQEAAAIIAAAAAAAAAAADHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5jItU"} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229850973410,"flow_dst_last_pkt_time":1623229850968545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623229850973410,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.entrust.net","domainame":"ocsp.entrust.net","http": {"url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0","request_content_type":"application\/ocsp-request","detected_os":"Ubuntu"}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229850973410,"flow_dst_last_pkt_time":1623229850968545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623229850973410,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.entrust.net","domainame":"ocsp.entrust.net","http": {"url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0","request_content_type":"application\/ocsp-request","detected_os":"Ubuntu"}}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1623229850973410,"flow_dst_last_pkt_time":1623229850986318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623229850986318,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA08U9AADgGF68XDGCRwKgBgABQv4rZVTUfwCUVZIAQAft9kQAAAQEICgbVQlqOHkJEGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGWsOhw=="} 01006{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229697731607,"flow_dst_last_pkt_time":1623229697742645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":399,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":2325,"midstream":0,"thread_ts_usec":1623229853240025,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp09.actalis.it"}} -02268{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229914599193,"flow_dst_last_pkt_time":1623229904370774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229914599193,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":3776043.2,"max":10241196,"stddev":4797137.5,"var":23012529143808.0,"ent":3.6,"data": [12234,16624,475,17773,3362,0,21718,0,1169650,1186786,9796,0,24736,0,1031529,1046686,2550,0,18982,0,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196]},"pktlen": {"min":104,"avg":324.2,"max":1552,"stddev":431.7,"var":186386.9,"ent":4.1,"data": [112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.854789734,4.239557266,4.034724236,6.314732075,4.338077068,7.042398453,7.244339943,4.381252289,4.362021446,6.303278446,4.335968971,7.031822681,7.242278576,4.270580769,4.335531712,6.231549740,4.350049019,7.030226231,7.237232208,4.342790604,4.323559761,4.400483131,4.426972389,4.400483131,4.426972389,4.362021446,4.426972389,4.335532188,4.388510704,4.400482655,4.426972389,4.400482655]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.entrust.net"}} -01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229968257993,"flow_dst_last_pkt_time":1623229968253231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229968257993,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.entrust.net"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":344,"packets-processed":344,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":94,"global_ts_usec":1623229968257993} +02269{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229914599193,"flow_dst_last_pkt_time":1623229904370774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229914599193,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":3776043.2,"max":10241196,"stddev":4797137.5,"var":23012529143808.0,"ent":3.6,"data": [12234,16624,475,17773,3362,0,21718,0,1169650,1186786,9796,0,24736,0,1031529,1046686,2550,0,18982,0,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196]},"pktlen": {"min":104,"avg":324.2,"max":1552,"stddev":431.7,"var":186386.9,"ent":4.1,"data": [112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.854789734,4.239557266,4.034724236,6.314732075,4.338077068,7.042398453,7.244339943,4.381252289,4.362021446,6.303278446,4.335968971,7.031822681,7.242278576,4.270580769,4.335531712,6.231549740,4.350049019,7.030226231,7.237232208,4.342790604,4.323559761,4.400483131,4.426972389,4.400483131,4.426972389,4.362021446,4.426972389,4.335532188,4.388510704,4.400482655,4.426972389,4.400482655]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.entrust.net"}} +01006{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229968257993,"flow_dst_last_pkt_time":1623229968253231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229968257993,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.entrust.net"}} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":344,"packets-processed":344,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":94,"global_ts_usec":1623229968257993} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 344/344 ~~ skipped flows.............: 0 @@ -100,10 +100,10 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8678607 bytes -~~ total memory freed........: 8678607 bytes -~~ total allocations/frees...: 141043/141043 +~~ total memory allocated....: 9443269 bytes +~~ total memory freed........: 9443269 bytes +~~ total allocations/frees...: 155009/155009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 588 chars -~~ json message max len.......: 2341 chars -~~ json message avg len.......: 1463 chars +~~ json message max len.......: 2346 chars +~~ json message avg len.......: 1466 chars diff --git a/test/results/default/oicq.pcap.out b/test/results/default/oicq.pcap.out index eca3df19c..d08cd2e2e 100644 --- a/test/results/default/oicq.pcap.out +++ b/test/results/default/oicq.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268613307049} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268613307049} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268613307049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680268613307049,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPScAAH8RGbBak0XSOjwKLes1H0AANIavAjsLAAEAF1YfDHsAAAAAAAAAAAMMlJ+zUQxZy9Un0Z5pU0guyHcIAQMORwM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268613307049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -7,12 +7,12 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680268913703107,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSgAAH8RGa9ak0XSOjwKLcqsH0AANFdMAjsLAAEAGFYfDHsAAAAAAAAAAJUhAaG8xF21dBTbCxrBaZ+t+aiKzUY1kAM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268913703107,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268913703107,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":51884,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268913703107,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1680269514154280} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1680269514154280} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269514154280,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52991,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680269514154280,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSkAAH8RGa5ak0XSOjwKLc7\/H0AANPYkAjsLAAEAGVYfDHsAAAAAAAAAAKhtUEIbzHlgMmERsceS0laTgR+KI\/5vkgM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269514154280,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52991,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268913703107,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":51884,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1680270114424358} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1680270114424358} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270114424358,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680270114424358,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSoAAH8RGa1ak0XSOjwKLeuAH0AANLaSAjsLAAEAGlYfDHsAAAAAAAAAAHIfgiYehh8JPACfYPLg8l+caYHP9b+9JgM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270114424358,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -21,12 +21,12 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680270414717786,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSsAAH8RGaxak0XSOjwKLdycH0AANEx1AjsLAAEAG1YfDHsAAAAAAAAAANpJfKYT0Ryz+aBUCJQmm3E1JJMTGfDeMAM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270414717786,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270414717786,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":56476,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270414717786,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1680271315336178} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1680271315336178} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271315336178,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":63120,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680271315336178,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPSwAAH8RGaNak0XSOjwKLfaQH0AAPKJVAjsLAAEAHFYfDHsAAAAAAAAAAKF1kSEZtb31Z91P5eVH+3H\/XNRbq1mbBkN1QzOmufZjAw=="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271315336178,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":63120,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270414717786,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":56476,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1680272216023814} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1680272216023814} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272216023814,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680272216023814,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS0AAH8RGapak0XSOjwKLf78H0AANGR+AjsLAAEAHVYfDHsAAAAAAAAAABC\/b\/FaO8NX3ow0SpVuxleAYQpSAJHDrAM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272216023814,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -35,12 +35,12 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680272516212933,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS4AAH8RGalak0XSOjwKLf2UH0AANMlWAjsLAAEAHlYfDHsAAAAAAAAAAI+qjiPRJ\/u\/cdGMS8LW+dngAZ0OFZuzPgM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272516212933,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272516212933,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64916,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272516212933,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1680273116819582} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1680273116819582} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273116819582,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49340,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680273116819582,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS8AAH8RGahak0XSOjwKLcC8H0AANKFRAjsLAAEAH1YfDHsAAAAAAAAAAGiC69yGgMUx92oMUP15OHaWEtAFKBJg6gM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273116819582,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49340,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272516212933,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64916,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1680273717338677} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1680273717338677} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273717338677,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680273717338677,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTAAAH8RGadak0XSOjwKLeRCH0AANBEEAjsLAAEAIFYfDHsAAAAAAAAAAOQm9qMvASjhq0T6Cr3RQBjzmxHyj0olfgM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273717338677,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -49,12 +49,12 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680274017625228,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTEAAH8RGaZak0XSOjwKLdgqH0AANBk0AjsLAAEAIVYfDHsAAAAAAAAAALAMY\/61mJRnLdmXH\/a+5XvG93JYzPFyvwM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274017625228,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274017625228,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55338,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274017625228,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1680274918349074} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1680274918349074} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274918349074,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":54233,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680274918349074,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTIAAH8RGZ1ak0XSOjwKLdPZH0AAPHdfAjsLAAEAIlYfDHsAAAAAAAAAABJ4YEXvzr3zkL8fAPHU+AaqqxE1nh1DPhgzD2yLU4OaAw=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274918349074,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":54233,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274017625228,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55338,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1680275819196595} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1680275819196595} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275819196595,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680275819196595,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTMAAH8RGaRak0XSOjwKLdneH0AANEhvAjsLAAEAI1YfDHsAAAAAAAAAAA7tzaHdQBYXiEP2eDEHbqtlCQx3mvOOQwM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275819196595,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -63,12 +63,12 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680276119381110,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTQAAH8RGaNak0XSOjwKLc23H0AANGQTAjsLAAEAJFYfDHsAAAAAAAAAAH5\/86O6C\/6oc6QtupshFzvfGOzGq1kWMAM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276119381110,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276119381110,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52663,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276119381110,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1680276720080049} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1680276720080049} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276720080049,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58797,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680276720080049,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTUAAH8RGaJak0XSOjwKLeWtH0AANCNuAjsLAAEAJVYfDHsAAAAAAAAAAOfQosq40rbQVcEHr6+k1HsQqBLVBYy2SwM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276720080049,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58797,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276119381110,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52663,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":676,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1680277320536086} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":676,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1680277320536086} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277320536086,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680277320536086,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTYAAH8RGaFak0XSOjwKLcSLH0AANDKiAjsLAAEAJlYfDHsAAAAAAAAAABPcV9TW4fy3oyeAa\/WodHk3effNstz6EQM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277320536086,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -77,7 +77,7 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1680277620833862,"flow_dst_last_pkt_time":1680277620833862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680277620833862,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTcAAH8RGaBak0XSOjwKLf6LH0AANLaQAjsLAAEAJ1YfDHsAAAAAAAAAANS9Q3kd0FmYWd3Uf+Xg+P4mhn413hSayQM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277620833862,"flow_src_last_pkt_time":1680277620833862,"flow_dst_last_pkt_time":1680277620833862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277620833862,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65163,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277620833862,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1680278521565201} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1680278521565201} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278521565201,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680278521565201,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTgAAH8RGZdak0XSOjwKLemaH0AAPB4SAjsLAAEAKFYfDHsAAAAAAAAAAKFll4WxNdJzXtLohsymAZ1jNPZvKGZFaXXrxKKKG7vTAw=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278521565201,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -86,7 +86,7 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1680279061837712,"flow_dst_last_pkt_time":1680279061837712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680279061837712,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTkAAH8RGZZak0XSOjwKLewSH0AAPPJqAjsLAAEAKVYfDHsAAAAAAAAAAJhDGOK9LMdpjjjviAsbixbbc8osj3yMjsE0K023rJnBAw=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279061837712,"flow_src_last_pkt_time":1680279061837712,"flow_dst_last_pkt_time":1680279061837712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279061837712,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60434,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279061837712,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":19,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1680279121904368} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":19,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1680279121904368} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279121904368,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279121904368,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60436,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680279121904368,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPToAAH8RGZ1ak0XSOjwKLewUH0AANBeiAjsLAAEAKlYfDHsAAAAAAAAAABvY2XPSxvc7WnJKZ5fJlh+djy9P\/NTEXwM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279121904368,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279121904368,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60436,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -129,7 +129,7 @@ 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279662417873,"flow_src_last_pkt_time":1680279662417873,"flow_dst_last_pkt_time":1680279662417873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49199,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279542287953,"flow_src_last_pkt_time":1680279542287953,"flow_dst_last_pkt_time":1680279542287953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":57872,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279602360361,"flow_src_last_pkt_time":1680279602360361,"flow_dst_last_pkt_time":1680279602360361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59394,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":27,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1680279722494153} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":27,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1680279722494153} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279722494153,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680279722494153,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPUIAAH8RGY1ak0XSOjwKLe7rH0AAPKRcAjsLAAEAMlYfDHsAAAAAAAAAANlKD4uzkK+P1FvZR1\/HG2wowc5Ia4pes0u+tN09VwqFAw=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279722494153,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -143,7 +143,7 @@ 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279602360361,"flow_src_last_pkt_time":1680279602360361,"flow_dst_last_pkt_time":1680279602360361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59394,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279962659139,"flow_src_last_pkt_time":1680279962659139,"flow_dst_last_pkt_time":1680279962659139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64420,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":14,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1680279962659139} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":14,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1680279962659139} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -152,9 +152,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8713891 bytes -~~ total memory freed........: 8713891 bytes -~~ total allocations/frees...: 140870/140870 +~~ total memory allocated....: 9479161 bytes +~~ total memory freed........: 9479161 bytes +~~ total allocations/frees...: 154836/154836 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 966 chars diff --git a/test/results/default/ookla.pcap.out b/test/results/default/ookla.pcap.out index a0aab6bcb..da74fb553 100644 --- a/test/results/default/ookla.pcap.out +++ b/test/results/default/ookla.pcap.out @@ -1,4 +1,4 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,7 +31,7 @@ 01034{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} @@ -52,7 +52,7 @@ 01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8815935 bytes -~~ total memory freed........: 8815935 bytes -~~ total allocations/frees...: 140738/140738 +~~ total memory allocated....: 9580469 bytes +~~ total memory freed........: 9580469 bytes +~~ total allocations/frees...: 154704/154704 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 520 chars ~~ json message max len.......: 1469 chars diff --git a/test/results/default/opc-ua.pcap.out b/test/results/default/opc-ua.pcap.out index 4bef34f6d..1cbefc4fd 100644 --- a/test/results/default/opc-ua.pcap.out +++ b/test/results/default/opc-ua.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1667935846902658} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1667935846902658} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667935846902658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902658,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1667935846902658,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB4EwS6GFQCpcAAAAAsAL\/\/\/40AAACBD\/YAQMDBgEBCAoPc0QGAAAAAAQCAAA="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902713,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1667935846902713,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEujgTNa5EYBhUAqYsBL\/\/\/40AAACBD\/YAQMDBgEBCArMdzRpD3NEBgQCAAA="} @@ -9,7 +9,7 @@ 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846902780,"flow_dst_last_pkt_time":1667935846902729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667935846902780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02095{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846904298,"flow_dst_last_pkt_time":1667935846904284,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":608,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":1518,"midstream":0,"thread_ts_usec":1667935846904298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":105.4,"max":198,"stddev":44.3,"var":1960.7,"ent":4.8,"data": [55,64,16,58,86,65,129,99,163,105,151,161,191,96,147,149,198,71,115,70,128,91,151,80,135,60,116,75,126,40,75]},"pktlen": {"min":52,"avg":127.3,"max":660,"stddev":136.7,"var":18687.8,"ent":4.5,"data": [64,64,52,52,108,52,80,52,184,52,187,52,145,52,556,52,218,52,660,52,213,52,148,52,179,52,123,52,185,52,128,52]},"bins": {"c_to_s": [9,1,1,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,2,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [3.813809156,4.504331589,4.429176807,4.429176807,4.495126247,4.429176807,3.962491751,4.429176807,4.640767574,4.429176331,4.837442398,4.429176807,4.591342926,4.429176807,5.161721230,4.467638016,4.647413254,4.506099701,5.545300007,4.506099701,4.926007271,4.506099701,5.000817299,4.467638016,4.492839813,4.429176331,4.218745708,4.467638016,4.550030231,4.506099701,4.219731808,4.506099701]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":191,"flow_dst_packets_processed":190,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846916720,"flow_dst_last_pkt_time":1667935846916692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":608,"flow_src_tot_l4_payload_len":12547,"flow_dst_tot_l4_payload_len":11671,"midstream":0,"thread_ts_usec":1667935846916720,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":381,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1667935846916720} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":381,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1667935846916720} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 381/381 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655887 bytes -~~ total memory freed........: 8655887 bytes -~~ total allocations/frees...: 140914/140914 +~~ total memory allocated....: 9420261 bytes +~~ total memory freed........: 9420261 bytes +~~ total allocations/frees...: 154880/154880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2100 chars diff --git a/test/results/default/openflow.pcap.out b/test/results/default/openflow.pcap.out index 7046e66ee..d95d5f2b5 100644 --- a/test/results/default/openflow.pcap.out +++ b/test/results/default/openflow.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1510651647846988} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1510651647846988} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647846988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1510651647846988,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647846988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1510651647846988,"pkt":"AAAAAAAAAAAAAAAACABFwAA8Z\/pAAEAG4fNrbgyZa24MmcBSGf3IJEYqAAAAAKACqqrwPAAAAgT\/1wQCCAoALSHQAAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647847008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1510651647847008,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGSq5rbgyZa24MmRn9wFJJ4VK7yCRGK6ASqqrwPAAAAgT\/1wQCCAoALSHQAC0h0AEDAwk="} @@ -8,7 +8,7 @@ 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647847632,"flow_dst_last_pkt_time":1510651647847008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1510651647847632,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenFlow","proto_id":"374","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1510651647847632,"flow_dst_last_pkt_time":1510651647847645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1510651647847645,"pkt":"AAAAAAAAAAAAAAAACABFAAA0c2xAAEAG10lrbgyZa24MmRn9wFJJ4VK8yCRGO4AQAFbwNAAAAQEICgAtIdAALSHQ"} 00979{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647905026,"flow_dst_last_pkt_time":1510651647905037,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":332,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1510651647905037,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenFlow","proto_id":"374","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1510651647905037} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1510651647905037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645447 bytes -~~ total memory freed........: 8645447 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9409821 bytes +~~ total memory freed........: 9409821 bytes +~~ total allocations/frees...: 154520/154520 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 984 chars diff --git a/test/results/default/openvpn-tlscrypt.pcap.out b/test/results/default/openvpn-tlscrypt.pcap.out index 459013ccf..3a73008a4 100644 --- a/test/results/default/openvpn-tlscrypt.pcap.out +++ b/test/results/default/openvpn-tlscrypt.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1650106007514745} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1650106007514745} 00318{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007514745,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007514745} 00842{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":405,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":405,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAHDwABaRFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHbwASqAWkBfFCq4GUSOSo9cQoBAAFiWp6XherXcA1dGNrI8eubMXtGovw1Gcq1hdE0qSUXmN9QbxiDHRd46a7OiejGf1dD0MPk4iucd50FgFsaMnpdKvypl7fcSL6ohZSXGm7q1VBY8vKe9uQ52nT4SNExbKeYnzCdcXAfwk\/FqGgC\/tbvoBcc74afkQpK7kdFf49mTbep5TnmLGPzWHjnLPlPib+XvNsvz0ntneaqSEej3IloClIOfCArUmV3ucL7TMZRFHq4GBHofdtPNchyySFJKbBdlA8tkOwMjwU8ATZ0thPHxVzFj6Nwe+jwNEVhalfdlupTlLKZ\/EsuTPZvrhx5yq9zVSvCFUM8sE580FCdW+ddBcK4ILd7gpE\/ORn10yhAhU\/9fhK2ZDFkqZpIcAVdnYrSLyTUxrnVjIDSZoHpnudZAn49hekKUis716LXd7iG+kOAQ8ppqcL3Vjv6f\/S9\/soh9AEr"} 00318{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007515553,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007515553} @@ -26,7 +26,7 @@ 00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":248,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":248,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAABwAAzBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEEqtvAAMwA3yBTyW3Qg3JP0gAAAAZiWp6X4TDBIj8FMKCaMGy\/5ppNpwFzKVqGm07B36mb8sfDutACsCazoooxAb09CRBKtSSDOB3ZoXaoXyS+AxDcWnf8fqBBdRVMr4bMrblk8fe\/T314qX91El37bQjPox1pBmWax8jkLpKXOvxWBajpFyDQTvf1njtU3SEGXPy3HJLedps5puK\/Wtnjr0\/0cynLmVYV7YNEe3kt2L0G+rZHwBdj5AWPBi0k23NNNWJhCbObgxbiUXc="} 00320{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007530072,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007530072} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAHDwAARhFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHbwASqAEYAWSiq4GUSOSo9cQoBAAdiWp6XPFguvZHWBZ3ZLhr23uKiXBCtKXDrqUfT5cYY6helo7UeWDO\/E8ZZKOGZeZDi"} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1650106007530072} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1650106007530072} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/0 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 323 chars ~~ json message max len.......: 1969 chars diff --git a/test/results/default/openvpn.pcap.out b/test/results/default/openvpn.pcap.out index 1e733b8b3..e76e58a16 100644 --- a/test/results/default/openvpn.pcap.out +++ b/test/results/default/openvpn.pcap.out @@ -1,4 +1,4 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62262978,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62262978,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":62262978,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":62262978,"pkt":"UlQAOP1WCAAnCEHSCABFAAAqNcoAAIARnYrAqEsSpqG1EuspAbsAFurKODNIV3A9lts5AAAAAAA="} 00741{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":62409352,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62409352,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -13,7 +13,7 @@ 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":62562792,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62562792,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNc0AAIARnX\/AqEsSpqG1EuspAbsAHlkyKDNIV3A9lts5AQAAAAHTHDppZGAvoA=="} 01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62562792,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":291,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":349,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62562792,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":62562858,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62562858,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNc4AAIARnX7AqEsSpqG1EuspAbsAHlkxKDNIV3A9lts5AQAAAALTHDppZGAvoA=="} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1358197736781122} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1358197736781122} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197736781122,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781122,"pkt":"CAAnQNKjCAAns07aCABFAAA84dtAAEAGEJgKtet6CvtHHptcBKpaoHPGAAAAAKACOQjGKgAAAgQFtAQCCAr\/\/5IdAAAAAAEDAwE="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781340,"pkt":"CAAns07aCAAnQNKjCABFAAA8AABAAEAG8nMK+0ceCrXregSqm1zryb8hWqBzx6ASOJCClwAAAgQFtAQCCAr\/\/5kO\/\/+SHQEDAwE="} @@ -24,7 +24,7 @@ 02155{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737942660,"flow_dst_last_pkt_time":1358197737942559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":274,"flow_dst_max_l4_payload_len":348,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1358197737942660,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":210,"avg":74934.7,"max":1014473,"stddev":247074.6,"var":61045854208.0,"ent":1.8,"data": [218,377,1013370,1014473,3617,5492,3300,44879,40998,530,345,40353,40401,992,18067,17798,428,281,37075,37264,287,268,279,211,265,252,249,261,212,223,210]},"pktlen": {"min":52,"avg":115.4,"max":400,"stddev":89.5,"var":8001.3,"ent":4.7,"data": [60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76]},"bins": {"c_to_s": [14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.634053230,5.054204941,5.039584637,5.193215847,5.116507530,5.177333832,5.039584637,5.369915009,5.116507530,5.342938900,5.025067329,5.315114975,4.909682751,5.326361656,4.986606121,5.801545143,4.986606121,5.423783302,5.341430664,5.025067806,6.420508862,5.262471199,6.588784218,5.395376205,6.650779724,5.395376205,6.047887802,5.337505817,5.757668018,5.421691895,6.887341976,5.316428661]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":64743583,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6131,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197741033539,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01189{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62569622,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2915,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197741033539,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1467904946700231} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1467904946700231} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467904946700231,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946700231,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946755145,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="} @@ -34,7 +34,7 @@ 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947753377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1467904947753377,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02315{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904948037674,"flow_dst_last_pkt_time":1467904948077757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":1940,"midstream":0,"thread_ts_usec":1467904948077757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":124,"avg":87579.6,"max":997748,"stddev":233509.3,"var":54526590976.0,"ent":2.7,"data": [54914,54953,945324,997748,484,52895,181,76406,76231,41001,2720,125,43907,139,238,305,40498,40497,41001,40993,125,124,261,41001,40990,40292,40328,460,133,578,40117]},"pktlen": {"min":52,"avg":140.3,"max":357,"stddev":75.3,"var":5671.5,"ent":4.8,"data": [60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196]},"bins": {"c_to_s": [6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1],"entropies": [4.584255219,5.060977936,4.931210041,5.511040688,5.118428230,5.631525517,4.931210518,5.754630089,5.118428230,5.666812420,5.079966545,5.957755566,6.109939575,5.713871956,6.450070858,6.737315655,4.969671726,6.613219261,6.182499886,6.423310280,5.735399246,6.659830093,6.680945873,4.839769840,6.074276447,6.127354145,6.415046692,5.795508862,6.625069141,6.833714008,5.008133411,6.392446995]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":95,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197768802378,"flow_dst_last_pkt_time":1358197768801647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":6986,"flow_dst_tot_l4_payload_len":7709,"midstream":0,"thread_ts_usec":1467904951543523,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1470218591746723} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1470218591746723} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470218591746723,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1470218591746723,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1470218591941902,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"} @@ -44,7 +44,7 @@ 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1470218591943377,"flow_dst_last_pkt_time":1470218592119150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_usec":1470218592119150,"pkt":"AAjKQoXqmAyC0zx8CABFAAC2YKNAADIR2RqLO5eJwKgrDDVwoiMAohzKIPd\/wu\/b4j9X60eERHhjQN5zfeMCAdw3JKHt7ZoAAAACV6HBXwEAAAABsCzP8bXwF08AAAABFgMDAD4CAAA6AwNhg33pw8JOvroEJqnLpGmzYm+g0be9hVzmVAUEjVB5vQDAMAAAEv8BAAEAAAsABAMAAQIADwABARYDAwWWCwAFkgAFjwACzTCCAskwggGxoAMCAQICAQEwDQ=="} 02319{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218592449269,"flow_dst_last_pkt_time":1470218592448973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":2054,"midstream":0,"thread_ts_usec":1470218592449269,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":395,"avg":45316.0,"max":195816,"stddev":59561.3,"var":3547546112.0,"ent":3.9,"data": [195179,195816,838,177248,176180,535,476,500,395,473,450,98532,98585,29601,29590,19812,19831,411,519,50093,49983,29934,29992,20280,20221,9484,9461,38312,38344,31856,31865]},"pktlen": {"min":70,"avg":126.4,"max":331,"stddev":58.6,"var":3436.1,"ent":4.9,"data": [70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.343287468,5.472147942,5.659653187,5.646926403,5.923888206,5.609391689,6.040631294,5.680029869,6.625756264,5.669331551,6.739820004,5.680030346,6.600285530,5.721633911,6.436116695,5.670351982,6.646757126,5.644711018,6.586377144,5.654388905,6.016889572,5.609391689,6.426263332,5.705670357,6.638464928,5.644710541,6.632380486,5.644710541,6.345944881,5.680030346,6.544235229,5.654388905]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":51,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467905010834916,"flow_dst_last_pkt_time":1467905010834882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":4602,"flow_dst_tot_l4_payload_len":4492,"midstream":0,"thread_ts_usec":1470218600860349,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":395,"packets-processed":394,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1472334890224928} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":395,"packets-processed":394,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1472334890224928} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472334890224928,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334890224928,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334892420816,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"} @@ -54,17 +54,17 @@ 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1472334892467660,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1472334892467660,"pkt":"mAyC0zx8MFLLbJwbCABFAAFLfN5AAEARrkTAqCsSizuXiTVwNXABNw\/IIGYO4pqkkLBZmyjlNBaAxD3dZ4KkKKFzUtIqpCkAAAAEV8IMKgAAAAABFgMBAQABAAD8AwPWitxhdgXJqtNghCcqHLNlospc\/gDFPYmAVgJE80nHTgAAgsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAEUARABDAELAMcAtwCnAJcAOwATAEsAIABYAEwAQAA3ADcADAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} 02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334893134977,"flow_dst_last_pkt_time":1472334893134900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1087,"flow_dst_tot_l4_payload_len":1962,"midstream":0,"thread_ts_usec":1472334893134977,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":128,"avg":187742.6,"max":2242452,"stddev":537269.1,"var":288658030592.0,"ent":2.4,"data": [2195888,2242452,46716,128,203103,15136,218070,621,558,521,518,3451,3482,185164,185172,417,398,39454,39467,9396,9396,82274,82279,3757,3775,34199,34189,15722,15714,74305,74299]},"pktlen": {"min":70,"avg":123.3,"max":331,"stddev":58.9,"var":3466.4,"ent":4.9,"data": [70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.229001999,5.275360584,5.380565643,5.531448364,5.602619648,5.454524517,5.838843346,5.558109283,6.079430580,5.548431396,6.588905811,5.542146206,6.663234234,5.567787170,6.550342560,5.532467842,6.371866703,5.558108807,6.659762859,5.532467842,6.541461945,5.593428135,5.988543987,5.567787170,6.300799370,5.583750248,6.642903805,5.567787170,6.638377190,5.532467842,6.413649559,5.583750248]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218600860349,"flow_dst_last_pkt_time":1470218600859207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":5802,"flow_dst_tot_l4_payload_len":4271,"midstream":0,"thread_ts_usec":1472334896789781,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":515,"packets-processed":514,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1512848303527265} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":515,"packets-processed":514,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1512848303527265} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512848303527265,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1512848303527265,"pkt":"AAAArFWYSEb7fvLiCABFAAAqQmkAAD4RLXIDb6ZOVYYNpcfKBKoAFnrvODn97S2qEKQ3AAAAAAAt+EmW"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1512848303743400,"pkt":"AAAArFWYSEb7fvLiCABFAAA2y2xAADkRaWJVhg2lA2+mTgSqx8oAIoFUQJQhkX3nJncpAQAAAAA5\/e0tqhCkNwAAAAA="} -00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1512848303743400,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1512848303743400,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1512848303859503,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1512848303859503,"pkt":"AAAArFWYSEb7fvLiCABFAAAyFfEAAD4RWeIDb6ZOVYYNpcfKBKoAHgbvKDn97S2qEKQ3AQAAAACUIZF95yZ3KQ=="} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1512848303865302,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_usec":1512848303865302,"pkt":"AAAArFWYSEb7fvLiCABFAACOIDYAAD4RT0EDb6ZOVYYNpcfKBKoAelMSIDn97S2qEKQ3AAAAAAEWAwEAjAEAAIgDA5yZa+33hsQlHJybi\/1GEeSPsfPEVsCkgrx0k4rbr7kYAAAOwC7AMgCfwCzAMAAvAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAM"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1512848303868693,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1512848303868693,"pkt":"AAAArFWYSEb7fvLiCABFAABXqX4AAD4Rxi8Db6ZOVYYNpcfKBKoAQ1UHIDn97S2qEKQ3AAAAAAIACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02192{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":58,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334909464448,"flow_dst_last_pkt_time":1472334909465454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":1245,"flow_src_tot_l4_payload_len":8904,"flow_dst_tot_l4_payload_len":14228,"midstream":0,"thread_ts_usec":1512848313443088,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":615,"packets-processed":614,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1674530805823658} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":615,"packets-processed":614,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1674530805823658} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805823658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674530805823658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805823658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1674530805823658,"pkt":"3q0AAL7vyv4AALq+CABFAAA8en1AAEAG6fp\/AAABfwAAAY0qAbtCnC8cAAAAAKAC+vDWcgAAAgQFtAQCCAqSkA+aAAAAAAEDAwc="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805845857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1674530805845857,"pkt":"yv4AALq+3q0AAL7vCABFAAAsFhoAAIAGTm5\/AAABfwAAAQG7jSoFklDgQpwvHWAS+vBv0AAAAgQFtAAA"} @@ -73,8 +73,8 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1674530805847176,"flow_dst_last_pkt_time":1674530805847398,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1674530805847398,"pkt":"yv4AALq+3q0AAL7vCABFAAAoFhsAAIAGTnF\/AAABfwAAAQG7jSoFklDhQpwvVVAQ+vCHVQAAAAAAAAAA"} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530805872386,"flow_dst_last_pkt_time":1674530806093884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":1126,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":1194,"midstream":0,"thread_ts_usec":1674530806093884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02293{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530806238844,"flow_dst_last_pkt_time":1674530806238807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1386,"flow_src_tot_l4_payload_len":3980,"flow_dst_tot_l4_payload_len":4153,"midstream":0,"thread_ts_usec":1674530806238844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":26785.0,"max":221529,"stddev":54768.3,"var":2999562752.0,"ent":3.1,"data": [22199,22283,1235,1541,24351,24605,380,617,225,122,221396,221529,844,1007,149,112,201,197,52335,56406,4152,2697,123,2780,147,117,34,22205,65582,61984,18780]},"pktlen": {"min":40,"avg":296.7,"max":1500,"stddev":446.1,"var":199012.8,"ent":3.8,"data": [60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40]},"bins": {"c_to_s": [7,1,4,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,0],"entropies": [4.369529724,4.398030758,4.339823246,5.763498783,3.898455381,5.946529865,4.389823437,5.850727081,3.985411644,7.430057526,3.941933870,7.823157787,4.339823246,5.788781643,7.836597443,4.289823055,3.985411644,5.865244389,3.985411644,7.759013176,5.942167759,3.985411882,7.803529263,7.856170654,3.985411882,7.761924267,3.985411882,3.941933393,5.743062019,4.172574520,7.582319260,4.339823246]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":49,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848321248132,"flow_dst_last_pkt_time":1512848321143065,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":4911,"flow_dst_tot_l4_payload_len":6351,"midstream":0,"thread_ts_usec":1674530807378228,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":661,"packets-processed":660,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1721749298243731} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":49,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848321248132,"flow_dst_last_pkt_time":1512848321143065,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":4911,"flow_dst_tot_l4_payload_len":6351,"midstream":0,"thread_ts_usec":1674530807378228,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":661,"packets-processed":660,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1721749298243731} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298243731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721749298243731,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298243731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1721749298243731,"pkt":"CL6sCxduJjb1W8R1CABFAAByFAlAAEARlwnAqAyca6FWg6CtAbsAXg+VOJdTVokkhC97pkUdALIEVCzsEYPShleceg0bTnfJM70eRMd4BDg1OZ5GwVuYb5HRiDRn8gPDee+EOUPJkfTX+iIJOkv\/k4ZPuAAAAAFmn88xAAAAAAA="} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298379296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1721749298379296,"pkt":"Jjb1W8R1CL6sCxduCABFAAB+HVVAADERnLFroVaDwKgMnAG7oK0AaiqzQCYSWT7juyd60fFK\/YXMArx70GFSVLH9+IflmzkT3Z4AnU2vhwbw7\/JWQwQE7vFMojC0XbJhUjJBToQYaU1A50et1DLK3772IwAAAAFmn88yAQAAAACXU1aJJIQvewAAAAA="} @@ -83,7 +83,7 @@ 02037{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1721749298394584,"flow_dst_last_pkt_time":1721749298531546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1170,"pkt_l4_len":1136,"thread_ts_usec":1721749298531546,"pkt":"Jjb1W8R1CL6sCxduCABFAASEHXNAADERmI1roVaDwKgMnAG7oK0EcNg8ICYSWT7juyd6nyJXQq7IbIKHQupGskFMGQhmn1uEHfvrLI9agQwLpbq42xt\/cQlErfDfWuqU4rhEMOkaQOsnGRXSIHh6c0qfjAAAAAJmn88yAQAAAAGXU1aJJIQvewAAAAEWAwMAegIAAHYDA06PUH1GbY+hevPYpm8KVJPvOmQQ11f5kIP3iYHNYzsDICbc8cLWFEyBp1Wq3e1+ElooyI9VE1b4rrpefMTYAvguEwIAAC4AKwACAwQAMwAkAB0AIJ8nsxRIqIEANks\/1Ly60GQOU3SO+XmMBrwr2bfmY1pLFAMDAAEBFwMDABcO1biAGtbpY7gLXPQ71amHlRRFYzA5ERcDAwwYiW5x8Xd1PuquDLBQGt5hepR+t+XKjEBRP98VozUYXu0SSaxZ0pHBM60V6G82iQGk28JGyyh4ZrAXJfQrTf5o4pVb4A59XlSgrTg\/Hmb4aE5sR4usYpB4Sr5CcxD71gDcjnS+9+SQUIufQI0Y6NMMJFNoCANXMYni41VuiFo3gsCIT3SrA7dlt2hHjjNWZ\/Rx1NBN38Ol+ZkHBMCv8JV\/KrTSmG3rB2p5sAjxTCwA+ppmg09Pij62Uwi+re9HWQrPmbw+9oXvZY+77y7\/K1geAA5MOlyymCule813Vw0Cofqdb4UTyyoO4qhgS8XNZiN3EQGM1Lv+aU+ToL4urZ45g8wvAvMW5JD2FFI2UvM\/qXHhGpGddqNAdlN7KA+TO8jvq+AkItMOXJ4b0D5ljfH3cpmxUQmZP+66iVpyNLSivKCcSqy2QbhySglUa+xcreYgpzIdhwv9KnTUtpr9A3H58Y8\/5lDVhX8FI5wJ3ZZEB+iRT5SwSHdT99Za42NkLEvMhzXJmbusL0C8wqnFUltqV2Q7c217SGOXg7o+ruQoRFxb64n3baK1kqGswWdArDMrNXhVkdv5IS\/3ZYLVwXGxHcfhX\/rI6S1tdwR4jNXWgHdpgfzKAi13xAu5WlCsCdK4vDkIQNUL7tmbFcWJuEUYXzzecEX9SqWCLqPGE6eVW6fS397jfbH83VSlX6TnmTV9s7RNlAPELxKeUktSr+zt\/WmPbZt2Pg0jGIT66bQ7x5DNOoGF83+eBytUIwi5i3FhD8T1XkOcwkflHd7GCTXsVJzJNaazi6+EtvQYOReV3nphBOy9RnC1cEWyfKLlsygEog3eJlPk1dmlVg2MaN9lX17XIrlfdxGrbooTcRwRPV43RLreI5gBFL3U4kD+lvQW3QHwHrlUarebZMabotE+Bt2a0+tSAaw7PCLpD++tZxVE9r0czsx3v6FDuGR5HTVB7\/7dbcV\/kXoY\/PKTPNGxwMOMlNhLdhImcqKduXsvgnrB8uYVuK9fq5pSKDSrFdfIukfN4VOBPzjzV\/E1P7Z\/qDhLJ3tyzmny4lUewQSRxEwB\/Be0NCDpOEQF1mkno7d6cKZHKK6t+ZRD\/r7geSc34pz40tYzeBf023wAvNzvW7rdvTEGFLurNABtfANjp+Z5"} 01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749298394584,"flow_dst_last_pkt_time":1721749298531546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":1128,"flow_src_tot_l4_payload_len":549,"flow_dst_tot_l4_payload_len":1226,"midstream":0,"thread_ts_usec":1721749298531546,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":23,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530807378228,"flow_dst_last_pkt_time":1674530807378181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1386,"flow_src_tot_l4_payload_len":4290,"flow_dst_tot_l4_payload_len":4516,"midstream":0,"thread_ts_usec":1721749299378529,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":692,"packets-processed":691,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1722426295459977} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":692,"packets-processed":691,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1722426295459977} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722426295459977,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295459977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722426295459977,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"217.138.197.43","src_port":37383,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295459977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1722426295459977,"pkt":"CL6sCxduJjb1W8R1CABFAABy+w1AAEAR03LAqAyc2YrFK5IHBNIAXtnFOI\/dK55B2KvqxsN8gytkwVh5kGTwbRjoLCbcCU1yQV4PR9iCp\/ikWCzQ2bVD9uuCRAyJ4\/8WjdJ5Z7S\/b9UE8MBYgjT6V286AQAAAAFmqiO2AAAAAAA="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295463060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1722426295463060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB+3+1AADgR9obZisUrwKgMnATSkgcAas\/4QPun5+al\/RJ3+vfB3LWDZwxirRfxNlIkahL4Jiuhp+o\/w8wjNxPFCQXubnU\/xVrVIuP3OB2yztl88I4zr0jZsBsM\/jki2a+LtAAAAAFmqiO3AQAAAACP3SueQdir6gAAAAA="} @@ -93,7 +93,7 @@ 02030{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1722426295465818,"flow_dst_last_pkt_time":1722426295473946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722426295473946,"pkt":"Jjb1W8R1CL6sCxduCABFAAR43\/BAADgR8onZisUrwKgMnATSkgcEZKG1IPun5+al\/RJ3z9xoyS\/6NYkWIP+E\/StwZOexNqFphaUNSbkbFC+6P2KsMWt8PmzNpo6pdhvrrPCYmvXQ6Jr42Gm71AEIZNgxFAAAAANmqiO3AAAAAAEWAwMAegIAAHYDA7q6lvZV+wG+N+iVVUFAXSDj9NGQbDFNNK8zWybgE4s2IM0KzkTCLxWpalLIN1XgyDzss0Uhpeld7k70gGpy01JTEwIAAC4AKwACAwQAMwAkAB0AIJeeDgZWdLstoQ7r1ztT4X6\/lx4iikqGvChGOtY\/SV9xFAMDAAEBFwMDABf438pj9h5fKSmGQXScjUbDiTUoBjBOvBcDAw\/XrEOb2tP+hJ6gg1f4fqr0jRq\/l9c7FrLibzEm7szAv0G+NYIuqgsKlPKMgoX1yg2b17yKsaM1iEUmp3c7u1X1DgT3zlRiMO2KOwAVAaHNvRWBV0M1qpl\/fB\/zTXV336VmlGN1EB2xQtq0Dh7IgHeTR4Gr1E1XhW9Jwbn1zCiTL1yXXtdXHDgYex0uPBICTykMDQ\/Tqv\/uO\/gkhBRdF23f6vg5FTfNuGt+Xy0Fk0ebg0v+GcG59TjCqaQUy+Q03NPLM6yy3yxzJpxPfyn\/mYzwz9EuGm9lP2P0Vvcp18W3EF2kwHKIkJ6mylHoAHh04HK9eJE1ouC0zkv6PLm3RhSZBhiD0NKQvOONiuCyy7ApWTFTvp9eUTzzhk6x16AirTEdZBK+7kCBftO13E0XwSBqRs0OEtQoiUjWPa\/4WyOXRa1ItLraxUvg9lXQYOC3ks5uCttsPvDOiiexC1NlkCoT+1cbgZ93W\/Zw0hQVQEv9nHWQeKHlYFITaSycvKpslooCRfq2oQc2xVZMjgR\/w6Ell9pM48XE49mzAFHa1+X5TBSv4Mg5+jtttTPmA4HycFkAC6Bvaw+o86yDA659C1tYv+GqHmnD6n\/cAChXO5axknJZyf8k2FkfqeEk0J9JjuK9Vk+a49trVCFJoef+roiyXVfXk5iVhyCM6greJpD4Q+M\/CmpdRxk8eefzJbl8exyfr6nL1mReMuS5t4NQSsaLZgubcW3ELfW8c4zkWXK0RID9qY4D8RcQ3qzQBM1xwO9ocFeNPyvL\/iTrZLMifvlcO12hy8uCdZQURdjwxNJ9OzIwyyFwbwyh5T7CN2Gh88GCRNSHVDqC5AeT7yU+P6DGljhpOFK8obCc6HCJVoYBNs5MMEV4KS3j0eQ4KcHSYDRk9oNOnB6CAVT3VazUjrH\/mRaW0rn3iJ+6DRo1q8\/n5aTbYIR31blR6n7qEC9hYsNNR\/ciLMpQyndPKFWmy3pmrISMkM2SLmxD+WJk4g4e6nw2jk+49ZnN+rrNs1tThwzvWfK8tDa0wEY4CZcbKlpXXOPqAPVx555vGYFx3O7s3ZFNqWli24dSWjGQaXYdBMNV\/oHx1sEfLG2WOs+T3JFYZ84H\/ENfWq6nHLhQihj5fuhwjtbsxEA9uLuHd\/kHVOE4"} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1722426295459977,"flow_src_last_pkt_time":1722426295518153,"flow_dst_last_pkt_time":1722426295520888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":1617,"flow_dst_tot_l4_payload_len":5715,"midstream":0,"thread_ts_usec":1722426295520888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"217.138.197.43","src_port":37383,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN.NordVPN","proto_id":"159.426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01210{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":10,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749299342384,"flow_dst_last_pkt_time":1721749299378529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":749,"flow_dst_max_l4_payload_len":1128,"flow_src_tot_l4_payload_len":2863,"flow_dst_tot_l4_payload_len":5527,"midstream":0,"thread_ts_usec":1722426295520888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":706,"packets-processed":706,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101830,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1722426295520888} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":706,"packets-processed":706,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101830,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1722426295520888} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 706/706 ~~ skipped flows.............: 0 @@ -102,9 +102,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8693658 bytes -~~ total memory freed........: 8693658 bytes -~~ total allocations/frees...: 141352/141352 +~~ total memory allocated....: 9458320 bytes +~~ total memory freed........: 9458320 bytes +~~ total allocations/frees...: 155318/155318 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 508 chars ~~ json message max len.......: 2332 chars diff --git a/test/results/default/openvpn_nohmac.pcapng.out b/test/results/default/openvpn_nohmac.pcapng.out index 1a6f16ce5..0101222f9 100644 --- a/test/results/default/openvpn_nohmac.pcapng.out +++ b/test/results/default/openvpn_nohmac.pcapng.out @@ -1,16 +1,16 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1512848303527265} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1512848303527265} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512848303527265,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1512848303527265,"pkt":"AAAArFWYSEb7fvLiCABFAAAqQmkAAD4RLXIDb6ZOVYYNpcfKBKoAFnrvODn97S2qEKQ3AAAAAAAt+EmW"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1512848303743400,"pkt":"AAAArFWYSEb7fvLiCABFAAA2y2xAADkRaWJVhg2lA2+mTgSqx8oAIoFUQJQhkX3nJncpAQAAAAA5\/e0tqhCkNwAAAAA="} -00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1512848303743400,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1512848303743400,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1512848303859503,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1512848303859503,"pkt":"AAAArFWYSEb7fvLiCABFAAAyFfEAAD4RWeIDb6ZOVYYNpcfKBKoAHgbvKDn97S2qEKQ3AQAAAACUIZF95yZ3KQ=="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1512848303865302,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_usec":1512848303865302,"pkt":"AAAArFWYSEb7fvLiCABFAACOIDYAAD4RT0EDb6ZOVYYNpcfKBKoAelMSIDn97S2qEKQ3AAAAAAEWAwEAjAEAAIgDA5yZa+33hsQlHJybi\/1GEeSPsfPEVsCkgrx0k4rbr7kYAAAOwC7AMgCfwCzAMAAvAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAM"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1512848303868693,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1512848303868693,"pkt":"AAAArFWYSEb7fvLiCABFAABXqX4AAD4Rxi8Db6ZOVYYNpcfKBKoAQ1UHIDn97S2qEKQ3AAAAAAIACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":922,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":581,"flow_dst_packets_processed":340,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848356295428,"flow_dst_last_pkt_time":1512848355480664,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1445,"flow_src_tot_l4_payload_len":112143,"flow_dst_tot_l4_payload_len":149150,"midstream":0,"thread_ts_usec":1512848356295428,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":594,"flow_dst_packets_processed":350,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848376745041,"flow_dst_last_pkt_time":1512848376774734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1445,"flow_src_tot_l4_payload_len":113447,"flow_dst_tot_l4_payload_len":150832,"midstream":0,"thread_ts_usec":1512848376774734,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":944,"packets-processed":944,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":264279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1512848376774734} +02200{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":922,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":581,"flow_dst_packets_processed":340,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848356295428,"flow_dst_last_pkt_time":1512848355480664,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1445,"flow_src_tot_l4_payload_len":112143,"flow_dst_tot_l4_payload_len":149150,"midstream":0,"thread_ts_usec":1512848356295428,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":594,"flow_dst_packets_processed":350,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848376745041,"flow_dst_last_pkt_time":1512848376774734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1445,"flow_src_tot_l4_payload_len":113447,"flow_dst_tot_l4_payload_len":150832,"midstream":0,"thread_ts_usec":1512848376774734,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":944,"packets-processed":944,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":264279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1512848376774734} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 944/944 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8672190 bytes -~~ total memory freed........: 8672190 bytes -~~ total allocations/frees...: 141476/141476 +~~ total memory allocated....: 9436564 bytes +~~ total memory freed........: 9436564 bytes +~~ total allocations/frees...: 155442/155442 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars -~~ json message max len.......: 2207 chars -~~ json message avg len.......: 1336 chars +~~ json message max len.......: 2205 chars +~~ json message avg len.......: 1335 chars diff --git a/test/results/default/openvpn_nohmac_tcp.pcapng.out b/test/results/default/openvpn_nohmac_tcp.pcapng.out index adaedeb80..5279a4ebc 100644 --- a/test/results/default/openvpn_nohmac_tcp.pcapng.out +++ b/test/results/default/openvpn_nohmac_tcp.pcapng.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1358197736781122} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1358197736781122} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197736781122,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781122,"pkt":"CAAnQNKjCAAns07aCABFAAA84dtAAEAGEJgKtet6CvtHHptcBKpaoHPGAAAAAKACOQjGKgAAAgQFtAQCCAr\/\/5IdAAAAAAEDAwE="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781340,"pkt":"CAAns07aCAAnQNKjCABFAAA8AABAAEAG8nMK+0ceCrXregSqm1zryb8hWqBzx6ASOJCClwAAAgQFtAQCCAr\/\/5kO\/\/+SHQEDAwE="} @@ -9,7 +9,7 @@ 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737794869,"flow_dst_last_pkt_time":1358197737799430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1358197737799430,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737942660,"flow_dst_last_pkt_time":1358197737942559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":274,"flow_dst_max_l4_payload_len":348,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1358197737942660,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":210,"avg":74934.7,"max":1014473,"stddev":247074.6,"var":61045854208.0,"ent":1.8,"data": [218,377,1013370,1014473,3617,5492,3300,44879,40998,530,345,40353,40401,992,18067,17798,428,281,37075,37264,287,268,279,211,265,252,249,261,212,223,210]},"pktlen": {"min":52,"avg":115.4,"max":400,"stddev":89.5,"var":8001.3,"ent":4.7,"data": [60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76]},"bins": {"c_to_s": [14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.634053230,5.054204941,5.039584637,5.193215847,5.116507530,5.177333832,5.039584637,5.369915009,5.116507530,5.342938900,5.025067329,5.315114975,4.909682751,5.326361656,4.986606121,5.801545143,4.986606121,5.423783302,5.341430664,5.025067806,6.420508862,5.262471199,6.588784218,5.395376205,6.650779724,5.395376205,6.047887802,5.337505817,5.757668018,5.421691895,6.887341976,5.316428661]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":95,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197768802378,"flow_dst_last_pkt_time":1358197768801647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":6986,"flow_dst_tot_l4_payload_len":7709,"midstream":0,"thread_ts_usec":1358197768802378,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":195,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14695,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1358197768802378} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":195,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14695,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1358197768802378} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 195/195 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652541 bytes -~~ total memory freed........: 8652541 bytes -~~ total allocations/frees...: 140729/140729 +~~ total memory allocated....: 9416915 bytes +~~ total memory freed........: 9416915 bytes +~~ total allocations/frees...: 154695/154695 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 2173 chars diff --git a/test/results/default/openvpn_obfuscated.pcapng.out b/test/results/default/openvpn_obfuscated.pcapng.out index 531092254..24b626cb6 100644 --- a/test/results/default/openvpn_obfuscated.pcapng.out +++ b/test/results/default/openvpn_obfuscated.pcapng.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722427237865123,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237865123,"pkt":"CL6sCxduJjb1W8R1CABFAAA8G7tAAEAGftnAqAycuYAZY5RYAdHRRTx5AAAAAKAC\/\/8WmQAAAgQFtAQCCApRg5vRAAAAAAEDAwk="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237885149,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGqZS5gBljwKgMnAHRlFgui1zd0UU8eqAS\/\/\/GVwAAAgQFtAQCCApg+GPPUYOb0QEDAwk="} @@ -14,7 +14,7 @@ 01034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401921409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1722427401924227,"pkt":"CL6sCxduJjb1W8R1CABFAAGT2SFAAEARDyHAqAyclWbubLgYBL4Bf+BaVEX2eYIGWZW97B\/uBFKid6MSV9\/02W2\/W+o36cuQNVtmMhAJHTAcbDg7XCMFAl0xHCYeGhojEQ07YGRoa2JiGBURHRlLEx04EAUBFg8EBB4VCR8QQxUVFBYoJyUjKnU9F0geFD5NHRwpDR0JMwQHEBgXGRgREREWHu32uP3s3BELEBsZDBEMEQcEDlgJDwQeFxCIEBhHyxRzBjPkcOAZKQXaF+N3ATvcOcpmAyzAL96OHmPUM\/K30LS6xKT6al3NNNxMChsDEA8uCd46WfS1aCsMHMuFvhUjOGTIBxpU3v\/Hxw6s\/CgKCqKhIJpNENIN2+tGFOfxS7QuGoPC52Q7v9u+NPw8b3vfvXXBBwc5DBYQNxUEGwYXFhEnO2pMT+yE7o8cNhkQEQM5pmcMCREEcDf7xzLpHLLsNx\/zRQ7DT7GnNBoJH96PWo0gzSL9g2Dar\/34qx5dEYO9\/DG3QzVndkG9w4jcVbkhUFWSERwvvUItAJ\/89A5z"} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1722427401934060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB6OL1AADURu56VZu5swKgMnAS+uBgAZvhOXG8GfZrUgA1YMzkxNWQxAbNSOT0tNIAP9idCl\/rehm7YfSBAKj59k9UPRPKVaW0LUqQgzFOtLHumhFDN1Y5hbY3tlOPyWvfVkw6K7l+x6eqyqyRV8MQse1pU+6KRqg=="} 02035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722427401934161,"pkt":"Jjb1W8R1CL6sCxduCABFAAR4OL5AADURt5+VZu5swKgMnAS+uBgEZLQzVLAa0ZHTWfav3aQ6aDiNoVBwHdfIrsumF\/Xi771+6seFvgsgbkxRKAqi+llZx7z81zilj97CxWRsx93kXlTmVZH1P80KGnxXlR7BiJM18BLjNISj+gZaL0RMsbZ\/\/0UWwTMg0BMD+RgWYRcd61hmbZABZnpzMi\/LZRSE50mWCxH9dHqopm4Rzi4Sn7KxkjSWm8BiRUowB\/370WD0qx\/g9JW5UIxB92Ud6V1iTPjtmCgTxngrFqv4udp8FTsD8KNaHIzqNRUDWeNKhdBfywJxLoo8\/p1OGrSOuC\/yUWCOVPBEG0DdNlHBPyeW8SDwcnP4DcidmrJfxLHUg1HGh4+RWLkSFQsr+4W5z29yC41XpvCOCfc\/hn+EAz73kSY1DzJL59r2AXH8G5Rea\/RbEUrobun9NGOeVKCIzmD8Trl96OaqJhX8xal6pdV0sAV5Vo9xPebYVgEG80YaI0ek\/7yknL8W9IBQ2aLOpnFDXpCbdgYsosJ1y5dt6ib8aNJ+M\/xKRCussfhzl6cYKdrj1skMpL6bcbwUuhNt0cz28hf9enP7WBDH0Fxp5kwD+hH3G30EyEpxKuMziqSt\/e4UQR1duSa5VhMDOC98xMmGl0fj5OxMkG6xFP+PlFxbfRIMxgHsORiw87u6+g8HDPXiXIvJH4NZ7GvAgKGx6vPzRzY1kJ62bLlLPsnFFe6u5Lu3S820EMsOgXAFuSfj3yV3Evd+WLk737aUMZpoycfdzpgL1pvr4w3GxN\/TLg48jWGBKotX5zgnS6rvI88rGnHjRpaeOQ9CGYvCXVgO6n0MG2pCKs14CRjfcLqndxUDz5CE0mpW+jUfNJ4ux57J42zD3C+R4ZvY0UqADXZgvIZieAaKP2Qftw4pNwvuYOvK1OYGPbD+e89LxaNtpqyRB1MKVrBbdwgLG5kjU0ZoQUZJ2JOassNku+llFLRYPlNIJdOPFe8lNwX6hfJGdRMMmb4N9pCq8zoPySjjHjxjcpVsIj21jIi6qDUjUIvYwHaz3y0G7hXahyVVr7iDXUaXJGHIL0N4eAIJwH2sxv5+E4rQX5KXSJTnQN0IUM9\/AywsX9qhuZUo9Ozj\/8opy6hdWDTnxIrSvYZ63LEWGZ6GbZq9Um2Ln9uD7D+\/BgaPsoCfTlvt4+mz8wj6pNzsVkxsrWn6iEtKp70qWQsP\/gFGe2Df51awxTQYITw6LzU6Lndgr4Qxly7lJIUUP46pn4P+TJ+8+3QoYuNOQEyg9SneVXtmcVB8Vnt2enN1DntXWXR5brdGfJSMHDslO+anlwsJFXTtGhgL4dS2wSKBjgYjFobKFroyEjVAyw7y9kntCrZphbXffdx2X4Zb1huMN30p83ks9\/SzOTk5Tj82bgcyZR09O24Tj2g3MTAMKUrvJnigQgCd7TGqBAQ2acAFhpTV62J2y9r8nx3tIE\/jhWhChZNaqTMjhHxlENJxKzeOMmtRIMpACoJ6fPzVRSJ+VFr38ZOo"} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705590754656,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705590754656,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADMGuFNroVaDwKgMnAG7u8glbqt9M+JifKAS\/\/9LzQAAAgQFtAQCCApqqi2Uyg3lpAEDAwI="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590856725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722705590856725,"pkt":"CL6sCxduJjb1W8R1CABFAAA0KexAAEAGgW\/AqAyca6FWg7vIAbsz4mJ8JW6rfoAQAKx48wAAAQEICsoN5plqqi2U"} @@ -27,7 +27,7 @@ 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239577895,"flow_dst_last_pkt_time":1722427239598141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5488,"flow_dst_tot_l4_payload_len":7758,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01078{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"NordVPN","proto_id":"426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659010 bytes -~~ total memory freed........: 8659010 bytes -~~ total allocations/frees...: 140736/140736 +~~ total memory allocated....: 9423448 bytes +~~ total memory freed........: 9423448 bytes +~~ total allocations/frees...: 154702/154702 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 558 chars ~~ json message max len.......: 2040 chars diff --git a/test/results/default/openwire.pcapng.out b/test/results/default/openwire.pcapng.out index 8b67cefa9..98b1dbe18 100644 --- a/test/results/default/openwire.pcapng.out +++ b/test/results/default/openwire.pcapng.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721660189198049} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721660189198049} 00312{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1721660189198049,"packet_id":1,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","layer_type":402653184,"global_ts_usec":1721660189198049} 00394{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":76,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1721660189198049,"pkt":"GAAAAGALVdYAIAaAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHH1fCwzqyAygAAAACAAv\/\/bQEAAAIE\/8MBAwMIAQEEAg=="} 00312{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1721660189198100,"packet_id":2,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","layer_type":402653184,"global_ts_usec":1721660189198100} @@ -32,7 +32,7 @@ 00377{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_usec":1721660189198049,"pkt":"GAAAAGANetYAFAaAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHwsMfVzqdbMs6sgtFQECf1U\/8AAA=="} 00314{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1721660189201914,"packet_id":16,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","layer_type":402653184,"global_ts_usec":1721660189201914} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":78,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_usec":1721660189198049,"pkt":"GAAAAGANetYAIgaAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHwsMfVzqdbMs6sgtFQGCf1Nd0AAAAAAAoeAAAAAAAAAAAC"} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":43,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1721660190272682} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":43,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1721660190272682} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 43/0 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 317 chars ~~ json message max len.......: 834 chars diff --git a/test/results/default/opera-vpn.pcapng.out b/test/results/default/opera-vpn.pcapng.out index deba035d2..3518891be 100644 --- a/test/results/default/opera-vpn.pcapng.out +++ b/test/results/default/opera-vpn.pcapng.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1694275752994885} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1694275752994885} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275752994885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275752994885,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275752994885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275752994885,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjGAbuXrZxyAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKE5KNpgAAAAAEAgAA"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753007782,"flow_dst_last_pkt_time":1694275753007782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753007782,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -615,7 +615,7 @@ 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760309706,"flow_dst_last_pkt_time":1694275760309664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2641,"flow_dst_tot_l4_payload_len":8573,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760807493,"flow_dst_last_pkt_time":1694275760807237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3236,"flow_dst_tot_l4_payload_len":6089,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760841495,"flow_dst_last_pkt_time":1694275760839879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1996,"flow_dst_tot_l4_payload_len":2516,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3200,"packets-processed":3200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1186790,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":61,"total-detection-updates":61,"total-updates":0,"current-active-flows":0,"total-active-flows":62,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":618,"global_ts_usec":1694275760841495} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3200,"packets-processed":3200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1186790,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":61,"total-detection-updates":61,"total-updates":0,"current-active-flows":0,"total-active-flows":62,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":618,"global_ts_usec":1694275760841495} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3200/3200 ~~ skipped flows.............: 0 @@ -624,9 +624,9 @@ ~~ total active/idle flows...: 62/62 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 11644259 bytes -~~ total memory freed........: 11644259 bytes -~~ total allocations/frees...: 145257/145257 +~~ total memory allocated....: 12412565 bytes +~~ total memory freed........: 12412565 bytes +~~ total allocations/frees...: 159283/159283 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2513 chars diff --git a/test/results/default/oracle12.pcapng.out b/test/results/default/oracle12.pcapng.out index 2828712ad..8fd6a3f01 100644 --- a/test/results/default/oracle12.pcapng.out +++ b/test/results/default/oracle12.pcapng.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1481291750025382} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1481291750025382} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750025382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1481291750025382,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750025382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1481291750025382,"pkt":"UlQAEjUCCAAn5\/q0CABFAAA8b5VAAEAGbI0KAAIPCgBIi50iBfF8VCT6AAAAAKACchBeyAAAAgQFtAQCCAoFQUtvAAAAAAEDAwc="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750026998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1481291750026998,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAsAf4AAEAGGjUKAEiLCgACDwXxnSIAeB4BfFQk+2AS\/\/\/WoAAAAgQFtAAA"} @@ -8,7 +8,7 @@ 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750027196,"flow_dst_last_pkt_time":1481291750026998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1481291750027196,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Oracle","proto_id":"167","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1481291750027196,"flow_dst_last_pkt_time":1481291750027391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1481291750027391,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAoAf8AAEAGGjgKAEiLCgACDwXxnSIAeB4CfFQlz1AQ\/\/\/tiQAAAAAAAAAA"} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750055490,"flow_dst_last_pkt_time":1481291750054984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":239,"flow_src_tot_l4_payload_len":941,"flow_dst_tot_l4_payload_len":441,"midstream":0,"thread_ts_usec":1481291750055490,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Oracle","proto_id":"167","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1382,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1481291750055490} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1382,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1481291750055490} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645418 bytes -~~ total memory freed........: 8645418 bytes -~~ total allocations/frees...: 140553/140553 +~~ total memory allocated....: 9409792 bytes +~~ total memory freed........: 9409792 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 979 chars diff --git a/test/results/default/os_detected.pcapng.out b/test/results/default/os_detected.pcapng.out index bfe8fba4f..0055b6e4f 100644 --- a/test/results/default/os_detected.pcapng.out +++ b/test/results/default/os_detected.pcapng.out @@ -1,10 +1,10 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1611427514609727} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1611427514609727} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1611427514609727,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="} 01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13i0307h9_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1611427514609727} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1611427514609727} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655066 bytes -~~ total memory freed........: 8655066 bytes -~~ total allocations/frees...: 140558/140558 +~~ total memory allocated....: 9419440 bytes +~~ total memory freed........: 9419440 bytes +~~ total allocations/frees...: 154524/154524 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 595 chars ~~ json message max len.......: 2231 chars diff --git a/test/results/default/ospfv2_add_new_prefix.pcap.out b/test/results/default/ospfv2_add_new_prefix.pcap.out index bf2abeec4..a86b7286c 100644 --- a/test/results/default/ospfv2_add_new_prefix.pcap.out +++ b/test/results/default/ospfv2_add_new_prefix.pcap.out @@ -1,11 +1,11 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1596626889276433} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1596626889276433} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1596626889276433,"pkt":"qrvMAAEwqrvMAAowCABFwABsAPoAAAFZj3MKAQoKCgEKAQIEAFisEAAKAAAABqsnAAAAAAAAAAAAAAAAAAEAASIBrBAACqwQAAqAAAASxYoAPAAAAAMKAAAK\/\/\/\/\/wMAAAGsEAAK\/\/\/\/\/wMAAAEKAQoKCgEKCgIAAAo="} 00900{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1596626891781999,"pkt":"qrvMAAowqrvMAAEwCABFwABAAqkAAAFZjfAKAQoBCgEKCgIFACwKAAABAAAABjO3AAAAAAAAAAAAAAABIgGsEAAKrBAACoAAABLFigA8"} 00941{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1596626891781999,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1596626891781999} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1596626891781999} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644900 bytes -~~ total memory freed........: 8644900 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409274 bytes +~~ total memory freed........: 9409274 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 946 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out index a2d0713d4..4e5a9a9b5 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -1,9 +1,9 @@ -00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675096016031349} +00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675096016031349} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675096016031349,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096016031349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675096016031349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1,"dst_port":2,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096016031349,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675096016031349,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEAAQACAByhgP\/\/\/\/8AAAAAAAAAAAAAAAAwMDAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096025685767,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675096025685767,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEAAgABAByhgP\/\/\/\/8AAAAAAAAAAAAAAAAwMDAA"} -00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1675103063534227} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1675103063534227} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103063534227,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103063534227,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675103063534227,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103063534227,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675103071542564,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103071542564,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"} @@ -15,7 +15,7 @@ 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103123821322,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103123821322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":576,"pkt_l4_len":556,"thread_ts_usec":1675103229245464,"pkt":"RQACQAABAABAEXqqfwAAAX8AAAEEXwRgAixmRlhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY"} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103229245464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2303,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1675104043107099} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2303,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1675104043107099} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104043107099,"pkt":"RQAAMgABAABABt2ZwKgBgAyBzoIAAQRfAAAAAAAAAABQACAABe8AAEoAAApmAgrtLWY="} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103268067687,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} @@ -25,12 +25,12 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104074459668,"pkt":"RQAAMgABAABABqxHwKgBgMoJQkwAAQRfAAAAAAAAAABQACAA1JwAAEoAAApmAgrtLWY="} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104087883689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104087883689,"pkt":"RQAAMgABAABABr8dwKgBgAyB7P4AAQRfAAAAAAAAAABQACAA53IAAEoAAApmAgrtLWY="} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2343,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":2,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1675107987924579} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2343,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":2,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1675107987924579} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675107987924579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675107987924579,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675107987924579,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":32,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":32,"pkt_l4_len":12,"thread_ts_usec":1675107987924579,"pkt":"RQAAIAABAABAEXzKfwAAAX8AAAEAZADIAAzHjzkYAAA="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1675108033027780,"pkt":"RQAAJAABAABAEXzGfwAAAX8AAAEAyABkABDGhzoYAAAAAAAA"} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108033027780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":3,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1675168617695568} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":3,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1675168617695568} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675168617695568,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":17788,"dst_port":17788,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":141,"pkt_l4_len":121,"thread_ts_usec":1675168617695568,"pkt":"RQAAjQABAABAEXxdfwAAAX8AAAFFfEV8AHnX9HEARHRxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQUFN0cmVhbQAAAAAAAAAAAAAA"} 00914{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} @@ -43,7 +43,7 @@ 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 01187{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"Blizzard","proto_id":"213","proto_by_ip":"Blizzard","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":2,"total-guessed-flows":4,"total-detected-flows":1,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1675181007355625} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":2,"total-guessed-flows":4,"total-detected-flows":1,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1675181007355625} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675181007355625,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181007355625,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":10,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":41,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":41,"pkt_l4_len":21,"thread_ts_usec":1675181007355625,"pkt":"RQAAKQABAABABrSgwKgBgAECAwQAAQAKAAAAAAAAAABQACAAyaoAAAA="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":129,"pkt_l4_len":109,"thread_ts_usec":1675181007355625,"pkt":"RQAAgQABAABABrRIwKgBgAECAwQAAQAKAAAAAQAAAABQACAAUjUAABYDAQBUAQAAUAMBTWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgTWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA0AQAABQAAAAAA"} @@ -56,7 +56,7 @@ 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181007355625,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":10,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 01155{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181080065603,"flow_src_last_pkt_time":1675181373264924,"flow_dst_last_pkt_time":1675181080065603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":11,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181080065603,"flow_src_last_pkt_time":1675181373264924,"flow_dst_last_pkt_time":1675181080065603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":11,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2641,"total-not-detected-flows":5,"total-guessed-flows":4,"total-detected-flows":1,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1675181373264924} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2641,"total-not-detected-flows":5,"total-guessed-flows":4,"total-detected-flows":1,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1675181373264924} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 7 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8679691 bytes -~~ total memory freed........: 8679691 bytes -~~ total allocations/frees...: 140663/140663 +~~ total memory allocated....: 9444353 bytes +~~ total memory freed........: 9444353 bytes +~~ total allocations/frees...: 154629/154629 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 523 chars ~~ json message max len.......: 1249 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out index 725d69278..48b91f842 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -1,4 +1,4 @@ -00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":330297046,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":330297046,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":330297046,"pkt":"UlQA8ZEmCAAnnh3HCABFAAA8OlxAAEAGK6zAqAABCgoKASJTfbEpaMgpAAAAAKAC+vBgTwAAAgQFtAQCCAosLVpIAAAAAAEDAwc="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330433319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":330433319,"pkt":"CAAnnh3HUlQA8ZEmCABFAAAsCdUAAEAGnEMKCgoBwKgAAX2xIlMCaioBKWjIKmAS\/\/8FYAAAAgQFtA=="} @@ -7,7 +7,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":330434854,"flow_dst_last_pkt_time":330435114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":330435114,"pkt":"CAAnnh3HUlQA8ZEmCABFAAAoCdYAAEAGnEYKCgoBwKgAAX2xIlMCaioCKWjIT1AQ\/\/8c+AAA"} 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":330297046,"flow_src_last_pkt_time":330482740,"flow_dst_last_pkt_time":330571168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":330571168,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 02319{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":330297046,"flow_src_last_pkt_time":331331838,"flow_dst_last_pkt_time":331332084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6059,"flow_dst_tot_l4_payload_len":4420,"midstream":0,"thread_ts_usec":331332084,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":66768.7,"max":274397,"stddev":88285.8,"var":7794386432.0,"ent":3.8,"data": [136273,137235,573,1795,12093,11937,35737,56,35774,25,88318,88631,11617,11587,151937,89,151972,35682,35919,255841,274397,18558,256484,257570,1057,306,258,28908,45,29127,29]},"pktlen": {"min":40,"avg":369.0,"max":1500,"stddev":516.4,"var":266637.3,"ent":3.8,"data": [60,44,46,77,40,106,40,1500,418,40,40,88,46,187,46,1500,1276,46,1118,40,1129,1141,40,480,96,40,88,40,1500,415,40,40]},"bins": {"c_to_s": [5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1],"entropies": [4.593347073,4.569403648,4.267595291,4.557471752,4.561769485,3.980688334,4.511769295,7.562818527,7.355636597,4.442897320,4.561769485,4.850268364,4.354552269,3.829532146,4.398030758,7.720746994,7.806058884,4.287461758,7.654390335,4.561769485,7.519946575,7.677032471,4.611769676,6.499645710,4.460224152,4.611769676,3.810093641,4.611769676,7.548070431,7.340783596,4.611769676,4.561769485]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":59,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1258844926423672} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":59,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1258844926423672} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423672,"pkt":"AEBjsiExABQqZoWVCABFAAA8fZdAAEAGHQesGuumrB5cPtlOAHfZ0lWUAAAAAKACFtBfGwAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -23,7 +23,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":34,"flow_first_seen":330297046,"flow_src_last_pkt_time":332418734,"flow_dst_last_pkt_time":332418496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":13343,"flow_dst_tot_l4_payload_len":14853,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":72,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1532126321356858} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":72,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1532126321356858} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1532126321356858,"pkt":"ouY0KRatOjbl\/kz4CABFiACwAksAAEARGfwKk80qCi17hKnGymwAnLj3AQAAANg30DBfzsfI5cji4\/eYnu9gwijYIynWArax4rudBo+Jz51NRTJ4D20nJk97mHAf3Cek7ACutr7NvvIzLxtAhMrbk4I5NcASriVeeyXv8TlAwyH6a9ZqKoewYdsUMBc+k39Wk0neKFbcXyYWdj7ur8BTOwHdll5+x2l24o9oPWcSAAAAAAAAAAAAAAAAAAAAAA=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -33,7 +33,7 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1576629231599706} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1576629231599706} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629231599706,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629231599706,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+aeFThYp3nnAAAAALDC\/\/9fRwAAAgQFtAEDAwYBAQgKmyLsDAAAAAAEAgAA"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231600017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629231600017,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45p59bstLWKd56KBScSDq+wAAAgQFtAQCCApyjFlXmyLsDAEDAwc="} @@ -44,7 +44,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00964{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28904,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1707399362135630} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28904,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1707399362135630} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707399362135630,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399362135630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54898,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1707399362135630,"pkt":"AAAAAAAAAAAAAAAACABFAAA8NEVAAEAGCHV\/AAABfwAAAdZyBRN6JQ1eAAAAAKAC\/9f+MAAAAgT\/1wQCCAo7WdCZAAAAAAEDAwc="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135650,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1707399362135650,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQUT1nLzM9CNeiUNX6AS\/8v+MAAAAgT\/1wQCCAo7WdCZO1nQmQEDAwc="} @@ -62,7 +62,7 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1707399382437584,"flow_dst_last_pkt_time":1707399382437612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1707399382437612,"pkt":"AAAAAAAAAAAAAAAACABFAAA0qa5AAEAGkxN\/AAABfwAAAQUT2PCtSDGjO\/XObYAQAf\/+KAAAAQEICjtaH+c7Wh\/n"} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1707399362135630,"flow_src_last_pkt_time":1707399371078005,"flow_dst_last_pkt_time":1707399371077977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399396589067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54898,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber.TruPhone","proto_id":"67.101","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1707399376146687,"flow_src_last_pkt_time":1707399396589067,"flow_dst_last_pkt_time":1707399396589053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399396589067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":55536,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber.TruPhone","proto_id":"67.101","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":101,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1707399396589067} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":101,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1707399396589067} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 101/101 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8679197 bytes -~~ total memory freed........: 8679197 bytes -~~ total allocations/frees...: 140720/140720 +~~ total memory allocated....: 9443795 bytes +~~ total memory freed........: 9443795 bytes +~~ total allocations/frees...: 154686/154686 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2324 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out index 41be2b3a8..34ea64386 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -1,11 +1,11 @@ -00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675108086330330} +00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675108086330330} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108086330330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675108086330330,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108086330330,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":32,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":32,"pkt_l4_len":12,"thread_ts_usec":1675108086330330,"pkt":"RQAAIAABAABAEXzKfwAAAX8AAAEAZADIAAzHjzkYAAA="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1675108097027766,"pkt":"RQAAJAABAABAEXzGfwAAAX8AAAEAyABkABDFhzsYAAAAAAAA"} 00913{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108097027766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108097027766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1675108097027766} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1675108097027766} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644872 bytes -~~ total memory freed........: 8644872 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409246 bytes +~~ total memory freed........: 9409246 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 522 chars ~~ json message max len.......: 918 chars diff --git a/test/results/default/paltalk.pcapng.out b/test/results/default/paltalk.pcapng.out index 7ff9872d2..753002980 100644 --- a/test/results/default/paltalk.pcapng.out +++ b/test/results/default/paltalk.pcapng.out @@ -1,19 +1,19 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1729781781186613} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1729781781186613} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781186613,"flow_dst_last_pkt_time":1729781781186613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729781781186613,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1729781781186613,"flow_dst_last_pkt_time":1729781781186613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729781781186613,"pkt":"SKmKCiNtCAAniDE8CABFAAA0lNRAAIAGAADAqFjQA6JwXcpfAbvthAYzAAAAAIAC+vCNngAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1729781781186613,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729781781299173,"pkt":"CAAniDE8SKmKCiNtCABFAAA0AABAAO4G\/0sDonBdwKhY0AG7yl9jQ4ry7YQGNIAS\/\/8zkgAAAgQFoAEBBAIBAwMJ"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1729781781299214,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1729781781299214,"pkt":"SKmKCiNtCAAniDE8CABFAAAolNVAAIAGAADAqFjQA6JwXcpfAbvthAY0Y0OK81AQBAWNkgAA"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1729781781319028,"pkt":"SKmKCiNtCAAniDE8CABFAADelNZAAIAGAADAqFjQA6JwXcpfAbvthAY0Y0OK81AYBAWOSAAAFgMDALEBAACtAwNnGmAVy17EUPm3FkBHuB439O7oNgXVlaoaOcLg\/LlcogAAKsAswCvAMMAvAJ8AnsAkwCPAKMAnwArACcAUwBMAnQCcAD0APAA1AC8ACgEAAFoAAAAQAA4AAAtwYWx0YWxrLmNvbQAFAAUBAAAAAAAKAAgABgAdABcAGAALAAIBAAANABoAGAgECAUIBgQBBQECAQQDBQMCAwICBgEGAwAjAAAAFwAA\/wEAAQA="} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729781781319028,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"paltalk.com","domainame":"paltalk.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d210800_76e208dd3e22_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729781781319028,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"paltalk.com","domainame":"paltalk.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d210800_76e208dd3e22_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781432027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1729781781432027,"pkt":"CAAniDE8SKmKCiNtCABFAAAoveIAAO4GgXUDonBdwKhY0AG7yl9jQ4rz7YQG6lAQAINzGQAAAAC\/iaj4"} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781432027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1729781781432027,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"paltalk.com","domainame":"paltalk.com","tls": {"version":"TLSv1.2","ja3s":"7da0ae90f9693272ed42e89898421495","ja4":"t12d210800_76e208dd3e22_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781432027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1729781781432027,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"paltalk.com","domainame":"paltalk.com","tls": {"version":"TLSv1.2","ja3s":"7da0ae90f9693272ed42e89898421495","ja4":"t12d210800_76e208dd3e22_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729781826160319,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729781826160319,"l3_proto":"ip4","src_ip":"158.69.169.104","dst_ip":"192.168.88.208","src_port":6845,"dst_port":51887,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1729781826160319,"pkt":"CAAniDE8SKmKCiNtCABFAAAwAABAADEG6KGeRalowKhY0Bq9yq9PmWUJAGGrknASchBq4AAAAgQFoAEDAwk="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1729781826160759,"pkt":"SKmKCiNtCAAniDE8CABFAAAoORpAAIAGAADAqFjQnkWpaMqvGr0AYauST5llClAQBAVhQQAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1729781826160873,"pkt":"SKmKCiNtCAAniDE8CABFAAA8ORtAAIAGAADAqFjQnkWpaMqvGr0AYauST5llClAYBAVhVQAA\/\/+nNQdbcysAAgABAAAABFr9\/\/8="} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1729781826160319,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1729781826160873,"l3_proto":"ip4","src_ip":"158.69.169.104","dst_ip":"192.168.88.208","src_port":6845,"dst_port":51887,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Paltalk","proto_id":"432","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1642,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1729789201455805} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1642,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1729789201455805} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729789201455805,"flow_src_last_pkt_time":1729789201455805,"flow_dst_last_pkt_time":1729789201455805,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201455805,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"84.17.44.229","src_port":50728,"dst_port":7970,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1729789201455805,"flow_dst_last_pkt_time":1729789201455805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729789201455805,"pkt":"SKmKCiNtCAAniDE8CABFAAA0re9AAIAGAADAqFjQVBEs5cYoHyInaWRrAAAAAIAC+vCalQAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1729789201455805,"flow_dst_last_pkt_time":1729789201630864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729789201630864,"pkt":"CAAniDE8SKmKCiNtCABFAAA0AABAAC8GsVVUESzlwKhY0B8ixiiBQAQNJ2lkbIASchBsKAAAAgQFoAEBBAIBAwMH"} @@ -25,12 +25,12 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729789201630971,"pkt":"CAAniDE8SKmKCiNtCABFAAA0AABAAPAGjsUswrXDwKhY0ABQynGJtKFuQMJbO4ASaQN4MAAAAgQFoAEBBAIBAwMI"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1729789201630971,"pkt":"SKmKCiNtCAAniDE8CABFAAAoo\/lAAIAGAADAqFjQLMK1w8pxAFBAwls7ibShb1AQBAX8GAAA"} 01656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":897,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":897,"pkt_l4_len":863,"thread_ts_usec":1729789201630971,"pkt":"SKmKCiNtCAAniDE8CABFAANzo\/pAAIAGAADAqFjQLMK1w8pxAFBAwls7ibShb1AYBAX\/YwAAUE9TVCAvL3Fvcy9jbGllbnQgSFRUUC8xLjENCkhvc3Q6IHFvcy5wYWx0YWxrY29ubmVjdC5jb20NClVzZXItQWdlbnQ6IFBhbHRhbGtRT1MNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24NCkNvbnRlbnQtTGVuZ3RoOiA2NDcNCkNvbm5lY3Rpb246IGNsb3NlDQoNCnsgImNsaWVudF90aW1lX3V0YyIgOiAiMjAyNC1PY3QtMjQgMTQ6NTY6MjYuNTE2NDE5IiwgImNsaWVudF90eXBlIiA6IDQzLCAiY2xpZW50X3ZlcnNpb24iIDogIjEuMzQuMC4xMDI2MTkiLCAiZGVzY3JpcHRpb24iIDogIm11bHRpX3dpbmRvd19tb2RlX2VuYWJsZWQ6ZmFsc2UiLCAiZGVzdGluYXRpb25fcG9ydCIgOiAwLCAiZGVzdGluYXRpb25fc2VydmVyX2lwIiA6ICIiLCAiZGV0YWlsc19zdHJfMSIgOiAidHJ1ZSIsICJkZXRhaWxzX3N0cl85IiA6ICJmcmVlIiwgImdpZCIgOiAwLCAiaWQiIDogMTYwOTY5MTQxLCAibWFjX2FkZHJlc3MiIDogIjA4MDAyNzg4MzEzQyIsICJtZXNzYWdlIiA6ICJtZXNzYWdlX3Vua25vd24iLCAibmlja25hbWUiIDogImdhY2hpbXVjaGktbGVhdGhlcm1hbiIsICJvcyIgOiAiV2luZG93cyAxMCBQcm8gZm9yIFdvcmtzdGF0aW9ucyIsICJvc192ZXJzaW9uIiA6ICIxMC4wIiwgInByb3RvX3NlcnZlcl9pZCIgOiA0MSwgInByb3RvY29sX3ZlcnNpb24iIDogMTM0LCAic2V2ZXJpdHkiIDogImluZm8iLCAic3ViX3R5cGUiIDogInVzZXJfaW50ZXJmYWNlIiwgInRva2VuIiA6IDAsICJ0eXBlIiA6ICJhcHBsaWNhdGlvbiIsICJ1aWQiIDogMTIzNDMzNzcxLCAidXNlcnNfY291bnRyeV9jb2RlIiA6ICJSVSJ9"} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729789201630971,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":843,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"44.194.181.195","src_port":51825,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Paltalk","proto_id":"7.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"qos.paltalkconnect.com","domainame":"qos.paltalkconnect.com","http": {"url":"qos.paltalkconnect.com\/\/qos\/client","code":0,"content_type":"","user_agent":"PaltalkQOS","request_content_type":"application\/json"}}} -01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781432027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729789201630971,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":843,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"44.194.181.195","src_port":51825,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Paltalk","proto_id":"7.432","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"qos.paltalkconnect.com","domainame":"qos.paltalkconnect.com","http": {"url":"qos.paltalkconnect.com\/\/qos\/client","code":0,"content_type":"","user_agent":"PaltalkQOS","request_content_type":"application\/json"}}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781432027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729789201455805,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"84.17.44.229","src_port":50728,"dst_port":7970,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Paltalk","proto_id":"432","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729789201630971,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":843,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"44.194.181.195","src_port":51825,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Paltalk","proto_id":"7.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729789201630971,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":843,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"44.194.181.195","src_port":51825,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Paltalk","proto_id":"7.432","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1729781826160319,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"158.69.169.104","dst_ip":"192.168.88.208","src_port":6845,"dst_port":51887,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Paltalk","proto_id":"432","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1729789201630971} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1729789201630971} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8660892 bytes -~~ total memory freed........: 8660892 bytes -~~ total allocations/frees...: 140591/140591 +~~ total memory allocated....: 9425362 bytes +~~ total memory freed........: 9425362 bytes +~~ total allocations/frees...: 154557/154557 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 1661 chars diff --git a/test/results/default/path_of_exile.pcapng.out b/test/results/default/path_of_exile.pcapng.out index 633508bcb..904bad6f7 100644 --- a/test/results/default/path_of_exile.pcapng.out +++ b/test/results/default/path_of_exile.pcapng.out @@ -1,12 +1,12 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1709739200863006} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1709739200863006} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200863006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709739200863006,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200863006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1709739200863006,"pkt":"SKmKCiNt8C90rUP1CABFAAA8sslAAEAGL5rAqFjnxjJ4lo2mF+CghqOtAAAAAKACfXhYhwAAAgQFtAQCCArV2qNjAAAAAAEDAwc="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1709739200996369,"pkt":"8C90rUP1SKmKCiNtCABFKAA8AABAACwG9jvGMniWwKhY5xfgjaY9oyG+oIajrqAS\/ogdjAAAAgQFoAQCCAq1gFu61dqjYwEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1709739200996396,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1709739200996396,"pkt":"SKmKCiNt8C90rUP1CABFAAA0sspAAEAGL6HAqFjnxjJ4lo2mF+CghqOuPaMhv4AQAPtYfwAAAQEICtXao+m1gFu6"} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1709739201000335,"pkt":"SKmKCiNt8C90rUP1CABFAABTsstAAEAGL4HAqFjnxjJ4lo2mF+CghqOuPaMhv4AYAPtYngAAAQEICtXao+21gFu6AAMAN3VgAAIACW5EUElfVGVzdOyP7PIAAAAAQAAAAQ=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709739201000335,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1736079802056091} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1736079802056091} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736079802056091,"flow_src_last_pkt_time":1736079802056091,"flow_dst_last_pkt_time":1736079802056091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736079802056091,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"209.192.244.174","src_port":50808,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1736079802056091,"flow_dst_last_pkt_time":1736079802056091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736079802056091,"pkt":"WJz8EDlx8C90rUP1CABFAAA8mWNAAEAGGTTAqAEN0cD0rsZ4U3BRONg3AAAAAKAC+vCIUwAAAgQFtAQCCAqFPB26AAAAAAEDAwc="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1736079802056091,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736079802203892,"pkt":"8C90rUP1WJz8EDlxCABFAAA8AABAADYGvJfRwPSuwKgBDVNwxng3tNjSUTjYOKAS\/ohq8QAAAgQFoAQCCAoztyvWhTwdugEDAwc="} @@ -14,14 +14,14 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1736079802211469,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1736079802211469,"pkt":"WJz8EDlx8C90rUP1CABFAABHmWVAAEAGGSfAqAEN0cD0rsZ4U3BRONg4N7TY04AYAfaIXgAAAQEICoU8HlUztyvWAAMAGt5nAAIADI3uHgAAAABAAQ=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736079802056091,"flow_src_last_pkt_time":1736079802211469,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736079802211469,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"209.192.244.174","src_port":50808,"dst_port":21360,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736079802211469,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1736081650294301} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1736081650294301} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736081650294301,"flow_src_last_pkt_time":1736081650294301,"flow_dst_last_pkt_time":1736081650294301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736081650294301,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"91.206.197.210","src_port":49554,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1736081650294301,"flow_dst_last_pkt_time":1736081650294301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736081650294301,"pkt":"WJz8EDlx8C90rUP1CABFAAA8iJ1AAEAGzsjAqAENW87F0sGSU3A7XNgBAAAAAKAC+vDjhAAAAgQFtAQCCAoL0xXjAAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1736081650294301,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736081650304773,"pkt":"8C90rUP1WJz8EDlxCABFAAA8AABAADoGXWZbzsXSwKgBDVNwwZLKwrTPO1zYAqAS\/oh3KAAAAgQFoAQCCArnPD4VC9MV4wEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1736081650304800,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1736081650304800,"pkt":"WJz8EDlx8C90rUP1CABFAAA0iJ5AAEAGzs\/AqAENW87F0sGSU3A7XNgCysK00IAQAfbjfAAAAQEICgvTFe3nPD4V"} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1736081650306353,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1736081650306353,"pkt":"WJz8EDlx8C90rUP1CABFAABHiJ9AAEAGzrvAqAENW87F0sGSU3A7XNgCysK00IAYAfbjjwAAAQEICgvTFe\/nPD4VAAMAI\/GnAAIAk59+twAAAABABA=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736081650294301,"flow_src_last_pkt_time":1736081650306353,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736081650306353,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"91.206.197.210","src_port":49554,"dst_port":21360,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":69,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1736082968685045} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":69,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1736082968685045} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736082968685045,"flow_src_last_pkt_time":1736082968685045,"flow_dst_last_pkt_time":1736082968685045,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968685045,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"203.57.83.5","src_port":36492,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1736082968685045,"flow_dst_last_pkt_time":1736082968685045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736082968685045,"pkt":"WJz8EDlx8C90rUP1CABFAAA8bYRAAEAG7UPAqAENyzlTBY6MU3COG0rHAAAAAKAC+vDgIgAAAgQFtAQCCAo5CD0qAAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1736082968685045,"flow_dst_last_pkt_time":1736082968732889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736082968732889,"pkt":"8C90rUP1WJz8EDlxCABFAAA8AABAADYGZMjLOVMFwKgBDVNwjozs1mOYjhtKyKAS\/ogazAAAAgQFoAQCCApGBocyOQg9KgEDAwc="} @@ -31,7 +31,7 @@ 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736079802056091,"flow_src_last_pkt_time":1736079802211469,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968748872,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"209.192.244.174","src_port":50808,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736081650294301,"flow_src_last_pkt_time":1736081650306353,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968748872,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"91.206.197.210","src_port":49554,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736082968685045,"flow_src_last_pkt_time":1736082968748872,"flow_dst_last_pkt_time":1736082968732889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968748872,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"203.57.83.5","src_port":36492,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1736082968748872} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1736082968748872} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -40,9 +40,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8660790 bytes -~~ total memory freed........: 8660790 bytes -~~ total allocations/frees...: 140586/140586 +~~ total memory allocated....: 9425260 bytes +~~ total memory freed........: 9425260 bytes +~~ total allocations/frees...: 154552/154552 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 553 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/pfcp.pcapng.out b/test/results/default/pfcp.pcapng.out index 15b43012b..a8ded9b6c 100644 --- a/test/results/default/pfcp.pcapng.out +++ b/test/results/default/pfcp.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710239851321696} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710239851321696} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851321696,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1710239851321696,"pkt":"RQAANAAAAABAEXy2fwAAAX8AAAIiZSJlACCbFyE3ABQAAAAA\/\/\/\/\/wAAAAAAaAAEAAAAEg=="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851321696,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PFCP","proto_id":"405","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1710239851332721,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":80,"pkt_l4_len":60,"thread_ts_usec":1710239851332721,"pkt":"RQAAUAAAAABAEXyafwAAAX8AAAIiZSJlADwJcSE2ADAAAAAAAAAAAP\/\/\/wAAswABBwEGAAEBAKwAAQEAeQAJAQAAAAAAAAAAAGgABAAAAAA="} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1710239851337392,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":275,"pkt_l4_len":255,"thread_ts_usec":1710239851337392,"pkt":"RQABEwAAAABAEXvXfwAAAX8AAAIiZSJlAP9hniEFAPMAAAAAAAAACQAADACAEQBKDenWYF4aAAB82\/9\/aEJJqFebf\/8ZcoI29eD\/\/wB9AKbp3Br\/\/xiF82H5ov+cy+CWsUxgAAAAAP\/rb1ul\/\/\/\/\/1Y8kVW0yEgOsgAAmwAE7EAlfwBpAI0A2wABBACfAFM\/eWR2OGxjLXQzYTh2c3AtNnRnOS0zNzRoZXUtaHVrZnhwdTVuMDM3NWJ3N2MzcXQ3ZTk0bTlxdXloc2V4eXpwBm1uYzk5OQZtY2M5OTkEZ3BycwDQAAT\/\/\/\/\/AIoABAAAAAAA6wAEAAAAGgEJAAEBAG4AAQEA7QABA4AJAAZI+QAAACE="} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851360328,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851360328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PFCP","proto_id":"405","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1710239851360328} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1710239851360328} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645161 bytes -~~ total memory freed........: 8645161 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9409535 bytes +~~ total memory freed........: 9409535 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 1035 chars diff --git a/test/results/default/pgm.pcap.out b/test/results/default/pgm.pcap.out index 8d7069700..6dec46043 100644 --- a/test/results/default/pgm.pcap.out +++ b/test/results/default/pgm.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654564815455078} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654564815455078} 00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564815455078,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1654564815455078,"pkt":"AQBeAAEviFH7P19UCABFAAA4C7VAABRxIuMK9ECa6wABL9YlAHsAAEcBCvRAmtYlACQAAaJCAFHoKABR6ecAAQAACvRAmg=="} 00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564815455078,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -9,7 +9,7 @@ 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1654564816353345,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":1344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1344,"pkt_l4_len":1310,"thread_ts_usec":1654564816353345,"pkt":"AQBeAAEviFH7P19UCABFAAUyDpFAABRxGw0K9ECa6wABL9YlAHsEAKv+CvRAmtYlBR4AUenrAFHoKENTQQCABAAAbQAFAFBBUkFNAAAAAAAAAAAAAAAAAAAAAP\/\/AADXyjEBPQAAAAr0QJoAAAAAM38AAAAAAAABAAAAAQAAACoAAAAAAA4AAABBQ0NPVU5UX0xJTUlUUwAAAAAAEAAAAEFMR09SSVRITV9UUkFERVIAAAAAAAwAAABBTk5PVU5DRU1FTlQAAAAAAAUAAABCRVRBUwAAAAAADQAAAENUT19BTEdPUklUSE0AAAAAAAsAAABDVk9MX0VOR0lORQAAAAAABAAAAERBWVMAAAAAAAkAAABESVZJREVORFMAAAAAAAgAAABFWENIX01BUAAAAAAAEwAAAEVYRV9FWENIQU5HRV9TWU1CT0wAAAAAAAMAAABGRUUAAAAAAA0AAABGRlRfQUxHT1JJVEhNAAAAAAAIAAAARklUX1RFUk0AAAAAAAcAAABIT0xJREFZAAAAAAAKAAAASU1WX1JFR0lPTgAAAAAACAAAAElNVl9URVJNAAAAAAANAAAASU5TVF9FWENIX01BUAAAAAAACQAAAElOVkVOVE9SWQAAAAAAEgAAAElOVkVOVE9SWV9FWENIQU5HRQAAAAAABgAAAExJTUlUUwAAAAAADgAAAE1BS09fQUxHT1JJVEhNAAAAAAAPAAAATUFLT19QRVJNSVNTSU9OAAAAAAAOAAAATUFLT19QT1JURk9MSU8AAAAAAAsAAABNQUtPX1RSQURFUgAAAAAACwAAAE1BTlVBTF9SQVRFAAAAAAANAAAAT1BTX0FMR09SSVRITQAAAAAADQAAAE9QVF9BTEdPUklUSE0AAAAAAAwAAABPUkRFUl9MSU1JVFMAAAAAAA0AAABPU1RfQUxHT1JJVEhNAAAAAAAMAAAAT1NUX01PTUVOVFVNAAAAAAAJAAAAUE9SVEZPTElPAAAAAAATAAAAUE9SVEZPTElPX0FMR09SSVRITQAAAAAAEwAAAFBPUlRGT0xJT19JTlZFTlRPUlkAAAAAABAAAABQT1JURk9MSU9fTElNSVRTAAAAAAATAAAAUE9TX0VYQ0hBTkdFX1NZTUJPTAAAAAAADAAAAFBPU19FWENIX01BUAAAAAAABwAAAFBST0RVQ1QAAAAAAA8AAABSQVRFX0FESlVTVE1FTlQAAAAAAAoAAABSSVNLX0pQTV8xAAAAAAAOAAAAUklTS19WT0xfTU9WRVMAAAAAAAUAAABST0xMUwAAAAAABgAAAFNZTUJPTAAAAAAADQAAAFNZTUJPTF9MSU1JVFMAAAAAAAgAAABUSUNLX01BUAAAAAAACQAAAFRJQ0tfU0laRQAAAAAACgAAAFVOREVSTFlJTkcAAAAAAAsAAABWT0xfRklUVElORwAAAAAACQAAAFZPTF9NT1ZFUwAAAAAACAAAAFZPTF9QQVRIAAAAAAAPAAAAVk9MX1BBVEhfUkVHSU9OAAAAAAAKAAAAVk9MX1JFR0lPTgAAAAAACgAAAFZPTF9TWU1CT0wAAAAAAAgAAABWT0xfVEVSTQAAAAAABwAAAFZUX0lORk8AAAAAAAsAAABWVF9JTkZPX01BUAAAAAAABgAAAFZUX01BUAAAAAAADQAAAFhHVF9BTEdPUklUSE0AAAAAAA0AAABYSEZfQUxHT1JJVEhNAAAAAAANAAAAWElCX0FMR09SSVRITQAAAAAAEAAAAERFRkxFQ1RPUl9TWU1CT0wA"} 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564817394846,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5416,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564817394846,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":62573.2,"max":840685,"stddev":155726.8,"var":24250839040.0,"ent":2.9,"data": [840685,20786,25,36771,5581,109,6559,20,17008,16,14904,14731,16,37275,29,168236,95027,1618,67043,1565,11009,51225,29,243023,25455,15996,6391,15033,3510,84,240009]},"pktlen": {"min":56,"avg":189.2,"max":1330,"stddev":214.8,"var":46132.5,"ent":4.5,"data": [56,115,113,307,1330,192,112,116,156,271,238,319,165,117,213,299,115,127,134,114,115,130,132,131,114,121,119,120,119,121,112,113]},"bins": {"c_to_s": [0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.207933426,3.772077084,3.737904549,4.289524555,3.977143764,4.305780411,3.733274460,3.889899492,4.148006916,4.292365074,4.336574078,4.226692677,4.062590599,3.930770159,4.197418690,4.412383080,3.835077763,3.796297789,4.342565060,3.788575172,3.851600647,4.257427692,4.309153080,4.246764660,3.757787228,3.886102915,3.938454628,3.971912861,3.968787670,3.964792728,3.751131535,3.773303032]},"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1000,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564894361003,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564894361003,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1000,"packets-processed":1000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1654564894361003} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1000,"packets-processed":1000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1654564894361003} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/1000 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673814 bytes -~~ total memory freed........: 8673814 bytes -~~ total allocations/frees...: 141532/141532 +~~ total memory allocated....: 9438188 bytes +~~ total memory freed........: 9438188 bytes +~~ total allocations/frees...: 155498/155498 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2252 chars diff --git a/test/results/default/pgsql.pcap.out b/test/results/default/pgsql.pcap.out index 640ba0336..0f774dd82 100644 --- a/test/results/default/pgsql.pcap.out +++ b/test/results/default/pgsql.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1103453983214636} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1103453983214636} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1103453983214636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1103453983214636,"pkt":"AAAAAAAAAAAAAAAACABFAAA8\/wlAAEAGPbB\/AAABfwAAAbNqFTjJW\/IgAAAAAKACf\/\/rIgAAAgRADAQCCAoTQg0pAAAAAAEDAwA="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1103453983214658,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2rJRrU9yVvyIaASf\/9MIgAAAgRADAQCCAoTQg0pE0INKQEDAwA="} @@ -14,7 +14,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1103453983217769,"pkt":"AAAAAAAAAAAAAAAACABFAAA07zdAAEAGTYp\/AAABfwAAARU4s2vJSeIdyQGw44AQf\/\/J7gAAAQEIChNCDSwTQg0s"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983217592,"flow_dst_last_pkt_time":1103453983217889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1576629230565518} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1576629230565518} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629230565518,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629230565518,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59036,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629230565518,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+acFThi3YI3AAAAALDC\/\/9QBQAAAgQFtAEDAwYBAQgKmyLoygAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230566452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629230566452,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45py6PR0kYt2COKBScSBRGwAAAgQFtAQCCApyjFVOmyLoygEDAwc="} @@ -49,7 +49,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1576629231618664,"flow_src_last_pkt_time":1576629231631971,"flow_dst_last_pkt_time":1576629231631919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59039,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453998615162,"flow_dst_last_pkt_time":1103453998615143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":282,"flow_src_tot_l4_payload_len":566,"flow_dst_tot_l4_payload_len":864,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983338269,"flow_dst_last_pkt_time":1103453983299534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":438,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1576629231631971} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1576629231631971} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8671846 bytes -~~ total memory freed........: 8671846 bytes -~~ total allocations/frees...: 140682/140682 +~~ total memory allocated....: 9436380 bytes +~~ total memory freed........: 9436380 bytes +~~ total allocations/frees...: 154648/154648 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 982 chars diff --git a/test/results/default/pgsql2.pcapng.out b/test/results/default/pgsql2.pcapng.out index 262e2bb88..8fd4cf5c2 100644 --- a/test/results/default/pgsql2.pcapng.out +++ b/test/results/default/pgsql2.pcapng.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1682508779830421} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1682508779830421} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682508779830421,"flow_src_last_pkt_time":1682508779830421,"flow_dst_last_pkt_time":1682508779830421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682508779830421,"l3_proto":"ip4","src_ip":"10.220.20.67","dst_ip":"10.220.20.67","src_port":58574,"dst_port":60102,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1682508779830421,"flow_dst_last_pkt_time":1682508779830421,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1682508779830421,"pkt":"AgAAAEUAADRx2kAAgAYAAArcFEMK3BRD5M7qxlP3stMAAAAAgAL\/\/2BOAAACBP\/XAQMDCAEBBAI="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1682508779830421,"flow_dst_last_pkt_time":1682508779830497,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1682508779830497,"pkt":"AgAAAEUAADRx20AAgAYAAArcFEMK3BRD6sbkzph7gihT97LUgBL\/\/0WgAAACBP\/XAQMDAQEBBAI="} @@ -8,7 +8,7 @@ 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1682508779830768,"flow_dst_last_pkt_time":1682508779830787,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_usec":1682508779830787,"pkt":"AgAAAEUAAChx3kAAgAYAAArcFEMK3BRD6sbkzph7gilT97LcUBB\/\/ACMAAA="} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1682508779830421,"flow_src_last_pkt_time":1682508779830768,"flow_dst_last_pkt_time":1682508779832860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1682508779832860,"l3_proto":"ip4","src_ip":"10.220.20.67","dst_ip":"10.220.20.67","src_port":58574,"dst_port":60102,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1682508779830421,"flow_src_last_pkt_time":1682508779839067,"flow_dst_last_pkt_time":1682508779839077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1316,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":1416,"midstream":0,"thread_ts_usec":1682508779839077,"l3_proto":"ip4","src_ip":"10.220.20.67","dst_ip":"10.220.20.67","src_port":58574,"dst_port":60102,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2216,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1682508779839077} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2216,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1682508779839077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647460 bytes -~~ total memory freed........: 8647460 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9411834 bytes +~~ total memory freed........: 9411834 bytes +~~ total allocations/frees...: 154520/154520 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 1119 chars diff --git a/test/results/default/pia.pcap.out b/test/results/default/pia.pcap.out index b707df76d..9bde095d8 100644 --- a/test/results/default/pia.pcap.out +++ b/test/results/default/pia.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613755355148465} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613755355148465} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355148465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613755355148465,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355148465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1613755355148465,"pkt":"poPnuslkAAwplE+vCABFAAA8OxxAAEAGKcTAqFgDj\/QtPN4WAbtUJgkIAAAAAKAC+vChoAAAAgQFtAQCCAoFrZLlAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355163584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1613755355163584,"pkt":"AAwplE+vpoPnuslkCABFKAA8AAAAADUGAACP9C08wKhYAwG73hb59a4GVCYJCaAS\/oigRAAAAgQFtAQCCArgC3WqBa2S5QEDAwc="} @@ -10,7 +10,7 @@ 01451{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355184350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1613755355184350,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t13i571000_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01933{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355184360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2622,"midstream":0,"thread_ts_usec":1613755355184360,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.PrivateInternetAccess","proto_id":"91.384","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"newjersey402","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t13i571000_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access","subjectDN":"C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=newjersey402, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:93:3C:30:66:5E:3D:9D:AF:2D:89:56:75:07:DF:06:BB:D2:61:3F","blocks":0}}} 01230{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355185778,"flow_dst_last_pkt_time":1613755355184360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":2622,"midstream":0,"thread_ts_usec":1613755355185778,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.PrivateInternetAccess","proto_id":"91.384","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1613755355185778} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1613755355185778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652145 bytes -~~ total memory freed........: 8652145 bytes -~~ total allocations/frees...: 140551/140551 +~~ total memory allocated....: 9416519 bytes +~~ total memory freed........: 9416519 bytes +~~ total allocations/frees...: 154517/154517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 1938 chars diff --git a/test/results/default/pim.pcap.out b/test/results/default/pim.pcap.out index 38abfdd3e..92848fc59 100644 --- a/test/results/default/pim.pcap.out +++ b/test/results/default/pim.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655247781655191} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655247781655191} 00737{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247781655191,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247781655191,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKkAAAFns0PAqMvq4AAADSMAIEwBAMCoy+kAAgDSAQAAIOY+QvwAAQAAAQAHIAql5gIBAAAg5jwrAwABAAABAAcgCqXmAg=="} 00889{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247781655191,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","proto_id":"297","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655247784655491,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247784655491,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKwAAAFns0DAqMvq4AAADSMAbUgBAMCoy+kAAgDSAQAAIOY+AP8AAQAAAQAHIAql5gIBAAAg5jwgBAABAAABAAcgCqXmAg=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655247785655415,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247785655415,"pkt":"AQBeAAANUC+oqN+8CABFwABKmK0AAAFnsz\/AqMvq4AAADSMAbUsBAMCoy+kAAgDSAQAAIOY+AP4AAQAAAQAHIAql5gIBAAAg5jwgAgABAAABAAcgCqXmAg=="} 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247790665297,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247790665297,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","proto_id":"297","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655247790665297} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655247790665297} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645104 bytes -~~ total memory freed........: 8645104 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9409478 bytes +~~ total memory freed........: 9409478 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 936 chars diff --git a/test/results/default/pinterest.pcap.out b/test/results/default/pinterest.pcap.out index 2011d33ac..cf9e1a748 100644 --- a/test/results/default/pinterest.pcap.out +++ b/test/results/default/pinterest.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605289710318889} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605289710318889} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710318889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289710318889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710318889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289710318889,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289710576735,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="} @@ -166,7 +166,7 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716192184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716192184,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716192344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716192344,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWp0PgBALj8fpAAABAQgKwrkp2GT0lXA="} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716197451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":277,"pkt_l4_len":223,"thread_ts_usec":1605289716197451,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAN8GPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWp0PgBgLjwvfAAABAQgKwrkp2WT0lXAXAwMAuvbpCprhIHZOm+s71xjln8W5wRXAEZMMYHzFfgrc8Qz4ihOFNdXXrcK7V3sZoCmBJ+9UP9pq7hG1hJyCeP+MFNZTxO2gaK55QvARJT791YHr2a9N\/48L6BIqY0g9tYfn4yZI8zlroZ226D4je2OGOYeBFXAt\/SWtduBHYRboL2SojJhXdPVjX\/gNGYSfvf2cQ4Gmy4NkAXucZYn6wYVA\/ALz1WSrztJHvD8qTVY2ZZ3gbVGKtvonmOvlwA=="} -02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716199465,"flow_dst_last_pkt_time":1605289716199511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":21058,"midstream":1,"thread_ts_usec":1605289716199511,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1985.4,"max":28590,"stddev":6415.7,"var":41161208.0,"ent":1.8,"data": [202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0]},"pktlen": {"min":72,"avg":738.8,"max":1280,"stddev":578.2,"var":334348.7,"ent":4.5,"data": [230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280]},"bins": {"c_to_s": [7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1],"entropies": [6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02148{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716199465,"flow_dst_last_pkt_time":1605289716199511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":21058,"midstream":1,"thread_ts_usec":1605289716199511,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1985.4,"max":28590,"stddev":6415.7,"var":41161208.0,"ent":1.8,"data": [202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0]},"pktlen": {"min":72,"avg":738.8,"max":1280,"stddev":578.2,"var":334348.7,"ent":4.5,"data": [230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280]},"bins": {"c_to_s": [7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1],"entropies": [6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717548570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717548570,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717548570,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717548570,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717572004,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="} @@ -292,7 +292,7 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715325511,"flow_dst_last_pkt_time":1605289715321808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":934,"flow_dst_tot_l4_payload_len":2656,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":911,"packets-processed":911,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":367869,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":31,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":295,"global_ts_usec":1605289733529878} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":911,"packets-processed":911,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":367869,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":31,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":295,"global_ts_usec":1605289733529878} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 911/911 ~~ skipped flows.............: 0 @@ -301,9 +301,9 @@ ~~ total active/idle flows...: 37/37 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10023538 bytes -~~ total memory freed........: 10023538 bytes -~~ total allocations/frees...: 143110/143110 +~~ total memory allocated....: 10789427 bytes +~~ total memory freed........: 10789427 bytes +~~ total allocations/frees...: 157087/157087 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars ~~ json message max len.......: 3575 chars diff --git a/test/results/default/pluralsight.pcap.out b/test/results/default/pluralsight.pcap.out index 7db01cb3a..bebf21c61 100644 --- a/test/results/default/pluralsight.pcap.out +++ b/test/results/default/pluralsight.pcap.out @@ -1,14 +1,14 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373355952549,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139861,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqW9AAOAGNyw2RbwSwKgBgAG7ppJ9QO7TOZprmoAQAG5jngAAAQEIClIxHsWK+PqXFgMDAEYCAABCAwOA5WC3JqevYzzUx7sAgkcnkWLtUg1Xcif8LAl\/TJHvdQDALwAAGv8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDFCsLABQnABQkAAa\/MIIGuzCCBaOgAwIBAgIIRQTgxdAUfGQwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjAwNTAyMTYwMjA4WhcNMjIwNzAxMjM0MjI4WjA\/MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGjAYBgNVBAMMESoucGx1cmFsc2lnaHQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSJg4wZgzdbbQJBQZhpcu6kt1yALpBEwdrVeNm1058LHSvcFCpcQ7k2VflDO787iBTgMlrfWy2xPSA7dEEi3sWmGvwZhI42laHi\/cRXRuYGgAg+p5ED1\/KI4VgH0+\/DEDlJmdBUPV4w70Lzu\/VFvb5N6Kw9OPAje4RaJcjYC6fjHvQDyP8IefKIgkzP\/J68B00drY5eqZcv63b1GwhRozV7ChHkjNJwACK6ZKNc1d65kuAAQlO8yxZbKqqIP8vsHzhwdrLvF2OkMFV9i\/YcFzJmEwdUHpo2qHLQXdNUUdz0lxCntTc5uG8AFLCsuVyzRahyj9I2frvleD\/hGr412owIDAQABo4IDQzCCAz8wDAYDVR0TAQH\/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH\/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0xOTI1LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG\/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1\/tss\/C0LIDOMC0GA1UdEQQmMCSCESoucGx1cmFsc2lnaHQuY29tgg9wbHVyYWxzaWdodC5jb20wHQYDVR0OBBYEFHGsEKvGACoriNxVjIM6FsyWy5xFMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAXHWH6HXAAAEAwBHMEUCIQCdq2ML0Jumv\/iwktHg9EsmJGw6zFWoVcwtyGu\/OquCpwIgJNt1t1fAS5zanYUHVg1aMgxKZxKpYR6jQNCINKhMD8EAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAXHWH6eYAAAEAwBHMEUCIQDOz0qVjezJW1dWI7uBCCgp8Vare8XuroiKxVinR889OwIgTBWtS\/mx69sNFk2T86UGhx90X2tLUGINGtaF04Pqrs0AdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMA="} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139917,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139917,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqXBAAOAGNys2RbwSwKgBgAG7ppJ9QPR7OZprmoAQAG5r5gAAAQEIClIxHsWK+PqX75SYVdaJ0N0AAAFx1h+p5gAABAMARzBFAiArTqTaTNvTVBxKcE\/cBnjdmdOpwF7wOjcm630XBESqNQIhAP9I\/m28a30n87OXSSWJMlzY0ZubLGqcj8tRe9nxjdH6MA0GCSqGSIb3DQEBCwUAA4IBAQArJTxpGLwd+6RFESgocdVAaUnnWVF05CS6VyiI\/I\/6hlgY98VaPMbYAUs625+z4QW6RINrj\/dBbui4MFxolC+9fx01MHlq8FWGhd6ATKhv9SsO39\/E7GyBeHsdEDqXs5\/rAOwx7YkF9iaJEzlt9DxDaybhln4vlGlbk4WSRU8XJJEXZcvvMBDpLw2v2xC1PTQ+qQYru7XvN8uqc5qpIflenl6uZn8fv8mM9AIofo2gd0QTddupk+TbkOroHXLBf9I4mGcXV7ofNOZhiVDQs179yI7PbSfDz\/HBeL8engijD\/xuPLda37wCjIJ07hx0Z0ehQNPvZtHGLsnh96sdovIjAATUMIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v\/z5lz4\/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK\/6AYZ15V8TPLvQ\/MDxdR\/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR\/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv\/oV9PBO9sPpyIBslQj6Zz91cxG7685C\/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6Enrg="} -01665{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7","blocks":0}}} +01663{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357854664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357854664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357861427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -31,11 +31,11 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358908144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358948816,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373358949276,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358988767,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRJAAOUGNN0Sy8k4wKgBgAG7pnpgCgHKF43OUIAQAG7AjQAAAQEICpVe25C7LqGoFgMDAEYCAABCAwONSvORfRK+oCxj36Hg6J2Hj1QoaCg2HEgsIONHMtI7MQDALwAAGgAAAAD\/AQABAAALAAQDAAECABAABQADAmgyFgMDD1QLAA9QAA9NAAbPMIIGyzCCBbOgAwIBAgIQB\/B75x6f37TLIkIFT5mkADANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMTEwMDEwMDAwMDBaFw0yMjEwMDEyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHDAaBgNVBAMTE3N0dC5wbHVyYWxzaWdodC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr0xSOZf6cCydxEcuFpMVtE13xSxgvN+BhmKgaQAFAzHuwpqwKyaYNmuuLH\/VY4kWvt8oOW3wCuzOM+EMY1K7qcL+jle28Q47YlvtlMucVxaWwRNmKApjrDY2t5SUUQdf2joKa3AMbeENJerDPlu+0VGDcQTqWT9piC0Gkf4X3KOy\/pQfvHRbuzGVd27UtimfLJFXU0JlWM+hCFgHHXQ0OsRQGtSRQn7NHHZvcjzGEcKei5SlMP5F+AbeUb0TDvIhz8x1hWofd9DhmJevyeADezC\/ufKEHGqCAV5PP3Z1d2enMQP1jzKpQXhefR9QTTv1Xw+xqOoPmo8RYBDpRcC6HAgMBAAGjggN4MIIDdDAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNVHQ4EFgQUBvB7mWhufk4oLyHNuYTGk+hRL+IwHgYDVR0RBBcwFYITc3R0LnBsdXJhbHNpZ2h0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB\/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfD5FpRQAAAQDAEgwRgIhANbj9wEZj1VoGi2UMZnu3XdkngNqGzgH0H+SQhnbt3jmAiEAqwd+SxYB3DbbxtBV\/7joXhChyIF2XFd33lGbzb6QjcEAdwBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAXw+RaUVAAAEAwBIMEYCIQDAIrZL2u\/2JggDkhT0JCtofKLodQnV8LO7lcpEm5pVngIhAM0ARgZECXgacp8gNEXiUuDbe\/K5+5FF6yOd5k8zoidrAHYA36Veq2iCTx8="} -01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358992536,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRNAAOUGNNwSy8k4wKgBgAG7pnpgCgdyF43OUIAQAG4ZwQAAAQEICpVe25C7LqGobK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfD5FpVkAAAQDAEcwRQIgD\/C+dWI8FNoRd7swKXa4Z3HVOZE6Xo7KLlhYwlDQxUUCIQCORa5g5oY\/p0EanlV0l9hVbXFwuN3kDs7vi8zHYx0FHzANBgkqhkiG9w0BAQsFAAOCAQEAi6q+Yac3NG5zNVZmjOqlgVySNn4urWYHVdnWUcpSV1FJEbUvEiDf6tt46etJ35ZdH6y8l394Q7SRjdYbsn4fD\/+G1nXxjmE4R1M4s9O9PIX353I\/EynAH\/JMAEHRHDLvAMSqCPTBDGQoI\/MgZeEqkZ45e6CE1was5eBG\/IVEv5AISEuq9PMyxIRwHqPEyekxORc5LUg\/jZoUKL9sOGiDWpuM4l2CFZJFEqYf9Qquu5ANUnEjWiMeqiIu55kD1AtVpL5t6znkbU19ECEyuL9lJ\/R1BjOCUDSFpmWLJRHg1pEVTh3mx2+HxqVgJwUWZ8rKriBkPEnLAZJWN54WtrOPrQAEwjCCBL4wggOmoAMCAQICEAbY2QTVWENG9oovp1QifsQwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMjEwNDE0MDAwMDAwWhcNMzEwNDEzMjM1OTU5WjBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFLs2VHcLzdT1jb7Jztw2blHzETVK1KZkYfLArsZAflLtzcuQog7d\/jxNCemql6HYKI5RFW2x6fWMJR5yw0DS7SkuFWy\/F5X7O7h8olA3uaUkFmEGBPVxNJ8Og3Z4Pf59NLZ0wiUabfDpkQ7VdRdCbifcfKYi4TG38jiCVTb8E0WACLhP\/4vqdYSSJ7lq2iiJsVvKB83+lRqNWw7TfiNrSCS2K1SZrsx2fW4z7149YSXkTxv3FCfViEA4CxgQH6+coyu7SOJ4cnxSt01KjWl97DZPnKzlOiVrx4F45JAymu+0lPpBW5zvJcGVdta3mnK6InIBO10D1A0yEwB5PqmfUCAwEAAaOCAYIwggF+MBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLdrouqoqoSMeeq02g+YssWVdrn0MB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MAsGCWCGSAGG\/WwCATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEAgDLOXgvdbloNCq\/h1oTLwI76hXDt2l2zDPcrdUD+hQr68zF4t3BLGolYuoC982sd6X7PC7pYnFnUkNP9bP3QmG23cYJbz20LWgnQe97EQ9gqpN6eQSZfu4+Zy92u4ahvn4c="} -01611{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82","blocks":0}}} +01609{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359576448,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359576448,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359597402,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"} @@ -50,13 +50,13 @@ 01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359662306,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373359681609,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXciMBAADkGtzFoEdHwwKgBgAG7ruI30m4WyDHTqVAQAEMEpAAAFgMDAHoCAAB2AwPh3f4G6bvkpAQiBlVF27q7BUriTXi+L8W0hRbgEpZaoiDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRhMBAAAuADMAJAAdACA1SyvSQZLLx5CIHv4HSvtmmCUXoZblQcltm9P7V5WpIAArAAIDBBQDAwABARcDAwwzmT+Htjc5hkKanw\/IShWHFSoHCihsxypO2X+bsSjpwMmM9sH5YD79mqbLGND5TLQzhnwEx6cw5hrszrANTqt\/hHmfTxGJHTmIg9d+PzYlznjyJf8kSYA45HzBeXkEMc6uPO4NwiMvO2n78Gu30CV+TWYgfT0b15WA5H9vY9Xu\/V8RFdxMbaKGFia36IyaX5O\/8ke0pBwdrJXOVuqOQhF8CeV8Fh6w3PUEfuYXD4+Ho33B12ArNvK3hYu7A\/s3k2BRfDaPzqCtp086iJx0y39Ho2dJBXgxQFyVWnmnsd20f5YDk4M\/xkmxuKOOOArMJPwKYBoPrXvq3\/JRU2QhZBOxUwgBpJglNvZBrqKKvpCkGjiHYTVStQx9RudFVvC3myuChgy\/1G0vy80sg6Ky+Y\/\/3kNqAM\/tANNu5mQx3WbYrvvfTmDGCU9AYGcppPTP09XJnodaV8\/CkiqTbPMuyCkYqvCI5WwnyGC8WZYpKt+2TazshOiXqO9SL1RHv6Dn8te02a+10maxCvSlAqJBWR1+x+r+ThqQTllwTjIE9ldAyhj8ENZbbjj+ocUdjDQ\/suSJ9GPBe7o5y5U0tgXCBLgkqjGoTeMbYy6LVJn1ShYjby7XjWr1QSKmsm3D5VZ91QCbp8LXn28LvZldZyecaHfl8wO7ipN+ECY2WQUeLyHyxoJRrxRDNi43\/BsYJnohonEepMLiaGMHeGTkbT+FozcpsymnssgPxEzVyGVodKDyDiMtOS2\/4gVH00s+CjiEOvU\/WA2WYO+W0GaBoObQCC8C+wgP8X+9\/Lly4MJ8uYHzwJZULnomHy4Zhu3eO8OaaOD8adiKrmX6nf6RRAu9XTBSP6Pea+PT8ApgiP6cHHICUjEIoh1EKF0UWXUO9dydWy8GNBhCnF52mzdJWkKFMi4\/fZktIi123bVOx\/8O85m8SxP9YAHKNNRoCN75\/KXIi7BsS\/yRQl3sqhWASSR7qZOvy+t0usBhHJ97tgy43o+oXVboG5ECaj0mauoYvu75AmhrEMI5qxh+LSqg+vNZHX32i43L5wOTf5bLMarYHZ2zd3Pg+FItI\/oos+WGxlPPYSigPsvRd0ylS\/YCDOt9L5JYmtpF33miRvOv++1Yk\/XWR5vMXeGReVxoq8ugQklfwnbSUSgD6wAX+kbj8AKGs5ZYuXyk7kqFG\/vMOTQPPCPk\/rCLij28VaGG3XQju7sjATGtsw5czsHJGiGwlP5tELr5hlojoMQrDMZr03CYMBu\/6EmnFBWmF1oJZfg4bGfWGEPfI7OoSqGHyoSay0AIlQVjj+d9f0FDqQ97cabxH0umDoaC\/FKH6X\/yc\/hrjIl4HmRt7VMpQyz2KdTzE8B4vzoujGXvtombEVZZCjytpnXTvHrVZua0Nx6vnYWN6U8hOPTiQzVv6YW6MflR92hbAH3p76MQVsREGfgb9bUAvIi+LGIt8MS39s03IWH5ITKktk1M0EDFu9rxI3fMzRA2+G+N4DZBBqlW0y+82xrp9wlYKMPmZCijkiUoYkreaDPjpGYTvkJAsDo1MY+vTQW3dm5sfsFKLG7cIjM6A3z4yo\/7FFTyhkQz7qkQuhIb45msYMVl46RKf8E4zW5YOVa5yF4IQYePRSUh+e\/LuyeYbl7fd6XURSxrpcv5Ie0Xz51vOk3KidEbdAfwA3A5yNwHZ+P2B22mjmaE\/kNxdDWA\/RSgensrsfzyAwjZrMsqHPSI5rKW2m9kOpusiMUcPgzvTzqRcYx8vb4upSN5jLk="} 01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358995982,"flow_dst_last_pkt_time":1648373359037654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4402,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358995982,"flow_dst_last_pkt_time":1648373359037654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4402,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8716620 bytes -~~ total memory freed........: 8716620 bytes -~~ total allocations/frees...: 140688/140688 +~~ total memory allocated....: 9481154 bytes +~~ total memory freed........: 9481154 bytes +~~ total allocations/frees...: 154654/154654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 553 chars ~~ json message max len.......: 2523 chars diff --git a/test/results/default/pop3.pcap.out b/test/results/default/pop3.pcap.out index fb3a63fbe..20d0c5954 100644 --- a/test/results/default/pop3.pcap.out +++ b/test/results/default/pop3.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1349776771892023} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1349776771892023} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1349776771892023,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776771892023,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776772030343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776772030343,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="} @@ -7,7 +7,7 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1349776772030396,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1349776772168746,"pkt":"AMCfw1sHABffs8QACABFAABX02RAADUGrLlK0AUcj+HltQBuidcdXnV8YJLCuIAYAAzvdAAAAQEIClOkphgAYD5GK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaWdteHVzMDA1DQo="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1349776772168788,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1349776772168788,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/w1AAEAGdiOP4eW1StAFHInXAG5gksK4HV51n4AQAFzFqQAAAQEICgBgPtFTpKYY"} 01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776780730528,"flow_dst_last_pkt_time":1349776777636137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1349776780730528,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo","auth_failed":0}}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1377201663814560} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1377201663814560} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201663814560,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201663814560,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26272,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663814560,"pkt":"TBfrZBZJyPczS4I3CABFAAA0TaRAAIAGB+rAqAAE1OMPpmagAG635okIAAAAAIACIAAB4wAAAgQFtAEDAwIBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663880379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663880379,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZqD\/+KO8t+aJCYASFtBnRQAAAgQFtAEBBAIBAwMJ"} @@ -50,7 +50,7 @@ 01070{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1377201698254021,"flow_src_last_pkt_time":1377201698460579,"flow_dst_last_pkt_time":1377201698507279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26304,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1377201700505011,"flow_src_last_pkt_time":1377201701042241,"flow_dst_last_pkt_time":1377201701091336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":297,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26308,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} 01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":30,"flow_first_seen":1377201783749577,"flow_src_last_pkt_time":1377201784963062,"flow_dst_last_pkt_time":1377201785011707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":19651,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26383,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":144,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1377201785011707} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":144,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1377201785011707} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 144/144 ~~ skipped flows.............: 0 @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673504 bytes -~~ total memory freed........: 8673504 bytes -~~ total allocations/frees...: 140739/140739 +~~ total memory allocated....: 9438038 bytes +~~ total memory freed........: 9438038 bytes +~~ total allocations/frees...: 154705/154705 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2298 chars diff --git a/test/results/default/pop3_stls.pcap.out b/test/results/default/pop3_stls.pcap.out index accc65958..5deb1cb5f 100644 --- a/test/results/default/pop3_stls.pcap.out +++ b/test/results/default/pop3_stls.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1346096808946579} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1346096808946579} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096808946579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1346096808946579,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096808946579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1346096808946579,"pkt":"ABqMFgo4nI6ZO0MBCABFAAA0SZ1AAIAGaj\/AqBQSSPkpNMWXAG5IB2JyAAAAAIACIACXrwAAAgQFtAEDAwIBAQQC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096809014772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1346096809014772,"pkt":"nI6ZO0MBABqMFgo4CABFAAA0AABAADEGAt1I+Sk0wKgUEgBuxZf63xAkSAdic4ASFtCVygAAAgQFtAEBBAIBAwMC"} @@ -12,7 +12,7 @@ 01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":11,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096810421794,"flow_dst_last_pkt_time":1346096810490233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":4965,"midstream":0,"thread_ts_usec":1346096810490233,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Unsafe","category_id":3,"category":"Email"}} 02531{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096812985585,"flow_dst_last_pkt_time":1346096813059760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":5522,"midstream":0,"thread_ts_usec":1346096813059760,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":215,"avg":262973.8,"max":2072094,"stddev":524859.6,"var":275477528576.0,"ent":3.3,"data": [68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810]},"pktlen": {"min":40,"avg":234.5,"max":1500,"stddev":417.0,"var":173868.9,"ent":3.7,"data": [52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89]},"bins": {"c_to_s": [9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1],"entropies": [4.492581844,4.801308632,4.734183788,5.157432556,4.996070385,4.501398087,5.447610855,4.952592373,4.501398087,5.483742237,5.012480259,5.432518482,5.539906025,7.142385483,7.103268623,4.734183788,6.899816990,7.242932796,4.784183979,7.363773823,4.501398087,6.985215187,5.760285378,4.501398087,5.843768597,5.665146351,4.501398087,6.988708973,5.939931870,5.954314232,5.674627304,5.896972179]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Unsafe","category_id":3,"category":"Email"}} 01335{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":30,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096814309972,"flow_dst_last_pkt_time":1346096814377321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":805,"flow_dst_tot_l4_payload_len":7462,"midstream":0,"thread_ts_usec":1346096814377321,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Unsafe","category_id":3,"category":"Email","hostname":"pop.lavabit.com"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":53,"packets-processed":53,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1346096814377321} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":53,"packets-processed":53,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1346096814377321} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 53/53 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8664672 bytes -~~ total memory freed........: 8664672 bytes -~~ total allocations/frees...: 140598/140598 +~~ total memory allocated....: 9429079 bytes +~~ total memory freed........: 9429079 bytes +~~ total allocations/frees...: 154565/154565 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2536 chars diff --git a/test/results/default/pops.pcapng.out b/test/results/default/pops.pcapng.out index 31270a2d1..e1350e5a5 100644 --- a/test/results/default/pops.pcapng.out +++ b/test/results/default/pops.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938117011128} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938117011128} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117011128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938117011128,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117011128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938117011128,"pkt":"AAAAAAAAAAgACwgJCABFAAA0BaxAAH8GIWTAqAABCgoKAdclA+N8RI7kAAAAAIACIACU+AAAAgQE7AEDAwIBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117270908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938117270908,"pkt":"AAAAAAAAAAgACwgJCABFAAA0AABAADMGcxAKCgoBwKgAAQPj1yVpzHIcfESO5YASchBmIQAAAgQFtAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1614938117559599,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1614938117559643,"pkt":"AAAAAAAAAAgACwgJCABFAAUUApJAADMGa54KCgoBwKgAAQPj1yVpzHcJfESPnVAQAO37bQAAAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF1Kj57XgAABAMASDBGAiEA8j5baLiEIkTcbcZDABP4GJpWXp+06QQVFV630SxUILYCIQCDK32qxQgusvwfZLztsKe1sExloQAz78NZOf78r+fvzwB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdSo+fKAAAAQDAEcwRQIgJT0AYFVnglOCOaGN7l1SKLjGXhuzMTCXCBmGdX42LTgCIQCfWe+ZBNqoJSwcEADrGXYZNr0\/9Heh713uW+5hOa2VGjANBgkqhkiG9w0BAQsFAAOCAQEA0Qmjspa\/kI1EQ6yfcRTHLjt5vvDewoH2UzJ4cLdAPXM27Cp\/11UUUl4HrRDZAbA+HQVP3cQkEYalNzb2lLXsdilDG+U+DmO0IzpUJcOT72BFiqdI6lVVf7rbadDzITyfZHiawnHnynoXooWk\/wt3aFZ11wac1zGjK6L31+lmwno6esiT6G52J791KjLuT5SCkGrQn3wFeTFN1+aNUXkem1ekPkX4J4CuT2rAymo4g\/OzzwLTw5ozywc4vhY1q2TyVP94XMQ2Hx3zHwcBaV3Ou5GA+S1JJi2ljvslmQ6cbEleC3BDXcKzCFtPo6YVHBLnIYNCZN\/X6IskUXfhP5tGZwAFBDCCBQAwggPooAMCAQICAQcwDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMTA1MDMwNzAwMDBaFw0zMTA1MDMwNzAwMDBaMIHGMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMqaHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYDVQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZBmS+z5RnGpIIO+6Wy\/SslIaYF1Tm0k9ssXE\/iwcVmEemsrhaQ0tRbly8zpQXAspC7W+jJ94ajelBCsMcHA2Gr\/WSerdtb8C3RruKeuP8RU9LQxRN2TVoykTF6bicskg5viV3232BIfyYVt9NGA8VCbh67UCxAF+ye6KG0X6Q7WTbk5VQb\/CiQFfi\/GHXJs1IspjFd92tnrZhrTT6fff1LEMMWlyQ4CxVO\/dzhoBiTDZsg3fjAeRXEjNf+Q2Cqdjeewkk08fyoKk9zNFkZl92CEi3ZLkSdzFJLg6u6PFuqNDj52F799iYCAREPnLeBDCXXaNuit24k69V0SjiMEgwIDAQABo4IBLDCCASgwDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8E"} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":2520,"midstream":0,"thread_ts_usec":1614938117559643,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1614938117559643} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1614938117559643} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8651510 bytes -~~ total memory freed........: 8651510 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9415884 bytes +~~ total memory freed........: 9415884 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2228 chars diff --git a/test/results/default/portable_executable.pcap.out b/test/results/default/portable_executable.pcap.out index f8e715a50..81b8142b6 100644 --- a/test/results/default/portable_executable.pcap.out +++ b/test/results/default/portable_executable.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598333619339961} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598333619339961} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619339961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333619339961,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619339961,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1598333619339961,"pkt":"QM4kHluGABxCsmFuCABFAAA0Y\/NAAIAG2sysEGPJQONrRwbEEVy3KsGDAAAAAIAC+vAnTQAAAgQFtAEDAwgBAQQC"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619669445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1598333619669445,"pkt":"ABxCsmFuQM4kHluGCABFAAA0AABAADAGjsBA42tHrBBjyRFcBsRoGQadtyrBhIASchBCMwAAAgQE6AEBBAIBAwMH"} @@ -16,7 +16,7 @@ 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":11,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333620073445,"flow_dst_last_pkt_time":1598333620073297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1256,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":11308,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01308{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1598333690845829,"flow_src_last_pkt_time":1598333691211618,"flow_dst_last_pkt_time":1598333691211662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"64.227.107.71","dst_ip":"172.16.99.10","src_port":53,"dst_port":49652,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1598333690845829,"flow_src_last_pkt_time":1598333691211618,"flow_dst_last_pkt_time":1598333691211662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"64.227.107.71","dst_ip":"172.16.99.10","src_port":53,"dst_port":49652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22616,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1598333691211662} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22616,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1598333691211662} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652378 bytes -~~ total memory freed........: 8652378 bytes -~~ total allocations/frees...: 140580/140580 +~~ total memory allocated....: 9416784 bytes +~~ total memory freed........: 9416784 bytes +~~ total allocations/frees...: 154546/154546 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2264 chars diff --git a/test/results/default/pptp.pcap.out b/test/results/default/pptp.pcap.out index f5b612cd1..1c69f687e 100644 --- a/test/results/default/pptp.pcap.out +++ b/test/results/default/pptp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1451895531141577} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1451895531141577} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531141577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1451895531141577,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531141577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1451895531141577,"pkt":"AhoR+E9+0N+aZRdHCABFAAA8SqVAAEAGB\/LAqCsWv2U9AaGWBrt+ULaEAAAAAKACchAUeAAAAgQFtAQCCAoAB\/whAAAAAAEDAwo="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531183155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1451895531183155,"pkt":"0N+aZRdHAhoR+E9+CABFUAA8Q2pAAPwGUty\/ZT0BwKgrFga7oZZ1tjA4flC2haASD5Yd2AAAAgQFMgEBCAoLt6rxAAf8IQQCAAA="} @@ -8,7 +8,7 @@ 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895531183451,"flow_dst_last_pkt_time":1451895531183155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1451895531183451,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","proto_id":"115","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1451895531183451,"flow_dst_last_pkt_time":1451895531235075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1451895531235075,"pkt":"0N+aZRdHAhoR+E9+CABFUAA0Q8NAAPwGUou\/ZT0BwKgrFga7oZZ1tjA5flC3IYAQEDJHpQAAAQEICgu3qyIAB\/ws"} 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895536574011,"flow_dst_last_pkt_time":1451895536573938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":1451895536574011,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","proto_id":"115","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1451895536574011} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1451895536574011} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647582 bytes -~~ total memory freed........: 8647582 bytes -~~ total allocations/frees...: 140558/140558 +~~ total memory allocated....: 9411956 bytes +~~ total memory freed........: 9411956 bytes +~~ total allocations/frees...: 154524/154524 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 970 chars diff --git a/test/results/default/profinet-io-le.pcap.out b/test/results/default/profinet-io-le.pcap.out index 395dabc13..23b9b57f0 100644 --- a/test/results/default/profinet-io-le.pcap.out +++ b/test/results/default/profinet-io-le.pcap.out @@ -1,11 +1,11 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1287088627587076} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1287088627587076} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1287088627587076,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1287088627587076,"pkt":"AAmRRCAXAJAnTuP8CABFAADAsogAAIARcnoKCgCWCgoAgQYeiJQArGiVBAAIABAAAAAAAKDel2zREYJxAAEAAwFaAQCg3pds0RGCcQCgJELffduruuwdAFRDslALAWMKuv0AAAAAAQAAAAAAAAAFAP\/\/\/\/9UAAAAAABAgAAAQAAAAECAAAAAAAAAQAAAAAAJADwBAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAD4QAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1287088627587076,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627589136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":310,"pkt_l4_len":276,"thread_ts_usec":1287088627589136,"pkt":"AJAnTuP8AAmRRCAXCABFAAEoAAwAAEARZI8KCgCBCgoAloiUBh4BFETGBAIoABAAAAAAAKDel2zREYJxAAEAAwFaAQCg3pds0RGCcQCgJELffduruuwdAFRDslALAWMKuv0BAAAAAQAAAAAAAAAFAP\/\/\/\/+8AAAAAAAAAAAAqAAAAECAAAAAAAAAqAAAAIAJADwBAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAD4QAAAAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAsAQAAAQAAAAAAAgAAAAAAAQACAAEAAAABAAP\/\/wEKAAH\/\/4FAAAEAAf\/\/gUAAMQAYAQAAAQAAAAAAAQAB\/\/+BQAABAAH\/\/4FAADIAGAEAAAEAAAAAAAEAAAAAAAEAAQABAAAAAQ=="} 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627589136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":268,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":268,"midstream":0,"thread_ts_usec":1287088627589136,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":432,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1287088627589136} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":432,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1287088627589136} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644921 bytes -~~ total memory freed........: 8644921 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409295 bytes +~~ total memory freed........: 9409295 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 596 chars ~~ json message max len.......: 1133 chars diff --git a/test/results/default/protobuf.pcap.out b/test/results/default/protobuf.pcap.out index 0927c0029..6166b3cfd 100644 --- a/test/results/default/protobuf.pcap.out +++ b/test/results/default/protobuf.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1698073727888861} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1698073727888861} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698073727888861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698073727888861,"pkt":"AAAAAAAAAAAAAAAACABFAAA03e5AAJAGDtN\/AAABfwAAAcyoMDkdqwhsAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698073727888873,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAJAG7MF\/AAABfwAAATA5zKjehuu5HasIbYAS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -7,7 +7,7 @@ 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1698073727888912,"pkt":"AAAAAAAAAAAAAAAACABFAABs3fBAAJAGDpl\/AAABfwAAAcyoMDkdqwht3obrulAYAgD+YAAAEgNibGEiCQgBEgV0ZXN0MSIJCAISBXRlc3QyIgkIAxIFdGVzdDMt8yOnRDHnHafoiOSUQDikA0IIQUFBQUJCQkJYAwo="} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698073727888912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698073727888919,"pkt":"AAAAAAAAAAAAAAAACABFAAAo6hdAAJAGArZ\/AAABfwAAATA5zKjehuu6HasIsVAQAgD+HAAA"} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1698080984189366} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1698080984189366} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698080984189366,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698080984189366,"pkt":"AAAAAAAAAAAAAAAACABFAAA0LOBAAIIGzeF\/AAABfwAAAcngMDmHrWfCAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698080984189379,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAIIG+sF\/AAABfwAAATA5yeDA+8keh61nw4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -16,7 +16,7 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1698080984189428,"flow_dst_last_pkt_time":1698080984189436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698080984189436,"pkt":"AAAAAAAAAAAAAAAACABFAAAo6alAAIIGESR\/AAABfwAAATA5yeDA+8kfh61n1VAQAgD+HAAA"} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073797890442,"flow_dst_last_pkt_time":1698073797890423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698080984189436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698081014189987,"flow_dst_last_pkt_time":1698081004189871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081014189987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1698081882092605} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1698081882092605} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092605,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698081882092605,"pkt":"AAAAAAAAAAAAAAAACABFAAA0\/YtAAMEGvjV\/AAABfwAAAZtqMDmCwWFGAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698081882092621,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAMEGu8F\/AAABfwAAATA5m2rz+Zn5gsFhR4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -25,7 +25,7 @@ 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698081882092697,"pkt":"AAAAAAAAAAAAAAAACABFAAAo\/YRAAMEGvkh\/AAABfwAAATA5m2rz+Zn6gsFjbVAQAfz+HAAA"} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698081034190396,"flow_dst_last_pkt_time":1698081034190368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":924,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1698083246943488} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":924,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1698083246943488} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698083246943488,"pkt":"AAAAAAAAAAAAAAAACABFAAA04rBAAJwG\/hB\/AAABfwAAAaV2MDmpa4jnAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698083246943511,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAJwG4MF\/AAABfwAAATA5pXZXI6mhqWuI6IAS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -34,7 +34,7 @@ 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943596,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698083246943613,"pkt":"AAAAAAAAAAAAAAAACABFAAAoxGZAAJwGHGd\/AAABfwAAATA5pXZXI6miqWuJK1AQAgD+HAAA"} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081892093087,"flow_dst_last_pkt_time":1698081892093022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943712,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1698349716647378} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1698349716647378} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349716647378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698349716647378,"pkt":"AAAAAAAAAAAAAAAACABFAAA0QzZAAKkGkIt\/AAABfwAAAeaWMDkAqb1mAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698349716647390,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAKkG08F\/AAABfwAAATA55pYXbk5qAKm9Z4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -44,7 +44,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1698349716647435,"flow_dst_last_pkt_time":1698349716647442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698349716647442,"pkt":"AAAAAAAAAAAAAAAACABFAAAoZpdAAKkGbTZ\/AAABfwAAATA55pYXbk5rAKm9xlAQAf\/+HAAA"} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349719647622,"flow_dst_last_pkt_time":1698349719647600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349719647622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943712,"flow_dst_last_pkt_time":1698083246943682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349719647622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1698349719647622} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1698349719647622} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8666551 bytes -~~ total memory freed........: 8666551 bytes -~~ total allocations/frees...: 140642/140642 +~~ total memory allocated....: 9431053 bytes +~~ total memory freed........: 9431053 bytes +~~ total allocations/frees...: 154608/154608 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 1312 chars diff --git a/test/results/default/protonvpn.pcap.out b/test/results/default/protonvpn.pcap.out index 42c082c98..5259be018 100644 --- a/test/results/default/protonvpn.pcap.out +++ b/test/results/default/protonvpn.pcap.out @@ -1,4 +1,4 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00742{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":34930679,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34930679,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":34930679,"pkt":"UlQAEjUCCAAns+YuCABFAAA8D8BAAEAGxbkKAAIPuZ+flJOyAbvBn1OFAAAAAKAC+vAjGgAAAgQFtAQCCAq0w2VcAAAAAAEDAwc="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":34952976,"pkt":"CAAns+YuUlQAEjUCCABFAAAsACQAAEAGFWa5n5+UCgACDwG7k7IAC7gBwZ9ThmAS\/\/\/QMwAAAgQFtA=="} @@ -15,14 +15,14 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":50921855,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":50921855,"pkt":"UlQAEjUCCAAns+YuCABFAAA8ggNAAEAR0DsKAAIP2RcDTOFlAbsAKDHlBAAAAFqA0k4AAAAAAAAAALO1qui1E3gr64yba6DzHY0="} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":50923026,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50923026,"pkt":"UlQAEjUCCAAns+YuCABFAACMggRAAEARz+oKAAIP2RcDTOFlAbsAeC0gBAAAAFqA0k4BAAAAAAAAAF4\/Rs\/bZ5rJgjR49A7fwbBmyr\/63WBJDwuVnzl4A4pXfnPOZYLKRVrAFPmUTxZtFFUY\/ygw5snpyOqRAP6xav5VAHNARAiOiRt60FdTFozGozRICRBukHLcFDs4iULCdA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":50926430,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50926430,"pkt":"UlQAEjUCCAAns+YuCABFAACMggdAAEARz+cKAAIP2RcDTOFlAbsAeBOmBAAAAFqA0k4CAAAAAAAAAD+yacW+Jee9sR0ypoOh8MaQ9gxbsztxJ2kZqazGAeL5NW1pKQLnHbPaHw3gPyLDD2rfIVvAXcZtIMwiZTZxrxOlD0VgEqedFRP3HFFojGTkub8sZpeXm7iOxsEEbnhzOQ=="} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":41,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1690392292895682} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":41,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1690392292895682} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690392292895682,"pkt":"ILAB6wYYNObX3kTiCABFAAA8lQ9AAEAGoh8COvFDCAgICJNOAbuMC89NAAAAAKAC+vAL\/QAAAgQFtAQCCApqQ+LfAAAAAAEDAwc="} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":34930679,"flow_src_last_pkt_time":35025668,"flow_dst_last_pkt_time":35025741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":5847,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01041{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":50897445,"flow_src_last_pkt_time":50986726,"flow_dst_last_pkt_time":50986365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":604,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"217.23.3.76","src_port":57701,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1690392292895682} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1690392292895682} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667567 bytes -~~ total memory freed........: 8667567 bytes -~~ total allocations/frees...: 140613/140613 +~~ total memory allocated....: 9432005 bytes +~~ total memory freed........: 9432005 bytes +~~ total allocations/frees...: 154579/154579 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 510 chars ~~ json message max len.......: 1574 chars diff --git a/test/results/default/psiphon3.pcap.out b/test/results/default/psiphon3.pcap.out index 5bf0addf8..87871c11b 100644 --- a/test/results/default/psiphon3.pcap.out +++ b/test/results/default/psiphon3.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613865079123029} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613865079123029} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079123029,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613865079123029,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613865079123029,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1613865079123029,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1613865079129032,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1613865079129032,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"} @@ -11,7 +11,7 @@ 01771{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":2422,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12i1508h2_073e58a039a6_e70312a1ce2c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C","blocks":0}}} 02386{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079254264,"flow_dst_last_pkt_time":1613865079202653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2038,"flow_dst_tot_l4_payload_len":5498,"midstream":0,"thread_ts_usec":1613865079254264,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6801.9,"max":46102,"stddev":10684.6,"var":114161304.0,"ent":3.6,"data": [6003,17375,0,14372,0,0,998,15961,7000,4998,0,0,3002,27963,1997,2998,1002,0,7002,25852,0,1389,0,0,4047,20760,1037,46102,1001,0,0]},"pktlen": {"min":40,"avg":277.5,"max":1500,"stddev":421.9,"var":177964.3,"ent":3.8,"data": [60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048]},"bins": {"c_to_s": [10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0],"entropies": [4.559092522,4.559092522,4.801308632,4.801308632,4.780641556,5.412927151,4.780641556,5.412927151,4.780641079,4.780641079,6.953819275,7.189953327,6.953819275,7.189953327,4.780641556,4.780641556,4.780641556,4.780641556,5.944580555,5.944580555,4.780641079,4.780641079,7.039272308,5.966729164,7.039272308,5.966729164,4.730641365,4.730641365,6.272472382,7.310267448,5.370555401,7.811244488]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01226{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079845431,"flow_dst_last_pkt_time":1613865079841273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3700,"flow_dst_tot_l4_payload_len":5574,"midstream":0,"thread_ts_usec":1613865079845431,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":62,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1613865079845431} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":62,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1613865079845431} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 62/62 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653360 bytes -~~ total memory freed........: 8653360 bytes -~~ total allocations/frees...: 140607/140607 +~~ total memory allocated....: 9417767 bytes +~~ total memory freed........: 9417767 bytes +~~ total allocations/frees...: 154574/154574 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 514 chars ~~ json message max len.......: 2391 chars diff --git a/test/results/default/ptpv2.pcap.out b/test/results/default/ptpv2.pcap.out index dc4cbaa33..346cc6b80 100644 --- a/test/results/default/ptpv2.pcap.out +++ b/test/results/default/ptpv2.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1316198630678965} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1316198630678965} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198630678965,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":118,"pkt_l4_len":64,"thread_ts_usec":1316198630678965,"pkt":"ALCuAfkhACCUAAANht1gMAAAAEAR\/\/6AAAAAAAAAAAAAIJQAAA3+gAAAAAAAAAKwrv\/+AfkhAUABQABAaE4MAgA2AAAEAAAAAAAAAAAAAAAAAAAglP\/+AAANAAEAAQX\/\/\/\/\/\/\/\/\/\/\/\/\/\/wAEAAawAAAAASwAAA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198630678965,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -20,7 +20,7 @@ 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198631064912,"flow_src_last_pkt_time":1316198631064912,"flow_dst_last_pkt_time":1316198631064912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::2b0:aeff:fe01:f921","dst_ip":"fe80::20:9400:d","src_port":319,"dst_port":319,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1316198630878946,"flow_src_last_pkt_time":1316198630986113,"flow_dst_last_pkt_time":1316198630878946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::20:9400:e","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630939923,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":408,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1316198631064912} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1316198631064912} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650120 bytes -~~ total memory freed........: 8650120 bytes -~~ total allocations/frees...: 140569/140569 +~~ total memory allocated....: 9414558 bytes +~~ total memory freed........: 9414558 bytes +~~ total allocations/frees...: 154535/154535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 981 chars diff --git a/test/results/default/punycode-idn.pcap.out b/test/results/default/punycode-idn.pcap.out index 7d698e69a..9f65afd43 100644 --- a/test/results/default/punycode-idn.pcap.out +++ b/test/results/default/punycode-idn.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643874953669881} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643874953669881} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643874953669881,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1643874953669881,"pkt":"BBjWBrNamAGnpQyTCABFAAA3T1gAAEARpYDAqAKMwKgCAbHQADUAI+SVpXsBAAABAAAAAAAAAWkEc2NkbgJjbwAAAQAB"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643874953669881,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"i.scdn.co","domainame":"i.scdn.co","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -21,7 +21,7 @@ 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953689789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"i.scdn.co"}} 01217{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1643874961730191,"flow_src_last_pkt_time":1643874962305077,"flow_dst_last_pkt_time":1643874962304897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":711,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":711,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"42": {"risk":"IDN Domain Name","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.love.xn--55qx5d"}} 01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643874953695008,"flow_src_last_pkt_time":1643874953695008,"flow_dst_last_pkt_time":1643874953696562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"42": {"risk":"IDN Domain Name","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1643874962305077} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1643874962305077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650267 bytes -~~ total memory freed........: 8650267 bytes -~~ total allocations/frees...: 140577/140577 +~~ total memory allocated....: 9414705 bytes +~~ total memory freed........: 9414705 bytes +~~ total allocations/frees...: 154543/154543 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 1333 chars diff --git a/test/results/default/quic-23.pcap.out b/test/results/default/quic-23.pcap.out index 344f16406..411722bc3 100644 --- a/test/results/default/quic-23.pcap.out +++ b/test/results/default/quic-23.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568282515655367} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568282515655367} 00834{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02277{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_usec":1568282515655367,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="} 01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"quic.aiortc.org","domainame":"quic.aiortc.org","quic": {"quic_version":"Draft-23","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0308h2_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-22","tls_supported_versions":"TLSv1.3"}}}} @@ -8,7 +8,7 @@ 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568282515693812,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":159,"pkt_l4_len":105,"thread_ts_usec":1568282515693812,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AGkRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwBp0e\/G\/wAAFwhFc8YEuuNHtAjcZWkdxzWqcwBAF6fDAMMAJhGASeFDmt2B3PV5oRmlcgvC6v8AABcIRXPGBLrjR7QI3GVpHcc1qnNAF9ROAvn0lqrzo1vnuX+cMCbpFjsj7q4P"} 01028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568282515696184,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":422,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":422,"pkt_l4_len":368,"thread_ts_usec":1568282515696184,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AXARQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwFw4G3t\/wAAFwhFc8YEuuNHtAjcZWkdxzWqc0BPvLjwGAX6prrgTX3a3E9nV\/neLy6f6D1aL4AW7ZFFhtBTGIbvF48hHGdbgiiU81tgt+vmodZ2RG8bv++nz9H+TrtSRG\/V1bZo0rRqEJ6uLXtFc8YEuuNHtHe3YJ2mYY5Kj7VLPlyFWTxVj3D4ynrgMtP+ES8J5hYlasmgbcBjiaeIIGSM78XD0ZetULbmnYcr+261YjWGmgCHllE6ESDqENGKO9\/x6EPOzep5GXe6WsLwnro5QyXOgBT4DvhCB3s2Y5VMa71Sq8ea4xzabidQXJjSHOOoKBNwBetck2ZXZdBc22naoNcPPENdt+s1XW\/6i6FmYBAofaF5GgIdqv6jzc3ryObFofA1sVmUhrut2xxxw\/HgFM3t2fgK4\/Jlix6BDZV98FXGVnpQWoXGUnU7Jf1K1riT2lPHPc9slQktbx5sUNLfGBqV\/vYSeh7Nq1c="} 01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515734274,"flow_dst_last_pkt_time":1568282515762416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":1993,"flow_dst_tot_l4_payload_len":3958,"midstream":0,"thread_ts_usec":1568282515762416,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"quic.aiortc.org"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1568282515762416} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1568282515762416} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655637 bytes -~~ total memory freed........: 8655637 bytes -~~ total allocations/frees...: 140575/140575 +~~ total memory allocated....: 9420011 bytes +~~ total memory freed........: 9420011 bytes +~~ total allocations/frees...: 154541/154541 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 2282 chars diff --git a/test/results/default/quic-24.pcap.out b/test/results/default/quic-24.pcap.out index f13568a1a..5521d617a 100644 --- a/test/results/default/quic-24.pcap.out +++ b/test/results/default/quic-24.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1574209133040250} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1574209133040250} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133040250,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="} 01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","quic": {"quic_version":"Draft-24","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0512h4_d55e91d5c3b2_cd318bf3b157","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-24","tls_supported_versions":"TLSv1.3"}}}} @@ -8,7 +8,7 @@ 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1574209133041861,"flow_dst_last_pkt_time":1574209133046090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1574209133046090,"pkt":"zivom94WClnTQ78JCABFAACaQSRAAEAR5RoKCQACCgkAAQG7odwAhhSswv8AABgR9cNSVpuO+PfYTEePbwr8vNYS4JjP5xnPhXULMwsGez9pmn\/bAEBR7JWFbqBk4i5AJ7l7qSlE+tX2yrubmhFzRlx21yBiPVDLnRsXzX9MvNztVp29bxmR1P08S3NdkCTmJvy4iWq\/7WRG5bc9bbtXoIExxVobW\/gF"} 02202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1574209133047397,"flow_dst_last_pkt_time":1574209133046090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133047397,"pkt":"ClnTQ78Jzivom94WCABFAAUA041AAEARTksKCQABCgkAAqHcAbsE7BkSzf8AABgS4JjP5xnPhXULMwsGez9pmn\/bEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURsHHBv+mMkgMKbL1L8HaaigAV7t4eD5XPruskWTZTpFm1h9Cm3DzPxeQvTSEwHtDrEOpz6YFy82UDJYYLzV8itjsSuAl3BN2XPA7e06ZEWotlL9Br9TZWw4p83NDVQGkChBgIL6f1nIN2ojZvrHvpzk0MfCiu\/boqXdpIsBERYdwXRPlbEhxdUMcMYA7eh8N4TKuC9HmChlfkHaTI9GkWRyMAMzxtZMhCl3LoimMkhWCfqmVgDVhtz4Dif9R3RkIY9hzuUCMKU7oaOOUiDfZuxIU3WloNXp8o12YBXza0fzRQpYGqa7piZ7PVUXOGcUM\/cFuqscmeLVQOsoy4i4CGC+MSSW43OpT+j2aHawId4E4DeDRugsomOlKszLuMP4ykA2XzxEcbZMu330eInLeApkaX+snpful9w18f09BHmkH10HjWW+o+8oFuEG0J2hwlJ3TmZuH+IBwCzohntVbymn7aQKhoP0MV8t5fXtaD3vzu3igqOoz64Q+7\/Sx9TpI8jZHMY5bI6Kx+leY4ybxXsUaY9q0gvlZcgyTiYn8SSRvRZMXNcQW2xksYLy8WttjxWgRkmFmsQrwrmI+8rN1prhvjqtq9svG38UVICHD+O9YB6LgA6f2DnN5DLokrYt0c0SwvSqZm2zBXMqoCDF3Mvxf5duIyZR8amJWjBMoLkZN+I+jb+DRrnFUITzuCvlxJQBLZbBvmXcpD7KXKyeyqlEx5yPFydiu3Ptcszr+5KTMkbP82kPXV\/bjI4L9oBErJhJCans3wo72EkAcuKLd6CCThJXE7Eh\/LDUjZHt\/8eNb7S3jzPF8xwguDIHq5S3aAjhS3QICFDHNn54BjdvvO5iW7zqJCZLSz3CwZ1+MRXms7+nxM12o9227S7LvP9CKQt3pRuzfLorLdpjg9GKs8caLZS\/zPBPaxxYsAkVs\/TxyqkBKa+anVJ99dxXNbDJQmTbQiadhbUe5CTXS5up1QYApDHCBfC0uOVL5lGIcrbl3PMnI1Dz2NdmW84pfg6c+eP0VFTKo0ia+JMYIRzTujqTSk0FE2waqFp3fDr8Hyu8mFx9hmtHgkYMyRj0Bt4LlwBJ79sxjVaEgTqHIx9xF9TjPLkAQXWiLTUTtZO41N3FxjyHC7iUvDol\/CotNpvZxVVNzqh35++58kx3dGzWg7RNObbhbgYckZgts8lfGtJHdaWCmm68Pkjb25Blv1HmPokRC5N98vgYvduuuS7fDGGlvtjz\/JIS10RWkuAlJb\/TeU30L5OeUDpr4zmcBbCs18tprlmixC6jVnlsoejFSyGESEQ56JY+Y6YELlJh011Icv+\/BxJXul2kP65qokwiQy6MoaIpxYelTFp5PRef54cjqcJi3DU8ahYYjMd+pFAh\/vGQ66+sQubQDPeRB01N5+3eG5Zyh2ZkNxzZLSsfMGkHSVTT3SqZ+mT2IOgPbQy8Y2nObPD5adavrO8MXO+JeqH6a5Ct3KlMPOBt4e134vezowr\/x2Ai2BFLL0Buw=="} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209163081103,"flow_dst_last_pkt_time":1574209133073692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":4378,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1574209163081103,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1574209163081103} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1574209163081103} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655418 bytes -~~ total memory freed........: 8655418 bytes -~~ total allocations/frees...: 140570/140570 +~~ total memory allocated....: 9419792 bytes +~~ total memory freed........: 9419792 bytes +~~ total allocations/frees...: 154536/154536 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 2215 chars diff --git a/test/results/default/quic-27.pcap.out b/test/results/default/quic-27.pcap.out index 3bf6f2475..5d7767271 100644 --- a/test/results/default/quic-27.pcap.out +++ b/test/results/default/quic-27.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388075915836} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388075915836} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388075915836,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"} 01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com","domainame":"play.google.com","quic": {"quic_version":"Draft-27","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h7_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-27","tls_supported_versions":"TLSv1.3"}}}} @@ -8,7 +8,7 @@ 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388076028071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388076028071,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6ViHv\/wAAGwAIe6d1Co879VZFIRhTciPGRElj\/q2UJV8WLuy+v+X6eYq5nfLS\/1g27PmgUSjybm5KzQzU1ILEhmniPOAZEvqheEyUNT3LDVYKkiUNtyVizLS+ix05UKwF9ULcCkrPIH2L1yPWwyFY4cNmCg5gqYtxA3Cd8FBtd7huXtciiCUG3GeekKTzDtj3mZ+8a9Kr7COQN+1+KOPGR1jsFDY8WBXFdrZD5ySECX4kUsUr19bjb\/U5cZvpbI9cdcp5bwfzrC2mH6vd4a7R7sGpYQC\/LmTmcUYGX34JRALcKFzBObhoO2vaDi7novDaIcCjAgVKgIi2QDsp0UHLCVfN6EaAaXbvuQGWGiPLw9zau68I+RrJ6y0kJVxIbdnl\/EUZWmki\/uzG7tgnHXtuPP4eyAbjSMJ0hjsteGZnRo8ugg1QBkP3BhHBIDcYpS7Rg5p+Q87bHy7pRrvmcYBKovHJI1C9UPa2SFGuec7pa\/6HIeRhWWTMUnz\/ZwqGW8sEZEBwfq8qOUwgi\/B\/AddMPb0L8G7SIQ6+A8kHT0aXnCw79xDImZQvGx+xV4Q8IQAkfmLfJgljliS\/pFSe7vKQTDUfFC487WlTMSbh8p4v14NGz4\/+IbJnlPne+z3aiBWY4W5BT+eNpvI1FrAsB6dTWYb1WMRGu+babBDC7DyDPqG37z1zhaan\/jgx4fju6203mIVVCgDDa4YMwuMWuzKcp++h85i7nfzPqf7Wk8JcZqDZQ7\/7XjA0cDDeckdiS7HK2HclGO5lmUAmfBv6xhN3kqSBMN6IqsmjPmE60BN1fOygdU+Te\/f2Zs3Hxj7prJm6c8So+FZaiXzdcjyeQIKQ7Qv7uvRxvkajwom8lMmtPepS8E1yN2bhced3EHv6plGn43Vp+3XSbgOKY9S2AogFV857hcfhi+38yUYhyudlbkP279FCQJSOQonnRS8vvcxIp1D3jJKLwM7lBzaN71oIr+jZYmimJVYS+TZyf2NTpdZEOqUdfyfjGsgBeO+zxCodqOAYfcQN6t\/ocUaCgoHwIrFh0DNA8BNDZ3BGwDpWjDGxjT2MDsyXTPzdJOrwupelUXdrY5ldlO0BOU4mi86dMKwmn3N98YIh7Xk16l5iWGVTV4G7BiDgSJjCmtvL4gIyWDqlNk4rKdN30XBAMceNyzUL3I+J9QvbqKGfekV6XugZlAoULV4ad+umJRK2vmBuKK0I6o4wTokYu28rX8sUaoMhaobdOad13wg48RmxbjTjdVBAPfX1KeyZee+F+tEvJH5c76CbSftxDPZQcvK0IFFWHU3fXRowm7y0cXr5ihgo+viz0RYExACCOzUg7yyTUEr1K5pmd+JJe\/u6dmlpru9YEnDkl0FaQ69KgHJy4lAr1a6N7vOW5UVyYYpXufTEaXlc\/8T1+66MUdctqR87rt+GkJYJBgPUPk4vo26994MdlTljOZGjiPv2mj5\/nUWzoMXcG2WfI4Qc6qCD4Pv1VD6RdmOwoJjV\/su+wg4zNBn5R6iJ+ATQnf2WSumgGNmoSRr4mJgiWWxiEWYUww8aIC7q0BmFcfSOGzsQu+p4VSWP6YjS77bvflLoX3O75q7WJVNOS+lJu43OyzHz5fgIDeXGokHeXy9NpCGJdtgA3NQbjooA3dcAcQ4tGZv6kkVjgPSkmu0AJzjNvJuEpULFm5FZxpfYNwEra0h8ooobuNRKlg4azk0ZN39GAv2Rb82ENGYGAK8P6\/LrlPwKtRzuXRWUzO0rErD\/GlE5wROht4c6ajGM"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388076028126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388076028126,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6Cu\/h\/wAAGwAIe6d1Co879VZFISUoS3c1LeI1f3kGlK6\/QNOr\/NABLaBx5LTjTiMM9smnvfjoOua+FQJnE+ZH3t9qb\/LL3ilj\/FL3JWoQ5AsutZ2v0Ov5AHIE\/ZIUWiM\/b1\/Psqe7HjCEfGa\/Pn04VrjRCrsUglRK8pqyMk+t9GQppn+F+FNln3t\/Ds1nPF8o5QqtUE\/q8LSytE5W4tmuafAvGb28tHvlqcR\/91RGVeuyv4ZdYWnJdOAVFbjKuvIKEBKANwTaD3AkFWVEqaZvu2l7N+bGHJMJgiqgp+9b0cttal7FMoGFs6adg3LTgTWujkwfJekftt71zIfnuU+0PrD0d1qsB9TfSCuwGwbbbDRgYG8XVwL8zxmRLn9Auhuso8795903Gpq9LAC7cKoiShGW3C0jUGDF2xTE5Ylh6zMUGg6TDya5bEvipHZ153rW7TWJT4vkCkw69eqhsXJvjw4jYdOmvyvgSYObUpBV9iMJbMO+hRaTJxltiDxz92XCBsPx8yqbUs2tFBONzhIyzkw6xcC\/ZeQUgpLso2N\/diUisa0e7nV+xuLNdIjwkxLf7DoY9I1jzeq6G50DsNvHoUCKgd3CqYNQEn6n3zvfWs0l1E+3sjvio+tlZOFbR5\/DYOBTvbtb5ssrxMIMX8I3hPzw9rkivT0lYBRX+etHZhXt8hIL1OE+80IRt8mWNHPnEXuvPuDJByNp6x\/JtjAfFDInDCqMZK5djoXSTtUp6qQpvlMtB5m7uyaaysgNqyHnSwGOB1dQccM7cak0t+MN\/+IlDtPj\/wmwqBImSV0mDKjXywQ7bsYfqHPAw4CcwzLo9zcIEtNjvcoF\/TZi238\/qiq1vOsMzk+82E4taf5+VHAoT267xBTLDM+smuKoEbkSDtxc4QmjrDMSSWkWQOyC8j+c8nyi51Tgg9IM+iQxLRMFa1CGft8h+1xKuJc\/FoiSqN62L+IA1P\/LA6XLD1NcjJXY8IFwooUg5\/l4urKJmXSLnA14ps26fW5korJedu9wd8F7Xmfcc1UPazcpuQfJHQG7YeUVyqtcnf\/M50G948rp3i8MlfdgRmcCkEymW6bJzm9H1yUPHWWVg8HOVbIhOYXhjPZBSQAlSaAvFYwI0hnoFbYkJj+9n2WEPggdOcoa14iw5SpNWfyjQ7xR+ONzyW6OQ6pGo\/5atAj5QVcoQwnpzOt5tX8qNfNp+ZLgOF6ctVOufCLbzzxeGWcDSRiSqOuzJgCM2yRC6LvUvJkH91CInawmzFG3KkPQdB+K5Jeq9ffHYQN97+fJAdP1OG16UX\/SX3t9htwnBd5Z2+nh6hjwV4n1SIuOG3Hkxljd3DTBhpYrha5Q6nDeBc80QdbhiBU+OOsYLrGr5FFnb7THO1Vnn24CyVDvtg15ACcXDu5+GlJ8RYCR2Wabyq5m4hTyIb0TZAJQQbQFrD4b0mSxbusJpuXWArhNyDl\/EBNhAQww3zF3I9SOtZCwpTDRceQbTQOAJV7CfIzUtg8zRWTrK7m31aSg+RyqaQizvPHdNQMSy\/YFccGhfumDWmke3xEkgTdSt8YZMA\/WkC3aY4yD7Wur7Pzm6lg+b3UbI0ywVjTd\/xHuOKwpoNWGHWnV5hMMRvNQhiEaJSz6nqjVsSK7kruepr8Ko0ZQkHqE88t8AwjTdaguGXi2F0WBsYS18MpGKpw47jOcMsAq0ON0Xc5cprtI18jJDmrM5xRj17Fxa6cgxyolfwWbwqSt2+gabY+qJoNGuHEvOX+LyDBXyyTtHBoULbRF"} 01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388084312705,"flow_dst_last_pkt_time":1592388084373772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":5523,"flow_dst_tot_l4_payload_len":6124,"midstream":0,"thread_ts_usec":1592388084373772,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388084373772} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388084373772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655746 bytes -~~ total memory freed........: 8655746 bytes -~~ total allocations/frees...: 140575/140575 +~~ total memory allocated....: 9420120 bytes +~~ total memory freed........: 9420120 bytes +~~ total allocations/frees...: 154541/154541 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 2355 chars diff --git a/test/results/default/quic-28.pcap.out b/test/results/default/quic-28.pcap.out index dd844fe14..372ace574 100644 --- a/test/results/default/quic-28.pcap.out +++ b/test/results/default/quic-28.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591267474847575} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591267474847575} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1591267474847575,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"} 01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org","domainame":"www.wireshark.org","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h8_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-28,h3-27","tls_supported_versions":"TLSv1.3"}}}} @@ -9,7 +9,7 @@ 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474876194,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1591267474876194,"pkt":"bmImQfCg7jdRvai\/CABFAAC98ZBAADkR0YpoGgvwCgkAAgG76soAqc9DwP8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAAQG\/1pyxQuqr\/rtpFC2WVmtFOhv9JrpeHuopL7hMPE9fxl6sTSmvxfRAUwl+0yU2EdY5OnjwmP8hll9t175YCQMzKJKMegfWSiSk2V1nk0gFVDaY\/3+57WXWRq1p2wGvEOZh04iEYFueX23hrwDr59zo="} 02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474935131,"flow_dst_last_pkt_time":1591267474949617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":4297,"flow_dst_tot_l4_payload_len":5362,"midstream":0,"thread_ts_usec":1591267474949617,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6116.1,"max":20960,"stddev":7174.9,"var":51478880.0,"ent":3.9,"data": [13634,13791,13932,1053,15111,1394,4,2,2195,342,15,8,10,14715,11,4,4,3,4,4,3,13849,1181,10523,11750,5487,19948,6547,20960,4038,19076]},"pktlen": {"min":71,"avg":329.8,"max":1228,"stddev":425.6,"var":181138.2,"ent":4.0,"data": [1228,75,1228,99,189,1228,1224,1225,245,138,89,71,71,154,98,543,71,71,96,71,71,71,71,71,686,71,133,71,845,71,108,72]},"bins": {"c_to_s": [0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1],"entropies": [7.825420856,5.391368389,7.839229107,6.043497086,6.731246471,7.843968391,7.815639019,7.852266788,7.065521240,6.543905735,6.067143917,5.873550892,5.873550892,6.748120308,6.120771885,7.600786686,5.845381737,5.732706547,6.072868347,5.683273315,5.722074032,5.818619251,5.778411865,5.760875225,7.744878292,5.750242710,6.580695629,5.778411865,7.773950577,5.873550892,6.249063969,5.721802711]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":219,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267477602863,"flow_dst_last_pkt_time":1591267477602221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5428,"flow_dst_tot_l4_payload_len":230739,"midstream":0,"thread_ts_usec":1591267477602863,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":253,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591267477602863} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":253,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591267477602863} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 253/253 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662221 bytes -~~ total memory freed........: 8662221 bytes -~~ total allocations/frees...: 140808/140808 +~~ total memory allocated....: 9426595 bytes +~~ total memory freed........: 9426595 bytes +~~ total allocations/frees...: 154774/154774 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2172 chars diff --git a/test/results/default/quic-29.pcap.out b/test/results/default/quic-29.pcap.out index 30446fb68..351913640 100644 --- a/test/results/default/quic-29.pcap.out +++ b/test/results/default/quic-29.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592171671664832} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592171671664832} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671664832,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="} 01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0512h9_d55e91d5c3b2_cd318bf3b157","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -8,7 +8,7 @@ 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592171671666257,"flow_dst_last_pkt_time":1592171671669893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1592171671669893,"pkt":"7jdRvai\/bmImQfCgCABFAACamvxAAEARi0IKCQACCgkAAQG7juwAhhSsyf8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSuOhEpZ26G1apwTYmb8yCval\/AEBRPcuzOLEauCutm8Cg9Aw7MEJCqo0x9rzS4t7RXw9ZHJwjm4cjcaToOiMOaFfu+VVWYB5tVycdZGiAgFBsUfDxzpzoGAp5IeyX8RBhrIPQ+UnY"} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592171671671308,"flow_dst_last_pkt_time":1592171671669893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671671308,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8aBAAEARMDgKCQABCgkAAo7sAbsE7BkSzP8AAB0SuOhEpZ26G1apwTYmb8yCval\/EUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHxHyuth7w4wAlhBFzSbC5OjU44\/1Io1dfhnPLBERJDclqgYkhsGCW5n5pq4++z17AmNcn8dBqWB48xy31i6C8\/7XLxAdE6MTkI1znSj0vPZF3m092HE5ICx5Cq8tPNqgLlGyC4nLFjq9OvRGmiuiF1TIpM9PmTRo8CoFdISqcZiGUU3ZatNhq0BrGHwqcNi5TGpNATNj+HPUET0xXmYCe8+PpzJ03gSTlzB0FLjb7iGX7ScJzGIFrKQ0gxbXNX3pdkMqQzBo0EnthbcmLKitGXotm1rEcUwvAV2ofjpp+dpKuUM0Owe+S7aqtPBkDFA45e1ipUu3IPJnxQFqqPunboo+Hnv3g9HksDbGOV3\/88bS6N0HERX9+EEPSf+jFcHugxRyYYN\/nLcw3xaDYPvLEu\/7m+N0ENIH2eff2kSd\/4XAYxOrjtXzzXRz0ZawsdnnAulk+tBvPHcTQAHUIJtSG+aaebsXHD40\/zcrQasAOlyD6+yxXtZkfWCz6DKTsNoXXFNYoferb8IbDYILPjauQdiYr\/Fqo4b8wg9zsOUqrTzOoLvaV1yqY6LGS5ESEAk+jr3ZvB3fzAjmUOGFx2kYo4hL1jK\/EcQPM5W10+VV3AoK53O1\/QDStMfKAH8\/GDuEx9GqesH0qCt5vMkOqn5YK1S7fYqFQJ0GQz1CMuXWrBTC2CpitU+UBl95E6pJUw+3rLOJIBV3NR9umg3dlzgZskQRIcO79GrkmsL6EakUlWb0zm1fkXRDVTVfkzGUPboF+IMWjDBLtqq0ad1m\/KEYu7JQMB2PIUND0ZOxU+8ur4pEZXiMKJMG\/vwK0qb80\/Sn812LEChKfMFqSLohC2gQC\/NCnWpwdff+PmCNJuaL7vvsQA+2EOqwBf3200Pla7XD+8mVcbikS\/Axog1Qu9D4fpVUG1Li3QEQ4yRBnPcG79jBpRS28cTqfVW5YH7i1z4Fqql03+ZGuyEqkhrg406IpTvdPVviAPFL6DVkypnWagcwF88ejZKMTBlSjOr\/eOnsSl23grex3BTGaO74gsy9a58KneVSew6h0i8MIAQY6ELejtpPDdIQT86X5SIhP9cpOQmuAOMAq68Vn9EEpUauLD0Ge\/pPsj020Ul4kT8YAmuqz2gf\/kHYlT+\/P\/xA7QdRVyw2RjbzYPDYQRVXfhs94sPTmHrCVUkiCWYkJMxWHBeSC2ADg8+ZvTBGDo1xzCm5P52WKcTaM0hKTzFhYXwpuMbeF5P5pR52zCrQWIE+qQW4s8tAphPljw12Jq6qoamxgL4\/mTWk84qzfcREKHpYIkc9qxIJr5H9EucfXGvqqcetWkoTg81lO9Haye5wgzOsUzheY9Lh1TUgo0WRNXVUuSv\/JGnmIG5uovTlVRwenPJouIS+CmrkTUvFwZ2e2QG\/xLBHcJ9L4V+YN+31gwg116TB1\/ngwjfvqla5cotuv7AWW+WckNMQGoS2EYDWJH4Uq0ZUbTENG\/qanNdGm8G85c0h2dl0eq8kn4sXYTc7lihVx7DpaoIJtYZ4ewJlA=="} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671699048,"flow_dst_last_pkt_time":1592171671697674,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":4303,"flow_dst_tot_l4_payload_len":4453,"midstream":0,"thread_ts_usec":1592171671699048,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592171671699048} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592171671699048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655418 bytes -~~ total memory freed........: 8655418 bytes -~~ total allocations/frees...: 140570/140570 +~~ total memory allocated....: 9419792 bytes +~~ total memory freed........: 9419792 bytes +~~ total allocations/frees...: 154536/154536 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 2220 chars diff --git a/test/results/default/quic-33.pcapng.out b/test/results/default/quic-33.pcapng.out index cfee8c9b1..2add09b30 100644 --- a/test/results/default/quic-33.pcapng.out +++ b/test/results/default/quic-33.pcapng.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1607938456563491} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1607938456563491} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1607938456563491,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="} 01612{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00i0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} @@ -8,7 +8,7 @@ 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1502,"pkt_l4_len":1448,"thread_ts_usec":1607938456566452,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBagRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gWoBbtZowe9l5MR3aGoPMUlC8ojkveWDrnmED9W5sa4X9wCktDzDDXCYZSRQMxMbCVxwWOrGcoL7RjNrb\/aR0XYpCUrMVMGYc7NbMVcmFh+U7ptII9ng3LovEtfWD+Vs23WbaIHZ861LaEHA\/O3BXXbVKR+D5AvGegGrVyCDUDTVwsI0xjlHU6np3nq2hUuH8yJbDa8RRLpXgKEnKNLc11Kr0rcxDebjOz1dBKCk6MJE+RaErF7rEtrFcdkqX2anO2s+oQdnjsu5lzh2gt+Pax4A51\/PBeBgwzAMnnreukUaaOMmSVWTRc\/VoG6UCj\/Tagguq1zlSUsuPKfS4A\/Hj9PMCdEQl7Hayptql87eJvYWKvnKSw09TobsgFvbTKw8NsJvq53AE7lTrO3TaA+nGZFRkq+M1ZrN2+BdXW26C2KraejfRHNrX6gAfXr\/p6NjeOzTSfUp6nCX0A3akd5q4pDQzfTm\/ZODmJRSSua6qoJNXn0ZXKLdWfGo2HyscrTneMhF6bQ007r+YHFANXKovRp2EPpw\/UJ\/vmL8V6IY0+HgZbj0\/d8FIx79RtbyabSwl8zeJibsQ1efkYJNgJ++\/KCwNGDs8asJAde9mkZ\/dD1+61ArTNYb49TexSktCvy4pG\/lsRXKxM72Y\/+4TJXT4xFdvuvm+PYjyD61bnMUmH40\/yen\/A\/WgtDFdjYfUH767jw9eFdVWB3ZsqeIHitWtMaap9xJIluBD+y2SxNS2T8mAjyctwWenF7C6shXsh0qrLybxoQ0mpuErDwRdnKd4mSsuqiuoQGfGbICbCc2dii\/7aSWW9g0280LQsrjBCl\/YvBCm88jWP2XY0b7UwDAZYeSSdHwaFhBXowhDhxXzH8R0g9ke2rFjs\/\/TBqq0T\/ZB1XqZLLhRVNSNff9p8XMZhqF6nYP3WZjj1DqFa2r\/223NsQ6wlp7tG634D7micOuvJWURO+AlGXtvI7zygsUz0CgkusaQEP4TAWCgn0lXeK6Jy3aZ6m0zQtfsa2SiY0Pyf1PWTuWCeXEhhqN0+G6HwVWdmaL2uYxjn01+QKvB6cqgjzUHj7ISnkgdtIrQ+jDb3\/YuMI9cxUejbp+0glcdsH4JO3WK3bIkjHXe4nJtvi554x5sT83RqdBEWrCT8Hz8DvHMAfbR+\/XpS4NJ6rIBJZTfZnrcqqNHxc+q5Z3+z9E3mEki3zOsCZbUzk0otiSbbusPTJ7Es\/ZnRISPdeCvvH5UBZA\/ITRUTY11l7ptIDwkxD3Q2fTkbX2WLeZoRV1F5rZs22rukFjdfZFbVimjaztzg6Wex3ilHTBU66\/wagcJ+boiTqvzD9shT8g+9ztRyM6oDrvueAWdlAP374US8GzN2ocd+LWy3Qh0kD76f8cnFVOhNIJ74ji8WV\/lEp7vTYYUDMrlFJm1g2QBxreEzVyyxzw\/kWu2secXUHFiuq\/aLl8lirZilXXB6BKhwYA6VsFx\/wQgXMGW7N576ppMuzN4q3u6+qKsFRgykE6xWMCIu8rfyHPKLU8hwJI\/Un9U+WP4ym96BQBToDbbY5w60F\/Fn+reGqzEXYBrNxFHbTy+34B9XFDXGRJuNXJEdt2xpxpJ4rLfkfhcpUBhpHxNFrGGx2u1ISXuanPkdl0U8p9iUo64xVk85WGi67+\/Po3\/vbJft1SNF4cB9lwe3oY2I+j\/MHJ8WFVg+W3w5clz+ifKEtQv0lEwiQL+Eicb9gfq3tlAR\/Zi7S7qlLM5dHBagD9XgE\/DssV\/nw3KYmdu4Cl7igYDAaGwJ\/prNC9sgv+k4qxakCz31iRthWoHa0gjjPRWdkJJ2NsNi51hPYr48FsvBgPM\/Y\/atiNkibfUawrvmDvK1kNir+duSpeLrnsGaquwEZKhLjOOhl7z2u7XrHBakQNuP2txJ4w+obo1p2YnKmbYM="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1607938456566937,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":115,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":115,"pkt_l4_len":61,"thread_ts_usec":1607938456566937,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwAD0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwA9AFCoAAAAAQg7VxcI2Jvc+wijB72XkxHdoUAcmTt8MUVh5MfFjPiR6HrZ0x4AXuWw5hgay8870A=="} 01306{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456567204,"flow_dst_last_pkt_time":1607938456567051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1607938456567204,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1607938456567204} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1607938456567204} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655308 bytes -~~ total memory freed........: 8655308 bytes -~~ total allocations/frees...: 140565/140565 +~~ total memory allocated....: 9419682 bytes +~~ total memory freed........: 9419682 bytes +~~ total allocations/frees...: 154531/154531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 2513 chars diff --git a/test/results/default/quic-34.pcap.out b/test/results/default/quic-34.pcap.out index 8f85a30d8..3a4cb3409 100644 --- a/test/results/default/quic-34.pcap.out +++ b/test/results/default/quic-34.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646827637244077} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646827637244077} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1646827637244077,"pkt":"CAAnfrFjCgAnAAAACABFAgUATWVAAEAR9m3AqDgBwKg4xtpIEVsE7ChNxv8AACIIoSj95jI1XLcIjUy3QAcovkkARMqtPUg7uXRSK4kMXX53Es5onLzxtRemVGyuMExaFbMut6vDuqB2U\/DpzOfUlq0FvRt9rUJpjW6yDtUJ\/70ztz+CDYIV8VpKhQLQtYfPD3mmkKn2FxkrrQO4KafazVucb4cvV7T4N0u43AnJcMtc4d\/GXnMaac4VfAlfHe4y11Dgg0O+0aKijzEWoPXxyRR4t51aC7Nkbv\/0J5dgWKDBQk9w37dytb5zwjbfQHpRVluNBzZHs5I4DMZ\/JnNB+PrUyuyBmXrp0gR2XnwVjzQ3flNPFgcQgu2\/JTVF0L13Ckxt\/+QZlc9B3wBoysEquMpFluVCxlhpsJNoFK7jPg3r2c+uxRQG0p8pcZpnvTksWL+f8WqFT5coLPPdZlZwBn02RKfGTA+uAZ0LaE0O1ka34WEpgqpoVc8fayaTadrjLyO\/JlS+dq\/Kdd3y9KPe38jjexcirOrW1+qlPzhwIx8piSprhOCyEQY2+fljrQNCpUoPKvzdasj+8Y\/vgOi4aANXTAspd+NPZCshlwQpGBYQdC7CEZbf5QlwUnySFyecnPIsokfcy7EJCJxGVFXATop39f5agqqDgJBBxbV7Vy06FK1qkx\/0u8uhGfVjqVKRKmprwi9X1kSSqhXt2GH8bZxjiM01oC4BQV78N199Rg9tYJupRv8l6yvhDS9rct08zWWNVxr58lebQUaKNYadQRmZaFtRmnN0sxjkvcxweUxbZooL7E4GGIqIljR4ZhLlzlK3E7B66OJGtQAC7VyR46GafnwhTxp3HrOyLyoZp0Rw7xcWItz9Tv6lT2BoA4Y0DSNY9olTp+DPyrMnUG0vqRxzRhJ8374jg6MVKZMEa\/87MY2irhA8kK8hZoC3M19FTaOnneltuWAhMrf+Q8t8BAlD7kUkH6oHx9vkYnEZiK9+\/sfx6Qq8taGMG\/mcWDWaYEb3NXAZqmf41FHteU\/OwdmlZSqoqDS5DlVhB2wq7tLwmLKxoxTkhjVXaunTU\/kfczBDm1AwklxFw3Hw5J5l+LHrwOolcProF6qLDBkbDOvOptyE1ll3vB0t4SH06Wr36sHzRz1uCQR21A9SHZvKyJK\/SCg1uApsLqdmJZ1f\/+1id8zTEwjq1qmsHED38lQ4CrlbWfoLvOR3f3s\/z\/QkitvfGtHhVZt0j0WepakKe07\/NGHX1V0dM0mTgqZKJh2Io3kvFvctAo6sUjbANXF0S8wxlOujZbFzW1LOki1CXDYWdPlq+SJtyeBxUEDNzFZ71VrbnwsnJNOpHvvMzPqdRV+ndVLZfpyQXSEsFc65QVoQNOu0MGerIkZa7wLe0y4mX0pnI8L\/R\/y1JTawqiJeeUx8r1l44ku\/g3ZE2uSVEJxuuTdY8TSHXRMxr7nqZuOWpvSIaUcGS3Q1TZnsiOTFYcvBWzEbQ72OmSRWUJzCCABBzidjiDpGWzPkhe8\/ROyjlc\/5TRQg67rXC2fAj53uXQRWw3a6jszT4xodZsJKooKIos5G3CpYzzQSJCrtOeOr5\/ce4c+q3Hx2rzKhdgv5WRhVAr2UV23TNUJd0OkmVeoZzs9v+FDb0PtPPYVDKHvjJqHAzOy1dUyjTbdc+UjRQ\/Xh3vEMPhsnnFc+0+ln6b2hntZL0z9eF8yMJK4KNw=="} 01697{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"Draft-34","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00i0307h4_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} @@ -7,7 +7,7 @@ 01488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1646827637247940,"pkt":"CgAnAAAACAAnfrFjCABFAgLwqq8AAEAR2zPAqDjGwKg4ARFb2kgC3Huyr\/8AACIIjUy3QAcovkkIkbyxu2YmbzdBBIfexsm7espBXzGKaZrAS7pggZDUUIfbdQ\/09SYdxmJiPOboVA5GNyIN0WKEZEb2ChDB1GilmJgW7Qp24EMucpJ8B17AVuDTPfEx7nyxUZnDxLnOV1NZxSPDEwEtlJluh20qRikrub3PX5DmXIcRaHLRejZJ9hsaCYWsq6n5Gfas0GF7MLGzHn117Y0pGUO2eqVFiwenMssI9+ug1E1aDiNVvZMQKSFdyDe9LiLFeCdes2+kAlg73TsTCPbewTMdEgVZBgLZaqO0un1mix5Qt6BKTBkVA8VSZ95v+EfSMYEwA9xZi0jAFqqTGyp+ZP95tU0r4nGCl85tIQDBKXfcBXQge764C41Mt0AHKL5JAwe7F8jwhPqhtghmuHu5o5uyPLm0TwLbmCTREzsDZ3DsGt5qVRU9QIvOhWBrh4V4uljh\/BtTxVptxRkCktu+NWT04G8qsIYXDgRKJUfYMbGUdCKTsE7gC0FAzqopaBfgolmLGZhX7ZxOjTG5NpEGFq+sEmPjGPlDauhq8NTECzVYfToMEehRp8C3bVLHR8m\/W+k90FLQ1TlaEbOqjuZyM\/9ouIFSCmQMPUymc3wxlPi0V28D1yaErAIjX4TP0GolGAZO78ybzC72YMWFqgmnosw3ju1DxFOnMm4S5978OZU\/wmbSWd91srzQp2fOyLvD3wvvNCgP73nEBs88atgYEK5VcrbDFNBrhyEvYixxRMTIqYTLkuWudZVMFEpbA6nhu6WPpaKYD3hORyKUUBLP\/t\/DIvXUYAsZ4s7fmfApFG7wJnzGak9JU7Tkzy0XAM9yEGedigZBltqQA4wPLvuXascBjTXzqxcRPwVbbiOpsQwIpMGnMJz4+XgHNI2WaH8iPl9H\/sYwWUugeEAk511PGx++JwUxDqTYxBlG36Eym55D9c1vN\/8RDw+9AAMguw=="} 02455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1482,"pkt_l4_len":1448,"thread_ts_usec":1646827637247974,"pkt":"CgAnAAAACAAnfrFjCABFAgW8qq9AAEARmGfAqDjGwKg4ARFb2kgFqI1IDI1Mt0AHKL5JJhXLILeyY0WWPPDGqu29pNjeQrsiCTUma2TcFGcgbIzRZdr6JWtplLqpt4qp74KLFQm7PESBrbW0e3kxD7S6yxhRI9JMLupNpVNheQDAE\/K7XDfSJm30AU1TktsrpLm7TfiD8USojXAxktLUfFjAiN6LG6fZddkhXh9AYZ7\/h0cSCCBipC+n3QCl4ZZLZob0nwewGNweDzedLSJHUiGlnnueifyEhuiUGtXgMNSJQ2JCiSHUKseCTMenBQSit9kmsy7m3CDkV8IpQHFpr\/KQRujoM5BDa8Yse\/Kl72IM405uisqQWn\/dXsCi5ce0bromjyo8SztDtTdIO91cc6sieObVALVrCc80ocAoEYgJTF5jiB7H5bYa3WWexHOJ0RxlkZABh5u2jRD60ENUaaMQfRFLTHtUlzezGzCFCF2IcS+WMBhwrHXLKOqpraJzqb1zDOgJyBdik0G2V7FsAOmmWq3kzNfjGuZ9T+fzSlxcobToHpyKVTh6yk3HH\/NbQjEutFtjDN8kzm6LZzftTMHupCPhu4ZLvz3A+qM2A1zwi5jSX7eTyP43nddNE8lSxbMriLhIHzadZrX75JISFbO5VwDvJNjuwIti4mRzJx\/4KzmR2yO+rvFcWV0dZs0\/MF6uYevBnu2YYbkzfUlVDt3QOqbxYzfYCPmQ52L75hajvvSWRTptBZWSpmDGOJ4XTD4avP\/kx9dpBnYVyb7KTOWud3jCtY9Dy0IFLUvwQTXGMQvxY1rW6hgIdpP+kthOl\/nWzDcHa\/PUhjS5EgK7B4SmuoeF3ytxRLbZxnjULC98CUv5fo7Ts14EjgMrhQbXmvegnsHXM\/e81QlFpnv8g5MxanFkxvc8tpr5XG8iFjGEj0B5WpJtuN7iq3z7nOCacYdJnYIiQ1mj01qFmCvBgbk7YWiMeiphglTgqhzvKbmvdg64HnjW1Es3AsdqJIZcqRus1DnD6rJkzYrRXchiyBhuQib+k4UQlm5hCqRnHhCo0J6LX8G3XGKSCadYx0g\/je+W+T0O4r2F5fhnLGmT5SAaG0edh3T2twOAFHIE1AKO0jwTDI8WzmuX8IYPD0YnpDPvt17DYPFIyDeOH5gIqsgYQjFZlXs0IHo2lM5JW0A12vTGEMsk8+9e6Z5fzuyATmFSi\/OqkgDSsNxnDgACPXJNiajuXioxc3erSKiDoxs9ouJzkif1wm\/7ixnjoy5M0DOvckjBD\/OuCCshIfuURfWTv6hvrPEQlix1SFn3RMCx1Pk8jg9thsFNFl\/Ho4MdvMw2RhXIz1+gcRUh14NXK1ApyZGsrTB7ViLQn5jNKtp2pdyf3KZPbaFL0Y7xQwOI0mvHL8HI43doiRf2crOMA1e0xs022LMvm5ySxZslF3z12zvalkvgvXb5OTKfwdssL2Oe\/UhdSppJObBzjA+FEs6Qfqh5bbz5aLbnxUlfYLmaNH+0BGi0hDTR9gZKHvTc2n4i900kDzzljVKsSlloNHgG4EshpTKWF2qFT2gsSKXypzJ7NmQ828JJYAZILIPg+FVeltdmCKZo2lO8FnakEKnB+A1cgn3\/xiCZQ+iDtSE0PJPFtZhhnpzFVQskhj6YomziDSO1a9fnQS0ICnwazdMcaC79GE+Zu7g1HThSx1E+aCxOD5MiNFMbrPUttd31nncq5ZDTQlklu9YFBeFEnNhjw7XV5SoHsICDX3Y807hcaww8O+S3\/ZZCHYrSiEoVXHK08+KrmgIfxu+0uDlNCswB4hQR1\/YEd7kLTjTbBWxK5h2KWCvESNP9hSvk0ChuucR4GXTRQ8ZJIb6PxRfICjZ8FJPDMEqg\/LMJKaLCiKRq62PLTEgbmtE7W7wFMwBCvtRBZFheSD6YcHVovYACuFKvgHYWtpT3Rd1wYRfqLJlwTjGraxth34Sw"} 01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":3416,"midstream":0,"thread_ts_usec":1646827637247974,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1646827637247974} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1646827637247974} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655323 bytes -~~ total memory freed........: 8655323 bytes -~~ total allocations/frees...: 140562/140562 +~~ total memory allocated....: 9419697 bytes +~~ total memory freed........: 9419697 bytes +~~ total allocations/frees...: 154528/154528 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 2460 chars diff --git a/test/results/default/quic-forcing-vn-with-data.pcapng.out b/test/results/default/quic-forcing-vn-with-data.pcapng.out index 65b271530..d555280df 100644 --- a/test/results/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/default/quic-forcing-vn-with-data.pcapng.out @@ -1,5 +1,5 @@ -00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679647550075975} +00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679647550075975} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550075975,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJpAAEARv2bAqDhnwKg4aNjjEVEEuDJfz7q6uroQVl708WxeHhsa5mBcIA3qIxSa1qUCjpCO14+hDyjRFC7TMDsu8ABBMJ\/Xmnp2jeT+WoWwVvVQ1b6O31rw\/qrqxPBc6dRBLf3lEnWUBd3\/w\/JQS4pKYmUdU5xWZGvD8Ne8oIH04WmJmwXaQ\/wvsWrbYxMO92iL54vc6xp1YgRdxw06FeOPLguy4cuHkDCcnYaGKZtOt7y8kZNvtvYqVsxKCmdDYro3zFaHRpQGMtI\/2BuaZBboKETxeu8KUSeXMOryg\/KX2YYDmA7UmGc3kubU3ivUS1f+9ssIOdiFDX3AjohVcBNsmGvrXwTji3o4Dv2KTrLwBHjARD+\/HIuQNvwgHIVOT5\/pWNHA5WLk3tGMFGtipZ3L0RwYWrpR0zUek07xhYkSEEfPEtxXB+OXiXWb+BcdhWB\/SBgLI2MZqCKctIdHgsKw9gQe9RKvDyUP9hML1+k5xfL1Z\/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -9,7 +9,7 @@ 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550077628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1679647550077628,"pkt":"CAAn8IWkCAAnf+BDCABFAACBibJAAEARvpnAqDhowKg4ZxFR2OMAbfKe8AAAAAEUmtalAo6QjtePoQ8o0RQu0zA7LvAUcWOciqnjsDzc3SKuu6g5K5ExooZxdWljaGUAAAAAAAAAAAAA\/\/\/AqDhnVl708WxeHhsa5mBcIA3qI4k9mX2UyYvHNrwCtPdyFmY="} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1679647550078584,"flow_dst_last_pkt_time":1679647550077628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550078584,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJxAAEARv2TAqDhnwKg4aNjjEVEEuO20wAAAAAEUcWOciqnjsDzc3SKuu6g5K5ExooYUmtalAo6QjtePoQ8o0RQu0zA7LvAmcXVpY2hlAAAAAAAAAAAAAP\/\/wKg4Z1Ze9PFsXh4bGuZgXCAN6iNBMBQ6vULpecHOMAGYvn9a7v5AvMXNhHDADjN9w8+4JawyIsFcXHSykMFbD54LHYQ0Y0\/gglw5uN0p44Z+7ai6KXvl9RuyJhEtdciJ+dYAYmzMp2MiXXnkeLuE7JLbpEpT6gFTjs4NN7ToadJAWHHhNOX60rnA9b5iTYa0VCKX7vVloRLUhxpcePABr\/SxFgF5LMJGd87ISOSaIaeoCltsIM8MOeB3o1aJEgNsGDysB\/iMwRNBSdVFP7ziX73ptxXwVuRIPMSsvRNOYSXyJinUqBZWtKWf3C2oKmz9VL8pHiF1GH8SnrZmbB4PXoA2kAqm\/7vQUDXwqk97ThrGeX2UciEQiyQkeuDFANh6SgmEVjeCan9sdW84wWot93kMdgpOk9VZI9f+t6L8EyrjtnFkadoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01348{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550087772,"flow_dst_last_pkt_time":1679647550087186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5466,"flow_dst_tot_l4_payload_len":2691,"midstream":0,"thread_ts_usec":1679647550087772,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1679647550087772} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1679647550087772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653865 bytes -~~ total memory freed........: 8653865 bytes -~~ total allocations/frees...: 140578/140578 +~~ total memory allocated....: 9418239 bytes +~~ total memory freed........: 9418239 bytes +~~ total allocations/frees...: 154544/154544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 609 chars ~~ json message max len.......: 2149 chars diff --git a/test/results/default/quic-fuzz-overflow.pcapng.out b/test/results/default/quic-fuzz-overflow.pcapng.out index 56d2f1f30..32612c3c4 100644 --- a/test/results/default/quic-fuzz-overflow.pcapng.out +++ b/test/results/default/quic-fuzz-overflow.pcapng.out @@ -1,10 +1,10 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1633957625000000} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1633957625000000} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 03089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":1280,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1280,"pkt_l4_len":1260,"thread_ts_usec":1633957625000000,"pkt":"RSAFACAgIAAgESAg\/\/\/\/\/\/\/\/\/yAgICAgICAgIMhRMDI0ICAgICAgICAgICD\/\/yD\/\/\/\/\/\/yAgIAAAoAEgBENITE8gACAgVUFJRP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICA="} 01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q024"}}} 01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1633957625000000} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1633957625000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644966 bytes -~~ total memory freed........: 8644966 bytes -~~ total allocations/frees...: 140537/140537 +~~ total memory allocated....: 9409307 bytes +~~ total memory freed........: 9409307 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 602 chars ~~ json message max len.......: 3094 chars diff --git a/test/results/default/quic-mvfst-22.pcap.out b/test/results/default/quic-mvfst-22.pcap.out index 4e48d9f0d..ed8427da0 100644 --- a/test/results/default/quic-mvfst-22.pcap.out +++ b/test/results/default/quic-mvfst-22.pcap.out @@ -1,4 +1,4 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":24710880,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEARtN0KAAIPHw1WCIsRAbsE2LapyfrOsAEIVt4FS0mAWdwAAES+glHsK6O\/Oq7IqxunKa1n3XFv8eVEdrO\/buZ2LMAVEB2NyWCg6hfO6EP+vLVLmftkS1PJQqVl7L+7l7BI482Kpj4ofT9JnOQ0xEE4Vys3R4pwXiPc1lMJx32RX9zKYm+Z1fbMOyayi7zU0q+i63OayYrYD3jSt+Vvv7BMyIgMJ2yBRML4Cvl27dkQOy02PKy9hJb4U9IakyZ9jxJvJUG6tfB\/LJZUaX2z8xaFt+J6lEY3AOj1WgBxHOY78xSQcl0cfAaJSIKcA9Vn4sv\/fiPAKil0a5hIx6QXM2jiv4vFSqcgQHPhjbxlmksCUD71+BcElvTx09somsejpTEXOX5DumiTu+RmoxzAPxad\/yoHUmpVtJwSnjk0zwlToGO6SDPnEODnYt3LIvHRsx7mnFExLWnr+yQHfYFCeLNMctGGZBMubCx4gjt048OWguRvM18ud1xw3iRiS5rez8OMJIfcMnRlbnJA4MyOhWSWUbuYwKHXBZjNJSArgDpEssUAVBEOZQpnBVnXDGsqdTXz0eM1y7mnenMoiYqQeMnNMBDyturRKjEAiVgPEzOZ8CufggYEMfnAHCuOwF04gvqplTrrZWKOSNpdQNeFrRsWk7y1RbIKw3b8jWOTzA\/3wnocU7LCIqLpjBDheYw+YKL\/QStNjvcf462QDT2fMTEzd2qFUE5\/HIdvgFCjr11QAYfzSa9caF4orrxStMFBMwLrngiPEoNK2oL1ixSvqcDH1eCryay+ufbCfgtp9mN21cP9bS1fp+KOtJdRjk+WwIrnLE7yFL2kPl4Y1ub8Ic+0DgBOwxUrYa0lSq611ixLqvgBVVHqkVlsmy5FzYlt4nKwAzaE+UMlVSse0y5ciP9QYj7PgUOQsYRJLOdnUB1nb1cLIVzISsr9mEOc4Z\/V5yQfx0Je4KZnrBbnTxqzPJmczioPnEqWI3SSJQvibzfqftopphp69YYIvmngwQ9boqS8nu\/0Z90F4tXrXlEqVlkyt8z345OCJheKM35O3g1+gtDgXes9IlOq0VZHWc1xWYAyu3e5lYps9GawHgztTKd5Dh6phItAr7WJdjC7E5+Hw0Djk+jR2QPNAEyXNvBFWYdDCSKqCL0EW4k8u46MkhLkYoD\/U5LiEaiB5YSuGX8HZDJEwdOPPEWcT2hknjUDiQIy7tuEeBHkZxly3y9r8TtSEnAlDGbBVFAT+DI1sU7ifZHKOelnaNbzJX29JqcLfJH6OdFC035GL8QU1vvk19qbGftY3DBf6EJAhrCyEG8T68nr4mpyNVonkDSzrMh1qFjIZcwFXjgWWM6+wxfrI7EB5HOgW0H2RU+8jBV8bTAp0cYUEIW83AlhSIGJhaN4hzo4QbiQ\/NEKSL4V6HA7r2y3QQu7WQiGeuhWzieHC\/re+NOqmY8UZ2Nbtc52d9K25gQKE7BXNhq2zsjuIhLJme7BBI75RlEqF\/camjLVcquotPgLUp7uXIyomz0zmkrCGiGxy4HlklTCcE1ashYaXZA\/9HX39Pj6qB+WKglzfibh+ldNWXcB79RaHBC3E7rGwoRJM5jkaMEkWLJVppPuZZUXD0CLZZ5SItvsTmJ1D5A5i3llXNLFE2q4czLsPbe5Ft7r2t0="} 01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-22","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0109h5_0f2cb44170f4_01b7bde4a3dd","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05,h1q-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} @@ -9,7 +9,7 @@ 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":24710880,"flow_src_last_pkt_time":27201767,"flow_dst_last_pkt_time":27283563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":6836,"flow_dst_tot_l4_payload_len":11997,"midstream":0,"thread_ts_usec":27283563,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":163341.0,"max":2090987,"stddev":507077.5,"var":257127612416.0,"ent":2.1,"data": [6626,174,24,23,15783,192,68,25740,0,16544,24398,2090987,2072824,30640,212689,1822,115,243417,45,25374,21896,80671,49,21,8,9,96673,35817,60860,70,11]},"pktlen": {"min":52,"avg":616.5,"max":1280,"stddev":577.0,"var":332915.8,"ent":4.3,"data": [1260,1280,1280,221,81,1260,106,95,66,261,59,52,1128,56,60,598,1260,1221,56,56,60,52,1280,1280,1280,1280,84,65,52,1280,1280,1280]},"bins": {"c_to_s": [1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0],"s_to_c": [6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1],"entropies": [7.865873814,7.840335846,7.856841087,6.935217857,5.841008663,7.844548225,5.975329399,6.068257332,5.408033371,7.120600224,5.413970470,5.168682098,7.824946880,5.206433296,5.433454037,7.633729935,7.839689255,7.820494652,5.385004520,5.200210571,5.379368782,5.130220413,7.847099781,7.835284233,7.857980728,7.824029922,5.854679585,5.473884106,5.168681622,7.866020203,7.849047184,7.840563774]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} 00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":301,"flow_first_seen":24710880,"flow_src_last_pkt_time":74905965,"flow_dst_last_pkt_time":74922862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":72648,"flow_dst_tot_l4_payload_len":195043,"midstream":0,"thread_ts_usec":74922862,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":302,"flow_first_seen":24710880,"flow_src_last_pkt_time":74905965,"flow_dst_last_pkt_time":139922848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":72648,"flow_dst_tot_l4_payload_len":195075,"midstream":0,"thread_ts_usec":139922848,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":490,"packets-processed":490,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":139922848} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":490,"packets-processed":490,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":139922848} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 490/490 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8669206 bytes -~~ total memory freed........: 8669206 bytes -~~ total allocations/frees...: 141045/141045 +~~ total memory allocated....: 9433580 bytes +~~ total memory freed........: 9433580 bytes +~~ total allocations/frees...: 155011/155011 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 568 chars ~~ json message max len.......: 2202 chars diff --git a/test/results/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/default/quic-mvfst-22_decryption_error.pcap.out index 899a4d719..6ebabb006 100644 --- a/test/results/default/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/default/quic-mvfst-22_decryption_error.pcap.out @@ -1,5 +1,5 @@ -00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593498296832000} +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593498296832000} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 02182{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":1260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1260,"pkt_l4_len":1240,"thread_ts_usec":1593498296832000,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"} 00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"MVFST-22"}}} @@ -8,7 +8,7 @@ 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_usec":1593498296833000,"pkt":"RTgAapbBAABAEXAICuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} 01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":698,"pkt_l4_len":678,"thread_ts_usec":1593498296833000,"pkt":"RQACurDPAABAEVPiCuYoqF5h4ZLy9AG7AqZJuU5AAkdWAc94e8TV08o58cInQhPfXEiH4R0yyR9AqFdJP97dW9QPxH5QALs4W48u\/A\/lmN+Z1gHpoOM1PLHjFfJbJb+kTSEeMOTQm72wgJFh+SbVesiWwZpXw+U97IhYBLP3WiFpBRQqDumQUeDiPkGwyTmNP9TNRpuF5QXHv1kPwiigyC2fJbgUUnl9e+zGQ79Cz8Bs\/eLwhmD1t2VJ7Cd7RuwKu2Fjort3XX4whsN7E7gB18XviaUhr5XnESzxgkyjbQ2IfYB1sJV2o4NiOWtS1g6oecOKw+P0SfmOdI8cA9W3q6oJEd81gYI3RSx3xGFnp9Oqu5Hc1vqbqNObKzndCPUi\/ewslI8ItQbC0BI4e50MqqScJSR\/5Vl6GG0TgIA0bMt3EG4lRLe0LXPxOgts4PbF21wxQKa7Tv1beWim5pfI+OGmD3DMiWSvIdPZw4l\/5hMQFemEjraWnBk1V\/\/OrAI2iv\/RsuB4yz9sORUhXLWck60hCb1uyIqNiRD+xW3bPH7r3P6z4UKMSlVVvqUDaRMdKibqynDHOOAWSj7+sP8Bf90ZLULJRyJUvi97ONtn16Gv8dO0\/jgeS3zlXeoqRUMEdvWBCLl6ExIUXPrzQxsNhsLrDhpW\/tDjV8bVc6b9OLSI4orbGjrxJjgcK689zWXeFHPekaWBT4LUjVMZvHiddSwc8CEIhbTIYZZ\/KM3XZ3ulglZV9+vPGct4VamjTqRcgHkoqQdwsrno2odIMs10yxJGOEmQN8Cw6E4hVNmBXDs81Q+k7pqJy1KFzOnCXOnG+YjtFuf9t7vMgoxn\/Mbid1XY3cSPVo6pJwkgIo3JrJMF3FGhAG1utFi6vz1QEXDtf6Aad0WCniKSed4SL+b04FPKN0pE40Yv1Qo="} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296835000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":38,"flow_src_tot_l4_payload_len":3572,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1593498296835000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3610,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1593498296835000} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3610,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1593498296835000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655274 bytes -~~ total memory freed........: 8655274 bytes -~~ total allocations/frees...: 140564/140564 +~~ total memory allocated....: 9419615 bytes +~~ total memory freed........: 9419615 bytes +~~ total allocations/frees...: 154529/154529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 612 chars ~~ json message max len.......: 2187 chars diff --git a/test/results/default/quic-mvfst-27.pcapng.out b/test/results/default/quic-mvfst-27.pcapng.out index 99d1c9ef8..459a040b6 100644 --- a/test/results/default/quic-mvfst-27.pcapng.out +++ b/test/results/default/quic-mvfst-27.pcapng.out @@ -1,4 +1,4 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} 01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0108h5_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} @@ -7,7 +7,7 @@ 02268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655566 bytes -~~ total memory freed........: 8655566 bytes -~~ total allocations/frees...: 140575/140575 +~~ total memory allocated....: 9419940 bytes +~~ total memory freed........: 9419940 bytes +~~ total allocations/frees...: 154541/154541 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 2275 chars diff --git a/test/results/default/quic-mvfst-exp.pcap.out b/test/results/default/quic-mvfst-exp.pcap.out index 93fce5b95..afd03f4f9 100644 --- a/test/results/default/quic-mvfst-exp.pcap.out +++ b/test/results/default/quic-mvfst-exp.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1600365863681233} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1600365863681233} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863681233,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="} 01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","domainame":"video.fmct2-3.fna.fbcdn.net","quic": {"quic_version":"MVFST-EXP","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0108h5_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} @@ -8,7 +8,7 @@ 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTY3BDg+s6wDgAIQAXJhFchLk9Evyyob5bYFNRx94bIG8Pq3hC5er0qmaO\/vmymM8o\/cApqIrJy2g30SejxFFp4qLrHRBshhLdfXAgbewyxghqNYdqo4k4fpzcK0xKawv3CgvxOHcjXBqnCGSVcOt5upMpAgkw54ZxaWqJXqyhFuwUnmywtzo46yC6KvzQQc9tfL1B9K3oU+MT0vl22vWb+0Lf+ZPccL0Zt1Vo7c7S+L6sEFDGA+z74v400bOtFD5pPoySzO82f2RI+aD0cO71iR8QdY1NDbmd4X7Moe\/yOsMq005\/rpHUk2+xJ2FPzq8yHfLobQcqchii0EMfDk1rPsS89JSeCNY+vs0QJr7nQooTrHMjcFcBWoVkNz4ZMShcT+41geU9drLAJFokpeyDmOzN01RApZm2IhjjYCjQouWgT\/RoPALA70snIVGTxUaI8effEdV\/esvRgO0wPS3ufzmveSbRNR1KcV3V6t4SuvG2+qOGFSPTdVrzd7HwpgVkYmpC9kmjvG8DKo22x7ZojgSkioA0bYQ3x\/KLQBexVHIB4Fzaf4jo+Lvjudx7sa5tts2dktvsRG3D+O4zxLAMtTsnECcINoJkxhsYW9jjkGEoUHGbtEErWBfZfnh8zXYheEpRjjsN2JBNbpwEir2p3EFFNuMzs+J+nsSyty4dS\/NSH4115DAW4aZcQSwLfK4aN+vZKGwIXYj1E4VOhcmeni9823p5qJQhVsRpFzsv3nflFBO\/2jt2Ejyv0rmMMyF5E9UNOP58UMq+sLQ+NnFaJNiaL7FPFtdEziXyVmwzDrEseD3Xtqj5WXao2ssrb9ELRX3v2h0LqYPqr38ho12KiIjeOF89DmimQh\/R84lVnYxOM45NO1EI2fjHnuvSSpL++OZVJ3Pdv3A6wgrpI+DlboZ3MxMau3oF11F74N2YkE4kQ+yG51LL46zd8RHea7sUx7RrEcm2QsOvwgrrU\/Z3y\/quTgZ9MyMsxzAE5Z2ywzGQJ+tVm99R+d0LrBTiXATdH0bTOf+ppS6xyk\/7sY9nVoFyAXPE7MDiKYXlY2h1SMzUHpL8AmcR3wAnQ1a2QDFvWLtLKW\/btEjTf2b7ByngLAfA8CkwmSsL24kpXymT\/ZhRFFnqnXNK9CXSLgl53RVBDcmmqQgxqUnZfIldLBt46O0LHX2Q+Q92YDI4WDBqGsgXXpY\/4py77CpzvWsdICv+Cv6g0K52IxIthchxDT18F1aoGuaKPfIYvjZakAYa1kpKN8XUWEQ7w+enUpmmYfpZ0xOh9vG6o0hjQVu8X2GXtJb4GVQQKUT63WyKMfspY++Flxrxr5vkDm1GmVTyDQiHqlpI270U5lH9CYOYQz2cKc5fxJWES2\/\/WZtNqYINm4e4GZUsTXenMiwdd918MZCq4CFYETnbAUx0P0X1v+Rxh6KAau2EE4GKnCJgPdrvzKpOHtaC0U8wdRmYn9lK0BTXw3++M2TAKJ7kPt1R4W4mdVG9PQQGlwVWPyWPj5pWt2DnNBHNUXj0FX3zRrt\/7+DrzSqWNFKrYcEaRLurEvc9I9wibxxwcGNF\/IAT\/PHR810uEvT7csMZR4O5za7JiCcKZYtoTcWmUJTM+hP1+5SQaIyACBf1xadt+PZzeKqrxvwpLFA=="} 01300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":613,"pkt_l4_len":559,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAAAi8ROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wIvdFPn+s6wDgAIQAXJhFchLk9CFmcM73CUh95lmczPmpzf5ZNI8IeO1WAp+GYM7Ki28TOD3rDqZeVpJ4eVbE3sXqFxAv48SfZC4RA1WIY6\/RvKVhj17YMRO1B\/ABoaHyk5UDr7StQpOuCHwbL8GyJkK8V\/AfNgFOoeaf0RiSxe3Z189tM2PUGiQ6SWWFDQ\/HsxYbe0cn6JAXiZk5EN1Wm6zkCb+qzQabFz5TgK\/Qo7I\/hLmPt4Cnsy7Zv4BmmkYC8j5YaLcbyLo0WZBB6VGUUcEFHgI+MccFtfD7y\/Soyos3ZZf4ARZE32lJQwHciqD1QkvR6oVrSAqPEM9SngERqYruFpkL\/ha7bCEe3C68LXjWs2M0uOGQc8CM6fQ+pVCklz0cpuyl4QBvIZREZAHMzJrTfW1oGcQ\/tTjPoG4CffvnsGgn0uH3PabZriRqEQ9hOWyC11Ea8bdNWvNOuuSjB13uS2KuLfV5xAJx2sMMZRF35OBURgpm1oSsp6lG3J5oIWyJEk\/NN9pTMisKM1Lb+h132vTa4Zt9oBWjd\/a2\/995t8CfXGS+9lrd20XD75zGzc6S9RXwKzEP\/M1lvotW7ueHDsV4tqmu+8XxnGd4cCaTSnMpiogUMUXsYzcPFojS+oAI7YLxyoSj9ftVhfwyRA1t4Na6tBzC24NM9W\/hbT7AZlW0YX5gE+8LXmfFB9Gktd\/l2tIPsJspF\/u+DabDf\/9et1Fgqr0dP0uw=="} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":21,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863836720,"flow_dst_last_pkt_time":1600365863839043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":3496,"flow_dst_tot_l4_payload_len":20953,"midstream":0,"thread_ts_usec":1600365863839043,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1600365863839043} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1600365863839043} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655859 bytes -~~ total memory freed........: 8655859 bytes -~~ total allocations/frees...: 140585/140585 +~~ total memory allocated....: 9420233 bytes +~~ total memory freed........: 9420233 bytes +~~ total allocations/frees...: 154551/154551 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 596 chars ~~ json message max len.......: 2229 chars diff --git a/test/results/default/quic-v2.pcapng.out b/test/results/default/quic-v2.pcapng.out index 702e7ea6c..f88479f6e 100644 --- a/test/results/default/quic-v2.pcapng.out +++ b/test/results/default/quic-v2.pcapng.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671528048896780} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671528048896780} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":1296,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":1296,"pkt_l4_len":1240,"thread_ts_usec":1671528048896780,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusE2BFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbBNgE69ZrM0PPCAcmJyZC\/C6yCBH\/\/epFJCK4MqGWwvoV7EqZs5m5EW6yxe8jMGVCOjOsFtsb58R1QeHbyTN7wDJrFztAv8sR0ltkfQ6BQcif1dT+CuBqOkliOSyekcLhs5IK4\/EqcSiu1Vc2I2kZCMmWKpNsq+GH5az05AR+b+iINMh+SMq2M23PZZk03\/wTPgtGcudOgaDYAdQf1qvbbgTCfZyDF3HiyP4OAl\/iKBimU\/YJu\/f1ADkrg1eb2y71BQd5X3v3pjyTnpxrgpLZ+vv9Da\/xk1DMsxxHOYHdz\/NeLURGVCejzo9fkdp4w16Ueb9tNytawgEphEx3BSVBBA1PLxVn3d2G6+CxjvzeZtEJjuejMOx3HfXtyZuqqFPvcrCkm2hdl2+DYA5bvtEvscEj4Ym5CnWFvz47xC7wF9Bgy0Y4pOaTzJ4EkWvl6mv18LRqqhZmGdxGWg3bJbiSJiFrcNxJAUKE7lEso7o1TN0m\/cOjbl5BaTBp5\/qJ+0XYxoeALINiRA14qyxyfngnr1ZjvpOd1IiKziIUGV0OiGH337zAw8iGwD7iQk2WAZIBAVjAFnN7Wm7a8J8T9l2DDkdsQaB8fmut\/B\/y4qcLDxrVUe9Cng72sNhbCDTAj\/3vcK8XRa1huDOBM5aArjm5yS5c24R19e\/Xt2s\/eHcSZDGWC2Clphs6Eu4eXx7qeVixbQxIWZv09r7jazNDzwgHJicmQvwusggR\/\/3qRSQiuEKjbkbUQfjD91bGCNQXlD+3eo\/cE7mUA+W7lNaoCdZ837\/+ANaHhiU22Ny7mg2Uo6oIDI\/kA3nVLT+YKlIa+ZANgDT7CuUEsoBz3FmhicEmq5\/mNliNEDT53ADrsB6HKdZjQE4A8OOOkCr3LiuSOH3KuWvqK0Rbjz9sK6+z\/AGqFSv4dMjUs7Rr+\/W2FnoTnKTNpxqRd2KzATp7bnvLn+b8E7MhNjbdlziRdOVtYzAqH94vIJOOIMe8a9\/oiQUotTxy8fNG1ajZZKRvL0nqVU6zdUqHiMru1\/xuSazSUwLz+OU7EXMmSkQ+ZlvAnTpz8YPtPeuQl0psmTzQqm+uJOI\/7y5JNBbYWPmB3aRjLjBrdUTsn7ZcFEuutFbIlbr24xD2EVN76OB+Tr3ew4PEVf6IJTmwj6AHOn5mzF7oH4Nt\/sPvQ9d9wwsmDr4X8cE+tgmJfLo2SOvgp9rlCf3f3fKQ5p16JaxdsZIN1YBsYWX+SQX8zdljVWNog8l31o2YdnLB2Wxu+uGb+nSU+Jtm1h4JgIR0SEY4NEhbB1FYM+00rhga37Tsdpg2pibU76JAxvHwEKHxQsn5SO3eCghAtmyeJIaY9FY5ftTcbD4+xbrHGBKtQeNlMei6Yvryacu85Vrl4yAdRD81BOqXJ3h60g\/wuOc+2g18Ui\/UZ77sYC96U22hwkgmIwXSbv4h8X3bm1QJ\/hkUWqPfFinVo4HIMDUoT8lJQQp8HWbnJ80ulrDCZkdU36fHxGW+ZVXkYr+DuUBKTyZrDfADc\/jeI7kMKMkqnDPnplqmJYyx1bJuwfdMBUMNZ8ASLhnA9bBm4WcnFFwAR+d7gRPUHnNFZ5X1xttm1Mqqt9JcGKcqFj11uexFaRRssg3lrESzZbA0Ur5MBXNLKGA8"} 01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"test","domainame":"test","quic": {"quic_version":"V-2","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_0a3b52e28cea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} @@ -8,7 +8,7 @@ 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1671528048898845,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":212,"pkt_l4_len":156,"thread_ts_usec":1671528048898845,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusAnBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbAJwAr7ZrM0PPCLhE1vcYdf0dCBH\/\/epFJCK4QEQjqN6ZuLL9MJJBLiNhJeBu1W1LK2Dw2EpAnvhN3X7\/Bjzg6IFOJXDuMbvIvafcgeSIFtrBbbfsrmqtp\/0BDJ4uUOkjFg64RNb3GHX9HW16DJaZYrP5pKZaca6ZmRU9khKs082+s7\/8kvB0maTbmbBpsZJQfB3KjOhCfyU="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1671528048898856,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":119,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":119,"pkt_l4_len":63,"thread_ts_usec":1671528048898856,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusAPxFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbAD8AUgi4RNb3GHX9HTahAC59jOEgM22nHO6jxIbeEiGpaXFX16v56wRTMhB+4p34Eoum6PVghpele\/s="} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":11,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528049435550,"flow_dst_last_pkt_time":1671528049400903,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":2034,"flow_src_tot_l4_payload_len":2222,"flow_dst_tot_l4_payload_len":9532,"midstream":0,"thread_ts_usec":1671528049435550,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"test"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1671528049435550} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1671528049435550} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654078 bytes -~~ total memory freed........: 8654078 bytes -~~ total allocations/frees...: 140575/140575 +~~ total memory allocated....: 9418452 bytes +~~ total memory freed........: 9418452 bytes +~~ total allocations/frees...: 154541/154541 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 3324 chars diff --git a/test/results/default/quic.pcap.out b/test/results/default/quic.pcap.out index b4bc968d6..7c863e9a5 100644 --- a/test/results/default/quic.pcap.out +++ b/test/results/default/quic.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1431155536815947} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1431155536815947} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1431155536815947,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com","domainame":"mail.google.com","quic": {"quic_version":"Q024"}}} @@ -8,7 +8,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1431155536876734,"flow_dst_last_pkt_time":1431155536876004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1431155536876734,"pkt":"ZHACjT05eJKcD6iOCABFAABBHZJAAEARrmTAqAFt2DrUZeHpAbsALSjiDLLeXfFPVUXrA67v5IKthu5daKgPQycb1I+P+X02zD7nMJ4gZg=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1431155536876734,"flow_dst_last_pkt_time":1431155536941384,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431155536941384,"pkt":"eJKcD6iOZHACjT05CABFAAA8+xkAADYRGuLYOtRlwKgBbQG74ekAKOqdAAIPpl2KFMpJfDQ+pZaM0w+K\/5VnEsUISIlT4r5r+nE="} 02242{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155545866860,"flow_dst_last_pkt_time":1431155545859249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4333,"flow_dst_tot_l4_payload_len":4661,"midstream":0,"thread_ts_usec":1431155545866860,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":583684.4,"max":3197585,"stddev":963931.8,"var":929164558336.0,"ent":3.4,"data": [46000,60057,14787,65380,2487,93393,168067,168088,622738,681338,42,58036,3119141,3197585,40,12,54064,25544,1951118,28580,2034695,28303,25,7,56884,470823,496378,2190158,2289756,44685,126004]},"pktlen": {"min":47,"avg":309.1,"max":1378,"stddev":382.9,"var":146578.8,"ent":4.1,"data": [1378,464,1378,65,60,711,68,711,65,200,494,56,68,180,156,55,87,68,65,241,149,63,57,226,47,74,201,65,1176,63,744,455]},"bins": {"c_to_s": [0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0],"entropies": [4.785362720,7.506221294,7.842458248,5.653138161,5.515064240,7.661302567,5.705106735,7.653655529,5.683907509,6.901843548,7.549375057,5.423249722,5.793341637,6.893099785,6.626470089,5.353907585,6.017427444,5.664593697,5.555222511,7.050589561,6.613369942,5.496887207,5.372109413,7.016873360,5.139485359,5.793843269,6.920541286,5.579985619,7.860387802,5.401647568,7.762588978,7.570559025]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1461850699450756} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1461850699450756} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850699450756,"pkt":"OGO7P47K7LHXhMJyCABFAAViImxAAEAR\/xgKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwHak8zsp30I9q698IIAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q033"}}} @@ -17,7 +17,7 @@ 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1461850700501096,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850700501096,"pkt":"OGO7P47K7LHXhMJyCABFAAViI1JAAEAR\/jIKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwSJFGwp3LQh28QKtVwAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1461850701701181,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850701701181,"pkt":"OGO7P47K7LHXhMJyCABFAAViI7NAAEAR\/dEKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwVe6cdVWYyeyFNdPaUAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":252,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155574747686,"flow_dst_last_pkt_time":1431155574746268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":17168,"flow_dst_tot_l4_payload_len":220360,"midstream":0,"thread_ts_usec":1461850703450276,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":420,"packets-processed":419,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1463060980301154} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":420,"packets-processed":419,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1463060980301154} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980301154,"pkt":"8IQvSpdgeJKcD6iOCABFAAViG\/5AAEARmp7AqAFprNkQBLJlAbsFTr+DDUPl1BjSnP0KUTAyNQFyZIfG66V5bj99kfIBoAEABENITE8XAAAAUEFEAIgBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5jb21PyGNIiSYlWYMNKJNAlwv39ix54lRFVA6paRsUl4FQy0hWHom6FQQ9JcZPH9joUxX+SDLF1j\/DSdX0UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn06ylDo5Ug9+nOea5qJJts1jMXRdJCxw2QvK85nmQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQarjm3cTKFpJVCrT7eADgKAAAAAFg1MDkAABAAHgAAAMpYWB84oseWX+q27ipmj\/RQLfsZQqQtGKexDF79uuJfAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5Cprnnr7MUAAJJnZtEbkxP245vVr56GfjMCMAwif3n\/lWOThmdSnoedzP2jx+7ZPMWRBUv\/hZavd3FPUhQwHHwpvJJDzRcoSGYXtOQyhcYCVpGlxHD65Db8HFfgEKEx\/YlE\/aFaPqB1XqWWzf4zDCgIc\/Djzy4R\/py4JVjfq9V0ooIkHbH+8mAcpgdNt3gj0SeICAOM6wnOXFVXQaU2KKd\/llBTkdtTIS8p4UckAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Q025"}}} @@ -59,7 +59,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1463060980460380,"flow_dst_last_pkt_time":1463060980434758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1463060980460380,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHB5AAEARn5\/AqAFprNkQBLJlAbsALTJ2DEPl1BjSnP0KAzjJULyfLco0lkyo8NxPEjOmoNDcdH7jUMYuMg=="} 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980460459,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980460459,"pkt":"eJKcD6iO8IQvSpdgCABFAAVifaoAADIRmLPYOtLhwKgBaQG70jkFThU9AAFbOkhXLI3U967KCL3cJUfMqLc5FSrY4cYs3xypa7qHkPMQkfyihNqC28UhBOL3e\/5TBI7YTG0J23OmdlC7GgmCbVWFBre3mnIHOH5gNl6B4pV+JLE9LheDJBWLfps\/P5l5aMhy6p4xkqOtVn+84yrn69vnIGngY2UUctisj\/\/7qbGHoU7KjFVZvLiLnesCjZPEQ9bmtTdxJ8NIoohV99NBrL3ZR\/mRKqFg6ck1jjGMancWDX9uCodwuw+nFeiwhdNiUXqpCyb8WsgjNJlQgx5Jzfa6dxFwnJS2EsJzy1jow479DEUJQyupcHux9LBb4IxdT8f537ef70Ew4CvWu3Iba3a+sRfT8oSLt0CF8xrbGmeBEnSqbecBn6F2MYjUF2gtYKqmlv2GpssQgCf+y1IgiyKvJBAFYATvIM5Yoz\/5ASrdVp19my0ed8fkjXD\/9hI6BqGDwauf0bTx1RLAMhLrvl6pXAmkTiy9XjRAKtxJq+C1D4UKHSSI2+YjymrUAqCH3KRAZmA0Bxs3bF5O\/PSuozCEiM1fA6uKcRzdnnQiYy07+fjPtlVxQByhag2n\/cAPz+kuIj8MMSN1yDveDuOdF8jXFe5s9mrKD8JMfRZctDC3tl6y0RDe95cUiGF72q+hrAL\/PnaEp3C0gWLN0HrD0R9JOOxmp7Auh7povQU79kvL0xqyh4jnZ\/Eauv5xfJJ9WERDrqx3CTTuciqZlam2PDCCuo1MW4zttYvjA3nx3zF4aGwysEzvVFN3YL6hVQjdDA4G9W2+Ef0aVvJ6dwImjNYp4R0XlWhoyOCtNc6n9KHJ2lGiAOWbtoy+eIkUgerfolxpj29D8pTuvRSA6xSdgniEhkWz2S88FBK7lsS9dfKhGidfIxn3mpcstFKBaupKzVmBUCAqw1Z9aWdecUTnIY67owXaqxfverdyb0S4+uAKmDm4p8KZN+VbJFG\/ylg0sBWP80mInpEbGS7MrNOzG+nWmwobpNpDfkH6k4MJahEdbTJwc8F0zwrc9OBje09p8uO+iXNyZJSmFPRBYsNZ4SG8aHlZEWwk1zN++dYeWoX+nUUYJD4SmFHSyUSfF3Ib+mhP8VYivL+Z49LFaGNAB7KGxHv6fvGdSutX9bFiP1ZkAEhpweNPt8+O3nQTWj927mHvqPFEoMfTdYknC6NXf1NUkjL0SCHGhtXTgom7sP8gds1oLZBN2H5EejX\/eUCiWr6Vz0O2ty3vLiEaKe45R6dpcVbZGDcZnogU1oKhCd5eIW5VCS9ZoxdQUXYVQ5OVZmD0+lXGLDhaxED1Sg0QBEID7Gyk3XlpIelSpdCcj7XZyy+fDz5peeAIHd7A\/NT1xszFkW3dJpaVelwRfVQ2Tajy6IY3aeRniays5OlSdDEGtZvz+UGoOACWTNtx+Bck5uH4c3U2F4B+CPTc7F0hvJL623HEU79LiEo5zzmsjK4jgrRtPE6Ujm4ZpuNfqh8tPnhC9+Bi2Aja+3eezVsTpRflcLiQs0+wiUrXwIMtQYHLDjHEkGkWCaZ1nNn1+gwpcra6WAb6OHVPMNzrYJK0SrAHU0\/USbaXPZLFNMj2alWPs47VfDow3\/W3uXsLSYKoanH+Y+vNHJPIWjV0xMRUN6pTJE7IVb0BTnZ7b0D3Y4\/SxaKloeNxIuesxRvodNcMI\/1buC5kqkJStpYaf7KVkJyh1GHdI8GrmxoF2MSLqGY6lT0vPgbFD4MZreGOa5Sssczsczl+luw+iYguWV7SHDSmHfZxeBgkr589fC51KvvuWXNd3GZS5QlUqIxlrJRMHt8X"} 01197{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850703450276,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6820,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980460459,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1463075953299562} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1463075953299562} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953299562,"pkt":"6HTmLPTkABlmWmaMCABFAAViaTtAAEARXzHAqAFt2DrSzomkAbsFTpsFDby767UFbXetUTAzMAEh5i93uTUS22zwlS0AoAEABENITE8aAAAAUEFEAEYBAABTTkkAVQEAAFNUSwCPAQAAVkVSAJMBAABDQ1MAowEAAE5PTkPDAQAATVNQQ8cBAABBRUFEywEAAFVBSUTsAQAAU0NJRPwBAABUQ0lEAAIAAFBETUQEAgAAU1JCRggCAABJQ1NMDAIAAE5PTlAsAgAAUFVCU0wCAABTQ0xTUAIAAEtFWFNUAgAAWExDVFwCAABDU0NUXAIAAENPUFRgAgAAQ0NSVHgCAABJUlRUfAIAAENFVFYgAwAAQ0ZDVyQDAABTRkNXKAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3LnlvdXR1YmUuY29teFwziXjGfp0+iLiPa5NFRFyqDFkuaiall82sYIzujJV2eEmSxVGrXgdwnEo24jy3PXEgwhIODsHz2lEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcXji0toaKKW2C\/sjLL4Hx\/uc6Fh9FqIQ4mtE7XBkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NO4xNazIxw51CPh92NozyjEAAAAAWDUwOQAAEAAeAAAAV2LXIh+dp84WNbuB7eLfYt7CEN3uuVCwsaMPVZLZkwAcWv3ewLeWKh8oWp+ADGqv7hr4e6BITFL34pf63u8lTgEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnDlbsORKBU4xOKlwWO9P4E5XFal5z7hzqpwhe\/gMX+Blclu+PZJjQ25zzFRxooIRN4BrBfLQmDdxaJYtqVNyhOzgBZdHzyh0tqgzeC9Fkja7K8HfjiuAyeK8FHD1egJgrMDFGpXlhTM816keOEywC8bzRfESJQUt0PZFKBRrh3m2XPL+hfh5e34YbH0wkaQLc6HM0z36TboZSwOAF93TLAofZgAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01027{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"quic_version":"Q030"}}} @@ -77,7 +77,7 @@ 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980449696,"flow_dst_last_pkt_time":1463060980446842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":2700,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.ytimg.com"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980436239,"flow_dst_last_pkt_time":1463060980427767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":2737,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":44,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075954280999,"flow_dst_last_pkt_time":1463075954300949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4226,"flow_dst_tot_l4_payload_len":51309,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":518,"packets-processed":518,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1463075954300949} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":518,"packets-processed":518,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1463075954300949} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 518/518 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8682148 bytes -~~ total memory freed........: 8682148 bytes -~~ total allocations/frees...: 141161/141161 +~~ total memory allocated....: 9446513 bytes +~~ total memory freed........: 9446513 bytes +~~ total allocations/frees...: 155118/155118 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2348 chars diff --git a/test/results/default/quic046.pcap.out b/test/results/default/quic046.pcap.out index 6854711a8..fdfb0b676 100644 --- a/test/results/default/quic046.pcap.out +++ b/test/results/default/quic046.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1584456191933380} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1584456191933380} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1584456191933380,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","quic": {"quic_version":"Q046"}}} @@ -9,7 +9,7 @@ 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1584456191936043,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1584456191936043,"pkt":"ILABHGh4AJqdnpsZCABFAAC5VxNAAIAROfvAqAHs2DrOVsWbAbsApRlJ01EwNDZQtKT59fQu3TkAAAAFpShUaKLmTN2T3Ey7BEBxhhlPz\/mI42X6i3+zIvnvGPOAlaAMy0sQAcxegKQRA1QQwNG9N\/8cy92QCI0CXWZ1odCXSax157XF7S\/xa+HfI8d71opbqWvA7umD5My\/CObMYgq6GFbFgtUgONNyTSlCdXpaygRYfMn++j4RkGiGTRdqEUPLH8obgjwk1Q=="} 02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191967570,"flow_dst_last_pkt_time":1584456191967633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4485,"flow_dst_tot_l4_payload_len":23197,"midstream":0,"thread_ts_usec":1584456191967633,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":176,"avg":2207.8,"max":29469,"stddev":6263.4,"var":39229868.0,"ent":2.6,"data": [987,559,560,557,592,573,584,606,710,21225,29469,423,216,240,242,250,248,254,253,253,237,265,240,242,256,252,6530,176,509,707,228]},"pktlen": {"min":48,"avg":893.1,"max":1378,"stddev":591.6,"var":350034.9,"ent":4.6,"data": [1378,560,114,187,185,185,186,185,191,188,1378,1378,255,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,56,48,1378,56,1378]},"bins": {"c_to_s": [2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1],"entropies": [4.104627609,7.586378098,6.310873032,6.874300003,6.880319118,6.833760738,6.876335144,6.910101891,6.969146729,6.870172024,4.098705292,7.858126640,7.073942184,7.867921352,7.889789104,7.868343830,7.839922428,7.858704567,7.859090805,7.875567436,7.864448547,7.848357201,7.879473686,7.877913952,7.860894203,7.857960701,7.861531734,5.436729908,5.095174789,7.816503525,5.401014805,7.861771584]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":63,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191984839,"flow_dst_last_pkt_time":1584456191986142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":5170,"flow_dst_tot_l4_payload_len":81927,"midstream":0,"thread_ts_usec":1584456191986142,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1584456191986142} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1584456191986142} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647775 bytes -~~ total memory freed........: 8647775 bytes -~~ total allocations/frees...: 140634/140634 +~~ total memory allocated....: 9412116 bytes +~~ total memory freed........: 9412116 bytes +~~ total allocations/frees...: 154599/154599 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 2324 chars diff --git a/test/results/default/quic_0RTT.pcap.out b/test/results/default/quic_0RTT.pcap.out index 555493934..000542ce0 100644 --- a/test/results/default/quic_0RTT.pcap.out +++ b/test/results/default/quic_0RTT.pcap.out @@ -1,10 +1,10 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603888789791229} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603888789791229} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789791229,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="} 01362{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd","domainame":"abcd","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0310h2_55b375c5d22e_060ec1c6a056","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-32","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789792113,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1642696459202000} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1642696459202000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAABpHCNAAH8R13bAqAJkjvq148sEAbsAVb1N3AAAAAEIZbnuI7NzRNYAQDw6ETJgJtnaW4Dzps3McwFi0x8VnVwO7RJLNCBVBqiWNmzfu9oL42X8gbNncXuRY2lvH2rb4p2qGfmxe2Y="} 01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":409,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":409,"pkt_l4_len":375,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAAGLHCRAAH8R1lPAqAJkjvq148sEAbsBd7Ag1AAAAAEIZbnuI7NzRNYAQV5mqkZpRs8e99gEnxpMKgcyM4ebNtzOcUmv1eRpS\/4Y\/mYyP1B30U9uS4NGHjyOGaFJnHQyUbtswyTwz+8uass48b1GPbmGmqQGpgZzohRjGIpGw5eZwAz\/Hue6+YW9hwAmx9m0UhFfKsxUneEQJWrND6vl7b4\/1fQnPQDJpSQzDhzIhJtH1Pbfr\/WxE+M9SYDl1quiMttOidtA3D1KovBObJj1YlosZRsCpK8jwfULuNPkMn0+JgLUu2\/2STd82m+o+3G92qTNfTHYeBX+Sz8bpdn3vD9Uzax\/wWQI6eIrKNESFD3RLvXcx4+iyLJ6EqD8eYRGEEvi4b4XufDdC9OsxQBFVDeX\/54chXjPWbYOB67nyOuSaNm7e\/7SQG5tg2Rrb8\/P35bz7qAI+r9SDAYGGzm0kMCD\/gcU\/eB9a0NUUKHN\/qxjP0dTa9I1hufPHnolkoo70d0iz7y+nNj5LA=="} @@ -14,7 +14,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459356000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1642696459356000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2AABAADsRN82O+rXjwKgCZAG7ywQAItXNXm+IJiWIMOQ7CKcNHT+QszcDtXkUT0taPAE="} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459408000,"flow_dst_last_pkt_time":1642696459432000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":1874,"flow_dst_tot_l4_payload_len":2674,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1642696459432000} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1642696459432000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8671242 bytes -~~ total memory freed........: 8671242 bytes -~~ total allocations/frees...: 140609/140609 +~~ total memory allocated....: 9435648 bytes +~~ total memory freed........: 9435648 bytes +~~ total allocations/frees...: 154575/154575 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2215 chars diff --git a/test/results/default/quic_cc_ack.pcapng.out b/test/results/default/quic_cc_ack.pcapng.out index 9e144f7e1..a5d98e63e 100644 --- a/test/results/default/quic_cc_ack.pcapng.out +++ b/test/results/default/quic_cc_ack.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623513645438057} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623513645438057} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1623513645438057,"pkt":"AAAAAAAAAAYAK2gQCABFAAViCAZAAD8RiyWYDt+RR2LkXd8ZAbsFTlqVyP8AAB0IP2F8CyEK1SUAAEU0pUADgai63r\/lItFGP+9hC24roELpliW3esH+N23zYsVnHaLlDALQ9HmbSfFZdOGFn1N0tiCxBoce6EnFP8qxgIGvtolBdqVO4KtI3I+xzDEP1dMbrxXh5kXHhT9281\/Su+nx2HNihx4eRSrnG7qGfBWROROddmS4TWWAqhaVPJstau6yELSzb0UA6xOcZDDOFIrtIfaHHJNL73QwlCCVC8\/X6+gOB63o+ixHncf1eOknkTc\/XYOWJLMHSLd4BZOA3LW5GmIXKYRfAuWR6FNCEsog27+JxH38wH4S8BIHq9f0AIY3YXQVkFE1PLeWua7Hc3MsiUcYvgoAhVb9+JBI5eXYfDCwdHERnY1IQQmUAu9SFx2J6nuGff5NC96rDFPIdNELe62FpMiG++tWyxBT1jrqduEE+GTJGana2VRZO0mNKPo4k96XXHnlrmLHJtxgqk0CAYVVoULGC7QmHW0IPw5+QC2mMFdQ2JXXCHchmXNwhcQoDjPepV0Tc7gNhPo5bycXS3v5HN4L35Ns7nhQwv47t4TyZK6yYxdFDGdbuycCS8L2dTXwUF7TstgFGUmpVkx39Ih0cfz4Ml21l4W5OxPMQLwymZcjFN4ZcsWF1RYDZqiwdizzKmJZ2dywSdNp0mvGKgOCMW\/zEpCDahdneaO5ePAihedJrHlLWjrIcNPtMFJvsCb8J2Zs2JveZH8M9ycGrJuRHIU6iNjJ1KE38VCB5Hf1tALUvZ0BBj\/qC+Ij8B4Ro+yZstJd7Ob6BhH2uaRdc5I68e0jjwGpe80iacH6GsFPIOjtZEEbNYvDZ7w16Rc+ITnjSC38untM8Or\/bUIMrMDMgaZ0v\/C5OEdfOGlvxCBCC4\/o\/90Kx02rZnFEL\/i8boI7ePY0ReSck8yGfszVfqzNgiwK2v5Xb9wSfJ6a8GDsAhSfZ9BXpA1BdfBS8hgew+G98kwh4cHwLJ7guN9fdx1HmkzmFzzo53D9m0lvXudsnc8ddqbXGk2HsS8RT8gqdE4Qp0HmVJpwPar68+ZRDzIVr1NO4grcPGts3UheNWWdX22kIGFFoWJQJ0Iud4hNuShy1HzqTQ1lyp0YYC2JKUrnWP1jn3LpGqTH2BpZ2wK9\/yL0GdwgOVZWGlPVBBI5DulktahfK8IcRAXIoSVEE\/2BFDm9HCokMUAXZ7NOPTsKGJDxCqTZin0sZ\/S2a+q9vrJzdzIYDluIS5EynegX+P5Joc4GPrIZc3YnPU+\/jEQ6WmwykKvJwcBvW4q9DF9\/8A9K6qBXWUAE\/f3ls7H3ipOg+w\/Kh\/WzO70xs2OJpZb6vVHkFmXehlT0Ib213P4CBiVWI3EwxwElbpSAUUK\/\/VARpnBPiA9J+ch71rajSMnje0HhIlInLryO9owSAQ7f93iROUK3RJldQmsCIOfxHUjT\/D9SQRsq4felL1nQ7DtW9jJkBIxJNEvuacIdV\/uo77CehnUSmwufgmQjj2L3ej6HOYKut+6KBPceNlpM9C1g\/\/lK0TvimOKIRh5lPHZnjbRXhK1\/2ricgkmNL6d4mPnYWLCcJhWSclF\/A8b\/ixrplLwQsuMc4NgUi8p4L1IcSZhnUxtTszMmKomu4BZaTzCIvV8croOgcxm97AvxlkZRjUy4Pb5rdJcTpPFvUeyaVjMB7toze81GUUg0VFp8lOemZ2cFjZ+uKOYqXrcEJFF9LwKAjMfV1JtVs7Svx3g0n+xvnlW+JM5HoeSe3uvLKwvv8MdjFD4tJpVfQSeZPJIaH6fKbzpbepdPhIKObLCQ"} 00969{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Draft-29"}}} @@ -8,7 +8,7 @@ 00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Draft-29"}}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623513729660364} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623513729660364} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668036 bytes -~~ total memory freed........: 8668036 bytes -~~ total allocations/frees...: 140586/140586 +~~ total memory allocated....: 9432376 bytes +~~ total memory freed........: 9432376 bytes +~~ total allocations/frees...: 154550/154550 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 595 chars ~~ json message max len.......: 2352 chars diff --git a/test/results/default/quic_crypto_aes_auth_size.pcap.out b/test/results/default/quic_crypto_aes_auth_size.pcap.out index fdbc0cda1..1e7af6dc3 100644 --- a/test/results/default/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/default/quic_crypto_aes_auth_size.pcap.out @@ -1,5 +1,5 @@ -00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054047280433} +00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054047280433} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1639054047280433,"pkt":"AAAAAAAAAAMAKVHRCABFAAVifypAAD8RWHqGNSQrjmgmHohlAbsFTlBUwQAAAAEIajnnvXpZQGkAQKS1+N8fvEy\/IOkT4oydortAv2EA7pMR1b57qEUN\/CWLgwIsiaJrsQ4hFHO3l4u7VGBrkULKHI\/lxjDWdE1irA7d2B7h4jkYKWy0HD2ljAAwNUaCq2GQKYIMFYPPnjUgnc6NRkaRBhSzAe8fZndm3nU75Z7WMus4y4FiuskzWK7wPKBIM7bxQiBvpY62McQkd0tyvv46Jp9sqnschBDc67JbIa9bgESPp+gcP9R53I2XHVB+sKt85pW8jfCDOYD2MzyGLQ+T55Kb3elNggevRPNt5\/n5LSD1+BaMwPIWniyhyXqn9M7ZOvHxtplESf3\/ummwgMYCFjWE4x4CgV+8lqttLnKDT+33uPLxFmhUHvuyRgYs53v+N7Yn38UufUU6ZhOXmHE8+XWeHs3tu8WDodE6SWRhM5xseVzCZYLGTT3X6CjYNFcJl6kyqmquwogEu3CCHnXmS\/INjB4uSUiyMhRi4SumS20xZFVtqZZynkmMlWnK09e81BgkY\/iuisZWvJRuJHFdwM30B5LDjtpgqfazbpCu6Uwmv2u3GL8UYFg9JXJ6XKW7RjDXv2OXecpNpV7Ec+NZ7S+Eblk+2y7gdGGGOJ0YWQ\/UdbM9tjr75mYZlmZ2XmwaOWA7lupjotCEVtvNyVGjw1p0RQjwWwkUNuy\/TjEqMcudShKNa9WCDQ8bWEIgXHDXASO\/PVPq3gEIqJWQbO0nhO2rHJC9mtpB902MTnQB3oRhiTtUMf7fAmQ+6s5GNn6c3en3gGYGA+JPXusJvDjsRu3PwCbxmWJ5W42P6X61ctfR4ImfNUcG5Su4UNFa8ImA7GgSH608jeNlAEH+oOj8LjAiKc4rTEvo1LMxkcm0RbEgQ5zCg4gb3K695U7hnkuVkbZ2P0\/0RHqSidtcHdfWB8hEkFLyKuUlyFbgTj26IexnKPiu\/sik7Xf0GfC\/8RFWHPg46bSbOrQPg\/gjKdjoVYkal7TJgFaID+VHNzeQm+hSPwwtg2AWznQWRmFkp75yYX7gosdtClYrZYA6FFirHqDW+0GJykjlxQKOXDmUJPLnyG1hF2irp+YW2l8A4zScFSFMH7ORiz7jakW38s4r3LjbMiRb8Tx+m08\/My\/lJnC9xZh8q82LXT41dv64cfwg2eQtvH2Lqzs2I9rgcYmsyHnPyvR7699rVEk9J9YaLrjr+fk8N7MwS+A2tX9iODZWnJOUm+mTNwC\/T\/RWyAERM4hbUAEurepo8J\/aEcXnBHo7os5GSVLmj\/GiHweHArDF0myFhpn34cAp8f6Y0QM3kFU6FLExLGABdnyQk5FEBOr15qkQbVxZ3kiwHa5MCacTRiiIRbM6fJjJYMCKTLqYyerVtahDJjc9THoEHqkc263xcjlUk3B+44Z4xuqgt4XeHolWU+aZMt8oRurkAG4Tuf4UKqTmIxukJT2TMBWkasVQHP3Z8Wausgp7GWEQU567iGHAcPK670SSe9B9hqsJ8oOEYcON5apMj26RB8Zd26Q8fiq1vqWEGo1PCxuUi5unaVFgNv+c1hkvn7meyjHS\/L5Rc3CDUEpgtYy1aOHQJRbXUKAeBVqgmzVlTFgKNAdhCllApJowozwlhoVXS7RvypYWLyqEFM7Zu4iCwMajFBhTXBCFwHLDlfiSC1hs3iPlIAICRuCzOLoHacQfJq+YMBKP9Z\/B3dU8jrKoUx8rHfRizok1fJto91R9llaEwHYg05bSKiD9k+j1zXsQMK8reMddzvzIMatcM2wofN5hnpTHOrEb+bb8zNLy1vI98DbE"} 01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"app-analytics-v2.snapchat.com","domainame":"app-analytics-v2.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} @@ -8,7 +8,7 @@ 01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gcp.api.snapchat.com","domainame":"gcp.api.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gcp.api.snapchat.com"}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"app-analytics-v2.snapchat.com"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1639054232898553} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1639054232898553} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8672342 bytes -~~ total memory freed........: 8672342 bytes -~~ total allocations/frees...: 140592/140592 +~~ total memory allocated....: 9436748 bytes +~~ total memory freed........: 9436748 bytes +~~ total allocations/frees...: 154558/154558 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 607 chars ~~ json message max len.......: 2366 chars diff --git a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out index feeb67462..01cf19167 100644 --- a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1616775370814360} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1616775370814360} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370814360,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvDAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtrnM4d\/0kI3t2T5FO3RTETvA3HGhmrbwnQma+SPYPn8iYYuHdKaQW8SovX0+V4dnPseYO+4VTSZldeifgT8VNQQB04ta3cEyZMDpKRtegW4dekko5HPUbEiidNmSQOuP3pH\/8SoL9x7tTBQzg2OL3UpCqjAnX16pFAdQ+V\/RbqJ1eyzWFdbwBQd2HuCx\/Ij151BRRI2Xn\/z+ADB4rVF4WDOutzm10O8sh2ssLFe2YyMKEeSFhkO2WxMcAatNA2lQ4qJXI32K2kygG4WC7Q8Bb0hTFMG\/mywEn7y4151OST4nZUDKvDlYcVWjuF+qTVspa\/iH7c2UuyPhpTYvIjH0QeZUxZzZhSTFej2LWwFlP2YFzpGwiJSwBaiLMY+5\/70DioAlmqyVC7SFNLAm4+7fUc\/CJsf0f8FDbPGjMEF4r4f5+0LVZH94Uy4Wd0tsSsAOmIxjxwMYhgLVVmrVt7TBRxZotLsMMAE5KgY4C37J7AKCvvh04vXJj1z3UQVYGJh48Z9j2DH62a8\/DQXS74cUeasgoXI\/\/fcqyqG\/+dEnkEyyQl9f50ViwTzUzqhBwr01HZapB8dBBIdSdOLcU\/xu7325B4gE6MbrZr6w6DY7ChrOgc2VWwoxehsZo41rWBZsOQNIyPzLv9J0BRip+w7GJmYxc+3ube6gxdaz9W+Sn43CsbRIQrhbCgHGaXLfLG33YcaU4X+6lhZpZDIRrpfHlieNk0E4HHfvmW6nTXkwcpHKUc\/LWt5+WouHWvxMn4x+ldQDvX1+1587CV3XMwwBZM2RazatEhHW1RJ3OT+xC3gie6tmmnMQduXseFmc+V2JaT5\/q6MRU\/TlwY0Rq7EtJ8+ZbzGXqIuu4jxCx9oMmi66z65uXw3qINNOeUxHXJycpAWw5De4VzaVR4lwygzKGqlnx4L3JUveIj+oObyh7F56NqTe5C4UVw0rXOK5vqDKafrSODvkieITTgx03B2pUNKW9RLu1PhtbXUZuY0giPngPfKgjMEWwbgah5IvyTnveaL6sEqf9jfr3kFrsy+GNW\/OyorkDnRpI8RofzGw1tLxiDlPgh1n9rHyR1pRdby9Bnf\/rDHEeTaxotP0WhApggHCHa\/yFJECzVqs9aS7i2yWDcJfS40AFynUP1UGKhJe\/uUxXih7qXtheQ7FXxIkAhVv3cPoCRA71Cfs2E\/Eey1fVKRW5lMJW9PriJc7GoWtyx70pOdZsK8HXiQEPiYKJaSioN0cr28BDrpMUfunJRWn8PiLmXUmTtuIMIbhFyGy+EQ6xhnD+A\/0hLJNWNHMXLu\/kfUBoupAJQTCcfsChogaeqgD6e5eSYCN5PT9+XpGN3+Gf4PxJfDsTjsRYy9pJctfaPC3hqhyOjQKfCx2rbpvgC9PMRVByJjtLJxGnkJUAuG3l6UFakUVvosZ+5M63lUcs39+r3quiDA5yu7NAJ8A\/i87lBxkG+y1mdyDXsaBDCfcK3ZxP\/soZcY4r+0QCaSKYxK3TnciTbuVT2emgJe6oE17JFaMKL\/+oNqA3ly+Sny53LHt3DnGVzfWQGnSJpT2w1xGiily9lTfAyLsd+fvmBtuH20lp8Prs7ZgVUIGMd\/pWSRV\/g=="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}} @@ -8,7 +8,7 @@ 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370815052,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":116,"pkt_l4_len":62,"thread_ts_usec":1616775370815052,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmAD4RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgA+AFHEAAAAAQhbtLKZy53KxAjsAiiM0e27twBAHLMBaZzti3E68kx9gE3ZXKGXRNRnGzCRKG8UNXw="} 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370828465,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgTYBOuNAAAAAQhbtLKZy53KxAjsAiiM0e27twBAm7orpw5qxd1lVUqgjQB0t6bjTCpm0HrYctLZlOW8RxeFqYLpUL6aQgJgsqWU2IeDMkSEWQxNoAD9isTk9Yu7pj0FCV0RExtP\/DdNmswmyNYMjGETYolLSYO5r9J9yPDA0Hm5r2Be7ZsaOFJuaPcG+Z8cemvuyam4YpqgIkUw2fRqAGCqYxFG+6KmJKwipCWmTGX93+bCnHXzHjo4pAAAAAEIW7SymcudysQI7AIojNHtu7dEArButeYco\/iBezGaaRrsPrjlQJaXfjGrGOtxyW+VEUk\/MjXR3nhkzs5hCQvCoSZucW\/0W+ecnkNmCHqs4SIt8zySyF5lpDfgp9EZivvNrzkJ4n+PQNK45RWScN6\/LidvcVOvPedmQJOG9nF6nKt5GINaBYIV4DAkyRKqDgwq9zUb7Yz7KbZ4\/U\/l5J7VJ1IcyGwyyxkiATxj0nXz5iL6S0i\/Qff8OBcicPH2P4+Ard1Ld6HdHHjevwx0KBLIR\/1gx8y3jBkMb7NrDl73ag0KfXqIo6e\/H4rDtDyvQi0MpOujutDnn7iduSAyMAttxebYk\/V9FvCkMKZXO\/f2aw6MwYM5XiQfiS0EGekYNUqu4tX0eDWRfSvzPoSK3zwRx4JPCDcvlmXgRKO5rgPMPeHxw\/4R8pwK77EgYt1YvugWPg\/rFjo0LRZvcA9G8G\/1gz6DPb5lDFEY+OBRlZ30ZE6tLUP1ZFYbG5jdeb5yhjd7f9M0RbEJ7ln\/y8vbPI2C0bUmD13Rt4Y0G7RfrbpAU3FY2suAugOO+boypmtiO4rL6zAODnI6MCvVUhjFhDUP1ZMy3DEbE\/xnUPX\/Up0RcMDRMmYO6PresXQ5RkVkt0ae6aInaNXOgytqGgSHQfz6uOr\/L0OHDt+bSpAApU\/GkfBM7SXUX1s7HyotBUmo6gVS8HUZuU7YrbYGRso8SY50+dw8BAi3q47Zp9QGbX1DzI5w9oYPtTUGDdLZpClat0gKKcURLG6oNQRR5\/a\/JtzIWMdkwQUx7OfFsqZADmUiIoX56wV2pU4xEtLCFSctyPKTea0f+AM857zRIxI5doKRMWBQCReS4eJtI+yNHDXx6msEsTTh2FP1cyyPpHQPXWO68SFhWiSGQJi6ng98NXq4DS5OGBxniP3A7SYa3ygAOZyBymKqUpag9lF6VLHr6ZcfFBz68AaXUvP+0PP+sUaVWbv5GAaFkJhjceA0c5G1AXQAxAjwYBgFXSEHCZ+nyt1bRzD34wOG9Ui9\/G1LO4TKEaGQ7LK+XoEPq5xZpNj\/iZUA+jo0DVw8QZXc4bgx8e0jAquDv2o3cBMoVWhbp5uoSPs5qAuuEJPvn95LwoGyVBuftbARv+sEm5zZ+no\/WCBkS2bMuYrjzmfTiTl3Zagm49VDzuUjI8TYTYcniFkZefA2AU8ighAo1jD2vIVqP6oCcqp0gGjHWGXQJpIi\/72JF8fqcMUaIrAYkZr327d7g0oopaslOaoi7acasbJkIDuiwILeD0eSjHNpdusKEqM8ru3UWJiUf+xvi88b2UB63AqrZi9cosVzKiZJNiYgJtznIFN5GeceVOKOMBQX4zvEc8NWY\/ph7nUhzt49aTuTiYeNXwsPqA=="} 01444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":1286,"midstream":0,"thread_ts_usec":1616775370828465,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1616775370828465} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1616775370828465} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8669961 bytes -~~ total memory freed........: 8669961 bytes -~~ total allocations/frees...: 140583/140583 +~~ total memory allocated....: 9434335 bytes +~~ total memory freed........: 9434335 bytes +~~ total allocations/frees...: 154549/154549 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2262 chars diff --git a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 2c82e7040..ddbf28c1b 100644 --- a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,5 +1,5 @@ -00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621417111064920} +00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621417111064920} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417111064920,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTFAAH4RUm+FzUvm0OWdUdzQAbsFTtRayv8AAB0IRl3KXBW\/LTsAAEU0Yy4h2W7s\/rlLefIGYQnrzU1ux8x1WHF9P2TRMM\/uMgrk1ok5ld99474sHzCIsmBaABMBQuwajfiOypF13LdOvUbny6sKbnPsiQnWdRy34WzYDIUSWbFA\/\/FyZAuWdhVQrY6b6y6LN19n0\/TyiwQZaRgOj9Dah0V5ZEaARpJrDY9m+9WAWL1E5fl0AZB5oVrpfRpwU+72dTHjTrdezZLrG0y4LUZJV4ZFSW\/bOTNeyiYeeLzss7MCM0o7kz\/ABmlsvSTXlJ31WdTvcFfKZa+Ers7MX6vrMreYIDLD\/ts+djqt3oepBEPH1tJwybSyF6zOUmcUZSNjRN66q7NkOjxIFsUfL6vSIfs09kF5zqgt+spL3nfMkmEEbIE7Yb6VRa8aqO8bYrkMWyfbFbPBKBEuDwvxXHrKHBxwnW70rIsunEzXSGSfZXttskCHI36aQkPEEfMaooCWLD7F3ek7vQfYF9UBeP3UInD1\/fYOKKyXlh8f1Xhf5ZtTg\/t0H\/rYsiKjt\/tbN+4cOfHmb\/PbJuLAirrGtMROug44tuDQNDgTnWYAQeXIGrimS63+Je1xn8is8IMmIBVJgnKtBWcrkpMXG4qIednOh1PU3Q9\/9otFQnmPpsVeluBrkhgnE4Pv+jN7MB9MKsGF0sSC1rOxFEUDC1ZncrKF2pLDQgCdTsCDk\/CcchJ4M3KHS9yCURHTTnwtZtZ46Ba107K6\/C+vDHLLH0Agtie1px7EDwsBP1SFcU808ARQb8bGLCOen2251sgfs22LC0YsewZOMJW3COsMT7VTAQC4PFSt3Jgg155O5SMOBejKszFjP0ssLTQ45nlMeghvKmzI+zfNFO+kmZxhFyxqPlrgdV4WKrdIRZR4IDXMiiBpWoClkuM9Kcm+TctK8hPDBFox7OqpdBdHkgRVzggkNVEFUCJAoy7stynIye5G\/c0PO6aK2KvGAn+3yIbnJQO+GFl+DzzTQ5+znvJKlrrHbZJ0Q4s6V8EP7sXEgs1jrGqyCGI9wXbSo\/8wFamlp4ouFVhBqYZQ6GonLwcM2BL2EqcW1GrumcxSrpctIQbM+MLM5TmZnDMpdMZpkkzZ2HiMH1e4fDgQ6yg7Gbq1oSAP7PmPqOdaH3pXDqIE+0KyN656ZdaYb0ZW5qVxVZ\/yglBSCDTTcv+oiZZdzI4cH8Dg9AnTIhGYs97IARnzPncHqS984seVJsVe3QFzlkq7PW\/+y877P\/bFA\/sin28uLWX7d3K3IUeguTPHXWFnBk90vEPoVwUYyj9ACpdxWLYAzshM8UJ\/W4931weL+9Y45JP53CAvIUGXcyWPEbA\/HUlyizs+gfbouzc6njtiCnSFNiKixMnDd6GnBIki\/6nDKciwxPCTmggZDjKRSkhR0fon1nZO04Oy+GPjSKqyuI6I5+\/qz+87W8lrtdNnV1MTgqqBXXhQGkloYjiOOO7Hr2euMPx\/D8ZUBmzjEl1Q0vybg5VizAcIFEitV672m9tByJnZVCmqOqHSsQyStHmvXtcHwG3FmgKLlqDELNJ8refw1BcltymiFpTUHXujIq2m\/2R5lxEp3IZpg0ykJqHmAP8x1DQP1O+gpnkeZMlBn7sZgxbS5i464ONO4aidSpGEEs44YdZy\/0PLNXvbgohSN7NSSlu\/3OBSZTCjfEOkPRu9fd3b98IylU4SIOzNDcculUBKrCHb5iJqK3HKWlgukxdQQwzwn9S7alNQY70dsl9vUF76RPML6stNu2Zb+\/ZYxqaJZFu3FOvrYcXEYKZuXML8FedF"} 01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -8,18 +8,18 @@ 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1621417113176734,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417113176734,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTxAAH4RUmSFzUvm0OWdUdzQAbsFTp+DyP8AAB0IRl3KXBW\/LTsAAEU0o7FkSA\/0ikSyRqQvXGrrGoX5Ae3X0rpAL84q59M9qwkH9fCBJTzZxi6V4r0QKCxOQEdb\/FP0ffCcVJD3QVcDTLQKHyI4uAK86EETL2hvJCOjv4iyoBWGc5bZ+FonNl+uoMd4szLIqDd3NF8Lyul8XdWC5d1IPNGwCAYCt+Og\/iwPdOfHHEGI9gtMs7wGuSa7MKQzgxaH9KL0gJbN4N5z7kbS7wqrE5CGqR+jzwYMZISKY\/sOkuXOPNFcFX1DsUuNhKe8O5iIlFGshGWl93ko3Qd\/s8Im5+y8CKtW3GyyP\/aPkF5DjXEI155evNh9WIs6MOpalk16FUT+wSK9hU12seWzSutVyglPlt08PYq7MpuTYI0kBvQ8l42+eiwSgJZltMAkKWqSbGQB\/K\/WJrUr8daz77bvAE7Q+SFLL4PMA7RelUCpZmjdkUXePH0ru44wpgp1YmSEhCFG+hYRZHRDcDO6zD+q5H+Sqc6LDjGehdnR5m8I70PyyS2Vs5uRt6O\/UkoXQMTQ6151icubpXuDD4DvwGDE2v\/NBuxFTAVpYajm4s4E\/r8GUtWwVPPHY5JNr7XAPu+QoCpwU3g91bh4\/hWBTzenD6ShL7E5zHGy0j7CVPmbQxHJL0l35qdZWoRI847zrHHuytkJOIBR6dyp\/yN1At5ZMAu6qxrWM1DmDg13uB321ax9qJOag8gfC7HY5MXhg1DQ82Z\/\/n+AoftAxjjW2gUuN\/rkzpw7iARBNZrN+q3drE9K4m+nUJU4u0SLFWRDM9hRC6xS+3AtmH\/YN40H\/7qqsvIRj6xEUILOgdDWY7aOAypUzptiqmyZ6gd1fpjWq37xq58tUmw+Im6iVLxsgtxo3Bus+Jq9y4ZYdoSLEebp8WIbG09yXZPfHjwg3F0gkF2aSL+JOmTTYygRBB9\/uZqJme0+8ifTULhKwNp4AQYFE2KlhPFogQP1nSDiVnmjBOk0XCE4I9fzQc7rhwnGJsXOMSpgeUFHKKwbfUCqHscY8G\/TNkFgPWaSGVt+qfCyBSMtkSFDP8kFGj\/RY0YX38a2+fcG9Yv96cIbLDPWHxCPjGtEFONIACDhfytwgWHZ8REERLg+oIG3X892hTfWLIuUOSUtPxIvV\/lkUVLbbgQOEV\/OiK2YnbaZwpy2xHZBQHIBxflPDtePFQo4xBRiIfoz9W7FxVLQ7z4Ukv7fvpA+qilCAfVP\/Hit8WJsDlhMcr8s5HDdidYVz78p57n\/hZECl1HDNlMji5Beyfw9ynaHQLBb40TWsxuRE48jn6jha4820DqRPhaE2atATXnhCcJQfmk5DXkkKivQCgGB9ivDWhfJVfxxfV1zHjhZ93tt+wZniB4pEyA0TkA6zIPNYs2A+1KpBBDu58xIfcTlzsToOIcukgOdf37OdZL8yKMkQDkVinmTspwWDmhNan5AMaHf8OO59F\/Ju9u6kMc7rmDT2qXlW2VbUebeJYvuZ3Yrx0zIggOCkDt6cjAwUJvko4KPZS4DwAEiA74K+\/dQ2T2m1MdpOm3dtTyoIgm4HNY8CPNk8SupcPbDn4HN3i6NKcd6Aw1EyZzG5SKnUzyrpgAgiwy4iNXZVclN9U2hqUq\/QxoBczTMQO\/CQKyb3YJMr9dkcYUbfIHfs28\/LYkL6sYs5wskMWskQC1dXNo3b3m+JowwrRqwtlH\/NiX5twif+3YItLzXWegIzUA3Juh7oTi3Pa+DSgeBg0JCXubi47Tw7htyJ1Q7NmhTT6FdtNDLyxDRP42jWq2p\/CqVQ3C\/3byz"} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417628801012,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsBAAH4RzreTxFoqsVYuzvDPAbsFTkiRwv8AAB0I+raMAglwITcAAEU0GmovP+mvsihl\/92QhcJt6i9xOCuhIR8v+QVQPDfpj6BytKt4QkFnLk36FAbt80sJIp\/Y2c7pKVYoBF6gfeinYt9EQsJeq7ROnY3ivJapj2oaHwAzsZa4wHPnbSp5Fzk6+XETr+Q0x6NnHbM3zNCM2AaHMspi1VAViZWQsrRPrT26HUJgBdgrtSBr704DAlp8NIBOTaYQmRsLw0sO8kaVUQSTjBt91sODuXuJFBlvmd0rw7Lx9XhhtXOEq8peMATmMSiGkCnVtuHU9IHl7xPdTUKOwX+iqBEfcVUDuMTWTQ+xEjmygydvmbpLt++lwihva2qbwF6QkkfAhzI1WNSSRrlwUFqM+Zsvtnl9miygOu3MVINYanFJshDLLhtcYcppiQUtPQh8neggpYf3NcqHcOg9yFih0GlvYXJgOAi0eylABT+cl7jZZQ2\/9NICqkeHp5SgtJZ+rnT0jfRUKImzpisiXxL0gUjRhZOBaNVTw2DFuXCxQsKg\/KU7zvbCtbjOLcFIvgcvLg+YOzho2mATZS9Qfa20oAzRIDxCf0U\/g2Kp\/RjvwWjL8Qf3VcFus3W9PJibs38Cnb8fC1OmRScNRTKV7pwvzBngo0k14tTrnFD06xzFU4K0vUGZStljl\/FAwNVIMnRWjsQn89AVyrUyoiyAS9a+w+Ol\/IuzeZupo9JHvpafoLvt9p341rnuNTMpuiggzG1a\/AJiehCdHVju6FHVk25Y\/MvQwUZ0i\/jES6yQR38oUqlnXVrq+fKrSE\/9kcUPuinfPVwCAVdLSD\/ha7TenkHZGDajCF77P2QxcTnluKJdVrDlQTARcyFrPTPqYJkQ\/NBO4Q2LUqkPKdSNg8BTKf9ErnqfzfLyF5WoMGjiT+xKiXVVojRktrJCp1vh\/UQZ5GB7zhzqnM6KrzPyc3Lxp3Bb7qVApnsRGOqMr1ngaD2S5zZ2FCX87pAvyMSivW4aYtM\/FgZ5fi1KOfYRKUUTVabBR4V0TSKE6XBOLGcK6tn4xBlT4YzAm4R1HLGrMHJVUw1kbq8I1GPUl2Oe80wpsoTflQ\/7rxCHFRENvTpUYufeWaZVYdHvgsMahyyxgCBnT2nc01NamKM3ocOAfaIGcBY\/TLk5FbdJIlfNuzsvYmFgqC9vpu4ElbzDnAVfSEDcO9fSa+\/JxpgCfB9tsQNpFDTYAu1e0Ss3GB+O8aZWjtRVkhzocpK8euQFsHuPNYkc0XzFUPsLBkPlcmTbK4YVnrIapDZ744rfE93ooFZIUkO7Ch8oLzqK0OtBOsGmVGFTbaVf+NhQknLLOENbTcHT7F0rxbWFDU++4qTR\/XmfJ+wUTJsT+\/quj3VddN9kLF9L9a4EgHNqz15osfhMQWW+l0C3k2t5fh5I4ZCw28kLSE6kXpe3jSgb7PvPC1LSkSgWYuXB89Kj+qTD\/cFbalGxIJb\/WgzJZn6Gd7R+R9Uf44YjcRfaKor1OTqri0mpCgDnlcKZQFUkScXWdMFAepcOEwVDvTUtXG4T0tMPM\/db0x58pCBeZHjWa7wiz\/JWqOATbNaNGCr6YxqPK79sl3n3mgQubt+x0eKINEGpxaZgah4UluP1BWQh4YfISLcQeFbuVb8GjyINELyA1nqZY4Rm0zHf5sR3fkBxRXy8m7315bG8d2eGbZxchn62uWz60SggwIYaJ0ECuYBFMzQZtKNYAvyGaZftALbKhVzxh7mgcomFyIRc7XwzM56SXrPBzXgho48l4M8VVXrs3DqFKC1\/kSw7iV2kg2+Vlrpf6i2uga0t"} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com","domainame":"sb-ssl.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com","domainame":"sb-ssl.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1621417628930767,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417628930767,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsRAAH4RzrOTxFoqsVYuzvDPAbsFTm8Jwf8AAB0I+raMAglwITcAAEU0pjC69lxL17I2Vm\/2Q1yiyTryhXfWfRIufhNP5rg4c+FEuOp6GqQUQFPIcqWk6U0BDlkVmnmwl9dIFWmX\/bKzitGvZ8mfDi9hktZWexq37TSuAH96QNRoeDy4tvPiSgKIr6FZgR4Q\/HVISWRrxFL0ZKD38sgIoVYjPEx\/9Ic4WOpPiBg1t9\/qrhQHH9cTVMgWsLt0TDJTL0KZv3cMnUOIyDfZegNZ4jvz12dVBYTIdmKO7+1d6Z2\/OF7H8egyUhxpPD8g63YnzjMgsOVESGTopFXkRNnrC5YYuCPBc4+8zyPzWbaRA7ZY7Dj7GHebUIt0h3Gw1DMiRq+wjLGQycx78BHNpTa91SU5Z8OasixP0ARhcYJ7QKV8jqRLQIZ4IpBhgMNdrO8Ggn4V1al1n25AZ\/Lyk1mcCfIi5OinaMRv84l92mkzRek7AiZLH1nKN7U8\/la6FOtm5DE6vEcr9GZeZ4g8aHUkwBMbmP+13DolPMOI6DGfrXzZ7dBsZ4wbQKaGjaOhZc874uKqQ4j0o8xXhMGNRmGzqEw0XLrhUHdOwIt3sXfKa0kWZzBhThe9vA5yuf2IJle4m+JLUJDIrj8NkmAliM5a1Ztu0S1CjbeZwlZNEfqXXuBJ3XmYBU6x4TRQAywkhzhzUXIItcWXIsLEo24LH25n3fHel8z8SAJtU1rYW4MJ3cHGCieRuLa9m5WyLoD8MhHU7jK16MqrtWsEA8LCVJ4hJcCGC0d0cGJ9TmpzgM8fitFGSMldwBt1v31w+KigRFbv3PGq15QaFu3Bc5ghmXY2tvuPrAPwDQ1dcf4BaQoD2VAGVaIncU5tvynrQteTCLDkNbf+kZJa2SKp54q2Z9Fns9c9jt0T8RlL2p3YHikPu7llSazlfLXFGeGzoDJGGsNxHPldt9to6lNcm7BdP4mkNcgatPDawW4pXv1ns4BEQlIqeGnHJbtHqijRNTuEtZwIuRhW\/Knz7OtExuPugeU8Zt\/GlPfZScOWlEiLrc05jYYCgWUXmqy179xmcMucA9Wtytp06aBHf+WfQ1fURy3jSmQ3NJ3gv81uQ5roWC\/f151I1SnpAuoNl\/wshFDWrHEG7wosMoA69VM5ioRjUH6Vw6vtLsEkJmdXHbiLelXmCeiv5o5cjuB7D+CLbcHnxi6S1s4ouqpxdZyMBB3jywu2tIYU4QKiN+fjaYMDYwpAzD5Jb2Fn5An8ebr2twQ9IO7dHcApVPzom1G8qYIs37w2OByHgFyhjSn3envhKGKlaF+DnxPnqjkcDSypaV6Xw6EsGbkUEBsPWaFNAQl0rYQv4OIQSLLLDbtnqJSJtFqJvApbEkL5FOujphAtNX4TvOYetM3s\/ZH5TkEvzT+bgZWz2mB1oMOoQPy213DWxLIhN9Sus3pIVPH9KUpLVArxCusIojjl4y\/CVvWA5XX0iWrENm1HaA6F521QuNa+s5DzOv42QgWOr+s5uNKSTFxAahQlQrNplOZsHircGL1XR+n2uD2gTgWAAY3b2i21J5cYoe0Z\/jVWlplRHgm1fBm8iBceAe+i8eGjb4bPc5PfJZ8n+JrHrN8SDylfFnIiRNE8ID8KN8lkbNu3\/oS3Kih\/K85WFq55fup233gxsGiJl3pqoHcF8IRFeJ07vNzBh1QaRlhGdke5sCCm3DG3xbt+UWW7rCkqr05j2zGYZdejMwOKkfbRf6NbqQKPeIcLIlv2bkyG3CDxjjE97A5SRMMjRaI2D9gkNO0\/wn3W0x5srM6qZB5BFLM7YG15trX9AF3w"} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1621417629532013,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417629532013,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtRAAH4RzqOTxFoqsVYuzvDPAbsFTrDqwv8AAB0I+raMAglwITcAAEU097Xe2il2Zegu7U45BZ8gKfm75BdOnPJC97WfnE5KscE98sHvgzGhWttrfuN5Zw6V0RznV0lHr8X6WifmddIwLz9dgmQayfKTYym3Ekq7+FTfsVbmdLv7iDTySVEQT3U6aJZTVVfr48rzDdUlbuOabtPNfF9PK4wxRo28Hv8rNIeQLcDYX1ZhINEmN+sLvvHwjXJJn\/mGzxs37Wo7yOZbGkbY30QHlElqBOAjfC6VA27GzLEtJY\/bgqKUM6kS54RZZNzg5pKpLNlhxgP248e2xlGMNOmp4fMFXgmg3EfYbmnl2iWasHW8AkLql7Ucnm9wslVj\/YWb2c6IF2fyJjiByU3v\/tWqKcs4QGqfKnNSz7TAvliCZNV6Zo4gfpjCqzFPRaJI4yeyyqsAh\/yIYVP9ZV+w7uilAeMXgI+K0KIlxsOhizEgVDitG\/KAo9LOeN6fomCXq4209QrcrNd3XMwKvH9b188UgNv\/jRvXciyaJGIyMgJ7mamyBtbMq07La5hMyvo0mSqFOXeW1vGdKnMpuiGY5RTAHMnhNlkaZqmORAjp34HPN8n4vG44MH5AJ7tXiPcaAMzbgdmd6ox3fd0BfTrlccudwRllV1uZTxS3xRBBhwWhqTZE4FhxMXqd4endwazGj4NY2Vq7gD8YwyUO508LgWL2kYAd\/HfPDFLaaugd7M4tl4hSFuXNenTPDtb\/bRXBfDbvsb6xXiRig92+oFBV7pEoV5L\/yiJ4P2gax0Ac11TG31dQqdzo9z3YfYxfMa\/+8LYBIBydV8pcGIzVQDhSjN2LC5nUQOTcNfPU\/oVh0Ybk1aIMEU85MfYtwrsAgUEMpEGProetQB0mTzcYq+lEmbIIU8WPencLFFFL9uSVHveeIfGWVYNsJ7jljceMSgP5H6cv7CnQzsqS8dQ4uaXalyrjBXDSyJmCkDvaY220xAc3pj12kdE4BvFmAtStxWdtg66AiG7qv91s5V3en6J6UAronI\/KmR8EOk5BiV2TYsFERt4G27JNG5X\/AJaZ8VwtC2WsqvDKaMKYDTCCbRtilBnZ79PJ8INFhsaJtQDLjVGnL0+0lag21H2c0AgRlVIciNuUToDrQp+pYnpr3L\/mM63uQTkvv5eBIAP7i9VCEUjMABfjlzuA4QlRNUQ0vfIchW72uzMqFErT0XMVPnKFlDHN9TDNIkKHDeKZQaWZA\/OfMsV7evfLcQ+ddG\/xKNaoq8806UcjLdGTZEiKme6xLw53P6MT79sTHldTCpjPaldQ3tMH4EIg1InZbS5ktmIvlLQ2zHCeJ+cCrcDav1P0xMr+DLvH3rXDc1LTF\/hYsBxIYeS7vsQF07Zw9I0Aabf0GjuxOlwnW2Bt8iPysdcUeHkriGdeS3Czvq\/nkZEaGKcHJEnfklzqeTz2bYQ+SkshE9F12pfc0agQ0tbVdAnKaEKIsSgzPUMt7MgzYsL9AUkoIblqKn2hXfFXW3gr6XbSi5TQygflSMy28Bs+5OghyrSNcFcOe8e+DTn5mmzjD5O4rsNuXEgF7wS26+FyMgZbWHqX8HMifw3qMfcAQ1nT3l97zTbszeFs6\/goTc7uST7XEMKSKrS2lP7e\/ELG11fN8X22oM+TfVd0wylz3v0e6ThdB\/tMpVkNfw82FE39BRdoKw04E7yZ9lgCOyxJvMvSEQRhX0eoTiGgfBQDAhtTklq2Zr0UEwX8LiDkDQg8kHbX+ady095CUYxnxCvxjTB8g7HIHtQ37uzrFXIL6Nxg8bDtLpiJue2jB8lwh4plomig"} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1621417630732572,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417630732572,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtVAAH4RzqKTxFoqsVYuzvDPAbsFTn5DzP8AAB0I+raMAglwITcAAEU0w4P9mb5\/3cAJaj4ppvPVfM1e79oi6647O9UrDvxHMvw6wV760XlpSjd61VmKKMxqPGYPlva3z+F06oB5C5oudSH4\/k\/HgNY8EZ+f1zMxLEV03HYvd3eyZ2Yigb2EaaYwKjEGJTIAPhnFqoauAh2+NlX58F7j0QXxOBZNFmYxTg0U2ixrG2zc81LXcer1hlphJjt2T0DJryb7+H37VnCGZV28ta5KuFpJCEHU3Fd+Au8hzAdacFpKvFNnEUxffVdh7LgBkgWaVuMdCe6yQz92ZCsCzBLddU1kYPj6RsuYCawbvUqb562kpiZjfFkIOttpasGIi39tj\/u4v+6d8j28V1orGO9PZqXvQy\/8lCwyfjm3k0DcU2W3\/tOXF3YDgVOA+NYuef5dsvh8sL6Y2zGiut+QW3tAqTRsL41MM+QyzTgsUP92XE2REPCVdMjU+ZIArKLV+PZhQEMEltTUCaVI8sN1kF3tnGaBAFdJ4MLfX8o+rvJwd0AlR1I0UPhxZm51ZaCJ70wXahMqe33eoOnF2efrrFTGLRJVQjJzGYGviNutDC3KeXcpbH4fXqHVXwA8L1ASWNywa4RobifRQWTIDiyeTm2aFLHckbvi5IJvvPvnpIXXzVtd7lNSRojof7DLLLHH5Sh9MJDu67gcXOomZlUg7yOcpexQNUN75dczjIc2sRYYZZrxl0OgwRBDav0XDGXFuU5WHO\/vOp5NjVJ2UuXp7FsurhXvGJAbAE4FOp7kuYa\/ApYFR2pqTRIboQp9DJdarbNibXR6+hzTMq7WOo6ePO5+ZILoF0GFYVO5hMThECA3Kc6QzOpREKQgESXdX5ctFgyHOQKvBPOVvSMrVyI7tKQV+CCeeLPyYTVggovh0hGzowFxkk\/NdLeFz6rPoKgRAyda1meb\/KkXjgYf08b4foJ3h\/6I0kE8xiLDjSKXk+TeI7hUzuuZbCPA9dRpZ2MBO03rP4oKITQG6AljreAq0TtXBhTVlUpi6WqLB65hUZQZmZ1FngmVJas9iH\/peYm8YAq40PQZFcepCCybIMxESKXO4wQPKParQ72ob5VHzzpFoLivQA7oY0yXAuRPhKkZa4cB\/ZEJyab5Og2\/1JA8HV9DelwdwjObFO8YWZySPL+5lShVsPkk6NyMIkgqnrPUZ9429DxwJZF9DRWha9nyGoqw+0N4OtE48TVTIojBpDvcI\/CTXNaRCq+NNQ\/f\/RHGp7OL5KL6+TDhKzMT+zzHQrhBJpIc0hWz5QeuCYul+OTpdvjea5r9+J9nkBp3Vj9JMEQ6M\/iXF91ma8TRXEdDqbKAg449PYPC8M66hwolveyS+2EObExXYBklmq6YlojZm6PjsD8eUEaG2RTQw6TQqIOLKW+jsLOLrD0Cax9gUMArAnhTzmw\/Xkn3mdkQzSWVu4aAF\/\/d9caBq5UL1UsyZF8wXlxfJlBBp37aJpG2nKuEvm6BF2LJ8drxqSr35iQyCsS96IaxNG1QT6mySn6yUJJsBFTQe022CdM31VNWaRoaHtpRLujQgB56qEnNkgULsTC795AnjwrRgWfonX0MDkzYh1F9HazGYLRzSGrlEb6ozqXsakFtOHCe4RE1o+khHM+ddPw7xhK7MIQerOF\/fL3TRBMI\/AmEtXrZOePHMjy8JY1G1\/MYpf\/tT4ORBCPsA7vaoI1Tokn1HofUnqqv2vleftYM6lBm0h5quun1SOOjRX5uNSKqoAw75uyHCkFAUwF+izoDgpIEEsrscpvjeKdQ92HbKA4t87cdwGTHX5Qo"} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417113176734,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417630732572,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1621421253470357} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1621421253470357} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253470357,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLlAAH4RBzKokEAF1Bb289hQAbsFTvjXzP8AAB0IFOutyi98gDkAAEU0QEoUNnfb6spEl4sOhm7a3kYwPyh0twGQme8gnUbSWjlTM0eV\/33jZKgt8R3qtWDm2zSx\/rpQpEqQQvknW76YTyqy8lhhBH0HTupzxapnAU360wL\/+pHUQa9kkbfGs+rg0fJIwO92cTdSFU4vLU7xVz2fVMJaMQH8aHE\/1fVdWPC5x1T42ZLsnrxIMQ5wxIFrryrh15fMsCUmzvgSHxA\/i23NsVEQK0FaymSQ3vTxzLlBUWH4BZEKhwxODiawYJVn6KqbmqIqOPZjXiYZhiN\/Oc0\/LeCyQFaH1ri9xPnu4k\/db5yW\/Vm5M7J0u3m8iCZTpmZh9UW7Vz+Tt6ZtpNNUgyHlXEXFJ93VOxKXczX6MviwyGemHWSQL48Z\/padN7yuSlVEbH4WE\/x\/ebW7zTY276B4XQ+wlkch4ZzVURSVv2IJCLTAANRAmruSTCorJVR33qh+1laWpf0XjXQiid5xdrcBQeDZrONgOO69EM9SiLwEVtc0TpitDpJidyT0U1tQrFl70d\/XEPdy6sl8efWo7ZCqMlidLhPlq3NrVHxg4+Rm0hcmtJgElwEuqTGiLadNGhoT7Yo7j8pSYgNw7GRtSquhp7H3+FF2Y2bFNX19Z9+rRsJB4pUiilB5tu0adouOMnwmGTBRsatrnFOOtA0F2vX+LGN0MZFmEF5dpYuvWiLOa+K0fw5uMZaD1DwO81ez++YVlEQYMcGk8nRbrvkTr\/h1NjMg4AGD90jQKUb4FofQXWaVczScZMMs2v2AijtxxRDHmaMhESOLxFfFbAGY7GSyIn06ETBx10YXRTWxeT0eUKlaLwKeXgT1f9Nzee8owqgOKrkqV2dKYlj65fZbe64rFKZ1qmuSQpeN6luwI34bKSC\/P1YZm224OWk7dK8zYb6iVGqzON\/pvHnYbfT2ttIlhWIYxtY8Ju6yt1zHvLgcU9f83bCChlVephnGaWCxUwUlXnYZevAlJBygTGyZxTz2ZSb0ie32uT7qgPEA8\/VhOVmgfgz5uz1CkH7wK301uXB6Jd+vCV5C\/oxE\/jofm4fBRgusDmoz+6N3GpdbS6mlSoo0uqerAGszdbsmbuicOljSko4OAeqWoT+mGW7afPjx5a2FUCfO2SrBsu8hZPpnDhlhRCeKCJQcAHRB7xgiDd9eCcdbKD7Wu6I5NAMZ9c5cy\/ihBVX35Z+UgC3RyusmI0NtKYhjUDswCM0eyBoXLaZPl8INR9v1LW+yvOTZym8K9Aj0qNkha5Yzfvxik20hZiRqz1bdL8xXLCFYqYMYQEadOjp3L+P6FsQzEDaOxkrn2NuRIxBUQl17JREUFH0XnFwFnMT7z5vgxqMs+\/cTusvocWbp9TisAPxAunu5IgIhjJTjwzvXKQEqGGTx\/Uv95lseYEkyPjUxRZUqo6ayvxQzUbD7WzEPJfWp4V0dKCqk8jMcfr4gKrj2FSp8Pp2y\/+11ISOglp7xB6eIZFO0ZgRIY37WC1adnktqCSKXkgYJUGB+Oc8sMK4ta5iGShCsKCGNc84cXtiEBSa78agZzOMcgLZMHRXRJQcxDXBaC6GCHQXnLhoom2lIO8IpQOLCvA+fkPsBsI1oOJHnHV8O+hHfPFWWAiSD\/PB9nE4NwaIPKU4ZyWnacfkkFlYLZfqca8KZX4UtWN\/IEVTbG6\/oU7nJ0oyYFSxJfcA+XMb3hdr7h9ytVk4VGIeEwTkm3q4IbP0kGL00wYVhVU92VFVVNJemgeHNnaAUtTEkhmyuDDVqFnLFxbtyS6nB8YnwnujNnjXs"} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253509654,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLpAAH4RAAiokEAFhcpMaf3EAbsFTviHzf8AAB0Izn33GI1xCTwAAEU0Q2KPp18EaD7CNRYkzOIN7dKmyWbS+N+cMemkf0psuzAGPfIWZySwPChV53Otv2dvXoDe3uezGPqpumIIkBf6E4Y8ZQDOb1kq7QnyaNj76pl0Rg6iP52gI2ik9D7s1o3thkJPMbsfxV+fuIPAKjePBjQmUP19frND2eTijGA2Jo0+u9aOzf5exzhhFq\/6nELW9tIN5cnw1mNp97ad1+XFptBiaaHUht\/AwUETMgLsBZ6XrHBGlpBY2lK8op1hzm0CnYVtS3Djsl5T\/wl54X2bN40BKcjIeQUAIe+9lSfAyX9VzGt1lyeq7sDtfGOULnyc3MRIbszfJgkdcma4KWIGUispqWzhbI1x5e\/RjTMlYyCVLmuxtCNhv9eaj9oPhvwV6QA3gM9QoCLiA0CWKH+SJGX2Rw5rZxYoMKeut8jwQsj+lIDaZR9I2\/AyKbpAZBbM0cPn5VbbglsRXZxJcp2ZEFpU9VJWoFGfCqiok1ySmzzALJ2o9fBW3oS1MBkHpHdYLwXsXSSHZum4zp4LAa6hwGEqhfT3QKMIosJCyQXQx90hg4FPeCfhcCzS0yMxKuIS7muPu13HLa3vp6BZSjDm+YGM2\/EP2rfLAV\/u73iBfyrpH4MVfT6XT9GH6DxrXWXPtmgj3dd4ZDJSS2EE1yZ7NzZKZHIzRIJhx+M60uskyfvEmdMlqpu42sPL14XVPHdNYMnoUS8X6WLni0o2VZmxQk3SYBjLMZKHNJZHUGBqZyOnDiDJEDUgCVpgpbyumDZBrRfKCG8xPvowcATyQ6821WIR6CIzs8Om8jqqi0JAvkN016aaA1p5ZCJQtyIP7RVszaos5bQYBNnQzPdcPSfCMMPRbEcbBLR\/8PEjZSJVMTynsuFnVR9jIDV8r\/dX3HTmyKXTIz0yNwtPT4H5hqTdaTXb7oaS8Zarj3bCmVeadB08cU+k5BSQkWcmvSsbxQK9L6WXdRC9SodhjDB9zefiVEPcSl7soHeKsNvYTyCkd\/XAIWMwe3bRjY+Kv\/KQy8Hwi5otEn\/W6Ht26F+Edg2+van4m7BF2EhqU16TwOM2sNd+iloXCcatqE\/C3MKqQU0Mkp2P+yV7oFIESvsIr0RB7rv76hjn+agd\/IgZmvvKb7bk9hq2XrH0HI1yi6DgeQgXvNKOZmzlAcpcvnqKhOiyX1pKXCxj5WdM8xyZrw7dWBYG9J+ZB2jRzA3N6g9gR5j+cHtRybtWCobPi0uMCp5Y\/TwozHIDGhNtykeb7ruqTg++bwL4cJPnLkfBMRka0gmne2r23CHGqUhUs182QVxVo33BcapLgO3qmkaZWUAfgES6E9cYn70KRY9mjRR5JB4LkRsmI2UaT20HAZw+DxdsM5YLqgbKe6dhNV2IOrhV\/TxAVxh6mwBPFC3umIWlZnFUvPCLyY8UM10QQ71eYC1SJ9eB13EtUmpWxQLGyueBG7P4\/oLKTc8PuLFHXfG9dQSOw1wE33A+f\/cnDT1FhhN1YqVpJQdPwJ4Wf5eVBxsn9JpIRrPWbarviWoroALVlD67VbRZJNKwOmE1HEEKRQZwrLkbev1NeFysxZPm4Y3TUawK2sEWayDygW6x6RN0NNG2Fay3n6wsNuNc5zitBxQaUj7zNSVElsX4h6XDvK98\/ECQwIKitJALgcMqiEiqaEc6pa+ihQlR1KKvzUudiOciEKxejDPhTjufOq\/UxVIzxEe1epyXEZvbVAZDgleZWCCPNPFEFpRRnINh23vNKajIxj\/Lj7QDAzP1y74FtJQ6jIyHxOrz"} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253804100,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMJAAH4RBymokEAF1Bb289hQAbsFTib0yf8AAB0IFOutyi98gDkAAEU0cgaq22OVD8Dk3cOFWT0xE9g+YCtQyxjYAZuBA+biQ0qlLk4G4l4FhrZTdWwEHJxix0i32WGF+VFP6SA62mk\/ahCh08zZkteiAklY2im5lzs3+hv5CXVaBoCsdKzK43351bgh7lFz2rLxgClTUrt+ggkqZgyH3xqh52dtUrDyoAHPTLnCu42bYt031EP3XjXnQN0tMqOu6lBcFDhjD4aNjqQ4gVCp9D2V7BmRO3otj4hId4G69dqomvKCMk352TcjhRI9Y\/b1HXLPEwZJR5SMYjM0bHHNJ8TU9yEz2sN8hXpEtMivH1XdJw0Eh8yYm64H83Y0HweIMWoyJiqpIlytTnrgkym64mLXXZYZW20KwPHeajlZF05XF3+pFt+uQ4GzrV5Dcx3AxUpXpEdoKl3n0ELxD0JH5ljs0a9w9Sbz1XKL5rFy7vCM8UkbGTH6qJsw9yuooY6A9x3BRJQldn\/cjpkxSonTfoT4ntKav5Abl2PQ2R\/XKxdCsedHmqW3DEd446DYQ3V85\/1reu7YDBrYnSyXTqTmbkWgxwxd8QGgoAa5urrS4Odki8E\/vxPzpvhWle2+YavjiuVnuPplOSMtA6eRixeu+Twyp\/mNZvJOkN9V44x6h72ppz248KXCbVBzRH+1a3Iw2Xt2l83WqoJ1ekOv8wHN6\/oiQJoJREH+g4zwPsZOsNyZDHhogPOptnRw+QNIjvRsgAplHaOx6D\/aGIthoZ3wqTLG+A+DTy0A7fbLu\/5uA2OrVkih8zEFgbKa96QzE7xsqMQsB29SUtTTgtaJ+x6DDlTxsS4y5GvKhs5RqCJuqJHJsUqQ+7qZO1IlfyqPjfQ4TdX3QR4WMaYivWpDgEtSZdNrgxDq2rS0MQKGr8L9tinW33cwo4ycFk5CyESoY2JbgbQLKBayMDiWClTvZot+D9gQ1USNgzNYyMBTHtywu3XkQJpOb6Cu+Cndw7HuOQ148pj8juCxBmSiBwgMqay2jsiMwE2rp2FJfE2pZCpCtkbGUbTD71AKVtAmD4PfgtOBCxaFvaclNBN01TZzkSP3ySV9xnlyk0aicuahfnr0uqssjLhU2lGOlia1+DO56SRT\/clcAVgh6RL3+lpZujJgQPm5EcCP+wloP7VOsnzWGwL9wZ7hJ40ht20W7jRVj3M6Els4r8Cq410yu5FloDOrNepfpbxjkZc6ldqZDdLri8F2g6JJ17oGz0uM4ZxyqgwoLWq7U+nURI2WoUDTSzDrhufyUwR4DJ9ZV1quggqjhetj0pzAZYuRLflR0X47yy14dCpQ\/vVyn1z2ua4Ul1zLKn5MiWFnBJIu6nyxsGQcno71kQag30voXKBH7HnrnnqUlbqOkjLEl5S\/FyD25Vd5cXtgniVi6A\/QPlDEt7HGYkYWr7\/lkpumd4\/NE+Jp8u8oDIJ2Pl+kBJ\/VZvw2TrQDNhyPOtdvHRPiEX8B8fs+MFSjeA8jQipbDbOQYT8shK9HjK1kt12l1A1WeA2E3iBlpveLOL5cYs7Ony3vhCFnJiyDYilQrHHcfZ4DT7xi8UHB2ER5kb0BMJsGRBThDiMxgHeTo+e7mFH8tDgNfGqLuRHyVlf8NgieuPUXEgyKmqYEc4LvmX4l2717+gqPnFHj\/U1TWUHnb92m5p6KStXy9LMrfKKfgW3hZcvDQuM0RslMbJ8u36V\/B9KSp7x2ODcgpxNNuc+y4vHSpU+\/5E4AvDNNuskmG4wvM2AAovGTD43c7ggngGXtjGnBtB4EnktPIpxqtYgo+FpqvKts45sp"} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253809118,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMNAAH4R\/\/6okEAFhcpMaf3EAbsFToEwzP8AAB0Izn33GI1xCTwAAEU0rIRdWSpQJq8RNm\/YHCWv+5lOAS3ExdrQfSyR3179\/1dRds5Ne7rTKilnr5qOATiPuwy9kvVwvXmlvh9A4pBwrdy5rwj\/oK+soxKE65UpWeIIcbWAdsENETDsJvZbt2iOx1FT02Zh0k4wZRYa9T1mqEIw9vucjUxsVJqzuUcDQocELhq992N4Y\/d7WHUCkfrvzFkWLhfQuDRyyFD+FKVASnwCfjWwtYzJWfj8xdfdTc5foWxQy8HwatcneUH3Xe7KQloP91UPff0ZYs++gTR2OGCqiGo9QElgV7ipEPa\/a2VVjCezu0CEeDpnKAtNRmt6Q4uTlIuuLMwbpsrTE0g\/MqtsqQu5OpuusA8+8yooJk3wiUUBIcxT0LyFbbJBiUpy1jybiKvHv7sxWdofXLuT2tOVm\/gYEKYpYhJ2fQxRlq05FJNYAJ3x+IPKgL4hZDLQvZau5wz24pWxuyqaqk\/7pdJCP6tcxGJEigvqrGszDAU6Vnuxr\/raz+JVrdGz71r261HwLy7jCLV4GVAGwqXYjimp+lVj7ZrdOYwdRbkgTFkqZGqGyKwNKcvkP\/vIHt\/aqsMYIwNldiK9WOSo4NjVWqS9IQGKVhUKZzlXrupygWzjxqeGR5dlZJFEihDxxcQCXNUgswqiXbBiU7jvlnjci\/Wa5nSBAjcoxUjUtEV\/Hmpt8r23oBWTbgRE9axl1IWGAHI2tDK8zoknUr82ajxFez+Gh0wDV\/MCeDcDUfVqAg5v+qUe56To\/xvqvZFgwQiXcqe7gIfrPgAP8QI6n6FSGGFXoDNKL9zay3oJBh5pSSHq1DCM9w1SKpHiwhq80tTvMNgKeuRDzvkzeQ9vDiuRQ1F0\/isFVcoHn1e2\/Qp6mJR8Lg6OjGTB5n9wJt0GQq6bX9nGsaRw4XAmHHPfPtRRrzAXpU5KuOSCBB0+ShvIxmEYlsFhYFhXfYMIaUqR+yhlwtPSDafAHcOechwW\/ra57z3xNbXAdhHXxU99F54Cb3HNcttIif3ThTZ5o7GOV8r62PLfOpQ7VeKZhnB9VXymajUkSEgKnVtYFRaDjiFok1vqKqx3wzDiPNSqp7GpEl\/yN2vdzXQrfZOp+0yTLLStC7aJ2V0VsJ8NuI036psv9S1AnkXkUUyeZqLHQXmxWBVEUWEJ4aw\/ZZNwpJ2tHF897PYgr1CTWWw4CttMzQLaBZ51eX4RHRn9kLCgvlyq1tMUT+4YjYbnn8RYbz9eqTM4rSN8tz92KR9Fcc0\/dMjAdKRSNurGmNpDEtITPjaUb1n5VBZmMevuy+YULm\/K0LRcgr3bjEgYFGgamvIUyTxG2IxIE6DmCy+rl9rr5F+rE4LgtHzkBPE4gC8ikWb\/UxYBUsyEZNAp4YWExPD5uevZdPSpVZ7j7K7PYss5uBH8TZFtKaqXjAaBFvo8+Iamk14Oh0pgrgxGqB5+UxZOAubhS2tMB7iGe14ZAIAuXL57InGtj0kim3J\/3bjlX1lKzHdAjJDSJtTIdaauSA4wIm+5djes7nIN5l8yHcP+jbpw79vdXui0DIhf0YIIf42Ya8fgEVunYI3yggTOU1wruhfAOOAN7F7YY31Q8MJfLj0qlihs1B3a0b\/W6jVRhMJ+QZ5ut1F8vzQhkHEbOYzm8VcH35XK0f1lM+HrHe56zOhDCcJ1Uiq\/nKgQwd8FV+HuWjkyGI8NRs6aas3Ro+mmhQzK2gIzxAmNbNSP65H2kIq72CE6rc1ZiknuHgwgzCMtoH6gzt2XSxfShl6CHvNrwhQToP6hE8gE"} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421257105861,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -27,55 +27,55 @@ 01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421257105861,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421260215429,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPkBAAH4R0KWokEAFJS\/a4OmzAbsFTgQMzv8AAB0Ij53aBXaFj90AAEU0SLKO1gj8GM\/7BPKLNut3gQPWBzQn5YjeWsRqAQjUyhVmdT7iLh+mIwvgIVvzUOLJxhHjuQctv0LRX631bbBEMMF3pBOdFjFZQIZkKsJpfaTuV+rwxUnU2bHKeVloIebl9Hd03S1kOttznSJAQXPQYVQdCo2nGLaWCR4YNzOkZh4A+Iglp3ynlFiH1Kgq3ax2c8pTIXpNl9L3OjDkEQQYoqa4BnvX26mCDoVc1q85ueAmXRWZdEScZQq5AdybLm23nnSrRgIVtgrwmK88QIPr5bJG3kChUFNEb6Qj326VwodIu2nJl3TnhY2xrD54TcIiyK8M1mjcjF66nfwNKkEIT6E\/SESFufOVlvOb\/aB7WAdl9ft+Mim9U4BlJLbA1M2hEMXyNr\/s6u+cjHBsYueURjL6cyap74D70FwK4fSE9fk3xYY2MNPKF\/BAL97jnAn1k6A2tqzJHsZwSzyyXpoLuyctUW\/+nvBXA28d0MohSUQ+k04\/p827rPYEI2AWonQSMbQCAz0aXMWa9QgMEzO1kdWGqTKHT6GRgMR41luSMkba7gddevQoGSDn8n\/q9o1I96kD59QkNrWXvBgRpPjPEDuAZN3lTvhkhI1wkMsnQCh+3FDr1mc7ThSOHVDvrHj1Lm33pCihRhcviFSvDh9KDt2ldWi8CRH3IP27mXAgwEWN7MW58CZ7xIfXHX426siygUSb80QcGh0MbC2cqC6NdXb7jwDX+dBo9j\/62Zx0AC29OcRJNYu2PToqGFzb0MsLqQh6dq9QT4wGAMMKTUCoC77oTHhUvrLWjGCXOjuULsdJuEozP8mmiwHfyW6om2UpbFP3XUkziu\/vMyloESiBOvaG1xmOFxFd2n7o08eusUshscLGHeSq3kK1TNkYBgJH7lGzZYlF3A1w0YXAbAoRDewGZBRGgAycWnJxG9uq\/6QiUS5MkDVeUWNCVal9TwMX5\/i+60rZCuCCsNfpwFYF65Kddt1lyUiJ3yQQ3yrEC81\/+AlvSh0nVJu7TD4+IV4yfqhOezTjS\/jq7q0STXO9D1O5OiHCPhH1vWKx7PnZg2bufgr0umZWt9\/ulektccxj\/7G2bU+FhscpVONsqMMSe8nszXl1RfQbopA6Lr2XL+yzBEuqedNG\/oarLdzVzfbciDEAHhtO2umw8IL7MpmOpbUsppzeNfDP5NjrfxdP3ZZ6+53+pyzcLVc1IIupv0HiBGLs39L3xCnLaO9KJhlGu4\/NgXTntIMz6nwsIjU3XYs9p681vW714W+A\/9BGND8qAN+OH91XxSG84vJV\/6Q94Q6u6XMjJ1a8fRCqQvwG6Y6QlpageJG0MkaaEcPNuZR6lcsvvgXozmz12VWNDD7XlkC9RlIetaFOlO+wCjrAWaaad7F01KTsrONi0Minvqx6ZjHIYa4CdvnQmfIFPvRG2dbtVMue5p2IpRYRTQ00H124FWSAbpmFufFkxzz3roNFvZ8L48qlRvbqfoHbzlo+diCyOjTzCaiLy3wgom7EMWMSpa1wNanraUOP0Cgafhkkk58UkpZ84qvXH6P3NJfusjarmU4bkoENsKKZG84yQKYpg9lzqxivHXVnRw8D\/wblKD0B6HjUVdnwNG6dMjeNePdobGQc+ezoD\/iBkZC2nsQG9kk\/83\/KYDIo1frQ9PGAUp9fb1fO3JXbQdb7gxYJ59BL9yWuwgkXl0w63hIxIfYXlPi6Ly8hrunM3g6mrjaqyyX2Rcbv6s+jqMK\/tNm146acDlsVlCvaDwMeJ0jY3HGC1re9"} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421260513424,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPk5AAH4R0JeokEAFJS\/a4OmzAbsFTtDzzv8AAB0Ij53aBXaFj90AAEU0pVcIObrUqLyarXAGM4rQnKh+52v7aXQUj4GvYb\/wSM3mSBNf9xPhl9FK4ipC+fhOPIGStb9x1zMsHAo+73hJqwqHkOJ6bvqIt\/sGsmK\/ofAbwetCqPp3T3jPrhZY2wETFAN+9XScTYEDqUnrkDVy0GQ9sV5jSug2PtRHEWT8gywc4K+57NH6Ash2BqW8UNx67owC0vArWq8CvngpIrDNQreXdzSYn4wwYJX2miwA\/wEl0gm+SuEtBprHj2uZlu8koRLbrv1VGIheOQE0Nsbta5SQsxKKjZN97iHSxerp4BcNtjqivy7Li78i5gH\/2pVLdrR0qv8negi\/kKSblvjfoEPy4ijg9\/u4RIwFeksyqF89on0NdQuL2+Gj5diZo+zdIi+Q5e5It+HBsRtpXguuRB6SEpGadVpkaDn0YwXpYgs1txuTawl7yQ4ZuSlTzVEDd7qtQzM6lSpvLx3uSWpFvM3GAUysnOzVg41krR4Ulkj+VTnN5KAol+nOz6IUyDJ\/IkiNKdoNBVXk9AvQ0S1r+og06pTejXAB5wfjkpZVXgsRY+N\/xjKDMGEVHELh5Epoie736CGpcBsBBIKZcR8DMnHyPpGJLzAlOtKDi7\/Gt1\/jx+MHSSEKCZ4TotHxg\/Xf1RgIKf3lQnbUe3aB\/BOL3vek35mgVs7wyrmKZQpuJFMrj\/LPS2T3Q6UihyVSZ+cz9VtJhU0kIVXZbg7MeMCnqgv\/yNMDFFdkvKL7oO\/uUcUXQlY5VoYeeWgNSKc3XjyJMIAV+31aTEM5FsgjpZRp0sNQm59Xb20piAIn8k+RicW\/PxKQpSBnnGgYgJK8jaPlnBgEXw4IIpTVsui1MIn1bGpT5SlOh5TYtcpeX7Eq2Gn++tj8GvDhyQ4KPUI1FbbJ0NbqPqngUTYVzF2pjPV2RsKl8tMqOs19XG5pvHEWTNic8cZYT8FgNSHC44qfM5PGUK0zq0\/PiawZaqUQYRh2PCe37WABPV97AV1GUOIJPd1hL9x+acIY52OdywDA\/3ZRhz5AH3VOtXi6eFcGzu2Z1on4V\/38mIWBpYZnh4O771WNLcVabHuK1h65ee736lPwAH1pmFpETlxU2aR14ZxWeG\/L1t\/uMh1SsDCguq7KQ7kO6W6v78BBvY3UFcMUOQm3Y79YpovoK3RKpLlQwqcGToRvTj9HWy45cQaegkrn6dkZvlPtVXm4u0bH0vMFgb+e9S\/Eo9e7MRlTrDXo2UnQkJhJrgWtcgvYsSe2mckaREDq5dc\/ejmdjc6w7425wByLtdYkeZKJsBJlRzzSwJcvg13az06KgVs\/MgeRqXRnkapWJu4JtcC0OoEfpVDvdMByMpq6F01Orvj99pih8TBfE5K9cwc7o7eRFGa\/vbR8mRB4vs\/zIS2xlYSXBpmrEq\/STtlWQ3MwDGTQBh6b1fNakGwhN+beHXCdenc2JEHwzcegc84ZFNYAaFHvYtEA5j\/sdHZ5R7zQpmw8s757IIPaEVgddHeol88L1qAA1ESXtRCjHYy+RZMYFJvwihgljin3jiK2udMMWEQO4P1W\/JF0TJv+oob679cUTxkmK0rhv5xSAjzbEBoPpZkQFmxUaC6gROBGQvRXx3h\/KdYcwayetIOWHEWFh0VV8+Wh3MzCdnjJMXP+plFSgGMbc+RC\/vLnsb2eKO8LMYQ0pI9YKYByfpqJs3guXOtrpg3uzEalWzsyVUl9MKGOQYcVvIVpCkpNZnvU\/i5cNJONYeYNbIy\/q5jUt2zwSPACITT+6UtXWpul6XNl"} -01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417630732572,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260513424,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com"}} +01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417630732572,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260513424,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316093776,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421316093776,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQV5AAH4RSIeokEAF8YqThcdtAbsFTsw1yP8AAB0Id4dqLmNRgiwAAEU0wtYlbbuFGBXp2MCVE6We3QfitRrLbfHeFapauAVaYK5AL9PTMbG\/nZBDDFATIm20jlpnFDBXnrozoSQkKhZiwvFuA+YJAKUvqg2QPKM3oU8xpfKkT2AQR0J9DkN5tfQ0NXF6X7eJrYc4ofmRw8O4fWLwYHZ3YywSIJBBxpk3DxsC2udaDZJvqGhhrqx5lxHNdgWl7nWJub5bWqgA7RiFwSfPMI\/5kRug+dhYRp7DC3Ee8zC6gPghQE+QP0amaa1arTeTP0yuasl+WnsmI9atR02R+W1DzVE2\/wBMK8xOVHY9tqlEVzRvN\/FEe84ZW3K+FiAVxrMfFrQuHuvcnbcHTHBnMHQYqazejyT6z7dujWBncKjH6yckijpEXWZXNsAuDtLV5T3g2q3nsAzYqPmxjAwq2L9jEUkACO\/glUxPaUIbzRZMAWrn1JnfawlUtFWDoUkmp2jeSdN3M4DOV4Btcfl6JE0S5mBMR+cTfbMcWTfdpp7BQFYSHPJCCmfpgjfpU+1qBx\/swhbFbhxpxlnelvZfSKLGYtrKIMbdO3dvXbJ\/svUATGYLFdU0QPDusq4rUjjYNOu89YeAlu27MHBziCZnV7KQ\/7CZZ62vBer12fSYwgYC9kFuhA1vCwIWWEI0nqiCF8WEuILGWjP7tGrAuxfQQVo5hc9wDgMsePag6LNkwHcnSN4R4KOS1V6VWYmSISoheOtUuN0\/+N31BX\/BBdcE+K\/zMLfLAbEeSVyqVT8J149AtoSXuMJboIYDsPyuNx1sUrvqH1bQF\/7OvXtx\/cdwuq0y9FpLI4rLUI2maANSTyvT2wXdthl04Z\/YTlfhB2d0v18nfSnZ0lHIWro94Qz9tRk3pZNg\/6bOm24Nb0c7krS9oaKWYD\/nW26GWKUOS\/YmbucW\/B1591GDEr7Vz9Medns2YxuZHMa760vt8vLL\/edsarlqSTG7iC2dyVOn2D7FBqAY9O0XPf2C6QywOMobFqtrNOS8\/ww+Ef0n0CBYfsd8N\/A33enCbf65kj2J8cjGSNsKKNBj4tAphcU4pREZZB+O3\/Ly1nrLSiPKqvrwDlraB5bWLyenPZKnd0anwZjJixIGkNqzXa4ISQSJFmR1apCq9LxUfCQKJSnoHJi7zWpvIrTdh+1E4LBshyGiVHdr861ZeGlKojdwmnjQq4UIgYBm588gXH6fnrUcTY6x5R5SkG6ySP3+9FKCni2sN+s4jOB1WugJuAizD3hNzwNrPVPmY7ea2u9AgEEAbZ5tqDi\/qty5LhlhUJfgz0tpuOOG5sjNxDfBKwkmMXzbB0UWP\/ZOymvNdRvIO7mkPx8fUewze1kB2XBKTZu\/jjeqOfyykDMv2U5d4ECIcR1ME5SBUPF+cG4JDZip3X9Ncjk8ohwZ9STseLqJ9OTjbovHrwRkTp9ZFiBkXSVMJZ28qvMwt56L7k\/AJJHbrnWAxnK7I23CERceW6rAMx3gAvjR7jpii0Z6y9ut3843URcFEKSmPwW484nhFdNDcZj2opvoj2jz3w5PYglOwvrlo53izXLdla3jEPq0EWSsFCgjfCn1Hu\/0iFm0F9A\/NJaZOLHbBv95sOyVAyhhTp9ia8OHAoDyKO3fdAgduAMCr8e4e6A6OeMRMM9uZdO8nPHniB7\/fRhFarX8\/hBQLOvGYNTxmX4mUBEYAvdX9oiTEGFxFQYms4wxcWEcL4GBZVSteaongl\/UtzVPYTVaH6Ywp9r8fQxMP+pvN9mS74aDwI6voKY5QYc+FIAxKgJlDQtsiDCfBJp7"} 01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316093776,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1621421316389570,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421316389570,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQWNAAH4RSIKokEAF8YqThcdtAbsFToluw\/8AAB0Id4dqLmNRgiwAAEU0su8kgEC6CAiECyO1DkLdw6Gs9g5xqr46q4bXQKhwHnhSO1cvEZxiK8zZ0UUvMHGZI9iz4bjhoHMMbIOMlQjzD7lXKLskiaS9BH5d+nSpKWAlTk\/VzCyrJIDUEaoJEECyuW3tKvwl9spRker8xQmMYntXENQ02IwoiaKvWtw+SOjVwVA8eWlOm9NAMebNzUMZPYZs73GU1OPqu9byjmqUVZ3gNjVQQ\/nOwz51imkNuYu+w7\/8LyJUGaPm5Fwuk3Bsj2YKxipADsvK8J6MTwckTe0mCX\/jSQ76gOCjnkz8hrVtk4EjqvRSRrrQmlglk\/VPrf\/qKvU58cAcB2xVriX4o5h7C5eOAMRU3+HqrLXNHljg7aEauwVEO8m3ekwDO3icqHHRs7WM+ylBxpldD58pCtxwZ0ij9QfdRWH5ZxqEDPqJoHBdj95wIyZ4ORnYdmNnyGHi8MllAUcQIs8tjWMWB3yoe5EdClD6nZBCG59SvjdsYcNJAVVbBE80ehJfa\/upspBC4CISksJmbwdDStCmaDAP9wtOaXIqg9O5ZkIDmdoOOPEfmjm9K4dOQ6LB36bvZXw3SHE4hzY8DBpxFYHrnweWWjg3jzTy7z1UBgCcL5L8M3V1G4k+M8cjEG+qLyzWt+I0t9W8p+QppsTxLemIrKhRlTLQxRaQrn45B1vfZAeZl22mIthc1844odpSJYhOqC6tqIizeYmhjyC8Xc50S3AW5Mvlz9zSASlezjlHYB6l0h4HiECb78KTFOP0RzpXeC761f6XbR3TSUj2Kd6CiigfBxHImCUWBJeYhQ63K13s3Mm3\/yXQW+jtNDe40QrWm9YjjkoIVMSIWB0+IuXcOTK5iuV5r2NouN\/mq7KvUEJUIOslfnalmFaf7ZfIdPjgyQVz9FrKHnQkvaAtpM4SfwUn5akQL58gGN5ju0ezdhVBAUVoBrH7IQl1dE5m2gKH\/nc0+RTVVCbReUNeb\/d89W9jKsi0qHAjg830USO454jnFfGNPY396nJq\/esXpli7iKbr\/IAN7feLYAiWUNShRLTeLj0DM+fUbWyB7fiC2WAV\/4DdYTKVEz03e+e0crF+jhU0\/1fTcsMLkra8V1CBeXadKcji8HnzmIEixBMdXwKZYUWkoYB+sbVXni\/V+D++lf65eXUFF31BC5lP3qxi9ycB00LRdjtUjOItXt+m1hKug2VkfXSqpqc3\/GtG5atDCNyPml8KVYSebQNsNdtmEfNkMvyIkKWIyHjBBCaaBUw85r3hizTmBO4zshJ54arJGmqYVjcViNP8016YDZ66VoiHKaJw\/kSImQpkWf0lmgqvatzHhJ\/LfjV6hqNjydlZCW3sLZFOzRqsHvU5fI\/FmsYH8YkApnb+m45Kx2rJzSfYc+L2hlvF4a7+7fNL+7iaVFfd\/CRuXc9u272HHy40jLVNdRPqq4VV3rne\/q0H\/V1m8ntT3AELDOezhMgwVdok3Al1xhogWoqppG21ACx3PuonkAEFwkyjAL9ONzWF8DLDGXAOEdTah38TMQ2tg2FGelPV6Zo48hsuS172HDmBfJNthoNpqM6oYASTG\/RxdJdiw6zTrPbRM1ewux4TQduH6K6D3mWsV29BQOTHS0XXpDSszpB0pT5xkizyunUsTMnSmkyD6zVNXzQ5EMXzILn\/+7F\/G\/+5jctdI6\/dPPPLJpa6WPKzVPzwwzbjqGjx703Yxr\/kJULthDE\/zZhbousd0J3udWSBLz+4ztsXYH8xhH3IUM9oirjdGfttWqzyUvhSRYzH"} -01051{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} -01056{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +01198{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +01220{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} +01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} -00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":4,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1621425498439786} +00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":4,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1621425498439786} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621425498439786,"pkt":"AAAAAAAAAAEAYl3ZCABFAAVi7ahAAEAR4FYKdU5k++wSxqzcAbsFTidpxP8AAB0Id06oCGAS\/SQAAEU0ed34HhSjMqu3wM3rp8Z7ywfKnATeCO1KNQbG+Q1AYYt5I2GKbEI4LPmTF\/Dg8oRvZW7+Hps\/zeWj4mRYkEWQqTJ1jKptKM4UEpyPZZwThhNGXqmj6pg6xKApWE\/oyF9g97k8sBAbAFjDVYEhNEZijtx\/4YuODy3D9E7bPZxpgcPMwpkKYui5mIAEgbi8+Rn0i3hcxUwY7q57V8pjWYX7+ImwcGnArVGy1OpvIF+ketJD73EkvbYzvYqF\/dx7vL5C3WdaRiA9Mfj4FAMj0RdomtiauTwZ9tZGvrn5iZc92HxM4jvRW53IfC7AsWzDXs2r5WAp0EASs6EpiisrRUGhmoOMYgx78xwP+jWjx1XXxbRaJ2HQc1mG\/NdnL1nuvR8nTgTtoDWHE51rI8jwmgCKy\/MRsXgdRCTYt8oDCgeFipZsTgwY7S+w9r+p5dQqS7ggXdDcdXTMpzrMFGpZUtfmnyOuFY8EUJBOZtyPVfAgZ2J9lHR4O7H0HFN20uv52\/nqryE+o15lojuNbE7xE6hnJRxYacEhTZ+adxZvTe3ZbcZp+ArC5OwrDguig7jjNBMIHugEUzqkfH\/jaFQLD8JFWvrgHaj8qu5B5PjtqF5oB1qsGzCGjGh1UBZltV0pg4iY3Fee6NHV1exKrosArB\/8w\/C5lj6qgKibGsNPFBHUDqfs6Jz8s6FD8M0RwKxS0XYvh4HQDhIs8KDnCgCOc5ZqpGzAxWE2sFtQm1X9ZdTNBYdCxTR75QqGKVUyAwDY6MS5DrXKqWXB4m86kt3QfAFZUD0r04ROd5Iy0wrnwdGHMkbwXSsDDW5fdt4YYwn\/mhfO7TJ4ZKBrSJ5T+p8gpO0GzoZC+lIbATWgjqE\/P\/wDIp6NdKYeA+8geSI7YZP4nWfDgSoIHZphZHbocFnUUiNrBJ+JtQJCV1GcW2T5EMvwWWQ+zc5iC76n0qfV0F8WZ0UcVFvIhbjTEkm5tN09Sz35bubHZC7borBe9wGaBdUWuvbDKcYxKkDlCqHQh6sGHMEZvO8ITeoApd4s+sy32VthAMZfwzAkcp543Nd9arJlBQRns5ovQ74CEqV\/1SFXZ6AcxWiYbvYtKsu\/PXbKxEWRX\/bLqtCaRALrGa7LpwKvTT+nAPIfY1QuCMkJVs1njoj7EW\/n+6IFSplTtx1+YI+f46mZhIFNeEaX2QhADqN3oRrKwNDIyXpLg42uHmw6eyK87UJQsPtU8fbi0YLvgdhwLKYwc26rmYVcgZA2atbyib2Uj5alm78AkDkA5B6DNcz26jK7Xdi7HuV2TaALNudIatJBaYrNO2BlOvKywUaBJyggz39eP2g7XmeWd3aYE1aVTmJh\/X5Qlrz9C2EIg7WTIcETGQEy8F90A79pH7Soo5GcuPSyFrXtm5pfyZ8ekVtDas4uVjKMf\/55+t6uPRCl+GGDV091JgGbVqRR+qTbedv71GzRsoHrnHdTCw0\/6n5hRMqNjCHohMyyw+z8G1vmqSYMeQSMcWwzZON\/Jpnf2+CCqG3a7qlN1pPPkFyQhCllDNBRGdLWESKJhwxAioLHXjcdaXMywR8L7AS4Q2pkh1vrE4OB5IkU5Akg+78J9kzElSj\/7UWmlJ1BP49+zt9iG1OkS+1eOA9H1HXTQnB3rdU7jlLnCc+mS9YO5piXufWtmGBMHav\/cH2i1z7Nj\/YeOefBJDB6J9Vay5mTPGEHAWOZWU35b1ecCTk0q59LDDSBSuCpCzIgENLQ9BsmRpTJ1p\/5t5pYrOotQhCsIUt4ZYseRcaE"} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} -01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01196{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} +01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316389570,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621425516873917,"pkt":"AAAAAAAAAAEAaACzCABFAAVi\/6ZAAEARdvkKdU5kypibedfpAbsFTqmnyf8AAB0IsJwtqP2LOOwAAEU0PbMNV+Nmu5DIBUiD5lV4SUmkAFIOJpUhquUbkJoyjAxBM3gtgG81k6lhzA3GQE8tVB\/S296\/Vm2Zxaenrapxc2ryyJf3KX33MoNtBeSuxOyEjdN50pJD4IMrhuAo8nfxKG6fLj9F7lLvICTV\/vlkHUn8yq3RpGdoDFOYvOtuCt1zawf8weQRnfp4xT1kOhHEDxHVv3bNZbM5nRRJXxXGUaGOz22milo75Yy260QtHR4aoaeFIln1kEu0Lim1RK2gIG3MjkVIIfGYE828l6gKFLAUfvWyTEYYCubVd8+CKJEzaO\/afD6oH5Y+bKAztlPySihidV\/90CKHnjQSRTY+hapGYGfImwKn+7gwJ0y8ENI6zq2Ih7o8GVIuZBwsmgHPKVoI\/krv0+O9osznOQz68C3vRsk1lna2++Eh\/eGS6oVNvaQ9HWU8IOAO+hUpNSDAIpk8z853xu8BoWAYiv13BqICJAyIWzO+XisJ7ZDbQazmstS1X4Ro4beEy\/NpDmgrHs\/2pa7Zx6xAb0+3G7FsuNHBfazEIqD5ZaxPUSzBN2h9+9XzJ8MjsV2QQaUNPKl5I3TcN6uLucyXyzoKtyZvx5m9Myxjpit2V2hvKZoZMAufeIdZgn3bjdomXrscSN1kh89eZFiv+8sYO520yhiz9Evn\/LyuQ4s3jZpT\/D2t8PxQoF8xBbRM4zYc7mLtB7P7mWuCpbELISFHcTd1dWZWKO0foIWL29u+grT0xfq4G03G5Sdlh6g1Tl76tw8ffNRyJI3B1Zll6LpvOOT++553ZZZqQa3dmFoR3AuvZwf2iw+7omds46sgvQhiRN4h3ZF2B3hT0H553qSfJVf4VpupfglxjFiuInrFgySWKfAzXArMN+oCMOC4SKZEMeUovKPTvnb6vai123eTNft\/vwXrMQQqNDZKuK5WJP9n6bql9xt+K6gqLuWDibIsa7IxJZOdak6WDJKf6u4rc9CLeCfpZ+GDha\/Ykxp0z9I7MyUvNbVkIJM\/\/ALKQXgF9YFg335wWbGJ8oeev0cFKhtD7JCQbdZz00KdQoKXGN+waVJ8KTPJCUvnXb3d0W4Fg26R\/P47ckP8VwYPQ0fWuFNGOND8uFBwF\/d3ueP0Anz4sfSw9hA0aszUtBllmz+NjVBZMaAVseucfSE9+FWtSW\/KsQybDuj9Hdnq3g3OWz1pqPNSI+HFuqWF8kQGfGwENovGwhVwKpXQnz+0BZTlc82FjLmWo7drbFueC+RSI7H7oib+IE4+I2hWvpUn3YTZ1WyrdeA0MBi5AqQOhNsHHnx76MGBKrRzlZllpZzmHpoD\/tJSEv6IBAqZAZIHyZYvETkvTQebRoyNKdTyTMYAOlqQcbtY58suf6NwY93EpSSHoAyvs7u6S34KR7j2gnjKUKqgaZ32XDZAiXBl6uHxguSNnHz\/0gic4akOjaNW1y36lv+MwNLpamJSA75xsY0Ag\/ayv1tDPlRq0SFYoyH\/L4BlSlxyXIpBXn6HDmzCBeqGRk\/SbP7MBhn1lhwnTyawxEZ\/gU0YfWVdkDqqI72zLJMAeO\/wRg13JYd2UqEyV84a2Jfyk1r4cyt9C7F0rhWFGR205l4xStcaYSinxImLl2pCKe5S2JSrskLuMGU92EeDCBi302RtMnd+pZkhUc\/dfq97n6+ubGkMSI0oohIfiZeWDID8SxamWtQv5ESk0SKFBP\/pMhJHpgeg965DR9H2osi8d4eJR+qyOMZCz7jHyZcC9RS2+yrCjEv3U9YnBDp5bAPDFrSnEw7i"} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com","domainame":"clients4.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1621431299729996} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com","domainame":"clients4.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1621431299729996} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431299729996,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+ktAAH4RGLyokEAFcfqJ89CcAbsFTkRlzP8AAB0IlfQu+B7a8qcAAEU0VAXtGbQ9llSdlBvWDRqBCRlkCr+wLAODpb6IkSqrNtQT0Fq+mFTNNcZuGPLGmtMQiTgX5ahNfvwc2wVeVnwpjQXgMuY9BTiBvljI8vW2WO7xkdJk5ldSQUgRVPQ66OOPIEevYhWr2qgdtK3s4RlbCBiOUHL2oc6mNd7wOVC5XPDLU15Pb1X9rKGpYODdHEw2PCdUqXQXbRHNCTvR++4cDKRlcnhpPvs6EU838tX9PcKuOpDKMkxV6FLY+fNJwo9tnmW2kblEbFsqwJpz\/\/Enxa34NjqtoZhoRtapSyZCnEvopODqREJ\/CbRey4CQrv2fnFjjq7IR9A9vEDzcPpksson3AN1P3XrLmYYoaUkTGHOgCdje7SEGLDVSb4npjqySIO7wN8vp5rSPM5nARZ1XOT9wXoHff7cCe+dyL08HzUnnLJyBinNLpzvNbCMm0QKhi69Iq30GgBOKJqAZysRaQ5GV4Mf0wvX77rFCRRa9yldcwD6XOuyQdNUHPUQ0mVgJn1umvmeNPG6nKZjJq\/KGBx7ctS+gpvFQ1y0aJegnLzsDI2wvLLmhR9R3DiAgytDTiAvkU65nFAyo+x3w4ph5M+o6WWzbbtjsrAAu780wrME3zeXVEG9zm\/D3uptFTZsQMrWiuAaPVLf96rTs6qYSSYT7sYTWl\/jdhLBcFgFDy19mw2Lkw0oDKrrArHJ7yFnHUJtANtQ21TmcvxB\/WIjHCz8GMrDUZLO4OL+1Z7DeRFozavYMggt1qJ8U9KCvWBAR23kR921lFVt6a6RAQr\/I7jLU7sxhNgbORnVRfOZ1MAqQI8IIaWCq4xYmb6WmBUSzoH5\/13r8jfLuzIL6b1\/1xuyK1tWaBwjxQ8cdpzOSdWlwWGTU85r1MWsmvvgBLQno8RQ+AAeZUXr\/6vclKA8Bkt5OZC6F\/+bo8hifoSORQrzeJzJJiiI5FanBwgqgIUFyRIOqxcbjrI0ERcNvwqyjkLLqGLsY7p23bRBCZkGYLR28zH0LBHV0E4a0nhRGBk0f+KMOczC6ffG4xUK4QqemNWTyR\/91lj1denqDLOozFi3s9mCEzX4+yJyt3koNWJYF5um+Cu3rUa5kiznDT4nkKCPucW47nzSCmVao4V886qRx5Fx0iQIhZYySPa1r\/WDeHAaJOfFYJVkJKXBVWbzBAEax6q6reJe4QC08bU5\/zqLbaU3p3TETZVXEWcMzHKQD+xmaiYax8+gqDaZYIyifU0NKnlhkl+knTdJdHOJGncWgecX7cZ8apFuaDFx8UDXeMSrVUMSg8izndsoloQROpF\/aZqcH\/OCBifGVJlyfDkwFvsOr8tK54nIg\/1cnqgMA7cZTlQOsYpxuCu2jMiDpXOfrkKeU1g7FA9f\/QLEQ71aZKG1rpKfo9DX1OvCkAat37rPibslfUdCAi0gtEzi+ed4jZsjTTtLfHjE42gsT3p0neSGtZDGwREWKTcya3MwMkr8y\/d3DdqmakPpf5GYFqWV3fR7TgU6cIOopkRSOcFKjDEWelXif4mHkRTG6rwTb+56lZ51kKqq1jDvERvqFEW5JginMwKZ\/lD3mwE4WQG\/o+y40DQu\/5PR3r5bhM1VHKHeN3CJnGug5p\/ZJp53IP681sF51Qt5pS8LzCO+rVnGa1rCOauVjEFEOyPp7wndr4g313ytaLKjzfjG8HveWQnAWD3q5pxGlBUxjPmLLEeKM1hHQLZMxXASZ2IisfUFkbyzFIAfCK09zSR6oQTD3gwuOcTrdJpdr\/4oePdnzAHWZa\/8h"} 01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431301735068,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJlAAH4RYWOokEAFgPgYAdC3AbsFTjagy\/8AAB0I1Sc982lv31UAAEU0GEDsnXM1346f3LKi+0ayIgknr4Rq\/qs0KnGSjmOfgKkNQLp8xEER9Qne8K9Dj4EYthFazH8nwogOlBFgQV5y3Fel1wV8LOfanwEdPEJ1ZJp+4xJmJEH3ze6GZ4lwHZsbcqCDQrzxSxyr8toIULGu2G\/50l56HzZwoikffxbY+R49tRZw4KX0e9zURynZK56t+njmlBuQWU+smCZVyJ9ypPFqKVXN7S\/8ucoFZ1YyJMN\/N8kqlm3ji7IGbOPNlw7irQvJ6BBxEwQlUJMHY0WKWUxD0Eb1MsXzLo9XO22gWFU3joZpaiSrB\/RDWZ1rp1Hfn0Ci0a8\/o47LT17Bf3EWgNA6oe86KkT1J6TFj5TGCEop\/KtIZTLdJ31PosLBOaXCkGm7G3FNW0bcjpPN+DwH3F\/o5LJ+Jg6E3+JR3af\/NqmM5lUPNhBagosvNZLci5aDdihLZLOTUxbxzA1HCgT\/ERn0TtIo+cvYtDBmA42xHr7Zw91voifBIp9+1r9Wgz2+fhJw6YMkrw\/R0ppcnpZJDX0HcDeOv1QITYaPEMCvPZWtVD56xX\/nIyNhER8spzpXJhfyZ7CLt2MQTJZYrSynYdh2Qhg0W\/Nnv+YnvHUimL5v9ucOAhisPrHZU6G8ccZVN9RPBkZp7we5VOgt\/sHvnaKFG385oGUa113YRpL+yC9+apyL7k0Lf9A9mH6jbSNwop0gbOz\/dSwao004T49FUKY+MYQSd1ZqRfOYZDWWvt4Z1+VpWWL9e3bLpDjurtDY1UVq7\/zyqXdPda+dj4dfpiumFbn95kie6gTbq0Ka77SOEVLy4F0R2VJz0mF6y8BHF7y+\/LWrLPikezYLBu3wp4yKo5ZMD+1RhjR0eYSiFStCQDoyh1ZzHLZrZgvvFV+EGsEUegku5d6U\/1xaEg70OUXkUj8MuVqNGP\/DVAWz6hGuIclLJHMXkZa1w4sqgXxuwiLhqmwpSjmxq15zo0Z6Ez9\/3O8teBesxAzKjLPt8Sjolvyd5nkwqOheF9hPlho5\/02ZAOHIA3HyHiqD0gFnqO5U5vPI269ren0HJGp9Y0aGm+Qy9oejwYJQfgaxeUOqcA7NVscX+RDbbgM1ZMcwzqUnM9YjlXsn6y6NTYw1rNff1zxlhQ08vVArWM2OumIoI++kTKQEg4JkAXQ3sxDPGAMMWQm14xHh1lESh4xPo3UHq2rynANu5+mkgpLsBsJIGzZOygMCZkmyp2fh7iY52BUb4Nx03epPzl6T\/HG2GNWULvucC8GPWEvPtkSLn35wNxlzF8NXX5lfbR6AqMs5QTbFYMg5BCH46iFuJgeJdSeBSv2NIL6sAH5f5tl5FrSe6SEykjojnE+KA8Pu32tMRLNHQvsRLkoRsuGCZmn0vJNgxR0Qj2ZnmdeI9WNinCOb\/TQqf05ttvs0B8SkG2JbukXe8IPAXK8CE2z3vwPoWYB2uzq10A+1l82xFsU23TRP69q5AjAR5gcBo2onzoy0h+\/Fh3MjRkS2rWgW2gbyo49\/6o+6I9tCoTl8e+t8H5Hr7OKKf7UKw0\/fDzsw6vvWL7Z180IeAQRORtYOnhVfjSCcEhIA8M4QlGvZG+XDbkn0clOXH6LrYUiHVBMh0b7ARqcsGvnK0HqjBlCVzGLKSDZa9icKkesJuZEIs2gxlcPU4atpOweh\/JejTvw0JRDflvusFCZ8LggbOTt4dNGmwJ7Mbm0OCxLaIc0U9h9Ubab5kq6QWk6OCd0h\/j2UBY7LZFZszsTdUnL22e1bgg4XWpAYp7qn"} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431301808564,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJpAAH4RYWKokEAFgPgYAdC3AbsFTrrvzP8AAB0I1Sc982lv31UAAEU0zeT7R306i0MUyYVVPZIk\/KZWGL6jbpzbn0wPmz3fvD9vdn3cNYtKf4Qtet1U\/nGKiDokhhMmX3\/BVLzQQyqFmb\/M8TdFlsBDC0dAZ5ykvarKqbUTSTgiy95Q6LfVZMqkeHJMsDpJptTPVl7gjw06GKLx5TW5G91hLE1FqeLb\/dNBqxaEBgwW7oSUsitPRczOioi+LEcRagKP4t5qnZ8aDmpfz8FLrvCECdKPswENLWuAf9Vmj\/tnC4GhgFxsu0TzsfmUVaQeeSZw9PR7DmOen7ZDKqiRf3DrGbxH8xiO73GPBoBDQjgENrZosMzfCGZE\/MTUgNw05SO8IzaGjJfPHze+4QhEnPM020WOHSfwtq28RMPlwJJF02yo3wlT\/NJAKohp0A5KX75ENMuJSkJLQaSqe0zoJ0tVJo5191cibx8Sz62pctFEM4BebxdU+RpZo0LdowaXCq1sachUxpRRHMdssDm0qblyaHts6qPgulEBH7aEgucpskAryrCvygwocC7svHgVLBmM\/+xK0IluLWY+kqgiVSTrV8WnG+1L5QgeJxSFASdp6Ns0TgD8Il7BJ8o5ajit3BypcmDF3DPrrI+Qx7QiBRmTSSPFFvm0GF3n7i0EkY2Hm8DzbT3wnL2YHAkVv9zggjYvZo1n1LI739jXkeIRrfAzGVeEvRFZmvKb1OdgKztEkV0hoFvvBdOHeKuCUUz4hKnv2+\/lYocOo+kRXiezYBrj7PqFapYBg0p2eH\/igSHIYxfLy7ikKIGXi4rRNmWXUqjcq4WUp8XDBW4tb+Z90I\/+mhDOTUok1Nigx2G\/7KbfM22h\/apHLFvkn9EIt06RDs3B76xXAur0AM2Ip6AMuYDnxYolFxG2K3ctE2xC1DRz7n0lKt3HhiR\/P5zOKCm0DfhmASldwBhjifKegO2oN9vU7M0DdrAxP\/JNcYjpWs+ie2MFdu2lsdJOex3XTLsfX1fJC8LBGXc1sOTG8uWnisGATLFKyNfzBcvv5C\/U2hjtcTGAngc3itVAnAbl+4hQ9s3hUMWsUk8+RJ0zRwPQbX2nZmyIhql2s6FpohxHCq5UoWxXh22BLb0zwRAvo6A759ODMT15ISyiIq\/u6XtqcB6tFsY4SDCIUFZLCzn8LY8hNbxKnIvT+kZgjTz2dylh0rVAxuhuUhpxNkpru0GmszDQWJ+1v76Pi\/R7HWIGyiEs+YivcWX8jXFsjBB8QfSitgQCCwYnJt4tNaulx0t7\/KVoJPhMWx2cAxrfacv8GgasdSu65cuLmWAlMC9W3slT8e4g0\/tto\/lATo46xcKpYU+fjCGriKRqNQMloM3kkzYIDJ3SwWWEk\/P3rFXpQXMr\/b1crw62J6Glt4mO9QzYLHGzgKwu\/euJxbE+eJO1ae7IMc4NRHHR85ltAKeR8XgoQo5N68sqCn2+MBEpQtbXHWnBMQz2HW6tkMHrohxRM8\/o23cHXLk1EsRmSry6aPgKepAtHk5rhQZjUer1NzID\/c8S0mu1iEEhSc4CLtwDa95xWQxcI5HMEDAcxxwRU\/MIaLOsI\/5mt+17GR+up2thq6thFHPVXAw+joWJg2Ed0ILpT3Tut1YgVVqZwcLTcnwOfBYMiG85DaaijQFB0dttNIqmW221\/RwD0coicDTwZyNZ\/VM3mnoVjqC6Lpsnt0MQaGsPhgoIU69TDIf9rzi7vHvOjiyWK40BX3xDHBVCSUpf7QS+RYWcOrXrADOELfOVIriZ9QMjQ4fxzn65DpF0UVgcyVId7aKLIvC4Qfz3"} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431305591580,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431305591580,"pkt":"AAAAAAAAAAEATej1CABFAAViY2BAAH4RsyKokEAFedF+ocUyAbsFTqiTwf8AAB0IW3iwt+y2cooAAEU0BEmji8W\/r6QQo738TO7y5dSuNAh8prkXOpfADst+Jc9Q9tTb4UI0vRbpsBAc\/wRyLzFYUecQ317zmJMLzTZl8Jd3ZiRr7yYjKX37LDNWlAoicKC4oliOH\/Fml25DnlNIMC5nvpDkdC5bMRw90FXK08RrmaBrmDz8JlipdUNPgq6+Ks9KDpvkjFtGyj5dpZ3gMuMYJ\/WogIBs3JzPpqngAdy\/QWH\/r\/vNVwYPPIH7tiEsC65BQyTkA7HqsyJkff7L\/WpxQokdQkBU8i8+seczGsyXRW\/ZJe3L2iHzkGEklOIcNZo10nU0am\/+mFv9bszZ1gDimSJ88GZcWsSJNfq+Q47ZVtA8nRSUIxcfLFnXeJPf6PU\/rb3+S0qU3oZcpaHV6agh8jvjdO0w\/VOq8qxpuNAX4LkLt40P2U151YrBr5x\/OeUgR+Z6s3QT73\/HzfP90bJE2S0skEBr+RDQY13GKYZklk5d8PV2Kpo38KXeuKakskZ5wi2woJvrGxrjC6dy\/btETblhn8osDCW539k50fXlOVrNB4tYZhdBrjJHSlXfbwhprDerXi32Hb5v8GxP+TWGbi0qBKv5xhEw3E7lsExoF4hu7AxtupA6MXdD\/\/f6nsoiLIb502HAdNTho568FOnbHatxotovMfok8tB77tKCpaP0enN8SDSqa1eXr3phlwvrsB1N8IyoHeHhPDB3mlqSTzZyp2hhDwIOLk5l9eNXb4xHGzjApfQLHaY0en\/gogDLaQeVjuQnQc70f+A2ywlWAXdLkP2C9LVdtL1r7vtwucagunaQbNYFe4w7n642v6LRQNiKSvAkNFxBJOicXbTdkburmROhEgL56f1Q93ZrU9KAY9ux7cXUbSz2tjxs8Qa6wJIeIr1x2JPW2pY3ylGZZDYZAu7yqS63SBDTa0WDJ2YdAWunIZm+DAVfhjaZtAj4eI4w6uPQAjhrCoPjKrLErXzuqx7sXAJFQxO2A4zcoit4huJuMpqzdY1UgUeAgie\/SSepMph5oCom4eMvOEKwkc5QonRZdyIpiAxa3aAdkn30E8RE6dtdPGch4nRH6Z6peyUQ\/xzAePd1pt+2lyuSFBwrXLkpjjk2T63ijkoMVykG1jIHqTL6VbWyhP4hLLhnznJc2v\/BPjkdBh0PPpuMO1BZZkopd7nuoNr7BIQeDS6PbzpyxT4WKDIasLmDyHw\/yGw\/r8T2HaOKcScYHVbxhlOhwg6vkVvTNtbDIUTpL+GcmTWQxz0+awTxBntBHWW2XF+QqtpquB3MGHkRjBzMGrwtChsrY5glPcwPNrPPPLFMguiPMSM5jSzWBWTIU1NciHn8dCkbmPwG75IN6zA3mioUEB3Ek98007I\/5so2LorUnz3QUpb09VXFeljvTD2\/ONwYANmDdDPP3pM62BtSycqNiX2CbGC5Vyjl2JuRWiIOpVgN4mTK6bkJK0Yc2Tt\/hfALU39E0hCz98Xsbk9g25C347kmDI+6o5J5KOTGciKIBmxTx0XS39uDAuhpOwuMMZXpcx4Vf04JfLuiNBot7rciv\/jQgEJAvfOFnFnTy\/cjvf8Z72bMe3Clm4eVyPKPxVWWCFWN4MZIPXhStwfxp7L9YCMfW5\/oi9I+Q5eaFQyvJaVOOHoLaBbG2DcrLP0Wl9HuaY\/B4CRtnuzBzHGKGio7n5DsFpRrH7tc6ky4QWHp5YEC+gVU3FroThHyBQkDCWRmOzPOImY6RD6ATpJNX1fGD3U1V12VcoYmjJM+eh+pvzZzfI2d57bkQ+g\/9Ch7"} 01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431305591580,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431307075029,"pkt":"AAAAAAAAAAEA00bUCABFAAVijzpAAH4RCgqokEAFnpLXHvS8AbsFTmfYwf8AAB0IMX0JnIww67UAAEU0WXLvZGE+Afr+idrQ20zR+TEoH4qe7FkehtVpAee47RFYupCIo0eg\/DcR8TUJutvknKHjy6Va8WSvM1EWCYimGhVvNrQ+Fp0wmM+yyFY35rO08kD00xrPXP1H4Fk1Ofd1UfnQJk89eBBrRrAgNIIZzsqrTA2YPMgSp4UwmAVHJRtVJBMno66qsQpB5MQvisi+MDZENkGh9aq9g0sgJGWK095wFoEHqSie1cZEJH0NF7S9OLvFWBFqkCvegn2Nbgv1X3v0U4FwZWypfbJWLFwEnbR3285EnVWxHk\/SMMkHZmF0On1dQwUg3Qj0eZgGpqJ+FXEKe4uYJaEDgW57O4nU+0rSjJ3XzXQlfhw\/N4zTyFc0pjNRVcZvLiMXSfY4zYW3s6AIQlPy9VOM0+Sd2IN1gmmyrlJylMJVvj5QnrEWhimJh+zZEQruzz2mkSk8RFBjfgmsnANxoo9pkoo1TS97QkqmEvwlZfg6yosepp9RK65\/6peOS8TJ315KsHvbCu5MVzH5I4uEAg3ATybL0\/q2fjNpY\/e5kXcbiGD0xrzms9EN4h9y46YS0qZtRxTb54e2+c\/tkGE9oXd6ejJH7up2JrHyebJzWgY7y1\/4vmipy3uHgTNouauHpshSLQuocj\/IVA+m8M+S\/vIZxEEN5HxEShVKdzz3MydKf3IeaXIEkOogNU0EAfQF+FNMB1pAv4kA3D\/lhiw4mNTz7Pn2czcGqAoVM9Tb+FIl0v4naUGL2XsyFHEd0pdrvK0kyagKybt4WV5sy5dTFsU8oIYAkaDi0C0uvM\/hkA5rmYfgUGBRK7JNxcGRlB1h0fO7BcK++y+yfMx3k+B1cK7ObenTJrzFdENU9FiKc1npqAEG6qvPQ0489f2iKZpGKUe0BeleNnG8VKEEH4oM7w1ZPNdb6xC7Ch9EIMjjHN\/cAXUVd2BiR8doMWSeLNhCQrg5YRmEpmom8\/\/QGV8iDszvv8hWt\/MyXIyygAe9+QVeN26ZFXxatsAZKhRgqeS9+v7iRbNhTv\/yp28d0NIRzYLEysp\/VKAJSY\/PxvxR6eYrq0gk8M6gyt\/4BK1ZsK1h+llwW9nD\/t+dSlwau5F0J9hNHyoTUxT3\/2rWXx1WBqmNf7tT6HVASdYqI51YLphC\/t4BsXjG1U2fCZdns7t3a7Bu9FrBapBq8ozxlEwnaYBf9iuXer9XDB+ZQgwar2qMLM45G4ilP6GA0RkrpFDMK\/tSM78ey1CFRzLoD7+UjYyTIDcNhz56WZW\/cCCxyuopmvh2HuMiOaBDLX0ZH5LorqUuKLVpyJEcSbWHqdDvEIC2OQcfgQk4oVo+j3e1KvcgwqJTHG1uKoIKEu0XzvPdTW0gMnxGMRrPwDFCo77mU+Wk7zWBWHmjHLet1\/dYxkU8+0PHq4hWTvyi2WvPZLluvohq\/uVh5PNNj2h1VQCyJSuGN4gUneosa8Kp16gjYZ9wlLexOQBxfrtdOZHNANUy9BWZE48pGmjMCVwkfj5AoR+lwxIH1PbYVdSg1W6n2FrEJeYRs9EjR5zk5Ib8sLvbIBr0bkcLFp09zWWWvyzA5kGStYwmIoFVfVK1M8DAb6EOkQ\/RECglK66h9GO4PSBtbey5+Whbs8ZQwqwshqhdGjb\/1OCebCFnJxT4b25yYHn79Vu70lJgCSdcmKtbvBQodyXcJt1eGqpdLpKIO+Eplu9mc1YnLPgFA\/NdEhN2SwFoPGLdsaCDBDsYWHvxDTBH03HR3HVl7PSSq9lVQAnF9xjB0hUGCVyMcbzWm4Fj"} -01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01451{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431309055814,"pkt":"AAAAAAAAAAEAS1QMCABFAAViW5hAAH4RACCokEAFCUGp\/PagAbsFTk75zP8AAB0IoJxBQBoX7TgAAEU0UJzG+bCyeSlhjmh9OGyP80hWwr1IV5nm+47YLijEK3KQr7gE9aToyGrLFbSZbr\/ot\/\/NhrLMkx5w9hUXpB6saN0FW9GivaLO3QW6nH3CEbSTx0vN4IWlz\/JYiJgSRdKp5yiIMpfFGjzOrzdapK0tDb+uDfZlGSI6b4fOTqadVuIZa7Vvz80YKtnFc+CKsIoEHyG+RVKlu8E7nUsvdaU1zjAfOXguC2O447Mq4l4iIuNZPa3X4qwTb1oBJViD2q6N5mxCHocUwd5IC1Czt\/KzM8ZvYZiaIu37vHuF4pEg0uyFIwWyEK0I3dICXfUy0FAthUUXOSQ\/qAjh83pIDqDmLm2oIH2HOI5yuYZbg4RhR2LcjLBI6jzxoT8wFqrBDURuZdJcnHFDl0KIt+h53s1VG0ioJi9EFRahccLL15Ih+xhJfJizq7Pj4ctwKdbyHsA9jLbn7BGdV2gCwR8YorYeGvatXhw3zhkfV39Cwpeuujb2aCauSV78zlMabBFL4I8dN4braPEQxADv6t882wA3cfqZmbZ60uGkg8o\/gGbldbBIsa\/FRs5yHZAy3QpgKNCZfgBmMgS7eLFSJs6rcXTEaMTPDLwpJJgNTV5uiX2tJSaIJYr3pSISnTR89Gx0X3HmUn\/Ja6T0TIlgJKfs7TsyV3\/O+pj\/KvUyMCLdWAd6hc3OeA+YtszQ9IkT0t3IpA1OTS8L7ZNGDMrpzcZ49\/um9SKUYcvskuDPhaNggUksgvTJNkykAOEaY25imLNje+fio\/CgCrOEzLgy9G+NM0WtOHSe3sLkVdRGEAlB8ruk5vv2PFS6ZLA25T0hhIjNffnQm3+PTFk9kp5zihC0fqEooPgerPJ+8+JYctFK\/gLWRbc6OMvqllIpSOsFv+DIs2hi7N22XRUDShPiuab421vCGIiM7eiQl2FqR1tqIihAoVLym23eHpBpBbJFceMhPtBiXoKcb55LGt9SppKd+KwhSDGVu3bTJZszb6XgDMccDIvwEjkETVY7jOTOHyZT0drrSCyhKYmxWWJw9iI7nyCGfm19D9sxHMXlftbXZVq2QywR0n8Tcly1vSGHvWdt6+A1Ohb0q9GI+TDf1MnPjKVMbc2Kjk4sa1bJ8BlYl2eeag5iJ6VyYM+GwJgezWvXmBp3qA2zBEXJQaqQ9yhweRmQybXzLdvwRU9OJ\/DC+vNSBAa8gMAK9mY5Yzv1YBeC909GfAlJvGCjI8JOls25+LbiBJQ85Ab9s9IytjWrn\/cyj3XQ4p1l6hp+Q080riZKDTXmNwz+ZUmSDeZjTgPQUatAzktduFtFx07hplZWmV+lNMIP2zDrs9dhGgepus2\/ERahVwFr5jRDchF2jCx5cqTiE9CwuAwI4ztSewXM+keDsmAAoGV8qicjKAmokyTujz8Pt0ubuL7Zo3\/+EwH0Fu0yqTI0PlfkDAxftdvubX0DwkPEL1Ys1JczkA5o2okvwzloGIRmG\/5p2ZLhuCcIfTMkB5hPFgkXmWE8bNKCsiCijKcxlJE58T\/Bs7KO99VWovYSh7XujacQIsrOWD4ngpsxQOnWzWHNI6Hz9zoCr3iAZfUtemo08nKkjt3hmmff6D2iPsNJUeEJV+R5NWzGfh4YokledF0c+qgfcyMCt23zpaXdET5Xlf0TYwS3j7a7j5hWdjf+2+Cp25Y643N5nVwFZXgmHCtXCbP\/TIPT+qvhoV6jTaL+\/rIu0EzVrFyk1QmNvT1Yr01Lyy4C0Uugxd3xMMGXt8WcXVXvtz\/2H0LnL9UTOZ0L"} 01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} -01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com"}} +01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431355629555,"pkt":"AAAAAAAAAAEAaACzCABFAAVipRBAAH4RM2+okEAFZsLPs8kAAbsFTgz5x\/8AAB0Ipr6cuikmNEMAAEU0i0hH+cAdz5ZZK\/xgszII4NJ+Cs\/TRSxsD\/59bGzAHONnn6j+X3amElYhYMo+go49s13dC+nlDHUdymxgbgfhGCJjdyT9TzcGgD1HhFldjuPuqaUqb2U+e5hIm7ZwKR4IiSdw5myr6wLeQGKnRWRznbKdv0\/S8qhtnacEzUWkRbgLNZB6UrIuIb3\/XF61ze+uu1oQFMqs\/98rtD2Gush\/bOd4PCp75DHjTM7vEePRlMktunxdIh3uhOzgWNKSQKJT0NAyTU7NxzeiF3GfRej2\/kZ85CVwTrCrF16rxPwjm9ETk7onwTP2SJN9jSLLXtE8HLoGNVYKwKhEtDy7juZS+ZzakAkwGM40iWULaV8JHp3tnl4HFGHlYIam6j9\/x\/pkFvR97oZ4wzOV8R3kk4Ra7CeuS8G446n4JShwKYpq8P1sEbgLA0Q+fIXUmPEN7zq\/oW\/SjwuvXJSpkHba6nxwXOq9T2kwGi2sisBu9OUPhX+jksGDs7ufRR3uLnbqZloU9ve7ujWkOVy8l0mz6YekjKqsAnkn1AHXrNbiuNq3lfNWMOdFJMSCZVvRNOSxLp0vTEGoqQhPMALOnaZWkaB\/IYt22cFqUAekqyAVUEGfqiGt6h9rCpzV8lGyjNf1CoZnWFNQvZHRcUd0E0mwSijEO\/8qx\/3uH7V1emFiAJLB37Dab2xZnuNuUQ5y+bJoqPPXPlpeEf9N2vgb4V1z5g\/MMBLG41lXjcqJeJWiZvymJ1H3KCTyAX75xQGo9dFLeD8l8p7GaWhBKf6VVbpWbM2nvE4+lRC2IaGF4F5M+5QC4RODSGaHlCcroOJfhkPdPiQrLTk\/7S0AiJhOEEoxKs5rmjMJWHbOhMEmV2Uqjkwlipc94JjyYJ2kxfN3X0UT\/S4dmpbMytDlXm2P3piCB\/MLrm+e9saulhmLDTxI5H7sCO9NK8mugUOQqCu4A60KTwRUiaJW97RDku8KM7tNRUwdkA7m4N6y8rHQhIH4ocpzig55LxPWT5XZqJmtqcBDZzFQl61yCq0MRPJez5meDXJITVqsdC8fAKML2\/9BBA6p2fme6P1rzQPoj+L2OOAcsG1lD15uPkM7J4XMlnbWRKz5t+5U5cCLF\/FyZV6ikFZeMEUbfhZVFVez5O0b7ArQykKFskvw5ow0nPTWFs3RhbSkruVVy+CP7T20ld2Zoo3waO1CAhdyywLs+WjgaBeB6BJYKM6gxS4fW8wzOgcaq4G2GqkD3m4pZqaaELLxGOxDCmCzO0QCG9M6jpfPOKsOfPc5ynpr4aPju6JGtl\/z+IPQNUX6dMyprmtEVvzlezA5hXv1FOS9Bu3pJnoRf0c1aYbjlC2uFltDff+w4\/xv44mcnP49XC51ZyX8YG\/WwlTNT+Q+PSx8mlKvW7CnX5u232hGz8LR+K7zeWVVpOleSv30hmVlH6Y4OuVkNecB2PlodVOjeqdjRSRxqRsLbcqLCC9cOmgjc\/ohryRRJQyMJtXeWbDrdqNKdq1pDxsuJ4wwMBMesHq4H0mEc4PlhC8w6AbhwgQpeeSZn5X2ZrFQy5Ipg3+vRKwYL\/Mi3kjrs2fSPNxarNRLlKyoY7f4hw2NjTzNWp0j2aXeNoKqTjDtXyit70tR4YqLzkn9C0xp0mUo9nxF4EWJdmjCX0ANdhrJMcQX5aRmmU+t3M1w1Bgicj3DEsU\/1FRB7DjmpdgCWCW4r5M6W6LkewBSsNiNSC3DnsTbf6eTU4wOue5\/0G7VJOcj6q0duKzEYYTXcoYAbuKiXnvE4OcU"} 01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} +01220{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01048{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} -01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01200{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431369135186,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431369135186,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+m5AAH4RGJmokEAFcfqJ8\/a7AbsFTuukwf8AAB0IwkoI2nuQHYUAAEU01K7fN93B4MUASGiXGUyARwSY+4aO68HNYjEt7GWPzfJckCAv1T4i5dLLPnKrxPNl7uR\/wsXzoosnnjNfCeM6JnFogGoD8Fd67g3pBz\/4xd9MrHK8spfp0sKR5PgUqqWOgvCutevbQ8qYXNVgijT5\/8AiGcOOHWAx5JOe9WKc+HYLYWnuE5L3HEZQo4nrWEMko3D15BJbkyW22cYvauBzrX7Zq2OYwnKGwfvfdTYQGFwBMKheaRrgDFFEbI95H6nND\/F7o65wah9YFCBHrCZCULES1ZD7GJY\/Bqf\/MjcEld0g3C+HvcIVjENbzsXizvCuDmTJV9YcPMpv9s382puliOWP4gOQWgoAG3Ao6cfEvPQFaiuvHkR1sXIVJDapx4gQAa8qedAjI4Qk9A2tznfUat8eb5YjNDd00djuz1xXJ1+7\/xnEryQeYx5B9q0Yh4cp1f8Mpm8PkVLPsaI5EJD7Bo2TjORoihUYfLnocxxlk+mWTWVOcQW\/cjslUg1\/uOKIPppK9Zo0xPvYv4LI237JcA2TOoJFeS2HbNf22y6wRXsJR7Z1jYbJCoLzvh8chtuZ6AA0Jcfp8DQO6eEIRfW\/h5uscIqr7vrdGBDh5\/zvBHXMvSXwUSNMs9ju24jzW8z9yJsqxVYmitvQJ7dOrLH\/K5mn71oTWSfLy9yPsyJGefj4rQHs6usmcTj3v05Oe+rdTxkAwaXEjfHjw7A18cRPFLq1e7XPVF15OaAIZGGJW+X9C6SnLNTHrGmlAeBe5bF1NxyJ8XbUSvQBp1NyQhLMJ6GHeTnqG2+oKcMtLlDqhrjxBcqwGzBORNaeIk37oEDvRj2ULgb1Cu19EZ8tiMvhQaCqwm6eg\/krsi8k4E\/id\/90KGowDX\/Pr\/s1sAND5Dh+Md7iwKz3tFkcVqiC9XKQGYvwvrNl3M\/DVbx88F8Mq1fhBPFp75j4duggfbVz4fePFTUYQyXEdkFrbprYYprY3G2nbXPGgbmp+\/keXeMNgYEi7eCqoK5MGIiI5kYO52LEu7uBHu6gfW0a\/oN3u8Hg87YiAKF6G4HUNDN7ak+kYj0Gg+8\/osNPKdMNnn3Ttq+e4FpeaVuPQtri+1\/ozlT88MEsTrI4ZjcLkQrdsDGrSk5pFNuuaNdnBxmLTD9+Y31TuPjZdF3y8aerRjGjcKA924zFY6F3+erxKilvfVdWBBMq\/sZv6Vksw\/+Fz1wttZxo9VEZshnZyBhQtfaWNbpCUMCLWSIOTygpzB56\/djZxzMToQ0OTov79H21iuzt9kW26NuI44K+W4r3zJK44FZlurMlKsoEREV+b\/FORcM8avXBcW20SB9dZBdfAIWoFzST8hpkmnW5KzJkqUXpqJQJHsur9uW7QvcJJs3nF\/XtsYVO7wfuWlEoUZSI7JS9k\/vtrqWVy2X+CigTWqjVYJhzagu87STW7dgMdyFPWLSjmBjeACNJOqSiLuLI6nqP7AToDkXf2o2wX1ea4tL+l2elnz8UUQ0mwPbx3D2flZoxja8QhG\/H0Dkv\/zqHUfQXS1ey7dOzI0gQWGL2bong5dY9vIH\/KH\/EE5WN9+MZTB5oOqSTzGQ0G10wtkmcpl7cceFjmLyC\/CPGRf1WcWpg0St7TVzKyiD9jSy7E7M+Mef3DDpD6ufY+IM3YsYXJiOqBLz9Mad7YJnU4xywy8xIlHMAZnyk840yn2AImi8yGcKAuOx8ekNKD\/3YSrti2Nd30LJbAbXW+9aUyCWGxhaYhZKKyYrgwwNNaQQ6T+r69Xv\/AhEpDvcH"} @@ -85,61 +85,61 @@ 01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370645999,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431370796601,"pkt":"AAAAAAAAAAEAWIVLCABFAAVimjxAAH4Ri5mokEAFYyqF9cgwAbsFTgeRwv8AAB0Iy4aUElydjLEAAEU0cgy7g6waI4s\/Db31CXMNLtpBLCBMqbNNIERpncwoj\/mzw930r9KSGtTDq0Un\/reM90\/o2LMUXhAxGEjpV8kM2isFWzwDO4KLtdnvjoVU\/jW5X1cAIJGi224o+IBoqe\/q3MhszxPlHqwkUkoHgcWP8rFY11sIccKhMsLy4OlgMZHEtOM9cK6MhXXnbI4PIfeHbKw3eQF9bmAITBhN2hEUuCQ5tkEGA44Ny7kWGmEH8N+oonqrQFSRfhvaY3aPSuVRpbZIPtuPu5FfCgb9SlrhiL+YFIGOqSPYS1Fga7DZceldELqsQnht1L6sPyvDZGhFHGevrPqJKYsG5AJ1dz0CBKyRoEBiPDMdvlFISahZktRsu1zHBcqXO6dH\/i8qaCuLB3C0cU7Mf84KfPTeo\/gsTws0xYHHMgBbeLbnL3UFA5r6TMOj9bItn6l59owKGAThBrdETsc3kNqb2EaYZyfxOIPnMT50EN3E5+o1NkgWuOzUcI4wNbi\/tPHdtNay4zsdQpx+v0mHMwKaNOaS1cXTI5EglEP9nh0+7Pd14q0LRBQ3DeciSithO1E4K1W\/Z4sWicTGPnlHMSkhRPDqwcMrqZYI65EaAXb2hwQHTLQOC3yEOm8uj32O6iPw1kmWecebjTAhzoITApAhOJNqbhOhmL3LYzlMNpCxKIbZWwXYI7KE\/nyX+9ktlfBgqL7lMUB\/nzCvI8L8RT\/TyhNdGRodyYga3YaHfnznNluGiCWRkzVsHTXG5IbNbGj69KA73CTFlz3wgsOw1uHC\/q3RChP7l2qOfWKIMtxcvHriXoLF\/vYMzoqEm8pCiWCoZMnY39DH0b5dzrRQCWGNuyliasUzdNwfCWtlCp7bb4qxiMpsXc+uNU+g2bw+VTTlx1U6pmIskkdKx+mP5J+pvDAUA8T3JVvzUY7NyB8IEQ0IbbpFr4IAdnh2CDfm\/3LkeBAfOpK4ISFWDT\/Zq8xGBrTh4yq\/7VJSuZCIU6mdUPZvVTVYBmdKXePmLICT7JVQHsyS6MxIt1eR8vw5vXsNJo11Hj6NXO8R3qnkStwD3Hp1s8H3wRtuYv0txfoYvO+JQlg0ebqSA11uOBMpoISeySuHozQ8oCCsnJndgourEdZSSgF1xkc5zlxohntckX9YYRJuzAJGjDN4T1wfrPFQyenplFLZHMDpAhiV7Te3CCs6SKS28MBI6cwMwV1jZ4JX4bfrUb5Sbdar5XQqw9SbBJFJJmemfZlNvZabnR9m9F8aNRgxnvKtrT\/oN6gP7nsRQo4l8nySxze1hd0tyD8+tMuNQJRNnwq\/z6am\/OObDrBsZm3FIBJGoG3zuBmWjHfo9F91ajEKf3cpkFlxxZkkSD9hD9i3XpaytXko+K4WOBWAhjq6wftsLdQLBpeCv6ZMwSeTt2tPaiX6D3HlJiyhzzjMup+ygJV6xano1oW2u\/3nyWiYV0GHV+b5y0lkHYM1dgiTaT2KrSOD3IRFXFcs9y8cNjsa5kJDBFFwGRXnrEEfcCFRxk12riHmlcId3GMVfy4P0YANskdNyw2M+xiEcOkt6DL850Uen9ExlETBFpaBh9C+ABSY+1ty8tYaL3zfMeNRiFgkNZZN1r942JOKKotMtpCq+6AVsdDiJcE3TtG4YJZ2yTO5bCLeezzQEhXvpEnuAz6dq59BUrxZNWOqZ8HHhEXq3N82ukDRJgBUvK0NQJTyZjgLcV\/Y6DWk0EO9WY2nkKr38\/Agezi3TaatfB4TRt19446lztdcfJd7DYB6DWTlmwbRMquv"} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431431363077,"pkt":"AAAAAAAAAAEA737VCABFAAViT5FAAH4R4cKokEAFLeSvve3gAbsFTo4zzv8AAB0IdJfsHA8rg\/UANwBZgvMHq3AV4dyxbh1M7qxYXz\/QqdNTBH1HN0CS98tw5ggQc1OjegApOEUGthGeOLQM+rNmjRhE\/clLK4HuBl1LUEre0au1gZTt1KqH6IUxZKrE2sGM+Fqy7i7mdjukue2Wu9obDV8t84mfBGQvFDIc4C1GtNO91WWUABZgT7OXtAGbDvKSc6M0BxmN8Ta9If00OJSKfKhlAsrhpMyMxJleFReMHQ4vg3EHhEg3\/NEef0p7Zb8BSIABFdcX93ZJbQwy+tHFaBeQPW5hn0M6xbNjf\/RY8iKGm7C2EQaLG\/adPJ1obLE57u5xg+UA+iXg0DYCJwxxRWfvhsQNGcUILv1KPQmWIddwcM+oBfVZ7KRAyWk+0AiZGEtw5sCcIbEGLLWCyvoCaVrzFwX4Kxz3c7epqJFIX\/G4r4+8H23LqwgKdJlZseYuGRd9WZ17cAlMwRxkcaXk6EXP9kebqJHJ3dsOkzIicKHPAuN+sTLUfuCH9AK8a\/4BqLh0qhEbE4oM2O7m0ZqtxPFpAd5AdDOcmU0hU21c5xII4eHDJKcgQfeUv8B8IfJzEDaXWMwoJj4d4vPmcte8bu\/qmXZ1s8mPqlbPtjg8e7kqLmBzoI9FINBrXqlwZ15IYu8U9PmD0+zaeALYJjz54xNHN5vMvsd1bG1xBVwnOw1yRR07LgIALUvx1jSrXJCtvK9x3n0e17\/4XbEbU23L0VEkeWuLpyKfzxELjZtRJEtpFPK65Oka98APYQk+cvApo4Lv78agQ4isgrdWL\/lPZZz4e1uzhC0FBRUgyvNQPK2FuPLSh6vnlitflvFrugGvGJPfCcZvXgSXYhz6PyAu6ucrDkSDkrlCeDqiNpAW9DPw533VK1F2HoCn3U9TSSojbSvKUhD5pkbtLeWikk9yO3bArlheE4cXpsDpxzpKyb+b625k3E3BKOMUug6yBthPhhd+KYT9k7QNv49jm145a6LOpftpBseU6YgEk3IkEn1kE0Ry+7JgvD+e7\/hPh4fTdkqT4\/TjJBDL\/5cc4C745utJS\/GXQLmxqClZo8OaKh+kXsNsf3UBWFfLD7KYYITUazzjm4HTDJx22SBXRiSymUZaCiqENZ+uQsLGTRXM6uMxohZt8R\/IQ8G0EqRIa+L34Shdk3NM4sny6iPaT2GH9XAJHyLYemSXNtIrflbXIk7DcAe9WoEKXLafhV1Jrt2VExW1lKiX3NE7AAcMr2YnXBca+0F0\/6iDygHo5jrguhUsl0G\/7cLdUv8CGCYL3MesNJjj71hJsM+4d2agB4IWoE5R19rtfLA1vtKIDOXTGa2fzqMjyQoe+YW5HTBVmgNVSkZf8TM5SDI0XzGDjmd5nIpY2o3rBWBv9s6WzH2rmNVqIh7TJUJMAcpiwJjtgJzrS5Df5gmwZJz6ADwyaSKk2RZlhl7rdxydk46DIs+UU5sl+oKmvzr\/a0f+puDT8Pqc5OFZU4lQ5MXrn49YDCk9QPkWSlDYRK1UI4nr4NWKo\/\/Pw\/UFfpF9RnncBRyUFvONCCgRjmgmTi97CEEwbbxu\/Ki8qbPdIDbhcLsKaHhiFtKjKD0dMVkAfS16egEUxcfuMtmT8\/+LcTgqwwjg\/mITmoaavzef\/yGP6uX9jutL\/g3miLPjpmyK5Acy3dJwCKXrUWYFg70tEZ670oPo3w3+vZPuxYO7UtMA2cZA7eta5PXcPaU8MOYnga\/iqCsWqSwZ05kCD8++07rRI1TOxvKxLmRo5hLgAqZ\/VaeBFZ3vrlfLivk6N9hE4WT2M2RUIs7n"} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01422{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} -01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} +01204{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01220{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01048{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} -01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01200{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431465588465,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFOJAAH4RYRqokEAFgPgYAeyHAbsFTuuvwP8AAB0IU7\/qR9hybwkANwBhzZIZzXuLO+ITUxwPQ154KDm4YAA5umLfVFm+RmcLUYDlEBA\/pAz6nvB8AVSCdTXI5TOYsV9E\/QWBFKCDCIBHTHvFyIcz+i9HnhzJx3oomex6fz89Wv0t4v5XCsZ2gtXaLihep1Q6RHSn816q6Kh40Jb6q21pIvxBT+cRUyfL9XQqtwbCmih\/1k+KHNhNh+kRFh6XJbGZqdVuNiBplHu6zJ0pkshr1pvC1LJhyvQU0Dm4mWPTqJuQqwLB7hjY60vKpAGHvyyOczQWN09erIQDzXbzqMhL4b0M2w1\/TlT7huuQTxEID3j5k9KaYjz6kf0ER1JcH8cEnZSpU6ZDcA0aKtSUCRbfGucvzpXAlU1P0gD13ZbHqKxSYrqnpXGcTVwS3I9+c5Q\/VkUgvsZc0wf\/9MEOjlcithT92XYA7xmlU0UfwPd4Ojf1wNxPgSU\/K0DnDk1womS0G\/ZSh9D9ZlZVB5yVA13pIiaR+k8r1X82fdroTGzdHugbU8o3fbaRyQm8b4yRtnFzF0LxEo7PtOJzdm0ZBLoje+ZNNqh9NFtJ9V1qQS1X9VNOsUZvWPNgQBaeyZndWXpgl15MvPmte+qN9awZ8E\/Y3bjdMYO04PR3TnIuFN08oA49CYA1VctJp7\/dE8aTfiUzEHQg2lRh\/vprMm4FsAuocyWHNetPgpGS\/nW\/ajz3nUWrWpr4p5iU3XvWC1ReAGuIIwesUqSmu427nLGiB1ay7OxzNWba7FJKEY4XyQMczhEntYCEKh4B2jDrKe9HHMi65qX0Oh6pF0JJHBGwEfsMrAVsySYaPZfJk7O3QMH6jwaf2H8zG51QPhsVfJebD1eM82cCAiKz3k4AxeP1Mp2XyoYtWJntK6nrkhq29ZSo8N9IF25Bx4cyZQ1gWgsf6YOucgt1DYomgaAz5sN1VRPs3lKuTuJk+9CmvbZws8Lrl5pNQluKA7HS6J5r6Sdko6sMJa32MLYdskh\/eWjyAO4PIU0DLNnI9urDc90Tl7DeKVFUDKd5Ccw06SjbQZXaBeFclUY6Rq7ktvqS4xNkU42wPXNNkc+Km0VcpWL5mTb8raM3lJS9QkTtvIQ+D3CxIQKxNN71qsRBMGUoIaCSVO44MLEyhaXL++UAl6veMNbMWNzpyGl2ZAQaiMg3gh88e\/KjyFDhVelq57ttuwxfYY4HdAvf1O7Wm2niYjEYy3EGd+XJh75LEv2J7OvkX\/TDKMoDPHZBKylGhceTFClV6SwJCqHbmFRPRljZRudE8DcvLMdi2ArGtC7wV6BJuPxvznknqIpsuPaaUACqFh132DMk+VymlGGrHAEvcCDBXHcv+s986i6aYzFj3+UG25eWMpILHj80J8I1qvmexhdgAH0\/xq6OcVC+CWTvOrw2ojyebhvuLWQwJTRfXumFCZVnkVXMY\/wBcky+Zey4VYpd2tteRlcYmo0gstMZmuJQkyXGMQDd6DmMt+xSCBKdq2pU3+cJZWcSDy+PS90fcIm9NFtg1W76+\/3yU3UvgIkGb2htcHHuLcboGe6WFdcvOvn66fYN1q99qa+mvjvMLlrlsqtu4oszePWHk3JUyZ0uzuBriY6ZOViLOu9+ngcuDNQPDEI8BMfCUASLWFyzVNOtTnOzlD21\/UqlSPBUT+FMnLB8yDq8q7wJuDMTSdqKQ5\/2g+\/gT1sPzVcQn8bdHpPg21YclHOSozdRTvS2OQZHZHwOsQ3Q8D0cWDoLqYrm7VvgO2SJgZmoD+0O+6Mg5gIxvYEyW63O7uwaFAXSn6cSWSij"} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431482942620,"pkt":"AAAAAAAAAAEATej1CABFAAVioMVAAH4RjguokEAFsVYuztyoAbsFTmeUz\/8AAB0IyBHAZ\/KzP6sANwD5gA3If0Iup4ZIgtnchwt9ocBVPoi0jazUzZX7baSHnp2+ZpfaMjYJtsimLMd7snuHAP5qKMdE\/QlWzMm9QjekYI5DKIp3Vs2bgEYSzsPRJHJKk+aezBC58a0+UE3a4VvidK0X7rVv7FFtJ\/MlZ0l7eyLpQagPrjcoOKGABkLRMC8f8c7JiV+3vMxbVMzswL0F0LHGpOF6tJmgxxG3+uIP4la3w9aqL9EIveC4NT3J3l\/d0v30cvaNQdKp9qrKAtUZ3b8p5FSbz95HiJcYx1aCRH8HEjdQWEZtyOX1SVZcoQkIfAis2hQqjHVzbGHJilsHstK+d\/yh1vND+cvzFLHGQ69Qa22CEae79RChQnTrK2ZCkxDnMfq1REzR81Vvo7\/ll3OtbcsHwGPv90oLgV5z+gQBcGSsn+txIgajW5\/OHfM0j4G0dOYCsFP1nOlqm4KZEyRojk5FD9gkh+QOWzUWMY5A1pCDVEbH98Ij7MdFXOII4eyOGrKjZzB3mOY4L3c23aLspNnA\/xDDGoLwBtxo8tuS0zMN0N7GirfEc+UfpigoL4GN63\/LWtTXGeRupY0hNf1HQSb5VrjXblNspzeSPkwLA3aJ5esrWE6xSGdL6JZ5WypP8xT64XLmr0Zb60RDfQA5rRVy5Slfvqsy9gpQwpIPi8FWy85za9+wqZmlViFlX2epvHU\/FjVYv3WNuP8SbX3Uhu84jX8xNIyRWWdBxFeFE\/86cZtOr\/Y3X4PqG7sr0JWY\/fMaNEX7\/wyGWZ4GThmJ5+cXL+EYkRu6GhEEZrNAi+9kCVttLBMUDHxs8XD83alhSam2NBHXrH3qgMFg4wem33ZjfiDKFbwU8lzTj0R5jphur9\/TMii0ZE4o\/tWuxXum9FphC9lsiHff\/LoE+tpkkEGSJvfUkY+42PUd+iyulKfdSSlb2w3ICSW982gZX8yqFnIWdMtFMt7VtGfDY6b2g\/VctCi7tH4bfPeCfOSltFtkJj87\/U\/kUi9e1b26oCdt5Xk6wLRo21LJgccFK7EgeSfdK8uEGdrc\/u9CQqoxHZNC0NFUmmKcp\/1jZCF0P3DcN0ewbtKhnRxAjSNjtkYP74ShEvo3ktBV+nVpNskRYreit0gbPCwlbV4PLZXs3NS2DwC1zjsxp6Hv+nM3Q3t+CbogIe1A48l1yD1WlnX7Siynac+mrBcCDB7xdiQozuRnqhIinTfzuyAJM7Da8bFtM4zKsUHWfXAlicU5hdqlIJ6QkyRLm3x+ut5L5m62Q2VfTWbqDNHIYAnHPUo+TuglzAH0cDKH4SYvskX8XBUvmGvLHZZLJKUBhOxd87nESRICfrgx6G3GmLH92u34bDky8P6str3vYXizffmDVn1fnpnNyetYdgDy1+qT4TCFCyOkA8eJxH04nS1cwuyXOClUl4xACm9FU4jJJg92Pyie1LF9nZIEvD+s8U296VtKerW0URPmgRjvHP723Xg+xd+1t2dLLFXB6dee9it85SO3nA37lV1L1ODC1xoDUthLzBuJjMX32C9IytuXhyyPcrHeaPjq4gDH3rx9QhfkdaaErk1SnrXw0GjVVxKPC1H0G8BIzVuCJzL6ifqHzHtQpmqGWkB1dkKDilpNyCRwBtJL1lOHBAp\/WGH4+IC4wpPGe9o5k38RrL8SgNobFDQ7d4KUVI\/R6UNBDzFLkmCpffORWC9LBKt3SKQtPDoJw4\/zzDEridhd8NKA22XDC0i6N8sevkZDtKuiWYpfGInjxye\/dACo5mlltAELaIWcGHUxsmgi"} 01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} -01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} +01204{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01220{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01048{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} -01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +01199{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431520499355,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMyFAAH4RJiSokEAFmWIcTsABAbsFToP3zf8AAB0I8UfMm0YCumkAAEU0qB108owToXTtuCRjc+70inAihifYHiWbQuXfJea7VaHoD1Z3r4\/vBhoSdhxMdibKvoSajiWd+GKpZIpSe6Mu3b02WuJTQZ7lIlxB6R8387TPpWvfdvZCcexYSs5w06Q1KSKSldCKb13732QiDhmceyuJ+G\/vOPKCn4lhROVQeWtYaKBdyapYqZHfhjZWjljHpjVo2vNz+VkBflOX+Ozm6T\/87Vc5UeUm3B37gfSZ4LeIx7NevaSMxGXLmBBGm53OH67qMQ24dCiLmx1nIEP2GSXUuuxzvdiYJ+C33xdZKaEr6jhIjm7VN1\/Zu8CjfkKQf7D8e9dFZtoH9YVFCLq08e8yFNdGIgBhWD1FTAmwmExuDbbN8chYJX2X\/1hfjPMXADpNHptZq24MTx4Ub2WVKMWLSPtjykME1uGVH48mFoWytx02J11gW\/ap3AsmyZ9NdEW7Cunzb7OdwAsLm5eBcsvVYsBASXkXW3J41zJ4fFwc7gDX94tPUT2MihCUm3spqjn8qePvRLkJUMDo\/SAAm5dZcaQtVMRqKRQyJK3obHEqKv8SvkNiEUp6IvmaXKJzaHAMKbNjzuPBN5APMlSrVhrdjOoWnxltOAScvKXxSntCksumIK1eZRzMyHmhY2Zkz\/cbLMG+nbi739ExhDy7kfNZcN1w7DL8T3NA2lau5y0gmwx2J+etKbkof1MTLgLIWQjaMgJ3Yg5iRbSia+X7UmijUvf0oRg1VUpzVMKvybapDiUxy7TKrPFHlmnAdWt7EbvCGo4ZOvDt9jNsJ3ry3qsfnRRTY0KCXoq9KBhKDVmNwRT0CfKMZF9UZyQR8waEK3M2khCNE8K0HtopUIBaei2pkSAkP0cWMAQzYQoAL9RPKGIb2zxA2FTLXUCeYjqOz5YFjo\/YUbPspSIkamI5Uqoz3HxLcyaZT1IlDi3snj703Pl1raa5uPYB9SbeFS3jz22i+jMB1jK64ocdk\/Ap04WGAZSylA0JvWsYxDreLK4icj5p\/lle+733epQE+WSvjvH3tpEFuFmbvfaXn1HUnxAw3Znts4em7rmRTGyYtwIh8Xo3qzYWxNp\/\/277cZjRt9QzcMt6pSHqe\/yM04MKoyEXtKFSOMDWukBJqjkH4ISeeqHmQ0D2O3e10r1RYA0qfHiQCpBrjUzeDJ5xQe6BIM9EKqojRuTs\/9mFZHxEdvsWM0nr40pxU4fyO6RlV7bvX6gjlu6xDeyImfTBJ1CrhxkM0NIOLgBByqIu1vkvl+ToqkPCKb8lpAmBCSOuL8LVtqnQvcqcllj+MkGi4em4vqlh9wF35mSy9bZRKUfyGp+cvVqboEHj5rnD\/784KqHiRDHIGgaFgNoSsGakObjU1Rp9zwOiAfj+k7Rb9uzcZoWDO5B2gL8j4OXSBSVhkAirs3N86IOumv\/3IoeWBTvvkpNELfLJuEh70vkySKCdBxM0hwVEaMSCru3BXwqtfPMH1QJ4jHNqxDAuEHki1cwAcJhlCh9Wp3ET7xqPW7AeUxwE9fN3Jod8qufi8Ujiy3wnc8\/qOYbxiPpALR0F1dCk1cwWv9kpGmhEZ6eBwn6kYxBWDq0P1zZ7tjZHsfRLSAnN8M937kF16B4WONO3kFuMiJaE8dalwqulOnHsnWLkMT4dr795Qeky6SKp5+YFHGV+5ALzCSXCENO4JxTGck3fzNG3n\/Cx2j6bb0QI1wP3YfxO0Zb0Z81wO59qyyo3YabxIs6ynT60zY7ne50FIpDZulJ5HZlhqxpkr0W\/k06atJOkV0Ej"} 01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} +01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} -01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} +01199{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431576853368,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFQlAAH4RYPOokEAFgPgYAchgAbsFTnq0wv8AAB0IQJ4IpSc1aNIANwCZc\/3f1l3vg6YZeTNl87IqhJ27nCcuea\/qvb41mLVKUuBIV5pQThWzegD9xWcQRyZSfI7h79NE\/YUm1oAXrFrCT3TkbHGJwP3KBfTu3orp0WCwk0l4MiqV0DClWwpW\/1NKhCfuNkry0QNEwg5pHZb\/vSK\/s\/a8cF3aIAtN637iUzqyfqlQEpk\/TZCqI5tarhaQzSJ4uSDtYWWFCyQdGrPQxx36Ty1apquBRh7LpqS3HzTGXWn1iXBjJTo2oNMvvW5LV8Ozlo+ykFGxJKjaz+YxvcqhT3PapUN200W+09yqn+UXzRAxphjhSHCFmnFGaD1Cmd2AoqB2RODbBdfTfnO0p+5IwFP+QXYCSCui22wiXW71huSyPhBNTXtdjBnB0aI7RQe9BP\/8cTXCHdvaiOWZbEqGPCEZpsonT5okRzLwKKitPO9lmE6w6XZFQF+AwHMppJIEs+V4\/+utYSZGmsenl8sXZa5i3PEJK+hPz90wGXsjo2vNoA9zBeskKRP31j+JnkVWm6+SeE\/XRpijNighimBNH4TAc1SkFEUDYnbj8\/dvi6K8\/bLnWnO5ZEd5IeQ8y49ijX2T\/6gXriwCkzq1N2nFeCTG9C25WLUIBOWbIgjk\/+rRxff3yEw3Cf0EsWpP57l3vuNRPUUM9k6QGTA+VA1VqhI5cq5zqw3USveM+coEGcG1czX5cJsPCLcDVcPmIyqMPFVLeTlqZ1e993EuXFPOAn7\/j9tmZpD0F7W3EcJhPNBgFb8I9AuIGuTFhDSHGIm1+udcX3QtCfqh23mMSbz03kWO\/8Pc52Aj8EV9FAJ++uk6cpcxlqReXfPX+orcIqI07HBHS4wZHhfWa4II0L8ZmZqChXEQh4SRM5QraEDhiDgHu2Wr\/XrZ+LTSmy6GJnpyoczRJsxWL+SqSeaD+rxyEDOOHfzLTMkqwLlJdA5\/bX9M6EkuaQ7fp6odWxiaULg9HlTuvy4eSg1Y+BunaS6DHxROL7RTUmCWNUYbZhsn7mUOPPTqltAXc+wYwHbtEmsu3lqjKjPQEUq39uJ2DkvHyNGNu15OR5jgmIUl9ra0cSZwJSuq26MGcArS+trbqUaRVMldH30c\/MqtoFc0+kTZkdf2zXVOuhlhIHDu5oivOacupqIMRXqQvnAj9e3Szh7HtmF\/ZTqRfgMooySSCala0vsE5E7aOt7QgfLg9p0zs80j5g\/fIFZXq6e3PRZGJlOduO5u\/FTED0nlkOStAfZ1cLQvrXot9UJE83tMH4DWSX6zM9DnOiDmars1HY1Qu1gozfortWRStAAQrzDmILzgi+tPIyMlRG1aiOK3rlgWXZwKS5kvAXGSQQPfQS9NlLwCrZHQT69B6mWCBPUBWh8QsOqv76k4Jv46eHsK0hoU92HUqhOqgk09EQBCnGI\/zWgYxU42nbsJkiMdKoLbVeUFxPtnCdHCWdIgtqELcoRLCnlfyj6fLmSJose7rxid75fKfwhgi9zbXUZHzUBVvrHaO1NpbexSUM4VztLAkHYegA4mZsAUTMXrwzehYvktbWieQfVgMvUC0tW6eNm9CeJQwCRuFen27D7bblWN395kZABQJz2J7igCkCcenO9hEEn4u3aBeGpUqZzmS+2bCxYqraA8Fpg0t+bmHW17tRBn26Wlj\/IBR5faBKZzUPN15J\/fmg\/PqeAeDRy7HA\/FEBoAg9iJEv3ZRqMQz+xrjOv+G3\/dDpiheVzILmxX+EOrazHQswKRcYoP3gCsVHHcszDooALZcZ+BQQzftaJeRTwIbx4z"} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} -01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01048{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} +01199{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +01199{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 00824{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431760040593,"pkt":"AAAAAAAAAAEAdQOrCABFAAVizP5AAH4RzUyokEAFTFMoV+GnAbsFTrfUwP8AAB0I5zcbzyTN1LMAAEU085Brpbyr+2jh\/NyWKUdWZh90hrqs\/JUnV06AWtlVkrCYYR00Pib5lXHukuswI4apeXXYya1wVBFr8DpPUkWiGoC3sbaSvRZYYp3tBYoEJo8YIhwPSxXaYFfD6\/RsiM+Yfb2H1k8FEvnnpg0sxOjmgBY+O4W2eynZXgCIIV38HEw+wEDjZA2kk7L82T1bQYySl7HgNdHSquKu8SR8yPJcn8V2uMxsDXUCsucyI4\/wZySpci4W3UjA6hpswJQYsYncOuLPMzriT9nvkw9UXOlgzjajXpXUd\/JGwl0HyONFBLUkUDKjyeQYXeGyQW3ma\/zK00kJSnfXLEQC\/601KkV16N6qrZ0v5OR1cTLHDvXTzpfU721p0tTNZjXqZrYlC5ApJ869tkJz0gvSI815yu\/1aSemEd+xL\/8oRmyBCIllJq+YA3vMuW0w4\/T5JBaRPvDu30haGDWrTxiRXXYta2\/CdqVvbjVJtiTfDkkC1bYeze+3Ah85\/uP8diiaa9AR8AKCUBgQdJ3mENPMmAvvqo\/B+ziY39N9FFetzWHMNvAzeRNXDdkoheBvxSnvCsDetHFzuAVJDYI\/bys388LAY+YcZ2PLXZ4i6IMVrySiDR3dBi9J6Xh51PGX4vbMQUcpCXv4G342VJ1caxMpMC0WKSvRN\/bqWlMQ+RF7oj6QAUiBi3SwgLkBBChaMRaz6hO+99tY2xzKs6MRliASieiMP732ghruPSLQ+wkW3s1+76mAlzozUQwzPbS1PGTHvC010AWavdSmg87MToOsLUXgD4HnFyn2h8N\/zN0Y9kv+731G9nuRhhLm0utvCdYH7hRWyLbk56OLgd+REvXXwQQQpBwKlWgfOj3W3\/5qVvPq3e+dNdLj6fyCzr2ipjs5XbBlzIlCeM\/X82w9I6lQbG2MB8pWKZKtLdibzQ7WTlOJqcJ2CMdQhgH9A1bdiqPv\/gr5wXKSRUUJATME8kPSQNByUdL7GTcCBNzP+8ZUAcsI0bM2tgOdWh0suQyngSZKgXVLvx6wGBu+1wF\/mC2T9fk50gp1zDgTxJjhtLxXk3ylwvBp311b2znJyXpnhAKEllhdOQr6Tr8CSn8jAdZm+gC\/EWrlnqxU3bjZ8FRmLt5X6O3NKJ6DoHTIz7S4IKZcp2EE\/qrF59y9ofjxJIdx0H9xpLiBAZaTSw63h0cJs0HrTSWerWgqOhr90\/R76Qs8o\/fRdj0KfsMdcJ0uNDyxtoSBePmAxqS4gAyc7hFHKfA41dW9prrj3pJtaB8l6RP06jKTbRRFyZuDe6A9VYcgFUSM2zXSaVtYhvAVkemhrcWVfhKpPRpQAijaZZT4By9Fc75mrUC8\/jXvh0rSqRaZF4w8CZTfLoxB2+fbxhXS\/y2T4EIEyiUFCUG8C69qtn9uZOcZ3P61zXWpjuvaUy96vWpLSu3t+0FalFdLvnA8VuSf2lAEClkALW3Dl4vLfiIlNB4emRks21g88RhpsKHyXLOxAkbKh50EqqlhB1mllDYGWbm\/4xaT9s3Zafiaab8TWadT6jVEwkNzekV\/0AbiRBOXrL6jktjB5jxq4zn7l3VgtdxFNAmFQYDibYgJ3De9KSyXejEY1rNESvwittZgupicY+Dm1OETIost\/wF\/G3hHSgdvFNBHmfdSw4NKdZwUuGXdqN5OH9Rvmel41BzbqTaqBCe1ri0\/9znww4gdI1VUL9A6rt9xHmn2T0Eu019PmuUftYMzGJ+Wp8LyQupxLYsYZE2Wjo3Ainf0KmDOU7NxfIE1yCKzpfBd"} 01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r11---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} +01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01197{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +01197{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431857841314,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431857841314,"pkt":"AAAAAAAAAAEA00bUCABFAAViuPFAAH4RUFCokEAF1bwv9\/j4AbsFTi6fxv8AAB0I0bxRKTuUwgQAAEU0fyjgv48\/VCRtPz6ASN0OHxQrQLq7h+XvdqYpW0IdDgkyYs+qaZ2IuwKTrk6YqitoieAEJmESJxxd68I9xE+yxkJr90SUnR1M1QTaj6cNmtlgHivCEvYeIZrstWnYNHPWHxnYIDL\/faLN3v2l\/vAW9BxUhwUIIu2faUrN8uHdB\/1Wrbe6vX+0r97gH6rBkczoTPMVg2MQIvACvg7MEMvDmXReZiu8aHhYLNrKXQoHb3wlKFlaWklVhuGIkGp4WLeoDI28YQ3SoqEC3msnpaiKbJSu3i6gx3XYZSTNOZx2wTyUn5kAQEbqb5uoOB1osvVBX+OO4htJiDv1h\/1wp1YCP4Ga4XsP5b3LRFOWiCauo\/HDX\/dO+7Ks21ut5u7nrFp3vsYoOXsfxp3FeIFKCtW5kZD4EnHVyJ9Zv5ZsjCJnr6xOm5z7e1IdJiZc2UH557C9gO4HZL07YwIYBvxA4wecK4fxBR7uVNiQ0wrRJ7w0kX8LOcTGayOjs2lnNAGuPIUjzX6GdQ+Z6ezg2kVKIBy3g6BFqh5fYkn1MSCjFfmNy8pMek9wRbT5tx57QhbVEjzXKpfYCtfwBAPjvmTcyi\/pj1MMF5TdQU6Q9QzzZlwgK7SGoS2km9o4rEOuFsTnF65lollpj4WjyeQhLnNa47OLuo7V6lbQKKTXm54krAZoSaOjejVJLSvx4iwoHF4MJo0t4oNk8LuJjCQWC817H+Z91yZxFTv9SHWBSuEab71KDyg+CD9tUOH2iasAIoErfwlhLdyeLW8yCcg52npVgZ0HFkVfZqdV2LZOvMnR1Lg\/onBxIxjcTUBxhzgd3czjkrC9JJxXxAgQrtSuhn1dUlC22+vGs9MbLXg8o8BLwo7d1x8VTGQdGCnPHJxR6cm1HaHawimYIbxfZ0eKQ6Vt5aV+WhdjRqtUk3j3G5p0NglB1UWHexuNnoOmN+lBZl\/GapDd2m5Yk7FubUhQNbPoy6E8bME5Hyr\/o7sXuXXRcHrH4\/nWsGCvY2cX9njBk7l0Q3Yczt900ouVi1hKp\/UFjI5huUtSUtRnaMFTMB366CW+VDqVruM59b2jx9lTfzd8Z+TvHn6Syvm4tnFxFqmW3I+PMOiWhZlm7TO8sSkYpmYZPGgg63y9rYr6LeryRTudm5RUAR60p430i9LDtZIPD8L\/MTcq9RO1P7jlBqNqxA9zXscaw\/B56sjo6WGP1vLVdb4FB7besaQ5UMN\/nkGoKYOK0deEGrBwjmMxyU6xHUVyr830VfWqI8HAMQd9zqBnczWNEyIFokx9IwZdRoEl1iKfrT8hCud9tIKVpmH0bVMxmQxtxxxT8zSplUV07U4v7xPcnwepR7HmBCZlhrg1BGmEp4se9b9u4xoLK08+r1ejmIpu8VrM\/VOxNFOxYErJFfxlSs9U3X2QWpe9HZGajMBAk0q9\/clUh17xxU\/E6aLjJj3k35K86utGs2O220V0V06R4gxX2gbFkwOMY9INm5D1T523esnitGk9u1AfZJokW7t1XCTb71Id31C6\/p3ioxcXBd5BAbp\/OL9sejWk9TArIOZnUUDZmTsTOfiogn73e7vN5zFf8cIof0JYkZp9otum3UR4BRg87QtqURR6ehFMZE+c0BmbqnHZ89A\/2y4Apn9NnyDFZ0B9ih4m0az7qg2w2IhGEycq5dwSXGZZcya5GcjtVBe7BZ7TXCBQ0AlSjG\/PcOYH6vAazB1DcKOcGryDTW2ld4S\/DeIQ7lnUczZptB1DL94kJw3IET\/eU6zvDBmlBeRN"} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431857841314,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r4---sn-vh5ouxa-hjud.googlevideo.com","domainame":"r4---sn-vh5ouxa-hjud.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -150,7 +150,7 @@ 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431858501078,"pkt":"AAAAAAAAAAEA737VCABFAAViA9lAAH4RSiuokEAFI8KdL8CsAbsFTiKUxP8AAB0Iuy4iiZ7Rc3cAAEU0Q4F3W2ov\/JA2RQPk1kCE6d2abuA1AzJ9v4cgD5r98N+jLM5q\/vKba7ePXttHZOnfzIXKHdtGp13XXGc0y1g0VbYiejL5PEPTPKK+5FUHxNJc+4iSUfYHJil1jWJsaI14aq8Z9k\/D9Frx2Pd8Ccb5b8I5wMMvAXlFIaThZX3+88jwhgIBY4WhNolXEK3QjVERqqjNlflz0Crvl9eKzWDjAvjmOz12493yS+U4C5g7xeSC6Cv481a1zOEEDBXxUJwyeekPCKvNOVETC0idyTRu4Xx7IK\/97JI5UkTjH1VgYb5EEV1DY00jaUTBEjI+fpvuHX57KvIXmj+n1PLaIlVIJy8AxZjfib+NKJ2DnJlEkZOyKzqiFASH+Rv2xHATwBmim0oQbD6SH+mogD\/Zpo5pMTXstRq0ZunclX1q7Mso4TGqtUbs2zzTYctOAA+ng0TvelIWG4Bu4bkkRiZSqlwJ1jDY17CBHzqEyVQgWgeFozJDhGJh\/dhP8nm+IU5EDOJiIPPx8pW7TyQGz8lnsN6LAsQyJgXVZTCNJPU9t6HmegbS0bQ7Kt1DxeYvK6m+GxUMA1DiRw0yw80Uxxf4xuJnn3EJVi8ekAMdVXpaGI37r+vhgsLGCAZgMrHlnTtfOSbgYZBAPdnhiG4xbmDlbIuvY\/BrdQlshSbHN\/3tWjBfc0Zz0J59ufrjAJoriiVdye+Lc3LAld\/nudhV2vnaxR1ShgYPYZhQbGRWlEkEaL1z4rltv60VXAhCWkeJdSv1\/ACb44aJ8HLAaQ7pBCmit\/NMrMwITKyJcPkFF5GRWhel5oEvZ86mY1\/+WA5KqTi9Xb0N6B9CXR4d22U1O5JA419I\/H5b7Kkx0ByhWkeFRz9cXZPMDmowmLHSflTpfTjRerEoB9b+Rp9ZUpHpgHycHnEiiqsSYZ8fJXaPa5ArE6FfrIB\/5\/ex2ULG10VUM6bdMkBHDYOPYQwR5jQfvBJclQo48pqc+jEulTW4ACP9EukaDaWRXQiI\/ao9oqdHF73hElq8zIR0CIH1bOZkU5WrVTO4kXEcriR07\/4SHXlZ0F+XTEnvRY1owmXDXHgtgn794JMTxP6ovnrC1UqLv9d8SQ3P2kaXpKnETUi1\/jmOit96zvfXkyF+GojweLkNJjL5JM3njEGp7izSmZ\/PvKHWCYsP+157DfpYPmMO9R\/yz3E1zaEv\/1lMgciv1XSwptuzqoQHSbZjgs5nX68VkOSYsQYJ60P94MXKCCvjFqKn+6X2Mcn5Zop+3W0Nj0hveNw19pzYiEtOJJVwof6DyxkFKNuQU3HtgPl+GWUUWRig\/vzAY+l22jeUNKekbZmAn14baa3EO6690bwRTg8ZvdcHFz9TEDMbzR666JgoyJFvKc3UbuWhbUstPfau4V9F9qnYD6cFiMRtdBaOgJniitEFpxszoLhTHZZT9Vh\/mXiomY\/wkAwa56XbyHUeRgPu9zAwN6kJW+N7Ye6rlwVPmyPFgUTGn9xmD2YMEr3PeigCIEsSvM0ujBoTlPiFdY26WdH4Tr\/XKmZTQnQrnQptoJDzmG+XaceU23hwOGeY5C6MIxfdvw7Blgvoz8uvCg\/rl0wKl3ubvkABoQ3NzBDUuTP++2gH8HONwB\/wWFza94nHQdoBnk4+rigd+C1oglD8lXIC31MYbN8b51797Aod+NKPnYy35esPaxwNUQDbAPX6W5J2vPC3vU+GmsC754Qjyng5h09pOy7odu+JINrtufSLUCeH14aG0hXQTPJRTPDp6g0aPtL075ZE"} 01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com"}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":39,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":32,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1621431907429875} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":39,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":32,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1621431907429875} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431907429875,"pkt":"AAAAAAAAAAEASYHhCABFAAViVjpAAH4R7N2okEAFiH1DYPJfAbsFTr4Zy\/8AAB0I\/FKj4Rr2N+kAAEU0sUI8yYk\/y\/bPar7IxdtLPlBpfIbJVt\/XG3zjjFAN3PLuPY9aF7M0Mm1Pwz+2ym6LReOn1tdk2pHBdYLYtkb1fXiK42fzBzEBqAcpJ3jEWiim3tGYhBW4xkjPcpkR4V9U0CEIA3BhEltloJi32PcQkjdxPGPSXrYJEyPYT2ODSFP5zFDNrUpqMfmpryMeEByqj9aqyy7TtbIyDDLLeql6c5+G+WJfvTxj\/9W8WJJXv5A2+2wt7cmjNXE5vXIKsxD6kuaexZdsNa+Jr4jhQmDPWt56pOF3oSc\/exjC9ZwNL6Byz+cqgo090k1LpSBEAmIO2JahQD43fCbyWV4juaKj0MNO1pbmnz4OwflX262ok\/jM84d9YgjHmPQxVDwGpKB+k7iS9gP0IunBzPqxZuHmkhsXO2zydYFJgSC\/\/zhZjHtGa3A5oLpp5svgFFyHIWHwV1WsgPl5G+m0zjGIw88EoCFcNVrWAkqaltwzoOYaOv8JtFjKTBrTWSS2yCenFPvS4CiVpH0qOzrWck30mR6VKv+x6O39S8f9xZtECQhmG2mYSgzqYSOTLu8TYzFGeM6fkshiZAH4Rcuh\/rlN\/Jsa5H6fbeTi4JAaGZso4qnhApLrXa2o7crXqkvVvH28YWmlFQx+j96UuaBvpXUP+eVJpGTHlKAySs7PdqSueL59G0N7i7L9plI6+dk46FvYeEp+f7wxaDe9ofiPhkKl77nzCoHlpu9QHGjUG1hD3LrTqagn5YxaAe\/vZz+ZR5XDMGkyjvtQ8CzH750O\/y3RIu\/NzoJHfz70Mwhb5mva6OuXGfu3pnDfzyYgmW2f1EdlTYToarOz0VkmFc90sq7r5B7\/PNAKsIbJnOQjS463M2IqteuzLlV\/keR25no9irWXNenFMchSjXATFHJrxa4+tuks0hrAuCQ9P74T8tIg\/9Rn7z3XecTiiaReESIeFX0atEm6CxOi26ozXUDN+aybaCuI9uH4o3kMLh8H9APymvsHTZQpUtqIhC\/oo5G5CBnxU1wWMKhoH5C8zcwERQJ1+G9XqwN3WjaalURD+EDpCo6uvKka1xUNuYrbD3WxT0n1ODENp0Qq8Ouczn6Bc74W3bNVp3L\/70lPtnGF\/vDIQ0AgcqodmWxltWd4x+oE5e9lDvVivstNGUsf3WVMBPLQOTWeJow9hxLTXFulkHKm\/9m8ONJVe8mRVVH3uwATt6K7cW+M5UHJlGbqkrrKvaq6stg6DWgtUtqTZGBCuGviWVywpkMFl8JYsKFOo2C8dYdoed+lyR29yIQyzC+5PshUVMz+15EUTfehVIrQdinMs8GC1ufyZUllTZ3PDmgBejR3TZTfNXPjDfwNc+TazIP8DqvBBPRJBB2kbLub9\/kgyw1MlzRzbAVqKbkfo6Xh7m\/la1ItF1D8yrjJBFh9Tmgu4+xXJRv7DW6+G1WkmPAAG9w\/i5FmPFMvZQ76UHxJWyfTyoxkIVglJSTw2j5Mv6nedASTTIn+oaAKlR0MpsDHaGI6cAT0G5S4F+89LSYi0DoIHcWC2W70SgDJsNbgysQVHdV4uTwXh\/LOoPR1c\/24Ev\/nFE4oTBtSXRHj\/g9aJYtNJ4Bphqchj\/ydCiV1FKZ4F0VFKXdo786gAHfX2mBeOeLn0Lhn3tTg\/G9s+9dQN5nOBgv0p5HQgLKG6NUNXB4bml7Gr4C7jyXtpqMA10w34E9oSHrOYzPVMRKouJzSoQiDSBJKXtDko+KZvedTXBDCzTxXxdQMGdU5EABWjdJgadLe3U6LR1WE"} 01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons4.gvt2.com","domainame":"beacons4.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -174,7 +174,7 @@ 01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01080{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} 01065{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com"}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":38,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":177,"global_ts_usec":1621432545371354} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":38,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":177,"global_ts_usec":1621432545371354} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432545371354,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYPlAAH4R+r6okEAFCUGp\/O2JAbsFTlWIxP8AAB0IC3jlg9iBHxIANwCHrPC\/4ONhhPa4\/bkucOa0ccMbRx\/dWQUxDvvPbBbSBV+QAXzHkO\/ek8WDdft4J2H6iGctCUVE\/Vd1az8ukuRtgZHkNe9HsjHNPcO9gC3hoF0jI1WUFpr6W\/bvPAMD0ojxS\/Jat1yERFCwK1qTZjHTu5Hq2GxnTFLRrBvKpajRH4mp0PBh9N1EEyOXmqHY8RR8CFuGBAVrGssOFJJLCgoPFYWi4kU+3Er5AjbG6hAThXTq5QSrnvRF2NsfVwKcZH64AJtDNhF1vVsm5Y8FPRr0Bw0OMhHo5TfDD9554NzZqybC30Lzg75oLfpGADza1+jH3enNvlyD\/9OdXxVtLFBPpK+tc1S0j2l24nUXrhfgzMYJSGfusfan3MputzKVw0xaEMSTFnMyVXBwvQvsJpXe\/cfXTGaPcz+n+4PtyXFFeq1VFMb38KcaBIZAXpjtbjsKy1u0drs8\/lS6zg0B+XEXyyVbBHNPSwQzvYAFgbxG5T2f7cZpDXxonb7KKJeiTREIg53VKn6taxqerf\/EROOn+QPkvNTMzD2dTm5TFHSYxLvBV5+O6FgwNIPd9zSQjxu\/PIgbyOa5d1rycolz3RRmObJ7xDqSBQEx9uBtKS475iYE3\/HVHr98HbKghpyBXtrfiFCJfUPvGhf2ZQTE\/2PgBc4nFIolPbu5IHP5jlx9YJheTrRtsN8xZyNylrQiJyWGIJ+sqW7NQD4PtZU8og15AsUXrhsGP3nifKZ2RW8ULO\/zQ4hjXLbXvVPCRMaOfTnRWz16ymzmazGc\/A9WtT81r16LRVyV3KW5BVcHMerZjTINdFBiN2Rss9YE+hg2Bdzx0FHiLD2SJTldPbPASYuxvZBuOv7vGEJxC\/B7ThuZCvaUXSTwfSYdYePG5WL2Y3bz72m1SZEmn+4Kiqq\/h2MEhMWL2wbVTZ8FAX0VWRfwhSMlOHHKMW3u3baADN0N+mh8BW\/zOcs6XrHPEAtq\/4pbenpQ2rrBUepHw7wEl2Gy7TOdtirMeicrvRMH5ROutCuksQv6EbOTonl2eA9Uzw3fk+NLZelZDt7+chmNI0wDo+\/LKiADiMtDwBrUShAJhuyJCYkzqz3+\/I22nE9z8jtSau8DwJe8rGnUypF+QexVaXFHzHrGc8pEc6Gv1V+yd7O9j1BH6SI99CGYQ4qUSe+Qvf17MPqt6Vv5BD2ZiEf2go7Ms8wrYgSzdW2J6h2lnH8T12duhSfnaN+XilOPE6QCReHpz3pNB7sD3txciXal1Cjtz+D52skW92QHoQ6HQJRVcO1F+Nt9Ms6O4a82MSiFPLyQ4+9HZ8XzRNGIA6bYEMtQ2VoveeK36tJK5jcwcf1bd2KXco4wwhd6yGi79yvfAr9Gnfa+nm9EvT23xLYwd6SLl+UW2Yy\/cUnjlQIjkF+Nl2AFUyHKqbZX2R5uA7ATglq8Z5hVDirutJRbMvjB3S6p209yWJX36GoCAlZULNNq4O\/K9HsfmRuSQzzO8vAnTtDfmAG177+f\/BH\/oOcDleRinaIgIUXyhxOMJNHNbCiUdxlGmVs0Kf\/YtICcdSgbpsnkh7sZqaLRn0qnOt+5wry5o8FjthI8Fu2te\/X8Ye4gIOivJjbZs+RLhZQxZWtt03HV6ev4z867dtIUmron46fcA2edbLbHQ119w4dS3GwaljEI9565fGeAZxLwyqZbVZ07sOBYRGxKVWe9qlVpepdG7mzZWTkGm1aG8jBuv1yWlVaWyIe\/5D3F\/Zn\/LsMgNe+1ozo\/g3Qq8MWGLKjZnwl7\/\/\/D"} 01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -186,7 +186,7 @@ 01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432561767007,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-hju7enel.googlevideo.com","domainame":"r3---sn-hju7enel.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432687153037,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xVAAH4RF\/KokEAFcfqJ88+HAbsFTkZ0zv8AAB0IUFF8ZbsplgcANwA8pfqGZZe+H8YbVevtEq0uW3yOyXta0h88u9QuYUdq8LE0sDqOmyGjxvU7MaDIbVqplgETW\/NE\/cvaMSDgL9CHXru0efaH26aRrBGKK\/el8kZH3UaZy\/b9fmgdZ9mmXS5myo5Uucklk32jY0nKiPx7OwGdOw\/13D\/yhjhsJPO9lxfnt\/xrx5w2VANECESU2NEWkJRxhIc\/dJshO3z01DVcn1fIfmiyloSgZUd+\/HKai9If5RANhfzeQXioPpPbOoecz6if3Z3FtQKFLotx+aOWuKKAGGc0cyrUXi77xeLDAxjE6tOM9yaGQcFFgEY\/SOBwtvWDdb9NoQWO7p11EUZ+wl\/rZ5GXlvPXsY8mh6Clgitpg7R24nHSXQN0B06887mB4HnoNDeAmXGTVqNUO5Hwpt4Nv5fOd\/uAYlaCVVGeZWnQSUt3FSt6UlJWCYhZFk40gfKSsTtWeOQIhnNtUP5+zwa3UUHni3XmISHlQzbBz\/bS0jB08K8r4MbQ1k++PfwYjBxXo33Ojv377xL3kEWdt7dqkANX+xOLqZ4hYjJtVeJE6KaWK5kxNrvgI4+Wbq72iTCPnuWu4Yc+04d7b\/zeICLVlQ4UJomN5dkhXIvTFKQ7NG0K7rxpiRWOcSPWgsWX4wFJhAUCcqoK9wfw0ZMIl8zrsdDk5l5X+x8MTT+SQICOrIXn0ZSpTbD3Xt68fdgFWkqOjWnFQHPy3Iy3RczgAeN7wIYFfuCnnC6ME+5Pu63Pk2iPfP7TzEvCq+iYnwhXaGT1sDWUzQDz9Ea\/yyYCqRPN\/gqIRL+pXgs9ex+9iKQaMTnc0vlqASRWWCZPNc2rf\/Q9eHHk4W3NPoX3ez56VofMyV9x8Kx7xSgFDFLRY80kBMgLWMJDfi6woBPhXKsM4wd2mLvh7\/wW+nGUcZMc5X3DVUUiDmGzvF7qBR8QzheMOnqAvFyKMGSpJJ5Ps0oPIRQEBEONuBTdMtasa9lBz6DGcqXqeY1rs9cdoTZaeh1CgiDqdZdsgdaBb3PTBxELCiZg3Mjn2Ot0f4S6rODt1khthCXa+j8H7di6Uu0LktCHPUKJullar39r7GXB33cmiLI1UYXrrTv25S4DhWZdTftmpBXDFOwlNLMeatZGrEKK7zLzeIx5rioedbNSfdLfUi9tYWh0gPPFQENtKlJVn1Gyol7zm\/QqNOvgomZt6RUw\/PI2OFl+9zsCQmj6uTnByKe6c\/tZrUT6N2R5lvUzAGZIClGGsFR4e4cmvkmiIdEOo+lEW9ZEBcUKvujsGgkc9cAkZMsNkFQc\/PgQpvfYqWlnRu5wnZk6Sv5jPr2LTnEt\/ndr7UGSNAG3nto3fdM2CWZImFEJlzxZcJ6Pjr\/DX1+sbuL0VJWf56xETi07cgoGnD9splJhqvifjBi5hE6IKs1smgIDugqMeU+hKZgmx0tlIBEDohI\/weDtB6ZoTNVzeCrtE9Ne5sHna3EbB6mrF1wOyF+v7JqhFt1AklERk8cvtUnrNY9KDllJiAIoy8SJ+lKPlC22sDEHqftvcIo8mS2cppG0wllO2Q1TclT9pjsn1nIhooutFD14OqIrVo62MaGWaUpxzW8sZy1SVksc06sGqCdoo8s5qQi7Gz1K7yZhZo6W82as73l\/bfhqszTmMajohCA0Y9MFT\/+c5ticaJcK8VZzHx\/4ndP6BdrrmvIMXm4MvPY0XbZvr4Jyhd\/FOn6vdTJUGitV6mUWBc8Qn4h5NGpTVY3jRUrKJ\/3UHMEn9NXaFjwDa+i\/lDWeXt3KF5YT"} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com"}} 01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} 01063{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com"}} @@ -197,11 +197,11 @@ 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com","domainame":"r3---sn-vh5ouxa-hjud.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-hju7enel.googlevideo.com"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} -01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01200{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432876694398,"pkt":"AAAAAAAAAAcAraZQCABFAAViGmJAAEARTcLAqP4L++wSxuaoAbsFTqV5w\/8AAB0IbOm6o+b7s18AAEU0LLQC1yXAWiYnG0IzhK2VYtXys8mZ62JD8wkhsWvqnkzFbhvt3QJvfuPuR1sirwI+KShnUrbM1afN6aEucT9hrS0klXGQkP\/sjbWxbRSVpPd+f9X5MHJS9Hz6kemhKetvXTyJqGbN1G75GC+zwvky4Qoa+1\/EIdMd\/MIuXCU84yBXwj+twRLahCznv3yroalrF474u7NubFW0jMWcRH5J+A15Xme108pRGv37O29qvyKdzOm1\/NNznL9yP2RLUgbmtwygArdZz610E2wne9tt8WxltfSjaavCs3J3wGNB7kwvqcFpV4kuTtBj8cRhDJ8UsAFET3J5wrdiOHvAkcai8b4dgSQNPHDp3xVf8Xxr5a3lZo4oeM2pSFKI4zOy\/gL3IOWrKEH5BRE0tivVe3HggMJPpzZub39IlYLUFGhw1FqGAvGU\/L7xouN\/GGzHYbjg9KBXpegMLxXi3ppGr4R3ZbEegXJV66wPYugPfdTLxj3R2ZAxcu5MSpStr5MG9ltk8lzwLtmx5YcbJbKyEMRaCF1iW\/dcIpEdw9mhALjKcmSqJOsabUpsYKoKUTDLiRb0OEMir5UbZUiQVy4\/7Sfjg8ICBXUxYfj0TnKlaJ+wlyizyGCVB0WjDtYmQo50PxvLRALC1oTClrCfpu+K5RTPrOVf3+YHiGNjoiEYVT3Ysn6ef85QtfRP8nysquU2HQ88cdBu1x51\/5RyV\/+DRSGX7VUOAssxQ1MRma0bjRn3Dmy0rmBgLMBljm\/VFeCUpmDEQk1q52vMrgRR1lJE4AiR7egIJ\/6ghIxt2OWtcRN3jJsaTUSy\/zR3IMutW13i9Gw+AVIamx3Vj3f2LmCwuEcU4XeICojezZ7vi0NbDJmYGkjSwtTh7b4ESpxisA62XYIfsFsU6JrkPXTQT01HZP1jD5W\/7lmQ0Uzgb\/2mciiqV+PLt4y8IbSi9MMFIn7Fr1j3biSlXPu\/RKPCVeZazwP4GHO\/RBVQpMem9Q8N3P8d2DHSrWjG21BATI\/t4zX6uTupPdTce\/pRl3wh6arawXv4rYaa734DQGVOXKuJAL3VUiEX4k2WKQ6rMy\/2mgtg8f52j\/tm9h2LXlahvO4wQoJ2w0aBRN8mS\/cj\/Ra3JQN+4\/oZNfyurOlap8hdr9uhFzS6jiSKCSEudsefNrvctv9D2s60pV3\/7RkKVVy2YmGu\/fMPAer+QSxevYYR\/AKkpcNjdJbkDD7YmHSguK9rnJzqbP\/etQrDxN0GrlpCWIXAdhL7Wfi2tYHcbnj8KVMmATRN+0400Z6WxauakXJuNv0JQTaVaubj\/PKuuq5K2vb0tCYbHDPd+MadAPo+JJ8pU1ZDa4KyOjlkd5AJbK5Q0frPvukJDpBDNImKfhDpKSebp8mS0bQbYQY0FjVILDcWSeoYGnRDjH4XJcz4fxZCkv0YvY6T1xDnsZGbGC4zJU59YxE5WYODQH3mhJYDZb\/R1Z23tx++rEKCl2Q7KLWqJ5ApuDmaONgp5W6ybOYwz0urwNxYZ8lWWON9dZHSxM5jOoeTSovDCyex8ryrdpEr1yHyEEgBjx97a\/VbuMDI9wE+07AAsKn1v0pSUT2Y4vUwGIFdflJgbjasGl8KWyMuibJCGP7tF5SXVICBAc\/QHntpbpYtsuJHF0\/RWuZ5yeLaxKHv5t92AvGJsO1Kn9KikspdEaOGD07Y\/IrmImcu4IELab4LYJw6sE0eqBRwufR9cgXtZLQQbDqd2TajaJSlfs8qSumGCJZU9e7j4K131s1OqQIPtVUm"} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905483700,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432905483700,"pkt":"AAAAAAAAAAUAtOBOCABFAAViNntAAEARSxrAqP4LXWSX3ZW7AbsFTtZExP8AAB0IShhVJvVFj04AAEU0bXBdseJ245uG4fwHC8m+6tqS\/v6gWT6TRuENAP9tPhydGDsgF7KG9PiuBNd6U4OZoDZDYxdNvgEXRnGpqok1G3cCYyBnmB+42zbaUcW6U0WH8uxsOi5\/mEnkpv0Euyn4vltnRK3e5h6tt2GHGaZNsy6oaivFwmgBfGYXqlFzvmiPzvJp0LRexpgDjU1i\/7Vx3NLfmf7PCWakVkQTn3Mv0hIdyp8NbWby75nFm5vd9qbf7rSRebZCqrG\/gNT3SMKZ9PYXe6zl6Or9B3VtV0CUQVHLUT2ZljaOp+wo2wp+zymYt6qEwhJmfIj1MPdkgXuV3gJi0KHCUAcVSQRFxSkySlYbKd6ChL8GI5FOjZ8QvdYKnwQM7\/z8AgfduUObnEfl6hZZ2npNR6FcP0WFzqQBRqRGO9wwKzFt\/XTgmkAPd3\/wF\/a5iP3PPQDPTiggyH1xpv0ciMP9WN7wbydFhtrLUcfgELiYllzto5jkyT0K6\/M5XWw3Kv1G4BMmIruFxnBZKQUoqA9d1oSjSc9wdZfqCt34KDErlg5RxTvxzlCxbSR1YL1ln0Lc5ooN49Vt0Q6U67rR+tWR3ESuIWUzLCixA\/08yk6CIflG592BY6gPW8Cbm\/dEQnktmUnnaHerrmQJ+oSjAV3xiVvlBT9XkcfS4WGAQSxeXxfXway\/cpuKTExCubwigm9g36DqjHLDwHWdQ6CDBwzPwE7JMioE0h5qzz7kgFtRTn3Dx0fN21mdCirtg9qB4hRCIkLgp9PkotTkEDbsPz4aPrVoVedFUeJh0cg3JwF0sNVAEJ\/svLXWTrK8yCxq3qPCAIv+qhZfntTMCSTOlv+m4\/SG6pP4\/xXexllpq4vN11z\/230fqh41BREXT6ToSYKiLPgIta9MKijhMUrhqLp\/H+6H5q5lyTMHqWsEsQNb9gmgb5bTrnpRQ66GI3I\/Eu6QRe6JQXxj0tdcpH1LILG1JY5awETdC9Gy\/ssWffqANToHPZNHsKgLSZ1Nr4vYsqiHrBBykgGu6do9vSxz86\/Q7Nfe09TEYnNYd\/kOxWDgAjPgINa9ldEyBy\/c1LwwfuQYBqjVd6qzuIvK08UzshDfAry1FSjTNf4Xhzv+C+kRHXoa7jBGnB6icP7W4jD\/KUJLbHASUFpcjtDotzShDZHUYL2umLhCdB5TlPKE75C7x9wNG7TVI9tJsWFBgyfIZUHuK2V6Iv1Xy+i0DPqZ33eKf2\/0cktp3L9oQQztf0yom9iQlAFOrjb0BYxuxSQsDAuCBTfuHuiEnBMg+uie7JClpFd8oxRzgLF2UmGs+bcAjRKlbO8KUqBVWyus6KeC+GY7NYnQOkEB79W\/LSs6F\/y3yumt9XaOjhKZsA1BY2GPva6DJ9bGm5lZVeWW5MqGFMwmbmEdGj7B2lfP6DGaxySHgfivVSWM5AP9dRouhItZWUMTYuA42yBFxC7yYUU5K2dZxoCQBpBD8hiq\/kMUMEM3CXwPlOYnLiDJ4+OLlI1CXf6o16idWwlO57uhDJqlkgqP5iNglZKDiDaLUKSczncTiHuKNaqGxKe+jsT2MHO9nT+g41OMRLOnPZdlHoF\/GerD0RU3bVnuaPA\/7hWpOovJjEYu0nZDxzelWy4hmTrQXIfWloeao6NvLIo0\/Yq0zpGecbJvwB4o4kud6kzKSyDmvDz4lmDhp7J+b+a+a4OXVg9LI3gcKi3B+a6ggFfUWsH3jytuH49v9jql4XnS3YfR4DGtKs1U+A54fAEg+9sHrLj7+fD3uJet9knr5KO1"} @@ -216,7 +216,7 @@ 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432925103422,"pkt":"AAAAAAAAAAcAGj1jCABFAAViSZ9AAEAR2GnAqP4Lq7apF9WkAbsFTr9ryP8AAB0ImNfkZtNfpzsAAEU0Oj9RSuVXGBshDZ9GPJVbTKah5lq0FbzrD\/4QiXWxZYgS+EbUjCGL\/0WPsAmbxAc5pHPcwM09LAtmsRF0tGX2IcJO0mU4AICaJurVtqH6l7QnkS2mp\/1x4GkbuWDqNzt1vSNWb0duDucAhmzcDliKJUl+FhynNOZYpa37\/x3qQ2gUckEGtff22WZgICjdslGI9otsFCSq641M3T\/cnDTUDnywq\/5JBllUmTz3xSy7uOqdk\/GvmAxiKHI2qstlN50jgygWTjcEwibzi9GX45hbp55CvW6Vq07\/s78mWZPUaJolO7wmVEZvMjkKJwShrqatA1+fXdYi3Cg6UroeArW9\/giXBCgKk96t0LWj0Ye3aYHEguEIQQk+U1hIhhohBG7CyRY7KinfzxhHKYp4nxR0AoE08flCIJk27BdQVKCtwgdl1KEE6InkS58vcYsqRwl5mGQOqcdrW5vFut3SDANgBea80xgfodgrDqKTbcyZffoEiF+kb9ynHc1ezv0bIAV1PkzOj2qgqWsC5p\/fh\/Zzo8P2XZ8aLnTStcZ6bcklAv5uVNf+UFbiWmjv2tlpO14A6WkHj4ErxqRWGBEYotaldzMPFZWFiW2ioPVB0TG8QGhc95U+YN9bqrlIpzSi25dwaSTySv9VHstq4bM\/QvcvcMc0fH6fkzreAswa30NHgKmTHo6vyNHpVpxUy9B4ic+Or+cxEht9\/+WUAlkGWn97Q8YWdYVqIOE5mCXUm8qnxVNMIjkIhZGSoo3YxRavD7wdS8Fw1e+q3qydgTwhWjN0NEBx48heIuNQeY\/cE2hG6X8ielA1D3F3K53XZj+sSIoJGcY1F7o1jjWVmH8mOKr2btDy1dXnct+R\/pl4MyRkLClPx\/3ATniC4oYp8uNJ3B+NZdFcYjik5Sgeyx0mQaYCG27z65uob1zsx3rLGilfcXu8rawpdMaheJzkzO8EfJ0bPQG7F16gqR72nPqhJazpLH1wJnmzKMRebRRXMjGts\/Ri1mopASMG\/jbemX2+HOVqkYrPOJB4f5ST2JWfYMS9SdThVwfLGD1AwfsTLiumDKXR4Tg9xxWgAm+qvsbkRhOZ+FGfeL1PYau3Gyz7MiuqmvjBLY1U2K2xhSPscA4eL02HE+xDEr9eGwsucUqbbX+fy7xw+w59I9WXHzL9SjWsk7akH4tDqV3vDDFTrKT11Jy1Do1G\/mkcndHjXnmmMLfPsi8aPVfXNZIsbgrEqHINxT2H5oY4DI9on9u1XyO+WEYlRBbCj0\/iK09jSPGirK8Q36Lbin8pAshKEXfyzFJHclT4mOY4c7REOe77o1hD3cLQLCZ3KJ7lzwhO1fZz\/+5qiqK9KNuq+3D1\/Fbs5GLW+FqzDspdA+DHD3HVyqhGJSXI53Ms9iSliE6F6FFbgCwH3eJT9Ox0wN1zEmBqIR7303kSG5qzr5TLI3S+HsomuNljUiJcLhPennjdx7lzykZLApkNqdXohn6cMLNWawEq2vbg6QuuGD5qyFkpNZTZlU8uAHtpVJ6PR8rOhIURj1C7nmD2CZtZldkk7jy284c\/v0cTFyeXTlazrNC5FguNM8mQtfcjJeoRBgpM91eZLLODlcjL1P9tpCLmn9Socs7Q01T2rkvjPV0716n64nRa49vunAqoY5G0f+iJstXQKjrKL1O19hveBusaLAMf3k7esjVnHjtEFlZNWENT0AHE9vZ45PqMxHl97AMxGE1Ey++DiK2nswhT1oOP5K+MSP8LTUT8gmGcQuDngWuHVMtTenYrRPM5"} 01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.freearabianporn.com","domainame":"www.freearabianporn.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com"}} -01059{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +01206{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005013575,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433005013575,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6tAAEARnbXAqP4LqE6ZJ4k0AbsFThpVwP8AAB0IZRm3OuXdodgAAEU0ssTnI2C5JTpJ7y484Fn11oOKDy1JlfEyAX6Ahkv2Zo4OuAkEIohPGoaBHToYLM+P+WJUX+\/Cx7tkDHSXu6uphHZEOGBHmbdUhEa31U3TrNufu9mq6Qj3es8x44mT60\/f25coknN4f1asGblw6iEV1UtSpKMZaOs\/Xn05i9jEBkmhLNqDiktkJ4wwKu6eDxhG6VfLGYQN0Nd18mF97QnMWVWto+p42IfXZbxYSsRmanu+ilVlO+oFCT5a\/R9Dt+6n3rqrFuIxLqTN6rjt10GoO\/\/lvMLrXeyHTYVfDmtLHFSomxcrpQ3r6eIc\/i4bL2wJjBHSTqeCFHn34cWF\/KUdra327rirXnBA\/7qtlzjYwUqqXpMeU06gm6+dAJeS+a55i\/iSqTqtrz20+u7ZIKLbJOhNJP6eJyDr4dCdENdXp1Fo+RvNoazaCsibyYSNV21GcFTzdJdaAp+DcgmVuOqynNS+9YRbKxw\/5tALw7bDdUy189V3QJUm\/7eodDeLzAxTU0ecTeCtBoRV6Wg00hEmo77VajiQh+S9i4nbzRbAGk3ddKNqZC3nSakSP6Mm39WZ9XZ2DSCUBtbOz1EnZK6eDSyw3kFY8N3QSNiaiSeJfa33Sokfyq3JCk8UnjuMqQyCqe2oeMj9pjHd8z5tFKOU+7OZzkA\/yQ7JVv9cFs9+5eYZ4cKFz9UVTSQT0XDPHR4RXhdh+bwJsc9s3QG7laDs6sjDff1OOdIw+HQvW4J9j4BHeEjv5EX8iWWHhElmMuawXMu41RoYajwI8TvfiJwokixmW4yjJof50jF95ax2qGzCJFu+R9a+5BttXBh\/HgnlXdP0TqNiuxyOJzh2lYvo4XC+o1iVVoZbKKo29cl1g0ROFSenQ6plougEal5XbLsvgz1yDGwthS+cZxXIzwxF8Eg5YJQAhTRX61XoObnpc3wjyuzhjohKkihqglhF+YzQsZk375xH7l8SvAlGAlhbaqyzvg5BgzZRh6okkrQOneu5ObvEyajk7xJ1B4hskZiOxnZ0noPwZBTF2QPMuYYm+MCxH46tot+xZ66piECmxmki024ptldWuOatYmRe+vTjmyyX1YPL4JCVDC40p742+pLSe\/iwjJkZAnjQmTnvKGie\/1BU5Wr+49RbkkhlQj87GarVPAL2uWWkqFe2Xngd1FbJvcDFFkuK1dxqsHpPZkmRC96zjmBFDteeGuqwR2lMo3UjjF2OCNSmVipO+iUOCkltuf8TJWxs7tEHUrqAVXcOfh5I8BPOIikZ3dfkJLmZ2FbI0TTtjsGhNskYmpIQ0PlvPIV7kAS3z0gwBKaF1FnV\/xQ0OCEM7TJqhVOfiW\/+wkoA3mujBfVH\/wOmSvWqW48vFIffH3djYRV7X32psbHY61g0HRIXjeXvXr8Qqc6kOM7tKBgVpXPFeJ07yr5RtFibyMmbpJubKIOxOd2PNf\/UyTLqOCr\/EZQqRA34kT\/VbsSrwcgR6YhLifHRelRWGH\/E0Pa9ov+0yS6KH5C1eU4IuTLa8OWBrTOYGLQu8Tu0ZuJyhcfyGs1ESpNH7K8z9wJSLmfAfovUdPKdJaXA4eVpJ3b6rEyriccdcLge1eKHdQyp3T\/AsTnrrAUQoHmrYyzAM8GsuQbvKlbfByymbHOPuwfI9YUmrFGuBKrB3X9vWARNEbMs2uicMz1oh0SQfb2Ug93LkY\/XDhxl6y6ruCuCMjHk9YF6+XgKvBLgShKGnzgcDJqqw32S355No+iSbZZxAos\/DatV1Zsga3TJckyQKORE"} 01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005013575,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk","domainame":"s-img.adskeeper.co.uk","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -226,14 +226,14 @@ 01065{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","proto_id":"188.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"litepages.googlezip.net"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.freearabianporn.com"}} 01082{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"optimizationguide-pa.googleapis.com"}} -01059{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +01206{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433067725492,"pkt":"AAAAAAAAAAcA4umACABFAAVi1OtAAEARtzjAqP4LdZR1HseDAbsFTtZ3zP8AAB0IpPhj4m4ZUDEAAEU0Bbm2MdfcBkbBAPPSjVV7TSr2o29Fu0JZdgmdGfjVEVdDmbG+dqC+JAbzKNxQpRoBCsz4rRvvwiop1np5APZ9Ov1gMJcSIiHQncQkBtDWz+J2o6GAqwAVkZk1FxBkffl8czPnYy8dHsU5KXYYOyBtpfhC+IT7ePszMtE7GlrZvCnH23HBzZ7GxSIxR9YFrG6h4PldhiWirrW6fHFgo\/piSndGDtWSJ+EYJdFyOMLk8LdIhNJ\/bJX3nYw329gRY5r\/poWNl5g71rBp4iz\/aiTDNDMAfcg1ExHdPviw2IK9f4W8pMDMvDI9FexzuJfBX9eRklkzssGGPyOnF+xE6997bLBbI4Vi9+gpQBFCCwYHdZ8Yt0Gussz\/f9ErkfzoPii85d0vfFh+DB5q2D4txvr1h4E4SDVIPFbk3TFJy\/7UXDNbvXXIm5xIqlq3grZZAsNicHGKes2+rw5ypULifO33QhqTPaSFb\/jQn6NyP3WJTRP9i0U0VPYsdYu3f0K5pfJOPF\/8gAxIuhKlFGtGv9GRMlzIpV1F1p2d9+\/vUuadZOiX\/Db7H96lha\/Okr2QtWcz\/SSoJEkbKYVqBS3RDAbbB4X6mN4n9Ft6hAcQJheC2GFXuEAFotpEq4XY1B+2WcU1cIEKgkoBaRv5g1\/LOKnYzLT8SzL1UVFovVGYHn+X0THvNtuJ957AYrKYcqgN\/SUJSPHzmoZoWGO\/q5y19X4WfC481zRO79sZO31h6Dk1na9B\/hYqG\/CxAXd1s5xBzDA8OS5TnaqusIzCxer4zV82fnF7VoQtDopVZNTsoDAIpt6cW+fAinlqYRRovLmToeikcLMo8c8\/6+0XN4C\/sNxwObVZ\/O5C\/emTkAyuRrduScc9vJaxAO9Dl74qqMHIMLFex8KQIDCh6G1NTs3194S8k5vVSQvmLDPRNPbXzBD1\/e\/+7+rmJqGUOcdbTOlX0fkuR4DB14HEvju2C2b9RxC4VpxeWcvtcIqUvnsdf+10RtMvVEY1H8oIRhd\/40\/JOM1RwnJAya+YM9Lojxag2aYSWUlQyopt5V+r8YPszgD2PyRsBJhXDMRUFIuIv2\/u0jmGfN1IMWtAf4wKiwoSQdAMV17hTocy61LlAkDEtIzfOpKoBNjr1FJvgoLlUR3p6HPRjORhAJzdHC7IByfP3Hxhs3ctG3V\/7BQQoSKFTrGH3kjhrfgHIt0HEkl96gVcUPsmn4EtE2VI+GcXfV\/ANkKoUFr3NCaUGtMncqVP\/YjZZJ+QcMW41L0RZUgzIT928lTjcFEypXkCRrlGtP+rWWXE7mFYXiNfnrIK3QAi4gD88L8LjTWDuvcPu8biICw9pEbLTHY1O7PpcQj\/JJ82HVYLYO58O++NchQ\/rgmiClydF0i\/JID1L1diJjMl1iYMV77lfb9Nvv2HfL8j7cDz55Alfw6pwUDnb8QeDwc\/a6xAfyz4uojy4vrCkJfYZreW9P4NFSgKnEX7HwNb6i1ZjiVei7dVFeH9afC69DsshYJ7L0fYFE5rREPVfqmcWx57T\/mQmdAf1+07k2CuNu6sNtY+XS6xOdLTWbSkcX50J5GTkvJhnKHxtmGLG8CoEfmdvM4NCU9jEGSExH87\/iWlXlfjYuUfmvFjsKZOzqUkQ2sUkhZw7BFVNd3HF7fUsilfRlk2t8MaAx\/EEndDgdYNK0EgdXbFzOIIeK6IAbpmYeX7gNdesbdzVQ6uz6TCcVrRcKuxoreJi193vTD2D8+SLe1fOItmTtr9WoqXkb1GjhybS\/sPn+TL"} -01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01467{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433067996393,"pkt":"AAAAAAAAAAcAWlu1CABFAAVi1TJAAEARrlvAqP4LV7OblcIZAbsFTjBdyP8AAB0IGttMWxhOAgQAAEU0E0iR2uQV7+gKMUMCJ94a1mUs9WxU6Tkmya1QT1ijZpDLW3h0qsyJnE7yi5XMKbMLZQG0VI0E4CnL4699UzuXHbmZG4j1bpQxuVn5yALot0dTMdquwfkg43GEM1wkpQgrsMTP0qTEcaLbJ4i4VFKwOqxnROj3ts8Q5YEHHDel6ycIKIRhevOZCj2WbWLu59h+nwbW8hRv73Od8cN4+kjzfuGe+B1zZiO+ZdX3XLy2RMy5S4kzUgTJnM6eihuCfOyH9C1kMvBrE6eF+uvUY6g2SL73pAnMQ8F3ZxMjAvnHhyJJDNucS6II1cpdPCb4Nk6lW166dZJrTlpxEptf9MOeoGPoI7T8kuqmrwllZaRI4XQ\/kKSxUPBWGaQQMJydqLl6\/T1lDk6eOI6jqnm\/GdP90hCcoCmDPrWgZe22++LHPGXmbsr3YOCDa1nIhq8ftKY33OkoptIbA8RVngOr1lQUcMQQ\/VYFKWd7j8gKOuzuJU4SGqvnkK6Wj6e+C85olkBIqr+FP9UVpBEPptprLjMH\/pqncDJZ5yEh7Grdurgenn8Oa1UCeREsY9XCcMK5LJG0GEGg5FgT1KKRue2Z3g1vuP3LjKlHlZ6ysoHZipHIwWeDZcFGaN8c7Ipp75Aj4UWNvtREE2z3pxKUeu\/3ZyZ1sgWETUpVlXcSVvotMQ5TZwvAGbXANNu\/rhz1tvjUpV2Gbr3iMVknJ312hfpRnkJ0phBBW7yPgZMi2pP2LGIwP70mvVJhdiKKMoWgQ2K6uSPzHShiYyWZ9wfqSuCt4GrPH2Dz+sYRk9GjWlWo38XlQSZByhfvHyMDGY\/VwkRy7DGiQWpLBPaI32qcs+0Wi5UhL0chKc9MuYtE2kBrFhu\/MmzxgILiKu9g1WiLecrRs+SiPafnawwXaxRH3UnKyKEbs9tf7cxaGwTFwQbItBr0May5hHbw7VijZr\/F9HknAkXN+WQzfw2IZkbx63CHzTxn0Lf0\/gAteNoZtUoQnGHEWYD7yIoAOl+XtxktZ2WH8ilBnJI532y+PhOHWg7vFNIZYy2XNI7Ro8rUoGLA7ZyBrhYAPGV\/NOjp8U6D1metWriDzDxh0ozJasZzk0JYSqpovUTh5xgdlDtecRDUNdlTAfjBnyMbf+cFYTPnowHg7\/FY4RR3Q6\/UygV+NcMVkjaTNaDNXvagiuVZXLNIb4Tk3A2V3EqgUkxJl3ru+va\/80OsxasM4dazYUBuVN1MBNdZhpkRBKIit9QjLPAJB6wcXxf+0p+d0gN55St3hQi8gb\/iL9k\/onbQhxFP89onbtuDFXRyUSTM8tQq5CBj7L4VyNmcLHxtw5p3RXU70Uk+0psZnI2HJXq3ccqQUlNOGe4V57sFTrkyJUpugmAdJl2lStMmlzn5NM6S8FjEz0Mv23EdQvL2Xv8xQtAJ82kaQeAQu+skCfiHwl2eE0HR0kpuVdYzC4577xLkjxLKoUO64A52BANzmrvYZyO1d0UbSchYHinUiE32BfXi+lFE2EkQL8c4oFSQkavwjhteXk5z9herUfnERT404lCm6CiO4Z5gG+k6w2kpWoipnHtRYOjO897tsBk6rLYOHvEuLqjnZuhXbn3m7joNX5Nd\/3Q65iq8R5w3zlVfzVIw6SZdhLY9l5ctDa9JFYiC9MK\/ietRcrprlPxUIwhQEDdSRUda3EJD\/9M9hmP+CaD+tbS38jpu\/LbnTrforILNg1cv1A+sXeT03E966mAsy1Ec1mrv8LqFR9Ep7nyOUg5\/wWMujj7+qgzOoMXZ"} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 01049{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005304458,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk"}} 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} 01065{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","proto_id":"188.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"litepages.googlezip.net"}} @@ -249,53 +249,53 @@ 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433110371220,"pkt":"AAAAAAAAAAEAdQOrCABFAAViTQVAAH4ReGOokEAFfYjMBNxpAbsFTiPgxP8AAB0I64b6Iq3qYnUAAEU0uyXOGSdM2M9jQQTW8DsUXfqiyZuXJRO+q4Qmsi3Ls5Qr7HY2TrDXBUTOIVmmAHBRjS4fP4\/iytOosBigAE3GS1YbHzV4KTpsNSP39e4Ai\/gNwa+JW6iG+pMEbrvqFzobrQPLaW\/LHhGgdXr9HPIyoZkTeqm4dAslx2tKgtIx+D3ADPfxa1GtgUwgxIFKeLXE5L28gvidFJ5kvOUtEWVi7p1Ct04FJCqOfcTDqWyHNK+CqUqUXBJaar8gIYJl7Adtmv4APrH1W4DdFGHseDk\/eiFm5dmfQmCqHSHBPKfjlASsF\/vx\/dDIlMGRNJVvEUORDhpGyc6KzrwpCkBycpnvcDHT9PXlK1Pxbvka1u8Bb\/RRdl4GhJjum02FvwJAQzMMcjvQQIBXXUnCtqFNSpD+x2LT6UXB+SZ7qVGMl\/t0sECBNEK08pUkCk0VFUho606M2fHuj9LbnZQ2bGNrvbAjmEkMviJQv1BoTAZGNESQTqDEbwUZYlY30qwlBFXqT9WdH2E9DjbH42c0gLLqSkQErQpcDnv3SSVrUT94EWqqkCfDVWO57NKjDmHa\/9gsGDeQQUO53mruFkMe6rXxUCFdLDVpieBe\/WbmjFIiYjT+b4FzvV0xGUDAY6PtgiB6HvKPqKp6fxy1kpVrc+ZsH0+HKMh3jfC1EeH9CHXsXnCW1rsQpJK4+n8CsldKtQaVDkSAqWG\/OgV+UysKdCujrfyCGHfNMSPWkslqqg7s2vLXqrQBO58gohSxIbtaCIYfWJrle40Mot6V+cL54Ya7PHlWtQH\/Ful4v4rOlvCR9PDd2nGpQ3FkgkGPeywwCdeY5sCTYbMMlVuLQJ1oFmyS3u\/zhwjeifqZs579qwIfpeaP1FtY5r+JU0rDJQFD7jOZdftjZf2LgOsGj\/TW2xmygvRQ30KJn7bLRU1w2J0q7tz5rXSOHzMeKm57vqp3aJSFv9vTNxJ+BD5u\/xLLqLMMeKd3yPZj737pE79\/LtTTjm5eJ8jsSmmJueqzLtGilfbTFryRQF8325++2yfVJKrzj0c61X3njJbMRbXWJEiQmoEZWV9TWfn7wTSpOjjQRnHFofPS0wy5fqr\/79EqOgnhI9PoQuUw+VgWrmM8UnMpt6HX7llwMkswjZvYYBxWiZK7SxCUZWVinS8leBxtyiCVvDCRWP+lpTzYWOppDeOpuuR6nJmZFaaTGLcFFPeAKuAVu+nTC0hkldleZKShVNc+\/+rolf\/Gxsw5EKidbPL8HFlBJjaenmfkmZBH3LxN7+OOgk0dXGhmlJ4wgJ21FhusAxJjb4rdo8Ob65\/i1ZqK2DnqWoWzDwD5m4Uu8\/nBbSMW0kQrvJmBY4XN+lhGiBPJsJk96AxOW048eDZfKJYg8Q4WotwapShO9Tb4n7Q5LhKow3wsQkO4tfue14G\/HUzOIzbT2Vd6GbyzGYbP6zeXYMvI\/MobQkwBtMUX8uK0OxAv1Dxr6E1ez++cFwnP4qZm\/N5d3Snzx7Qd6PHVVvdaIKFS5ChMsrskm71TFLKy4FJm65hgjBVyTzsB5o+U2Jtrwl04IuRnmQXivp3vavvqqU\/4e3mekp37TSUP7JrzfA2\/tdw5ycfdyqXP74qiJ7FqCBDCIFZz07WOMSykwdBK8sEwapJgncvO5v8s3K9sHSmwHnUhAmcTcEJWDFYrq8fgJAuluMgxicHkbBHDHTdVhPiEDPwopOcYRyFx6QlMlyoiPrV8enJOOqMFw9m6sR5PA1xxKZEflyuJ3mRTH80kEIdfZNby15\/d"} 01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r1---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.freearabianporn.com"}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1621433283660100} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1621433283660100} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433283660100,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM6RAAH4RJaGokEAFmWIcTujmAbsFTq3rwf8AAB0Iz5STt1Y1cC0ANwDFPRNS\/+a+ehucrc3Cy3E4zimx6Se5x9S2Dy\/Gdsrzx5YFrAfk\/P5DuuwrPRCPOU3BXGhgTB5E\/e3sUYmzAEVTAuBYpB\/Z\/1ehiztmkudlkpmIe8TV88KuQZdgMCFwpkxLuaxS1ziTCHLi1IPv4lk79c5Z0ULFtJLLvCInJMRjcd6mMGJScqPLX\/oX54gz8qU\/6Qz4haz6hp+OoT4jjUoHwXKwZdcJIPU1d0Fgj9BSxoZMC3uUZUh6\/nSO1JIplWk20Jn+EdrtXf9IF3Neg2QP7WN48TjKFEWh8rRXUGGVZwXfgyZ4u67st5aDs9WYZrXzKxk1nJVUFJMK02b+yKanwM95M5gyBaP7fEbsz3G93Jc14HIS+TZPmXtQf0GDj7Mvht+3zbNTk\/o4VaawVm8AXrpyWNWavSleSlFtm32amXDcWcXBAXyviKq\/ZxOJHsOe0hRNn8R9DKEAdOiVzWHc7gKLyh2t\/TJ5RZvARNmvpppZ6wGihiLhcw7ZfxEeTZuIMl2vCqdlmdPL9rAcodDnH3cPQgNcH7hxThB++pzk4xpGMH6II4XWKGZRVIss+xX363+BpzZ84mO8AvFYpM2G1yOSewM2tyHJJjvt5tVaanjhIHX91fgLX\/FiKYxmMGxgXGOHydnptpnm23dOt0b9WZvjKRdNovSQvIwMupd1UWFxikqzvsb7A4rsAUyXLWIzvzBBk7394MKzqD+owlnrzPcWgMnz22akkOeqa\/r7Uc1zdnb\/xMYpRLj6j\/VJPcZxgWSF\/P4Qtjjh5xSMS7E0SpcbJG3qGTIvbs9UGrdVGQOvITRNq5BHB25231B8uXSwZZ2OfP4kX6XjlMWXbP+uJQMmZTGglRloO+dA6aqTrTy9krXaEQKMk1DpabL8dpFus+hC79SbtQRB2+q+kl1BPR+TLeqOsYPTKcukPf2WREttP39G\/t9VQQCU\/rrFLKNTWUuaicuTglon\/iwyuggUyLgAJ5TOQSh3AwDysJj81Jj8yy\/XVRc+Ow92NtvThIEXi2BqpMI0pLfvsZgTdjiOUTaj4nR5+SLJt0aFTQqUXp4O4\/J8uybiTqPwgzFfEz23lP4SecnmMrwFjOkjPHhXc3\/7rEUmZh2scM1CaQnd8xqX1Byg\/aXBz51V4uicTZLxtfg75bBVl3kelSzZJu+XqjxdL+n9CzfZbtFpXbsW2S+Q4+jDNeJp4HBqG06R4FxxFevo8pd0keFBmX69U1z3Wq3sokxVvxe8+dpn6prJlOSracYX8yZoELER11iW2n6aiIPlofm1lWs6hUzVqnPotYA\/DykZqsMhurgWD4MoqHtW4DHKc5Bn5KWc\/OJK60z5e9EaP9fvLRfYouPq78UI388ELbk719D+pp1WijPL3R0TEvj7ae26qCBSAEds62fCV+P4XZ5x0eUy1+pBImuibzJy0Qqd7jHkHbgRa8FGmj\/X2+xPfVMG8h0AOMqH9w0rUvMze6gprpf\/7tktIfCTqw2Qj6+Gkt7WnBilpUaFfwjZrooYmfJ0DMITDqenN\/N95DqoILT6NKoG8ZEuXufJTYTBtIQQURklCzYwU+bVBfdZZKhXs38KMloqNck1yXZTWMqx0XcaKtPF38dzgU97G+ewHG\/d4QBFblkENQ59GekuwL0tajlQ1a5yv41R4OjF\/og3TAJBWTrUQFopI3FvTMPDLJkxnep4Xrtt3D9pwmCEDc5Asj6CgulJotykyE2uPE6yOnzV6YWwiNzS7S0bLajRUqyRCV2dgZXZaKJvRpr1CHOH"} 01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005304458,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk"}} -01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} -01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} +01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} 01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433300632344,"pkt":"AAAAAAAAAAEASYHhCABFAAViwQFAAH4RVpKokEAFbKuKtsV4AbsFTpawy\/8AAB0IVc00l\/iOZRgANwACoQTdl\/GOABSj5yQ9HIigBgYJdQCUTNlANM6rqxfD5723bzbrUxaSqL+QgfFYDvSs2HF+3FZE\/TQjSbe4Km8KzftRRJ7WGWJLHVZGU6Pr8JJ9uxzBXyE3XW+2zfcSO0pInvNKKnyglyrBYAu3eLKCvMOF\/lcR22wWFyI78zQm\/U4997pUpU3IeDVTo+1apB0IH0pVnXk0s\/DcR6kAfTOaqckpKyJM+iypk884UqXCF7zKL7SZD4uGN8XS+r+vfGpyWarYF8YuRePoaTXkOZ60muMhm0jUocNqY\/U5XaGTP2BXnULnONu5tCViE2swJ5RpifKQhW0ajmcYyvMPByIkayNlHx+wVxBbD59Qy32KgOOXFf4bk8hLtiTkWyRCqp\/0xL9c3Vfn26VBZY5CoyUtdJBdTk8G94oF5RXnKlsW9RPQGN8PNrTlnxYqCMvKdLymzbrkSaVHd1s6hCDMlvKgPIqlyVPjyv7VwNwgypSmNGQjl2iP6PboGwtXnIpa5ka4IFOHhKblDAPYAGuoR3WhJLHbWPOhkpp2xAZBtIdfGz88WUhh\/fa+5OHfzxRvv\/+98pKocB5KIs+9XaMOM2b4ye775waBhKUHBxzU5chSbpQbjGNQ7UgHntGkQrLxRrgYK30BHeCwGqbB3O3zTGi28fjy0q+DQxv58s+isMuLf4rVml1bN6YCm+6tCQu1csCemJ3W1KsCnXf1iNt4C16k4KuAk4uDPh5S1ikxcI8fbKjrNcKeqP+jUu0A0AQxq4tHOgVeVJ99xXNa0rfYRr+KcbfwK2f3GdLGTda3yUnSVSryfyKJvL2Q+8aLblgUuM6hiD+LekvE\/LlAnbBjLmD8wu4FP2UzL6qUbY58f\/mCvQGgHeRTMEUd4CowlgXPUdhQWeaDlfMLg9lfb0LA68XuyJmqrdq5bG2Bep8ngxyxEBYvezuPAC2Iz5rBy\/4kms+yRvo6kVIbiyCCpXtTDJRUyNmBT3rPW48C4LpJYm\/ICdZMpWdD0UGNtBqPhJE7WKkKOsCkPGnUmiGgDd0pjw+lR7ks28tZEyD2kzjPP7ttelpXI8vPVVoY4UZaApsgyum\/R33EOq89AHxrj6xsKtkVzUTlVCJby5kmDowFpY3WvjB3YKxK7u66vXI2uvpgNuceSN\/6K8VLUZARSSeqan2EPUjPwc8NG39Volpuo\/q6ci4X3xaY\/VIhhzOX0GkrQnDUt567z9VlzQJpCGMRaukTO8AYWCEgkfoe6nxM2l6atxd1xrKaWQ5J1s4Fb+l3ui1owS2vTplZ4RPYsayHMQAz9JTj3HW7PvghKUdzoLY3MmV80zisuPXVZXwU2r9a1f+c1uKlxlSpPR66onFKZZdWkDXHMs5slBPZ3cct6OQSpk1E+HaV0eC8NipyKySEkKnwHTUZdNtCvNWU+DfIdSY+5S7vDR\/kAFS+UkA+axllbFzhbZjbE98MSmiyGeojTXpwHvAETcKEIKQ42DITA7olKjQ58qBoakQBY2QIe2\/X\/a+1Rz3Qpmpf5f\/LIHyY8CJTH6Pguykmu8PZ2YjeCHh9nc4aZI\/D5huo5lq5GzxgnUbuvAghp+1jKsnjdIBsSbRH5Ax5Q1NaysWgoo4eoeRiE97DOBD3dFTT0U9rGH\/b9BWCRjOHVrT0xAYjOVJ9vKjsh\/uQE3RymgcpL9m+XSdoP7juYR415Wg2Oqxg61mfx+maFmAF5FUVl8xb42RdcnTELYsROvNQ5WWEs8jmQMghLxKlLWKQvG8aWjfEzyaOE4xFNVsM"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433323690840,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+3xAAH4RF4uokEAFcfqJ894MAbsFTp8Fzf8AAB0IvzqNQD0lRtMANwAyYa5fSLdWImB4ZVjTL2NEPya1cUtwCyStcfOGkb+i0HvP10Xnx2V6173CCBLyTlS2lW3ItThE\/V6vYeQp5d8+\/LNRUHhhok6SCvxveMOhomdOJpo8G34ZKxbpZZeGXMm+kxymEvh9PGGn4vHBB6v4SwzcoQL4QdYO+oYbe4NJGodI+SmHvMckm12krbWK18PtHzoYrJftqnunvJo9ULpSRaYu2+s6djIY3q7wuNnjJvZDUe5LF2t9pFC+gvIh2yTEiqiPxPThsUMHIGShrjOrLAxZrFkrJHPByKb8fTvaZlj+Dkpvl20jckd+I0vvUZV\/2XJXbyUBPGy2tkcDameP4Y5wVjdpq6TVih2KnVLphaiRQHJibXu58TyDz0Vd9X6glZg4tYEC2iKCYEy5kUqjvrjHuGphHab1PzL06uyyN+x\/732GK6ik4JUpWyZBztoY9G7fyAAxwg6UPj487al0tVnMwp1c37Z3vKYougGLf+uVEsTYDF7Cpqu+Ea7zDIydQx7IO8f0CUfPQi\/u8\/gD4HXXAdB2qA1yUY\/VlHUe3+mmQbrEIgq8uIdDQWKYbjVC5pvQNUhxoD\/aL0ONFl\/jOVpgaM\/zL2\/ko1dyUaMhLjojLbYyekvliZ3qkxk605uj5nYxD\/OY0t4miGDxZQMnUULowLp7cbjsKiCD\/BjS+2cK+geBlIFH1XYvpAgJYFqu5\/05GxQPEqo2AZuX650wvMXpjzo7oLSb3VQ3LP6jN+3GtZQkbqO0Ml2eFlFThBeHZyyNfdgISKQXW66VXUuuUPhduLb3p5Yeuex9h\/2xxRpZf+QwTlcaySd6XeQxuyDRaiHCM6HiKDMj8VSuGyQ6y6G\/CQ2lQpqTq0JCG\/TihEgoblpCMhxGu52dI8\/M4cE6+j2XEdE4krEK2jiEaIZKGdebeUzB9JAU0IEQ368+526\/BhOh0rEXo9RUgNgTnXonlH1MQUqO1fcoXxn08UG5E6ZYKgu\/OZN1pWGWjVSWyMfCT4BqFy0DQnEk0oVfz682lYFVubZ2QMzip7UVNkMKKCepikphE4c7ppd3hkLM9bsNAktobkOkAgW2i++QQX\/bTNfJxawx6s88fmfdgIdLdYyVTIeI78VHXkUVfbHcjoQFDDnKH\/5gdBE+P5BLF4EpLHfAF4Wx974YrGRnZHnoMF43ssv3SEdPlN2iriNrn4spM4xowNSQZcUmJHTcSpU+Uat4MDUM6V4RHks5OewDlWO4kOK+6LIYgpiR+yBKe\/LrPhXG4P4O0gNUot5Mb1kSEjLXUEj\/1PtJIrIb4oS70D8+c1NIiu\/OQVFn5lEPax5\/uGndd3bG0u6aRIwsYEkaTKTgdt2ZQun3oPeubolQM1fI1tzSovLzWnNl+koBh7dhxXhgQ\/X9UAn1n9hyc5f5taxal62r3tci4Mbbx8KPZBkYFj8Mmrqc8KDSHzLCloQSWCQSCkBQZ9FMuVsXUYmlB3jRDOW7KZN2uY8kbzPbIbjPWcCvUdxdHVNDIlPdgQ\/XLcgXkYVqmy7m9JKpfEvarWH5dSTcvvBS\/j7hMNXbKyu2ZBJX6gfqjxLKsxKQggL6gi+eWunxMe\/1Z3CwjGLDysODiQjylrqRc\/i89KaJ4RMPmIB9Ni0qJzV1nr4XAGc8l7QrTQ6KvRGv+KgMs0SAAvvCG8jxH07B459x95jC8vicEuCu4Qa8+k5\/C+g6l70JY75v1dmSj7TKtkEeixX9hXhrRxZTs9Uf4IcI+X23icYMl1eKUVDfGr5SG09huGxWXyIx"} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433390651222,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM7pAAH4RJYuokEAFmWIcTuQuAbsFTrRvzv8AAB0INosFT237+MMANwBb9TwbasdQ32A5cX94fXk3R40z4mY0PhE1HEAJQYO4V6\/3tF0P2M88fsUndGz9Fr7kJKq5dvhE\/XERoYXV5NHZLSYf4DTWVhp7q1z6KYJRQxo75jUpfdEwUa6ZG+5bNu\/A5u9XKnFMFC0KCN5TT4NsPs0VPSqpEv80Khbgf8\/cxxTXZWjqluHOImCUv2NFZIJpo9CgaD0e+8GRtcXDohjn+znKXGpEH1V8b\/3kSK48z6I+6n3KVBV2xHgdOGQwwEd1q1J+ECF5KYSp9RUL0zzTscSavIziA0pSN7JIWZUep\/Ok1sLxp9ATB3LHSyV9ajz0afQRqz8lPxBfGq9y5R3BFba3C9vH70pf4yBTyQd6jqWvZyTR21R\/xl6xRf4gAhvJcYjJkxW+3lmGOhS68JXB7SBW\/j\/51vJYllmwAccGUXQGTXS5\/VWIw5VScjbKe0pa3A8a9e8Av\/ljOB\/HEfVTnsj+Y+qchpc8HO4XTQoFrPwaU8vXQ1JM66P7sQb1sco0zqaDzmitGZlUT1QWpnQr7eKksiSn9NnvNYTUvdDSSPn3PKsb2RhC9OqgtoYPKkGHpW8FvVwHYqbSyvaU3MJxUBlxuA0FvYBKTVbWO0AgmyZocUfOLKTsk\/TZfqoCD3QW7FO7lNRUo+P1rP9gFOB463DdLyAUsjehCczhWZWdGU\/gT04HidAXsnw6jARYjLJBcLpd08Td0XXQY6albr3J8ZZ9LOvShd71AaKUK4b3zzE1WCv8qtmiARodSJhVf6dZMl+yNOLSPKMomawxSMzPdml\/FM\/zeE6Dlz+9BPCv+f08v5Fn9tMUAsDXRUKY+8WZNa7DgQzfNejuemuadnwoPLOzzh2w6xM0Rzp6OEuIpQFyQW5xNjLrzOOpMaJIzF2sqpzwfuKJCm3s1snEjO84ddDhgxqjSj4lavW+riy8zgmEWo47r2DqOd3WghFxjV8xyvlVX1uHWa05pzMGWfGeumcPVMyT0adU5+wJkEcRvHBRw+oHJsqaukZHSI5JJYAbZf1ESnjxhCqHtgklzs9ImmCW7GeF21uZglW+vjLUsQcwNpF8zy37gmZdX4j9TzC1fY1ZjbAZMCcZltyE4Ua\/HE9Gr4qIttYQRoSXvemLO35Ifzyp3YBJuix7D\/0G7UY96\/ygRaDjJYKdA8flhrjpLc01yADTlcnXVTVLb1A6zKUqy1IoG\/Tlk\/z3cQ9+IaG0ETvoH+URSO+Wy5\/31GgH86Fb91IlFWvBBgEg9o5mtJE4ZjuQeHoeCfnmV53e5D0s6e1mLoSTRslkgBkyPIHBkD+AfULG9yRcBDRHLVOUtHMauEJx5SFk6LDE48gvZ\/W14DPXuSshpkqThd+a9l965NCkiqLzobezcZyu8ONMCL4aWAP4JD6b0Xp08jXqOcZYqiJ7NZSbad15kseZHdYQvvA+PJhUbcE5YZWcn\/xOb806apm1GAxXDo9cx3POklhJ0tzP\/LMU\/8cl+t2ZxNjURhO8nGFdQRgkvW6BDfHMzQeR6PbeH3pEswauHhyM5fr7Wk49wwwktzukldwFbMPCg9p87hqBsGVxIND1WlwqOlV\/lxMTiW\/q4zZTP6jyb8htKoyq380p91mZyV0+Qdr+Qa7+\/NlUYv8PEee2yAJ5phlblYmFxIh\/JvKbTy5doeGxfVsMIJdICKa5u7\/SlsDHJCHaQdFlIVGoLAQ1H8FpK6Y\/P56TfHflnO\/ivZWYw6MQJh9riQHgPJbhr65Ah4Btxq8WeMahT6b7GzECoVCR8QqXUp3Q"} 01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01055{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} +01202{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01200{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433411827256,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433411827256,"pkt":"AAAAAAAAAAEASYHhCABFAAVixWVAAH4RXjKokEAFEOjade+dAbsFTkGKyP8AAB0ID6UbviYe1OcAAEU0lEpFVo61ttZD0\/Guo\/jnAnR9jv+k5pAvfeBeOWD6Cm8zeiN4ecxHXQbeJAslmDKkgnaApPPGNJshgoi7VzHr\/rv4f991MIah9Z0x3iwrLSqHm+jIfLQxfiAPFuB9rLMf4f5yjsUpTl7yYpryWfDoVmV2zU2awpg5MyVbMiWeuULv\/hrjEOVgd6zoPwwK5dF1RV\/wrIcyIIMUpE+r5n8s58GUzUdN3AhPEbNnKhRwC6RWrqA+i0cqa8ctZWlgocKvytYgiqCsqMVO3NdyZSTFiTuNzFYJLpfFCUzIPf63hLzpNqbjK63qqYHIxdtHDARFoPxNzOgrVier\/q2WjzxC+M6mQi+H2pqwgvmMAlvMEtDd1ZlAWkzOl4G\/oReq\/ToNk7RekeRqvxLV\/VeSMXbYuQGNbpu2wr1Wxl6BibYf\/79Z3rObQtiyM19RxMxp7mdvUcLeIhqREsWiAfd+i1zPeTFCw+TQxI+c7b8r8\/XfC6A0KPfbtIIopv4Md8ZWbT8evvkG1J7aQcX8LESarYbxGnYGbIKbRvieAyXupa9DNkt5ydiaOWNMWmnYatZS7q+vJrXn89FucDVT03eSB8\/l5O5rpocuX6dFZiCeqampgTCdr3kOlnlcPHHqJr+VaFY4vr5Xyh5EHsikjEWIGozPdc7jEZtWf3uYTyNQsjZBZgpnS7YJW7nOT2DjNWT0GWwr0Ic1PXuo8I2w5qSUux7ny0enp7B\/26GObK7DIsMjzFG8UHaQBBmT\/Gf6mdO5kccDPkmAWHe0oXsNPt7\/TmoB8HTzqmFM3q5jiptukUvnl6h3hrA4tDcWF6r6\/VaXFDgQChkQm\/m5WrQEKH+KSIIwCREIKBUb3xaKQEJM4DmC+PDjOpNX2TtmlEUfuimAq0RFbxofd+ZiNjHaNh9WW79+yMMNubGxcKaeiIUpxvvl+n8zGFM11cyoFugluYbAi8iHUHh3Cjjf9i8p\/JBp8Lwsqt8GOKWBoZr8Pv9Qwx\/yhIn9+hyt75NZceSkQPB2HilwbRmKH9ZWN1RLraLSCDjLFZUoXLSdJR3\/RNAs+0evfZVDyjhtDb9Eybgu7J\/eCdLlS3X6ZW+L84u+0SQDGVf6Ood3an8Co1tUKtWj0PhIkidMAwm1PT4EdcGZ0Og4+2sY64xmsHSK3dYm3M1QvEAwoRAl7F2yqmYCv7brxvtZjAJQRQ+SvKtUx9c5gyIckMAAQPNHHrAiKGz7YZtDQNhcaxQR3kHPlUSzEMcAKMY1RR7CN\/pSeooHbHeCdnLpRnly2OT\/HcsGFzOvorJJhV2IGzqc5eU85yleqWqGU4sEQpVrPVOXIbwh\/xWWQ3840ZM2zRH5KGNip5J0esfDT3r1uD4+AX0TrvlQvBmkVKYVu8\/Dc9JFMO8ks11koiARJyBa1p\/sYHKBx1429RrmPqPI1XGKrymUtfQLC1CjqDyMOcxMqXqHjOsV2W9Oe3aLqW0jqS4duUkIT45+NWUAEWQ5dcCvojudybcgB4i60UXLIJevToJ3JBxhaiZ0CBRlMiKqo7D27zgr1XJAjPS+feRSz+BJmxsqmY7bE7m7oRlxsN1qe0wj+Y+9szslqshgyS2A5FJDMEnvbShUgke31IlErYOEjA3M5ysDeUu5PO3ZaH7U9PkLACney3E6ldmC+Nm2iaW6IcjlkqsHCdTehMCOgQeKjiT8gNfoQUi0sDE1nb57Dfx6ucdbSEHW6ULrwjrSydeaPhk7\/b\/ZyzdR5QbL\/8bpPlib01D2Ts9qawYdi2FBumvw"} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433411827256,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433443702807,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+6RAAH4RF2OokEAFcfqJ891rAbsFTomjw\/8AAB0IUmuY6nOze38ANwCN5aNI0Jhzv9NOMh\/1sz8Pq4SZBhXzrMMmdjZzrQgjx1zkkutKHQB1oDFT8L80Z4Aw8jSNx3hE\/Zw\/laqqIbhk2h4AYI8E2Ksg3Sfl+5RD5Qe9ekCyVbSOIn\/RQGKQ+Ysrz4swQWQlQaC+KtSVXMe3vllDuG\/jjZv8zSYZWp4V2dx8qPMZPOw3vPgkM\/WcagE5PucdMP+3itniSXOFzVDdgXKq5nmt+7yYD1XqERMNH7mUp+JRrWe4XHV7cKX02FgoGRmWOpxUJWFf7LJEmXiGcbi7Y0jE\/h\/OYXsowiB1squTTDTuQqDqWuYNEAOZV9SOZp2L7pqHnGTE9iJVdZW+JFE20DbZCic3DVlzGwLNvFMykQy2R19YE9TfCuZrbfxU0FPlLGpo5fIWWWvDAVoqbqVmZqEGwcTHzgV8Yz9EUd9TKsk+pq6On9FaEMp9uqGWWwnxo3eZj0TPa3FIym2Jcz1rAVeaoddUuSsIGRkpmLUnVQPtQlzkUneg+9hSBIQzKf0B4JD4gK60cQ+wEib\/Mlb2svj8AwuMbD42dbbUAldY8vdc2R6SBT7hjpHRBMRK\/23CtpazJepPZW9TaqY1KH0Tz\/rdqetAkIpplEYk8d\/g9AITDWSrF8e6zya2TMq79ase5qJDl1I7B2BaCwE6uBrcM3YNywAaodudS6yBo7OBmzBJLhjcpawpG1VBepprPrMyQKdKRaLIppfRPMpB1zNwIz1B\/b0n29UJhF6mBe0rd\/G89yqhkXZrgizvDrWltB8tOP9SBV2j6Lu0+wAsCdQXImvD3VUPci4NZs5GU7Vvk\/ru8p8qVRhy1G9PMoV9S29kH3cyerovTX6XCRqhXT7LjRT227GeRmtu3e6LKmxiCSV16aoE86qsn7s15ede43yipjlcC2hBClsbMTb2sd2VPU5sjNA7FNWxGPJemWAv1BZza5EgN49CYT43mq\/jV+DKvYykpvXjR7AtKXJDZ6Sjxau21\/2SoAW9fknYkCMN\/b6sBb\/fb2UpjRQ7vtJeLKXxg6xRmaSy02gAXGTje9zcd4wsNhHKa5efII9Ck1SaDqkDwzSlV1MgZYsboWuDhaRPboyD3HUhtACz7J+Y3TYKG8hOhjZ4ZCZgGjHzNSe75OGW465v+X67ja\/0mNh37VVVzJ8W2qxkDcAd6QHJT+qyXR64+O7B10B7DO9voZAqB4B7NmlTjFKRebbQu57q54zPuFHoi5ShAmQQ9UaPbGtA3CwzY355cHS0TvLRROOxD2CS17paHw+jZFFnHn5LXH6snBlWaDVhRzqR\/YYGoi4d\/7LIG+yhTFvXfp4vXRdxfwTSW\/47XWHABPYfJ6vXmF0ZlSVMGkkiLOES0NuVRKMFyi4Xev+x7I5SlwVCu+Rvq8DSRF1MfjOJeMPXW0T\/Ekz0FDO4mP35HA\/3PeK18zuOlO37CdOsUXKnqLocCevQv9jz5q7vVxas6jE8BkD4uQY8aeyRiiKzeZh2\/lVon6R7IS4sMXdz1t4wPZr1ILCy8wM7LjPHggzpJxmfuu9E7qlOH406tiQeyFo7FY1H2GOapGdOKVftFin6pO7IjV88AyDx+yPUwuSKzmoqNi6P6VAErvOi4bRjw\/kYQg9LGmC02XKMWGdyW3mVcI\/8x\/3TkI4csH2+tr+BfT74D5aoqvH+ZJSLn0rurteuEBkZW2fndLeNUkyWzU015vCQoZJqvTClWmVcG9CLZn2rbyhXrUHNKkVJ+wn4ARFcIHQUVc7egurai3mUfPedLQU\/iDA4\/fPb"} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01055{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} +01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01202{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01200{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433521961363,"pkt":"AAAAAAAAAAEASYHhCABFAAViy8RAAH4RV9OokEAFEOjadfy8AbsFThT+z\/8AAB0IhJNYKtANuoMANwBQeqOywn67qncKSnTvuagILGVnNcalwuzGeiHpkW\/r3QudQ1Xg+atf32S0lvogd+2\/QThXrAhE\/UcbE6\/9d3ne8M3mBUbLc5y01PqU2r3V84i6i2XGKABZLB+Bshg3DGbuuyaaRbJCJtO6TLBrd9b6D0pWzrZ8i\/Gz8PAIyMOtI5BQl03yZpQuNeBtefp5qB7VZ9vAjNbT9Fi4jMJzpK4LOjIjHvho5UD9A1tQPssWUuiaB6ShmA41Ky2YyAUYb6Vh9rcHTQmUf36RXRjnMENcqSJ0txZ5HLa+JL\/wc7MLe4cFuMGhbo5QOrIDZl0OqxsRLbUuyHXXUj9iT0oZwwV9OPcMhzRgBCvFYPYmfISQRYW788jLzx1jI6Om66CAeI+GlZoG8XjCWvwTBZh4\/jd+ih5NAhEs\/yPoFHJAITJIoFzfVRs\/ZlaeaD21dhSdkLyQXvL6YrShajAQAL8QQuvvPxp1O9trw\/J1Y0yCHlbqft4HIR8bieoeKqFBtn8Vf4OzAvdIKL73M4BelKj2NgPZYdKz8+ZqUObz8td1TnEc2GZAidUp2ZVWI5XtiTBVv6\/1haOTwC\/f72jS66IjYphHkAjFY9qrDEJPRir2QNSQmatmWbaYhNe+qzzpKOsUSXAhbo1oQcAl+l2H9vJ\/DIQa\/AxSESBrwxGM4fWVLKqEAfMznZCtqu5fIZYleZVlEdE5C6lkvCY2W3xT+YJ1bOncdsHPT\/WGTsfc2kcqrsadebK7YP96vtKb5\/Kwjr0TCYEIvC8vfon2QAbzWY\/JCGhSEYUqb+8HgxwXZ9GWYITX\/BiqiLCdU8Aq6m\/J2oBNQp41WFXol9NeIYQ\/ENO\/iD4I\/DEE\/++\/78B3gyY1sn1rZXJOK0OaZecB3oIp5CHb8DPBBomL5i+kCg55mQYZXdBZu+\/tPycOr6KZl91KRXD7Z7TalELPSIUYpOBkmxHSZ2pvbUBnFHUY\/pw8Iwss0KbgupzZx7PD0GBpeEIyl45N0\/CmlN9QuyhgtpFSdG76LgGZLszlzyntz5P0kwUusECVbIv+39Djz82FK54YD4N+JgQBI2jcM5Zrwk2YhbYd9NpBrDQWUXA9bJsyou+uE1gnkTh+CuICnZY1UDepbEYOVkXeD6R6MgAu0d03kX9pBp4HBB2snNUvQ2Oyw65UsJhUcink0Bfa6N1+jzB8j4NevywJoM\/frbsYzOsqLw3giaa6WuLFmKpE+IZ10TEjlyFlcukcQlZ+NNObDfykNCzzBy0AcMVQaUSbjFM9ZqN+w532wfhRNhL\/F83rzAuxIgJ0n7kuWgx1Jmzauv+GuAQAe\/Uw+HEgG6V+kg9JoZLVZYLKoIXp7Z\/RGXpWG6+88\/QUBnYEjIVJi3NA4jv6spgUguU8hnlk0dwaGaTgDd+E3pAJh1qiy6G4I6\/yNiu8puzdQ2UZXW5DSLwiSIdluiR43lhltbHf\/kT4ogbkuhAZhjh\/hPFlOMFqyWyJNLdSoLKPFvtXO5THZjGcQf64KDQ+Abf7vsxCS6V\/yIHUSA+iidaY5kvUUh1iHjGk0QAUUnvwTyQXCrz5Lw8M0X\/+XryPxtPTET5dAXJHe7twTSv+4wTKnufI1RxQCzNHd\/d8PrkscC7FBMhp5+jPQuyuCQJrAnnf4c5Q9OIbgJM125\/9n8YnDbNwguEGB0mPAkvI3jKFLHb1CFQcgY8kEl\/0mjy6bPZdm5nVzmX0ouDvUmiEZcGPawl5Bk3IHTCTM4+6WoZMUTAFfn6ItnEi7vfqWVc34jJvA3AQ"} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01053{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} +01200{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} -01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01200{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433567521558,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYR1AAH4R+pqokEAFCUGp\/O4IAbsFTmqmwP8AAB0IrIdSuCmx8q8ANwCDdz03IhzUFn1L2Cnpzs\/TwSm2cofJpAX1JkTV3tCerbt47eBb\/tUYyv\/WG3oeaZXUGjSRmm5E\/S\/GHWDf3uofFcje7iOy\/NYB5qLognHXVD5g33k5Wi4OmgM+Ahmi4KhHeG3d2\/spKvCfjAjis75+5oGyetUb7SiO95JzfsedF3RaUE6Kj3rwNnMmnCLJJ1LfhDj1pFKjuI2YJh+71nHR\/BoSscicrqHnjNU+Kt5JysJR0+jE4LPT9l2mVbtuLkLis0xTseEMrQ66AbQ4UFQMzyqQWI6Ys9FFItz+0act2NE2Wbofw\/Lrumq\/k5f6prAdUO5v4cjZt\/R7aWcFen8a7KkWTJ\/7yg4CnjBGZeWmAF\/5X52U3x\/RCCkPoodlYLAoeE7zSZyzafp9Vs3xFNlJ9K08Ckfsw+JGyo11cIH+HtRX65c3vvT6RM+bJMwm4UScJkC6c7MPFESBou22UrxOHjl8NrD0kEu\/qLl4tdQbrTpkmURNF2JKrG1jx1\/Vfcu5uH+lsNbc4u2wpjBtpNr8b07\/1E6ftbBeGWLBOlfhvQxQUPiyD5FRgm3uDcodf1gX7fecwIzaijpGJiX6c2KBmWcNDAQ\/RbOf9+2e76hRJtul2\/BURpdz9zqqRcD4sx424KomOinx8opVJjXft4bXUEWmwuefm1\/MbxOXPv2RyHg9XMH3qoObK7PP8PiRDpbbi6LB0oS1AIUBop\/TsnEOwwab4fl60FNiCev7ICz8OTrnAs6or6No9QC4mHJiNDT\/A5vVLmzT+Z9Dqu6BSr\/JaA6a6DJxfKrQLEYyFN+mAQST11uNp+VnLp1My1clYT++rNpJ2L59DkZaHZMZObQn4ik6O5C5VTnjBEObmR92eddNMuyKx5Kcg3EUAmOCeW6r2JGIl\/IhqsZitb1a2D0s80k4oX7Mvtlc4SQUaT7Qoy9cxZgVr3MS2h5r3nBhDjmOzclfK29evsEafcbJ8vHLvuDQLmwUbuWeYZPoiyIhQ9vr3rKz\/vd4UPl9YGc+ZFcosYc4+tF2ZvXLoV44zl5Hn+JUXSAMG8rfoE5RFiZCNdNSnotUGTuB8Lo8zqSeIICZx9qwBhwg0RBlSWK21bfhv0V6bO9uXd+SDA46Wuo9rvFwnraBKcacSoVBqqZ6NGGOXQX3CZ0UnZskQ2Xh9lq7c+9mbhD+uHkgeQ59u9+pCOoymabTpJz40KiLhh8cpE9UupFG3Btt\/mF\/tKjiDmpak0XaH5p715g4CskmYYeD92tSYiV2pxtPeSRFzREp31JbFciPWTWGHAynBoYesEZ31n6hzAN8xZIjFGAvCt9mogpjeOLZJ7T6QB+DXmTonvgfoavnlxnuqRqgiv2cdSaHzS1VthMln+XrEc6vIeLHjdmGTvxC4AfsHPWXQIScQ1dgnB39QlH9QGb+UXoJzINdUC7cxDDD1xWXlxqErv9pLj\/8syL\/kpqf0cAEb9f64EjRsyus6nZBGadcNgi1Md7ZoW1HGHML8j\/VyYIyJ1h7a+uvD3tW2ObzdNNh76C4O7RQWUO8ZVim2RcdZDeVvKTfU9dvyIagWxbYngJIGWUFxc+bA6nkUtX80ozt8+iMKvMyzsIr5C1WAgFhm\/JX2pUDX72XRGljQ99hW8WgvHx1zqZrH1LJ+aVfz7ij\/XG14HFhuepiATRHhb90pWV4gDy4BiWtZbCYyogbxOy35IER+o2RQvYWxiFGjGpj26HCJi40rj7HUSLn3oSMIhCgp0XQZUgssWXFY06WovWc+\/OK\/KLsjtKK"} 01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} -01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01200{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433588411274,"pkt":"AAAAAAAAAAEAz315CABFAAVi2sJAAH4Rh2SokEAFFgyWwuo9AbsFTrBryP8AAB0INSLhPL22UxQAAEU0dnb6uZhq1t6Zw3kr2pvHyfNWBxJD9W9s2zTRbPt+j3sYHVqGaibagTvObqxr8L7RMTtZH2xjRCWpCspX2XXuq+FXnTIfCwzq0R8bYQN7af9gvVLHPCvoe4LlWn1tEH6m0BTvrXq32km0YOpGp8mBDhiXp58UFczWic\/LDA0x6fF2n4YNtLE4Z2lMWFYhTTmuDLcKfFKATGaEQDjMewCgDLW4FqXB4m54SdcTcA\/dFOpbB1LCJ0YhH7hBJsrsRX7AF75ed76PrLag927ZRPEw3QiemYlDHW\/GgtF2bnMq6BMjp43+PZDDTs8Lw6sSJLk5j+j7binjYxfhzKvS9t5LIcp5cq8WQfdQfqbOCH+EpKFBTJXUATHM0GqFbPOFEWoTNdoLFZJCt0RlhQ2aFEhPRfofdgGmwmNcj6SQWX34PWjMe+xGvvQbWJbXfEiSpzsQw4qDOngUbAppNhq8yhTP7TLB+dKj0\/0j7CCnhGjf5VTlM4l8pSQLDnxJSczvPia0OmU+mYdzwvo0EOBr8AklCW7iLYW8dS2cmM0rlDa0ecqvTJ1VYOrB1S75Bz\/6V6+Hd7atab6h1vwSF2pFzXYcnqRiAinW\/VuSyg8KFFRr4Ybp5EzzwavSR2SInrndIzHlQgZhYkQhMHquBj5pApzCV3CuafdgWqruaCZexHIxHUdqmNN3yoqhpORch4AucgZXsQNNzu61Oune7H9O4MZHSTbLB19LCWWax1HzoFFeIyd+5XmDm8mqPBGBox1uxXAnJKM6+GXHpB2V+FVVww180yqLX4GanOJnfIFeIsn4XBJnYIAP18i9WhsbmRQWzl2XXYGFoRgkXkK1O+vGgPHV0EwDCUVaRhM2Rp+mvnnekeQws42lHMDRRxro+Eu9Ix0dsSJSRu5aFrroBpy3BPqsFCWb6M1EO0ZkiSuyMzMhMajOdUGCUna3gRiqvWtnMAbujUIPEq4PxN703lFKCAwIzIQNpwUh8mhLfFhAoyZhTjLup4KwhbKLFvYtKH0KHuLzpWQoBg9RYsqdtULI2+oQT2xHT99uhQc+dCK2nB0\/AJUbz91vXqq4Z+yTLK3qj+zNjQD0SHuOj18j+U37Pv7n6hwnuYzJKut5HNbT2mS5c\/00J82pn1UFjkHTJlZViBRbamRBCYCrX8FlJMJSeYHxtaGSD2LMbKIo8ecS2LrRVpGzwk0uo07Mlv9SeXRRtFhMhL8QJj7Ppv4crbwmWUJlFStoLO6iJRltLQK2Pl5JTkCISdw7ai8hmpPrQNR1gTuhnQ5\/GrIbz\/Hn59i+FyKiHMbjD3uzIGGIjeAdtBo03OGEL7XqBQA6NjJbG6W4THKFVaoUguo11P+g8z1hQF6OsY4EIS1M4hIImra0sUYy8Djc\/GGHsR0aEhjb1R4SiR+O9eiEtlxe1RT0g5rqIVSMhzdOU4wPWZDmrYaLl5hJ7phEqFGfgb6lrciOSZltZTNxTFq1zP4\/a6FEXS7CWMcJ7gX6XCBKUdUEBZvF6VAhczRd86bNCG2G0yjbnySI5sJBiFiizMdJaTuboXWehh73WfYET2wCS2TQ5Sg3Fpi\/2mK9dgxsZor0IxYLcaR+pvqa9krSP1h\/W+5Yc0W0Il09dN1RybZXko2cOc4Lfkq3Q0OvSfG5Ch6ZniiOz6DPWiFOkZUz2wi4NdBirItgeWcbhu2bR2McE74iWO9Bzd+fUd3fpaJcOg9NgCJg79T+rFXw2qinlYZGKvc14iIcpyM1OlOVLiWgsVNddHQTUfoocRRE+Quu"} @@ -303,17 +303,17 @@ 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433648984652,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+9FAAH4RFzaokEAFcfqJ8\/y1AbsFTvvUzP8AAB0IOGOQBfKCbj0ANwA\/voO+XXx9UNRzF\/PVLqUQmnVcfbJaFy+44m9Th\/J0D8vGDxgnE0b3my68fY4VhoH7ylldwCdE\/cIKBj8Q8msGVTF\/lZRPFcYyu4rQA4dMkmJLGh8h4hcVJXYlyXw0HxsVsRXBSCaH9pcz5MYJT0N8d\/QHoWIhJXtTq2A4a7329H7ZCy\/2hiheF\/XWiSc4pxmO9Ynh+JN2vvZnWdzm0q82\/5WdIhtH6DKNLW7\/XztT2A8BgoGu1165fwnnJttnCnp7MC7ceEZdqQcpJJ9S5BIzGJvI47OWUy\/O+A7cuxtRd80Baj5eUgykqLnUlMco5qWUXbGJ3qeG56zhiw2ILgjT7Bcuxpku4m9iswOoWD9e++B9OG3l4Nl0B6il9OgM9B6djMPEZaQ\/7P0eLCfrf8N1EK8IU+jTARRnjz11uoVbKvy1X354Ysm\/cfeR1fvYJ8g2GiyorZy5vRdiDqVcxw9hR+rNVIThkd9jHbU6NaUET2Zmcrhn0oU\/AQNeqrzoZrD0wkusdBqHE7Oy7ZP3iS2driLZ2Ic4Alz7LOyyp85qJ87V9cHDrhWW0V\/LheIEH23t7AEDMI2gPEDikZlOkiojcHtGj6V3+8VwA1VBAVbh6C2nQb7oWJn4psrNAUumMXN\/5bdg6Au5NE9nJBs2GYp2MzdKptvsKDmxm6J8MjGuWMQCrFOGnhGPYmsufDERoYla\/wIXOqNo8R\/FJFxzNp3PwXo7ZdrQ73XzNwHSr9ffXKXimX21O1SWpQHDR\/RbdX1vZUr3Lh7pfNbx6rH7OmcLXV99oY2AQ6e8oc11SSL+ZdlBq0HLriiqfnA7CcVCdmD6jwEIQhCXdiNp2REzSEls5BEEPv8qRmwUQhOspQKayIHnIFw4XLXOua7WKV89\/vWuyJiksgmRtispubeUmTZoRJOF5\/jnh38nkBft2hu59mNNnWRGPvIy19bc0cxeWlZ4oo6nA9PJSZrQOdeW\/rD5ea8+DflUeQgYwFBI1S1PmVVqn6wiLMuaN3KohpzaQ3XgqrMrhPL05TT+tnokrX8jZ67X0mBu4DfS\/lggH6sBExWEAFyohWoqxhN0lUtYWZxgsnjiG+zXzgkP9ZtYeUvbNuzU6A5q3kVffXh28T+8yra1UAY4vmoeH\/QjLFtQVcEqveGRLBBG1l5o0fUNpUtnBrmmkZGfWY8JzXpI0KnKiHip4fBG0IQd+Q2bQOSO\/Udo4tFpVnmlDgeOeYmyrnrCqgC0cHv\/XR5E73gV1kjRoXxPvXxp\/pzGER9dhbxukOJbOd+VrD3OKeWSvoGbaNv3kYyanEP88AWW\/Bf2lDp7\/uZ7ngQLGve59K09TJ\/VxfxlMpRy29Y9kICc+sz8POsOp1zPo8X3lv4KDjtiGPrF4cogmdW+gz\/1Rx8RTv8nIGkGcj+GVFdIFzhqjZlaM+tlw+V5CFsnIZ58RzZR6PY1G0cLuEeCNRKseDLy2xunVcw0reIDCM\/BTmBGYOUScCRjBtpioVUlizTJN63ofb24jOlXZTsMyrT5MJJU6Slp9jrbFIgBY+6oR5a2h\/33BA9ep\/j6lsrwpd8UjkvRh76vxWRquNFGDZEA\/nnCBtRlZ9XDeCRoVW5+pY+5AmH2BOq5S+1kF52Jn+8edM7qfDOmmPZCwuDrVPEFHpbn96ryrPI4Qt9pbBcq2Z69uLwP\/ZTNn2joerZUg8Hl4cFuZ6ooBq6byB92bCiYOv3FnN\/Mx0lMa5Ean6QjpWh6xfjOoz2RFyP71l9S1BlUPEZhl3HfYvAeLR1G"} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} -01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hju6.googlevideo.com"}} 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433848159035,"pkt":"AAAAAAAAAAEAguyCCABFAAViV7ZAAH4RzIyokEAFdZR1HukgAbsFTrrGzv8AAB0IZrtHVazP7GUANwCdzwl\/Ag4dMP\/532YmgteM9y4rfgnxKHdwAMQTxGHIHdDGRBEdHlnPsFRQLnkLCUyj+ZiMcQtE\/ZbnAwVVwgmAbJeZzFu0xe9BjJU+0q0ZPjc4pl\/q1xAOsn94uZ6J3jN9QX92abvAtxhYz8VeBqrOA607zbwY9GWSP6ok9Pja\/Fq8w8NDCZGf3qIL3rk\/wAzA3jEYpRRQWDHceKbIR88KOcO1FL8LDN9LJGuLhgF5FQs6DJLnrpIczBSYq4OBwz\/\/sKd1SAUQJMcAmfR\/jZPeYBnpsWTjRALFzwpImgbStENOm\/0p3NLhVUB6WCiKCvKKk9gT6\/d\/x10ux08ULPTBXIv\/k4Ll8l6sgA2ueorwPBTauFi21MhZZCtPcV3eJ6EUWMMMFrZfATCNoB+EVA44T4fDxdcOZEzFwjnKteEZmVkDbqqZ9qjV5YV3p\/6BGB2jz47XkvU4EacBYHhxZ2ZBLwV2tLuqe7+aE8IdEygSC4TSRNL49Ttq\/RQwV8aObYvXamg93UAuYbgkXDq6Cz0FVo2RyS4gV5roXuZXS44vxfS1oZOfTTNFzIHJUGwN9JEwtlJyaLE+zlmDRVeeKLag0ryJrnplqRANQHZqgBEbDtwGPSRu34eTOgLm4WHJcagJTF4Fz7xu6\/\/DDYatKPQYRG7oY7IYZQm7mhylJ7uBUzlcqBwaflcUNmXybTxJ+2WD0zZz6gCJLVhgwyhutJAlQanGkuwf3EdmqBx8ceqxoNJ7tZKAGK6ZLIa3G6I1xZC\/TaQ+1KZfZAfI4pB3hAXWDjm2gcWEJXPdl2HpQhbj4SN3C\/MogkQ6jmjo2la2vWjIQ2+qzYSkHj832CLT58yzA0tGXZvR5lpaU6hPOvYp9D+DMoC0H2it5Bi\/rirv+bbZpE7LzsCnG1SyGV0J0MpJPpexlnfbb0tXuruzppFFVv8XX\/\/AGNTxslc2JJDce0W3BO9U2F7QbGNMDxkz\/wBWOEZH8+aF8yWPCo26iB0IWKm64gR8orVp9wCN\/S\/ux5zHmhkRNoUehIoFt23QRRYl4mEM8Kb+yNY6ExrRhuVVLVK07imb+PWqHfegN+A6yiJIol96tI\/qRwPHidTWuw+BPOds5nSGwNNMYCpCNYS7znyftMnQYiHdYUMEr1nkXG0p+BTVDr6yzplTCLHGEroPKNnH8e3DVvViJ3UCgrkqYMJFZa415l4iDMaX1IPVcIVbn0GJt+fxcZSe\/4EBL\/Lglqu4lLqW8vfP3Ryp18CcBI5AUvjnbHT3H9GKw1At8VX0EmM6FNbrzmSDDHpjxJAjZFsnjcKA4s8cGEzjtd04U5Ov1l\/uV+TrsjbEVaYIN3cAlR8CmLid56lf832bUt\/rJVHoQNMALy35MqNi3UTMRHx2sOalpm1X2yqB6Qcr8RiPpnVvJ0XaoyVa69ClIE\/D0J\/eeWPqDxqyOq2dFObeT\/Q3Ey6oum6f7LqZWXPfk\/Of0coJY79h0DaTGeZt8KNREQgsRBcylskDOu5tf2QjszGuOPnHGGIjoEkML3giU2HtWNdhUpR6kCeVzhBvo+CYlsFw0XUh5F8NiKLotZ\/peNJe9m5PV26VmA1CuJnJUZ+iTsXmSUkD0eRX0gnwfjJ6dq\/oMKsvWsVcGcwOkeW0MrEVdWGsBJjfzNjkVIa433oGL9UgwBMpD4PWzwUd+SNd+1vgvOeW4tFbxfn\/XBNWVoFAyPSzEwkXy++b+c1GHJidlATTQULFM1qwYz4DqrTvS\/tKosbIdtvCa5V\/Wk2K\/pjchLwN"} -01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01461{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hju6.googlevideo.com"}} -01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861442402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -321,37 +321,37 @@ 01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861442402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r2---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433861875678,"pkt":"AAAAAAAAAAEAAWXVCABFAAViHWZAAH4R2UiokEAFjzSJEsyjAbsFTgvjw\/8AAB0I4XSW+s91uvMANwAS6GfjW0GMdTsqKMpwqTx337NvtDulmldgfnpNodm4QCw5Bjnjn9W+uBm+YhsF1Trj\/EVP9+xE\/ehiNLKErhY79Fc\/HJEeNp62+UYmQIxnF4BXHeby7saDvvQlaWtUhK2nNgwODZK+JDEtxkUQ\/VybQVP83ATzWc0qLvD8yBtR7czNUAqQeB0mf7V5GtJz0rLXU9erE4DOq5Qs\/9FCIz7bDlqW8m3GqwlAlM\/ShYpSh+i1tk19DnlT9d71cXWxAaBMh3SgHyMdgTEnDOAcddGzDaeO7lK6Q+fWEYvrhEHvLyLGKNSZUeJYxc\/icjZAwxx1JsyytVVfcjM\/mcdecpSw9Bmojler9Rg2Ujayse\/kuXuiAg+1NTMXX33ZL2rhDQtAjmZrBrfEVHGmJy+0cMtd+79bvpVApkexLNObFkVRwaBswWlkZfKVtffBr4kfbBTWyXOmnhO01cFVCjdQL\/BWZouvBCtlDnK59GQE47E\/QE9JjfWDLKIpllBc19+E+UnP0GbmHg\/0unruvB08k6BhVSiKRaeDIjirm9O9wbEuKHWikZtOKgn0vdcW3o49vZELiyS8Oh0eH9i10QOv1F\/ixGOhJ7Q9oRu9TNyMYSO08q0kVm7c2CA73Gt23SuU\/bhClfdnHjyNCfLe1tTbcknZFj\/ikotBSaPjBSmkP\/K1gB+2W38hHc\/pDDGJn\/1HKhUE2jJHeTGdUUEt\/nIx7qb\/Qem+IcovQc0vl5iKASp+ml4MLegR\/yOFMMAwayIHpj4zjxWU8b5eorYjA3a11PNOPq+Diwo4jSkCwWP\/NQrR6of3bBVoaXisVa9wpr4IMIfCHiFcIgOR96+r4oTypl7Gu8zq2gdbwI6YjUXUc52tqJWY3kkxwvYV3OqU8QnVDcS8NgM3sBNbtUWYevWYZ5kG\/xc6I9RBB93tEOa2yK\/MLrNRzd2ly4YTi8cHvLzZ4JO8StA2rNVX7gEP+80+zHm0dnXITPxyYwSedSInn\/pNvSAPgpaQZutI98VHsSgXt2AGJ1MMrh4KLNemtCZ0sd2YqrNsd0v\/Q\/CUZ1ILOe3p+l5wVi9Zn43HdgMKjjQliDoQWt6oPzDKQdarw2zvf2CSBY+WIBwbxkvSJ254+5B740QdtviqaFSVrXzi7RfFwi+ivbVv+NHhY1sdpuJtIIOCprt6WYhs+StriI4nyZAJwcdp32W8aqvb\/1985ZY6u+nxx4f2trOGoh+bHJBuPbElLY3maoHSuOXZ785q+vKdky1ER+vTTeciB3UUV2EsQxGisoRd3HsY14dMPd\/KtnJkfnSo9huSkgv6uqscOmR3O15K2wVr1cJTHHoYe8xmAfEt31ohtVVGBkqoyfKwhTy83VRvvkyyeMMzfXCvOEXQzPUnps\/izhGZQO1uJuDErdBO8cpI3nRLPMCD\/UdOq6K0a\/lUA2\/RmUzFI+l6dkQCJFczxVxFEsgIriEhhycx8gi4LqlH4ujmWOaJbxFhSFcxnusPel+AYrO\/saFdGOX6zbAvXOzVPrMBiZjZC6L4YNHykbx\/ACsbmx2tWJ0UBsImPtqc3VN8uY2G\/l672JNHVL4kWCmPOASo\/9VfXHfz9oDR2A9rIFyPu2yDMiXJyLW7o6SypanBfAjWm99ANW\/QN19miCc22rNTHysZikzeNz6bIeFmyLS3Ngnlk7euJrOCdUrQrLMzQVLmQ\/RtVvjMOEklG0mmb1U0vbtTHQFDaG3odQNuXNPFHDfi8wFpWHR9i\/WEKv+nJwW23RrP6NiuaqLXBX+0"} -01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":75,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":325,"global_ts_usec":1621433949433327} +01464{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":75,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":325,"global_ts_usec":1621433949433327} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433949433327,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/AZAAH4RFwGokEAFcfqJ88LEAbsFTrCcz\/8AAB0IOpZExBi7cWoANwDL9uHaA0kckkofYv0DErOJu7gbuZ9O0WlrHu9XY7EghfeNZiWwbeaMEG1HVz2HXjvb7FiIQLhE\/XrtpQvuu\/3Omn1Xc2On2DZgH7f6oOHpbPUOYpms0\/qyqv6hTxaVN8Qyf9zFprmCdbR0TKFMTov\/mcwAhmtaqiJQOX1idcPmDuEg7iPhXhQ9Rg3RwrAk9BrfJvQxFfeEOMteWZD4MyDZ+yV9SiAuwwh+aqsiPNuxGOL+UtAzKQsqxym7hzR1q28tmGh+i2Zfk\/fZfni9+9jCbMGXciLv74dlIT7PTJbDgcbiIKwlBsLy\/knykvOWyjY094BIkBXk3yU5NleET3fprZZxZhV8ZWXPFIPEaF+RU6Htv70MXhBjSUlUKboeasdJJiERx9PP\/FOQwZ9brIMVelncnCNFZ46nArIPtPpuAd\/21AcBQuAfrDAMwGty4EHlw\/4EpTckdi6e8Q1HZa8uOZS8L8Br1Me9zLoyL4ZjxYSKprCH0SP1KvhqYL3GHK4Qay7ZVNjLEb+G56Co2cVZ6Z8h9R\/Vb5Kkek+Pkji+2fhLMmeX7GKMME7SjXSMGgLh6kG9e35UGvMzTHWm2oiUJJo5etspIs8CqI2hin1wFD6+4iM6vgMpZ1\/0hibOtrqATrfcRXn\/g3FcL\/RO\/V+7mXSO42YkAYxLa84v0N\/qNcWbspbFv6UUuZtGqJZj6gNVEV6zKBOfhdaZA6YCWC4HGrFtWO5PpwwVCgG3aalQZk8NUuhTNMXowyvh9L18LCMzCzLXkkowVa1Yrk+ACBdqcZ0NdAszss2Z\/EjjNmNifpEEEqUfgXYXLLAXFUhdn9KTgkgQJb6GidRjtio+hiOES7K\/Zd7kR9Rp9Q8wDhX+D6mhrqnUubbVrqMcM5J\/ZatN2j1E7+O4tATjd9IDFwcw4kKULkoQtjBOYHy1h\/oATwVF+VEEk5TAZlZMx5wT0IH9U8MEWVD8KooUS4KhPU7qWcQbSeYILfK051yDU8v1p35RNAMARwMz+aDEiPOl1NvT3vNB0NKpyA8dp2SOTKCt+U38vG+GnQA9V62d7ZUKYJ3KlxmDU6XA53hOV25AFsiPuoW6Iyhmf6HsaasYpE\/s6FIsRYPDWGHRq1MdouHttvkvAO+x3GFakZh3SiKhTE80kxe41OgEyoVuUyhRjr87DNUuENvzYlvEniWFEMpKV3srA\/SEnULC+0Ec4J3ujljBaufKdfF8SZpoN9j7BrC+MAqJq3d3VhpBG26mGJXkkc4FOZBB0fM\/Lhy0kTI83pcFnGWjj7XjivhZl42l7vBIKLjvLvvCQDgRAJQidieJyJhRuZYNfeY8eJjBRqpIKNqtcSkkmENkCxAYMCiOc0b0eIGuyHwfWl9DZKgiIkTs1P8VjoiaVtyxt\/mMFzkrdTau0IQVNDUvaqFADarA4i6F5X\/ztcJlv95UshqbL5rcKZuqHaDiKMW08lYpiumS+l0yCHCZdSG\/JKiFlfvCQuuO7wI8YM6N7g2OYZA0jS7vIYCufcCVOzadPPeliEKT+SdqnyQb1rT\/MrPC4qmZRKIvY7jNy8gfCXgs7p4XgbHvnaS7Dr9uRFum4Sn9Lk+LXgtcZE6ZRI7CQvZwF9N6AC\/1sN8XoPIf\/S8UYH\/UrL8QIB2dvW8d4m9grwcwhaVNrzDuYlH1t5w04qvmeO0jLTMXCRV\/LhJb7I6BPjU9fi6dVMzhz3YRA0knZgi9sfYpy0b4laLv5IQhdo7jIDxnDb0cqwQffN65VEIrS8UKXodV6nKpQ21X"} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} +01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01225{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01226{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621434024831376,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijfVAAH4RD4yokEAFubq3ue4VAbsFTpL9z\/8AAB0IwEpXITGNfFsANwCxWhQSYIUF\/WvpOS2d24m86qS7bcPY9ZqXL9ETLTiw416RPBiWWmatxUNDS4V+myDEXn29IuVE\/cSbBImAl6aiOQIEBTB\/SXbMixQXFNoJB8yYQYz6wms++ZMMx\/E4BhzwHBpTBXPh7b4mD3YSWE+XxUv9H9L2UZXkzlxf97xn0ny\/fPI\/0BBls5vpYFjJSYZYoIlr6vhdm\/ebeHlyzz6B8ygezIiK3UwVDadwbjMZG9Omuh7X1DhVgs3vz1W21fFGWXozYn3VF4XUTA2SbApAP2UYTQPidrIUUsyN9OEN+6zFcRKwBgiXUg0JDK+e1z3gz3W745d\/sI1uFMBbzhwnhKRBQCTyj6OoDAeCCoqL11AGEcZlyCkzwplqlHqv3BulzvKXdH9fy+hypwspz5JB3rBva7abdmpAfrNWtysCkoMbDEsi+BH9Sw\/WfI\/JW43OziRxWE0b\/6GaLLm0LPRqG0ta2a+8bSNrTX8mMiYpr81yyeAJGf+3SLq39ywLsaDDH+SnGlydZPTKaT5dEVTmOUfwB8TyliRH7r2g\/e8Jo89ZNHbaMlGDbYtZHnJ\/oXmkMMX0TtfMqSbUAI13SGw0x0yqJUBVeqWXi6nCYIEoougf\/rRSL7RNh\/DgbwKlBhtRbBjEQ\/fei4q7M4c5UJkO+skPmmiMvYCQhOGRb6M75LAcuzVGQ8XTpzS4Q49h3haLUT7LCYbVjfGyqoeek1PufbtNM7RA9oB6986rRvq1HME2Qh77x8xxPIkwZHbkxc\/bKYMzPnJ2UeHA+V+TItjasVAOkyFvBZpJobZJOx5lM+v4cwtiH2ykJPHJYMbL8uQhYq741WaUualB49TABJ2lncw6tGeQpg0Oc\/Ffn7jPYQNW8CiZh2MKru7wG5Af2I7ggRC0CDFHJi4CcaHMbjEL8xmaCoe7kEiBjZVMpQq8yq8HDVmX6xuiwGFbSpnmw7737hgdBgSQgsmzZ+eyRAnkDX7sSqv9hCS0Zcb3DoP4XMm+5jI\/u\/CnNPitv0yoNrGp5yiS0Bb3cyT9aVQMRpm5+oM6J8FgVTuiAzbLFQfG28vM2HH6RzkRHWgAdyYhr1dpw2Zy7iTAPNVWd1SULG1vIgBDQMenfFa7JoTVJsPivxw59Fc6nxyGVmp7UaHrhQVYqlLcKnPC62iMBiWrPAYZFn5ijxczxoNDc6ynoTmgTnNCK4rH5wD4cRLasJRPJwZqqD20+m0sIXMeyDt2b+cU4j\/UFP20j2zVAVzNgz5C8yIdFJDfygcCX1uMo4LGqi5N+2qh3+XEDAJQkfWgO2sWhpJa\/W6mNUejnWaDgkXgNbiL8BtuKDTdIalY78bJmkO8h2Cl7UuEPHZbPJY1CNBXdiCdtfcR\/\/69FKUtxyHLd44Txaub7ezT8XT\/2j1TO5ZpJK2c9CQslposHRZIXcQpmszsY7beFygv4KRpcCyDhjXHdoMk4Cx6Zf322ZH0visL\/1\/gL4MdUJwQBy3KCD2JhsiDqFkE3JPopsXvIIsTgN2itT8qn30ZnTFxpcPjawKM8R8YmcFcSfJXzy9S4n3fG5zVGgQhv+APAzodhVQyyG6paPspPsNKi3e6pZse6mfJbU+RHKTdtZrGwzhUbQsLxNpwTzdCArEwHBFERYdg28g2amHvk3VyhEJlMpWUR4CasyIc0tQUYMkJaCUUlS0aWSy5Tnhj9mf3ScVUNZtHYvoFQgMdxMVZR0ICCfvHTrO6AtY5\/AI2NI8kYvvIj5Qw+wIOEUvx1PjAGLWbH4JzLOrTxTHK"} 01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} -01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01225{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01226{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} +01200{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621434304066021,"pkt":"AAAAAAAAAAEA4PSECABFAAViGypAAH4RcNqokEAFie75AuGHAbsFTmxnxP8AAB0I6APGIi8XMbMANwAf+\/1CDYfNSqZV6JuY2eU0m84t1CHbeC6cE\/+erbLQOHtC\/LsGzIyDeeVGEgpwCWPVi+MQCnZE\/Ygc2mi4SLeix+8TnlYUcEJa7kzg6S+7lKmfSMXvMlPqpt8Jqhul99eiai\/CwIIhzgiuj7qKQafo1JRj2kBZbTRDU1+SZHOQN7e5Nj19ARXzRQ1f1x+ihAp61tvIBTDRPDLXc1ubHgvyinj5MfnF\/12s5SMxBHDDCXN3NmqXQxAS4MECv72MUs94PMpz9zGUL5LHUzGHAIbclxnzN7sHd1go4+lLCWey570KhMF8PzFiMw5ory1Vew4LX22LtMy2jvvM1vnDE1crnUnJCzQDcgJHDiRsasjBdtp7HdISribAOc8CB2obB0oyyA5X8m4qhy5s84s74KgzXgyxL59PIeQSEcVb59yBdZjMcyXXJ80CrHVTLXNi4PQyHnn48osYeAyUn8yU3VqEWwgftLAi39oJlXsQyCTXsKmuL7OB7gY7Vuai77q03lFhqfHaX9cLtEypQIWNB2r\/l2ALpr13EuKe2oyXGUuf78i9rQmSYgbO4A4y3MRD\/QqZXl\/77HpSb03kGClkTea21fqnpJT\/zJSYfPYFvCXBYWmiAW9wMzLsKUQeqeHCc1gL7imhRXQ4PrR2LeuOgoR5+fRtqAenht6XH9lUHNUo32hs\/wjLrrHX9gnX1hALWGhcNyMLvpFTjI5tPVKkRbNv5c3mJilmNWHxhjVHpnhQDdE3xh\/NfcCROvsyq5m28OWLWcPE2FvU5KBMY6t0tV0A4eoef29jjCAjLO\/M8mpZb7ujaK\/6H5Re8VFYbLmxdrQraYtMIxWND\/984VqRyFoxBrQh6ygpK33dCrOTNkgS2NHt4BbEN3kBlcM\/dJxkQlX\/WhjdaU\/jKdtFt12Kk5gsUCyahX7xPzli0x1FX\/Q6DmOvGVlWQmKwwBBrReFKQe+WYt51ygXzik317+tRLkmZwIN6Nf5C1O+PyUMA7NiOjHZECt9SxgRFTLngwK\/BOvB+tJVNrOjrc5ouhUeeMBFLaijzDUDK1PsEMcF3KYI4t\/ROzLfqLIxLRK+vFjZLKp8b\/lca3pPTeuTvHMH9GjJ0X9j4ISArXi3WDjwMH\/Ow1fIn6CTlfV8aDmzMvW0v9ZGuQXxYq3FVxoJ6jyGNfEJzY+Tal8doePa4R1YqwbnqHBlxYcCHiNxYcJir\/3tIthYf6C7p1vYTQ0q9zzsSi9ab+onOdI4XXVybeJLwUU0vgi23+ITCo5zV6ESOFAjb+YSOsYgwePhG2z0W6PMf7nvnuMEzAy1AOgdBeakrjggSIvTuM3izkIHo3vfWd9R+DyKdj7JlM\/HRJmVAHwQIB+FHDGPxLbMFK9o+C4TYA4LeNTQ2YMqk6y7D+GRumXbZ\/9OD7PDPvEuiASsqlgc7rtO5TmRCZno3ukk8JNtthovwosB91+YQlqUUew2kq+cJr8mtfNeNdB4fYgAJJqJbMWJd6QOv52uYyuvINUeitOOi64uHklHkyRistUgemwXXe7otvzQLzpEQlEHAtTBMiKoZve\/eJFLoSA8M6gHeOxwAnJqUrU74jdXSt1xL+HU2Hynt8\/YtqB6Ky+qMw0VdxI8dMW6f6iKuz3JMrpbMCfeILC76cPYJAI0R1JC+ZQwx6QeScq+kiLVZZk4THRZ2H5yZznb9iTrWTpZBeU0\/nsuUhcsqOtw38xuyp6cqnniKTRwy7qgYC9\/RKw732DLUQ1HhQkZ5LproX0hXWsSSQ8AXfC29DpYL"} -01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com","domainame":"ade.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} +01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com","domainame":"ade.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} -01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} +01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com"}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":347,"global_ts_usec":1621486316206218} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":347,"global_ts_usec":1621486316206218} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486316206218,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZWtAAH4R2n40uxSv0OWdUcWcAbsFTrOSyf8AAB0I+xTa7lKQafkAAEU0jTWyhjWmo3c2c8tkYAeIRC00J2hfh\/j02rOWVtYboU9UivrOMDnb4DlblCS28uJrMkjjwdTtO22vVFwPaYxj2IIflFADqJCdVuHcXcnvIynZuH\/49aoZoAl2YJS8pUl6yCn3zcPhaVYM3BWJHJ12bT\/rBl+QUhFz+eNv1NjusSyo7XRmUXDT9LZCM\/KsdcUeJxbJMKMhLKDH81GMtpYCHwWUPWqqO9e9hvA+yFxWoDib4NbLv3\/NPWniDKh36sKuVx\/WIkOp5AaTQLzBliiDDxtF80Iy3ba1w3uKH81kscAY6jISZDkCGIpkH83a9jbwNNTu4dDGSDZa7\/6HH5W20Tq4MhhXWYZTT\/8h1Oy0puUFllXhqXmIg8+2Grn5B+DCtffivNTxawD23zhZYDMa5O4Knv1pxKsoCPI9uGjVARZ4WxoinnBJ4Lx\/eivjiy\/9wUiLC2t3yBsy7scxzTv7a9B56haRYFOHLBvLzNjV2ReQFucDRZ194sZlbUdGn8MFTzauGKyE8FjTABrbToSZZkd+s9mIdwH35yLr658ZiMm1iQSdaUX3AcvdyYuEGp8MnQAMvaoRfRnnmkSaFBBjiB2OIsBm5yjfjQzpYtX97hEeUwSv5yqk9ySGiUJXi\/5hLfad84l42JzVEw9YlxyakiWEDTCs6mdaMom7vY\/Iha1i3AZ8pf3WkhBJ3b2\/2DKVs0REkOZgjTqzdd\/K4AfSFcDL8A1CiF09bQ+eTVXaS+xpmL5GSTVDyTRM40KZfUhO\/T9EQZtNPiniyNqbtSZp2BYc+\/2l9wdhMEjiEKO6wYoSeRFPJBNsw+m7Su\/ssmDRlXGBnVI6tlHZWM7CBp7yEtJ+9b5lh\/h2b6o8NLXzXZmB94SFM5zpx3nqn4s+YimdYWtGhQxRDQoKolK3iglu1GOcgjHmAJkQjEjCoXuY5Z3wxhAtlHkChB4D4Sj+Mo0Pe8PuHQ3hvPSuLwFw0FqDm7Rspzd6alV6wevE9brqF0ttPmCgs8akAeLH3Hg2jOzJR7Zq8KSRDJyhC5wYRQJomZdHmhVl6k0hQlrOPsbeG33RJrOXASmtURkVNrkqMFtEbzD+nJJcxlWpn49Ehl9m2kKOIs1drmrTjCgOrpMNceU36z6U7NKS4u4a1hVFTMi1YV9BCf0SrTjGuouERb51jAiRXHvLt9eC3HlqplhkgSDMr8ATClK+9EeI5ZYJ+qwQ1oNpZdKQHsnK3rftNgPnZFIeVe2LSvMENi8FH6YjUWMcIEMIxUvHXWmhFLzwRkjM\/dETZG8LtSp9lIP+R6o2M+Z0pn4VC09fNocjGnGygpS8xtImvQ9Xi52Wji0Mxqp\/ox1cXlDhElkji1gScwsWqwExhfJEHyZrsxDoSgYL92Z1Pn4HBsnIkQM7VPxnWWnZFJ2LkCfQ6AL5v6LxfRd1eQDzaT8j2cXS+hAnjFgH8roiknWfHzSVGVNaIySwi6GzicPRwiTXqCSzzyJiRjY7LO2cY4SJmX6FqWWTL2hOvjoCvsVA2cZN1um+uHaF8+jCaYrlDihaV62byo0sQX49iEOMQc4cm5w+ac672idPEvZbXjaLZaKlnjbEhQJQMWC\/nDrqdHevi8VXVL66zosdlIzNI74mdhJfTd8oc2ovgBinEH9PA2Lqf8or\/1dRozLWj6+nG686ciLUDqT0aDB8JAQ3nq+eUFn83ml\/py\/lqV4T0XXeWonhVytFKd1udnPL0depml6Dv31txugFaXuB9swFjUHsdQbAqQI4U08c1YRaBctk"} 01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1621486316485195,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486316485195,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXhAAH4R2nE0uxSv0OWdUcWcAbsFTqeoxf8AAB0I+xTa7lKQafkAAEU02NqFlwI2X\/88ClDrDdUJKCRw\/slmHtAOwvb06+QlMjRjV0hs2aYrH3dl2vG36AHZbKvCCu+8tbZyidkId\/SwRLk\/aGUb9L+x4bKEhyji10luTyL48ncebSgio1Ylf2sP5y7qYToItoOHdM+sF4EspTkGPS58+WD5u+L5sXHLzRq6EFovw7tEFm4rXT1ncWUZsfHN3bUzi7UC\/xILKAQ258ulh3E12ZSv8bupoSOwAKHtGPJmU5UDctMjcbxM4bIIF8Y3B8utqsAN8n4iNen\/hK6bsT+7MeKDyJk8GvgeIX4qPhGkfCyzy2ZSx5In0Gj9mMFlrQlbRzQtMTQJLS9XHGrBJjKt7Kwt4iHS3C2\/ll+JnHv3jFSbkwPkaj4L9zsoUsRbA4HR60OvfubceMHwPcwpOKS\/YhEEpiSIRwK1XH4b0OZUCFWXt2vsvHXiJx7CWD5E6BOBg+ZYetFelTfuQxNgfXROtoGuJ+3wQxi2DRGnFXCHGYLoAO8i4AAIvpgGgoqzjNM1BmQvfSO\/X4dZ8fc7Fo7vdxAVJZrJXT4m2TBKFrsawVChuoJH67VOmFJS1xgFWukI7zRJtsXhN7Czc+i9T8YtKZjInSr9AVxgs0c5d\/WCQetSMLQd\/JT5oa0sx8n2J7Z2NcU99xovxV2uKz4qjrx\/Y2k6ZoB9x3f0Yg6sfXGEGo2MQD\/7z+LWRPw2gSm3FEw8jwVDd9S8o7TTxjGKX94D5vYTcchFQTfbn2HfhKqR8F1OQIlO\/wsmxlHMHBvFUjUhJiIPWRLZt9vP+JJ4qKw7nADsc3kkxPCiHPpOD07HQF+XsbdLrhdRPVrhK5WXHFkyBU\/dGYYuv1WiPzMaGJvkyCOgbXcAH3Gb5PcTDyew+MRzHK03TijcWQ+ZOoouVFzsL9ai7HJq8AhiXpNhyx1MICcuUOAIBkQWFqamjY7zI2GJ\/c8jdNXGDAcYVSSmicj+n+x1og23m\/OzzTHzOLv1hr3DJu3hQFGpKefyvQXTCQ\/t38x1oKMoJcBam+ydIiQL\/qBv8Cn9WIgDhZCWjY0H1Zu8jJgS\/pZVcJ7m1gqv0WsKI2s926YbdUCbQTSDQMHYPrbnBQU2zGsddtUkHA8smR00xItuhuXFpHntBzWrCuuKLbpV6LTA5KLTpwJmEru6UaR8hWJdlNusN0FzSumL2gnW0wHATZvtmTr71efZIP5glV9Q2+vjbPwcPmHOjEAqqO8a9LEnQ9t0G7b4NxL6vNhgV9vEOYuD\/QGqwrXjwJs\/ispzj8Z6ANFL8uKgoOlsRFn5hpE\/fEX3ckmgeLqbknqG+NWj2t9zKylkyKmSKmy\/cxU0t1SSA8TuG2Qovkwr8Q5atDfcwDzjbYNh4vnD4EwH9iR13QsPu2AvJQjfH4r8xwFeP4P+BosOwdv7qI095S245vAYmXdL+TcX5rXjtvIGCma5M3p3OuUhnY0Sw5uOMqNm7nKPE8gz+Qsbb3VghujUa0NFn\/z6mc8MCrFJWDwY0gtXgCMv3nHx0GNtveZAICqjHZI7xwD\/RqR1lUZAfrPmAYo2kQrmshXTSHK1+8ZYJQvHmShCz6JQySscdlE647wVjnlBAZLUNr\/JBi7VMTdmpytCi6WzCx9AClMAzaYwBrTYGAmEVrVYJn1CaBDE26M0v0gm+S3JJIUIKMgBJtWD32fztac9Z5cAdjD4Hplc8RLAKlcnsRn\/BbxbFD\/d6tMg\/0CsxSInqyE8gbUz3lWbKWZ4OyOgUZwqm1QvYwlCMJMB6wEc+xPqoVbA"} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1621486317090720,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486317090720,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXtAAH4R2m40uxSv0OWdUcWcAbsFTgb1xv8AAB0I+xTa7lKQafkAAEU0t4azdHP6WARXvgfhEqAKpp3NRuHRg86uDYx6EraWfkB\/keNDFP3812WLSUJscegRJDC6DlMfTKSYGWjNCpVN8MkKLUxcf64j8OSn7gJZrI\/Q\/gKqY6Z8WIW7yXuifcAcxkC+cmw4eAjlyzZBZvU8ggZVByRRED2WeesmX9AerV06QYER0EbcO9+qzWXQ6Y1556b95esXVXYKwgaT\/JKPANtVx8JfgN8Vh1WXykc2J\/44ZDFpxZFRkUgHxJ3usOwxmesQs2TSh30GqcsvOPy1uBZE3aVlHsrZmfwcenRdsFblzJPQcAyj4L\/6\/V7LtEzbpK98ZznFjKlQ\/CAc0XOreT7lRX11x9l8Nwo5wz1cQeBW03aSFui9mnb+3x1mHZOfYliDqBYAh9AjahgYUEMLGQiqpnnOD59nJV21MaJqJDM\/LJMSKyy9TxlVb0G\/G5WjXSDrmaBMSxIJiiiNThOK4NxEJznmEgpU9sC2Kzrji4qQ4sLSQ6G6Z0s\/K5gmRdAHVqFaA+OXNLXjAWZslcHRAYBCopAeso5rNrNCUMASsOo0cU4hy3GR22hGlLj3LBUy\/ywcQOfX7XYMmNZHdOfJKOwbfgqm7seEpATTHBOfsy1pkFj95HcOrlD13hBtaabu3RXQXmH3nvQQ0rAeKIQPng6Rz1ptjgs6q\/CsEIrQ831zGr9a68MXwQ51qstfBpiZJmHO5lQoTCcztT\/VSQm16LxdoNEA+tXVtDTHWzSIJ\/LsE7pROWa4ORaidOXgt5TuUpfp4UISCbasJi8sLhnJLPMM\/EMJ23P7ba+yNMO1yGyYgCP8y3iA4+Y0RCdbxKqNpblS1T9\/mwKgrVDaW0XfBdJ9ftVX8k4Asxj7aK\/grpVoo1x51mqqsIA\/eHwsOupYQnvyOKi6jHUZB2gug+9nv8P0lYzQYOI55nVygLmUPrt2mSQ2sxQZ3kNmobaJriv6tzeq4TnHl6oNqBTaUDSvgLoQFd9\/B93pzBto\/PWA85xxN7VZQOfd+DbFZ\/VBe73Qs+O+\/dsWYu8iQAMXiU4ipp9EIx\/uZoMUoWZj8rpSXDjEmLBbfMhJKI7th4AA0\/5pKTfK1Apef9X0Y5Kb2sWh24U\/M0c4i1SQdud1ypuHQGiudDhFPShSAhcPisWpjplWcdsEwxnBas4ojrBnnQjyHC2CNab1rcfTuqYLiJtZH+uFMNQqqo6\/rNfItXVpIQOkY7oH9NiquEBxGd5JMZV8xVdnW72qeBwOu707A4H9dx8aMxpNDFlsPT1CFtBo0+lBzmwd+U1J8RntLvUR++yoLGBfFoOFlBTxWd3EivQ+g4+hpsw6rhJx+o9KX12Wn+aCMzsyz2T+R275SnsosAVi6kZMH82nXvr3evy7oteFCprRiLgZZtTXZYQJnyvePz3+OCE1jJkDgtZz9lh5TRWEayVbmQ09oh0A2tO7l+b1MhJ9OOwh0tP+9C20L\/Rggyul58op2cZC7t0viwUloxNKFKHp6rLutsIgcRmAblAvmfE5evu8AKGMZAnbi\/qa50JLxEWg2ch014JrpjvQIgocJjdI4tVkdA1vAfzuTPMq6ZgpnlfebCtsmAjEOJvaC2jz2PpD3Da36F+9zqnKoYC4kArpMRPt1KxhhpnZuf4gUuyQNfw3N1IHRfKWJXJxGnUUH22LX3lkdvtG8ab43cqVRaBCEPVJUDvP1bY6E3TNNUkpsE2FLpbFaVjW8UTq4sTUXREoubs1+bmZBpV1b11ZgF\/sh+IuI5ZSadOQo47ZmlSoh\/ht"} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486318293980,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXxAAH4R2m00uxSv0OWdUcWcAbsFTrzuwv8AAB0I+xTa7lKQafkAAEU0b0etw9xtIwxmRUrUT+lJG\/HIA2h5o72YJGl+k1RRVouisA0tr\/Wftcb5AL\/kh3g1Y59GB0fzsG4hReQZN\/QERslfyf75Cu9XhfsmmJULaJXIrmgWYbEUP+kbnzpk9E1h6gl1aLlTQeU7IOi+jXi7JKbBf3E+ozV7d2ufqZF\/BHKoRIBoPguIrKry9CGUQocc1K57qR5dWgy9lkUOZz8gVIFyuTG6yc7uejOQPwWePvcig0r0Q1bshnNPaC1DwQUB+sIPmuerdt9pi\/7ju3bUm4GXfPxsPhGKRx+XUPsNnz+2jH+gIHeNQ8mFTTztrs8nSY7EQLCqzKxVtQ+9s9p7fTmG7oVh90YWrSJ5TNAUzNSotDIVA59y+eFNET8jRySHDwoicYROdm8pQd03zPRPp7mfSvDuS6oscfBdDKlei2BdjOBg2Yx7kt5e647x6pvdJ9CkBitraMHMVRsBwD\/mOfeSZv5sq3kLqQNiWGt6+hp2J6FmEtaz2gAIQjwoxnUOfe7LW53eswXrLkfHeoLvZQHwqeYJL5Vzm+I8lvHlNSqlU96WnF630F\/tY6wJIUYacQOgouRmvPq5k3w0s+tBOXe2AOev8h0DVNYTXcQA+ravs6pq8F+AbFbqyXzlH8vfnWlucj4PN8hI+6LtJAK1MEXbBg3jHAZx\/FRpvjz0rM5+LGQcT\/FjIkBhn4Ge5v5yx86G3TgRa\/RgfaAM\/ZtBSgBO+Jyl3wiJcxhSrma6iROZ5rPWarOafy1b6kIliMASN3Ti8sqAmAjcnDUx0YFQL1DTL8WzF8bEhLpNMW99cWIMD3fozY1xmKdleKBLKqnc4kzRgYM0yPltBptwwo9kIkFNEr08L326zsUmsNQ9psDCy7AsbWUu8JMMlVWErt5DMlj6H\/RCKqH7EGfpRImIRITwL4F28XYdOB\/Ju9gHCUUN1myZc4lKITaYVxZUfqvPkGi0D643ncymEyf7mpcRV8\/kihNJDMnBYkBSvGv6rQCOcngBNFuOnojRM5hCagf5jzcI5cFkpwoU94OdqwWpq3+AU9fS4Irh9uNRUNwplErI69e7ZvlZBs7vnQkNb51XV+DeaK8pS8aYQu7yaI2Nbsp6YHp2FBK8e\/RRL81r4JNA0J0WaRTpFBhpCQxm7qpThrp5qicqKApkn4S849EZlYa9JvP34SK3IUVnUu7+5aT5las6SlCVrccRzAUWNSS5cJ+7RNrGGjnsxWr+4HCwblbLW5+E3YBirqVmN1ZvEQ5Bs+WZQgjfNTK10S8cvvuKiIa7hk\/\/svOkRSgKrr69AJCquyYvBNwkq2f8wUIESzpeWSfulqHV+di+MTYBfPXjf3wnyO2peKbDI25j+eJXv1N4UlVBMVfAABfD2bMmTsOXdsSrAcnpUJOl\/3Eo+\/p3qd\/6GMxRFl16i\/+171svBEX9MOSRN92Brcl59BnjOtc4M9N+oo1fPmQoc4PAiUJNs6f\/QYHkzPh\/zirmfwh3Gy4xzT1glA1dYb+ckkWEFHrXKajMFkq5NGvFq2E9fDfI11YxP4TSZxWH5bXQbDS6lVdKpUVa4a2EnHv790H2zGdYc7siVASpFrosVFKJIlAgcEU4FFjFZ1OB28A3+1Y5IElEguS6SUapEc21YhXmESQfXZdpmjw8SAt8uSNPs1uAvdoveofXf6OH1nl5ApnmEDPTf05rElynWIlEjNbv40NknillHA2rOZquAn5X6jxx3vH99CalLzHHxGTxijfsBNuS\/rWZtrSEfq4LatK2Q4ySoyP2"} -01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486318293980,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com"}} +01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486318293980,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486369476762,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486369476762,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaPxAAH4RXAU0uxSvYyqF9e6hAbsFTrhSxP8AAB0I+0NvIwjQu6UAAEU0azRBvw0HhuIl9\/xBjvifKak7sXpTLlmi+dbAR0gnHQ8yLpljofwXe+5I8+bjI6htbC0wktYLe9u1IbRrfn281Ygo9P+77SbfKFoWgOiNBP7DCcTYRMpm60boF\/tXFlu4RcDwIKHkE98LfcboNnZO6vgCOMNp2Oc0FW71MgnEMdGflqZG7oF457RNBS84xcpV6nGLNOdNKSMQqzQlO4jgRLIFlWEVMuZfPjKeCbFvi+9u443qZzhpp1RjViXLJQLM4O3xNtmwsrIybLL167f7g6DkkCHpv7D4g7Aegn0CUSGnhsDPpzH6vl+y+ZphsvLUKg8Up8DKE6OcuDZ2hrkBODY3w78BA6TwCijjXzbEkjwfOo6WXZ7anzvjy2rKeTxPqEDLbbU2mUP9vwNYzNXJKG2DUAsDLDw6z7pW\/sws6BGrQtkI4MswvtPP3tTOUG\/fE\/ztGz6sn0isa49Skrr5sdjTBckHoBSXiarAL+UhWVH3IgXrw7LDIqxiqdq7nRgSKmIzhN9fAbY6UXqQ932CN1pNDdZ9w\/GGn2o7t3bhxb5QVcZtml2RlYzXpD38XPIVBBQ47INhpeNulXlv8GPqMtdWTZebqe4kY7kqcVj0cQPvIwucmOBjpmJQg7KJ7oAQf9\/GJCRUlYyPpb8UxzZhEIeu3XefRjDZNtuoutnX0dz+oXCLYmdZjfP36HFbNYRByGa5fmywec37zgU\/qlyWBC2YCwex2EfvKOy9LWsTwa0ZT8kdxRFmJEv3ynISWQk6m6ALqZbKftEzLU53Sbc5IUV0op9T4rpP0U+RHeEC5OrRZtLDz7Eoi9XXjobuI3Vg8eC4MHSuUO6V5Xv0Nf3+ekeBTC4ZPF9uBseY\/M\/dl0+yfCT+XFaXx3GicyqgVnrvdtodSYLOXs8ya9nmPO\/qYXeXC3eiFr+iktgKCZgHHx3a+niakZlOQIdnQs8m+3FjMcPGf5iRRc1au20WBWADTpVoSMiHx7In8vZZ951ksDsiVML5vgKF3uCPIZiGrbd7epc75W0H66E6MYCh6UtGfeXcH48l\/e5dYlz+GnvNtX24qdsZ8ZjyXvychZ2KIR22+ZYaEiM\/DEMB6luZTBsCO\/v2zsreln6ASIp00NFiopmG5ECaS\/wzhc7cyOYeoLY+l9laxEBYEqW7mGrKnqBUW8CdAonXxsjkGQxEgjetP14OMrGziNFo3Hmm4YUyWifAkDAA0y29APcv6DiME4DgmAODMt0L6F2HG8ByP+NbokUTWDBX+4z7Vu5mleZba895fNmU9ORQiZpsGKf5KdpS60rinWsd7H7F5AaKkK9V8ehTTA2KJN4FeRKEoVzjZNBXQIIp68V\/vTf6MjitUwkEVupaAbIqjiysCSlLtNhGoB5fG+h4bOdXHXY5aevu6eMcfIv\/VbjnB55QeiEX\/EGcg3yTCoROSaMNCGVQt7zybtKYLEAyJsZQdEzgoFSBm\/aVwsdOJLWiaQNxXr18wB2gwcynUtmY2OVRwX9j017xp7wGxmkp6fMo89Q5EZUZHfrQPUTsdLVxwrCtX8+BW19j1yLDE1jHz\/+hGjjVhkwiSSrUAMm3RWzCmyQbEXOdJpYEBon5bDAOn9LIToMnCQE86GVIS0UXQomCSYbZ4epFa1Ztm0zGdSLCKIfptcYOK6+a0cWvPAl+LZLk6bVf4IQ3VrJ2Pyo8DyjbC59d75TDSUXKmy1\/\/IRu4PkQCaoDSf88oNbPYxcEpRCESbf7WtoG6B+DEymuEdUAjcUwmOAZpwYnrVev"} 01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486369476762,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -365,7 +365,7 @@ 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1621486385780013,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486385780013,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZlAAH4R2lA0uxSv0OWdUcLYAbsFTtWuzv8AAB0I+aKrjQG3wPMAAEU0pYnq3I+Pk4UybR9VBssX3rW2MX9MykXuwtEl37HZjZdvUwqOPILmOs1ug3ZVyVxysW\/GbunfQvoEKJNeJUHr7ARioYosUv\/iMtw3zJNnqitKNycrvEvR+KPtynwqcEskqC+a0DoLcVg8G+1ytgtC5bHkcrgb6c+yvfYPM6bQHRedo3fqBnUH\/vo++7E8FATzPknFujoxXAfIqx5\/yGoMqH+HqtaMj\/gBvnONUQgLifilr2pN2X5UZtCvWUHfwSy\/ewC4h8t+MC5HX5kjR\/I\/PEFr21ZhBOTbRAIvsPlTMMkPaVFoJeMhvSPXH3RCxFq+4eYuMrUD0OhNOcPxOIZDZCyl0o\/ggv2DFXNJg+gVLPXoZbPB4iu5Uhmke6bpE2jqTUZPjwXEkBe6xV6sp6bLYYcswATmdDqFUEdmWGMKBAsMqXikUGSk8uiqTt95fjHy8nJN41GX4xtHHAni0YyIelafqSbckoVL1qDANQr0CxF7G13sR9plFiWW7O5A7e7cS9pe6mRYIxMGaciOe9ievt36yTBJgl\/fiQ\/Mz7Rf\/0\/xEHpiGjimSZGMLJKt8tbPUkf1Doy0L2PCwY6LPbySmFk83DrXfORYqZzQC5aRkTc2HeUqrMm4bElbKJ5gKch3VNRryw25TpUnRtQFu9IMWDE5dX\/3mWizx7+qMJm47Fyoex2QVEdKtHErz\/i5jbltyKP+JlYh\/5iVhFxWpfjDpTOkH+CE\/A7gJzr87sNP+7VuTghxvarGALGRQvWB3CXNIrBOCA9jEhQerKbB8C97DJMm5tcWUZ65E7AYZouY8+zkDggzBLI+0JJ05RIaaHlApiwpsWJ2zl6F1m9w14xWaghs7jZgtgfJEpGiT74jl4pf2klaE21HmQ3jnkf6AGhbgdZBQmCO4EIpeWJZsQhwGl5VQuea9a84+ee5DEZk764Ux2ytifgViB44NxlhtfksBdQI6G+PUXELugH4wQ6SukmCIBACuFIfzQbiKGjpnRUkS7AmxTtYPrsIuSjFIrLSGd\/5Xekm02vVOPCc7EG+Woa7OletCxnuTQjLX8oheX0o2Op+1dBXeNai8Q63RlSaVEOBjEiXQnmJ5lR4kLHJAKgnnUly9\/g84JyqUljiN\/e8uABODq7kynlT0o2IN5CHpN2XfhoXZlxt2HiDrqvNzSKO3CpTZnnkJeJtK9cjSU1XxfkGr1TK+WrsxaOx2y4S6PIiErYJnObHfsCoROfZB5v6WjVW4TwLRypWRXulBOZly5TnbMAqCFsdN0gy6amJt3ngyiI1muUKlcYOXXmBVBPpum\/+c5TkiBPy0hZUTn3PK8vRrELBxFuvPrWR1GEbulof1jbR58Ncmb0rjGewwYSLgqvfw8fWuUbbODAYVLX15bmDoErj\/57wyWqkBS8kUoD3JZecSRs8Aps02NKyynCKHOlNpc8OBgCA4Ad6xJZK3IyyURTyz5JvyG0vAoHB8Htl9cCeXJkHl+hbzHpVtzHZa9PuVxTwrw5ZpWXJ3D7gYDf3YjByo50t9uNuwO1TdW6VEIoQ2YFWco6RoRPd9mEfRhGyA\/HMeXm4nHmXXkUxD0lWGhQ1X301intynkww+5gju+t6izkuTyIR+es3wNgXF3uDXXchyNcpEgdq6KXfVdg\/FtdXzMb3o20tlnu0aGTS9Ke8r2K9x5Uy5E4IMaNx46xDz\/FHeQCHMCFloD7HC0iGeHQTjamzHYw9Q9cx0UPZlEZjKGZ\/W9mm9Rh0pSLgVkS1htsYD6Bvo2h8czyqOaZf"} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1621486386389522,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486386389522,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZpAAH4R2k80uxSv0OWdUcLYAbsFTowYzv8AAB0I+aKrjQG3wPMAAEU063sPCo4ozMPxlUj\/bSPtY3+CzlLdcC7kUprewEjKm2OTMB65C2RpyTFK0qHd1UzUnN6U5dQGGKmwgsbIXIKSBC7aC9lk9\/7KSXCk70eFVpjOtIDpiKUi8vVDCcfV6kRbykQ1UG60rnGaessWOlmJYYUYrFTLfQgo1LVYDsFKsPtJ1s1kupvZUz7DtsLylFS2l34GkqtIScglkyae0GI8mViRVebeilzlJSvddjOZxdAXXrNZAwRXdoffLloV5HtcoTQxqkR0GAPQdvrWXk+SMlGx\/W7Ne49MxOoYqcb+ZEW\/cA0RMhYOyvvzwyDA6S9WR2IZmDOEetLTQcoqKQrcTga50K8d4JAO4kVEikYFtr5Bm1z+MiARlDwUJIa24qTqLJVIo5iKqG52c5DO3tsvK0vzd8pSllrOHA6f\/I4wQDPyPJtMgg5O1ZoG8De8l3r2ufSRHsnJkEpyqWGF1+ijD\/7lBI\/5nWTPn9fBbdQQQkTlCH2+hn3jyqGiasIwS76cDfQW7wvTATHGizCtUCL9RDngXJ4m60+cjB0gourDm90bfqwSQs1xt55IkE5JsBrjydZPyipe0uhIjm4KZxuvhAjYi7daB1ce\/\/+407cCf+sxxL7CWqTVDAtgj6KFZbP4hnyT9ga4vkmC3\/t2CtLgFM4\/LEuF4nmXrGayZvHNNVuso5WMvbM4gno9LWsv2kJV4dX1TThhLd\/wIxSNzjl0dXSOBZ7wgJEHEnznJuFVstXb3tQcV7X3RP\/hcXpU9XjjFPCV5oo1sQe64QtneNkxV2yjvvs4fEGTk+zfZAnlMw\/iFw5VrPsMS\/wDar7RyJvWTPrIcoFDMu0pl6zkP5Al5BXrxcNMZVEAv6FlHk7RldT5vteKHFUD2EG202+PzEtOTPlmqNG6eE17A10kl4\/4bK9PAjRlBlsdbWm59jtIwieLuyVkY3xNNoXmkXmw+HTfj8L6cgMab+8MVWKD6X2FNJX1Hh4plar7gQs1wBHs\/50jh9TX5uIoGdQRaAkCjse9rKdwxS\/mQ3AZwSCeTLDSDZ7HNKOkFvE4XF72wS8k1jEs8CQLMd5eF7YKEIwhKqSRCTAxxeIp83q7tXfO3G8oxX8DNBZyGPdzHTcD2B2+WzAACX+B3mJrQJ47ogTtd7hRxPzmVNoKxW1cJA2W8sth9y2x0M4tQfFNCg+y7Hjysh4guq6xCuiVT5xotwMwPSDBGNIuXj+rftzi7znrhrNAbCSXiAYGtGnmHBOghmDMitk72DkuK88UEA04IW2\/8fbI46r27QDrpS7pjckWTOaGJMfuh8JgHCaU9F5gWqtRhso3KChbMMFYhYXX8heyFp2QTjtSXCvmSvOb\/P4Saj9keRyVu6EwxUD\/Wvi1CQPZNexfLJTr4d0fY2EFznG9mLwUFqLk8x93VjpNxh9mUDOT+9FkN2OUAwfOdunZk+S7EQYfuz58Zq50dfTTQ4ytc1corJ8ZnuRFp7bcXIyr+r\/g0rxcm55mxTcduuOI43k6A\/u4kxcszhmg9OmUhSIdiyIqrI4cTDkvXweJOztAO+v1eNUC8H68zvSWSCyYfBS09v+biPzskrJYVcIdvRbgzNi1MALIo64umFnfoGW7g7tdRnTTtUaVJ7SjjCNftNOmI+oKGp0G6qA+uKDhFNzBEwpKt7nPh7uh8czyGQ5haYxO+MQIP6acb8ITWfq7ZBDLBK87VY24JBoDq6EX9\/nCN65uCe1Ka7quGr3dV6rIOhhe19uIvRjiUm2GbcXkIV4PPI8eo8VJ"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1621486387592524,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486387592524,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZtAAH4R2k40uxSv0OWdUcLYAbsFTgQXw\/8AAB0I+aKrjQG3wPMAAEU0xCd9oY\/N5GDZbDE4\/dOAMM8w9gJlBMdgsJyYzUVv\/0YsXpimfRnBwl29RRLJpKiN2vb9qt4MuD8jjaA8\/Ma4PVpfwUFq6LbJeRQBUGSZvMkZyGwkFinTbjgUyAkhfj1a3T+A\/pYdS+eiFki068+ZjjYzXXbovNfHhBW\/avWnLZp+g63\/0bEApzU3SRBSWovLccBt37mDz+\/X7ljq3jZ56mszVdUjpMySh8HlAUXPd44quqaILcmJ3XzO6+AP3v6NtRf+Ez4FakJ6ZHTyZ9cxn\/M2cpxjR+88FCSnW4BO6n04wyVghjBoPZKUE0x\/efmEPxlFiHyK+V\/S05omMsEg4KyTXtoH84NLY9j6s\/sYLuTGf+1niq35+5vNk7z8FQTqkx0uUQiJxEBBandMjRYJziJI0IUvx74FTlpyyrzRdLO7m85Wg3l6V6PR2J\/blE\/cCYxryipemZLCaQtm4Wt1XvwSrBDG9or2S\/o9aTdo5cLlztIANl8QlKqMe6BMy5b8l1JPu7CoRhJLfvOYoN8EPhRAEFr7S9cgoTIWicvaNVMYpqyDloZuk4HrvgDNT7BcW0+GudrrH\/SRagWbVb6HF\/t\/HVBpJ8wtp6qBqTQubvJiwnMW2kyOr9zCX4HIZlDeMk7wncNRysDJVtF98R2OBfM2hFkrBJOSqWlBpnPOAq8ld9BhIIF\/KOOrIQa5umfeiYL4pA9ewygJg8JTfKlN8AVbT1Fj0NqzKXvt2naKmjJNcvMDcv\/sA9XSuRhyBH+Ya6lzfH+ATMfha7m457kJ7SDdJC9RdTvl3MaNXuwBcPVxgMkDUAwanLgj4Ha5wyi90iwhgi1Fv7yhKuHS9dm0DR6v9w6reCyaarbb\/MuTQamIHgAU1JnxgXNVRb1+8JE\/p8JNxCNRubXAe\/LfeqOucvaqBptZocLopG3UGhD6FDdFEMPBSubwiPFIl8iSb7adiJkvTOl9R44Au33DEkQDKqma1vEZdngOkX2y3a6i2QlLYezmNetOVaSvgh6hWKH3wPjmZv+KbKBxgQHwgeE8LBFdhp8R9uXkyumqod8N\/2ZZoNsIzdT9hG9MMIRbROhqoU6YXimXMLMobsrBl20jmZZj81VfqHvhl8TR+vZyq78Bqp4u1jryKf2imnuEPBKdCC5fvNlBb7xs\/sRBPvf8csWmkLHH+Y+i2jvExRNzaNjpNbVcSgcynEzupt0GCBmnvQNrIguvrmnsw65Ynm83oGpWNnPwZnMaOrwRxwiAoIKWlQmm4KMGWUp+70IslYOfcgLdLJTLHeMC9ZrqLEXBcB9v5JEr6k48H4VT\/4nsaMcRUoMlCbvZVgXQrDWhAVWD064fuJmpaQD6sC33JaBDQC7SNYZA9v8xG04uqWAaBYhq0f4GXZgWCf\/pL0xDIQPr5LYmXNQ8oR7baWpT8SnrzmKtfZm+3Eq3mkta\/zSAinzJxR\/hv\/chAQRtJPuytYaLuIFjJqWGPK43+vg4u28ITj3Lo6sid5rW0ETnWXiD1HWPxLeqo9IaxINyUG3VTbEXGQAy9RaFypmaGa9wl16uKZH1LXbQGs9n+Mszgvdzu9j4OQ2ZoJWk3bI+FSt2JRKGdGIT2nmFeFyt4OvnEmemYlsSr34VtmNZxUKNLrI8H3TIjqGgBGqAPbNjgCzNSjbgcuAZzfm14qerHKESSs\/NgV8nbw4APrHMEEPlmmODnlRp9aAe3QL7ti+0V2LpiS20xNUK4EL2ygfdueMEB35Nif2zIIDr5vCmLLJvSvw4V0PxhUdk"} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":83,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":368,"global_ts_usec":1621488172593774} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":83,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":368,"global_ts_usec":1621488172593774} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488172593774,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb1AAH4R06SfdbB80OWdUePhAbsFTly0xv8AAB0IIYJbjKvcKZMAAEU0Tezktqb5jgj7Ctco9B1gEgebhfTklfJiWUvzvzXVx1e1KCfmB0CYkpgvAEMWkCN96k4yxgEJhItMoJtLxBJKjThyVwVNoJs4osfVKgvW27jc\/\/cMoYfkmt0BcMTE+S832TZqo7DcoxbJ4SED5T\/fELYc1YonSB\/W876e8faG5n9Z889N6aEcUSpAR1NRv\/LUdTkKc80E8eLY0MsHFlrDxy6CZovHJ1EZPsnxPU3xmuA6PKcoVZk5E7PnwPJWVDykRwGVsj3\/uqwsCOxMLScufsvGchEffztJ8Mjpf1xy0Hks4XzejPQm1+YDaRsdxSWXt45SRLIvo\/c6h5H5fCX4yZ2dh6e24j40pDTautPP1E4KkxfA2AopSrSKSf1UiAUXmQWbN\/kgMU18r7h5LyzlAMKuX8\/Ay6yq9jK87jtj+MIImpIKoL9MeHVOS5lygsoTWIqqynPssiNY6xC8pyJX6Ub4BO4F+0CReGOoAESo+zj9+lbUqbeb7h2ZFGxadMW1CyyleoZNnWar6Hz0+sxBH9qRVZU5Heht2DjEc+6NEcDLxV5EaOX94GYWpZ5FR0EacC16CngtIJvVS2Vy4VHEXkHxRQ\/E8+BlBf48jcRRSu6r+V6GHpQVxkfvTm75zRbp227tVm1MAOmDC4ptEOe+sdRM+KrFAvaHe3o8pZCxK\/7aYLbotm\/RZjsivWCu89Cmlg0uVcL6Bo5BPfMomqOupt99ASfgdLdPTXGKZLuwp3GgyZeH9wnyPMM2+7Ggpa0RPG\/l2tSy9nrzzP\/MgL6CqbtRTpr2wbBNd\/SlbwIb1c6hehW1bLPfXoYMcr0kEetxg6OaHbyEdd\/4Ggz4SeyO3GItOwerR7WYWNxOmqs9taE9J\/PhK6NBDsXc5h1tgICSKag9AJoKaM9ovRC5UgfrYrqgqF4SuseIOZvAOlPyRcpmSKooL1mlS9PJzoeolBQ4Q6A6x\/nvmxc72I7syFXnB044YwfE2N774LUPLvvOLCg6Im9ZhCD7p4F+CscFU38oxt25Ays+maqiXnRw3mGV9KfMCfeBg8fWwb36KsISX3CI+1rfMDf89m\/pkzSajfjHt8k3vTCGPK5nVGcTDfOSB9CGZ6SX8cHmOTNUvoBI7fCfE9\/8Ngy8sawBjS5kemk2pVar\/Qjc6ZWFlikqXDEg6gI3HlFx4rzttRuJpbdSVX3pGOgGMXPyrCnFjqgDg3Cu2Y3VVoKD9yvfxYbTeV+segTGzJ9TpKpIQ7l2mOQyzexa60jhCdWRVqP2SmFZC650dD3TPV5qrCw8uvxv\/Hwr9JxUCKr4vZ4MNIS1Qme31hh9cKk\/smw6+dP8LKPbRFjyi5hKalZAn2oi12OsRGCRrT+CZhgIm3EsqKl4eDAmzdpgh\/Xxnln2oigZwNL9aNU0vU6Ri2z6ptRUiK3E+ULse6j5hYRaWYH1k1ExTT3ucG4D4c7xsf3YTntqY+KTDBBG1sDbHwo3em6WCb7WG7xc0voquwvCfNxaCk3bAzckSDEa86uyeuxhABsH12KWz4kITx5OwWU+lhxFgwus9PGlUh3+t363ytP+xsR98JT4AH\/MTUvv9IyRtjule4mQon8WEXtnJYqcNEh5E2UIF8gnaLnV+hrmX90Z\/weVChYKzF3NgPl9LTYOKXHKx6sgO+65G03KKrg6J\/G\/Y28JZ444EBiIz1Vv3DiM9J4DLhOb6iB9GptUjPIDobrRPDlIYVvrbFerCtsjpuaVI\/H1eUosHYVIRS78lDJZULDLtLIu6mDP+sVB"} 01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -375,7 +375,7 @@ 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486371605818,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486387592524,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":378,"global_ts_usec":1621489064431574} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":378,"global_ts_usec":1621489064431574} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489064431574,"pkt":"AAAAAAAAAAQA8lpWCABFAAViaqxAAH4RWVOfdbB8xkodT8LLAbsFTrHDzf8AAB0IkZSau0whIqIAAEU0rkimartPZo3XhAXpouf99lPyA4vPJfhF3sf1D80fQsd6hKzlDSeSsZ1KyRiDq23Zc4xu7yZSamgh8nd6IyVTF7B8MySKONiiaOY7dBSEC0bp4AebJ3k9Uh+OOZq1GyBDHDSVQ3BCXr14N2BMEqsgITpqPo+Z792Msbma9ODtfxa1MtHVKjQ15xkDF4+So8i\/fjbAfOViRfLKHxw\/jO95gtHmKOmNKHB+nvq+muN+iHIbHDxcpnXnO6PuxaBm23tYOT0PH9TUnUOZWqCNY2p9QM7ZIgufCDLh8c4C\/NFv9tZwBa9qhWLW6ebYQbaildftHqg7LB2KmNDXg69lhWaxLtl4+vEH9U9m2NQrOHQ8oFyTBFFkoewhMmDe5wHcaBJAO22wMqllFBpPnpzOCMy\/DJyHizv1if27VSaBPv3oEozht0\/dit4QAWrhZlnDelbE2T\/59x3uh6ABXgAV0b\/BloP7H5Pv9njEs3lHJOz7dFzr8iIjfB3B+OpQ5iUcuq9FxMhcezvIQOTkxNLORi6FlvB2GNGwRg+rukfVzwMeVbcyJ4bxFt9mc1MOr\/FkhpLL7F3QAjXoJvtrBiJncMoLXPRxAcMFUlowojaTi47EoeY8wguEuf7S86c2o+PQ1edefZeGvN87Fj\/fTTENh3Fn3S0OsYOmjnoXwQbxlBLOKTRd2KGqC3a92N1etrZBlnzvhACTKJeh8oRfYYE4DO+7CgxV4zH9ZFi7iaFktcfGl8Qu0FK6cb5HhSbMXyyvDCuCWYLd0ovyzFo0PNVt6yeC7MWIrgENNxCpTwOvjKs0+xlEsZf\/950lvdpBdkdhcTjSV34d2kg0KiEp6WKDoRhKAAnK2OjPGibxjk5vdFxY91t13JpZ9htdqGGMPDekPyxWc83i1LGMSQbz7QKh0X0aMz5ybK9\/HbZcAK3XSa0dobDV5b7WeSDsU\/3gkn5RaztmQfVs3owjzIYFbp5Buyz0Gxwz5Bi8HAJbB5BGGh\/yrQBy9y6a7q+P1hltskurz6iUjM71in38UzRyZojCOuaO6Q7QJeQvBcY+2qihs0FbDRsgigWTGzfjnSYa0tOUmlOdzI8uCwh7va3320+93h3I3V0faV6zxO50Au9kcqGGOEH12ZgVIt1bQdug2VBjCCj4ZbXJqLVuzhI96SplBcyo6UlwCnd09h5dMNn35qTkIiXou3NlcZ\/tYICl0xnfzAm0RxKz7INWJ+Pl4zSOjW44oFQwywPEE4MnpAbtWWGFRsesYIQtXXRapdS6Ha5rSylQcznied94Fdc28K\/TNM2dGosTNyEVqfCkfy1UU4pXqhmQ0m+rjS5SPefaGM\/ZPD3NALEgC7CILnzOB2B0di286grgHexJhCWlTHpcLt7yvnPnpvNTnwlX\/9e5CoKQXAkJPiDVcfLUGhluxsjbiqi4SZfvmdSRbJceWdtp0X6oS+wZzMuskEDHTOdTm8\/2jfc3WP6WQlIPINuCYViTLdF00mSEreSp+37OaIb2Rx6SPPD3UtpXaQ+xXSYus1Cf40a6k\/5iqSZBv7Fz9wAvqxvY\/FEStzmAQOKL6neOcR\/iuiKWOf9tLN1utG9qzj06bkXuF4PkrZOphQj91RQVjRHJE\/j47Lin6DaH6C5JcxMyymH9ObgTVyLE1e0B+wF06i5Hpk0EmLRJrJjURxyuhfANLHsp16+JhydB5\/grGxYRU3dFEB9114XRsU\/tiaZ2R5k2S89FboGA44VEliJWQ+CTSwLe5S+N2Dr44vXPvjO\/3OWWI7JX"} 01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -383,14 +383,14 @@ 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1621489065332574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489065332574,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarJAAH4RWU2fdbB8xkodT8LLAbsFTtRNzv8AAB0IkZSau0whIqIAAEU0tHfQYGgiJ0EH+RA73c0S6Zaq1R3\/CGoDzOwk4Q2KioTg4BPcXvMoegRpbrqCRaxPmqcY6POupt419T5yZmEB9o7YSIZtOKX53fGHCoc+ZsrZdAJTsVl0w90+Thu9tqk+WfepCoo+8ilF8eq+j6cYmQaoShwWbEH8aZWTDkaSoT09anmUbwmDVwEeDWMR2gVSbwwmv8rsQebDMqWs7OSh8srBRRpctj4tlSjdyXtQ\/UgrcQwLwZyJ9bsybxKQkPWcl8u0HzyojquwKL+JbZxKDXk1Pg7nHqmE0nKgm9VkdPudXzUwchL1ul3yO2j+uSSY2ucW6GJUzkbRuqcP05vN5\/18Mzh2lL9RaX2a5vbWSDbJPjG6on5UXS4AETy2nWNq1houkm3\/LsJAcFW+eybNMQ\/Nfc0orOQRsfJQyw7lxDL1ruzcECMi7m7+OPIDmAbmjAnyDrsC8setxlXVl5I8lkK9C2ve4qxQY7LHppOIbgqzCnXt9B18rSw2ymRIIb8dQ+M\/fx31qrhwE34LRBtwaOzL55FerimrdvtRhPE\/mv7IoDWsrrCajTyJVFlMWr2531Fxhp0DlBKapCIN6irm6NF41QYx7pEPTpaVM2SwERSQzVfsZROIRwvaACW8\/+fvwocDLWcyiM5VOq9hyWHb9QLQTSulOzEVAVmrwaA2Wc5frvDv0rMsW9gHUGuvWJwN9Krts73QCPZYA\/f1SV1AyEmPiYreXLu3MGFoUmEo\/LyVkXE4N1kExgUBnVeYUIGJRQKjBWutqE8sov37uQgss39hXvDSnclvpRoBNdSz2aaNs3R6Aic7VKt8gbyykfOIBA3Buq8zDmawY8YFdP1SsTa6np4zbntI9f+oNNrBriSQ14fbXVlNMQrhk1OYGIYbeXglU4ZIOKm77PLC2GR7SRTn1H4t2671bYr4eyrorlhGkzYuX1PeGMw\/j85u5uLrj61e2hEZJZD7r5x8MTQ1gOe4+Ph+Kz9X1vjFbsw9OmMDWkO65Ha+Cpf1ZHHApZ7QAuo5u2mG4Sp7g6rR1s5uclM6hCCnn2k2s8EDrb6RtHFjg3BneIS6SwSXyliDMHw0gO1PbIdSx1UUpSePV\/pCILKC\/M0H5LpPf\/59YwKN2B63+JAG1sL\/t2nutXsHIQzTGfUGp8q\/gu8\/oH2Pcsu\/oR96zl2VAWRwNCHmnnaZF9GJ22T7FDvnout2BFKs7xALVK\/GSWUrWW0DnJStDl6qSbXs+mlUPlFGuHBk4Eke31rEr4AxfQ2a\/9mZZog+0PD59WqfTjJ9R8bXy1KhNrHv56NiIqBiUw0rbG\/82hMaedg4sCu\/NdJjPtKJFvSXUMukKueAgyWcPj4sSLpvlA7iCI4ka\/RTTiki4Ye4QcJaaU15gJVIwcMMNnbkXWv\/HhOCwgK6cReevf96zzpUj1c84N8PWt9IEX6REFpHkIe9y3OvWTzdASwXJ9ovv1G9SjXfvrI7XedRdAxpB2vsQYi5gwEy3zTb3EFTDheiNc9y\/MCzHpVCklw85aHzUyvlzbZikqniVBAqAJensYNeu3p1TfbVsgAsy2eW\/hv+DDPc5Am8kV01z+FVZJbVWMPq0+tF6tPJo+fDG6\/w2\/eu949hx2pjfKmhp3d5IX0vfNEJhDKZIgmFV4d0I2S35UzYShoVcEpOEWvsBojm\/XwBtXsjwpE570c8CRHk7pLygTlIjRIrEQN0O6eP3A7nIZP\/sV9waxu2fmgOUmfKn8+KMxaVZv4SRaTB7ghieqbWD5Y61rshpqaP"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1621489066532587,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489066532587,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarNAAH4RWUyfdbB8xkodT8LLAbsFTp+7yP8AAB0IkZSau0whIqIAAEU0BwsuzplommaW4cOaNFNfBbVlWj574kTJFs1IYQY7jVQ0fwx\/bk9uBa6dyqdV5eYUbwLM5ll3+0fTzjfJ5LiGnGqI5Dlx0wLhOhBEm8o23yMxuEE8j5CHpPQ+VGJUpeZ+mQmUJbCKaNGvU1hK220dqig2H0Q\/gbIDGyIA7e7tBju11nrn2OaVpWiUpR4kalTiyZLq83YWTQgWGefSb\/cUS7NgzFQJ2nQzhWnex03MLry4hcuLChwZCa8vjowX\/2FQvNLcvL3FdW5gWHFb77eW4U\/0LuZGiwPo\/IS0dGqQV+TXqFUfACRHequlz\/IKllpcJbNsgFQl3D9KYJvTmLTRoPImJKZVZLY3YHgMKuxjB1IlTbeN8kL5LtY8MHgga3G5yCRBGDhM96Gzl2CtyQKhLkdi3zZfBry9PliaOCJJaC2DNZSO4nz593tLRNIUgTrQg+iZm9ArqUx4MLMnQx+7HD31eaEVoger6BVTifDQfkSGk9WUl0iP2s3iYn55jW2oFPXFsYzByQl8Mc+UeDW6UIqF0upRcHTA\/b4bvHXC4\/8eNk5gdzrIwHcgb414kTxZls4asGzJ0W5bv0Duf7URx+ds3cxXnqyhFqMAJkzfu5PRPV8afX92PdSxbaaQY2c+HY6oi1t16lX25DMWCzR\/2i45LnRmmy\/cWGdhu4nTtIwudeGdTxOTSYYzbNNZ5UeQoH80GmJhXbtrKMR14NmQHGikeMaOKxh5khhzNxdFk8Yc5nc91u5\/Vn0EaUuRHH6V5v3jXwrmscId\/p\/+IcsxDgUkRGCvT2BnSNjz0LhtOXU22NQOaepyaOlxUeVhcEsgY3RMmFKEJeT0BeLoNyc1uWgPmVKLC0jsikqbO0jS4TCvNYEII1FUmgBKlYCbERGfw\/4AIs0eCSwNzBVTgxzxhM36lLetBO7hfljteKmINhilo8KEryoyuijyIwKrnRih8j655UyZ9wcDspBaTzhqw5pvDXws7coJTgt\/yfA4Qu5\/6c0RUk5E5MDuC8IKLTBoqYhExNGMuj+7\/yKKf4y9rr1s9fbSiCNeOKRHplYnbUT323nfZlCYXkp5VDnX\/YoU40LCTsj718e6+EG8ySkGbakcxA+ponr8Q+gjyl7ZvitJ8UGeSQQjl5bDlVs4eBxZnDhW3v8oumsrtBE5jyhdAaWjCeWgLmtqIP1pW+qbgKtmS+2uZmLdDd2h\/Lm8q8XsWb9ylDAL\/+Ay88YtGX42sfaeLNDbax9DlFOP9zW8h7xjs2PFM1\/Dpr5RhDGyVLS5o5SgWiA7LRO2oX2PiSV4tfxAJpOp58y+7FaPMKxiX5ycCt8WNxagUgUcvT+wAFrI+\/tdZ7PH0UjLnAfb9\/w\/CAkoNHRgRsrT9AdvAgvVTWLlxz7F6vl9xpY8k\/UjXnBEZZ\/k1WgFgWnJC7X0Hmxg4RC\/6WGy3HiFE3+9FEtKhPeDeZFXsxObk5bbl0j6vu3elRRXFJOmOGFLgLZiRONrt0igKi5FLGOTbJT7r39w2tcI6Mkf1jc0m8H8TZUL2nftaPg38iJFf7zLFUO4hmLd61GsBtg1NEWRRlp4QCU3ZGhPORMimertfRfyKcxuLWWMMuMnXXmT3oBV+TahXrCFmXld3Lvj6ObUUMGVVd33nkh\/+oRGZ+wkXFar6RgzzYjK2\/1qR6u0v2GHpYubicuiAcbx7ADlkkHgoIYyE86p+XR+iPd6dfk2GmLhHZOuetz02fYoDH7XGZ+HdJ9svlmmPULKbBTu9ITB0i9CLhX4LzBJn4Q6"} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488174706312,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489066532587,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":386,"global_ts_usec":1621490937698475} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":386,"global_ts_usec":1621490937698475} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490937698475,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDl1AAH4RTzw0uxSvdlnaLuMLAbsFThsNyv8AAB0Is32f4l9Pl3YAAEU0hQvFkzqCFRJrzdm+P7CepRPizYj8V5fWvrVXzVuBf2NRkl3eGWbs2YtmOjlr1x\/pBPc\/7TLqG34Khp0PMlFKcz3fdNeoXKYeyR\/Hs72zcRs4hnEn+4P6mPqm5uCsv8fDjYHuJRIAjvSHTbEdxqgFHEd93118utoyjtMgpgcEbs4fXoPb8uDAHM5T4MCKj6qQNjX6I7nNo6EuPNWQg9gu3uCawN9k7BQzQN6E5YfL1AdHh4udF7sZw+dow9sF\/laxj49FS3UXGVaahEsCE3aD2597p7TwOCMsaP9cpJ6+mt4daKLcDJnJAMt+icMAtT9fzWBRO4vYi5NQjh2DPs+GRWiTKh8dxvVzhRom8\/iF8KHgTJy3pWtXKlPeLfZAL3oZX5hiz2PB+HTVur2l5vjVWa6EpaFOaRykdvEuLIieDh5u0ZCT5hWtho28j2TyUwsZurEURzu6rl34H7da+I6rfvvL\/zNBXRl0T5rIEnMLL\/j4r9tphU2zm73BBkXS2V8NqavgjXhm8kqC3c5AZmhcVx3aPVo+42Q3ezUT39SUVKQVNHXmiaFVKiSaFUFlpUHrBUR8nGg2CAYm5iRBq\/qCatZ+wKK6Jor9Aelj+kTAnp5y3Y17HPQCp3A9e7GN\/AQvzanaLBchENACUbp6PsLPG0WwONlg5LquPMp39gYOflC9I0cMA9lanerY2UKd2DIvHrNxINIhafo64dTHQ2kruV+pvFVizjiYGEPTHm5vnjJ+vNgtO8FZ6Eymo8qJM5A2+vwe1kvg4nJxdm2E2Wn9X7T70nm++uQBCATbDwLy4YWKSHsoUqqJOZluOGYa1wXb4e+XDlmQzD44JyGBZoUrd+\/dh+KC7bZ6++qLMza7R\/lgjP\/l01SyMjsktR9TKWRx8l\/pSrp2aBkNYKphapPAf6rVSB6qqzYptEM4+9RgL5fiahM9zZLohrgrmNstzopEBbSjJHKT2BtkCePCTq9BXTY9wpytpKjLROzmBJcxKjOlKnF1g\/rktfgoVBF1SKnq6hR2PLzX3pKRc\/RptOGJ8gayhpr53uiIJElSTx+gWcAQGtbS9w40dA7UdV0kQrKTsOlEZPv4Wf1DZo6smp3gIVuDDknJHBV+79Kgv5HRfK28giV9WHGfmEktaajImtic0wa4l7nZNKYEOG\/CyBNl4UHMG4iNm+Y40wSoxegD3OA3LFE2Tr3WxLZaukNoA74zUcX2aqS0oIhr43+nrWk7rEOCNY9O2hGcdnBoVGgvgYX\/gYhzcOFnVXvBYg+04X1\/Lu6Je6ysBSIVyex9isvdPzkU7pOxMaiH3uzhIu6T+pp2pHExh+9q+rK10SAGliPxRu5zXtXE3Oy94SyfUjETd0qOQfmkHBz\/e9FYgFyyAkQn3MHd3fMmxpKxNsGPMBp\/cSG\/LANkIApGSvPXTwNw1vUedAoCnyCDwQXlWFtAwyohCNg2btp5ZVrwJqBGM7vTCz+QiD2xs1qEthiBEr8j6ftBwGUP9P0OZX\/LFSLwiLgDLEHK\/768YbCSvzW3RfUSDD4sBnSpdyK4zahGcrI93nPJV2g2l0hHyyPgJ7X+z4BRD+aEuHW6lUHeG3Oj5Qh+Vsi8uKdlG0jwjTzMAg3f97PU4FGrQ+RjmPIPZIj9zzw+nTMrJSpqyIKsK7h2bGHuUUNWEUnH05Zth20+XAUcAWRC4suUp9EI8SZymgXxcd3IQ5KrKIi3GAnhHbFpy9beC1dCN5olmWNLOL3oSxQHzr7fvKwFtpOssY7Sag281T8O6Eak"} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490938810514,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDnRAAH4RTyU0uxSvdlnaLuMLAbsFThUFyP8AAB0Is32f4l9Pl3YAAEU0YOqdYTCCZZmk+g3+J22oWfx0doVS585v5dZuMcju6ceFUGjlxObU5iFwgva6ib0ak1Tmez5R8snBJP694+WPYbwvpl7HFaYBb32L02hySVgOT1FTMmvBo2Fo\/d5ANfZGxJNDQBrucO2wU26mhDDIiJWiWYLyLw+2wH9XtUY9hKwoMo3iFTjxOO1dnynX63OlfxLKWOPNDL\/CJlgdgaNXHQV7leuc3Xd6jzLAetIP1cBEVuqCfGK1Z\/PwWhV\/ilCFb3DMmIz+HaenysHXzEImv5aEb6mec8YzM\/GvxDGp1tCbktIjpAUlEhPRXGKZ8L0YQpyXKVC37At+Ncsh7AGMJvk0puDbiFW8meTwbKSAn\/sAaruKCEiN7ZpDtZ6AQjgTjJIChfbGSU8bd6+hfwBxOU5JZ5xFfQWmRvrx7dy8X8kvYMhYuvkFi3w9Ni2RFiXvTVu8VuiANv809cCo09xvlNkdw1DO\/WJmXRsdf1Y0IqaxV5KrebivhDDNQHtyrnyfrxQ5Y4ift5qmodWeoxdiidD7RJxvcyaRuheSGzXqxC4lIAiMQlrcqXvPnq3wegxcfrIRDEWEavybtNijaDhbp2eu65kvOP5wXZMNleDGBSxQdgktQpxL6TcHQlqLOjfCNHdixljqRof7DPO+5RBSaRguaP\/xe1GoZxspva5ZE9Xk+Xf3SmMHKKlPy59QkuWoIaGOiB7N7I1DAInixS\/jVOIySTOq4xF2KnvU1cEtEoyV42Mhr2KORjN9TpQKBy7JF6wcPKs2Pl3baeiEyYmSdleQIgMxFgrcHJCi21HOjSroXF4HIUsE2apsLaSuZKIs6JTyYJ6qUdjIGm424\/UHHh7fS4g4qA\/yUxx\/xBalncHIA4CjURBqXagq47c2XNGvnlFEquS6V7HZy9x27CFukTSbeIjgcRxXOAJzUlJ1yQ5t5JkOgB8oPDo7vO1NPT7iXgezGOshBG3qxRqw4FUz7pY+auLAGyFbA\/lsmtbgOLGTcFptcsDFuxveiIqXNb3fggSAG9Jq3G4TYmnIqNqka7HhL+stsx9khyR4A9gCtftmEfOrTTxMftEStlT5QLserQlCNp0N1XklnoOsNOcDxQty6hF3nIOhScEBVKysqeVEbi4UdZcUA64KdSVhoAaFJgUYzqosBYVtSdq6oVjC3rbAJ92pfW7W5fHOO\/Gzz4rjoa6QO0jRV4cCPZLQqvL7Whl8UxlUFbNLzMyEaywNzMDAb8u4rh5j\/o9WJorChNDzH+7aC1pGc2DBqQhx+NA2UfbkgudimG0uOmYNVjS1IS1bDSwBdSH7GNbNFSEkwovorAkgGXCiJsNN1cNIzzCohUj5lfbIM4g5Mr+pCB40oATdPIus6Jzb2ASLd\/9Q3sKnYlXjoEthW4ZxmNASLbj3i11YfRdbW\/XSJmbOzbWEbGkTfP\/k6k8tNozfErQYaqQcQWy1XNJfDiRBXvvfoE3+y9U2kVEyp3L6AC1g\/JNMxiXgENUxOjpl9VPREmrP\/Rjthtz9gSXutw7+EZR3faEchxgczJKIbKwYHcJXGoSYCA8W3Hk3Zf+L+BJmdrRVHbtPRFqDPup8RvGlcW5Xzoa4vRRZbXHIKNQitatbh6+9\/gMI9RgLPzmaVU\/Vp8RntOXhKOwTec+\/5p5Qci1058hGbPEcEz9RH7ho4Uxp4mI0kI9Cy+wNwmwipQYYPfi742YDYxomWF7pzIij4vCMpGVsjxYg5gSAF5wb8qbS5fVF7UlGZOWJLoEHBgMVPUjuR95n2f0L"} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490940042014,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEwhAAH4RoqY0uxSvedF+ofgTAbsFTmycyf8AAB0IX1A3NmSMbKUAAEU0Pg8s+OhkXllUqtMD1WTcO9yjUOzCG24snxvIngH7iX6ehFgoF1UYrfDy88XdHomQKlyLms0u9jlYkrqEodLauJRGapy4Hle2I8WKWHQL1rTKZH+tzK8ow8MeqFRrpbk8\/iokxoMoLXgVKCOwqLL7oRfGteGHJcbAGqvj5rPWn8lTHy\/nr7UNzD5DIeg4hTPlFVFboFc96\/ePrxRP6\/CWV2PQluHrHP+UDiuvF+\/WgxAU4Zaq\/s2euO20g4VMq4g6z0hkNtHxIuQ6G6ZlVXeT6uBX6ZPVEg0pfUhEvbGjqyM68S7s\/LuqkjtoK8zch\/4QBOjnMBjjSQwLMYWrIngHxIgbqBSyCkOJ+S+nMOeH0cA+0cnqBY4O49ufQhXDRjEGH5t5soDhhzS8sBGOiS03hbrWi+tm95qnkQ4EY7uhdczTXrlpbhNUdpcyH4wC71tfxfvQVS5y8IC1e8zT5BsHNYmBSU3cCiepaiVmZYJcGPmbBd0EWBl43HnBPIQ8CwCcoTjwgg26Yu4ozcj0BKQFUR0GMUF83l1lF8ot6wXFAA+oVj8seMzHzv2II23OXhbg44qPmITHSEYOmk8bA8y9XUBg7ALjZ36C005quDVZGN0J+Q44oR4tlRYPB94GZr5laHx3xI4zV2UfRy01CNaSkDMoeOEOMaeAi4kFgFipvCE1jwRUNvw9Vqe2+hR\/wsE+qJ\/zc31inDfEFutt+QNKxDy+c5v2szwudCf+3lADM5GAPJCWo+Nv3ArVcoU95DnZ8Qni4gFNPIas7CUUE3oqubppTtj9Kw2C\/6AvXyw4q7FUZBaXB5X4zjUqQWxcc20sJRmNfK46tma+3YZBWJZSVhtM4pRqEfs362IPwcZpvzz9KMT1frJPvZSyqCg5WxsuShHYKbtQca6juA82VMIw7n0mkTmMIQQq9Mj1AYJMVxWSFfEi9dTleToj9MJ1kk9djU0M9qoCSBeOLKZOaO7ZMQoI+LQb5AKLobDEPmCM\/+7vqosV0xxNb5\/8d22vjMPjhhUJQCLCU0zSX2v8r8IeoTWvGuTd36jZKvjkA9tWHYu73L8Z1+CH8Cei7yWoKXUBW3fDckkX+B50D9QGMtC\/RL4c6YIkI006jUdtSCby+AjkkzqsejzwjNaUTji4RgY8P93\/urJ7QidOPx7hxI6\/TCZFHC3NSWXM8bWJhPqBFEUJXD3S1Xr4e\/XJX4lmJ\/Ol5PgUeFwl29wp8pAoUmC4cRILuSnQY4l9xAdZlPqyDmbVu\/SSWy2Akqi5xJqxDVEON1HIuVfAYg1i119Yr7dWU5QplKsuqzsu4hfLJ6M8Yw5ZRJVC7RSE3r\/N0XrnFY73pQjDIXk9UmcxBojTmmq+gMcamIBeoL0S0ukwFhIcT6HHQfqlw0OzdXB1KL44BXZ9G2XIbRiRgnhcLeXH05qnfpT5pUwkVHt9m7ibHbmqRFCjXSOFgriLQZGqyYKgC+7F70lj6Mklvy+ynXaGzESE6icJU\/STfU04WOE\/XjvOrRE8MvWUxGzhOBNeg4DukKHrJE7SlhswBlqxEdAUp1sFZsl\/6UVWCheylk3qxVcmo08I0V6U82TPQllNBHQQvLwa1Hz1qkNj0H98MIqjYsZiUPrT9PHl\/EubC5Mxf+rACdfBZZVOf7ZrGTAkVMqdQkNJ4KAoV4KyVWs727STfm\/XXQbuh+KdV53N3ZDf84eN9hHsz6Xg77mwy7PCShrWSrFEAyXWlin+he1NMoCnvMEs3ErNthA178U9LrQNGhrOQxjMONlj"} -01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com","domainame":"clients2.googleusercontent.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com","domainame":"clients2.googleusercontent.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1621490940362534,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490940362534,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyFAAH4Roo00uxSvedF+ofgTAbsFTnxFzf8AAB0IX1A3NmSMbKUAAEU0xxudDjtwfHlFBOkIITOn8rvZxFm\/C93HCINJPVtiKR6bg4Mw7wQEXtiGHvHKsHQBCttPbgS\/hcDSxPOzux0V4CNQepSq2ytOhstQPNFgKqDi1D66h\/pG7BpGzCKPVnSY0j4mZfGHvp\/\/90uSi9bw7p+VzILVU3jM1Bfy+bJs20rNuK7sUwNxouBiolA43ulRiKtOrcMFSJUwryaJPuIF2AKADyLpYU6k7IhYp5pMSN\/FZrzaNP++MuPxUL0Gl5Navc20GBsGENjWTKPgIBn9sYhebGFEzStHKW0oRdWu4ecBWDSRteLnjvyRNfq+mu5PY+bv2BFXCrGw35UfLh\/YXxBUAy4mIdjLfzCt9VY3jAczlR6NzkXFtYCr4R8X++5lLCWyho9eGTf\/ZCpvdhXIm3YwXRQvz+kfxqnQsXH0ATnpdvEsAGru0CyioUbYBPhrlPL198KH2whWhbXpqJHFAyYFbpGDtS75d+ky3I7XtWANXuJ7DarmS3NZjP4Jf66vvGqKiJgy0KfGW+e7woGpFYzAoh4imK1VH8lIlaAurjJK0bKeBg9p5lFL0\/l+10ncgvPXDUuHlo46gy\/05jQ7pY9sWVusH8IwAbUs7+8XHTFa2n0Sk2BBs7cZpvTnwshZ+DP3ur5kokHk4A+vp7WHa4BbCLu22NtXJTp\/gQCajhA7U5McVzIVwwCkYzni+CTklGJudESK0dNwGzMjjvyh74BS8FP9wJoxjQxNp+QpBlr56o5vBkDintusd350CRIWzdRHfSgPIvr94nWDpXZFHV\/kTCtKuqDDbRIFJXgtJbMsMFk99XMXvWAVlDdMLwUFBCiheR0jEKmnOUGFAhtpeRaDYUitm6kQwBSlx494dMG4z7plhkyjgTRLdgMjGfgIdWdBxvKHIIvG3w\/V0evuN7rNPmv9HuOEitJrzJxpVhNZOoxAwLj9Luz46NCnQhKxi8RkJzyxHrjJop3lPAM0Y0bEhkOzTIRWf+t2hC8aA4KzaeLaWoCMRho1h3u3XPu3\/l6coc7iHJv\/2jzHV2f+8iGD+OQNMR9Kk99olUGh3yP6NJUA\/\/JOUUSZU3oe\/+nZqHPjXlf6UZ981hgrw2hFoCczDQltVQw8FOKd26NbN1UtWgiNS2G8T40NYIim1zBCFfKP9QB7fmPzHJDrqF9B2z8JCy2E76upD5NGPW077sVIvba7Ipr6QIRTGvvbV1\/tkhYCjTPxCUUENkB4qeC3g47G4DoEvoxNPUmX4lTntBxzxCUTgRTwb\/lKdC+a0EYxdtM5lRPHqXOg2W4+zkbzAvD981aa8cd3CUfbaiE3dmvVl8kAJBTvA7OBTRbFUiyh4hawpJaNoqqurTOZisggyEq8HET4+QxdAtFezeONkxyuzFSApfMDq9flcgmEnkCr0TO0tqKJC1OKWpkWpLnBiM8yAGqKTKylOg54gnFHgxTuPO66xLEKA8U9uUArvEv53MiMkmwlGJ\/R8DVYSi9lDGyVmqVbcb97csNgpSyaEAeipp\/xWQ9HZtumpN8oEgvCYnLsS2EfcfhO913KD0CEGNt5Eo4gSfP81+PQSvJvVrMAn8EG7DLqd7Bmv5BkyGG2JK8jhFljvgxwM6xjiPRsTShXGKbUG8XLhVXExbTQLftOfAo1ewb7oxiEPU8I+f46C5Ac4FzkNqV4H\/gd0P38BHG7LPoUUiE\/Ipgayi0qMMiXrV6TBl+UJmFlsYoY5\/mLRewMoSEzw4RRXooYehfNFw04DLhOfVWgmuS8w2oNaA6WV0z9"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490941568324,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyJAAH4Roow0uxSvedF+ofgTAbsFTkMYwP8AAB0IX1A3NmSMbKUAAEU0X3GLCKhQ\/kdXKlH1Uuvr7DsXc9kc2k0vey+LpKewCV3nDMgYTsbLcy\/hcOGbXOScP++l31aUJmaaSW7D3\/b1UKqaibOt1++jBKUGgHxvkHK7\/eIbPnk5lrlJGltbH1lVtjul90tjvoP2C0HGMu\/Q554\/zF5y3+m7JmZAmSjKD68m0IKoWfIlmy5OvxUjvqVj7fVNTGy8V9A8hysK+PthsdG2XbAGQ5r7jFZtgM2W0MUKS7M8fkDlpw6kLICW6or165\/Pu6sFJ\/29IWOcJLgCsF33hp\/eqp6x6\/ECLl+bLOD\/2ybV1zgfWcQJdeCTDlaBbs00YQsEWV3eNTSP1cAPrcHphduw9dFEMzdLujKMYP6qp9q4Kf9aga2dK4puh5Ip7GziQj98etOy\/ltXPqQDK0X0xvEFsMV40JSwj+BzoIGv4jugTdJl63HCP9wqVdO7OrAmKEFYkbeXK5P6pG8yzHXXppocSBsWVO97R55m5tJhwqTeKsPTGfmgkv+0mr+yMvQABbK3kL73O0HwPVgRMzkj11Hwldi1m3kxEtoBJnbHsAJyW4T4WEMuyY9xWOFILOzlsEWcW1DlkhujMuBrKf4HHbPFIfZA+vCGqVGuA9J49rsNTvkxJ3jjtUuvX02pDhaSBY2OTXYv5Dc54DTTkDjg2S7sEfptoW0pUxSNkWGCbPIP4xa+v0s6S\/mMMDwXP8kgPvEmHUDknP7JkED8bkUIL1Ho0AWHqdjSnc7aUc0tHV706qMXs0VyhEhojglXbeJLnekqAVF1dAyJGsOPr5QTKqiKuC+Sgj3UNOQ2AORLL3k0ntqV2x\/rHRdWLiJtPYEUBcvzUxECD7Dtnifc2AbiFM\/4baOlJluyckkIkfljDBVEu84m1Q2kmQPBLAgkcl7yWChrQ5E\/F60If6SMyqrUlc2HMVvUBPZOd0Nsx8em3OcZz\/rd4dy5sR9B9SAkyfXIjPZat\/3SaduQsvQmjAvUkWJFmJcvwpcq2CHg3vveXbVE0PWJwxm31KUkGpdZBf0LnhThU3dnOeKxoMeUP496G60PKVdq7+Ev8OZxM4csxN6N9XOao2AmHwp\/0PfV0b+M6mCVlON4ySjH0zfT5CuS19JLsB0PAKCSWv6u5RSSSFK4\/9Pykim8KK8CSmoO+ZYYUWS5WpEmMsvK64DpcO9Wo88i\/G337OpXfoBIGbBcKqVJnkKYXTEBvx\/pOckc6mKqj1Xx2NLH9flt3AVKGz33q9V7vvj+2mpU\/AF2AYOC5QHoVhyHo4\/LUMEXlMibQL7QWDMM7oSFG9qo4z3Ogx0Id6yuIs2TTa0ezZqML11NC1X5955fIUW\/FDJcjZV8HB175+M7QL6IEWOOx6PZp1K\/RJlnO3heZacJYqauQwksZQsk4arIv6tCsj5ldWRpoqj3CLHPSNLlUOifs4ET+tW4OnRsMipebDJLpPBCJQJ+ecUpHtHbH+75\/d\/mWMiDQ\/hwUplHzhAjVMYLJSbAhbvEaR1IT2meCVIPAWn6ZyjG6gExtCbx+iUePUXL2hlrgzvBZ3GRHAOacsg6dN+CWQxwhWJB23q+MgzegfFEv2iEzXU8DkMvw\/RCwWjBr20X1FCOk795+lTgR3zGd9CF5postNEBPhGGGNxdqFYsot1FrVpwc5OqokbxkxTF7Onnq2kbbsl8Ba3XWkoGN76uWqzAZmzJNMK92Tdqpu1zazult+08ooXIuTRa2BfjyhJzhXLCrMQgn4QLV75o\/ppwW4gZ0PFwpLXpwmShzQ7nN6WnZ1Py"} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489066532587,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490941568324,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} @@ -400,19 +400,19 @@ 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1621490996403153,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490996403153,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJlAAH4RpiY0uxSvbKuKtt7qAbsFTmC3xf8AAB0I1Car3PgqXoAAAEU0S6ZfGd14S8A0NR1EXdOvvljTofNOsuBTESXKp4Oj7auLmC8B\/qxGB6ytk1wgcKgb4d567f76YrqqUml1MYVDe1C\/JvoI59\/gIk5MbkrAeINiJJmd4QeAnkVSzV5lCfOcg4X92GhM4oNiOV2dGGG19wmPo1+VUjHzShTUdyDHnnuZMliAzOjvbmXBN2aOzeCn+8K5drqRExq0cBsCHzvVRFUNzNlUUX5Vo+D387IvPpUHb7zmraw5XeiFvxl2Ta\/q5W5pNrCUAugz0iVIVuWVUNPV2x3FJywavW9Mc5JIWO8xXdlge6Szt9ygE3gMdi8fwLQb8lGW8vEcTE+N\/RkpReCzQ5xMfv355m1dCwCDmEbVqFEy+tHwxDIPuNe27WWgF9XSiasGS+4dfQwcg4ORYoMDpbfXKW92OUlTCH6yDwc7C78NrMUmisC5VK1mGGLaQ9Qu2wMRUqjdmNuepip5K0XNHR5BBbH81tXrZgvI7+1m6Yw0b4kZRl80WJwqq1KSBW4yOioR69+m2UjFAyV\/DXvz\/cExixYmUmVoRdQkJvqPEwdqKmYp83pX9N6Hd9bp8FjZiscO\/ylBmHeN2rawxJLrCx1pzuNkPlwJSuJasPINYSbw1F6JY3wUwxIeNBUcmrCmJuSJtdG7ayJElCjqeWPX8iOrtpJRyvIeNvVeP4zvOG+0xtaofbgfCwz76b84GmN17Mieoa5Bg0V+IoGD7eigcx4YglpTvHcQafiVJ+PIKzt1Fb+zraYPSsDdrlZP1w+1Hf31E\/7kXH56u8ayLXgMPnrISXGFMyS\/xokT7eAZHt\/LAzOJxdLaTDPem\/QunlwKxGvr7bmetIM3A6DNVEQjlmxo+VRIkbPBHlH8femG9JcYcQo9D76bkS1ct6T\/NMC38EOKjtDrrbwB6KP891J44T0TieukIbMdjtFWBM7IOVr8jksgPE25Qg1RWYJaofEPkp4D3UDLFQ3i3dbANJ4XVY\/+L6s+MFkMJ5vBF3bZcm\/tDpVfLrqBJT4nJ7a1C2yAYs59uuvaHev2cKOStPDQDjZlKsuGChOYfuICTD4igM9\/JcrG2yRYeOUCgKTyd394CO7u7YTQ5SxBzyztPmR1KbXNMGGetSQjaw1hK5VOfjJgPn+mSvHfGKivShlE7PanYf+wRwpAG4+iHQtJsjM6WclCAcVrZNfSob\/SYkmMNb3abOPObEQM2ceixo+VTcnp7HeKPVYD1ybdnOMOXFC1AEz9wSofo6gTNdJjdRzlc\/9v7H9A4GsQFk2F7K54C2kPehQpa66BiqetQtr+UE\/dVFH6uNeScw+ulCv\/wbm+OBfrLZ2GXKql6eSDpcCVpn3MV2YEi5CgRFRyayz\/\/2woQgL8t+RxToNJ\/qQWCsxJMrThy97Ju4LAwWk5KeZaLwnxjsnunA1T99DyV8+UKz7+g5JIOC8ruYl8Cwc3nxBc+tvBSpA4ZcE9I+tZo34gvOtIq2Vp5LtGbyHij4LH40qk6nQ\/1gDcnTZVMAXlo9nJiRobqRR+5H3Sg6cc623xK2b9CkBfTTs2kJf1fvbYMbdZ+wEDmMqWAzs4QGCGgJ6e4avqUcQ0kS0cOgHx6IAe77IaK1bK2SrJc66FdwbVpj+\/3eUCOHhaAIGMeISGD7TNa3JfY6n0SkFubtUhSB0GUsv2j85xhlI1qeV+8UDynYcpwz8FIiKVdUIjfXcOGHLc9FJMKZ3XshDKwmNniXL0xT6RHfFQH3w8eQ\/YxCjcIE1MW2OGZs+3vB9wyULm8eiLTszw"} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1621490997006915,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490997006915,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ5AAH4RpiE0uxSvbKuKtt7qAbsFTpBcyf8AAB0I1Car3PgqXoAAAEU0uA5YSqiRZv5\/DZhOTssoA0DPn9Zo4RXJotK44fYCvFiyrLXWkACavb445uJAej9D6NW8Y41y6KLu3pIKWD5qGNryyrX7YHITgUXix8iJo5DiSxsH3mGC2JahEYGf\/vTyPVMCyJZWsgerAn4HVFWRUh1qe82mrvrOfq6CMJqoDiP8vlj8+LrUV\/YTZtmYn9QGfS5vgZWX2txmg7RWFMQ+Rz2t3\/jIoTk1tBYJ8e4ItX4pZIW\/53Hyo2dcr4a7USRmF1tn8rKRC5HhXyRfxIBsmcteyC06JLk45KaIFQsqsO01ArTRBrqtXELj7tUE98y6lWlRh8r4yikeZefWhfGlnFB8GF6ugo6zdES7YXjYS9WA652moLPIYC0HZ4SbnVpSbRSuHeIGE5Lu9G6Sue9cSsIYF+Q+QkYSmgthm63nN\/pLWKoU\/RnLDJHaaN+LMsKEUL21PxpA47xYiNZr99R5HeRxIrMGueLrYGdwS\/9Macb\/Jur9jEdINRcxOqvE\/Oky1YBxT9EEdmvl8xfSzGRV6EJ2dO8C3TxvmALVJdJg7\/+XmVlc7vdVkE++7sw3O91FGcYlrdAT8TCgEm4OjsLPi5Cp+NhDUd9lNsblGNPne2oWas4b8C2P\/tYyZf+gOvHLJV3qKtY1q\/qcAcDlCTflHkKqb\/f8vTpeSKwdug8\/WMPk7J7GuRqkfSiRUAHrQP9z8Ev0mxBjmR0hdyQhsJrq6NDbkZA40SjV4PLS6wDFjRKFILwhocOA59yklQQ9oYMwuJzmXLKwLrh5mOeO7SiIFPGV64mweKEGNBwsPL73yemcdr\/l7ci\/aRkjgroHfTOlRVNlwd2SMp6acpgJ3DUTPihyMBDSlBSCN3TpbTHi0mhLZV3VnRkGCjGLPs2dQwR+\/NHoWbG\/mkxOp1+Yw2+oGEApO7eTCrPIrMzOJPwIOKL240s+7ngQuSxGGK0TJiP\/b3U0+u65ktYKEIhmHd4NjqdknH73Qe9XAd2ZIJ7fI1HZmpgWCSTOYqlCtKfFnEWXjld7ZMR2bys1tpSPgypDIWux8kmWABvn28paMZ5649uFQ9tMCjlecEV\/1g+ERbp+wKDLmdogOcIzxg0M+JAJaffVX3DrOnA+A+uSiEkyKncq2c\/YTqK9cI\/JDh0JxfqNhsxmMlnwuAaJuPcBh1lD\/B3Q54dORDqCAw\/xIL5UovaES4PJSfmtHs56ItrSO911ZuIm9uOZr63ZoEcTfsynRQRr4UugAwprRYIoFK07lwdRcDiV67g2XdWXRwtNjWXsWfQGHKiNcbvetslRKrXfxyaa5qn6SEG2C2SnYaRGY3a99\/8awO5F2Qpe+vbycKzEN3ueNUgtD8y92W1XtG2C78GhMCEI1RPYj1pzZhzbrlJRrm5YT3D\/l8R+fQYCAtmrdD+CkceZwNpPKhEhVavI5Gp5XwNdJ56+RbVOrxDRVmjqTRPLg4zuWj2jEJ79chsV5GX2UrMGDWSjjSZAsWp9Mx4ndt6VUOFZip\/9r4MKmJiO7yGxG8d3B8CM0gf2O3UIBZEchmXjqS2T2\/ewwSSDqYn23knX\/nt\/rnNzky3YHLXA2PXQsFtsr2gSewQ8lu4K9Abfu98oJmGOqB6Zepl6y2WwgW1oaL73FaoUE77CPUfZc3ThUmYcus+PH3momVuo6wjeidlhQHQcAxWy2EczheDpK4PInZZTQH8B9cl87zWeaY26xiBO6\/KO4jcBhP55bEZTsGd\/GDBTnrzlfHI8ia0xyN1XOyklzBDoPTS\/1FjAcpdn"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1621490998210174,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490998210174,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ9AAH4RpiA0uxSvbKuKtt7qAbsFTpUkwP8AAB0I1Car3PgqXoAAAEU0MsalNWrpYLQ18ZAibnOvvkWZkLaIOwbFtZhqtVtu5TLZm0soV7JG76EmzAqx1qs\/svpEcqeI4pSwDtsl+NK2QalMMu5vgg1D2hPQHGIt1aS4eoayRIJ3VPcaOSNDV83C3AR0mv2KtvC6teWdJygUetGxKQ\/UYJ6QLBDaKvUCmZZj2vZVqrvBuwDyBKND1rK2QqZl6RiUTDCl4nSVZcyRuOfLolF7OYJOPKZBD4t6WG+TGHM79LiymXprKcILUBJ2K1YaiLCn1zs2+vDUCMAWHQZyIbgwM\/VjHVtWoKynWtpCDzCERMjIJ1zxQJ6tDBzSIdjb\/kb+1tQF8ay5gJWSCph5fhN3WlUXZQDaBOKBUJ2I9dopD5QsCZmrDh487J1TehodFvqwYeDWoFQ8srWDefQk8SoiM1XPeVmNODrg9QeE7FRqxEMYSAJTscHu2ysTRpS6u0nW7YzbouCZVKIBWVyFIouUM63vfE1LhTevhKNyImiHdcWgdhveodOPIQdru+yJ\/CMsThCPBXufZLrNRtOOOXBr1ZzyP+aBX0McbDQcpj+ciAJGTJjSHxWUmDDQspqx9narwsCPEI+v4ArKERTnUdu7\/6nOi7J5uar38mApB2HiANKRB\/OASqUgAc8ACIO6FDIFjW11hEEAai48sDt6vBB9ZO8VrPaXnCSEefYtr1CkWMMDU+8J6J1a3OUjle5I93NjA5n54f4ZpYHMAyPBvVedwbcLoV3w6OTQ4NB4vwrAnUm5p70JkUO+3taDma+0+invcrNJGM1FG7anF4zEieOhJtQ4mllfkwjpM2\/x5WCHhL3y7rITx2sMJSwM7QBFBt8JhAn\/+JK\/J1kmvUgqqAXL\/MeNdQiGOMogmyEMpcwawAYBv8KuiGxOfzlaQ9nyyxUodzR+YZRwElQHmn4\/cv17nYnXqt\/soP5mHB3jK7WInbJxbQtyjf\/2E2taACT6y4sbecs1ieQ7lPKAP8SRjyzKNzmrrWdXqI2Da+1Doo\/BmCV8A7sm2\/elK+9FIm4M\/IlEy+KLnlG86XzY2C42ChunILwweHBE9RNiC5L3JUHBdmZB8qhCJS3Gyv2i3tAgkYBYisv0ySZ8o\/0SvcyE2DQpP4forHbdy6TdkccNmXvbo6MS5QfnS4suI5biaLo7Bc\/MXSst\/E93BkvPQfEuie00Py4FeFONibIef+lonUgkkBPYpiKLNmUivROF\/dSQinZWmWEdroeZho3HiywTGBppaxcVTuH9qcsHGSx6LJBydHlbY04gLSBtjiXE9\/E0JsQcpK8dBe48AMIRl\/T0NiDAJ3DFspe45EgGog8S6cx3njyKHMlH0bDH8ynfVV0XI77o\/FZdB8rdeO654rA5kyXlMYZ\/2swLInXPTRDn2WT\/FyseIu5So131zAfhyOaP8+FA3IhKXJkyNVNc16adllGwYmnKZap8VsalJ+Z25vFfbFqb9gqxHIFSDP9ywoC9aWwCfT2DI\/I2yQM1zWc851SNzpkt05NV9qoXzAV8UPMCE786OxcMbPijrx6UR\/Ej2qgdhZo\/W1ueBLopVSUvaLmnCe6U2PPHmg06ma634pfxGhtn1YwmbXZ7aZ5N9IM7S7Rl2UQkH6MpHEKmSxufz1uLW5e+mbeiCjtHWlwuJPebWcZipkjfontJFtxY8JqWR28min3U923U6vzulHQmxO+b1E6vPO6sxgCl8kQJJugJj2mdMYA7iqdA5aBhULx5lZ8+Uw728RNXoKYWbNt6Dmw3bihemdgHf0rN7ObJT6Q0"} -01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com"}} -01060{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":85,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":405,"global_ts_usec":1621492846202030} +01218{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com"}} +01207{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":85,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":405,"global_ts_usec":1621492846202030} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492846202030,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYMxAAH4RSx80uxSvxPU9QM0gAbsFTsrvwv8AAB0IkN0D0fi2gP0AAEU0WPLbpHtkRhjnBwYFLsQ0oBVcuOZxPwKAEGEgwAlTMTXTGM71v6BXkNyXBiiValVwFjUYX7UUrk+V5Jrupcy7Obpi2i00t8odJApt+XitfLuiix1t0F7z5Z+feBpcusmj2sOZ6QR6h9W++LWKulARwr2neypk4oGapBa+NsiNweTRdbMX3O4d\/mwfllanHZjdO6qyaQ7CnGSuCulGekhpihqBGXPcLW0di3I9pvTqznFG9kWmS8ORGWf1J8GUtGc5VJSaNCJ+Fec43BTOm1+MS\/j4zGK08zpEpGVcAuP60NQcXU9UkzZKsPw3ZWurcWQhQRUUG2hZnMieZ2iH9C8vVNFBjN\/04FbVKM4mZrWJT1lug\/jBAePvCTNRYXmLxN9Ou++HC02AMJ57sWcEhMIYguKuFYuR7dxPfL+cTW1koRSS6BsFC4n5ZRuwmsUcF9vfJPEIqvBwmCjtVhhf7VD5goH9tVyYF8KO3kIv28uMuxWcK+q6wT8hSJ\/zEHzootumo7aXQqZvFeJhyCX0EfLhJ23vbRO9FmugxWN7m4sTU7Fhf9kalJr+3D134oZ9EEYm2k3laLxJs0+YOmna+6\/rVscNjjUad0DFGPUlfBEWehyhkygQSnAC64dHYrDv0iBrOmlJ6MRSwFxUrKXnUfq3k6Sjz27UeFDKAbXjm9pfn3JaqYN+iEPqCI6LxBiewwQo6PhkrbmioOgwvX\/DmpJRnPyUe5tKPfpj591HlcbD1wj8IAwgpQiAbJmWGX26TQVGc\/oGu0wUuxxgG3S0COr+VKnO615jbylfYmabj0+tV2Uo1TdMmuzr4pfQWFOvIgEzWzlgauVuFGrxVJNotNQk7htoqJBX\/hMnFoa6P3D+kOnEu3G17VXOpjoxBo+e82xbyKTxE+HiEnZeWZL7luz5bZBmWGZc506mXLnCeZZQqiG\/9I\/FNIpPvoo3H6warZwrzbb8Um6Nvs0Ics90RO0bApWCzRG1ZbX3AHjvDgTh2p8CR9Oooi6r0cJxgwFZZY8SZy3zNyWg\/wHtBtGqhZKlBnnzNUo9ZvpjYGNFYCmpHvrwviyxBvhHkg983940o+FsWBHY4PXxHhH1BeANrMFfkbINkn+CbC2\/r3ppTRHHY4fjTIWqDjaau3fmNxn2oa4KoWNkTjA1BSXwvqc8trFGDFMCJhUs3hSHPiEoAQ531rkzeUr7wtvjAhy3yMpxtEUaaAGyPySo1NYyTXEWK8w0\/YLlmeDmev2JWcCnl7HS0O13jStUjDzYdEKkWbQEZyNXBVEhaIvowRgcn7\/v2zT1Ji\/TX8DeP9rZyEyPensHrqvCjEiXBVlBQXgUJKTAdm6SwnhUmgDIWfMcW2vD88XETNohXNP\/OdolyEZ2F5Okt1oR5HKmRMri3BoToqsELE6FkQG6EG4JyB3bG1wn7w7zqvTRpR1UjWxoXiXjFxffg92VsUmcwuEyMksgqkhRx9h0TWNRACL51r145yHnspstaxqMITdw034yIHhAL3G5uPbMdUZQJozU\/XLnjQ9V7x\/mbfIElAUaPrac3k2nvzbr5ENvEse2uDH9Q5NSX4CsOm399roi9AvuA4V7OYxCn6T1MdQz\/4\/J5eI8ez9zieLgXCZomN4Y+BUIAuOY5\/dWqfjZcWMx1s9NOKQTb1Ka9pe9XEJIuxx2s04cvGxtWZpPXA8fQ9IoJlumB17J64o1iwcDB9g1LshjWGo9lOe9FjTnwf2Uc7YISmWj+vyoFvYEhvt82NsOS0g1fbgE3nFxg5ojGIF4"} 01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1621492846499549,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492846499549,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNhAAH4RSxM0uxSvxPU9QM0gAbsFTsB+yP8AAB0IkN0D0fi2gP0AAEU0eNeT2iVrLMv4jKHl8TcBYgCovcfBUbyiMals1lo6OENtv3m3tzUH\/6BCYnVpY+CFN6iuhjAxK4TQo8fdrcWsTOaPpoFoY2L1biWlEbkp\/x6C0kavU\/xvEB03HgfSHvx9g2E9+0QVaZrnTGMDhzE\/LCMOi99ZyzUFTLa2whyStOHkacXjeP\/fXvaRIU8Xw0e1DmF+BBORNoKDNAzHaWe3Xdqk4sXMuKcYmcsPCiNzUfbIR5I4+VLDDbiRMHE4TjaiWP1s5tp2uFI3oH8oNBxSqcPF8N1QFN8Owg0bhCA\/IS6AAO+WjLvCXNFTIFRkUX2YOFCXkduhSQk\/oHwzaVML52Ssm10WvS1irnJ1a2h+SxJBrkoqZbSa3c8eawvV0lJSss8ZpdSbSRzoN2qRfRqNsLkutWp\/l\/cD\/9NStpmQaF3kKcyrILDL5C+ND+LRujNpqDaC7rufyYb4OxX88B0MzY74bKzBpjdNd\/NyrBm8\/onpNwjnCW96RXgIjm5ELYRH09jAdke\/LMSfgsn6fc0lbvgEQ3PiOAd21XyPj2OSsqeutdhHzHRboDg8Pn60e3mxTSQEysOZhCJu1aVdB2yGnhlHsTGM58d5JBHDE+jZDUbC06OdcJVkIv6bjuXRCqEL93W8VuYBHzKsU8Ii7A0JxSjAutjZgwMCd45KPWDsNutDQ87CFhmk5RA+fKc3pBM8cKLyE1\/D7NJxJr4GJrA53oLs7VGf6MKmlV4AsJZP6rx2xmCFhjFqHYFLBgJdnESGthy0GqSMdwYEYdqxlsQZidXrJUgJhUv\/viqRmaGGOIoeCbGdNL22EJ90SNuuCvVNhxjf+OCfozoA65mZFx5Us+WOLW813xAA7oS3jfz2r9ButsPWkueyotS4sGWbX+O7pcBxmbUlkuDeWzly\/JrdnbLf8o5IpZlL\/szeGX\/xaukbonKpw0kk35eQAFT22V0SvOQXn506i1bIeQVC6wqNBPKsgTo\/VPQcaj1aZ1Q17VqXoKPIuPlZ7SMkngAYC6FlUWvgpdcoeIcZ\/t2glrET\/TpZTHAx1vcYpwXGccxvCqJvFzp\/iEy\/P0\/s2VTVERM98qgpyC8vVMDiAXeT0c+8myMBJWMmEBB7+3YFzgV0RnhI5XMWiTiedHwgemVCeDU1kg8u8hqfknKqaVcO5tLH9t2FGmiCSrVi\/CAOeu\/vnWqt9L\/E7AUvgJ3nf\/XofTNim4vFwMW9qWfnflBAI4etDSLXlfhCF6hj05LkXpBYnhDX04dMfzMd0wbqUALjlqng3G22KPNXzcoLHgLHkSRTNkeGoexq9oBLHV6OhHb4pIzLS3SlHBQgMv0ujiz0C3WRmVVFITqTC4Ym0lFLd1XdXKIywfzJUvwG8AxVCpiWvvbn0MsvomTXCjNPteZVCsije7Ys2XOj4jFIoymLHdB7GeVOyHHeUAXfmy7fXXhR9EIO7It7pUitHoj7\/O+uPlKz4WGY1XtA5gadBlJ9hcfv1AISORgb2SzImOEaEIs1Oyben4xhUAxtnihkj2tOYt66nHUJoi6WDXV0pSiA1adbER0DGTh61m1GbsvAF6iehNm5R\/auq3cSwz\/oNuoEeWcajKe6C+bJZ0Pp4ODEB6xylysFi5Nsg\/X3yxwOUBMebO7HFdoJOx6\/anLHqvZoeJiNuEm3J93g5x\/1Nsu9QNYOSXc3CITQMMVtVZsPeOQpBypby+hqNIrDBvXDcv86XBheVQLni22zPRHvnPPVc9m1STaKuBI1rOewM0zxJ7Y1kebQ5fFy"} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1621492847100544,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492847100544,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNlAAH4RSxI0uxSvxPU9QM0gAbsFTuvFzP8AAB0IkN0D0fi2gP0AAEU06G6NT+VSCrmEO3BKTHqGvRDj7zHVCi94TyNRWxU1mXbjbTRFZ+CaZvg4gqUf9xMHAUYdMHn0JKiRgnSgkHznaTtiRgEk22fQwgIxVH+hvtVpbaIsb3bOri0\/NzM4wzGQk0hhFXdooXMc+tmV57mVI8vF9JmkYZ3AY2F8JLlv1BxIxapiJTD7gwuZ9nIypLmrrtiyGXxIl88PM6uDd1lRl3qoQ0oiA9c6pPTCRB8dAQJ4YYuVmuW5TbhruKDZ8PB0MJQOb013X2nAghH9Hwha3CvwiU2omtgMvjkZesxfUObKfDTbFEMzL\/jrRFh\/+J0F\/EGuyjhTpDu6+xG8itbCbnAQOy7WuW5TYEsc0xXOAoc6KlEwmQiQKfPKtF\/2CZ9SjafQf4Oy5m1SaS8su+ueaSjJsX7m0K38THdf5jQ\/Fl4bTD67mwBO+f0scmP6GL\/mbPaoaMUGAzlNUBiMCCExtPs8A0mmZK+0smBu+L2yDxhIAkqjH2OcdLR11dCH0QdOU\/qRLGN41DI\/\/cqIkx2ijbR9g+OiikFtGSy6n2LA3mBBdnd2T0hBdnX9fIo78omWMaICsidEwWQIYfSO+LyI2h4JvJoNJSJxTMpQux0CHDeflYgxqteaTQCHdOZSOAFozGJdqpUc4ukomNxsQCMV4GAyI75uC+kKJhbeM\/HEqnNyY0rfHOQrHusbMJJ7FCv6nM11\/2Oo1Hh2eJK88As7gRhqPVzeuz\/U\/xXz2EOtHRBBzR+oprpB0Uws8\/b54W5T+yFgV3JV567bJDHBaKHV4CypvviObj3VPZSDfbx8ZDE8cPozymxrQGwJnz\/SSVKg7yHHCcAhBIh9T7YzMsItriGNvgnX0urwJbHBIwvT0elkkqojq4KIx\/7Yh8uMFRpT07cYIl6MdN\/iCqwh1vqZbBwbGpfQR\/HAz4IypJz+zywRzPQmL4Zjd28OKKYaEI1VO6TnaZathnaIz0cGz41\/3ec6ubKFkmDYBvMaCkYbP938UlSyqwlkgR59+GTpwl2zVUb\/faKExO\/4NpJhLquIMi1hgHnj1b89iIzZEVRRmuruxSFJoxbfnenirV2KkIVM3rdYaAMxCt99+sRexO3VcGSAJA03hK\/5kyXvD1AEq19Fa4iw1nUrJXngE0gL+UwmRFL0ICfLh\/hdSEO2viit7tS9gNA4BJCujAoVC7fRr\/9\/osYAvWoTHo08WZH2WCiQAis7vlYiYCukAhDVyYp0qF36aPAJIVN4AZeZh\/UwxvSF7ScBTb4zd2qrmWQ\/QZp4LrWYepsYYrlR5PrdyOcgmPlz88MR+J+nuXlWXgCXcgNN1OrnHnxsLeZAZ66ipsvP1GZZJYJb3sLc9AcafS9torkCmsXvmQslIdm+okpX\/V\/b43ll6bHHGrpUQUv\/PNxOHHQOhXVrn7vat1ejZj90Ni6sGu+5HaMpi1OLD1mKP68o8RFXXDItYMsdIXHnUpqZjqKI3C+edj9oApTrZsLkp61Xxv6XiA96YE2VPsxN+ezAXexypGEJk04q7+rYgpGY24NJp4tAUHgsYUOjphIugzRYKjYfTmKFGPs84dxLcAVTKE13VQOFcTXkt62OXTrEtGBfQUWVDuQm\/p598jzYh96BGCH7WptCesorqdhDG\/2HxAPEOEo7SWItolevicv20QLakpWkPPm17h6hzM\/rWFNZM9vbByjMoWPhIUCyRXi\/CbuDLLXeA9rb9\/9+r7QoHKocX6ChoPNabp8O8SrguQ6Jwt8O7ZEnphGvVCAS+swijeKY"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1621492848301815,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492848301815,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNpAAH4RSxE0uxSvxPU9QM0gAbsFTvUqyf8AAB0IkN0D0fi2gP0AAEU0qqh+Fby3a1Z7p4sCANnB6COSx4SfBj4fWyF81t2sAxdk0a7MCvBODpWTurm4KJJe+3fjm5FY5ziq5GLl33Nve0OqvaLB+z3Jd1yr8m6tmz40B6WuTJ36U+FBGHL4iuYsvMC8lYR2Yk1V6jHmOJphwzJcfdduOddwCotEuKkog\/DUq2HjQyGgpSOyqGm7roFmypyS4JvspVFE58nFPRZumlvwX0okQGDF3ibTSx1B4bEHhYFOmnQ1\/aufX3MfWNBwkOe23bCHBYhFZqDZFsx79Aa4S+rcXnVBu1CcRSLi0zOIssWigjeZYQ\/JNILPVf0ZW3Ic1FgYooFhl7c+MoFGU82qeQ\/VWIPgAkgSUuLocqRX9ojF0IRfgMEniHQvHPRN3fsDkmO\/2EiDUMmNBDuwceskvrPItjIJRikId3nTS1TplmKWbUo2Qasiy041acwKCtAiWDOAIaKXZOFae+GFXg\/\/rCvuBdBHWHE\/1P3hYxC5kHPkXNlUAfD+0p8osiuZz\/Anv1QT5WITDX7wMlkbDWQpQidJMo1+s2bJuOJ+sjOky8icfdnI\/rP67rPyhFHEBPQJkEpfpFz8AsKJoA8CwlVxEzZf5evdnk7aJQ6V3YlQPXfKs1MUkCOuZv1OC\/nlckkkXupIUors4uIDWKVlaFRMYQVU2\/wMgB12MK4DVmaVjJhhTEj8Sb6JDsm6nYuI3U7pgWqFg5QHSCgNUN4OuvXJ+wb9k+5O1ZL7tcYhSyN1OdT60MZWcPZUlYWwN\/K+k9ORY+neeFZ5Wk\/xQGNIR9KIGvbHnMrNYvQVyxe0nbZ9VK7T4JBEbq3mYd4TbOTJSjig81MEU37SaNqg1rdXKSObLPZn\/Id0aq2agilEmpsLi+LPvF4Uh1KCs1tqlYIhnLtp6h9bQFHEsq55yNBprbQ3CHYRtquUeSIujphuSKfQgBvOFXLNxWCftyjyL+ta5aFfqrBTeZJoQGRJWH0Dp9JoAEU53CtSsMpJGe0DsLIZQwm2CS\/80PnkutVp+XqiaGCdeppVjKAXVZHik0vArRg\/f\/Ymrb2WM3aop9TB+msvKbXh7AYjKWAwdKeSplEjnSwhR8kEkKt\/j9QpzlRj9O5bJfRngQfTd0VqJa87+SN+rAaF5WC8N1Cpp3v1oa+JlJzZYGA48nOy0sgdM1aXDsuu2dfdR5TjAp4zNWmBJE\/XcCmGgh3c3ALPRLcokcR4Ow5Dpf8+pLu+DM1GAF9uR8XC+Zxh1jv2EauHHVZ0jU1pntqprblCs\/oaPd0BSRbEHMJ\/CIDqRwzjEi9vf9lcLL0k3sLhtS40o54aoTavgqEQQ6qkTw2hRkWi+hC6jKKHWy6\/jEx6siMAPYUI1ecuRR8BBjRC\/XatQhQi8AEi\/fDdOnX3VvDH9LuLWULmnNfuVc1Wlyd+LAQ+VF7FU+LET\/KrV0naNTMwOAkAlnfqpShJ3UIhxaee7+R00Iu\/NLdTX2h0I4hFbil9D+LOcAGiXTyBjIIQq8dOyEfDu006oWmBN0234TuhRxJaljNOjqK9FNX\/hgd3y52cOszoIK1oTWfaP5fCa7A5bDPovU5GDIY1GsMnnqf4DNDbmyfvpuVHg69M5bzOKfsJNhyTC3qYQki1VfC2mlgyrOTK8x8s6YT\/zunPDkT0dGEp99HHXLOgfxdPrNONBg3Wl5Bb\/Fj72\/qPD5E9jtqn6jnvIY1nMeGyIeObtZCj5oNT7Lps3D2YWxdJgwksIbEHNj3CB7W4IFvA7l9PZBp5zQaLB5uScVAYKPsH"} -01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com"}} +01216{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490998210174,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} -01058{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":415,"global_ts_usec":1621494599158885} +01205{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":415,"global_ts_usec":1621494599158885} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494599158885,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVlNAAH4R6ZY0uxSv0OWdUcmjAbsFTknBxv8AAB0IjEZZ7Twbo9wAAEU0kJjhzp3PFc23t3I6EGlw9Nw6Qc1SUTVOLXwfMjNoeRLiLBXl1p7gZhSviv9JQfR9Wlb4B\/LvGDs5HubqNvjy9gSGhUAoZKHgVyQNQ8sPeb+zAK4\/+3Qxk6DgExGf6DSCsV9UWtXpGmfgDVaGUIKvjlEvPlaJQ79FJEUNmnxqw+Su2z56GwGnZs3etUJY7Thex2ui8FvucKYZYvgu6wRjounSXDUxthqRvvbGPyVi+\/zvUh6JQJ+TX8SC4eFZqQp+jb7GmBSIOMm\/Ec1jvbOi\/aliVkt3gPEwixlo\/RAm9MQzPwfq70hgSkoJx46ldrVQcWlKc\/yvw3p2stokg4mvv0O\/AA2g32B4XP1S2bCDnPSyjwe\/FFG3OX0VFLRXvjekO4to1p9XPgmuVtwpQLf4lyNVfpdhvYlgoEwUjM9uaq3UiXNUhHqjQ0L4DXtkhhjRWeULrLkU0f0REry3Q\/LckyGikkZkv+F+HV9G2NIDV+IxZQ6OWB7DM0Z83epJzGFj5\/uYXKmk+BbONhvtUkbwsIoFVtH1Q4vZLc4nHVR23cDEhozshXDSC7PWSfxClKjneDPQdrDLr0vgsH8xBaaaTioZjwEVMdhbN8FsX\/rL6bMhM+b9iF41rToFIYIcSRksL0LulUfkhaEGqLUnpKwuyqlF5UpMMngzqdoYUpd0fzQgxA99TnPf\/ZibGXba4goUBq5aTeKljwjQvpfeDm0N71QVgSNFdU8sTF5RiM0jkfLo8VOjKRpirBNuYJ7DIAlvof3NA0Grn8dQ7f8YWlV1lHjXfjMeogHBB\/P2mTQzXX3ArnxmdG\/i2\/iEZexnqGBauYfcvUbCb4yWGyQ+uf4buf9Z9AyMQMsYl+B8ptpOp5x0NGkqHT26QYAV+A6a2HfCBCEg66zE4TRZrMqr6q6\/a\/IE2n6Yv2maemjmwg4iHbv195EUc9666Xw\/knVVZHK8GuAAgFkIfnCTuFvSaCEwbnOXJ3s++e1rXdNr+Hg0b2Zbi4Ef9DQNeQpBIh3Ur7TEj8IDc\/NOM35lp7oYr7QO2zj6YAWebmCqb56wXDDn5mBBgu37fQhnakjMV7jHPkryVTXnFiOaL\/CVFGTvS46bBvmJkLPq4HRzoYbmboqQx4mXB1LvgMfXrHU3l7iZLz\/2XPIqh+KYqtzkanEAs3nElKsp2sB5mExQqIIubK+l5dcRdQNfCBmPrColZiPglV6Hv5liYk8JJ8Kbi6iN9RFbJHoGR+dLu3tvqT\/dah4soYZhtI9JnUfTXwZhINQmrqt11PjUN5xy2FY4x7Hur7+46IjhG3mRUQfKZk31z3sThwR5xjbX16LSIZERlLjpMdpm+lcm2fcsmWRXoQTgM8\/ugnLqEQDMuUDGvRukyIwk88fRryMIRKV8KDVhw4+vJ2EZLvYDeRSBFQdsKzSa\/hTqJc1bTtpaEUuGT2u\/or12NqrqQU7wVWi3YOk1X+OSoNbRXciEI2LGKLRqsnbsAqS+IJRbeA+3y8sXStW3YAt1gPKq7Pgq5cW4+8O1NmIlJ6gz1+lq\/WisqZhapMN5rUgoylNO5YJPHuzHdkOWHinWJ52NWCXnOYekNmJLkh41YrSQvM7Zm1APRBCuH+h9RHttH1u+s9o2TQ4uAPAAFWi6bluDPG8hlbO7uz7OAKhhEJ239ij+NXPbweBE66DiURdi7Gj3kcjPg3OPsIP1L\/pUMzoKutj3ZBRiMec+XXaGz3s5ppe5ssD\/WW3cQpGois32lgVeJrDmpDxCsEoxF\/1Tdai7z0bd"} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -420,125 +420,125 @@ 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1621494600068782,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494600068782,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq1AAH4R6Tw0uxSv0OWdUcmjAbsFTrvcyP8AAB0IjEZZ7Twbo9wAAEU0356vdnE85kFrnK9PnoN7N\/6cuhgJZOurPVLrUkSIEhjazS+SHD5nphYh\/Ei9oaiDY8Opbyw\/qBtRNMamhXjzOXvgznSeUsgwy1Y\/wE6Z8L\/PLMFoRidzgyIEn6rjIJKHwzzF2KGrVstlhyz2RTwgIvHMy9MIjilbgudOkuRl5cUCx4DqELWc9uRZ3o5vsRYtLfQcGLcZxuZNq+qR4l\/haEcF\/bo9RHUYHevsrmU3WGlZq2VVs06I2zfKkHonNVQotk1bro8ws9jUj7jyxUbwzWCdp3Y0J2vApeu9ELE8rutr0ZnW7RegpTFdI+\/pjDsy7w+XtT1RZkjL7KyYUDlQxQdEaIMNGHrAqXcCdWe\/PGc8CDZEYRQG4imIq3PmqUKfLT1H1z5PjAZqsks7C4eHUMCY+G0m1pwUNctiLiFN\/1UbsvMid1sQh6WBXSJiOYMPhFaj32vm6bQzmsW166O9cP+ju7nY2kDwHjX1VRLKHDBPT+BqIPgfQsjJdmUiCoPO1j6aSYQVgo0uGE74BSKhT3W7x1ONh6fXLzmN7+wWyuCCjfUqF68k4DNAO5ugG5nw7CpIh4otPJ3HMgytjz\/1hKjAQhcC4anVdWe0zLhoQLK+s1Pp+iUPac8alWHNwAjuYOUrtvLlDW5GtHXWtZeiHtJznZvOZ++hzVm33rcGcrUAJZx8UDtbZOWODHW2DvBPFPoCX6ZQVBXs9voksBXC+G9JF7eqoFmqO\/EH6soGSg6sF0snwdl4Tmbozt2\/yp4ye5MHCKh12GvgAGa\/SRfEXeWrk94V+VCNFH+5X7\/8EcicVy7uChM5zWex3QUxbJVdLP\/j5AI3XbgkHGGZyofmIhkZxWEV98Sv0kfttNMcxA841+aSpRVJN0a2XfeGieapwvw\/R6yETR9CN8TcQTFe6UQYPq7543m22E4Sg8mtjsfi7GhTVtBFlPk02hhEbcLmI3PLT100l2b\/h+mQABi\/RqHWxECe91tiAPUoarX+VKj0c3DqByummicCRPZ6kkW6whbXho2HsoAk+D7QoyjIYr\/kbmXT3ddi5XSAc3T\/AXjnmkbnhNKsXrqcM9kMdl18Kd80bmVHFpHplnIJlyzn8ksEEhjYfE\/gaufdnXnq1D3ABRKg2gQzIvoSpfYLvtOATq8ZeC375hfqRNXtw\/n1kUK3bICXzA6mFxkmQD7AGOSqcR3jSdloiLRo+G\/p15yY7zRCuvYbEtKyY7omcrKB9AP+U0Y\/znYg58r4wOaZBC4V+dmRK\/kkpba47uaqRhUyF\/yTdt5a8rnd6rmCkS\/vkMPoDjgVn9aKrD3m9zX1zDlvbDZWh6g6iUswysusJDPEcMqVt9oBikmJmTA4XJHL7KebwbAwBNS3e6+CgYETncO9oV627jebHXfk1gOzNt336lADXC3SIjRhE0xUCj9b7vGl2zV\/XiVaHp4BdieNUYdFnptfsJwounQcX5RSNrDM7WkoXytf9j\/GcyxSIH55p+0ANjoTPQ14vhNgMa5CNLbJsAFOaOAZLOmrRttaEW+CIy\/6QEDgSPdDqCmjHaTsDMAS0PJ+CViTPaRKX9Mb\/HoG1+hLb7WLn885xXvuCUz6bu45JBXtjOSd2sFZtZL5SSAAkPqTlNn4yof7j6smtUT03YKs+rhKLROxwhgN\/v7YhG5RqBATOJnmQaGvuGYn8hIWfZ0uuo2mUCeo5E23kwQk4p+DKVCBDeHuSFjGPVCnKBGHNbnoLJC5+6z0UTOz+H8VNr5FqbVxdiFV1rCMp6QITKc\/"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1621494601272036,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494601272036,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq5AAH4R6Ts0uxSv0OWdUcmjAbsFTlPfxf8AAB0IjEZZ7Twbo9wAAEU0prv+U7F0wdX+izhf538Ajti0HKLGYuh9e5U6Y083jD\/QIudUgm1tYlkI2kM8cWbsQ+zC8GmWvIe9R2LBEf03sk43RvCMkoIhJHFcYa\/R7mV9IOlJWhxtrx+4DL\/Ff\/sTibLd\/qSnC24us3y1TFX8\/ZStD1RSAktAosgZ4wiTdFHkgawgHp8fWdI2t2s\/f38VKNnu9Pc9dIzDRZAEuKYsDhH436g0EMRXk002f1wAuTiTiXes1K42qwRvaem1MPpvNUcaqjarzwaBJMbmEZ3MZt+3q2iR6fg2WHuhVAnDc0y9+VtRAAhpESOqXSJpZsh2Mf8gCOlmP\/xMjfZg9cH88RFprtur9A\/DkRQnUe12QifWj4ykhp3naaUCqMqCGZRKXI79KqstmUWWEgsOd+ckZ83E2BHO8ghy8VDlrP3n5Z0cwuHqlqX+4A46VKC4s3MeThym\/zeNClA3QJGTQm99L9bYjtZe\/hfoCsIGS+0FyHBR+z4CuR6CIghEZzrqdZCehaPFn4uBPlvGIvKSr3TJa9FZHd0+TR5haVnADGPEze1B8Sd42XPi71apcKerlcTUenvLHJsLB3ugmAjsTMt1y8xKJvVEC6U3+MABAT8o8cyzzhcJL+QRVFNOwdFqpz10Gb0bNCM5tYLS\/+WuwnSBlxFppLfz9FUqxkHdM5y9iLf6QLIZWjiEJiQ+KV15o3keVzVoq9YS4jcfqwVvJMRWbqRuTNKWQ5apS4g+Q+a5K6q2uFoa7rUKblp7u8edlevenqLtIJ7idXc\/Ehqu5e9o+MJpdtgY1ODSnxbIq6tP7t7ZtSEsZAoa4PXSgZKmcc0GkDVq8kM9HhlPycMl\/GyGGBE\/Y8sAVcih7lnhYPhG6I+eBJZuY6wv5NAMIgo7fEzKAeWbh24aVTdrljsfq0+dlQ6dXSb1flS6eCU3h3h9wPMjNT2NWNxkKl\/NqEOG9GnxDV09u3yw8AA3OKWMHhnsfoAhJ917Vt3wyuwEH53E9vodhpmpLN4VGqXr9Y5istpTcHr9AXs75pucnLXRkHLhg3UmAgoKQ4pxH9AQcMlJKUUNzPA9qgvb3nU3j7MRRl46acIbwP4KTUWP7yYFdWqPnhJ3fvwOvH7ugqM9\/RGl9lJDXk\/nj8AqJSNeILT8U5vIgKhmf5nf3sxT9i8Ks7KXm0Yx1Nk+4sc1TFT8PdLe7lL4bzFLnxRapDpK2af7jy4lv6Pa\/BZDHzmVUGKCpKoAZPE+zlrO6pJXTTJlWqgcrKj2Tqm\/suo6dJqGGNe7s3eahMi9jpxuJ3YX4KAZoObAPyhuQ4H0a9MJQqNDc\/ZzuRszbZPKzxd4hivLrcn2tMi+wxGPij1ZcPLnzwwMvEr2BkH41pHllJK+uB3pS5STPRWdRbdIriBqiR2vLu0kzg8p9D\/rypfR6\/5sLwgYcovdb1RQ9aHb8y15hD9fpivmLWCmYaWLlP9\/nyztdJtf9F7UcZk67Z3WV95ccKRpIZqV7eDN9xlWf1lu6NwRTvPxPX+Rq7B9tpA0dJ1VsCvWBmwKcUKBnMJyvWt0BsYqviTt7c5\/dfn4FvkbhfBgQ8P6cuZwMFtSzRQamMxlZu4cb54asL8l03klv9yXFKpeYFgactkCG0i8jq4UIg6g5gpYTUpuMs8x0eO\/HFi4Hv9wkBepGucKMzD6F5qMf5hviTeSYggr\/tBofODo3FKxI0UzrQ7JDvfWKNRM9+0\/lD9RfQ4DCr9AUTzo\/4\/1pmzKIyChjDf3IPCKdJdReH3k0FK5ov9cVz\/P"} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492848301815,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494601272036,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":111,"packets-processed":110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":423,"global_ts_usec":1621495208068843} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":111,"packets-processed":110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":423,"global_ts_usec":1621495208068843} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495208068843,"pkt":"AAAAAAAAAAEA4PSECABFAAViwetAAH4RV8iokEAFXWSX3eVPAbsFTgNDy\/8AAB0IwxBIsrHTx3QAAEU0bjduGiBH9YcAvIt1wprzZRiYJMPzF1MMPECwlUSWc\/RBbV+iPDb\/v0+UPTqOqIz1XEDYAo7pbau308le6Th0FZqRlv4SU+qXh+iRpNvtIutuNBwNhb6WnLZjvRY70vVsUgD0scdNaDgMj3pPrZ0V8bA\/xmESw7VNToLPcOadkH9MHbF41jMAPEaD3xqUkat1\/m5M4Pv0eZtU0YzflDUjEcIUViabEpyfwesJgnqwj9BXqmfBSQXLW6uS7UCVUFH+dCmqa\/iJJ4SrwnAYJlCIN9NwJ+1Ze32XUdoN4V9vQ5GScujeLsdwY+HlSYWOZd9d2+\/d597gVGXqOsrTKKKVZCRdEs9QySjbJmNdJ4wcHvezwRkLYorieHie4sHilr6O5PVEqCfP8aHxH6msP3pHsklsYop606JbaZfCUfDG3w9nrXiNdmjL4dJ0aBKky9\/MhuPCuq4g15oIigu1FWbGfnmKl3BVJ5ryEDgMgOYehMyIJ+weIqtrAsvJaI2654d2yQ2OH9clUvxOeU\/jKLdsEL55j4Tpx9kOP9X\/3VWUCYt8YZ5rPGJN919ko9rZSBS1iM\/mjZCh7R6C1BomS2uqQqN\/2PwrKORuR7kRPmRkEsFpLoC4sATPr\/GTOP4nq63u7VF4sRJLtFi0qkGLBgbQiSIJZtFdtEjfxSrL6lqAnUrfYHAOISDQ1zIN1STDOnYrZ+Szd6N0NTZjKTFuAILRTK6wWG7zCeHuTNeZX8\/oHFYs7C7zyiGROiQkB8jkJD03SKBESsIOyuKO34yRQ7G+tB9M+WUrPUQDrOaQYjktHLjExIf+tn3Q0v0e\/rX\/xZZ3jNOD8Qo4cgJe9IBtNjEwXGPmZe0mVY\/ufgxNE1QutAq0xthgcM+KYUEAzsSQrzZK7ZOiLzHOqVPgXabqgy2oQWta7AlIrCSdCUHqqZ2Br7i1\/EFecVKIWlJ6vPFrZrOW1amQ6rV5WG6x9ovznlQWmBXygRZ6Zl6H11NDYyBm3Xb8pfynprut37QWSPCciwK7rtbnKe+EUnnE3Lnwb5XQzYSEfhojjMsjXsuZk2\/ovtBV2Jkl90MUUjDk4XeHIhe5n2t7qmj8rxsQKuxj9rBjDRjH+OIEZKEgLrFx5GoAGcYxzb3iHJF3TqdzTXu+qBokr4C959Ki309NAHaXzDaotCBtbPJMmwo9pqOst5Z\/tUfAwxDkswPSvCJzhA9mKCrSpl9Hf7PMyNrHdZTvaZMSASEy5\/sXqR7D3JPQ0B6dM9WwJIOoJ9KhPZ04lCOFJrW856gP8dZwzXWKZ5I\/qcrmankwbLnu1BKyarOpUL01fzxuRuamfUYfUru2TsLlGCUKIoWaMMrIKq4yKC6\/6T\/HJSYLPqY6fqVNsFh7bYwtGviFJVCGEYBPrNIOz4yL3nUg1+uS6Kxs3zX4N67DQOOGoQbq6bHyTlfJI4n01aPlGre0bfmC6Tp3JWM98e2jHYR5XNuWQjoxn\/Z1NA+ZLc3yPpyEnSO4zqV8lVzpFrDpqkbQ9ycyuV\/D1kx\/32e3Zc0t0r1GFlvu5HnAklFEwANPKBU7ocnXr4EBpq1xKM1aTAWc1RcVfilSm1xz82LQyCCJOc5iO\/zmin3ZpftGXkTCNVvQW1LtwAAhh0Zlx03rw7AC\/J1p0cID8UBIj7r9QeymlFafS9\/16+RcZYgdL3KUrKdHSbSrCPKTng4X0j\/abdtQxrxTSZYjKGQPl+WBVoLmCgqLLkuJIJhEXfQiPfgtO1fDtgu+l2TZCwO8OKgySKJH5cW\/"} 01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495210744101,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFXpAAH4RYIKokEAFgPgYAdcaAbsFTt\/iyv8AAB0I2zeQoOz5WyUAAEU0jhtk7ZYO\/t++QG80XD8xnpwXGKbf+FVJ+ISOgwLVL45kqQP6tSuWth5HXdoJc8ZyI19g5++SRrnWaPSJCxPjE9g315E4TbKU9m\/we74ovYlIndf6LYLJ0WqrP6o8IkyXDszg8SzZSMt4M30t4SgDRR6Q5o2IbPGolAh7UamAr90QEylR\/uIS0sasMvvkSpysRp9ckggnCAbstJcHBvinhjkG2VSPzmjNJoDsOtvPqHPtJvNpojktPxYWHTjpWdYUAod79DMkXY1vRqntsgNNDYXeZhdoXwH2HWV\/exDKz+F9bcgQNX6hnXanzIbxcQxbT7yuzcXLZMUP0rJvP9NrvYnLotM2YIP1NkqQ4MUgi\/LE+5\/YOOGegvWSeBErSprROif2Slau6EpF9Rq4x9QyI9geY7GPFow13L3eizcByac8aehgQKHihAWI+Aqo4T9GXf2lmgEXe5yhso68TiNdxt41vH2DonLNC7Tc9M7Yorh3IwY5xUSGl\/cKy8\/pNoo+tpLVj71oehQFnGVEF+ybMdivZd+7KU8tyx6ITEtXyiw3M6HXXtpk3dR6MsHhhasZ7jAjpsXi+vLpD6vyr7XXniVlK3Lr9tM5wlg\/jvTaI4NkA218LBhKKGxwAGv8oCPrc25uEEjEejA5BPJgFu\/CiYBkhUaI\/kKl+nzfCcirOfwodGDc0COV09EassJlEJui5t3XnNV6EBm1lbnXwDWWeI0ApwOcHPJltBOadayMvcNnaSTKZUXlUZMHRVbucS36AeTVGz2gPUzmorPO2uaLQlFHbWbB1zjXeyc\/sJ9mtAMr9ZhShgV0cowmNG2pc9FJh6Zn2x0Xdbc0IwQyY\/6a4THfFzmMy8Jtca5vfwAC0913Z93ITxHg81JUp2VflW10aNBAK\/3ZclhXoSqIkiv185lAI98fihhaKIrmzK7Fy6nPKOaw7vIegqSSG6ZapEOg4SzV+xRYAgVte+oL1b6sJHDlbzRsP5zepWbsm85VJ63ZrUR3u8MAlt62wM0wL9097D97l3SQ+cYuK9W7nyjYx\/9BD+SJW0v+X4XA4vtGpyhFY1DOIH63kMLcMhe5aDv7B4XYQtlwZaWWnHrImv3mrYyGAL+lEluvRLRX9rEY5R\/mNiI2y6wWHzjt9pDJSkSYvJlR0qHzUue0vQ47hV0cK3JJqNngTXscTgX9aYnkYr8r4MNj9MakUpjEbwITu2IBh382EjALjSzLNo2XcWehzOYL27v3D7d7PDtp0rnG4OUFoW+IyHj1keIWK86WJtFdeBDMshTrkFdQohEGsthgjzPLWNJmhJL8ga45Ja1nwcOo2JogHVMcm8q8wtFTZXshq8+LkDrjmtHkC+WoUNWaOeSKZ7j\/oemgVwqEl2l7mvAzOxEJr1J3TfhfKU1NpXw7rDWKDBvJTfPruGKdPzB3Gxe\/my6eLPCswoooJpfxjAeoA1wH29XDgAt3X+b1xk+iODC\/DDY95uzF1zP+yDMe\/+Jl96QUOQQu+OtftKDxI85nxzLNHxoZjwWaFyJc1wCIfTz7dFAlvTf4s7vP5d2w81Q2oT0WBCvyq7u\/FZL7sO3QU\/WJNEl\/cHjLi9alY6m3pmUEjfwLy\/F1tNlRzfnY4\/lLHjdHuE173k72dusgFghWwAhzZ6MyVF4vHBG7y6pAA0Aeb2SJB\/LM7yndloeF5OJdKc8z0xx74TFrQsJXZitMjB7tfvygzYT0lT0+ydw\/XW3s+g3kR+JzDjS\/1mehf\/csJdmyGhkB5thAT1Mu4dteApqj"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495211515133,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGaxAAH4RgN6okEAFQSEzSvG+AbsFTsazy\/8AAB0Igb5NFJ6PF1oAAEU0xCAwnLtbjGUk+fejVmQozQOg0\/ESmN2FG+LOLPBns4theX05eIqUs4AHp7MrmdBMpaQWbc++dLtAQvCTs26HRJJN3DNALzirEZEWeKXTpfa8Ts+3tIY1yxvgw0lrCnC6WI4RVm+nJiWVtstu+BEaotx33QRtR1Kn9gDj9C+jgzsJvfbt+\/T4njpF9igVWsDeg57RA8NGboKJBBGDNLF0BQAAStKBXmKkpSZb\/Ai8RWN1Wct3KRq4r+qQ3P3+\/sCREOyEForD1qoAlfL9ibjQ5mOCpDDMysyN6vJIZBLAIDyvg4ilAKvWZ4QDSMJ9OgKY0ajtVjTL3fziHI53PUsTfoKz2LhwyKEfX8BmjBWA0jXT+sxB1lLAO4+3hy6jMxtGkeNNuhNuHvXbZMw7KZQweD2KxBTPSRJj9h4XOpS9jecr39\/eI6Ufn0VUWTti96mlVggW1ELQ9Gzv0mt6Sj\/iXWWlhaBrl\/5KcWrRXkoydLMLw9Vzz87jbLyNeVZLuWpfVSUh7CI0Rg1OwuBa6nYtOTUcERnuMjACBglx\/HzzMAhlNNo1t5mNQXmjiSnKPJhZCnk3p2LZGXu87vxRMlxSffV4SqrXO7wDQkUSYxXb7oZWdtThtgLUTVT2enl18CO7EnZE\/hMsDrKUng1wrmlJiEAKhVx84skul7zziN\/swLfTsLc4L\/Rh56+ksEb5ZOBD9pay5QOHbuHrJRo8m4CZVNnj3Dgx3xr+3JuKUvg+kOM3m7RI3Po4kt\/n8LAUml+mMQfl4NvAr6ubkDP1xqfcw0TJPkD7yMj6pyeGUDLzkvCt1A0lzBCbBAB7LgMBDnqF3+TKn8wjqWaCXD9\/MfwpZrUigX6+BgfBJhekq66OqMCnJ+VHQc6YXwl4WRujuUw5VdXOpzTw0OxPy9jF30qmvc6CFrRXOsheI7s1ZpaGAgRg4XoM2GPa0j8SFSUdAeiDxEG8GLGwk9cj7WlLuHBSvlmgsNsYJ\/GryTsJnP+UFmNZdhzB35TcvHB92LSpb98htP1t+0qfXuWWt\/XxIGWQ05O2i+qMOSQAGice3HQtfoGUecR1tnZtD3M+AG82g+yrfUCtloJRNeKF4i+NLICfC15RBLdQmyBHI4Jp0PrgoY29jnIk\/NXK\/K69zMHG9dwfAuGYGjV5+7S3O8LN0VKHpZX2MPzHvBSVAEeLIIrFvxPd5WAk\/NlP+VCgZeDw2WLWwSoBMKn3Hb45mqCzrz\/ewbbbIqKa5xT0fE07dK1+T6w4nEhZjWHuJ+RgLpytAUeLaUhAF16fa9AfEFIgjKGqBWJ9N5FXIQ5vG3\/jF6jSbeNlArJDPsDpC\/S4qXX3v6NM9AxXeUI+b6sLh2qGEkgH5rpD+sQDjPQTrbQ9qeHP9ScuuqxyVEFwBWkAsuBI47Z78qebLTD5Go0mPgMzirhwrkhtfLutVWtNkaHwAf+JYotY4qEhDzPGiadbe1HrDoGvbocggh3pxX51uqeJMe9WOH1FUYy5Gu\/xsfRfOCfcg2F\/V51slWJp5X\/9o4XM6Bw0YcrHBxfj9HNFN648ftB8pJP71vfUXO0grtae2iZgpV2t8zUeIX9GgkZlNUlWEMf9\/3BjG091t76vGyBugi9d89TV0NhohcgwJ+qcoqlNXcuHjhk\/fOqUS3wjE+1eYp5M6IexXwbRv3Nz+DIlCZvJzr4JVfLqNZ7hMWmHMe1dmGGZmJYxst5jAT7KaRnygYqCur4qVoS5QZ1HM+7v4L06XXJCVSvXpuEzfgoozex+hKNh2ucO"} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01445{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495211714873,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFYZAAH4RYHaokEAFgPgYAf9vAbsFTmBDy\/8AAB0IOJJ3hsacNv4AAEU0baY3xqzzCvPxyArXzKLDKouHC7RJHh3pTwE\/T+gSQ10GMfO+dVkOJKeQmaLmpDDYpWDl93SoFgzgGj9JyJNxMfBbB3KINp6o8wpksTBkLOXzlV1A9kaeJmvRuK9RfLEFAe9vWScl9hjEsPcf\/QHzr36kD0umOekJmoKT6EqNBn5HwV2qpv87uu9skIz297knDD7vXWjxtwVhWb2tUz96K+btC4+kYJ\/VTNFpLAAIcX3fAe2CLqMf5rdoAycaNQOrLtyNhjw8JnO7NaOOS2\/V7TAr3iqoiWd7r9g+yYn6wAauOjYdWUM3sLAzE8JEijyJO4SAWMXK5LL45C8m56doUnVsNdTCfisF3ey+SwnsCSNggQyi7Ouznig0OBO44rroi3XNqvU4LOwiK\/7gydyfJ7z8wQ\/CI7gjztoz6kc8GMvLgxoJrOq5QzKGL6SbpCNfU6v5q5B8KSG99Sw7MC0kFWTOVIriQx89bvz3x8+ENfpFjHGCeDGEJs26uPwMaNh7ZXQJu1bIpbynvx5JRciSvltkVonCWFzNIp85z5bLW0qXOR0D8EYnkuSjvrZjqrNGNBMZrsHxs1dhO9sGDPIJZPKKGbiC1LxvCMo8xLyF2KZ4PDuHQao+nhqvmJJ0FnbteaTR2scFeXrZiaEGdUThIbCZ7xFmpi7zJM6Ez+sDozO+l3U\/nDTzpPqb+YFL\/0gJU\/AUM69B7j2ezG\/ZIzXQnvmArJVY6m58fYrvGMWNWx5RPDKMXRovwphMGFpUrttX+ttkG+hnB\/imTmkNkUHlqG7g4Q9yRPtSmiXNoEcRe2m8G82yLhBdi9vCclLuBd3LIW1+jXuzc68F1rWZrdVl66iE3UrQLgYnE9WlbCx8vO9E1HF4UpTzPBsFkz\/gOnRuc5WFYHt8O1tUyjv+r05xeK\/ucSaip+2KvZ2Wn1vtwi1odfHkn928POP\/fatifY3iR8WW85F8j4l7UkwInAOtPIz4a6KaKlhTK7GHeMTHER7C1+udBnuKafcdz2PCgJtfWbNxuRucdkkL4mtNfG+hQ\/oCMcBz2poMGIWruxUUwjSwDC3\/Z\/7ipxJOYFn0N8zoMZoCBCBecBVZsLuTJPhNhGB8mSVMMgG2PIsT5NsIOJgovfJrMge08M6CwHrIrU9N5WoiLUvWzJR6vtyL7kEOB70wX6qeabNuf460VB6kIYBN0ZylEP6ZPp4E1RdeoL\/+gOoUe\/V+fKX2QyW1NVSMf+bPC79LkMK0mq2Yhwu5OOnXK1F5\/htvUXqZoAIfhzWAb6naxPrZnP3UqpUf+sMeFX1+B6L98E8Ga9Q1eAsSEPQKRPMDqtSqUKcxSBTRIdpIsSVldrFya70Ko0OKwa4MImURluJnCIMGigCLraP1uJSre+IlkkCQHx+ALZFgGUF0m6nJCLlzQIPva5PhNjC1BFxFj1qqzQq2jmua3tWhbeE7be6k6KK7E9msFfmbvGWCvXmtAa38RMRgtaAp43rM2bZelQ\/hndrt4tse1PjmE31ey8yFJauzvzqjCU95vawcS9zc0SFlOFUMyEq1YWPNDLhqRw2bLrw77gsmS60Do+kYYnbefAdllcPRD5EtBLZ\/rvvE255KhAfhLTFjkdJhuYORsFfaeyqgTFqFjOPcC5F7SZ6rgIV3ZOpPO1FLTknWKAEeYHjfgojr6Fd+FA3kLkSHqNanwaRwB5wf+KtFKdlHSWZ248KX1x+WbTZxOW144N1+mnwBxnyKg8oVlnpGY0NEGjU76RZdNILMXhsMVMGO5Nf2"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495213177650,"pkt":"AAAAAAAAAAEAguyCCABFAAViV9lAAH4RzGmokEAFdZR1HuXQAbsFTiWSzf8AAB0IA03G00cjw3oAAEU0zpEREYtHc7fujisRl6Znia+7gzai8j7ZczB+a4Fyh+TnPaUk2oSi6h8oKvmj8nm70si+eFwEDb3FGL0hKLe6Q+jl35hlotxy8iz2MJJ+5JCecVMwWZMxK7aUkr6CaJRjwV5CAn1HRTHFLENZoJSkm3TO9IVstjeamQNND1C4DAYpZCGs04m3llenDZ\/2nNSsBRAqLZzlWTAHq1v+l8D6eE3YZLIpE9IrHycGHzViWxzXMi5yEaLjXG7\/gQk6gthaWh+hPIwJXrVk91+SXWpGfGKCCJtYXQe\/YYWnkpx+6u0xCJrCQ8l49V7DgS4W5guuiYck\/qFFKjVY3epgO0wSz+88pQcwVBobJMMXob69lIlXUiGJFQRdauvWOZcO\/L\/bUlflHcZ78ul\/rMPxQOiK365X16shY0I9m9aYK0vHWaLkQuxh6V0ZNOx509fgaFleyoO82d6dXpdyjt1rJM5gsDy8odRbJsobykqUplaDy3hP2x38Y9FzMJXsgHrai1zY6jqfTltw56ae\/7dvGxvxIVqCGlfOb2WjNFBF9\/LB8quZqSRVstaohJPnGpH7kVyAxNV1GTpVzDBbsxBWsfLG+Y7\/HImytHwpfxKeW3R2CAwJZXalypABlNkFfbhaeKzeql7ba3QOrsZyGQN7oaq3Rq3MAidC50gUVpQUByaEzPovR+3MmbtY6D5hLfj4TN1QByItBrTV\/XlHoWnrq\/DHJ4ZfBK4zLh4CNky8ZPsi936i8oU3g2YuXcCw0bkg8r1WCGjKJv+rdzI5ilHttek2MA7UUHCX5ICi6MB8S0s0wZiaZIPzdp7MYwsb4SgwIeWyJ2Ljz5IdSO5DxWBGvbcD9yl+3B5kIRZEtQmYdVCNieJFQkO6Us4QcNQDENcnaYpjFm\/ja8QmX5kP93aPcbMzm7nfVngHcDxxMgMXHIvkRkcvMcFjZJTHJgMU5LFMiXkxk9yZXV+hQMvPDgQgvkvRiW99Zwppx6x\/J1jFTyAohgUibbubWRLh2AAzOHgCz2ig8L5dy9K7xCzr2Xth\/JmLkyadTNCAUj3zbID3KEBBrhe454xxmAcXntpqr8uF6By1xuvy3exW+x5KB9i1AkZNkw8L1Op43WXQvcjQxCD2resMdq+jtdzg47L\/nQ0rZyzurYJ5tT1FAT7vCsWTCaOAsiVbUmvYE1uDvAMF9dJOXuF07HLb5+xhG1XKtBDaOfchBz4SNo7+00DbN4f8EY+FxpAZKzDK9+wj+5BzVIV5iHrtH90bEmt7eAhSPZN2MjbGFeQuyxUnOzpi\/795U5CmJvNPvJeaGfSzxnjjNqBTlb+T9XJYP1XT7ItPX5ZrMBWdJ6WInKgcMnSb2gw\/ieLuFgYlaEbn3nw2Vps5tGD919b7P4tV2g20hLlqcbNlmZvviPXipf7UweSGsqmu4S0nRNTJ61wiXAEF9d+3Zvcx2Lmv6aESs4Y631voX+3P0avN1hltZJfMZHdpe6CRgj1Svw2JJxscjkxqwmbkwKldXEka+ot\/nIwrZRrkvverD8GcfNN7+gJOU8G7udQ0SKUSqI3DPyaSEb3IvIFaVDZ9Yz+HehsjvORG3zJlR2sfIgeQFPc8JjjX7ExTKf4uZOMgdLlrhCbrevhMCmiyKdBoPDkbnbi+c7aKMwm4qE+d0MtqO+rSQNHrDkMuYBESTLtHgl3RIqbnlrw9jNZIDyZG7lobW7PunDtEOt++PlNOlUQLnkW8gWBV5Vw3kQ50hMAtvSrX7RiOHr+5QxC\/dT+DEQPpku4M"} -01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495215529415,"pkt":"AAAAAAAAAAEAz315CABFAAViMsdAAH4RrXyokEAFJjkIeeQ9AbsFTmZNxf8AAB0IjZ\/i0MvbChYAAEU0Kuw5tIMbBep8zuXyFh\/CQw4vOa+ci4Wju1UfAkTGptA3xc23uwjbUED35IsAoT1c1vWSSpo1qoNbbUHZHartpYEZfoDzKqE0vmMKIRKBVz8p9UZnDMRqEXsN0o34IBa1u+5euUoZbZycVQbYG92X8tEJZUuLJQNPn7c9r8wIv6AfrnNfGtmki3v2aiKtRgXC1xcP0t\/BRF8i60R1e0\/SZfsdw6zmYKvXlb6meRkpRjolbih4G9oDqWoYvNI3EweYqf18S8s\/Xw6XLAvhzqAm+tqeiz6MfzwYKpLZdbP+6NSV4r3QlXmUMLI\/jOvlrh2GzjooQOG5gNIFQswRTZAMHIhQW9aX0Uhtiro\/cjYViGWEjpDbnwQi\/f7j2jafAUU5cUdCbYu6b8KUGI8MRCPg03ccQcmTOrbzbnsYFqQdZj3Oaj8oPF89fzvyu7ZZXic6q3INwPefXtAfiCceDxI7\/qwuFETUy4AU9YE7NPDCQfhrqLkBFnC7toLh5HLAWW1g0atzU1bIesqMtiWQNHpw6ilYy0P0Mml\/aLO3UASH2I3JzMRigR+aiKHJTQR\/7qGDxupagWFJiIqCs23iBup7jh85U3Fb7lC6WFTUyRRb69IuyN+9pN0xgb27sCXsGTU5vt5Xt2fpbYpKxX\/1dPfIOhbYqrmreZW09kjCedA6npXTYF2Ddu\/RWOqA5Xghl9jTCdqu6G0lVaF+jiT3YIuLbZJBefXJGeKLb1x3aZIAvordZ1rRKFBzQeFxpLpCEcohnAooS5OSu2JU2sjJcG1hFM+uZdDDe2S8bf3T5QmynqA8xZRBQc6ToAej8kU8ilRATsLphK1qTG\/Xz7HAZyaItvAVUzN6AWfe\/ptcf2FpFG2vlv3Nc0Z1o2VG2XhPHikHnP5H9GmBG4UvIGGheJm3UYfUhbFAGglGvMuSmmtTawrqACMC8ZL7+eywRfyAHmj2YOXc7igcQwM2+guxC97qeBDa6jfdMcnO1bIdOInih7VYVwp0RjaCC+xN+4sckLy91v+s6XAPniEeoaqNyxLx+zsyaYE3UO5mABu4ikw2PcrohSn8TsfYSVSIfgAf3oLeJLdeG1bAZzEHT\/leWIkPiXuKIU0JDfdwOyXbw0eJ5gIW1YwjA2PUC5WJteN3WrLf8QiM9XX\/Vnzx4CmxYhWKkYf1Lms81UyEAeHrhnSqRF4\/AUoTnEquDJImovna0QvL+UOKkZSGEQcIAHeGIN6oPpH2oVBuiKI+RIvF5od7\/HWj+KFD8j2HzDyGRrNak8i094ic3pv2Aa6Cy\/pDa+ri9GH9xvhxAT3g2LM5lW2jscCz4hr8ebvRoA6CFelcv8lyZNiluZSp4IXd3iBFb1h8XxnRIE94i5gNvCAP8AmDTshrDks9RUCJHBBxk2BRF01pWvmRN8ElDWQ00dKuNP43VwqvSZ80un7FDHwLTAiTkBxVuJmvxpNZO3IULz3xvMrJ4LFPOw4b5QWDjTvT9WZlVzi9JB\/dTancAXzz2jBSEE6cYk2wWN6hnWoimeysgkr9X+fnYznZZgkwvcmh6\/9WvRiIEio6b47a+d\/jSjLA0myTcbP51ndIrUeSm6xKHw48elW5Y4cR28w74dfEdPAhCtbHXOrPtvEYai9yvuuXjnL730N97zJThOnxmNOFbUdMaXOxLxlVUjy3ij38AxXx3a1TBJPSG++6lWuMKq5\/ce+1tui+NbZpHfRwO9L08Y5JbOLjByhgfrTXucF8VzVamDTbs+YZB0jFlVnPIVEyy9+ALSpx"} -01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01449{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494601272036,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495262761779,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/CxAAH4RFtuokEAFcfqJ89i3AbsFTtpyxv8AAB0IHXYeW7GbkDwAAEU0cyqOvF0+zYFsDnDfj4qOegRwsK7IcQ46MH6ESOEovF69nrZGDb8lKJa9phduFdjj1k7I3mcSp4Fdox5WcOh+Uk0cZGV9fR8f0Ov6zlNHFynF0QcbyVzvpNKgfvb8FqOCsESZfnFqWIzSpjIdVFlIM3yGTD4xRjUDj1lkW0ZKllGp0aQyqCDwNkB2CqU7d1CD72aJJk6ATZ5lUmDmABhPxDZwNUEhhB0chtpF8CIMAjmAGtezZ9ouDWqW0JaiqP5zXHWUGVi+z7DqfOejMwTbhzyaKq6ngzgT0dc4966YOPgwrtJBmxim1uPIY6NQh1pHbxeKNPmo8hj2epIuOqIMeDvvwdBWt6aow69y0olkvm78WUKYVJpmQdNWK+CVp+C+UL6rmP4PjV2PigOvgJF4H38tUPzh65GKLY0ga\/03NYN\/hX0Wcjs3++ENhz4iZc9+ddaf4+4pRDlD6mkW65ATNBDIl52suxSlHN6HoynqSQY6oZvh++nCIkcG2JxZLMQ+T5nEGqj1gwsdkjle94+N9qANI7eVxlFdlntuY1+N6nk5tmMWoS\/R0WbGishHO3u6EhfykqYhHXVE59N0j+8mB5Q9+jh8ZGBt\/NKUSJCoOfZ7q1P7RZUejh0sTC65YebfomkMvboGteuZqOvQk5NXlMjaVzstVKAdT6JvVJwPuXaX88hdT72igJ3B2AlgfOI1RsIfOC7FpyGwZsX0av\/4fXJ6M0fmGATLs+LOo4iBiEQLKy0SWsPZJRQK5lZfzyxcJnxK7ZE2ACTGiwRfjEenycHidxzoFBMaR3paq4nM1XEwRUFSnVOIS589othRj472lPeD94UycNLpQ2JPV22UDBzaHVYUBpfKZcwtDascUlLDRFdo3SHiMcj7LOsEcBA5rulkUjsct5xpoNXx5B\/B2+m3KXZ00FyHamtLDjb7Po\/NZFWUfzZKuP1J\/hJm8Y99WXOElkvVgKn8xnPv5xhHavshHOttAR1+3H5+GmaPeuozfGPx1lOvgf97f4mVbgfunDuvEFxroS6I721gl6SvWtXHjyFJgJ0rIse8i6rRMQEoqSyvpxXclyfXHJ\/psvDdCdjhdvfvawUeb8D4u\/YZgul2vd1LWGMVgejI3sOxrePT+0ro1TsD+i0FH5MXZ8HvKJqB\/TAP3NBVUsk4YNndeX3dsYusAsf3qVTja16TeR5sSx\/+z+wRVz0lq7+OCWGxB8fNRGzmbAenuE9pS\/k2Ghc4RQd15aI2tGcDl7Yc7AtkS9GD1efiAgnbw\/ROL6uZMSwnSghBH++dvDhhHzVcSwVinWhVZeyH9xqIAn\/kFmpDD9BO5Dxi3TuuZgOY\/344mR5RfwsNXXiMndFoP9P9LnMgWMYN5fr9gxkoFqo96s9ZpovfzjCbESzAw1U1OTZa7Lw4eJBkreLeO8mAYYE+LTsjfFVvC6rsliMl92joXcb85RkQrnTc4eatNXHuuYwvm\/Dr6O+7Ki2lIM4KcPnOCaF82c+PeLXbukzNmSEE3xvbz8wD0oxVX6eIeHO46TvhNZLEqAkuH1Fk8o2uNjEO5NN\/4T6X9Vx\/U7um8EnKZhp\/2mSs8gyRdalK6y\/u3KgU\/B7rnXkAB8DpUU3+R\/57bheJygo7zgvAvl0Dq3GraOVbrzJOvE85qkvo2AcnP0BV6NyqQmSYY0qcb0HX5twA+m3yMctUDJ6LSc5yUQvOXJncRh308497vAxONTdvp9+L4KLUhVLOh0L+x+RbMxsPkaaIn6POFyWoSrw0UDO8jroi049O"} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} -01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} -01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} +01201{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01226{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01216{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} +01218{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} -01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01201{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495274945905,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFcFAAH4RYDuokEAFgPgYAe4GAbsFToSxy\/8AAB0Ifg25e8dGmIEAAEU0NqVCEso1JyDnNa3XDGKdMJ5pTtV4nHofZAOnT1W+icJE5UY0TxDpCncREJLRH\/MPp7gaAubIBfy0WALhYVrmN\/h663kyTLy3uhofsu0TFEUnEWA+7HI+9JmK++aEmLEdeW6aDw9AD7oHPVlHJCcNoL6DRjUXNW6UwhifFO\/SGjrLRnHDVvcCbj383i203PYQCpsw1TTQLBNjWKjDQrTtIXrNx4V3oD1ei\/pnb3fnosV0RqaaT5EdA\/kbj3Qunb\/sj0TkZt219kbzZOuQOBwN97ZcgkkMco25yPaA5EE6pEJVtcYRhFHMV56RBuHnwBmJlpzat7EiWvBo17\/ZB4IV0XDC1EnRW7hVi1JGuDqv9wZh2naSmQwKBXisH1o8XxVgnKQThxyfXjf51QhQEpwyOBsPYA3sE80VUeUeF8YLmKJTmzCfKKen33pI74rSdatEVK\/riZ+k6Nx5Kv9ipxPveh\/OIKxrzg8fgwo6AtFiL7zpCKxJqETtW0Xa1iFaOYl7Z94ySPI0GrURbdOh17EWunCEGOaxFh5r1hyG20LK9uvCozSsHKRFAEEt8MTzWmZpHhUXoL4EBByiqvMPoD\/japbNeuqz+NZjcIAzLd5J7FIuRz17WAcrSLxduUWgAyBLIUVUSdw8wWeTbHOqa\/\/igt66GxhOxwnJA5q2ICcxEMzAYQknRdL5EwIR5G9hyMyaMEPKFuOhlR5K87PPV1OV5HTKBWuuQYcTSS2eMTcfL+LwS5zCy0DYr9XLJSQUeYXIgqrKv\/AHsPiF9PATspeWFZmZlm5GhZRglJ\/XKQG9XUxzfhDhP7y6m5R5\/xhVN6r91dLobOj3Hr6xnIg91wuWL0hkq29euOXZEAmYABS2BlN1JqxVxLeS1gYwKu8ZXJt94wPKz57Z6Ujs9YFRokZxZZDrRK8PX7BCPLDmcPiN5sNo15756ioaNcl4AX4v0EDRvDj3vYMKyFtQk58BOP\/uvTqrr6VjolIemKnqeJ\/sLePz3jY4p3NKgfKlmuliP81+pLj33EztpDUD3jYbL+MxSlNzeEnBCL7fOUVNAt\/9QxLRubiaTnxA0KR3eUjeh2rkb9KibkuXgAjUnvVEkK8aTr4Rjx98mH3whwCOTSwaDUKhnghn7bTjoDbh7vaeGMq9kSnvTDYXLIXgXgxvzNNlytJRA+bygeEgrquKFCSVVMG8J90v4BnHeAlvc4DYHIx2qJUsM8Lon6vK0e+65TgpTZKgASs0YbzDsVlALTwsNmrzZ9Z58wPBg9nT0ApUWY+Bvw20yzKGeOF5612Kox\/Kgw9M\/S4tLsnL4GEyFvrXltx2UtehZ+rnmLj2SsFbXxyq4ELJqWAjXNYab2bIqTsuwJ23bC\/hV\/lb65I48n7iyde1m67ozjQ5jCDaDVbnKLpriZVB6HPOjVFDe\/50gs0o2kVKPKEL+M24zTzWjn+gbaBdA9Y368TDtVgDjhk+0PWGeyRoCBcFbrGp3fBEtCJrqca3oiS4PMmd2dDVIxkr1nY+QSvCz7lxP9o7YB9OLPDxQmFWKlzHaowYyGDhQ4sUFdFiViXFRffQBO4GUEIqLifq0nd\/NakpsrzU0RqS5YG6uNuPjih1z5buPD7ehrJADajo5Dk+\/f+3lQNTFDfdZ3dd2xeZDkmq80JGAEpHPxGqurIijXd+lbTozqxxqwjhTNnVo2dxefRWbTd03ai6b\/hGokXWjfwn5SLA1W2FheoTwlBMf8\/nG5VrvvfTQYrAQiW0QQNyW1fjr5XCEJZ80G9Ts2SO"} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335381922,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFetAAH4RYBGokEAFgPgYAemJAbsFTnpTy\/8AAB0IqORxJIJl5AcANwCt8wk1cWTApsLKg0qFIIeFQdL8SjnJ21Nj9C4ozIKEt\/+wUZf6f1dPuOm0h1m6yoEiECIbZZdE\/WQnpsKHgdsGaR5qXSnOzRKlmZEms2BJMUJ1gJU+1vqiiTqSMdYTSeQg70VBUuM+3x9Wsw2E03o+Z1GMG+25\/n6NwMjxWm+gXFY1NRlTMkV3W5wOYWyWtaUEJ1GuxnVEaMGpdzPW1AV77AHNHDn1TnbAucEKPzy2Z7cXCuzDt\/9H7U8VZWCbuaotZkdM07nzYkghQ2qDyvNpXGhSNUL7bHDAX3gyAQajMLIOzoUKNAKYaqvN115jAWJ17Leuno6gulXzhvDTc6h49GuoiUQ8KI+Xu59zdoInlbDcFVAjf1jbarKGcwBIepEYbQYRji12orl2Cd2J\/1+Bw0w1aY5+A4\/nXR8NpyrOqilQzMZ\/djaKFpDp2wQtkiivyepGkDCNsqJWpv3Mpp16MQWh3knQKrxErpfqX6AvVazEihxnMQ4\/lZQJF85G6i5\/hhqxRgpLlfxqf8yDAXnP41Vs+9APNn2BuhKubR4aoRulNYKJMq1HmrxFJkWYPmROIqVMuTJ5gGI14OGVc0hdb1JAS5T9H6PUnfDQ4xy0WRLpNbJg4pHooWK\/poGpYPpx9oWdXpFju2U2aLPXQHaalwlFujvwO+z5Kp3CS87EGXs0ZDZDKSALKh0LVBiIak00fb11rcVbdm+DMJDj4QQFBjyVXvYpD\/s3UWsVChEZkFE3nedCDj7vh+5c4gCp05wL1CyNlvX0yC9nZNrd9PEWwozxtSS7auEid+pYxl09QHK5t1svYOMpxEDTebjdq4hAcn\/6xmLg313Z5mnqQGjc1IbzLZAaSMXJYCkfIC83JKqjSEnj4IL1MdqJxOx6HDNp9YD7d6\/\/f8\/wL9ELZHhINgHddlPCKvb86VVYNVvmKys1qBiqdarfutbDcX5q7MbS59s0zBaWxPuzIpu\/\/y4WbjIRgu2TWCnWJSdPC7Qjc2fNbgvcjVvEkTgtAb+pWGsml8538kvECQrljr246X7pAeQ6Rl328xa0txA2awkdTR2Wk\/07SZvUhvNVrpZHNN\/uBdVi\/gqFbPaQtmNYr7ccvsLKKUtd3trzmLlGJjqZrAGduvrEEW9NJT5bIWNvWFv4br5yveMnNX4bpaDG1haMmzx7U6OlmM3KOomrvbRevEeZKz4OYXdrS0x7AiJn3cxU8ZV6t2UtyD2rRiXkxP0GH0SMLlUVrIeDAeXS61FKsQViw4KbhZuYC7JG35I7aDnBvJpT2cojLKnh8D22UVQUC7YIz+L+JkQfLKHmScUY4befIcVYhsE4zFKdj4FbcDDZssysQxUIzWPXjqO85RbZkVhwJZ6QcDMA\/InscSDocIji+mME\/SdF8AIFHFhYqcxF3XJEkr1XiAnrNSjsZrdhd8QomNgx9\/Jva6PaDsTSQtI7y2LQGeZPv7cqaxwKiK0J7JoDrx9arAHuWtQe5bt86Bh81MG6c3EsNnsRmoWdIC6JrwhXNPDY0QTlJMC8ody4xB5guQa259jQwXtYVl6cLF2RxeWEY2NqprP1yX7UldI23tFbTyJMb\/AcwD1vmzT28UF\/oSbC\/3S38SJgbg9+aEbmVFuD944Pv50FJTPzleYonVC5A2YOH0x1NO5XI3iKQM6C\/1v4Lh1wCMNgPJK1VF9Fhh0Ta+l9iAqD9rEm\/DoiFxRwcYyligkxTdm1h3T4\/oYT\/Z8Mgvo1yu23DDNKFJAsZXZlSE0AuNsh5V+\/sk2BjDwu"} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335383189,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335383189,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNPhAAH4RJE2okEAFmWIcTue\/AbsFTvGexv8AAB0IOo3jhsRNjQEANwBHxNQXfZgQnNGpal0okl9ccuiV6Xx1VVVSOoSDjFN\/WqaQd3bf4jLTMfe18yDQYl1ksGsIMjJE\/X+k1eq0cqPlOyX+nVZA3CKUBe+I06Q01b7sXmYYhr0WJT3kaR9mro469WK6gpT7T4TFYwMpIrtaDA6muvL250OHHrKx2t\/b3j+rVBhRdyz83flQDLS5iJyeiPX3ozrRQ8ufwzIu7VjaOgPDLFPf9CLW6Ex0JWr6LOuOaf71I4Deuwp47CbRSo1v1DJgKlHv23GjLnkhuFaey4\/n8OHVzpyX5hGwEHk01EXAy2I\/0t6k5RU07Rm\/9iC1+Anc0an6X\/5En\/QcUFXIDKQQ0Thy7dKi6TNSrUp6a1tBrt6NwQ27tW\/1KPud11aAq4HGehTpL4HrcEZJ6WRfhBzyOJR5FMA0B\/aet9V93fh5IdqLX+OC3ZB1nATGbkICNniKaUV89lf8n83peKZ0ObXe1ZxWdkVdcZU3LEFcVpo1RTuE1L7x8jQcdWDYcvdEn1Te8UHdP7yraROFUsioeAfpcF778rK+5okAR+2XHHnSdnOHlohFWI1nH1SREZrVHh7JRhDyl8Ucr\/BgNlTDtZwOhLvHQrKAKbHZNh+Yop6avCoxdZcyMauux9VIsx1V6ZcFLgXOdrsIQBCslYzV1nQT77qZUFP5pFFJi6yKZK6JqNzTNo4XAtE\/EmrXjIctL0spz7CUAko8ZCx\/QlZojgyY6l8\/mF\/t0GdVlTfXrBS8k9H2GgvfGIItBGDd7oEIXE8\/x7XEay01BVjgSd+i\/fFLDpHQ80ZkWzpHV3HT72SAoHktM64YPvjZEUI1hUeWmJuYJPomtO+bUx7kO\/d90sGY0xqsv2HBsIxKXVokT0NpQb4HQ\/\/6\/ISGzQgrUOpdVkOQ4Ov2jxibQpg6Vu4ywzr3gBFjvKwX+cgOdNrtcrtCO\/z+jSIIOWVj3BibuGPE9poYNEM8A3bcrqLJXyc3G89K4CYVPfqcyne8lrvC0IGJ1zrYdFUx3gECn4opv\/gdQJXtuOTrUVmH71S5XqG9H0DBG\/sLfb5rsQm+LQOFMiN+jrhKPRrA402Fu4L9OwLTll3iaAH2TP4qDHpL4lAHSm08OEvyaElT80VWlv2GLl35bqH2Y39bpMCq7CkCZv3UgOh3l\/9+mPbAjeGFb00aqhN2vkH0TkgWXcwcZksbOsM+yV8OhtptiXBR4EU\/g0BqPYUf\/i17kayR5JWkci2qp+nf5YWFnxyDprRblGELorjZFQUlksU2RdG4SN1MF4A1eeKjPZlM0HL1zDrMIwtALb02IzmQZ\/Bm\/WUiUYaKyLJwcs2ZwEM2kLSrZp8uJyNf5M3uLoVEDHlKNLba7DN1ef+MMOa7CGGrjpqpw0sZPT5ONzbaAHLUCfOebBzKE9NIEP7C8UHDBrcv6G5CW3oNLes3+0POLAa4kPIRIBua7JjztiSUYQh2RHd4OJOvzA71BVztSPvZl673nw7XzMsbdr5yRgpPAO5OfmfVTBLj873AmjrBo38xLoYPXshplGzi0ikFEynS07HFKA5UOZGq85zAFFcWI5HWixUpkCsAvcwId0fp1BUC9FDRIAhfc\/\/KaShDxhdYfYHSMEK9PXtdq234Pe7ioWnm11vuwdmo3GVpj2tG8uaQQ7pQ4Hvyo2VkgXgRXCH7WUw5XTIbb2ts1zddx2Lh9L2HgixwQtoUEyPMYDhKUevyM22X+x0NPUTz8twzls5Hg0qwDa4hANEFshc4a+3VtH8uy6bSdnlQBUo4quCx"} 01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335383189,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335836969,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+mNAAH4RpI6okEAFJ+NIIPm1AbsFTnliw\/8AAB0I4pZJfic2KdUAAEU0G2\/JHhTaDCySWTsRyHcMkznWFPDz+s6YIbogX+v8zxx769L1qgtkV6CvE8r8hbHRMlJ4aqDQ8cnTd+qnT2W9TfmVMr\/V0QP+6QvVQ48j6rtyLfieLy9\/2EkamXQtFIYCWvvW56wuHj2xCT+50ITw+NRr+y9x0NbAGQWozGRk2nR4BKbEsfWPX5\/wqL6hTsunv94vRDKt7EutCZye28TD9oEZAHOg1MaC1b7h0oQC5kjkApzmv08jnPKI9H9f4j\/JQA77vXtBo3U2wrGwehzISa+gzg27eFe0Lz6CL6yGLEsunuBNCJshBMKrp+ijV2rgvg5UQp7dgHCW\/1wu0moHCOx1d9YiEenWAscqFZzCaENXUAI0EuPYxVrNWL604hKBfbSm6P27VV+gA1ELL9R5AQqvLOn6Gmh7AwXHx1PjRRS9ZZeTZzDOrOpcAi0CggBnKIRIsKE94hUybka\/wHV\/UX8z+55FNlySolQCpZKIkqpC+g\/oYQng3hV51VM7kvO5KqfG5HLUVXPscZuabo1fXFu0wfR+YOWFQmXwAeKLw4wbgsr8gSevv1IhYdTeWBQ3qCSH2Tppj2OqfrOoirytq5pj3XRErAqPiCY9F2o1yNDW1fTSxLigm4qy3VUHhT8BbSneM9jhuRSjXUwtUVQiTkh9fIe5kcjtRbujl3+qnTQpnqGD\/TlHOvndYb4rgexjVKSDC4knc0rUty5gi9WhVovaDbmyNsugebY2WME6BJA8Lu8NcnSunCdew311rjHn1f8ncvLm+i\/OY1PB6SImyOzhch6rbP\/IjlcVBQcR+URjxzQhNnom+dzvRHE5cIEiL+1dwZRuOOr7bNmFIX1287mpzg7yqBscxlRDWH0ocb2H4WsfiWBFpKFARkSseaSsa2eVQAIL2m1eD6Q5t6gvJ\/yS9s8El8JwzhGisbnzry5Xy1K6Eg04XDT1lI9sdOVzonqquNY+LbcWO481trrWSpCApp5pm2FmvuVNAEDcE\/leVs7Upo9W3dNaKtj2RQTYCO\/pqhTPVqYf0nCLrPcAqiD+9T41XijcawBR\/vbqo1tZ4KEM0cmR5k1AUaoIZ3+Bzv6PH6Hce0+kR7CW4Ep2f9lzdo1J22p1axhl4ULPWrGGIQfQXq+n5fOWuwREvJQKtwN0C6+WJUfpd91g1CybKUv8MFVhdUf8Z9tfVjfisE3C9rOjB0k0MjLYkNVv+k18kjbqvZJa1J5DuEtyRwEzwZz267jAgfJf\/XgiOr9BkO\/0aR6plCQdvxTD0K6L19vGxNUgCvzjD4L4h8+noYGT953s8stid+4KJgAdsiOqOYzNzPEmgyvvlweAy2zeSHFiyyWUyyy76HG\/MQrVwaXXVfHNGbKhxR9W0ukaLCsoX3onBUGpohxenfTJlZzKL8f6xYrqmYbQV\/2yxhBOtahomZm56JtJZH9kbZ6pFHt4JM3e21Q9rm\/tDp6i9hxJHFb0VyAuvq537RsbPY1kLQWWEsQCs2Tt3Wk40kzGVdrjq3\/r0EUSSt9U+OnMb23TZeuTw1MquX\/yStzFhFP9JcbwXaoADfNoJC+bQLJ8c6WKIjeXyYcAg7kfdAZVh\/F91xeHHcxgWSpMK9hXHHSBSPCeVl1GoIV7g3PihVhaG2LZCuQE7\/iMdk6e2iUIg8fQ54B2ysh5qBAxEKabZxJZaJfM0WbgXRn3GIisLwUCj8Xw6xgKVQ2XrDNV1619IuEcLLz0LdB+5Ys9lRCOKjjsDK7YhqYsH3VOXEGIEM1hAddYg5zeKKiO"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com","domainame":"beacons2.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} -01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} -01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} +01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com","domainame":"beacons2.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01201{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01226{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01216{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} +01218{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} -01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01201{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} -01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01204{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495372662391,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495372662391,"pkt":"AAAAAAAAAAEASYHhCABFAAViK7hAAH4RUtKokEAFZ7MouMMGAbsFTkcuwP8AAB0IxZqmm6+AGC8AAEU0bV1phXsNBAyduWQMMwC6OLQYyTAN1FxuQVMaii5rW8BXPGS0FRwk8HrnF9xMFnBPXfvvEo3QBMM3FudHvdk8cEb+Bo8BomOBxFWNxcTXQHnGOYwDJRX3D+VGcXzFwUoYmTqIRQkkUg\/RXDgv4zX29xNTFSJZ2g4nrk8eulw5HhkFc7yauYf\/ApGm95lgsQ1j+7m8PBWklTsQX6hwGdXDIAv02+sMBfhTQchd1a3DETCVvIEvB3zgW19rHL3EGi1JVlsZU4n\/sCu9BlSoqz1gNiX5dZptoecFN1AbSN0j+aDykV86bt8EAW+l7neIOdiEUtSDvZYs0HOSy8d81eka84F4E25AyCh5Jh4qKAUrTwyky1QcKLkyUsb52v0nNZPnkgfOerwlcB6TuTptQskR2whmUpX7JY7NpYzoP+bSiNZixNyHKsy66zeLu36e+mO9OULTXh1nTVJ5nWB3uSmA7NhWQQFE4WUtBQikelX5MZz8WH2ysNSrIGAoo\/2bMBVU0RtpogNGg7hQ5yCYCS9ewZ13uOeB7XptgaMPF1gNLsQtCfhFk6ef\/IGD3LoSbvbOc0HYo+mifMuhyLvoKbzbavtQTxjr\/BN8j3ypDUZBjhEh438y6mmn1f7adohk5c+uxUd8mwi+IBpv8HBmXQY5puUsZypJHNztPV6aJIh6Up0rlLSwWVKrIC8xNAsiNPMAwoGGx\/XVMBulOOZ6hs\/RBHhwegaA+qv64ubbFEADxru3Zq7D\/YYhDD4KHX9f7DbtYtgURUiA6xsJhOOXb3ciQi\/vZzxt6Mh24fTbT1zp6Pmg1q7vP4jIWXIVFXNJCE7CuU9s2seo56SppSuh\/r28+L9mCauWVe2519clc0WesPZGyQOFWVJGUBtGpU8MBYk2YAmeOz2CyqlNn3SdiKTur+zOdGO8ie8klvK7F8QEXDrzQjkWCs8ClQh4UCknNZJa8gpVH4lz8rVeTWyHJza3U1f938XY4whWDpXVkRb2tmvmX1IQF+lQXiMyPE4Unt5vxehyMhS6SLraGYucF6p4h8DCTwkmMnGAS9zwcIT6fW4iTimSLnell1BouaNm3iu0jMNHt2e7LduTiCHwMdWuN6hrjN3aybR6Fj8+ydHkiW93NhFq4rHV3Lc1p0x3e5C1G7Q1KN7isNa\/PRXQczMknABRwlF6fpe6AEEGLlIHjMRGWiSRuK055l\/W1Z5Stz3MgFh+r2imHY4KtoaqO3nmH\/uARGwbFDlT2KtdiBjpaphwsWP6UUNd7tej\/yMGpMNK9JtLMNN7QuwlAvbHLOiDSWu26o0hPm2y6s1kOsNgLW+xn4Vjz7Mz9pfDGHMKpfWIdOZkZ+CUIuGSOeGdxsohrmhXBJ3bEy8ojcL77VhzUqJFSXK3Sf3c1W\/sHBP6HAEV0vYyCWRBfB7RxHZMrq\/EctwoWwOWHOSW+AMSYdLUpbxBV6SLqMAz1UrzSOJ6gRrQidZGXlFTz1kRh+RMKPYHu3oX663ubZ0C3ijx6BnA7L4hpNSWGrcxv53ZUCUkQA7FCWH\/TtcdnTCACzr0u9NEpwAgUC2LlBqHsWix60mIR+jumXfV+1Q+xHwPIy7vySfL2wpvF5qrjTomfEAnUqayNm+QdT1vJhoJyiVlkGVLNP1q5tkX2MdpGs8WF5iStIN2keOB+bcodYn5zmDhSw278mjC+eLZaIRMC0i0\/X+TsinvcSe7w39bNxE5H8w556PjcUlXwNHYH8Zthv+GodkuVXIFYZUQVL\/D1GXp+I7OLMvHEr6e"} 01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495372662391,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r5---sn-vh5ouxa-hju6.googlevideo.com","domainame":"r5---sn-vh5ouxa-hju6.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495373983147,"pkt":"AAAAAAAAAAEAguyCCABFAAViV+9AAH4RzFOokEAFdZR1HtxAAbsFTibcwv8AAB0I75EoiW8nS2MAAEU0WdJTtqNtt8MG+zLwh\/UU3FC0zniGr+PwIYUTXnhvS3bBdoRiWOeQ6UKjsBPDLjzDF8dFmOoLoxM9+m6lJwiTWxBqM9JUROj0mguvgkrLqNleDSC7iL4hCrMFjunTfX143sRFPit0bAYIzwvgUuwziEoLnaNvtvkGhiSGOZBzuMVKjTdQ3xkwHQprnY0xWrgmo5nbvHjVfWNFH\/cNC6CCbHqicnUmFRKcm3GMda\/4MP3KAIT+eLw69zCa9uvIEzvXVRl3WvkyZ33qNGuVD+ZvXm9w23J53\/4rlJ3V4StfZ\/Gc4auuB1eSwLog30QSMnyjUcNeP2ibhvLh5O9C35kjOeF\/aDhH1pEcJyXVmWp2G68qb90M\/uLiMTEotX538dX2dgaJ8rTyVlafTtMntoi6sOfMJJIEXEELAkMd2DlCsTy2VQD3iHqC0iVc1r1aw72L8yAQx1n5XURSMoIPLN2keObRP7lr6WcPJ6IMB39kTrMiBZ08mgOSU4GO1bvLA97jrgIr2nR\/Gj8wpcCcF3CPGlyDolBI9IH5a9k9R8RAIrgIzGkXnS9L6V8Nx0Bh6hPBxQnczqK5QuOqW\/vH9tfepppWUj5CKgAm1D02Fq0vKwjtMqpw6ZpAMihlJy9GCI2fNnxnQBbKEz6V\/so8\/ex8K+F2VV8Xlyk+BTFA4OPjxuQ6LZAw3MP6P3hxfm\/8ljkop5\/SI5xDRLcIAhlRNjSOdekQz1mIEo2EnDfSaSb7Gh75g3Y7WAgPEF6enaKqdFVGutsJVL+sNhw8qX0fBTToiOiB9CtWfJJRB1ff5ir4HCC5YgaG7Iny5R+T9zRuNyBNfZ4NPpiM+4EzimASiGJobUimGvk4GeUDE7fXrp72sRKhQCaH5\/nbha+9DmZgdr9mXrl2kbe9PV+IIrHpoitDn2tgzsP8r7ZFigp5npQffggv7haoAs8RFxW9SWR7ZNwh359zkE34\/kZ+CsTC3o+SFo1ZpZSYB7k5YMEXpbC5soIvzfLzo7VRt8wN+9a6G3Vxv65dYuC7WRoZGIss7sDsEtxaXd7D7HVuHBRBXtjzJYxAPsSQ91kS08TNtb53+I8qD12sc9NYwBxuGsxMraUNa\/Z\/\/E6cT8Coz5pCr9T27zIJBVcwrMWBRLfD+FD7WGlOX4REoNLW9dEFCROTtm6uBjditXnfFQ3MtyI4J3eKSt1aSAY6Hz5X1+DPOtei\/MOVBQGkMiqOrqu16dWphn6\/fshP4r6aWOrs7o67fomPJMNklnJkNanI86YjHvOE\/IjKudTLTEMkvMLUoZDWAtPQI+\/WYe66yUXkF7V0ZUo3ZIpLMlb5eVtuVMMe41GbHTf7qBkz676upo7ZFzgy0W42sY9gv7IriIXjYeDyZZDWo3TXCZ38h2Odbwls27Y01zUpB1YjLJf8LFOrRGSs7foRQrQDCkRPXFEc+6E+4fyYet1KpR47gVT419Ib+RJ9wJcl8ubiwrwMsSCENWlSShhkjiU9pREjVRHxJEn4uNAQz5HqwovfWEJcoieIC9oBUbwvwJMD31UWIE3vVHNJaV39UM1zitDAcHoAAw\/EaepuByZJ8czcyTY5trioI79lkjIUaQJwmyfwrWakn1mQxUudBvtAjxi8fCoWLp4XRoQiq88+b3SOVBDyWq6VLJeRBFDKqM\/C9BcOXa854dRZRXM61wBpYF32zaqLJBZ2zo0wYIk8viyYL\/mHrapgu+COKp2gV7Zvqdk13fOuL7gcwxx10cPHj+3nKWmr2kTbsXN3ZtBTVrm3"} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01466{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495383906591,"pkt":"AAAAAAAAAAEA4PSECABFAAViG3tAAH4RcImokEAFie75AuA2AbsFTlZLwf8AAB0IkppBKZS2LWkAAEU0nZo4YZNOB4fchGmOnQKbaxZNu5+Rr9SHX\/+7nFbe3XcSn7NN4aZ8B34cI7rnBTgQPp7tDwb8aXE40NyFem3MElRtWbSgMUM8aL9mxQMt+BCtQtjknkoexLmgGym9SA4WETS+zt+sAqDuGybHtZbawAHOviOxar3NbIVfoyoECjzoxetvFQVMgJnBjFTieWPpv9GYlKtfw8vM+ABHtzCBdkVQrEtjZ2Kym5ZKNXBHERbHk7EYzIr+2EtCXPa8Zb8ZMSGVK5HAEFoUzTKCNaNkRU63dDqeoGw0HO03e3yfnEfPvmCKjFUtfo9FOxIdx7SRmN9cfYd\/5oUQ5rYUoic5STd5ys9Wj6gQeoYou3SNjAUyctcoqcQEZnGD0JnDrFdxtPksDZ5mOj9TjcCRvxSpY2BRzN1XD7P28JBy8RqTnX8VU3MUTvfBajgOzODfKpBvMnq1DnDxAJmoeuFL5GlkBD4PjdD9dOXUm8xpPRrQyN93MDy9Lh0jdKnypCUIRX+bQzDgeadkOYIZQaX60ccQFMHav4EcM87LkFI2Kkt53wfsAbzwSkC\/sh5h+SKq5tWBr0A1+3COF2lmckeKRU37IJzgJRoclYfhyc5rysBbxh\/R8QZagVscGvoIOTayHYdJgNSs+ZQPUrY4MPNmoN6JKTjH9znGk8iQeNCxiuG4V\/iY6kK6x7AHF+\/rOforM7vc9c9xJuHH84tB0GmhBnyEob1rqD1zr4gpm2RteHorokh0IIRvCPptRZoPaSZ9NqseHmcV5YB9nzZXE4EDYo5f21RhnJLRnSslkj\/H219xwcR0XpMABos3On6qE9aY\/3dpratV\/uRejtrJjhSs43oZgIHypnRSOndd2zbpHR6gwc1xqIlwmu2mdOfB5bN2SKDS9FrSjqrzVx\/YW7gsqVvZYwKID5GJDPL1+LDs4fSPxdv6XMlw2dUT14Sq6cmPktyOFMZDEpK3HY4woBwm6vbhQpvAMOjG\/cyfvzapnRKKIOQSKnlGKbaihsN4mN1DABU\/AfcDRRjAdMEtVd098nAmg10LnfyE7f03sy2ezkhaOC8JAbJCJ+a9vBBI+EmcRWBsTfEX0tClNpXHrzX9DBQjMlBsSvVL3XnUgxicHNjPexCgWSnjBlIvFbkywpKcuzQkbhTg9p+EBuDI3LT2jEBiFGiWVAx1y3mNzzHbk9D3mTlp7QoNQHrpJbKVUKG3U0qdfkUT9BiOKjC4IBDsIt8+AuPFyVhrJ41NR8s0HejzpT6naGZbPieiVEnxW02zCwTQqyslurLWiPYuYizgWR26delkajTuI6BXQG5p3YGrqA+A+Zr7i661IjrsehT8FKL\/V2MDzuE\/fP6ylibvsyekoNKqSvsdEHi89orwhxyl8c5nq\/r8IFg7NvNFyGe\/nKumTxsqUu84Wo6HMgJtg262riyvhJrlldWx+jqgnOBAU4fls6MeuW9Cq4qfm6zU4VLXh5IjH1Py8vkruKnwZ8+Xm7\/tlv\/NhWcWkrOwYFZ6bck7+PZYh+NCodWvjJkVSe5MVzgI8PZy8sRLAK9bvUjxnANGxlVZm4cGfAi5tPOM9l2JM\/1yBZrGjk15cVdpdJnrXVfidMwtlWkoPIudRiKM1qGHsus7EcmploXydZ5\/mH\/0EBq9GCTOEjPkEjEYTQWlyjMdSzxKkqwTQu+I56FkdCZnSSthnsnb7XfGlpRYLkV5VeNoKc5d4pjMVNe\/52pvZLqjGj1nZ61WYiUzCCKq0\/Mnr55qnV\/nzBawGQP496cN5M\/m"} -01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} -01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} -01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} +01455{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01201{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01226{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01216{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} +01218{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} 01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01201{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} -01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com"}} -01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01201{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com"}} +01204{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01204{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495395690912,"pkt":"AAAAAAAAAAEAaACzCABFAAVipg1AAH4RMnKokEAFZsLPs\/vxAbsFTg6Cyf8AAB0IgUbFpekOVCYAAEU06GZplAywEKbDCry5EETbpzZHS\/+ctZDEn8Qt8L+3XSgP\/QRbpKkvR3yjoYtHtOItTMP\/J9UsAdqCBdh2rnjFpD\/S9p5j0gqi6\/Z5LmmjTugi+3+2A56Su6KOgULzmrxxoMX8gDCxL9pwT\/\/glMxGOhJ4KTE7\/blbunZ4lQxY\/EmNDFVvwHdoRWRACFfA2iR5CCdBd+3oRtGglHNhFr484NI+Z0RCCnj6E8AMli0JlpZ0hOoK0ivmNTzcFwyySmvpxcFwAg61RSntAgfdC0AGtzo4y3UyaZFQPiRvQeQ5nDJnAqsRbTErzj9AMcpCH6TNnGDJD0Ipet45Eucx3uf3XRPDZLSwoVaO2XwE2UBC8Ypp8ROduqM0LgVHk447061aycTCZaXsHqFtEtV17WT4QoFolsGo\/UuLmbdX4fBh9oVrJJ6pOpcDVi8TH4RI3BivD2J\/kdhdSoFhpuq9YHZnkvDprncZdKcWDI0Lxyf7dDBIXI6bz3C\/x45+PMZ5I1dYqWfeP+n9Y3LOO7s6QV1unXf+WTWJninotKr714Vq9AIzRTrefbOMjhaLqyDLlF5BdYSUM5gTgoPx49oQDRPdJ7a1MBm3APpLT35YHdyilv3tfmjks4fEBltqUPxcJZgUmaDN8Rf0f9lFyt1ioE71sp+8mTyxpZ5VwhjoUvmI6EVuUtNMadIk6x7X+Na\/ZARvdabmPF6toMqDEGLm725EBI3YzGTOL\/mUoC2LE6FomE3JALJPAVmbpR4S5wvkGnqIDrYguIT1mH03jUtbD1hZrfYwo021rdvbZLGkDSbpKanoX6hwE3Xrh1lMhepvhHUBD1PwvjeXOI7ihVhjK62JiMIu8Xu\/CJCx8fRyNbu2z3w2vupOcdoe8Me++EE6n4DCv72t6GfNDeRXyJbfYF6HEwhjRaciKZIHOh3RmNhiDn948Y74LD0+AM5oAbTJWX9LP04itY9ClWH5flhojTFFOwFZGPSRv1WJb9w1NiX\/N6BELu1vs9NZqPkryvurnhZqOqcfs0xRh5Yws7xmPi75Cfr0EjgDLZmPnSK9Y2aijxhpaUW3oVEcSvgOQCztfKmRdvEfJGGR1+Ab4qZqwOtaHuFs1m3m5ld2K1YbnXeki071UWEWPHiSDavs3THubRh\/o9H82GNqi43q6kiCPUzuXIYnPl+Cn6Bp0DOI3AsGU2\/KAkOoIEJE2LFhqvu46T1GcVIcHlsWEVdPTRo4jfFS7lOaoMoNQ7tWcO86aXKUliVbxXv5NVI829JeM\/\/o0yJSZEVnCcvF7FQUmQL68fe3HTGGXZLOWm6c8wVFxl\/6Picm\/V2seHAOz1GMyw3T+bveM5m3rTBwie2mjtgPR7Yxl\/toB3aVEEDYkXEjyef9LN5zZnFChQQhZbecsd8YeFC+QCwamJ2Z23sTUHkrJ+MQqoJhxOAy\/\/Mwszyy7rcrV8gwkK31aMi30M1V3LKqHqJwnB7ugO6A1F6C9gihRhNkgUIVGt68JTdFCaAxsePYd75UEwv5xBcMHiXC3mGwQ+y4AOXGpwXeDQ5\/80Oa9w9+Ml9Rg+Isc3Ld1fmePt84drp\/daoWi9ZMQIajY2lyuqw61Alyxt59OKE3k0CpOAZduHghg0VQSWOAoUcp6o4NHFl4k3rCWuqNQa\/VkHvrA5AVBpsEMxOi5Ga9XYSlw2wK3vwxguwIpXfyLWhpqq0F0AkEDoBDw95NZlTkcuA91L8OJ790NaIAtZ2\/VKU0Ox\/ZEHiQDtz8sykDoB5BoN8A0Dq4L8aU"} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} -01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} -01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} +01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01214{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} +01216{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} -01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} +01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495406541553,"pkt":"AAAAAAAAAAEAguyCCABFAAViWAZAAH4RzDyokEAFdZR1HtkUAbsFTjoPw\/8AAB0IpS3BjFDLjIQANwBT7u2pdIqujeX7dANOUZTfnxYRmwoEAlv2cGTwvVRQ05f2ZqQkJC4DQmQ8UNekM\/B\/b5bCsc1E\/TyztkqJFBdbO9qB5JeKWS4bDeTB1XZ2V0ErVv64RKGTuBvdjjgCfX06su07x0Z3asXbqdCmQWMHOI1qTINqU\/oJKTNqX7IQ8f85\/qgrCdnviYFuqVMz9SBqVmpNYNfu5FP0maF7snVSzjZqhhCpRZsxX21PAu9uVnhiEb\/LUX9+7+xtXcTtey2D4GkwD4RpLMRUga1FJ4rjTGwvE0+AsvJJDdiioVoqv7\/LjuVI5T7U\/lJ3SCSYuTsqGMVwkymjUknc45YgYS64+q3tWvD9MnWpueOOG1aytIWYz\/ZQgMDZNokTq3aqJGp\/FoTSi+dPRPc1z4wXa0iO2cF402cWDgjuPmatByfDq7YBu2C9+eZYtfPRDsT4VCBhIJO5WiI7+kwTM88vMDXogMlbA3\/6bmTdrTzLvTcHCw3Xr0WehWXYo+xQSWRhu\/uuhl128v5pUOiXsl0bDy5EmHbr20S6kbHO+0LqHDJVbRf8mZ3awQ4pwAWwQWnVx37XBa\/2EtrHyyojkS2zQTcHh1fe+CoFmAvaJovW\/StICtvQrvayaHiBV733DAwKy\/Y3526K9OrAU4jsURbnovvToOxvx8drWx9RSU6gdEHnV8zWJwVS1TDnXtsWGtomfdqnhZkNK5u7kj47rGJaFqQU1bObGeviiSoviHnYR18MNvE78MR8EUodW3McLRHAztvvQBcBcNtZ9NnBwkRaprMMq72CixCPd107Y7JgoGmIJbNdeGCCwkpwtckTVEVe619QplF0gBYNsFWF5Ai1oxBkmUGx9kWUDs80leQJlP0r7jJUvcdLFEZrISVVdyQaoJZQMMFPymMKeYyC4YzW1ORpCrB6TKj0+6uYFK1klVAzDEVUYF1Hhucybp0Qq\/MxedWLGVKQWT9257chXwP2PvqI7qxShbETVSxB44evGFNEZRr76ml\/LnDy58xg1d5gvwegl\/7+gkPhbIJMtvVZ+JkXETJtQnFRG1xeTTfchP0QvUjmmxpySWiNd6gaGLNTi33HeRHy8SHIM278nUZ9GMr0cdwZ08VWlOCTuhU3E2u1I\/6ZvxNK5D41TNPq02++dEJhlyjbw3keY6r\/soji\/n+9pmP7QmojV\/lfE3GxJ+ePOip0nlns4O8V5YSSKtilDr8GhCJyf\/pzZk3drO1EwJLp4rnbhLue2grZuQbO3+kxcT96eAE85Hb0noB3Ea+uU3gj5MXJ0wkPH06qnXVxrDVuFF03yGp55TKUZyKSkRVZizQRkR0CmmMb9p+7ighEtptb4miGyv2eDl9F+SDCwhUssSw7vl8IKL3NVUcKAYGcE7Ie2BdrDpWQqSHhL0i5ZWiHn2aNx9IPMwmexAO\/AP+DEpPg\/OqQFS9+cLRPrMs6a5TPZqg++wfD+EHXSSwEIbMZk7820Ent7o0O6fPU9oivUvzxIErtdOu9fjOuTeCbtNL0UGBzvnoRPMUaIQjfu\/iJG8Z9aOtg+9TrcjVPX5a6Z5OwLXmzLGRT86sNwHqCjRgn2p2rVLx+fb+Z3Te8nZPOzZZjVZ6Ycx5SyZ9mziyd8btUND9hahYJM6KENGcOZwT1hkXcbxXROTQMsrykz+appT+Yt7eTfiM5Bijfzp++ctCCHMYRqgsN0FBlmqroqwE0JLDBDcemxPFQhEjVYok4hZ20aOLFNcrukblRhA1kFXY6Llbu6x+OdQ5ITJjtfy6N7s1G"} -01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495410048086,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFgVAAH4RX\/eokEAFgPgYAeZMAbsFTtl+yf8AAB0I\/leLTB44CRYANwAjTks9G8lrwt7+vZI0DaJowcQhxAH\/31dnEp\/wJDdcMs+96OC39JlFREj+x7uN8Y8I9xFEQ29E\/a6s8tYEG9mj1POKhRa4vw3FhUteagxK+Q3DYpMRbbQyi17yakV5fz21hd995vaP89QVSqNLp+aAiSc+XqrCI77QXUHLmsP3G+aV40nY4QYlAWTLcidClJxeZyPxcfdcTtSNYicTl2FhoQfgv\/izTkA8Ux332SxyJP9+2z+XN09eJbN3mFulwha40\/Pg2JJnk0Mm\/3T\/Ss1Ch6I\/57GVqncRgavCBlhRoSVFKd86cw4yV+Ach6\/lwZDc5hjr3\/nqPDyHyOk\/ic1VUkphYEW41unlD7wuiEsRixbz8q3byugh+YjmzBN4Tq47QChINSRWxj4L+BjNAoQ7Dai2X97Gz1ilrfn9+zsFqOwEj79WLqBpmtfOV849tRu3LnfZ5cuX\/MO2LG86yC\/6+pLC3ANUDv1RY2PC7sUP7d+2w6wZL9lz84eJ4EUxCxoGhaeWNioxpuXz6QtLrdpqY2rZZMA1WHZDaqTSa2btkRbvpzj3eovzOuknue\/RfsdTXXW3UMOpsc9ufpxUOiIdmQDlR9ngWJJOEe\/+zAdRs4VCI3jg3b+MFDhTwkUDRbn5RdNBFGIFGiXMmlzBNp8WabWafrmaKncF2rHZrecxeLVQ\/VSRUDmEKuHw40u+BNDILthR2FlUDDPJIVa+8K5xsZq0GxABXMcW8oZDwrq5xqDJZgYviq8SMcVntUHd4lVflGxbnfbnq3u\/Fk2Q\/Bs6qxzEdrCtn5KxNf5RTEOp58JUv2EOmrI1dyD87\/vOZYoRo4zjmc5dfyfUed+U6qOKm9QNfz5t+khBm6EE0js0KEb\/+Q6\/FDW5NzexjAFt74fp26YEUcjbbOPT98MLJKLLZsudFAxnHc8sILQ7K7ykQTsjx+T\/KOD3Enwwk1Vj7wEx2TRnVYzj9HBoyE1hYdqsP+4XG4c9\/T3CYr8iPwgA\/aTTnUnOQGVq12dFIPyHfSU0aW1473o2COwUVCD0ADVE218fKQZESyx3lIauVAb53dvU3\/wIawiFCz3acy7VEwSNGNM4p1UV+gN+HBUKUPzY8exwOAX4I27APon\/2ahebhkhpVTALzP5\/h7a9YZDH7+4j+sDYvJYLFK1kStX9AMMkrOXJtGqYpqgjUKCp2ykQVjHn\/RRRes+WwM6iqH92nVkHIv21SOZ8nVM86HIxmxEKln1LCCgKmw2iOSzvtfGSozM0d\/so3uqMQgMEaBugSKzaJiIYwVfVibAbpN0adGCr0odL4i5Z+yx0AuzsZ+EDcPN67poLOsf7GSYwLDiQkVusGkT9qI\/+26abOUxBiwO5qIu4c3OtO9Pl6FwYcO91fZh650fsDdAhxQSRml+yPU29m5YVwysjHTEwUlh7bDdMFpdQdpdmP+YBhsc0SG8HbyUGUWAXz9Q0pI6aQER6n+2b\/BjsFSwDoAdec89vuok0yzzVxihCQNqfDhwRMqvQlmf41fMjfoyQkvsYJMCbKU1y0ftuN2J8N7YcBgXEpkyZ73F9eUWeEUHAENs4C+x+znjGw\/xdKih19FGDi\/nhZNMlLhDpFyi82JaXj\/bLXeevjzdhjNvFrlWRduPD3Az3+Jt8O1Sm71ZcoDZgGY54gQ3OrsHryVHzWg9achFHZLn\/ZWA4PSjBQQH5WG6PFgfZhD+kj1oost9E1Z2g02u+oPqUAeEiw\/SGcRViFDskV2Cj6eFv\/nHh2vnTL8ODpgiQIs3IP3M"} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495455961662,"pkt":"AAAAAAAAAAEAaACzCABFAAVipjNAAH4RMkyokEAFZsLPs9SxAbsFTkz3yf8AAB0IW6VqPL9nKU0ANwBravUmWKq3yO8VZlOBqHgbki\/goI5n14Od4wyAZtlECAHCn0lzdaz8q7RFJaLaxg8bqaof4Y9E\/aCKkqi83SiSxj0wA9VaVnLuhoAUcP5pSIwdVZ226lDU\/fKJXCOWhj5U0vGsWctMBnACRJooqY\/EIe7zeS4gW9kRSye11BfEHBZvQCQ2Hw5tRRQO1ihfr3AH4BV+w18QXsSRjA3AgSLlWmVvNoGhvok75aqRHYiBSwdwNT9ZQk4cM6MThQObIM9OwmrZGYzdgcwWP\/FJvqDB39XhD+omQ8uC8mZ537oEh5AGXvor2yfynGKqmgp\/yT\/dH3topVKC+Ri4UD6+q6yMBizxV\/DHc+zcKb7bKMFFO1eiqXSiGPoIgEutHke5OqadU\/tLTj0WuUrML78PqgBRydLfJJ0hSojdqY\/HjdwJpZeFJwp7wKn8VRGG\/yvY2x6pil8wpOS6XvWHGvzNPxD6C+g5axKm9LfXWJkNn4V0vMRIJyOAoJsSgFe32K\/w60iIObURGr7LOTvgxY8kLZgGkxD8VmUWaxSsIipdY1zQzkND1VZO6t2zr\/a+Q8DohD1YPV6tlk6rn2prShAt77QE+pLlEwym1HnxiPCdcDtyW285Nk7kKruQ1mmAdcp7hpBdeQ73zBfPFm4kViXEkOmKqu2y8u2C\/dbP6WGDVgmEt50G\/TZ0SMJ\/1lXGfmrpbdAKoOxB7xEdy35+vcwsE1YFswDl5TGR+NBvTqNrjHDXACh8Cx53IWP59Ji2saD1Ye50T1Sx5LgA6SrpWbOlU9Rsgq\/TBSC1tQOH\/VmrKAut\/8nukuPoNtb1a5uUZ1c6bwAcpjf5TXN41pCYm69SI3nssNWo2dyLqOGKECefwPxQf15zCZ8qa6BPFMjjc5uFw2+UZJ6H9uVGcT6YOn9ATJjXV1rWnhxewQVVeqNiTOey+tQF+cjBBZLReI34HshIV8r1nlrST\/qXbWAKh7GeUQmJneZZhYb81MJMByTb73VBZXoZ6xGgTNyP\/dHOTR22ecj1LOs0qstF2wN9snIQZrrfX2JlF7dq2fFSKEshmXaVGCEL09hXFhHbq0QayKuLAWWI4aRof11r+CNpR\/NJ0Aqs+i4pRrJnNm6t4IC1bx4FGU7Nyx6ngu+TrgAfLdooE51VAlTUl0v7zV2KYm5RDSEpj7PgcRIvT7QAwBPfzFQ4j+lIz1HgE2KmRziUtymSXUNSNgt2udtGTPaV2DAgGZS6qazUIKNzkZIQp8q6s4lL6Pqeb5LG4kvEOeCmxo5wEofaOGvytEr8++Td9tOdy3u+6tQw8ZChKbNfJKWxhoOFUIA\/5YBmZFZSccanTHvVJto7VxFojeJZukeioQQjJDwBPHsywE3BtR7h6oz5boguk9Kou14u\/5g66uwMCuxQDPrXZcoTZsZa2HLwy2qe0ExuzZPw2HHvmOyZSAGQ+m\/BLcAwWVL927E2hs76eRGuJwqsY4GpvrOX1CbGRhwTxeliklR36iagwOV6ZLPHJGQ8sRMQ6E+CPifdBY0km0DQvehrT8ZiGdH6wl7zf3ONaN9EN6wUYANIeHCXhN9ihBg9GaQHoAfGloAC1v5PK1ylIeuftjWmCPhso3b9DRFisYli57JTJDMeFP014yikgmjmgpEmF7DxSG5Mv\/1+EFTtCib5OrXYmTEQm\/5mM09hj8zz\/HhlKsiMfbdKKTGX6XSTEBKV9L0IiOMNuHkh9x0VXilYm+QFUtpSkJC0TjJiw\/HyVRyGEOuTm4Ep5gOdRAcfPf\/R3xVB"} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com","domainame":"beacons3.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com","domainame":"beacons3.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} -01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01081{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} +01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01228{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r5---sn-vh5ouxa-hju6.googlevideo.com"}} -01056{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} +01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} -01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com"}} -01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01222{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} +01201{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com"}} +01204{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01204{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01226{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495692143849,"pkt":"AAAAAAAAAAEA4PSECABFAAViwhdAAH4RV5yokEAFXWSX3eu2AbsFTqlwy\/8AAB0IytRHE\/BcidkAAEU0GAJLgq5zWCEW\/\/vpneUqridEkoosXOYvPFM+EGFgFEn1\/pdK2U+fbOyyD9aMCeGUBOZnfvyIfNO5K6N10kJD2wSuJMaHeVG8mTehPz6Z7xoPc5LRNHFpJc9TdwBWwPbj8ekTbabDuVDHMstO8xpXRQySbhJHU6wlq+klfEbii+8EVostEJjHVEa1OZRyeAxcg1YEz+0PhQrslK4lhYtYjv4daqrQ9huOezEOwJKVIALQJLGoJ4f2F0eqzdy6jHFW4Shtit+AoF5iUPYyY6JmIGKfalz9t2vSbZumTgJ9SLPadk+rld6hE4IFunALh2k0HHlflWmsTcHH4jZndWLbu2r2iLUOBVoiQ18gEn8zCFncnoY4ExTQLd0WhsHz1w74Rs230gs\/qIzBbpiNnor68kH6+ahcqnABZBlXRVXYrQtqzWMVecwWgFBr8kmDHNSbEsffCTExI7CQu3mzEUOiFNDs51itYsXzdmE7wEGo\/bGYgZblzPEz8chYGofZflNVoia8KxZj\/VLWXLY06JYSw0TbdHU6OZKpIlgWKPSUU9yWUDPgULA8g0V45R6QNOWEv\/+Xd5aZdfeHnkBDVK8YnbuFxEkxeTLfnF0HSQd2toTv8gz1i8eq0knZewiX9Qyn6hzHgP2\/U+hh2ui9eIuBGqxzkvyg3DOjUT9WKjYnMvT3pNBH\/YoJtrPxSn7XrrXNYYWmNcxW4oxEIL7wiLLLL7liAYBvwS7FLIJepFUJ89bcXkCLsjkN63okoguLX+ND2ec7J9VukjZ+dXxDIqV16passDORQcQv+hP9S1RE1mHSFBJt3dWs3kSbeTxL0\/jUX9wUMKCAKJsmn1JHBtj3SRd+Cq7RST4KNBpNpp+OrN5GS8zmmRP02n0QZdRAA\/cP8cayAz44AqG8Nmgu6qpMXQlCEJbdSMX8zW66ZG3A\/wWBiO6fXKXtPqq0B+fcrDGzggFgJ7\/X1FeMde1oO1KvB7K5FnKUeH6z5iHps9E6+eItgN1w2M0OXrE++u9FVrWPH31W5YKQVZMpI0U7re5kVQMzV9bJRcBuHYng7XfhD8k8uOEA1mD8rAI2acFs1IU7+t6xL5xpLL17JhawgaF8\/SfwzgEFHaQcPkz8ipFK3FbfGt15dt4gZ2CzlxYp7RaoRsZiNmF1SVZhPHx7EKffzikgMDfyCfUTej4mHFjDSBXvSBw\/tLvSe9zKIGZzW4YW5Zx2kF14W03Knayi7As27e\/ETroLvHWX+zYXh8lsCjXblUbFLn4OvB4Vvl6g7osC7YpQr9UoDjSRAa6delKk\/ZUwvlsmVlVdxie6KoM9xa4Kzoe6ANfADEjk2L3bHvC3ibZLII1p03Itmuh1fVJvnQ4PqLPmYJ6J8fjwoTytcU64MeofEY0xuIazjFponK+zHprMee9E4a13UVbglxsx2ynEryvHU7P2C9n3y1sUu0MlUWwRaMb2msNlm84Pn7t+d7khBduwQHoE47sarcouiL95rGRzCh6s8NudLolgOYJuEw4uamdMOpSbqhTz6in40vyUrVIdNnXic83DBKdCA+7fAJyj\/qP2NwPP5wjaudyfPKQUIUm\/ZWQd3dL20quz7Lifs+ZxH7e5Z79ubipc8483Vd9Aq+ZDmCrdC8DTUvYkNu8HRlFIJ\/87x6kDCqBpz\/Y6oKJ9fnDWzu3vGVK4nDx4jhx0IvaEpB8u7iVohyPAjcPcqis5bb\/b2l141\/Mkd7YUfg1edYX7s7jeiJZNXtRq20b9JPjsbcD\/aEE7zAWRgf9W"} 01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} +01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r5---sn-vh5ouxa-hju6.googlevideo.com"}} -01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com"}} -01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} +01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com"}} +01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} -01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com"}} -01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} -01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":534,"global_ts_usec":1621495911385504} +01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} +01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com"}} +01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} +01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":534,"global_ts_usec":1621495911385504} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495911385504,"pkt":"AAAAAAAAAAEAS1QMCABFAAViZVRAAH4R9mOokEAFCUGp\/P6iAbsFTuJkwv8AAB0ISXF10ZCPcZ8ANwCrCJzLpozLw4lUkkdlAQ6gxDr15gnzrPDGY+5Es7Rj4OEug7GPyeqPD2P7ep04DtKE\/arcjWhE\/TeK9i4OFMtcnTbxJLT+Ie\/sDxN+8rr9EpWTbrHR6DrOgebE9CnNf9TmE3FgFzE1oavAS0XPwmTIIdH8DlasdxYKazZ2\/Vbz3SE0UaIlbXgmou7suHpa04zHS3u5e9ZyWoFTxGTtw4WSnPz3ZKKkluQDu\/BtGXK0Nw2vkZHZvHI5lbvjogi7BhIgmeQsuujAYnjK\/8JvDzTmbaLJnfI0BPAzgpLAyl5Uc2gG\/KhKxSiYKBAPLQlIw6PFn0Lw49hevbrWvRHOrE9CLjmKoraWxDJ\/mALo4XhOb\/38Fr\/hKdvS3J0EgxlCXTb2thu6vO6TuyRCkuufEdAjYJ1vuqyiJCtFCAuUx7f18Eb4YEnOwiDxAbC3vGkfxkILkOjo6zw0CLRXf8nS\/NGBDwLWigrT+llhvmIHUFzlv9UH+xnKwzw\/egOFElPuDQWAHnu+onEYr+xarKfPXzcUZ2mJ8x2qVU8DnquJVsvWPKVTkAEBNrppoG89a28TVbihC9GQZrxGFJfKiDfU\/pEjYGoEkpc0EmKP6WcJTrq8AjU9GqT8Otws\/2IJyr6eRQmrOEnR61BpA68BS2gZETtHAFeV+7SvjjISU7v1iOrwnLh5PVhV2I3Yg++07Mh3uzcKBBpCykABy4RIzFtFfD0mgpctccbji0EH0ftvDOPuyet7rGzNJxhlJE5822+Xl3TP9GlIFWuu44I+7Awm4hQYyx6SZMm5VkB1u+AQoAVC5yMuqM\/oqccmH3ov\/Y0J8XBnYLvKXGFZN6w2Ie6AwP0RMVPR4KQrpr7QbTjZ1gqRIH\/gSQZm2lG3NnFEcauzrfT+UAJCMrcsBthQQ4GFi4GLid84Wo3e01Yrsz68cR\/Dgyy9EjPbiFW4MTikaH6+JGXf6NLD1CBuUsZVLsd0wLuOp+mdcUObLIIhYByY+ZgC+pokGwX4+0M17gKxSBYArJDBxXe5y9O3GJkG2iDua1ffTw4GMCTWjg\/R2g3bNlRt2Kdpw0gNsexLTtD4vFIhhqYc5yzqubTAWDS97RiK0ff82cdVn+d1axfVYDUVVOuPm8ks3AoXLvMXz0uwOT1I7eZMtFaHeThWMFitpjMx4373HtevJV+R5JNzCQnbUkKMTjHvihPPw5JObhnamIan7J5a0S1j0TBlprZNVWcpdmTBKK9FiCYUebSphRa9ldAHRwzqCWNqZR\/NnSxOGm\/diizPFOGmgelkIA+7xLYtK7TLNkZ6WWwfmMdAfmJXz152dGSsptNpHU7WmssMjos9x0nJPItQNMAxpvgaTkatuyFUAnSEa\/kG2dwBsqrcrwjs\/mFLXB5BDHAaGdSx+C7zjjhFvObf79qhHZ7JrOH0IFeQgRTI\/I\/N1E\/wA3O\/VVPfi5T2WZv1WQoakLeMywD1DSZddBLRgEj9HiaWe\/6WOpSn\/V\/zM+Gime9loFOdLfGpXUiurZsHPqUL1b6MPeMrtR937yF4HPz5BY+\/tSnZ01u2ik8yu9Q5AJ4CmdPfTqD4sA\/UJgRLpffrp7JIFjyUbElKxtMBDr0WSdiYnf1+TQzqqaiOCpGsNMZoe9ogrQfFW7\/gdsykD2QZJgD7hTY\/mVqzcE88T3Zcf5TxTTDINI4atIY1lYydToKknzxOdKjXEcoGNF2fxUyQPRMk\/YqD0njsh1Dp+iMP\/G3eoOFqy1\/r1bbUJxo+NSb1V8JoUh0VwlVF0mFL"} 01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496172813570,"pkt":"AAAAAAAAAAEA4PSECABFAAViwpdAAH4RVxyokEAFXWSX3c7OAbsFTudOyP8AAB0IJfFU5PX57qcAAEU0c0zbXMVn6Pcd4e7ZmfGe\/qxoruMGwPYAlsdY4bBFIJBxlfIjvR+3r8n\/O3U+qJTKKUq8qa0QleuYrfTMsn8O\/y7hixYXl+TzY\/2tPZFmjgWjPy8Q3ousCTGpMjiPdDu1aKCA8puIhbArl8N6Da6NPpGg72zv38j3AEI+JJUvltWracNeEqzqLjSdIseAljbdck9dGPDQn0DHp\/nLF0OQLhgPW7is5GRoEeUyeCGTQitO7sJ+0GFP4Tawvy3HpIB8sQ\/mvWQBI36+Vr0IvUC92N81WsKioT12i3z0lrAFRKc2nrIsK9qzHEDcHRWO8IWXX8n7Ylt6igAVfNRjEBAM2NXSGElvaDPhl5W14nFw2qReuostjw9VWKaXa0YpEemQwzzCdWf\/l2eJ\/wYr+I8wfqvsxZTTgvvVqGvZbvCnJarMpvykClV78Fjr7zdoJH0h6e4wj\/zK66Jl9dPkQ7jrAIn8Djc77n3JalsxT45E5h\/vwJ6Hy1Yu62tVg0onyAEaJRgShAbt65WHHuuOjUbOO7SgM\/l1B3NkYxFQRjbPkOp7\/+btlneTdmAOHcL660GLIGJvYuSg3GxeNY\/RvOuUCpKgbpyQvoy56KwcUUR0q+ZfCEfPOk+4i3eO9doEvGZqOHv6OheClMqNVyw4H6sb5ovkDq\/C4Luz4OZtiQxZAB9o8Z+XJbrSEebIisx\/MMDHqbWhehe1Eg0mRwnSpSkDsUCYcCDmBZZpNGxtE8k+8ji5vCVnS5atqC1q22zlTPttfegwTwCR34A50P0f\/cSq+ZjRg8lUGBiJMY633IK0UkUJK3qD2M+BLuyIwMRCQaYB5FWwQptU0wzlZlcAZTHpnhVpthl5\/8JNWtmRYqhefl5vburajPxYg4gOqVoHDVonhwMZ\/I71i2OZh\/xUUB+2rkwL41c5gUjryBwPqx6xlbPDXfHRijhx6FEeECng0ZOpqAj4GzPzd+hfEZoL+A\/zpIFLSkxIkmdjto2cmeEjcK2ZmzuUECn2TbWRXdwA0raRmtbKwoHqebinUG4Zd73sgqZPzhb6S6fRcJFXth6D1WkWMX\/pmvTBFmwsZtj4vIKhZgtGCFvnCsFQjZwKMGDdk8IcMtc7fRP\/WFw138PAOKXN4\/cwBXBJiHWUsfHmH4IEa3yYTAmTO5bAv3vbyW7AGUPPSZsFuGjThPYUOEo4obqTwpRd+7G7Fj8PTDc9\/SuvOHeEFG8SNmZczyUVz7P\/pwxY9P0pFzlzfGNZ1Yf7NIqIcuZwIAu1QHM8TKxiNpKLXkwY5gWi5EHkWT7ieNOA\/PME3V7yn6j9jdSLAgF1RLKr0bwOhlmrTCeyjtBkecLPxW\/ZpUJSAVdMBzXR4O9Zh2\/3JmabiOVhFtw1hF3o2eH8fM2+XAKwoI8UVoKaXC5im6tL\/RAIV7zKy5boKMeRbQM9fQyx\/xdvgnYYAepCXa5LMPTBjm8XbDITPP1e5aEovXRZlii1OC0w0plqCde8kUQfkZW0LCgurP5FzP2Aui0bpTHOGUVN1ugsbXrtv40HL7weMrKI+pmagU+tsECSDoFrx7+qtDT0YFo235yejWP4S7BEg\/McKYbD5TUBYFtwlDeTjyPkNpblYnvhSMMuhXgVIEl+Jn3adbs96ij4KSAIxF\/p\/twgKC3\/qYYlDHvYQriXuCWK9963IJqD8REoU72BQdfNgjTgbXB0ZOu7ItHmtPuAN9cWJ\/uL2kM5RxQU\/UDcei+A\/uNYyRIl3aPttcTgFoW4dVR1MlFwi\/UvUZjaUxjT"} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com","domainame":"clients2.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com","domainame":"clients2.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496437543298,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496437543298,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYKNAAH4RaeQ0uxSvxkodT\/KiAbsFTtIIyv8AAB0IvPCERtRr\/7QAAEU0VDep\/CZnpIQa8eVhNyJ3U1QCAukLnPnKtOrC\/7zKB1G+98eg7ftwXdiCu4mjtl1Q8mNJOaDHQdHo\/ZnotZk2q+6WYBr5DXX5QHa13JOYGLxoc9qyOjz+jbwetc54i8U7+0kSHAbALiGoIDK5WQRRZWetkNux+DZoWjHY5WfosmGRQsxtOixsR3jt9j7FOo4uqSxQGhtqIeA0i25755C0K1hzCtZHRQuy55gnoUo6zZiPhelVtIcqgCilkIu+IaiAgPdY8qusu3Q9ASMkRkk0UX5H8nUY5fVDgGL4DjsJROTA71uUmNZenr0sr5JOl\/aDX74AH3H77h7yG8JDcWCMqta2iHG5v7LfQn6HD8EvX8A9+X1BPgSNN1do76JMe5qE+cL6FAAbPHwnyEKr00VkR3NF0Wj71jZ14VH7imUBnL66mFh+udQFwSu20vdM9c8XD4z8cDkFHoqTsPkKjRGkjCQi8gB1gYo0m\/YFj+JeaePbkDvq0OSLPaTj\/\/uR93wYJiwS6oC\/aiMrt4Ai7n7\/FG5FTHmyLQWtwhpvmSeJKiasDEobo8lDxko0INCDfgQfJ3SBS6Viiln\/ASliXjKWu4SrneUfwv6qaK5CsTzFRpoqdrt\/s\/4hApSQqHe2ymAF3JbfHyoRulU2oXzj3PnMlAj4Z4Vj4oik802VNCwqS9rwhkgwLpg2ForHv0BBRPYvL6MVNDpoeE6Q+fkjAsxQcCry3Tg\/0ntsyB77pU9N+6ViiIk\/seArDaEwUpWw96CaP6HGoEH+ITzRBw4NaVx1WIIOT111vCFZOdJbhxCcjcGlkWUXH2Mfa710gWwLlFOy8LDSs50FqSN\/OPohmIvSl5JLifaSN0t8gyVjvGme43FCNf1IRmz\/msB0elm4bS6ud+82racQS6O6aZIJmDUDJkR4HH9e\/YL1z+2ASyQ94Fzatzpb4GFKnXYPSRR9ZXr+nLzhoRIUWJY27XaWKYbXR\/JgJvZqSpd9j1Y9iIYmFAj\/kzwA1TDOawG0jmZJvOHRbLPdttFMT9Z8ICzQz7sbYr50LzOCpscApRYi0yCxCW+7FvKkaUxLEeqVZNTb5bfzGXSqygFSO8Onu18Vfr2pGmZ97fTY05vmeNRaTdGB9GDxEB+of1UDIaNk5S6UGJN8C0OX2skQW9hdlLAoFJbl3R\/kaaNQomNrWf12eVjbEPUwYduxDkiFO\/Cu3xI8s\/1bhAxAoo1eoosHRSb+RfuzYRRHXHaCwK0syV2XsapF5fct1hE0QKESIuGMqkYTacUhiZ+am2170YsnbIH6mCpW2GWX2kdp\/NRfot7wqoww4YL4kQ0dV2zP8iVLBMwBcBBj7jRlAJPmU94cd1+2yA9MIjBhwW2o6kySfxuLx1CH1XTXYxyDRbLVbIkYJ9KjklyMjtPqIcfNaglBMiG4bD+cmIuV+JVF2yBdmwLpupy8GkZrPVtTuFpepOJxWGxrxdE4LNF44zdCZCWF5fsbh0tA\/4QNVZd3EvAFmb9igKxLlVrUdRexT5v0zY8qkBoP74MZTTSWxXbGUHSlroYRRVjE1ko2j801gomU8QxZIsnLdQPtAkZ1hEimDc88Y35XyX679476yZ\/aqcOmLMYDbu0Vw3kbH\/S1Pi\/Q6fIKsIvYN8tlqc6ZQKWv4iCbutDJNK0I1762s\/zDONmC7qcwhUo\/1eKb+bifa8jDvxqbQH5WTi1a8brNLoMOVpui\/c73ZoNVIkMLLnI\/xxYiZknhsfNiaQgxORr7sklMg7Kd\/f31pN0pVpaR"} @@ -546,8 +546,8 @@ 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1621496437852831,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496437852831,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK5AAH4Radk0uxSvxkodT\/KiAbsFTi+oyv8AAB0IvPCERtRr\/7QAAEU0JaLtoHyofbRbg8jGkawveiyJ2UaoheXbSYuPTeMKCeIU77lABrfhjW\/KFsoqVpaP9JKJMlnvWCAfrhYhpHkJG+xvxdGDmZWYW6e1KGN5t8DibwD+sY7U6We2yL0NMOrSYyY67PZ33CEYMgrO+bU1ma8i3+NoKnZhxsjAkaglJ6uAUozF4XuimP6iU+KzggGtZ5AHeHRJJSrIijvm2uURkPI\/Zf52SGLY+vL4vQPTe7wS1EKJeXUmQgYmh2aup9vLeWlDTkRpMf1EwpwHNlukj5oBWVeoeBmaQD4sx+NuopJ+2QprYWTuKVJ508tJ6HgsW5Ot7jO5bBygYTExm8AhqCnq4UjBmnft2hLhbA7\/d3ydVpIp7qFrWPv9n07PW58yXrAf70XLdskX2QCxfb2EahbYmb3Vx+DoN9ZQfyauIGIQJ4G4xs7NSUBH1KpzLXiWyZKGC2bhtRyON+3HzPjWFxkL0Tfa80\/+SxEpgasrCwJQb+1o6V\/lNwqybT5vHn79PHBIvEpedoaDM+BEu+O79uo27iS8RNPO794dIBqh+wJSlgKlH5zeUshHAvvFJn1TFlqv8TRVbuRhgffiNiYg0o1CeqH6Zf28VhJJpbsJJD4AZ\/jSirQZxHEWJI7alxgK\/LiDdkgpKDEWpc3pue7siiUI86wkuQp3ziUbYYUwf+3S2XmN4C+TOxmkT5fxEIOXMUz4o9qBlMvVx+HeJXeP4+1XADUariBmhpvXNO6nl8VgSR05a2jc1zcSQm6hoH7Sjq19QDV7jFEfc7eLbvAvOLM23DWJ+wh4NpHj9pZdPlAmebA1IRONzVUDs+FLPzEH62RBEORoAtOT4e39cJai5gPk0i6dU0vofBLpifIxzMyKYaGd4qxHI1hU\/vumyHtthijttX3+DFdn3RYaqCp1LpOaUmoX\/6sMVu8m0LGWnwhQqFoSAeJsuv14Al7ULvCdbJM06GXHtuP8hOpztz8GERiD3IE4+pHtQzzeOFwW3gBxM8vb\/kgHuBEO3Ngo3tjKIHZU34x718MZS7qAptuEPHVkm+ESamOD7xBmeB3Lqe2ntH0yaZ0R1ojSk6QGp9l\/DQGTgYlqqmVVplJJS9Mq23y4sYJANTI+VTWYMkD6NqRCbwxSayYlRmpI0bsWTBa3Egd5P7LRpi+3cNo9ZuEhXIAF3ycXIYlhzeSYSYvtqmdmjkTzNQLLrulkQ5zCYRtkU4zvk\/g9mgS2CcfxLTkjgtei6kwqIx3Nk4h0E0OZscgKCSJf4cRmCCOmfcnN0SQlWhChNjlpr8NXwxRXP\/99Mm1hVM9\/1cJQ8UoVQJDRNojN3SkiUl26oijeQfH807azHA\/97ACgXT19Mdl1O3NlO9Iz\/csL8LLesYa1qB5z+IjimX42W8TXFqTRlbQ7oeAmIc8H5U32U0xeqTwvh76ZUT0WO\/Hpn0xBlv6aqBcKb1Cxl7JTIzz67aCTV66YXN8NeR593i1+u0PvZCPySYf5PqAIuY3yAjXufep0Fzzko0vw1dgNNd1cSLqgPBALOXp4QpvYDsh5OdOzrPtb9Bwn8\/YjM65iU1fQJwe0pFgWPBk3OLAC1ivEA1X2opEADJmIj\/+8LvIdF6nYgzKjVtmvtV9atGouRJomruCL8JxrFfNeHoRpx0yRl9yU\/q2BGWdEuqEHO6y7Tbfu0SWUkh49LajcNcpvqE+bJljstNdRH3yFDQnBncwCCqj4zSbXWQeeQR2mI+3rqRgA1HwOB+cQZChDPCGByW10tu7BtVyE7\/y\/Y+sF"} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_src_last_pkt_time":1621496438462569,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496438462569,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK9AAH4Radg0uxSvxkodT\/KiAbsFTjIVyf8AAB0IvPCERtRr\/7QAAEU0a1V3BXBwEIhDElH\/1qUxqcqfVK\/U+I3pv8jXB6GKoLcClwfi5i+JVRi\/+qOD0jSHpVm+CcmsqV2quEgqGH5Gn0rihcbJDGj870ULZI4KmDKfC69q5r6675Wy4U0x28m2t5DK6rGqmJIfuY4CLJ5+JpnAGepaot5zw988NS9MjaUUAwJq0KRJTk9TQLF3FkyUeCnv+L2\/mCZ4pQPvTUHoai0BPsJAkEBQbCDT0ne2qov3gwfXPyGYjT+qpU1DonWmFNb695dnTcteFv3XvXkEd58E8n7ydtguTKEpl548CM+1ZWTRyyMlXz4XZF8nSLIMx0GUIZgZvabVLDS2+F0B521wAlGhNrm8PRINe9rBVvQYcP4xgohRdv3nDuVcLpMwOSEXj4YWgyE3ZUgeAzYB\/H75MXEyWx2rB05U\/7TWZ7NlkA33O50sz9d4a2o1c3cNntoxGwlEfyLKcihZ\/Suz\/KxirS++R\/qp01ueSmHonRfmrrM1LSGcMyKd+Oc4e5KssoiJAFl2Nso9pSh\/Hc4LC0BNO2pv99cb2fqWMrvtg4RKbfx1R5ZiccoCxgCpi46Y\/bGbfrDImS2xG9ERCTD6jtG0jRR1KV9w3yPJD6dZUx9vPrSlfE7TRtUvV2tg2P8RQt\/NsSQk3\/7JpfMhAIPApofSUgXm0f7r+8Zw1J12aP1zZsU9ZyRmQPc6usI4DXJN8WSrOMAw2YJx5dHRsAS5bRsxti2UCq\/PcqbnjXZexpjegsnkWKYnN\/pwtZdssK+ny+99042hifAuhg\/BXmwZfuFZ7LWOinb0yOszMgV4GVujdcSyRmmJB+im4Mj4o509W5k04dZ0bDE52gnvESt2EXA8x4iUBeMzV1EC9VoL2Zd72WZ2Le8+\/S0MFe3Se8D\/liSQe5dY3M\/L+3ZXq\/9nfvzioEORhqMqj8nSgClQeG9dmdKGgxM5mcQ9CeGNozwRdxhJvWFmctGZQ2NjWDhhDHDaqU259Q3FvsbElzHVdrJ5mJ0Cxf9ajFKPgkVOGdrDG9ApKtfsvTm8mcEa8n0Q62eOymCVJqvif5jaYy+ecjinMVsEogfItZgW86yqnm54hcKotzJtaFtp3CA5T0NjiL0VfXkiOTKfOXVWtwS2R+LPX1ibd8kfkwAh\/XXkesEqkGqJKfxtLjiY18HS1YhU3t6JkzeJqPLrJB\/PbFwyElYds\/6m0\/g+LOXOZ67UcdCScV0su9cTzTbpFuilpU31PFlGsAgDKmvkZLzN7jt\/kqOCXoWwgg9bPQkbwwNwl54A9eMPW3BHZk0poDKL2DWdoWQmTEsHc0pqdf\/k0atEtrhXPDE6dm9ctnyGia88NrHpejAS5iOiAf1eL4iWXQNTQkLKwlOqi0oh5WENqyW2gdD3O5vPNDr95MLc6Nk9E3B2M+6BndVVw6tTuGClOXozYuEVgbdPUEQGHunkA\/dCQkelRbanSo5cdvMQPWbxeU5G497tiSuxNDfmsujYTz\/BK6JWmejCS\/KhAJaMKx7PrcrPsaNqhZU4Mn4\/jSs11bYdbYsLm+pMXqsl9X68WqxfFniiajHo\/Fd3P7UYw9qKzJA5hFllxa12+AedgC513u0kPjxtExQUdI3b78Ms+FaM6UYc1IOQ6tYJC\/kR00xvH3J0uZZ0HafuTIIxCiV49M2ik73I2gkK\/TLa9hQf1LFJjsPj9VPpRxrc2Ly1SzJ7P1j6ovi9NMEeR\/e7+QcpnMJTH1C\/dGDgaTfjeelKzH0zIUwM4v73ZogzQ+Q6mOQCAb1RAyJQ"} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_src_last_pkt_time":1621496439665849,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496439665849,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYLBAAH4Radc0uxSvxkodT\/KiAbsFTlw1wP8AAB0IvPCERtRr\/7QAAEU0RMZR\/c4tn3st8xG1jK6DhAREMBO4FycwIijipDGX33cbN0C3+bsgjYYoGHalVFDkYs2ftMTHhs11vLK1rQnsFtTiQEYhzkshZi\/uLzctRyolFhFHSDjCjKDJMcXIs9obpByeSIH8jZJZIPmWGPlHTZXamH8s4vrfSGPbq02Xdwwn8n0UxFCshOFU6UauULWw7dyYPe4SjTsZrJnc1QfbwWNXS7gqUJeBunmttTv22EfV5GoMfGTcChj7EHFGIA2VrznNmm\/lNfLcLPh5KbhgIfobxo\/NSOBjMfCwFJ0Xb\/2TlPSjM9auOpr8hl23J+M+H7oTDFmZdSrcloHyQQBAYKeZTkpVJYM3gmQjQ8vDmhCy1x+mafPHnT\/kNaeeAZ4M+0Nv9U+fu7oBt3x0CP4kElUhHi8jS4I98DK2HvIxnP7SfcqByAOV\/\/dkJ+A2ztPjwMInWIn3pYqTmXZFVgxMsomM88R\/D5EgZWj\/+homNPtc+Rvh19icRn+VwvNgqYfLaJtwKRnU0sTP4YJS1rsNoRXJAEHVr8+LUuKhYmlrB2e0Ks0Hx6kvvvcmfKs2YqvYxWSjijdvjkHgCIe4iGFGm373d706t3kTDyq2vnLcDALlHhUSspxS50sBp\/X4J\/Obmz4u2VcSFRbgIlrPD6tQCJXCbtvmr7B0G2HzkdAz+y+79j2ymK7kXEtdy5JlOEzaCJWHB61Pq1zrRTSwvPxBgMFBlf3V1aZJuMeQxbw9pWF8QfPyQOy9MIfoE87XI\/pUJ2aijtoFDa2IG5U0RKi+TQ6Yr7sUnomvmBLdRhiIEkDheKEiZP+gPuweIwNQ3SLKZY0BkDAovO99qNEwJseIWua7WgMj8w6rQI8udQA9XDchM7g4qyJT23H3WrLekWZVPWSnKMJz42FXxqLdOToodhQ\/R34KTgIV6SlQlBbzbZ2BlORkWUYrIJ1NonEAr9MOlDbKNr6Xt05SZJHOnpiWP1mRTm3SDjTOC7TSEWcT+nEdf1GEJYFDGeqTX2nnOK8CRVWSu\/V1zPKbWrFU4H8QVs9sOIbDwmkddGcgULHaUIxa9IykvIwcTJzYJhg5f8B5tlRNZ4RXFR0sW+LJD88lFs\/WaRnbfh9almJ6oF32c3OI62nc8ScewCpufhoxg\/n6WrY7XA6Q\/4+akxpmQ9Wc4ZSWGmFibHYuYkc3bktMuQR2KLovT+u7dojOv7zWuxm6EAZnxQ0QxXu4DVqn5UZThYJdmPj2kPgxEoLI7kDvftmTRWKbxxxJURuLYY53ey8LigeCIzMYssMyJ0lSy5VLajuN7pEbHnFeLat8RdeT2a8iEi5NpW0jrJCa64YkFRGNG\/1RLw53JyFAltEGL8I\/AZQNy+LaDxc5GwvozkDqNstNabKIuPZdAHaK9uAbww5+qb6qWkmwYyvMesNGpozi\/ecN7nsBrBBgGhw2l48N\/Q0mB+MC\/D\/SktFImY9lJZse\/D319zIlaeUtyW1Y2CM82sNULg5DKAcuvJSLDlrQiIksi89VDc8UQIRkt2bAmBr7xFXX\/6GnPlePZLhM2vB+b8\/Zd\/lPJCs8gMoXW2fwieUibwBhARfI90eepr+yjUom+bVIlsNLyM+cdw1lMDw149\/6W1iOlYUIPc312vlJ662rsUHM8lEXa\/CJP+MLob7exHeHrjTRJoPgE7vtKIdiZXgafWX0YCPitn2LTO9ApzYxMOdRF63lU1N7r2X77i\/36gRXKSjFwKiLjoYZox3We6H9HyMDKh58MhJtykTNxI0YA5lf"} -01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496439665849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com"}} -00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":136,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":550,"global_ts_usec":1621497523457937} +01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496439665849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com"}} +00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":136,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":550,"global_ts_usec":1621497523457937} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621497523457937,"pkt":"AAAAAAAAAAEA737VCABFAAViBEZAAH4RSb6okEAFI8KdL9kJAbsFTlfcy\/8AAB0IhCcF96VVR0wANwBlELxIAYrJ18RJAopwESH080EDiTGBxAUIotc1YUcdQDx6Fm+qNXboDChqvIPFhdQk4GOqHNpE\/bcP8275wY0w3P5\/OBD00jBZFIIxdkIc1CxBuDirFHD1tP5B64vwQ5D8UGBMCwXBE5r8cQBEBueMDl1wCzedkaTPJndcvmabltC3xUmd0wwNZF33vrM44e1g6fvolfFIRSR585LU+EPiXYcJSO8XezQCKfsKP9OZPhOtv83h2Ovh66Ofu5lyKK97w1ZRH4fHbdZfIN43raCsZSEISB1XWpjeStwCQgX4pxEVT3bu7OPulibsntpcBDvvUq8hjhYS\/PbA9GsLf8ab2oDiv9nzg4n5gSjTjYJYqGNdpo8pvu3k0XjbFxeoYR+3bONBa+e0\/V5cimHNpgKrVTimMaMMdAFaY6tT7OKkXataUcGKIOpI4ClrI1RfjXBlfZBLOZbQ1ruqGWnukjIXOQ89MmoF02WXH\/OXh+KKRAFzwlapiv\/cQ9QlO9JZ0BB+POvvg0IQYksHMghnQAgMTrJM4innxppRZzBoWz9zsOmK6XhRhELNfRCbi4bc5YsBdjiD3ijjj0vhvLYkE8cmxkLuJ0qhNxl3p6hz2KHodGMRRnCY7+yW4\/w95\/W2ZXETMOaiPG4P8rFj6ml8\/VAIeNI42nP1oow2vPc0sprOkAOau2yfl6UbQppTRhQbTZO9wnp0+pb\/YLR560RKcRxZ6gUiuP4fRQpX1VnT9F+IXXx+\/hKRHGdtC446mKetR0R2fffEU3RdpszGGUSJYY9vViq2Eomp2NB2XsGSDZ7grvOQePwuxkF\/VdXMAKr33SX3CCDNZsxfwsHeafmqicnZBNljaecFtLy\/+9HYZeH3f2cDOX3K2VDbGR9cx+8R4uBk0EX\/px+zKszwuAcjJAvJeXJiBBoZwb1OylfJtFW0xyteXH7T57KNedRu+91GNpzswbrgQyjlkhovo1OK0t72ahVmG3ci4ldbaNoM9Er9o1PA3dEHVxpZIkVGwMvOCLlkTsNn7BvKy8UOqhGyMtxMVZXmLf+vQAImY7kO\/JmvUFXGBjLGGoDqDl13TqPutG44hrxR02KIBhULXqIMEKZ0qrvWpm\/\/odFSsCLPU5KX8gvQDTeNqgXvhS5yCTtJ\/E1FTIQ62Whbkz803oSWqHMyB9PTWsfyUOvQ\/rOPfM2Hp8037xRyvZ557yfBRFUiv70NQLV2Zzve\/8q4\/+h+Fri1+bTl59+RUidiY1TO3qvxPwSqJrc\/iUXUAxTJ\/iVUXyZcuGGc8bsiOTTBgqyOg9Hj4pZ\/3cKkgSVM8pOpKr\/hPcaL1tH1m5MiC8PYtFySKzAit5RXN62RM\/yP3bFdJNWXn3q6vSa6Nwy+6UJmoWNwQrB89OTwcDbVLvIvUrUOYSdw5tw4rl8hCKo38y10qvUFE7S\/vxva\/p2Znrp2ZVkSxayvzUJu3VFimVxiL3A7sYZs6c\/thutzyxZvCEQ2Ehf93l2gbRl7+GjjrhvbWDav5GzhJ32x7RnRqMQA6g7ihAB1sROsstlfmwTAaFrKCBAN7dq4qC4xFv28ox5F9z+6hjCXyOJStyP4WcjK+tovRhkLpdG2Wvd9PUpQyVc7n2VNtkJqiMlfYa2ialoeXEG2XlWpLp8Nvi5ARgJCTGZFWy91dkcCOz8sVye7XwnEDxu0kn98A2gCBLP47MxjqlsbBe\/36a444Y35PEcLtU3xUP\/8uuTpLZz8LGaII+NM3hazyvTcHrfjqZ0yk555T\/\/FaKekILXf"} 01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -559,7 +559,7 @@ 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_src_last_pkt_time":1621498082422634,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498082422634,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRxAAH4RYuOfdbB8xkodT+8SAbsFTriWyf8AAB0ItDBJ3NIuqUkAAEU0gEWSz79hSjx066IgEUilTttXNnBdxCIzGwyKgx22yggjYxUTOdMajr1\/eFj84LW0tWwiYEddNG1hbcYuTsjgufILsroj24Q3t\/uzrvR4hxlGIipIFKFQSdDIGcYBqlNqAaUOXFFDKWM\/NJ506Je2fGuUskxDQKAKr93NLTfrtVPjcaeEjkYt31c\/SZTL75GuaPT2mMN7etsFLArPTUK71+1V1afZAZptJCfmKCNVqwgGuD2i6NTmwkVh1735B38SS9NeTwvibpCCgqWLwGQceudYrYixpQsp4ysYS8hpI\/FAn\/wMbNYfLg0ULXfgBbdtqpqAz8gzjz6eyl\/Rpj5MNvbZVqNxScGru+OBXQwtVEZhxEtA00gRt2yig8vtLXbxeTHNHLvc1tr8ADnBwAus7BUb8Elx\/8QbOQJikFJzSqgm1q4x4Io\/yzHxvAmLnPsiEQqTqREOrKHfmlEHcPkGVkGtxFBNN+2k9aZL5JbmPRlBlC0G63qLufVXOEoqfGJNMZ\/r7nslJeVC3RVHNHRsnQaaVqTKCmjWU\/y1v6+B27XHPLKXFcBZGuXpvfdMRAsvAkwRzf8W8dO1sAukMkeYXN0V0P\/cdEmXv\/Mltpa5lcfPfiRw+bcfRkuNSD7Jc2b+iebax5ug8xwzr02wcXcQF4cGzsQyRZl7DyqI4QU91QrAsEcoHNeRg5JB1T9kQFDdcX\/REgLdvgMgBzxehG7z9OVH69vE5OHzw7pvnkoKe6J1pspEyN\/MZnsAVzaytYx30UuiyRgMISQWN1xfqum7\/YAiZINczHJ8y57E0O2FZW\/YNr4IpADWEzCYwTIu0x3DfRnVNbEZaadYGhViYNEY1zM28\/67i0wKSSLdh+0hygO1BEurBhEzdIroBw1lBfGNyfblV6uG\/7uEn55zpbG\/7qCk0ktkqTFveb6WXCOISST2J32xBVGziVeJsWONMPJ8Jm9PT1AEZcJwaHejFt9DpalZhmwFO8Enc\/ogZQaBxWPbFFyyuh9rvm6tNvA3jaeVh40hlLlIMUxPLddroFwYb\/9EO2mIWdQrHAdGk1Lh6AyJa6YfJKwGpm9NYCxghscJLthycNymVYnlH9ylQDmgmJl7hvnLAvwa32EnPRpWHAkiUhu0kcIqcpT2SkZyiu4cMABsnU3jPWri5+i7YqqcU8clEZP79ilHPctQYpBtvEKAmSD7Gg6PfMEKZqwwpeUK8+dTYIp\/o\/SmoPxYAZFC32OjsVAjSgBTgUFjJQtKJNO\/Q0n0\/Bx7FI53Bh8tOLKaMneKlT+LrkWYQa2IgT0Ubj9l8leMgakA+hFRx5nhKVT+gHy8BijJa8hM45tbFLGLuaHb+CeAqgmE\/m8Ud4ovePpufZDd3bW0o1jrz4rn0BX8tIkQy+IUYoxrBjuExnNvs4TRwyfTblAI\/I31W8aDB662jJlcg\/QE3btTahMgEReMXljoY\/ZRh3u7JIQ6wjk22ntsR1sJRh2WFJh9oJxWsj2DyGf96xBV4z\/aPhEV\/yote5aKxrDNBeQknvp7Yhfy4En1FEvSZe8rUAbBQgDc1BHXrROj+FBZqKGH6sdegaKRirXJnQLUtUJ\/Q5NaDydpZmdgBmsplWOT\/sTyUwVugBQNQqk6\/7I37T4YBTN8nQWspDxdmEOSVvcWwSS7UJNsfcrNGCZpeXaEIJv\/\/lt\/H8+PibZ7H26DpmjUL7J1pXuNg9btTIv8GIPiixqfenNc2qdVBe95VLeHtbRIWFOipebc7xvKSmtYEtFRjvJuANVxLMqf"} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":4,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498083623668,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYR5AAH4RYuGfdbB8xkodT+8SAbsFTmzBxv8AAB0ItDBJ3NIuqUkAAEU0nS+0w4blUhqvknb548XC\/yn1Gor3DKwxlbB7\/uu39QS2DSpEDxyStWc8WcyIZ8c5PgyX14TZwIUytEJlBS\/8n1TweCLcrbeP7MgpZ46rFSzOa8D467ZWE41EpukRayYejde\/G8ICnBqzjWfBvyq0jhK4mOUBCxRCcqSyUkDoreKeEnJLy8KsVPiDiYAH6DNe\/Q+lDFvSPyNZGxmCZOw8PnKQy4k\/Xv80GgnSkni9aNAYcvDCEoum391\/coWdVWE4L\/zhQJ7j9tpmJISaUR41VIJ1dglx\/39xJ9\/01vrSa3OkFc5Fy8BBj95oba7xwYHIRxreBnRxTlNd4vpEEdFCKprC2EHtxSZ4P7Fol\/19yabIzVGfrXk7pjZZBFfVDXyUCMzmvdsLWDs9LsNlyoQzMKBuF8VoRMmcfljrP3a0FiPAlZerqbbAf8Hu9eIZYsm\/yugGEdXwEKyhjhu1+YvDZmSjAXdaXqtRafwUvoKJvKOD58O\/gEeME2uLit3LhKB8oolU4Y2CeanLvQ0Bd9uGIdnp9FPSHwJRfgPRnBkYxuSiBlo9b2+yU1kPEnXno4jwWowGMmlPGobjvEwtGiJFuc3qBeTVGeRb+oZK3yznz4ooQSL7mIPohmeRd+Rx1zcoqIwZW1r3WTSFSh6GeCeImPe6iGHbBd0AtAFB9ICL8ih0D3yroNz2Lofe+8Yxr\/6Xw3g\/0nD2+ze94vt9qGWiHYwCJRDWe5C4FXOCx6xvwiSyBPHn+UWiFgdNlhpTeCRcxWm3OvZX\/3KpH7Z7if04QkBeuZ0Ux2FSXC48W6s91+35hS+WqQ8flQwk91inucMSRf8DrQXU6HLzij8d\/ufZ6cqIXgAbCC3+D\/5UKeQzzuTTA+cxHiC6MH8M+mCmeIocfg4VLht4EHV9xXYOfIHuXNskqxmXPAFbOph\/wnHE2YELf9Ug6M40kxzp5GfscSsJ4\/+F9+X88vGFNZAYZIQ0fXbJB9drC3AzgiOz\/dQoJBhH+NVAbbzi4o\/epLdDnU+pCCT3pvyBUiQfrYugPKfQ3C2nMgHk8YjjSoRW5j8rXdLqLftjCDZ\/JbG8rfCMd6cuFbBeb99wdGuxJIcMbwc9cvILpE19XIAUn4bvD2rqIm+SuWfcZWN\/9CNoNkQ2jrjPWR9LCDSA2u7MXFGhJoFiJrKEKwS8t\/w54Lyj1xy9zd3bgRKOto7BBzM4vobLG8+A75iWZIThG7vD8dUjCxUGvUG94fK1WBcP15ArBQ91O4Unb2X9Ov1f+Wycl1LV\/vwSLkZ7cTAKcJ7vKj2\/FUCYwORzVtE1I6aPqQWMr3eyzVJd8NVYj\/oBBdZHgOCokcrcnonn3Ps5fOiei8JlcX5P2LPy0fe1eyBW58+eq8FRuXxFch6vlwcR3K7lSz6kwNsDvqSz8BLQpPByYiuT5CXy8ELiCcWnqEWfDGSOlabrYQf+epIp9hTKNLbSF0V1NCtwIuAIDHhYy0je8v6cD8ExDV\/42DBww6ZJIEudDTA4IlMUEsUfuKZLsiCkicFbZ0\/4oUGu2YL5L8vXNUCUXk\/xLVLI+bjNLfRZlL0AbjxkdJM7VUIxCP+J0XO0kohpW3\/Ez4AzicqXaasofkO+aX2iLfksl8z1jppxUjL3We5lUmH7R6ILJpZ4yqty4WLx6UcN2I3UX8FIHoMXOeCijmRnkv+JLDGY\/cKbpQdcVjWO0QYhxTXVm\/89SuOJEwvL2\/qpMBK6MhPg2sAuL0mqP0\/yv8rnHP\/KAsfjDVUqlpfhSIqeHhMh"} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498083623668,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":562,"global_ts_usec":1621498212950392} +00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":562,"global_ts_usec":1621498212950392} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498212950392,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDdxAAH4RAMSfdbB8gPgYAcFxAbsFTooVwf8AAB0I+oTf3zKXQjsAAEU0K2X81CUUYVNTb7c\/gt6K92g3k2uie+OA53gIgfaMNjNuH4MUMelKU6Fsw6sNfg5GG5qJ4eud2MFOn8X2tXhI8359esLfPp9WmlTfT\/oOrLme3MuOolugSEKcrrCVkd0LZuV6Av8DKVlHVrlpv0240Nf37vxag6C53FBDIOQ6LCd22JO5xn\/NaFOQBTN5MwhdXKe8H6r+EKu0MMl3i18CTaxer4Ec7N0oGrRomY7+OmgBg9TauzdMWJj0eYJFpdct9mnNghVe3E+WWeOHpf3NCjtkwso9os\/I1QOoZPXB9jwIdZ4Ne8+CuKTG+9tcqCFaaYPOS5DhXjQFlTS5J\/C8wry9mRLfPxmO1BQiHAFr6GP9Y5vWBsO1V2479WWJiBEJug410DZ3eaQ6ykeEHvnIbiMvMtSdXEZttkVySMQ31Fw9rOzeUgG+BPr2jhdWKXNu3NdlWiImj8cTTjQOxOtPhe\/+6Fx3ryMD+9KP13OjJpbH1TmVC3+wAJCtRp7htijDfs+djtrDtQtmYoljdKd6zc7r4DUgUx5a+lfJ+CQXmVSyc22sQwHuhLv4tZCwLDzjsfyd0tH+hoD7Qa72Swsvd9iN8a6VR5VOVL4dEXew+OVA9WCef4VgLk3PIXZKixpDLfYCSJ\/KS3IM1J4\/k8MH5DuYEu14a4bhYLVMzA+\/6Hh+TKT4leprgFJ91woRA3ZcHSFAFDQ6JNfWusZkMrX0kYWHzOn9N74ryBahTJAqZOQDKe7hgPc1zvzFZdQI\/CliH1lyvZkKhGurs+S8SAvkW327v1xIJ3a4v+knVz1HDiu9E8EjgQkT7KRHRIBqqKZ4ondbPabBq7uV6zq471LYqxhGKFGyoGxBVzr2DttB3Z3\/pwDEIs07QNSxcUKBzdZnJ6x2Fq+YkehrvOFCXOy3YCMutFzVwvOnQCidL8ohHIIWEgjIbGLfpHm\/0aWrklIqjrJSJ+rTPRW83W61p44YDEYx\/ac\/msD0XGRhWnBmicJsTwRBBV5svGieLeU0wwoRv\/LHI4mThjAG6AiLpvJ81A8npvcEWQ+MjQOgMjWQq72fQ6mncpsEh8naywuNoXmsIk4BB4ZGwmYN2ud9\/oZeqWqvV2B0k5gYpBOaiO5AHqvzEZdSTEayKAQ1YqXbuCf5QNmeckJiVyF6qNBoatmRZcQSwcZ\/T2ApNAyCKTurIastl6KeRV4+KqYzamhQB2W0\/ku7l9R8YLUGXIpbFAVZ0uF0OZyLqs\/v177JsDndRPefW+Nou62dLsU9VVlluBk+YGFmAONdyhN8iZeA5WCOwz3iTTD5N2bN8mMzQIgg7Bqo\/E8GIRug9o17TbkJUN0YnjfCIbHJtKaMHxL00NJbr3VzPT+M6M9yFXdxFqcigT0A\/lSoDVW1cjJ+LLyxe7NFjRQd0WXacjomlU\/vSqOt4d7QZrZUGLTeRU+r2gGG87IsvBtKso3QQR3flphwZgK4qieVr6KE53k\/ITHpCwbcQAfeWsRIfVZj5YsjA9TaaJLxpay1HiqTxUqZg3plTLPwXIAI2UEnJyFqlp3LNmknoPjV\/RJb\/wzVE1l\/2TAXdCsnVW4\/RvYAIgz1kbEyY+mdBPPmN7r0m+q1IFeOg5RTG+Hz1u5FTDjQLy9DaHat63UbFT45W72CQGLR1YbL59Rzmw7wT02BDrbjYMG5D9ap\/FxMB4LpXzY4OpaSIPgoD0IgD6kheO9CqpcZaNN6hMfIgQu+UTF39\/ec6XrRl9w5Mu88X6Qox2mOpT9nNb4CbMfitF4Z"} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -567,7 +567,7 @@ 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_src_last_pkt_time":1621498213850512,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498213850512,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd5AAH4RAMKfdbB8gPgYAcFxAbsFTsNmzf8AAB0I+oTf3zKXQjsAAEU0TYW2wa0gBSRDkkdmZJDu\/pNSjmjccl+kQig5mlxVsILRFwOMT57XuOv8+xCb+87uWA9dkR3MCory+CSA9k9IwRunZJ+BETH5SfmpqFSP\/EAiXYBfiyWfexJyvvzdDNIlmXLEiyQv4ixIWJIO3WnbJCrbDZ9yN4PPh3+ZJeKdbL3pTJsxyDYJ\/K0AwIB3uSpy2ZQ7iPtPDkHhwAm0FbglERefDANRRCDt9UuWOODuqe\/eXcYzExeuApS5d3YIK4jhh64DClYEzzb+MKIc\/xPP+Kn3lPcPwqqIF0tNqN4kidjRAQThHdN0m2oore8VMpITgbE0pV1MgkL7lfnb1BmHdqPktFFVvg4M9R9oBo\/vgEDDJRAWAmGcmVRa5lB7oAaJdxN824d+GfIw\/1qMVVQy9mbPreGNJI5FA87uOjFOg\/W5J3F1z3HhaIyqbtwEoUGiMpxMkBVwhQJI\/NqiQ7cCTPyStz3iGYjK3gR\/9Bbw8+tTw5id8ub9L1LWEZk7DqKPgXVBJu8OGwqpaRMSGddcTDBphFbTHUszReIPXXK4fIJ8vnhXIbSCNh5usnBJYxXalGGyP1OwD2a79wMSUAPRbTRq3rslV5\/OoRSqu\/Zs+8jHkIPMW4LtxNfcjjkPK2kD4PebKMCHpmd0zooX6LnokRS4M4p0k3XmNrQeH1SNO7ooZjgdGcmI2qpnjZ50wZY0FVF84zFcfhdXiDRTgFPFrSaaxPf0z8xF0n\/P2TpBv6uEkyXD2A5+IeZFJHXEf9qwaBDrm596gwBmYOilpzlnw+vM13lluTV8LOtESGS\/vKE4CpcHhAcjdbP+1ymk+om1iitfEwkvvDF1j1qafTczkx30v4HqUJUwF\/9b61fj4o\/7elbSAAzfCZ7ESTNk2A2MHuqy\/5+jrriuO72nwy6VjhJ+GulTPzobteW+l\/zBEckGEa8FJfTQdOStHqid4SXNF5RJb\/1ytpyxjnE0mVjMP42pjeQQpTUsUPMa9heF32n+XhzIkoHVuTsSW8KUDb8XsSKBKbYY1eJqV22PrlbamGDRPIeYyZxQrvseBe9ZGoW+ojFuhr345lGnNBRTbyV\/ifd+H3psrwilnpBQYZmIt3+yx5+Ox2Fl2MHXrWRMFlVHgyr3YspcY0pZlBmQSZOmPefZHN3UeMEoicflo7w5P9I2OILP+nrgTefS2ax7woPr2siuAHSliWnIFGW80aK6MX04MDmNfZ9qEi9D2uzji0WYs1aM\/FrXpTtqj1SPUWWhLEfXiBcjKNmhsqIUIEkrKDmesaaohHC3lT35CgqVB7Sitf+f3SeyMb+bWGart+IRgLgJBcEhEKoIoYkh0VLJVV9+doaDLpZ3HUz68vvJqjR7RJ0Gd5ED6cjJQuN+n45FpN9LmtbOssh2iF6qqJGi+PGx9q0M1M\/HUKAy5AN1S8YkWFsARDs59lonK62ZegV4vU1TBWQC7PGQRI84JNqfby2iYcagYspBzxJ+WakTI0qksHmy126F0+iqfIjkScGi9KPimhJZju3YFlyo6jNdjnvMmOvUUuhPQiXrORQ0r8qWWWh6tJ9HkW9sI2\/Ef1akHLftAxsOV4Tw7CFHLJLIsPfECdd0l00i7lyYzOrNaZMF3Kzp8XNi91vmLaBsXnvB9zagu0mQRRAnE0+1FdGlzcqDM+y0Fv02XWeM5LLndn5G6Ul+OdbTDl2ol0tkAwTNskAn08T2HhWOi5x48zrrAMi7Lm6AQyQ1v45a0okIW2FPRz\/fVqdN69MfaqHeQccEm1Iu"} 02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":4,"flow_src_last_pkt_time":1621498215051045,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498215051045,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd9AAH4RAMGfdbB8gPgYAcFxAbsFTmjlzP8AAB0I+oTf3zKXQjsAAEU0LsN5lwBuBohPIk8WcNk8VFDhA7Vgriyi+GRtPBL9m72qnSXpKDRNyBr1vJSoNoPBA7JyhuAi7fT1PX1I2vjlaUVWsgc8kYgBIMx8qP2kNZwqjvx2TBVJwAj3N+yw8LwNKtzFKB6+TMsZLYLIMH9IrqYxqELZBIDxLZ\/QF1DfFyVw6THtglw50C\/0NZTEx8NCLc1o5VghXN9CxPQdDw+1ARCQcUgGUtcrl6apsDZmCIY4dlws7dq0+YRFNo4nwVv1\/NhuhhymGXU1KbTNUd3wu7IacRh5ZozQGCC4lpAyCYdi0M0tb1cwxp4eVAaxEwbV61pLGvzhHonyk27mhmmRKXHZp407b+3bdtylhWuru4BdzonBsrsOm5yoIB9EcZSCDuZWdNfxOPA49dQ8yeouXSBTteMFZKZgN3gy+CscZNgJ9VJ3XzPbaT3Sjwfp+Imm0XMiNLMPk7vk24DJeDvfTOWrGVyb+Owny8XN+kQs\/4jkzKd16hVcK3EuxZUJ3YL7kvuAMcyXATuy2aPzq\/qUCR+46oadiBFjQ+AqJGDa4DDn5pIlThfKhuL8W2WSBWM9NHdsijsX4AWK52hukic+q66F+b8J8SP6Iv68MuXawvVhzPS2VvFOVeSwGqbo5gNZY9kTkE7ENXEwKBBGjbiwiavOCMALOQbsE0Yk8jb3I1d2lf0ZMf7DUTOkyO\/ETHwkbJj6iFt1bYdjiO9VGkaT2DXBf7gPHAW9I7xVrnqcXaMDPwZcM9to2oq6Cvxi6ZFATdSTaILAoAlr+WJp4\/x4M5wyF\/vAP\/yTQzIb2bGKZ7pnfl5cywlo0fgpjvW5QOc\/RgHf18lMdRrf62sRFnaPGhpKXITH65wo+vXJhObyIozCXX3rt1PRJH+wShh+XckrU4wJJoKVBUHS0heJb0mgTITG0CMa6vcPljLF3dpoi+PDPoTKL4V+lpEkt+V7VHXk70t1Fy5Sfv58RmyfC5FEvWxQlVK6c5Oev2wm2PVpGtPYGHcT1Iaz18hBeOf47ddsPXqsB90cLN8jZHFvyg91ck4Sa+OiVIavMiGozag7DsBiYZ8cGD54lHrs8bPj\/V8liri7qpsDuJ1FEnHrY4lxVPCks3i8hNv9ZRv3X6jXf+I3VEaeHGDtUw9oLKnCBpvU6tAubBi41m759hiTFL4ykhxb8tn5m5aeqxR3f0Q728RgZWXTlctXVYSpB5l3jpLSWwBfpB5vATfB5gT7GU8Bfiwc8Z2Vr3zB26ThoifPDKQ7CgBF7D1qETS\/A7QkJLZ7MKggZ08HQ66IgwIzaMcpZFaNRoYH6V6hXlhmGbG+dUcLjbMwKPo0h2GVYGOukOa+q+uiIK4ndjQ+zbiA+B8c0Jn0cMGLFWosA6pKHn5QCpAq5EbGETn\/U08uM35Rr0A3wjYh7mFCvIdwkIPPE9qgAa7saF0ZL20lJZhQYvUfGCPd2lQAsjRu6la+JaXaBTMz6cwgxShegqVQwQvNyeg9pY8ZQuPw6hNhqs9vTZZXrpxrybFqtjAGrnLjnih7sBWF4yhTe87scov4hgwKG2eZyL3exAqujf8Reu9i6mCyS+S2bvDYnaOYKeHR2QKLBAPcuhLrodBina385kY6tjQo6GHkGYmif9zt\/zLi7pZ4bmsZ+2NjxgNI9SH\/j+LReSGJv6SOdxEDpBda8SSsYwXwzAG3vi3mJsrs0\/wxjaF3kkbWOJvHnm9goo8ySx8hG3LpiGXG9HMu1imyQOH2gj9nhFLFvWx77NWlPWL60HtwRZUPdmPs"} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498215051045,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} -00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":145,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":120,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":570,"global_ts_usec":1621499083794242} +00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":145,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":120,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":570,"global_ts_usec":1621499083794242} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499083794242,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijipAAH4RD1eokEAFubq3ucBBAbsFTq7MzP8AAB0IRh+k7PM1K8oANwAxa5vCXNWzfj2PGJr2ZJppn9nfh6Ikx8R\/J2n3pB6hj93tRIJPjf+f1DrhXIYFADw2Oc+Fr21E\/SBJZyXpa0us70tz46tHGmOeBrCokS3GTXPLNs2f7i6PVg5iYBx2tk44g5C8Qs71ezbhVdCLpeHqgEt\/KgFUjX37SuS08dzh1hVBp8Jk3e+0\/4OclX8JP31qwN8hw4wkaeOcFhqGvTvb7GXAVee+0nZmchwlYaeZu2t0+br+FVqhd9lHLvrcyz7DhDlFCTLeKywE2b3EdmYTKWQbL+AaOaELDauoXSTh5q70gLIFBtuSXXAm1sLAL+gBd6WGAsCkwCZK7IBbXbpfWhwnxlVgDIPibi\/nJn1TA586o7oqTn7ceMNjjzs6CB4Mgf4cOzn1YbtrCp\/6c+BO8SdxtB5t2vkCmwP5K7T6LfjBIuFXQ2o66LBu8vSKvZAtVO2yj+LkUyzGXrYGwfv92RyYG7LfM\/qS18M93d\/jLQZxmPy5yiGfWVxPGI0CPYVZsfmSBJekaJCKENQtKqBFs6AVPQwEuwFcacGyY3xE6s1Lu4QTKe\/QxafP6viMrvTQxzW0bcasUyFE1R7C9iQNIeJ9yKNA39s4GHvCsBht5FKpCx9AeuLYalRseEn8YWrDkPowTqNRxe0MscA8q6SQSy6jR0pOiyDsuL3gqILv\/SY8Rac1R05nZiLplGpiGDhE9pweKrCSsLdVSYAwcW3WvtmtNMX4EmbGMMrtnYEWdvuR4n2IdSRyv9gEYX6Q8hzoHG8BLHi+9db7fSutvIgwHCOUrjIPrH1I3iuMdZlcts6TP7n\/rLuIJQ90AfdfuDPtfyv1mHgxzTtaN2PTxwVb6duplHtdyIHwQW4JxQZkf9eUmK3IFE1g8uPWvlB3korqRC3X0AcAV+sx3QBx\/qT\/7gF6DFP2pyevadhyCvcOrG457OyVD1AcTPiu4iyRPIPs0ZJvBKST0kuFIAK1RoJYGXKAWb6J9ZLx+s6hzq\/1f\/0fVYymn2hbZDLHShxwbQkfEQlrOwalUO2ySwNcLdHaWrgafMwU1Jqwy3c2Wh9mqTVQACa1BySgEpwrkwNkoUZ7lai8AVhdHtwXYpL1gB\/TH91SWvUyF9Dvtha9t5tE0iXlmpfJuZOaqCkHSIu0XSKSxIBe2ySee8BdNbxqds4tKl3kUNeesA0aLrk5BIYrRjA9iqsg5i85TcPN7ilOO\/einXalctu3yF2I12P95cnmn8dVV+5aGLhS7eTX+TflkPHiEhNljw7cP3w4P+5GLFwM5tudCaDLA6afeuHwRmNyu4EHuYIuyQ95\/VnxA50tA8cTxnIXtWDvz\/V\/1jC10E8ZRQOx5RAzeQuGCKL+yBkb5e6xUFflBWfYCece3PTocANgv7MamRt+5dIoEcXIWJrMMSlrfY87Sjfbdyjyitgx\/3GErSHkqQjzECLn35cePuOYXjGdauoaI0FdXFxX0N4pWRgIFSMOMgv7WGHyUa7JL2uW1l6IWs4\/VyxVO7nYI1RKa0HSXbv+H2wrJyMWxXEF+FapMN8qENUanZn0DBN3nS29l14g27PiX1KosPCMvNsAEyL+FHupF8wbuG7hhioKZRauujDguEg9ExQ0m3tL2dBvtN5ROVDD26LyzDaWTk5zwZ2+bt9\/cncF+BxskyVsaDrMG5BAD+R2MBcjstM8WCqDrGmpTzd\/RDmbyfQ94p8EE9NW4bT2joZcpOovGfpfSmOfPG01l3k3sCykGLsIrKUzsxdgNn2SuQjCvYA92JZ4glYI"} 01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -580,7 +580,7 @@ 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_src_last_pkt_time":1621499131747389,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499131747389,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavlAAH4RX440uxSvxkodT+9mAbsFTucGw\/8AAB0IgC3o3GMiP\/8AAEU0O8kVjzdhFbU85yBt1iwqehVgv2Jezj6mn9SdO\/xAMoQ6Qj2CZu4L+khp0ED4qwgVsRimpW9+019RfzBmCFh99aBBiZCv05rUnXo\/AfLOGNQtnfLnIt22QaI4txCY1wQh4\/Yqe+fANHZK\/ZmF\/8jsdmd71qfw03URemmchuDEmTC2QyCtQDR6IgH1doVCRoOWgfqOlswkaRTmqWfAdyO82HcYIhAl\/HvuxVmWaTRo+N+1Uvg3vOoeFbmkRfA3yUNsNKKXj3CuZnmwqgawAkhvUNunDuSNb6sXcWQSLMYzSYokvzGSrnCUFzWEzLjsIIkXyik5WMtbabj\/rXxW\/BmKnGxQAsyLYjlGWLl8IsRIUrFFSYYnArQnHAypfPl5sP2d4bIyERB5Xk+W0ngzdIfL9its1S\/1UVAsH\/LCTr4l85qg6B3o5lI7DKEPxygD1vV7v2kHUJUOsz6IQEA5cB8per0TSrcw70EjOs2PB2X\/KlkRtnF3cJ9mBrlLk7KkAdUnU+mv18q7Ur\/HRCeSKZ1IDGV+ySb3Pkkbb41pvETv2t9LoyQAD6Lzg0sSPQ7JLV2KhP1jHyct5463eYlSDK4lKsa29bix2j9nRvZdlPAs7HziAX+7Yre3QLRHAPqf\/Fg1bbLM5UQ4fWOBRZxhjJcdvgOJYkAXggHGTSKUtw58FK258BEuvGOXPaZLUbUPnco5cBPBIPnVm18eagNa8I5hoD3V4qJwr9MuaRW9lHG4afIywkdpNhJvwCaU0fJZ7zWnop85QgRGJTV5214WTZL+EUJZ8twDwaNzSY1ggAfatI1G32TefYqPxD0muHegRu5a+vh6GU9Nr4OZ\/spphiT2QHSVclDaYx2okizMN5ZYBs0bQln9i6XBm2Xldh+51uDHmQ4Zzp5v5YqyrRXhV0FfzvxrdzKY7KJJQgW29XcUFfrN5qG1mzTku37OdUh4OsIIhl78ZXl7b4B4gtfU2MlbyD0x5w27\/HBKRN75vA6sVD4434hZz0CVYEpHiS\/\/F+U03dYEtR9fBHiid5ECmvh8ygYyirip51ZPSMQ+xf+D7QciO3qwP0jr6a1lkCiOGvIgtxOPSkwBE14jvn4b4AgoxAwzxMoNWG+KiIzQcc5d77j3SVtd+zufZsoTaSVxvbWmtRH0a31c5XS8D\/F0m+6IrOG+sVg+DE76dDddFTb+w9dffyNc0Dy2WGhcNHMlytYl3hpyDxLT5XyRXvjxA0\/VLZiYU4eZ4ElyHnvoUsVc1zIaglmrF+UZkxVlMip6nMHZ9lAEsM5\/RJYf6oyNArAqc\/usJ\/9w+reh+ZP71fVKQMu8hkbAHifaXr7zINN8beOioIt1MpZKpcyaXZRCKvAOiunMN2HFg7gb4p\/O\/EYfkBy\/QNmvkqv63ADfvqVNbE3rlc1Spji+jLBIq3nPFuy\/5gX\/hKpM6V+1cWwiQk9pBOX4ZM5SBBKjwpGA59adqr0mV2fpXKtxohrt1P7YEzdHgk6wi5UR4cnhpR6ATzawptEewUpLpO9E5\/GgMkhT3mM2LdLlAJbflcld+TxymmmNvb3UpmjyGh3\/j4AG85zZBWQGL4jZJFWwd8JkedM8UyyY3+J7Hf7Llgt2XBjEica1HmobGyVnvxPpQPkJ3hFFYALzmeLaq88STNOaZPk6gzd8otilv70M1Uie7Wd78Y3H+OJSDOFEeZSWpO7cC\/0ENxs6hxSkpuU\/vHtior07jJ7OPSapjbYusV4q2O8nnSUJJ+wHjLAkldls5Mo1vwKpLEojKmMh"} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":4,"flow_src_last_pkt_time":1621499132950390,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499132950390,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavpAAH4RX400uxSvxkodT+9mAbsFTu3Vyf8AAB0IgC3o3GMiP\/8AAEU0CCLAunxqEvsNA66X1EEh+HbB3diR8XOH+Nd+j1EA4i11RuMwRg4MxupRcBE59Wr30pnjCvG7WwSJ+Kp3Pp36kOB7bwBm\/CUaK3NvIUefVeiKu8aB3CitnkZlHoeoNve423fK1rGAI76S5HRFw2q07mGxbnOjhM9z6xCXAfDBGYiZmMsHObjQtqpKD+hKkc9zgcNA5nnAz2gfra7JyAqYMe1ZUl7EL5EA36o3hG0JBLWzLWX8nuGkbVaoYaBg7t74Nq4rXY8dDvLpV8nmxcysLq4Jh5RmjmrbXKF2Gqj\/q0AATOUlwI7mcPikDdLVyWc1g0Xd7laqkEwx5KG+HewMfBJ\/fs238LI4MOjBH3XFRiuNJ\/1PLDSVDk3Xl0PC62nbYbDA0ukzghD9h7qydxVHb7ofbKx\/ss3NAcRz9V2REHASvioY+v23gDsi9mnd9vmwpZlpX0aQuW5jWCJz+S+SLjnOUxq0ePjaF+BsCsRhhGX8i6WG2b5bLSOXs23ZSR4DE9X65QwocgVyH9CZF7V0g9mD8Lei9Spa8\/tGhEc762\/3x\/1MkuQ08WXE1eb5W8FD7NrgYf6o0QymOpwaXeXqUpZu8j5oEpy7iwjhLsjquFYTlkgkrV5P7EeuLtxd9bB8K86LFk4PPHiiVjBA1ZXeZeddZ9IO5+XDyrp\/kWDHTHn125\/pCeok\/mbP1lysqSICU+SavcLclf9iczGDubjMy+HxKcYBHZUI180+Z5bQIezFSl936qYJamaCa8ycGTpRPgFEueKYfkAyAnZkTtq5DWZDfFdJrM3n+ClXxB3nxKxe46aHAdmhexAVCdEsAFZhkjBnpwyd3xB8wOgcTOS3YOczXzarKmRIaYTKhReCbGXIL1oX+CKifyp9K2P7wqZHv4GRunQQ3oRCPCRByLb\/J\/aYJExxgDqkp5u1fIotrX93+PYJgtNU+cj\/AbP5q4Ce+\/JsCepvzTCvwU4r7bNXCDbRqDxZklxSS7YxZ+4UU5WsxKBN2\/p190KJ1g2AWmz3B7MqmtEst0ASYrC\/yrtrXPNYy5yH9ArSVpHDkqpJUlmi4BU91eIZ0kox+SXJ6VvBkjf8ZEp+qR6pgJh\/uVekk\/u9xUsAwsqz57sKMqWdJ5\/nGXjyRlDq\/TRoxGCKPO\/873K6h+0HEh3g9j1rU3lTRcVdWrmf9kTdGWMxa3xA0DnwHoABYC1ea5FDCBgn7\/w7shEnRbLHvASNCKpNPisAiPQp3BojbJ\/pK\/MnTCmT3WADNrOZytcxn+S2gLTymok6rg6ZpsloRw2wTfQI\/OCoJoCeThhTtmIQ75lcKluNMBWyZH1zbt1HY9uB9nKZamEKE3DVrB13yt0D8U6wSKhAaZDUsXRfd9Gt7evuxhL4Hb8Z9WDG5xo5\/tD8LyG1bDFKIiO7hDbTQHIh3UEPxXajlTHhjXQu7xnGAM1vFyccMX6YrS9i6UCZLkMiJYmNzx\/ZltM6JUnD5gl\/TEnjyNIBP\/D22Fhijc8guhKm+73yXto0qQMlGkuxvrqhc+0bFYe2RRrd4hWPK06ywX38tLlMZiJdebI6FcNXes2NEGMU6jzVKztzylCcoSrevOVNOm2rtGAym89hwLgT9RMA4C8ctQlYlekEg8f08n6dv25\/MRBrtpe7HHK6r3bceeC6Mysecla\/Y4nnPZko5jKfeqRqbP+pdjqFGZXZTISD4Sao6OEfl9vauwPSKfsFkLUqIkOJ9X9gdm49hSkDfJ0GfseC3GLK7JAAq5DumcX0d2IHEvGxiYDd"} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499132950390,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} -00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":121,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1621500710201121} +00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":121,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1621500710201121} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500710201121,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidHpAAH4RAzE0uxSvZsLPs9AMAbsFTi9Ky\/8AAB0ItCn86+Se4YgAAEU0MHhrfbtIJTtH3QVY6F3aeUtwMPN+HFDoLuLJNWWF83Oo91F\/IrU\/4VzzpTeT2Fs3WeheARS7a3eJ6+jBx50KgL2Mtap+DJiMUnv5+MiK\/lUO39U0cv8d7GpIK\/I60LKV\/5UKO3hYdAl9H3sKf\/17sYn0RqCxn3h27SFb14UfQMrK5fzHbBIcyCTwAI8EH1FUNiii2EHC6MKWOlasY1W7tTdhYLqIJe3Pnw\/eMMH4EH67C816p5GMiQfDThgfQ2wgQHnziUTQvAMRReqOG70usUWRBc0H+BQ8YvPfZECfgPywP5jcJ6yFiW20NNxDHB6aoJ4Cj+YV3HYe3hWH6RtYkzgshfY2d5Z5SXiixf9F396ika8t5YhgzUJqm3qaduYkkuoKsKEzuoXUVwFjy4mdMVXENEyNoKQ+m7hVG2MtxWAe5F0iilBt4B+B47gPKblladD3cYJ89FSWeT4JmrpSKq+sitEawWg8mHrgGTQq7NYbu7N+XGgNwfYKSGmo+wJ4PZoiqprX5abZOW0AcEO4GmP23kcsiaw6jBKGRiI62wQkX3CdcrDC94UAE4ETeCTM7KGTkc2NjqYwxvCRWtYhRE2jKZjoxjsBPN71ErHefn1F+hbfKNlDzSGX\/XS29PsKXDs3Zy7d5AvyJhbeMO5c9ZW9Z367PIIkmQCfsx7uUon\/NyNKlzzrFPmj4\/Q5MNYmYJUzIjfkdbkREP\/oi3qdVUZRk6Qq3mEyntdw2m0x+Fl9NnJmI7wPyTSTYM1zGxtoprNKLZoKHPJUdriJdNO1mtZLgz\/iMksWRPpo1KJv17xWq6zVr1T5Rb\/56VZDZZTzvvnDR3LfObrvTjxHZjpDe470INkM91Ng4x1MGEIzMvtmxatbi7QsiBiDO\/OqdD1JZRhadEr1SeF+j+x3pCgDJPrTxUQNeLKGpDOINsHcCNzi9E6t6xSea+mxi6UCuZeVqiu7Mq6oTDEdYhM0f2zJdDmUwxt9ntbOaqb\/70GFQw3Pu6A6FPriLWgxfjbt820gGfdllAq3bd17xNlN89\/sslY71CRXr\/AXS9zW9TVm9cE3ieGVRvpPlBXLxR3CcDRad5beYHB2p+59RVP4JEz3gq5xGAJk56U10gDcUMuTu9lOP0LVK6rTCu109YNLsvJwHDQHJg6cMb9ghMycYjRH9R8GiFVxeXk8FZUVTPEwK19hu5R3J4CDXQi+bSlYR8ZWUeNFXdURMnp1LQodsU7HXmk0DNjXTkB48gPiecCbmUF+uqaDsBFruhCgfz1ajvkEGLeVbKosgz80uhsQmk3MpvR16f+ZOAa9cii2ACYegZ1+a4KEx2NvHlXUrXa2GOsjIAygu7UkwCjyJDh\/KLNwjSadZAQTyM7O4lGORdsjV5FzQj3iyRFzjEjdAaMYFQh7u74sj71sIjcdgnajLAngwvieEOhjfkDL0tvg0+xr2ScehwvmJTYQZ0A4LvQTGmQ0QSop8E3Bdjoib9O4UduuWyY49M20Z07qfK9fbUe3P7MyS0IssG5j+o2HGVtB2rGDGegUxPzqBriraNuRetc+27PYobO7JO3W\/n8cUzNrheWIWi9IB4U+pmyDcJIP58jjktd5G89dt6sAMJR3A5kbmIbJ9iNmSo5NdNog3tnD5t5HDujKlpjs5YYJJjfEpJdk07sWx3cs35o4J40ZUcj6dz2f5kyw3ZDKB\/hzEHArYpTkaJY4Gfn8PS30KdL4TNAJjWtoOfQevIKVcxh5IQLx0UwAHLDP4qnlqslqSloufJGz2Uh8"} 01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -595,39 +595,39 @@ 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500712321144,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501125036291,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGchAAH4RgMKokEAFQSEzSv9QAbsFTrOQxv8AAB0IBDctHg05eGMANwA63caAA9thM8CnmtvPCsUhrbHTSUm+PmUcMNSKbWxGe5n0KlMPA\/Ab1TeVXrcKT\/s6bNMGiVVE\/Y\/69wmX+dmpzOGyJXfQtZPXNvgdAety5H0aaOEE7kffH7GYopi+TnU7X81j2zr5T1AcyXW4xwfPQqNjCkl7q4Y3aeDwCNcBIXJjS0cRABpWd4CFVxJeR67TsCsSv5FbpkqXMrDYhjzjrve\/sy87Yz7Z9ci1SSWv37yRACmKZulUZgb2lUkKSfenjONGW3S2wzKcrlj+TJQRg8\/bM9SNvt\/mCcgtVbTKLWbc+6PK5acKkQo3AdoGk5LEPb3l\/lQbLDG7JPRHJbZN8WUgPhRMqvGmH9CVBsbUQhTCVDm79glJnIm864PHxQ+t0sJHyebmg6XpGa2XYkUH2udqnf5+TTklcbBY\/R+qQP9YENJHrWSqS3ukUykQ0LjwlbuFhVHFAQ\/dxjDnWRSWKbRXG1NBvSlBffj33m41y\/BGqblG4oqUMrPzg1AdNzGWkFx3dfG4qE6jX4vypIKbmC7ww11\/bnqazyGvXVb\/qGv65\/bNEhR2F5JiCl4VlKXNgd2pkEqH425n6llnIOarnIlAFSHuFowuohSpsD5QcFX5UcWdhvyCoeuvwf5QxCPPKwuVKkeBE9JZdqIAdgwk6k2JahHoe9xE0fV1WdUs9GEH0pmQ8XxwJfQNNe9pfm7SAvyvW6AGvman3pEUJ3JJN3sVwyOiSI46dmLN\/gLYOaXzUMscfs3uNK42vabWH2f0fHSfBVduUsdDgwj2A9X9vZeZHeEU0AOwu1JroY\/X9M5vYPFxgUn4ui0etmumSVF1NfkFMIHTL2APYRacjCGMcVMTtDDglynqnLKHYUUQtNWqewrNtG9PHzcXuPhHzdOY0tg9FgaoraKpz6q5UqcKBzr2JjkXTep9JNqk5XEbwydGTgI5uoUzDCEAd9SVY58G6YNgOXJM72nV8QMCKvZ3XaSIH5w8qvkn4y+DE1msPs+0jjDIyDXNocrSDJ1AHCTzzWkP+w6H60iAOu9cn+Mnv8SiYPPciI\/PJWXhwM3wLkeNtUoiSczzgq7\/Z0NlAzOcUuSPUr404jqpSbsJLrUCNh2Hh0dkAD64yuGEGkYaLp8R5cHVIH1ItyvLeUglmfKQ9Uy1in+NSc9s9rgslR0ZYvwGV43IdrN1a8sbpRZRn\/6y6xJSP6VRA3qbgEM1014Xzxzg1C1k2pXKaZ3dRIS7DAmfP9AU\/jP7\/XH1KfbRfliwERe1f0hLOCnRYQayZGEdVA7U4EwP4GWIPM1mQJfc4x1wWHWPhcFpf7\/3kzOtmlx8FRonLLppe8qkuqfrTbLOUjx4ZI4BETBbxLbvlIKHEhoiCBd+yDUZCFKScdNpwrxVWVSz0cwfPkFvXivV0Btog7bQP8r0ps03inXLu3iY42JhuwOQtgnq9gOUYo5mWHDsf\/dFNji6zcIuareN16h5QMAId9cs9d8XeEtgmsP3EkHv62qC0lObg7DYq50UhiG+dr7cGC8xrqlQYyQ2eUFldqUAvW5Yq3oPDufxJfRMe4FoawMPGgol1Fx4lcF3O9ljlCrqKWUD5XziIcnMUjDT5ommu1A4ChUADEhFdaXkO3z0ajdsvt+2FU+8jk8sCeHs0aoS8LD9tqGOK\/tBhpgsLDtXqVg4vWFfDpOmZ6anyereIg5y9YTigYUAnRYoUArd1znOjveswaiQB3BfOR1AQE\/Wu+8zomZDAHW7r3Or47VOVnEd3KueolaHuDAxCBxZQsZy"} -01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500712321144,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 00831{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501260783099,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVLhAAH4RRAufdbB8z3k\/XPqGAbsFTtJqyv8AAB0IqwzBH+7SJ6oAAEU0OmGuRD6o6zt6nf9tmhZ4egDU3ziCGGMLigzQd\/qcgJuXuFXJaHBdLU0MBpsdPKMeIvS9Od3J6aS7A4aqWHEzIUcAYpLZNGiwuH3wRo\/ZCRSY8hB6LE3YzLe42CdSzc5lCzItOsVUkYEC0ElANHXZEVA1CYAydF9uHTTyCq2uXRt3pMNkc6SD2TRzdAjxNMy4aC+pKc8u60PxO0LJCtV5c4GHi\/apOFYyznJrd5zwDibl6ADYf0eOlYG7Dmb+62KXGzs+UZINoqFEItj8sokCUApXkVgH3JMM1tQ7\/i+CPMar5u5VhzM0xoMe4DQC0z+Yuf3p0TEn1Yqj0xXSzHscv\/FAGmONfCIQGf4DqCpAxJhcdINRN9hpMwFEfhYgZXMbdUkpqQbEUlH6Jh8L0xXSG8BNDbJ+HqsCUU8yfHEs9031W1jXujoXsokpBHj6NRhfYT40cfJ0owXrRfPAsakJrEfIbY678aDECo1jdyeAUnmWY+XbG8o1nY\/4ODgRYgmuoc3IOboNUvx8dTlRVrTI1abSpt63k1mZBwz2PcIo80+jYFQUD8COKs9GGRBzV5HYfMiKnpB8E0fvddrtWuczrHTEHaj+A8EU23AUAoyRQeuZRJ2ND3muZ5PofS2Dkb\/RLqYEnLx53b3gsbjBEhQD9jTXMS\/CkNOxA2dXLmL1VCbZDM001ClSjf0VqrWyNkHZ020vH5Z87sRnfqRjhEFyC6btyFOJe50iTVCZPNiJgpQQjGKjO4rNKkdOhqVKJYV3tZ30pOlvkz82jkWMMrXlfnLtb9s5pzTLv9t0tUOoQ4QgbRKhgDzve\/xApJG8bUCntJD7lpCAx9F9HoZMq40CxcFnF2sEh63lTmmld2YtjKFNOpA3UantQuZCNL\/CmftmHYYLrD7QkKm4TvXgbIR8RxVZ+EtiDOPLtHOx6d9B7dMcTY3Mfmi0JILNHIfrPCWog+RxVMh6d8lhNxI62zpKHPU0Tg6vqeO8SzyLB\/n8diVDpb66xI152GpmYVi2GA2rWPfxVjszVl5jtF3gWEj8sOvNX3xomkTvDqEIOlWFIFjdzSMYAaE\/94dpPwrnlUXOlwVZbLyG8zBkrVJIJEL0VFlCRP3cPWR9GCwyqZp3TvaFXw65QoKcuAiLNfsKEEBT7thsxAP5ShRNnKnAVngImJT7\/QyRjMLgNdZQiVPKJgKxlHmR4CKW3EdPdCekSxLH3DqHQePQJoWyWmK2uMuElqVzImkMVeqUtVe1Z7XAmQ74ZmJX77RfTpYOUgTJWLw8yAw1CjfU5hA0NqXKDuF\/siEDZ0glp7FNdcWvBjbo\/ABe7QhVen4FOuDzJ7O3om6ZklR7mLYelWmYJHFfypdJF0Xj+hmRP2HWSSx4\/j6XqYC2eVviMKbyBDVQQPI0EM6QnNDTPPWP8a+XfmtmdlLc9QgUY0RmRpsrtKa+1IyPqG93eGTD+ZSsMgyIEQWA5Fm5wsK4NEmZ+pC9UWL57aEkWkIPEN4XlJ\/9JPPb3uZ2vDE\/Va0Bb1Y7vNFgBYQGZaZLzo9Gdz7yiHwLVKre1BC0kz+KfDM03+0yKx5CFVmJ\/kBO0+wIW17IRrXQXE0U0ProK9hPHRKvARb03bAuREr6TJR10+JsF1ImGW+lnDDK1\/FtTCgnzrxyWlFZM3Cg6kZN\/6ZrM2A49rBarb0aVirmITUvU59YafXCiT9ymjQXREvUsDHNYJ68Utiz2AdjCI7phJ86HXYCIFDLKUZ7rKmhC6fjynuAGp9kfCbPkPfnqyMDrXIJ"} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_src_last_pkt_time":1621501261082896,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261082896,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVMVAAH4RQ\/6fdbB8z3k\/XPqGAbsFTnp7xf8AAB0IqwzBH+7SJ6oAAEU0QCGjYmqsUMXHqnSGAa+SGBqQKewpsFPBcHbIO1VQVQmdi3mM6XPwhlgoWrccirvAt2h4VgoFMSMBKUnjc\/s7c31zMKNVAjGwqSS9UcMQe+beIWng48oRC5FQxFxp76d9NvJFZQrnobOu9\/OI9vLd\/kjxzUXkKaoMqPw3HA3NrHDmVaI1U1G916dAe3tpfhldRg8TG66kkZbvUPojfmBk6b2Z19o0wD3eL3ArF1ggKa7dtmOX3vPsGSHppdsAwy05mrGdBMogG2GNPoz1f6Mrx1CryOOeu7sX8P0doH1Sq0iFILD1hylRmMMZ5Opz0H2bi9KA7w\/Ag2fPK0T9oDIw0fFaoOFIf0DJ+lEFoJl+bUaUeYjpiNWRiJKG6uA\/8tslFXAk5id\/lQWKSBH2JicuyYgt3WXJe70ZAzp2iJ\/c\/DtJGyES\/AMV8JsInY9TNZ4RXPUu+I\/eX7SJpitBsTdhCEwJGiE0dT1TYgPIAD7IuBR125WX32fSO6pJg\/SC52+hata3geWR8gYaq0AXNqoDGePDOkIXu0L29JvXGLb3VjgkzsU7GDWMMiBS57s7K1nDWVaICtgb8tHvX+qm2yAEqxNTZylYIiRmNXEmMd4aEPfVCDRnoLnzwSUCqP2hNYKZWNP\/L4ttvwS03mes81iB3GFItzHUXUjDko+av7CA0J3KO8YO\/MegXhauhWaOMhTq9siY897rXz2nMEjgxielkq2WyMK6PT7GQGMUlCvVs2Lh0wr5fTdVSGH3n8y5kmB+Cpz3AWzqb0PCrL7nfp1ZQdKXBaV+\/8ls7T8As7zUGDLh1cEJLF5+OvQcPuWBETyYL6v6P0nP5uBkBK24BlVWM\/6sea6ivZVTU1ytJuTc4EW8eV7cOfQv3Z0ZvtO\/E+dtnWbRbm1+xnHQSTJejv0j+x\/5AGS7d9EBuJMkNcE8AQ4pldxgHz7Ptlg1BHWeyw3V53MEbQaaKLxV0WAfr2iBsH3t5M6hAvRICNnnoroLK7ICwfeGHvOCdHXa+iqtGu6TGnIJmUNgGQqP1S8MgI4WSJKg4gkxYOG8Yq8I6m3HzLsup78oZ6bqytrclhVLejrz8Tk1wQFWeJGz1cSVmJ7dlJY4MD8VT3IFiybLNnMNNe7YmlJus\/1uc9POON3uOlN0OXN57myRfkJk6aARYP\/VFYz2zQVzhOYWEpCg54BznwVNZxFF0LMNmGI2PVN06DbNXX9IxLaS+ptZnDWUEZKgww7Rh55OBQLkyONb3AXu68OQa9KfW6wKnH\/vmE8HYT6n+SXcK7GycIHau5AFjik2iCmv0VvdznzcaYCCq0Mfet4dNtH\/YoT\/I\/YrfjkCWn9TD2GpQpUNvMSERx6JmQCcnn6FUkuIqIOwQZ7TJ4fAgdop2a8RuxfgczRZ1qfymdRGBK2o+W0zafNFhHNk2SYmyvsZ1V8VBf\/oEixGqVnlZ\/Jq+d3sW39fHCM7TJKwcTtcBclxaa8fGLAAlW9lwT0AQAwjaArlz\/6Lw8tnHTm015jYFYAA5vZt1SyvuCzOL1voALV\/+nsbl3\/ONSPNJsDGJadYCDcjqbyAwc3rD2eTlnRMOCdPOfDkt6aPuNtwIQdnKz2fd4z8axtKYuzjc5dW0Vg4zcREoGQwXF3Mlfi7nUkcrBa7blnobGRnU3R82Mb1vEB9HojGcsN+QDpwTPjHZhspz1V5NyHgQ7hab2FBtan1NhmTF8w7rDqqAwRtjT1cqxDw9C9TkgJvOeDw\/J5ejOyPpxUe1E98wc8RMhxL8HbUxhU6"} 00831{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261282132,"pkt":"AAAAAAAAAAQA2OESCABFAAVibSVAAH4R2uk0uxSvypibefAsAbsFTt60w\/8AAB0IZEtuMTNmxFAAAEU0LH9lIIuMdZ7Kq5MCzCZAEE+168Yufakbt9pK0ksbFQo5gOkiaZtZmGL7ajorb6dlvPftlMSSvVuPm3GtlmjJiRJfcfSv6WCOpmfO2v6Vi8Gqe2z+CCwK+2m\/JLswIRcEtxYUQTR+mGEhGLqGsRBSch\/o0S7SruCC1QzCSC8G53\/qUYvkz+bnlIyDwadCcS+Bc5KcjL4tNroERGF7KikT1T9sF4XsS6GZZ5vImGfO3EkmUp8XE7jlVo8hS1am9\/dWmCCc\/5UVFDsBeuTG7wkgrb8swjB0805Wj9GAKKohjHey69GAIKPU3++2Imdagnr4acCwOFCrohzIIheL6xgOuccLlkxDVLjv32FfUde9yJXpLDBHMt76\/rduX6hlX68l11YNKGEr\/zkJxTj9ypa0blphHmap9\/VBxt4j+qGvE8cstJqh+0IpvOAVwU9lYmLuMLrq1nyWotlAq9mRnhXu+BQIbhgiYOfa+NaU9CqMuW+zTjv\/orQq5ERGPyXLWWaqpnLvACGfb9O5GE65tq9zbrPCgxRqZkEBql7CjsnZhZlmCr3gHvgCBq68gfxQu+39WkMzkvkbP8IALmggIQ7VQf8BFdayRba+Un3cP7f07rfoszy+m8D\/z0DW0SQgPeYsF\/KmQko4DJ59g8KzGl0re9gjZRv5RqIECyhlYHWJ7GyL1p6bli3WeNOhxQJ2LLSs7R5C1m3Adc0j0XFC1pB+sAW\/WEd5oLl9Hwjd6M0MklHMK0LYJJtSeHujnXWGQ8zBsv7diOFCmysv3C+aiX6B0P9ogHiAroIepHRii2maNhtRux1yyqTbuXMBGnRPqFAWbVaJQnNR1GwNd+qPfEmyFuIfG3xnj0aeWVINv8LvYzmYdOSTc7SL9gqYuvzHxRf1+Upzh4eF5QSLoWFnXPXL3449L3q0i+u80g9dZ3zpdrqQOpENcencZZGYbAgeK541RYNNro8eF8HwnYPBOIy\/Zl55vIK\/DEhSHnDpLGsakuI5sKTjtOeDx8DcJWgQ1BpawPb8oHOX7RqPhuxoKHRxFskxCDjHJh3ZT2U7YKpwgythqKBDauWw6V0hLNf6LNYtE9ypEHgKJ6trOXxgEDjS1iVFjdsX8YQ6+uIw\/VczFtSfg\/SPICVvTLXIAkfbMpSXSpbuwtaktICU2t9lJxcQPW3\/l2RVQlQ6A9orYmKqPcVckVDM+iHEIyMf9H4+vCZVgRIIICMwjlkLV5tcwaX0n7fRUHrmKaF8bEP9rGW60wBvfzerDhS2zUGBYaNPcvoOZQT2ZC\/EK4cXTZIBKvBIyWC72OiMtkS12h5aaPAtwZ6n2dXPCOk3d5CPWaaLjKOIMoQxRhJPD+tcF5lq+ivLDIhTHUNk3nCiT2ptn8sF5bPoqGsz0vo61bRIdmWMMojjGxrRSN7\/n7VJ7xjrskWBNwwKUBcjdFlM0H0heCJNg1grIB9Hn\/3GIWzCFZQ4MK0h3E8LnbseAq9C+ciIX45aTl8kFGqoSHjTiIRX1LhP\/Ej8fNDVJL8xCvYIK5uvMb5wfu4aPiMKEV+qyT2Ru5KgH3hlAbiLVCIDHX3NwF+qehB6sfUut4lougpqanWJ25xwUyKgjA21oplysL84+Pde6u0fQ1tsE4nXneYYoZdfcbHNS2+TcLpNnevmrlv8oGUF+IHSvQ2pys4po2Ft+zwvHiZVRUCkyaXat54kiLBaAYSl8PWx5iWyAEXxmiBRpM1GFaKzxBpGVsS6lfPmZGj\/E0GSH9ahQaWLKvJL1xv+z\/y5zk8w"} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","domainame":"ogs.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","domainame":"ogs.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_src_last_pkt_time":1621501261581889,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261581889,"pkt":"AAAAAAAAAAQA2OESCABFAAVibS5AAH4R2uA0uxSvypibefAsAbsFTsIcwP8AAB0IZEtuMTNmxFAAAEU0JZ1KfLVI+JBmlx1gc1nZ06mlDQJxsWyoA2bzQbVVMhPumzwO3ZAR98o8ZPo9xLCUDTzGpsR1VmkqScVjzEZA\/RjIqIioWENrjUeZOvFpfzQMTLEtfK1H5gSkSzr1d9deTBzCPCECHyoWo01URci3jW51V0HbjDnEJD1I8iSzapavqXvkm7q\/CkPAOKz+EFk9ddN9tvBAUK+D6ra\/NoAZo9xXayAuRyx3iyJFB5EvlFUz1Sj7dTVlS5+TdfHDF6BCtxu\/3b6UGPME6BE0mv1zrD1kdQyNtPuDIptySY43Kas3SgvX\/I4v3DNRjU9o8CMW8YMBriuPdWaursmVudUTJYnB0q37mK+lxWkIltSWsQNuLr5cp6c4Vru0wwO0Ame+VygNGHbkKKCLw\/51hBpKkkTptkPAlMSaQQtKQI0OPuk7ItN4VrB+m9Vkwuz17+rymkBrFyMhsKcJIjj3luZReWaMMeNdN7r\/9xHAgrWKyyA3NzqfpYemGPDltByS1phr383eIdP8f5Ze0Ac0+tdcIJ2dWvbXqHhn3dZjhSk0HZZGEHnio7bqsyCfy\/wl3pykgp8G87hcfpY4upvLLmQRm6zklE2ZcD8mFhu4pD4VtgI4q1NkSPN4ENjVSltM1\/G\/SJCaisjk7\/TaytPYDocBazw8BpeLBGuMrWBrDpERso7obnHeO8wf+Lzqup7YnGDMt9vWazQbf5KRZY344vRrcxm8Cgm6xrf7EN0vEZrGdmbVtBvFwjU01hxeAVD8m7tC88nDxYD\/Vcms+kgEHQFUG5VPiMI1EaEjp4uM84vZhZhC6CDRHypPGw9HGqiPK3b\/Pd6yKRggtZr\/oWcBajQm0w+tBJKdOv7x6ZSHD5PhdRlgANNg\/jeNfdV0X5QnhkLi02ZeZq8yEDPFn9a3Lnz57TXoXYYfH6skWRGwGSQ2xHufw0DtBDB91pQTHPRFqigTQMOkcbUHvQ9FLSynEnElkdYIwyDeYl1wlkOI3z6haMDXB1V3RpZHuXa5GdOGVPCXKGY8TvCCd23w7RNdvgI0SAkP50qXRP4Kk2X1AVVlqpYf8FwiZi9W0HEiDmKaHfCa6sFt1\/rgrqUUw5ELhzKrL6pJ+lTg3H5NM0cd0C4hTHBtzSm3C5D7f92zskegG0WyFRw1Ba8N8vzkk3+Qhp\/je68IXQzCUe2u\/EtUX6CQYfCYIoWtYM8z5STiqZadSz8Hcj8gkMjUYbOqoFONvZacfYEHB0SARvuLReB4iTtWuIXgjYJcb5Qkm+SBb46jf\/04rZRrUrWfuW4MRTyzVXxCithuxVhs4F8PHfdPTq\/LCBBTHWDTyCQfTKVPq8P8t30ZnQWxsuPjLcSqLk2yTFwMtN32Tpl6KkT++kfElEUN8g20QBH4D3nsWOQyXh1qp6BLTCOt0IKBckhyNskXvMkS9f6xJSD6uYDR8gpfSiiduxVMENXsD+aZg0sKhc1tnhY564nzvmzaK5pK\/mG4HpcEZaoQlPnN9CVVFsxc\/AdJrQTcfRaJiP8\/\/Yg3DwS0RE3P4jvs8+29fssz2Vycvc4CcLnL6CYBjQV+ee549uL3GVp1M5HV3WkcafyAbynhL22G3n+0pOA92LLDWaPxdPw5GuPkVaJx0v0qoyE9b4AZ\/f7JyiBWPsZeIMB4ss18qfbar1+hhPvrhcG72WrRn1MOHBG\/UEQi0IsO4yKvwqiblXD9HjT\/0dhqt\/RFTAwug67Fa0M1R4Gf6vwbZT92OzvcYVJR3zAK+LRbdOlVy90zr3DQGbvb"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_src_last_pkt_time":1621501261682885,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261682885,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVOJAAH4RQ+GfdbB8z3k\/XPqGAbsFTv9fx\/8AAB0IqwzBH+7SJ6oAAEU0U9sthnA8M57fkNsMeJ2EE1SHED6gJhbQN4BfQJOO1PjffFq3gtFk4IyP8Wth3mraFF35AS\/mCSP5GPdO\/bY3uB7Y7VeiLUEY9IS2dFIrYZfbf9ZQsemW2z0+VCxvN2Db9C7578kBNAZHcZiUcQFU7QlwuGC4nwNjsiuK0SteLVHFM0d8O27xz2JpZUPDhtvrtHPERZTudFi1Sej11OjXXeMujoumIvT2OYdCj+X0NfUPlwu9sFCLpzinhlfbOthWMWB8q\/9N\/OyqjEr4qbDQGFnM\/Hr8eJUBkqVZluSAYj1Ywh29XdTMOcq5AUfmyV1X0sTrgeDtnbqi3godsTwx1QbwhKBj2dWTyYyHTDajH+2UBid1GebdhLGSjjnKxxAaaw6EFgQmpu7koEqoPObHp5kFU7wjAY8mggUyFBVjUIfNBYhWssGwyT5Z\/r5OGZuX1rx6tRJJm6gIeL60FE9LVHmgWUsYaHuVYpkqJgZrs8PzckQh0niaraVIhLPsP0c2zyZ8p6k39xAgrRwfx\/Zh9nPNn3qSfxXEzLRxlRYWUsplPXqYbIcReCdkDC\/N5gL1eP\/jiLz6QU52SRtg8taUEPRtc88DYo2jurpisQQ15KiRpuliwmtrhW0HqBvzdAZZarXSjJIjkWxLUUFMahlxZEceLNdSqe7MdK1UkaKw83287xEiaSEO7eTUM+\/wBRhGZf\/1DB70GE\/ULxXMbdJn9jltiavDAQNSyczf2+nbYlnG1N6O1TcuG42rxaHRd6KknCvWSCrAhQM\/VqLCDk0bY2mxWybhrjoGc0JuiCMFsYr+5pV5QRoX4Lq+e9gqBFnp3Uaem1xfnlWZMvZVrfurPDH1T3I4Dx8IroHaQ2Bo5DvKOdsiFkfzx2DBIq6SjpXaCsVzWBgmVAE9DRo2pY+eROHEOdfo8\/FBuCZXhbIlRq1heZJwhsmlY+7e2qNgtpC5DaW7zKw1HKVB0RPYT7VRcRTNl2g+fmbYvt3YQzNlorcN9OrbGF4EZ32C93f4\/HUQOVFV2yInR8hfRvuHsywq5N9zdnMDFx4UtoGC5\/JPOmqIglqIM9o0AUrBq4GdLXhfYvcFRKKHwZ7TRsYLwmoMgHWy8jwfHZhK1htPPyCu\/l8XN40QZGFptNt7D40U7OSwWUN1+psHOjRZWv6ST7CMmleHqyEPl1KLs2mifOpHcy+gSFbFBD6LLuLlmcGxRtETjrnZ7+bSuE+Zt8ruZaaGcSfNYzrqd1zOq56HYPd6nlE\/mmgkW8AFD4HgObgvdcHAI+BQl2HO3lTApnJPdlU4\/6LGlTjc\/Xy6ZatrCgtI9vY0+cPbiLZUSCI0nkM8mmbA2A5MknAZe\/w1hAi0GLW9UoOUSrCzacIaeo9N2SakmRlQF7OxrccNFQQ\/UxrBENXiSn8dd3pbynfOPUKA8bLUE0Fha7t882zmf3D2IV8UDrWHqT2rFiv6k3POzwJo9CVhSImVzpyIro243Q09zk2kOJxu0gB1BHDvYJrVOYEpZLmGM4H5HwzOJAsaUidoe7\/oRQyD8W5INMmeQBEWvyryJW11xgcq+r4ORSm2VIuTghtDpCYCC2hC9f+Dlxwu8h6CMW3kWH65itA1vwPXB6v+afYS01KWtxgI6eW\/NRjdMoX0SXGogIM7OSPQVVfkk4D2+dJAm44\/U0Vl4ZMoY08TeAfdXHgiERB0dXg4yr7L237fx9MyFJtNMScYo+op6Jjwo90fx4MlC9rlwatwxaF9nbgK0o\/x2ee6fFva6TLmGaGSkDA5"} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_src_last_pkt_time":1621501262182401,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501262182401,"pkt":"AAAAAAAAAAQA2OESCABFAAVibTZAAH4R2tg0uxSvypibefAsAbsFThjAy\/8AAB0IZEtuMTNmxFAAAEU0P4kZL2JzcQJCkWJO7BYAvn7jOS\/oPDLLELaAGZjPfdWe+CTrIzdiC9WRX3rH+cQNjCKbZa53WspbrWQ3y9Iddgk3mFf\/\/P8OYcu5S5eZdMR9fbh3X6m7e1P0w349oYB4hiM9IJyVYjIofcoBFkKxh\/5ebxmzh+XjVHAni37hnczZyCzMbpvTaS5Mo2\/ZngECyPdTH4R55wpjirrbqawWK5BXgasVyeycq3PgcjRIEDZMmdGuCfn6Or6mlQ5Oi0gPVZivFAfQTbBQpALI5TF4c0OEuWkV5PvIlcn\/R7+MoVcxfy0r0Gxfy5DTUZSVKcVUqd7yhkU9aooVQ64ePPS85n0Ao6nJaHk4CEcKYTxXKFGTV\/JRmN1fStNbk6PuLzUzSKy7W3AsorHxQi\/LmRhIln15AQZY9aFzjxmdp89pwdjIhQaDCc86JMYVdSIXjTQq8957N1jOVphrIDogsXbfM+ETcmeLbNKqN4fwVd+mT\/89Wjg3KjoISCw7cizx3pwneM1IZWZxw32ejl27XFc+DeXbCTyms0wwx5d4mug4d1+BMTCaWAoTeBSMDXB0j0tkDNHX2xtWAXf8\/UuzEfOvYCbb04iQFTA+2Hyu4GRbvJwOTWHAb6Y\/V0BD9+rx2H6RD7LGvrHh+f8uY0EPosNsFiCs+3i7J7uh6lA7HBXpprFebhJ4nBFU5ogCjUR6v4cQw9N50B8pFKaCLLkzxxoYWvp6aFiNZxcUELv9ZUwZSWCw5u9TxfZdk+lnaGdGEYWUKBNrO4TMaapbDNq4j7Vu95JXokG49C08JF5JMM4\/z45it8ndhYZEyZbzHD2yExEQ\/VN\/mKUwF8ibUn2C67S\/5tn76v1S1e7HnOhXa9tt7ko7BC5wl0mN\/vl7Boa7BeFOH9ChJqMRyakFr8qtdw7Yu8g3vIiwJEWJpLTwekZqiekCkjohBvin+U4rI8Z4iedGc5HpW5HGFoexz0CrVl5wTxzNhI8j0IRw+jVswS8qYTpoGTz3OrlpPStmJil9HnykMux+BL5xXOZ617kkr3QdqqRshG\/RQrR8s6QAYGI71oEFLMM4TOShFAvx7OQRDnnJcVkbGzqXs2GA+ynEHK77vOrqNEjJpn4aKnbZnLLPOZDQS24eO\/QA+vv4uiLfH2hoxa65Oz8gK+JnY4IVu3sZb9w57SJTYpFHSRkiWRXzCJ\/sWWaohJYMR8PWJxuCKDHkDpOYFa4Gqs5Z2wJN\/RR3okXqWJS7yxFbWwGA\/Ux6HYdQ3Ct6YGwLA0DbmZnkDdT8uknz2+RUM8H5unZqgX4DQ6X6XF3z+e9cZs+qvkrBFmI7iTg\/AWeOO4DzvapIASiBIUwtJXKqd88VrnmgGNuzFGO317nsPM\/31UoR27Yt3dsU0KGRIpm65J\/+Rpqv+FCFt3c\/28P38sc1iZpuj4G1ByY3uO9KITABAM93OOoXZVsw4nYNriGxowgXJm4ZpYPg6mQ2LTkJ1L1uH0ng6enuR+XlH1t3Mdwkm8\/\/s+srKemwScHPxez2jonymTIlyHWEj43rE3SOOstfJJIdIbioCt5eaO4rJ\/ZtzFVP3GREeo2yr+vwPjDBvXv+9IKyIRXu1pKvuEupgzLBzLb+08gepp2KupXz5AcDO7p5JSUs7lVhZLWrwC\/4LgHlJK00\/IeVej+hl6DABvNdRucAzmPdswdQTBDGuRv2XQeZ5xK3vAhBPzvMWU8ulKLrK4WenJ6YSemx045mCE+N3D0BzGu5PxpiypXC1Fu+3yqrqa1cp13uQg0a"} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":4,"flow_src_last_pkt_time":1621501262883655,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501262883655,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVORAAH4RQ9+fdbB8z3k\/XPqGAbsFTg\/ly\/8AAB0IqwzBH+7SJ6oAAEU0N5nRxD7CzP457k6PmbGW982R85WheaBsCtruJK6v2vcqv4FVnvinb4iwojBm5rYutLUEsRoBCN93kF94kBZNg0e0B+w8XSOWKtr9myHaJEVJVUAQJvxexJCIRdOpPs+Gd96R3wE8mD\/8rFkwy0v1+LeNlN8RocJpar4pB2Xxl\/egNrBFkWeF0SCDY71Klpb8+h4XQ+kTnXArz0IX5ygkmXJu+\/dDJUXk7UV9YDHpD8Mc9sF8NVO1vqwP0VIRUfUa9BxbWW8FnSgGCqCf+U5i0feJJ0aUQdcj01Cdz+XdMBLdlRPTO4YVHH5+vxhSvVuaTBrBuo5300x7tQmHzxRhWUTS80uyeSh4D0E2aRaIOcoXBdWz7XWcRp1zvditOvFgRY1O9k24l6RoBHYpKBajy2w54Qwkcax9HyuCnBi8sA+j0KC6bTIH23Oy0945GhD5K\/ABsTqbkR1T\/1BmKJcln9fOnID9BjYTXHhvHSiuhr5C6+WEqmkxFRL6hTWnbiMi9ScDrOyEyYp4w+Y9dk8XNtp2VdEJ2wovufAQyVF2vnzrInzpJ6LQCe+2nZ7UrvdDfEKszbwmLaaCDxUdQHCBduKwc\/BaLhTpvM0qKAry0vpbtTKeDFAtk40M1G5w4GGloA1+0QPrxEzOE9FYshCsaczVqSljWSnzPRzseBRBboAKDZQcgbmiDsCrxMZTZz9qnjrkoeSuMQGbGByNYCOkv0d2VAVcepZTN1EN0ubMWxwstKhhxc+wF1ryglpGXibyTjBY4PN9De7tAudd8GPiBnXb1zzLlLK30QOOhdv7TM69+HoBPtqvClpd1KXUxrAmkpTkludQ22lTT\/dj+6odc2oLnr7kQBliyEGqHNioXXR+bNQ8lQCWx2fNmZQcKvZ7rpDDs94Ju3VmuFijvJdVABFtOwEOfJf1tNH6g0mHz0tKFi+tgsNmbfLRpWFBUu5HJWbm0FF738G5ywYLkSMDAkVJdiI\/2KVYTFhHV6BfJw\/qnSfR8HT3AW4tMlC85eMZgbAVCTbYHeHZF5\/xK73tZFfkf9XYwpq4Qz4\/+b8T3695Z6KDv3zRvqoUihUf1qd6IFBYAUg3sNGtZVTG2z+zUeefXi8P16rdb+K+iS8GyDRpWYm2g0cCZPxTeaMGd6U31FmuQFziHTkXRIRS89IN+BYD5JC42L+E\/kJ3E85kJOIb826qg7CYUxkr4Cq\/m8OU0CVm3rRfM1T5Kx8e7I2zWTIacfqFbi0kcxxWf5RFAOvyN42+pd5SkKrSFinED2fSqwhxYv31SaMjADTf8\/gZTcxRG3RAmYh6yJi32KBVcPOqtCKVdydH5FyZgKfqcSm8pPGo7JZFyxzrf\/53DruYO2NRiZoay9VzzvVdOhHaRR7aTn45RfOzKrcz1J0\/qt+wYIg7lOH9ChPVK7Yg6U\/tvlTNs2yVfEXur42KaG+HcWNFesY0eVOHjRpa3vOFfrbCO86CvlDVkHv9Xelx+2xpyCjNqprZF9ZN8SoJbNcWEoPY8jsZDzHIJw1nztN5NNP4\/prjv1GFzVkyiiPg\/gm+0Fbvsd5g\/rf8eeZpe4skn26YZW1Y7ZKQarfNxhlBC1sDiaZ1\/A8Y62PURT9xqYtcfRDg+ujFgKBs3\/+zveb3ZZTW+27NcE5W6sMnkN5v58fCVVdJbqy+UHggMwydSjlYy4UkOriDOQHyEYhwexohJVdnSFpKIKbCctnGEY7KNYFAfn2WPvBxZepfd56wKtjaRNYk0+xGJXeZ9uN22\/qg4e5o0qrE"} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":4,"flow_src_last_pkt_time":1621501263382659,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501263382659,"pkt":"AAAAAAAAAAQA2OESCABFAAVibThAAH4R2tY0uxSvypibefAsAbsFTjlVyP8AAB0IZEtuMTNmxFAAAEU0larchEiSkKwBSP6hvkgyAW4zPUSZNZUpjOUueR\/NQKKAd1cujpCd6A7nE5NaMP0VnkXHobQdOTI+i+K2BTICIaQGIGnJxIG2mW\/ajsLpKTTOeM3U7LkVntM9W7+6o7frA3XNCLYOcnUldMWpXSzhCKevkMGihB66BexjpyPdmH+t2antp3FCxscFxQjQ\/FGm+PzomNOCsZZnuAmVxX5p+uieKf\/jNUaPEDo9SzuonCWmsGuslB+B3rqIWMWAmmMTI0w4+tZ46ITEZt\/\/Wqkk+TA48Seqp+qXefdS4Z5xXnFMMgZPoWZ2B0Zb9zYhvjpPYzM4daS3ILNBafJaCQz9196akW5Ep9efKwPa5n9pKDbQ3xgUGIuCAL5f5UEoR4XzhHBnJHn6UBC85tEBDsnZ7wn2YCSTNpxqgDGFHnqjm5tH3rn0kaDP+A9cQld0SjZAyr8KaUiJwJ+4SghJZssr5DDBDZVDfxAmb4+XTWegMoOYRP8Dr8r+YaY1aNXqFrFS39EEIsLWoHBb7JWTJfd7psKv27nJYoaZm1tUdOExVzxT23Z0\/1TN7M80qlt2z9RM2m4X41w9or7cKmzocickIhqZRjIfKBBA3VE2smlewYIVnmA5uuRZWpG55AEamV9GvbTr57d\/cg\/lzj9r7urA7iJAuhPXQLq15DggKzPKkmhEqZLuT\/TgTDbQeCAH6M7yllfZQALd3TdQF1+av4+Rx5EaF2qR8qPb8nkyf6M5yMwDR3zrQP3p\/BPFtFCH1QY\/RtyOGmEk\/sx18Xa\/ly+XAuW7HwdajkmrKE8+BGd5pVG\/xZe3cEaRCfQScf24zYNV9AtagLyWChTRg7wz\/OAYid2Zh5FSGwNlLJZVpzDmZtSnqVg+SotMtdonihj6yZr5+QhK0sUjylf940cvbUY1vTgRZ7yi5MIfIIJySkGaP7sLcouXjDJHQ1u1ov9jdbsmDlJd8EYm5bhGY2xH2Aq4l5WQu8mqRQHT53EMRVsg2p6KL9slWUUvG0WCw5gHQjJX+2Z+CIf\/2xcmeiz5rJwzrdRiCJnUNrLXmAEDprUn0Wx5RdCrV1g6OzsOrWylGnT1uMluhILd3t726MwVT2dyw3SShdk22JbFipH1tkVKYXhqyyNBO95\/cc4uEKrHwArDxMXg6ttCWeoYt100YTzPr44GU1XhQ4JF6moez2k21HAQbECcXE4uZrF8Q16rCFYqsOX\/jAL+hZwdqTWFC31c5GyP2Lk3tuT5S+R92DEBYV8LtohiSUDysJcmPVrR6C3dPtKgc+3CabWW95rVPKeWHagJRvcGyUL0uXiHhhEIaurF55a9+mwrPFLFF3rc7myVm1Mf8AbbCiybaLaFtZbsj9biDOA4PHlMQ0M\/csHG1JjHQdio0X7CZwfodjtSyBoBmCbm+AtXDyVDjFnGFZcycYnKK4J\/aDq56URIAx2XJh824EvkD5I02raQjNgBby7Kzmm8qHwTd3TMEZoBuQeJAblhgNWZ6GporLG1SqiPjoHE2F\/M0U\/etYGpwpKE8p\/FNIudfNJtYSwgfAU7LOqKczIPxOHYe3w1gW9Ff50XWtVTnXvI7XvcdjWR+LdM1PbDx0suektQ1w5bDReXl6PEymSFHC9RjHS0ncev+iGjfy6iAp+r1BKaVqpwz+aiJCfOJ6b3vx7uwJxrSjTJZsol9RX8KMT4jjEh8XvIuoG4PZGZigNYXc4B9+c8DJQIhWLoC67f6sFaOWImrBvzVh8QYJKrybZ\/xUOzuZecd25Auw7cR\/Bd"} -01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501263382659,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +01224{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501263382659,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501305362623,"pkt":"AAAAAAAAAAQAtexhCABFAAViLHdAAH4R7mqfdbB8EM176sqQAbsFTpTBx\/8AAB0Ivw8tm2Ku7RQAAEU0Z52IbyPObDKu7BbGHFwXmr\/rz3QfyBRTJB3p2RnE9UysoDSL0A3iYi2pNKedwkl5mpvF\/Vk60tFlBZiFzkrxIN49ZjHA7MZQYh4BUIyAfPPuF03+ZMM0Su3qn9AiiUpsB+dNsu+962VPg19tLI\/VV6H3PHsG4PuMw4cn9i3LGYoZQn6aHv1YbAMYupJTDvNFcb2s6pFl8eB\/z0QA6+\/NcaLseMUOgNf8TfMmV5DJVFMWinQmIIE8GPttZVUixDh1PXr9\/XOfl5MsudOHGbS\/BoKDVUuxmXWMLXGEKU9H0vMlsYLhLUm0c3MDnKGeVSrkeYvPjroMfaat1Tiu2LmC1yjTT8Uvh3DZ3BJLLDzubsslmJNrUgLURH5a1TFkvH9Q96Xa\/CgdBXGH7ShdRTQlh7Spx9l0kHtYDDWtdmymj3cp0EdEjn\/au5ybI8UfXEQ40NFe\/bpqHpIm9OIaPawLRKnKVCmPwkTkJQmFtLRT8FIc+hxG8+42VlkD9SVwOketnoEDo67L6UjWGJq8Y0bKa6DKJrJHKlb1cBaN\/n0tnPhMblSJyBYOeYoXsn+gmj9b+VHHpisogUCwUgPQms6WZ1Tn+icYaQ+CSAy4kHR6jZ30M6ApyQmmHvzN14vvzh+CT59we\/MSd6bYyHCxqlNxNi9gnxXYBhI44N0AGk0Qqhje+CC0oYc8WWkUM1686AJps19dxQQb1m18EQJq7trGNUuhfyUdSuAwL\/l0h22i0uupo2DPl3o0+7Bt3qwlrzpKyCufm4ZmMAPpvK65nzp6cFH+pmlOQ7s2YRoxtUhnAtjgxag2R4\/nlewGsR9ygeGjxTA5LiirItmkj97AzgWwoIUP9ldEWuIUcvVhLe\/QB8zLa7AJgeB1R4vJAZowIkhS0+EMWrzuyLxX+IfaYE0iHLqkcbQA3BNqXFj4h621k+KIOiP4lvVResrE\/c+w\/Oj5tA1lx4837jiHi0YZT52YvwcFEmqMCZU8XqMRUIGXvjZqo9v4Gwo714AlFrATSjPNB0rwwMyUukaq\/3e3DvrcgQ9NGlBVWFxhz1tqnsLP7Kr\/srqsLf5Bw4wZJQF6sEZW4nlUnupPVa0tpr\/+wGxQCug6xHyGNDxwnWnyjCwM4oE2hnNUNVujvf72\/dvTfU08lPagglVjnYIuPVm74QZYTZRFryAhxJK17r+BPfOlYKd+vVYMtivnHXjiFQVByr8k1Rcm2cpPeLXL3f+bAsmGkc4EG6HjppgudyHK+UV5oHN+m4I6LZs94OtdQcI6RUnBhsNPqFTdenognWR3FDybsz6sXPvUHez6OFefzWFvFSrz6XT7otFR8cdYGpKRwwSfHP\/PrekwOkrlmZijlypd6KXVAl4pAFkRLTGqSWHEA1LRLEvTNukH3xy5z66DEUDlFW01SciuFipPqn91VwpPL0iC6UpfNOoxnK1nHPehbzvx3A9Po2F3NnKEzfedfgajLA5\/LmaIHRmUo6B\/KmNXMWBfwWwfMwOtQ+o42gw8mnZvG2Qqex771hctyXZMqH2SJLXmmk6AtETcwF8B6jbJ768elE90Bhjm6anLtIwTYQnbLc4EH5TtLu5+uZ3DUfoYbPMOgeH4lIEDjI0kYQ+7lnl1zdIWgKe+MmglR86en4u4M1jb\/5BPspqYSJQDFVzNKI+9EnvCEh1nm4ZLP5q4L5n4Y\/OfoQNHRw1mNsvzMmZ1LR0N0nXyXURG6oysqTj3iTmd8NZXAVgqVBMCFaGWht6XT+2k4r7buSS+jBPmF7S9tGqU"} 01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media.fmct2-1.fna.whatsapp.net","domainame":"media.fmct2-1.fna.whatsapp.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":123,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":618,"global_ts_usec":1621503088279869} +01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} +00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":123,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":618,"global_ts_usec":1621503088279869} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621503088279869,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNs5AAH4RIneokEAFmWIcTtNoAbsFTmuQxP8AAB0IeGU\/mdbeLGAANwAZh+l9xBKAiSKB2OhrwN\/hzDl51JMe7JNbapPLHMOjmgDUc0Kyw120FAqWdbLajL0G7x+rThpE\/ezHsYo1+wzly8xUgAolT2BsTpI2RHGJFl7PB6kKEbj1oJ2aRfN0feK0OGTrmVtkNP9R+\/rEuFjr\/5ftbiLlMiGuS3H3QpNIn1LP4hRzRdMhEMaL4tpWijpslIEyIWPJUu7rklLDODiHtimhfIO2wkBoYI2kQY+hFw906HJDazA9cw+osFQ\/bzvopugZzilDKv1JaRYx1e4+hqHH6L6B1UH9\/T9\/HnMV2EpDa0Av+iDS3F9RRywHXZAIhY03mMeM7GrJP2Zpz4QhJct7zfEW3x535nQ0edWGlDKJvLXrTJAeOpJnOxJ1r4baAFi3DRD+vKNPYnsuGfuIY65dgPclLbLGQ0fUutzS5iBfTHGDPLr8VDoE6brnwH\/5y9mzczXm\/kEf07xeWOu\/1opIMye\/Yn9rwK9T2MMElD6rrbD6Gahnp2r9RHhIeVU09JhM9hecDnkQZ6178V6oPYtSdjz2mTGsw+LPdfT9S16RCinAfrzSX3fRQtDiS\/0lA192fRii3J2KEljzmCRknudcAIFxTdxxb9A\/G2TbmLeHepNu2Vz0i6tcgUnXVFPrdPymqw79zhx7DrjVNwDXeclunhYwL1E7tG0V3PTUnBzD7E5OrcUKHgdfHTYLI3pYV9K56ZSwrEMPYw6PdTGd6BMaZRgmv1zwBM8F3abkA+q3Zf8DmaTM4yYqUGdqKt\/rsJPP5R8bBJC\/k1fqIhjEgyfV75RWWjvPOT8vpG\/Zf\/Lwho7iMvjqjS6+1DpZLIajkAZ0nPm\/rm87HLI0cdJpxuRH1pwBLDdf8pMJ1mfSHXv93VQKMlba5U2bhfGH1Mqk7jCyOgbhoG\/iErOEjUrAiw7X6OQncJiN9Mkd\/SEm\/\/RWlqvwMLkvGjPHLC5e7V2TGXlnOhRlZBU7qILrPVNtxU7dCPtBdbxIDti1\/YRndJCIPzLPa9h2mTEfoIgDEaAE\/7UawhYqjGFuPu7cykm8DYwvbzLfyH7bht4ex13mlrd\/FiPYOE28osrwhi1PWiAzhV1qXqi4+RWmb\/5CisAguq7jYLc0h5FGHrR92KCTjSdBEZ\/DAyNwtWa8nS6w7j5Hbinu4C0ABTwJE2l7GH4ZQ9omOr49dyeQCQatUwx0VqYJSDhoVCe0TCuJntWa02NbIeePgGo8pWxM6tgM2H8YNfSNUF9avzsSRS2VyMPLnBXpk9KiQb0mc7BEeTRigvV1S+9XKWzbnd+uq94u6ElOSGdKojQAok0wFU1sgFBAgT2mV3C3\/ZQ6n6G68vFnfmO5+ZuiNec\/P1VvDC8vVIjLmaMCjrgt9+jDuswwkMDFQIciL3t4FUlUJM2MVHvkdLHSo3q+qgTRtHtpBlxLgaLGkfaorEJRtfDW1GQLecYh1sTrhehn3QcG0nR2Ih8nO3MktWlFwRqGrK\/t0Qsdsusr3bQ36R8F1tTznS8ZWGUFNDf+Lfwf1VRU+IBvCx3kULbMabelEKmImDqvXmP2zB2BjWHst539anbYbajQw\/ZgddvVcRhVSUqIpiPQ7wJ7kw9\/TtjeFcmJbCOn4TBNtXEAFcmESf+wEZSMAzbOoMV2uJojX02TEHH7lGyR4dilgOga\/fEzmhXhoDwn+0SuTYueRdcC6yi0FFtVe7SxyfJXa\/en0rOfO5K8UmxsGwQRxH4PjiJBdspE+yoKaJq6B76ZXjWQshEvVjgOi6H1dYlUSyL2zSCF"} 01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media.fmct2-1.fna.whatsapp.net"}} -01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501263382659,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com"}} -01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501262883655,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":625,"global_ts_usec":1621507440293528} +01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501263382659,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com"}} +01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501262883655,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":625,"global_ts_usec":1621507440293528} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621507440293528,"pkt":"AAAAAAAAAAEAU0VlCABFAAViN3ZAAH4RIc+okEAFmWIcTsysAbsFTp5qwP8AAB0IikGMkqg\/9wYANwBCbbDOkKE3I8tUrhP0019VoFQ42OGxkeSDSRfCVHVFzGS6OlWzWiT3fji2Q9e2uBbhaayYtc5E\/X007tKAEm9FuNGSPz7TI818Sttxs3ujdp1DhJh+NpZfeeSISitSIGvg2MzufhYYrAjbhnoT1XHoGCBc1rAFUoO7UMuAGYC8SYPLocVC73lmAf9DYHNSe5fUCJSAAH+oZTPgR2yZUUzLo6fywQUMulJGI+tO3nXiCpCmWVZ53dVEiIJeeIojZJHsLSZxfmkzXZWYlR6uPBugjMWutrpp3d5v3AuvY2G7Qyk4Lv7MAfdysMbwBNbNtmNdfZPJ3\/pEPVHOv\/559Dp4RvW50HvpUKtGVrDOqJeFYelmkJNmPICcqoerayf1TiCARBZAnCn0MwD3qiNb6ZcgubQ3lYbFhXEcXw4p1oo9c4om8zLGYKCC6gMxWMZoaZf19pIOW1N7yHt\/SSfp8qPr7X11LuJnuqgknnxWBGr+1wZiL2PTq482lAJ6gF5Z2f2tN3XLZipWQds6Bo6uWSETMHj4LlIoOeoO8q99yIrIxEzO\/f4j83sVtl5ErO58R6yY0ijEedgoeOZWD8SVQDMvzkmLAx1dLgYjNi3zBdewahsS63kzpEcxno1c5HXpfC65SPUfK1u9t7lKXuScst61LMT7gD4xRvgi6ny4pOwNfDlEoBJxFCoaEzFQba0SYnQmz1wlKHdeciad8aWCTIM+4CgIGyXfMd+X+XFoeu3ajcjzAF7n6JeYn14EGnQY8unzlXF4p3i93fMCw\/xlMi\/OJq\/ruw6eUXgNqb3nrxm0BR4ksvgfkB5sFTJQPZzM8zEmRDSqngasEorcI7WMz8C2mGoX59tOv7H86rOq9kc0rL9XtCb+NWplconR2ejygYELbikOOOslKugW2zA2OmoHHi2Na4MTk66Md2Uuf6WcAKyFaaQpjc\/tMudn3z3HXrJde9BcZI846R4IemkxY1\/Z3QY1XcsM91Esz8+Pxd74AMqufrPf4mE2zfMQfa4C4336cepitLI4wuJ1hBcTktGeDMWo3AxuFTPzMyx19tB4Pb+QiQvYM29oIx\/p58YHbJiRBR\/2VW0LXa2VmGF1yjBfbyTyaiW\/0aG3AMd+pDl8N8KLpVPA44wpekrJkebyMJOc8G8y2nyC0MA6L1m0olcRvwsPyg32HFyPdlugxC3gCUDIy+\/UdsTVejDWt8G3KF2zBl5z4vUQG7szc5MTIFEplmTziOxG9vpu8uPAGk3JSUOmEY\/36oGBDkAhxzxaUR5tfsiouiWurq0NGGO0Zerjexoy1X+rM8JONjVsJbya5hJGT1\/EyIrr8IuI\/DXHAAsxAOhU117x75sR1FYPo+cPS2OX2Aq2eYhfspxYNG0jwN\/TrKrZDda9AWe9Yds2HmJkKmWUnQVV7eJUFPO+7T5F\/7VpvLpDyDx3HI9ZxDJv4+lVDYmr4M7ancc8vSp1QLKUuXa\/RRdLhFE4WpkMwIllcvDn6w2IGiZvdFwwcz0o7+lWiab+FQFJvQj5W6kBnsxHpASo8358\/GjTTHB+z0Y8rY144soNEgilV0+eFQDnbygqPbwyW1XcdsOUsoU+5ncfr9q8EY2mvfVYGA2HoIRLv74rd9Hgq035d00HMutEK92GJr8ZYm+qplcEu7zCn9\/SDJP9SVZthGjepNQwhkU8gZjaxDt0kSAy5LpSeuV57eDXzlO\/myoK40cRqGjj6TY\/1mZZ4XZJntQPKWyMGIHJzxZKIYXKlVPoQnqi25JmgSDVSszE"} 01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":167,"packets-processed":166,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":630,"global_ts_usec":1621516392616564} +00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":167,"packets-processed":166,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":630,"global_ts_usec":1621516392616564} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392616564,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJBAAH4R+wiokEAFfgNdWcQwAbsFTuapxv8AAB0IERdUk7u04\/YAAEU0aOs+L2NbS8h3vY4IEyDvx9d+UduEUSP3UFQHQG3NjO459splk2VvFwj2AOb7c4buoNQkQrDX9vOCnfv2vAKh3jO4JsUMREjT5vNEDbeeIao\/p5PHGkGHQhyZBJDceMVmmdTd\/uhtDdk+j6PWnF9UbEFtNHo58b9XyfB2nWQ06pT3ZlYQ9WK7gVb0I12TtO\/1JgOp7SeP5Djnc84cBKVneYBg230rYLPChbpIzOYDBN2v71vSy3clCOV3NHQe9++jSFmz01AIsjPo0b7oAK8pqXiYvEW7DTC9VlrG7gxRC86BUuyPkAEhQ20RdVW5Yf10xFe6ayadGDnT237OAKo\/\/+O\/LFyNHbgVfKniSrMFRiGghfY1wLG1Jv\/b0caXf12hI0LoNCqVSPEG+EnSUUM92WSb0C9QePh4RT9rbvZi\/xbgMAiaBMtltwa7agMAD0SUEyPtFV3C+8gLuPxCYmnjIpV33zbnthqAcxQlIZ2vrKiyi+KhmHrNr9GObbxxrlP9ljjIiTHt\/t7pUOT1Y8FS6S3BV52+5yFbyKd0LCCvLS6o06nay2+nbWpq3MMEnIy2ErrDasXDV\/yTFWEtS+9f7sWO92IAVmXzrxbK093nsF5MajPhwq3Yj7enMlLFnsX3TwRJhVqvSkB7sppzgxggdf79L1raj9XW8XM8V4sShlzqKJNXWgV0Ic3AYwyNJp1wBL5vRbaDded8wpXErdg1Guex9BOOifEyh8ItX4yvCdMmUa\/SxdZy7sKrylT5MXV9b5DrpfLxY20Ij14Lk6JWUcZoiy3j7yw\/ubYUYzuIFwHCLS1lok6SgHEGlrR8xjkxHY6vGzVbWVDiYYq6XgJZVyWx9Zr21JeGPGR+US5r1E4SSQfwwOWaQavhUq2zrf51HYEGZm8p9Jic3+SIN7YCHgoI4i\/tTXM\/YmMyB3h7wKOaf5t8OBGmgTLUm+k7i6hbT9r3Y7OmK2kRsbBa0dHYNr5d8T\/VGuiypPl4TtR89RXwIfmo1y65zMEsqRFLzkK6P2g287jebk7ShyfkPP1oD8ZNBDlbBORa2duW2pLxkyuhyWajEEIi5IZPiaUkWm07VY\/3CTB8jOxZ5+izKU77hZEJk0XVWc4uEb\/QQAq9sUOziToveEoxQ8lVzljsMp2uan81z84MDcopGEBneePiZuuVSoKKmRlgQlyZ2l\/7Ctf2AtaE8R8Msu4a8A0Bz498uXG67md1GQF+0zH2XGFwQZi645tPEtwFrQVnFbTEKZ8BXx7Nap4taxxtpDt5spf5pj+Cxj9r7SClNizeuJvypZINANHTovJYhzPRhqHIpBWwpQfA3PntHJITXnxC4WmNYJAZCKBpSBcum+oGhD\/2Un0c0TlEt\/thcPjAZzpaUDcVhWpBWCVkKgQSFLnQ\/+DBcsrUFMD+140pVgLHMyZ9SjqlyJryDXQYG97OhxHyQHBDtRUXSWiUupn5VQi6HXycsWOMWUIstNHGKJXGdHz1DTnhQOAh42MqA2+rEX\/B24vMgaRhWIP3wZKncvN8OnaQB1uLmAogRZC7n6Oq2DPqNrKGHl266GYXia9wtsSy3dBXWQj5ABuS+XuL0dLpYt1yK3fxHMTM\/IAuOD+tETJOkfaID9ExjejoJQhKxG9A+2SEOwuBb0RuAAN64trhUk+RRj7+3dvdvvBaNmCF4ehH9m8kVXSuv99l731dIsTYFWF+01uzy3N0iDA4kBqgoPzkJX11gEEbpzeVX+FAdEn0TRFND5ubmH+ZdrnKSeLG87FfotS2"} 01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googleapis.com","domainame":"www.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} @@ -636,12 +636,12 @@ 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1621516392956083,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392956083,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJZAAH4R+wKokEAFfgNdWcQwAbsFTjV0x\/8AAB0IERdUk7u04\/YAAEU0QsRAIhste6Qmerv6\/2gDbfRDwAaPuph8PFBnVMVSxqTHXblLi7PVgSezrcak45QcT7cr7f2Kk41jfB4rdxTekfgsJdW9cSEOP26vRrPQ+xtYvK8IevBKin9k+CbE9ICrG5XZ\/\/XXaKo6ZDcc4DobFg7Eg5oalPAKpnOl0ppoBCKEGya8BRo1hqVkxDCAsTREMfD8RYDFxBT+6RFQBpExZJ3IGUFzgiPDx5sem8NmhrbO788vko7VGTccBVNLrkcQP2jsrXZ70pfnG1Lk0tvSt4m3\/Jg+Ih9JIw\/X9v4BKd7c4jmaNos7\/5ok\/DTbD5jEn\/wBj64A027lyR7B+AMUGSTCopjOiLs+4+pkBmv4tJrlhu4mptWO9ZntEZXD5oefDNzis5o9MDy08FK9gicv\/\/3ZyJDnzN6bzDKA8SCvZc\/QFtjLrh04c30cSTIUA9BcG5pqmWUjZTYQSoF\/agxqIaQnyq49XumRZT24ofqD44VCkpjoDB4mdv0JGgSKvyY0mh2k5n\/tA1LiK5+T+vBrXtb7\/e3g4M9MtoPlRFCwop0DamO9yahfgwpfaiGumxO9PZSXin\/pxFgYz0L\/KDMgZarPAL\/snmKD2zc1FwY2ohJOmydOye0Xt0RgCJniVlZd4LJU155N36AMgdA0aU7GsBzzyGl1iMxjEAFfHFvAUSo08eo6iCcQgb96IEtARP2Jk8nw2WTHAqJJpyUKHbfbbWyMoyvjW11IFL0drrKF3ue667vcANFMSplf9EUQ9JUNGCKxmmML8j5x08tNU6H9e7xelOp\/8XtgGJrgTsDXKoi5qGkqLcgovvaVcGP\/ZoYAiDj9+94YEzAjNGahH+Lc9pJSbMDiyUqp14\/PpxapFE49fJ949kx4L3malt\/I8bndYAjZxO2KXxhEnyQboYrtu7bYGSVa+OhFP9KFPlTMP0ho+xAzjhYhUtJv3HnvzXg4NDphQWz8VBWeBR4KmmicGIpa9lM1MUJeLpS92Xg\/84i4LX6p0T3wD8XUw64tA17pvkXCROzL0nq5OImQUKEt4g8dBj\/KDurXwHYPvg0HaCk8i0hfYTj9SMBccNBOYYKfGaa70RcexX5XTCdb8+irxeobF\/dAy9fX\/HcUHFCa8z6gZ5Lvoq\/kEIv7eeaD3\/2aPWl7ZV3EJRARCTdy7zud\/K1eR0wYZn2E7cjNSVOWv\/AyAAf1yEuKuSrBsH+33nn8pv+pfJ+xYplcfytBaI1IKBHNknJVn7ZZI7II6fYfylqlr8gaRMyXA52Tmvzv8MYhfYz3Edm25O+wtP9JGRkrgfIK4NkW\/lOJJ1zRdUyav+aSZXzJfVjhtqnWyG9EgoUSiQP406fdqZoqfObsGdWMdrLLnq12PG+nmYKynpB\/Sa5uEjBx1WIx1bNm7FdC4ucJmaj52sna9hGgyBc42eB7XhAZuSZ0ii6oA2IOwDDHTXkcR2if8HMGvz6CiudXcQQBl4LmFri47lQ5oZ188bPdSG41I45lnDqhlcZm5XX3I5\/Vuxs\/GGXMDbKG8gf+0JhZiDDmeBLFuMCFRFpjfVRZsREfskjBcOQv4m8lgJrjs826lH6hMeEquQ5k8jdqr1xQ+\/OSffp5tTikY8XObu8AI\/Pm0jgroxkQ0zKhLfvU+4naM38qCrwkzZ75j4EXbZretHLo04zzIeOtawPS5YYntrGGOuoJbLQmu8AOnMVhFhKQ2tn83eO\/TQ1F0HDl5Z2kl0LdOSIj+jEPk1phzCYTYHo6DzAQfndQ9XDsMS9tQ+y\/UOq9"} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516401935898,"pkt":"AAAAAAAAAAEAsa95CABFAAViOQpAAH4R46+okEAFH9vSYPT\/AbsFTrroxP8AAB0IsiNjxAytUVgAAEU0Rqh1oTS7oO8cafTa28fAea2TrPFqW\/nlAJ184K2vdoORXSVeVMo9P99lJizlhuQtwjqOuZDX79HEkhTLfn6mYDJm73BPHv24qL5kCOPeP9TVOodlyLNO8CXYBxsAfImX9sw\/xiXEYv4nPCZx7phxoORVmsG2TXdTVZpBuZ8d7NkT8sYUuZrYsCN0\/vodaBZ64dqsKu\/0ntZ5Z7umvCbm7mnmp1P5JPIv8e5JTwTetx99GUoYM3Lss9UBBF+N+ZQAlvbgchHFwLlztR3qBr4DSeiBRa\/QCa9pwK0wrcW1wd7wQAaeeQE+HUQqzk21mGA3Ni9eqhg0A8mBSXeo4q6Zbc1Qge7LZjkMnbzwWQRN86QRzXhr6ZqznhJsrs2gf+6K0tcETEYFPcH1LtJTTUs0yfQDuzNUGO8Ljn5FQDD1zpRSvh8s7V0XLbAMDnVaIpCgJ\/Wzfpib6V2K6uy3y\/tnIOG\/KewueYVtxjddYzCJF8gOJKnl9hkHLvDnXYvahVHmmsSXkZEDuqEbBU3dhSvWdcTWMI6EGZ1la\/dvApDNmcb5oVn\/GyXnv8p4\/EaQDcSPgEq7tqrMT4zz16ib8ts2HPUFH18kMT2Lkh0kzLngKGYmQr4ud1DxA0Xh2OTA094JKybionwnwYmG0hB+bs0+W3t+x24Ktmr3UI23QaXnYhGjWDsFVhEwqC9edY1GzRBOF4JKsc9W3v+2U\/SN1VrKcc+Bevpa1\/hwmOmIR9UqFFRGYZ8XqCMSHhBSXZ98GHc6Tp8dIXH3GFzyONX70YreOQv70uYLLo5G7B3vB2RKjJ7e8jXDVU+JXnIlEp+p7OvLVmWZJ6HiKz1yl5dXohIS933mpnocVqWJKEIp+M6mIafetUbr7l3ub98qfRhhtDelAeHRUPJsEnbTDiebfukKletmLj2M9uqS88Nv+AYjq94MlKBVGJG0hWh9iwuuwJZCZQrbtQK7QrfvlcDDCr5e3q0MYyc3hLW0S3LNDLCzhZJHuh94K3qh3XmLNI48az6btORNC5VVHVviSCJzpyJi4AAhwk+vZEFTRHuM1FcBw3q6LFjAesbh3fvCHe8qk7EVnRd8k1OJ5pwTXlX6oar7LdQggPhSRol48jQ1hU6ZrFWWYfQPGtgNuW+QSDJwzQMXWphfVZa\/bjTSTMzzJaPxFEO8blcgWgJvyIWIDvvNVBD98ZAL8CsMvDFroJxvSZYdKcm6nvRcebluRLF9YOtvGfZtjUr\/cgCzoc03HDo0sme\/lIVgz3C75OcoWQzVAwwXgD9xeikHRVTVmRinnMrGdKATgKfjaUaxEe\/4wD1DfVumT5F9SapTR39kz6hwpsA7x0UFBknturrO+L+akqX6pIKp3yDxwqp2YSrQtxrQM2HIA0adAIfRYKkhcslIAE1vsvC5gIwRdKcF99Ry4D6WcmQtmyNTEyfKPVZfHdkM52cWvBas+\/FFczuVKVquG0n\/ExS78d7fjZpi2el681jYg7VOPeTHklXJ3AcX9vJRJlgZZPB6ZD\/pRbnoYkfAMjAtcvtRNTJbEv29pz2OQpvG9FDqKNggB4bJ4OOi9Yw0GTejnWMyT8AcCgKIWe5b\/j4tdp6cu+NFWIXuGtcykvaSvXLjzYQp51JSgMBZ\/5jwYYoRMQZPWnJD0NMzZbO\/PZqzoW54JcJfedD6PsbQwfEVZ9qO0uZe4XJyGo7xXMW9qheN5A485AGg930nGI0W4y9g06HYqEC6FZbTUGCQFaccVVPlPrwvI0zP0AD0MaiXvO5tGDdy"} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com","domainame":"lh4.googleusercontent.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01445{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com","domainame":"lh4.googleusercontent.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_src_last_pkt_time":1621516402235332,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516402235332,"pkt":"AAAAAAAAAAEAsa95CABFAAViORdAAH8R4qKokEAFH9vSYPT\/AbsFThF\/xP8AAB0IsiNjxAytUVgAAEU0VlWdZoCCvojlDyfa5Yeon08C9NEt7N1hxHGcl7FpDE5Z3Q9X5dOjGppxQuVZ+atKIAVvgbCcQVIhusNpashx33gtd6EhS7ZbKLvO4fc3PTuNql6Czjwc6b46RvYtjQHiYIFYBl31X9KsUf7sMEKMhQUWKvfytWSeM45U5GBkmLvf17D8qsLlZCvoAeY6VEYDPspoPXzAUYzFOsd5enOX3RMYkXxLlblB5gix22C\/+sUNmj+ugdjQw4gu\/fkb\/+jonN8oHz6zQAE\/PJV90A06PszzVUFctBVjZ+j5Pwz9BjozUZUg\/GO5kFR0Af1qvNMmXh\/0QoCYJzAEaSM5LZn5V9IadKyhWiAGb8bAhV2XnJfQfmszIOGoMMvaWthG2XAg6x\/4\/kCr95Ae0+tDiO2FzVaWI0nLPloEgW0+kB\/0TGNzL\/+Vy4YFY4PXcSh85eAiYwO2DkbrwC03nysw9v0D2V7rEHgNEO6ioGGuKv6mypXkj4bSQLPMzAkTM2MsPkC+fXW3f0l+0+za4NKOaY89pjaqW7bgVrOTpwQh35a6XwDDTLsphXxpOh7dlW0BzLzs03vnjLkokDqzkTmNyVYHQO8+a6C3JeLEnZTxFmQiaQ\/1gRzZm7cpY8RY0zhtz+q3FIkzaFIF\/AjKzGOOu8+5nsDUVUSfBS+fHZOKMM2eOjApm\/tZzcNNW1fwyIXL8V76UchSVNHrOV\/Piqka9R1tk0T+z1Vj7bcbIKNxTymIgfuZHLa2ehhiJRTVxdu4QeBCbNLbQ4jG7byE2A+bFbGS9ipIAYjoC9DnqCMgvL8Cm1jbkt2kO1+bEwS4X5aZJPdFzz2GBsHA6OGk5nmPDDOrC2sdqH58ShIcD+ZsAFb5MukWegKexiZGTPy5BYnViMh9Y9GI1jxJu5njnFXaIQ8qVdUruJxMtud99K9OjWpL94NFcooWggckaFlC21iuud67L15UsBMt83hjPDeakhUa4qZ0kj0gWALzdK205K5Wfz4DWhthyqf9fEU0GZOnTCjN7AnpkGQn2Hlp4OnoxtlX5VmufNf\/lVgf2ZeVPKUxlrBcNx2HEOHT4sZ7wIF\/3lwFsTvQKcix65Wug2ejeP3G\/83G9Qzq7h9g+PnVu8KncBYgcDGbeJP1jGd5F\/P6eUEylVpUxF4tuws0zlFKw2bJb8x6Y+cBLwGKHVC0PIzIUIpEH69fnkOGqSdaY0lRMXb\/EEra3O5ioR+LwgLTB92diG8Q5e0s\/v92K3HdzYSQ8TlwUeQ+x9woWExu3b9kGovPv3+jFRaFsbNxKvTVSEfjQDcafUTKOb\/3tA7k+tucr5my+7aGjn+bHbFFsjfBLkQLeS3GRbQpzQHhNjNEkEbiyp731MXybRhTCm+Y1qLET9TlYhBtjM8a05Qog2XwlqEM8wi+y\/CzGxubwbN4IWOhgTc1yngE04OAmEFZfH\/4awrr4YU9tLSzhbY9S3EHvvjjZpSTP0GsdZ92WziUPVAuGPfXB9clRlvNZdmbyGKYmxwvtpU\/5Dl\/GHlToInQQEgn2cmkuIp5zl\/9SUAMeYZhTS4JmDwPt30EK+TXkoGbxB4QQxockp24t2DasNgEbms8\/JVTW0JUJN2vNzbFOqVhPBBqAfcGjPeup16sTpvDGGHGSO4mJvUva77\/RTW+jGu67NC3sq2HErt3plviATd1Ww\/aNLcM+QsfCyX3a3A\/690D7ucSmy3lf\/i05xvjR7bo\/jVQ7KGbD6vK9Qm2U\/cQbTyFQzcqzPZgkKzr+l1adiNiIM8S"} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516402235332,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405234690,"pkt":"AAAAAAAAAAEATej1CABFAAViOZ5AAH4Raq6okEAFwUSpZOPvAbsFTiT5x\/8AAB0IzUnHeeUSQdQAAEU03jPmRxAy9OYylQgB73DOlVrCptv7ErpnY22OTRmr4wpzgeK3KwkGuqc0xjcaspxGnr6AdaN2xcChMtA2Y7IUI6FXy98k3lvliYUdwlbegMDaM0s2kOCEH3Q5e1wd\/wXjWcr6N0oOzawFyp9hVXwI7Q0kOSYeJlKwoxbwIoGt7YBZmAiPcan7Bi5oQyWPAWydB90gyIdx0d8HsFpltVW32pTZeG6z2CP9KXzoqL1WsfRBKPQpLg6kv3oYavjTBDOfvbG3i544r1+YdmIOCTSwSyCmI9DGVk8MczSIbJC0RPe4X9d\/gCsVsymdal9TdwxBqTtK7tvHTjEjpE2Tf9zS8Q8Gc5XsubCb6PKWxtWdDuV+ITz8lHNBp53kMGc9znlCSGBJ+oNWkpzQI4G8VgjVItmF+Zywys9D14q0rl8JP2cQboFSCzBrnPL2a2zEjzaiN8\/C2LlW8weYHLtePs7UcOLWgLnvnVwptNummGBctwDMgBNNvBf2oQ2BT3akVv85DLHFo7Mik5zFKo8Hm+zpDV42cxV43jlo01t6MR7pOAu2JhmZ1+Gmh9i4DhIdmnuAVFChlq0EBq1oKQrR4fmUxA2rjS0OXNZUgpLHLlJHctUJX60aeAJebb5ddjnK1JqXBjlvfbOAxFBhwR585AVOc\/N64kRyneM8sM9R6sU9iPp3yIrQOhQ0fDG2w0PRRpVMOhUEH7zw11a2+aNeZLGXC\/6Y0wE1yXsUVHJVJWZCYd86aXC4954s3IHZMqezQRrL1APK0Uj3+9FDgBevGUuM+k\/7d0zQnJ4rTTwqaISHNag4vkTDqKoEyOQwoaqyXKoPHPHUetc\/U1Vqj5HbYafoEp++uRVCALzeb9EokrzQzuCDkwwF8fL5EJSue04WpPsmcpNQzG8CgHMNpnU5AEbkeVy\/Tm60yzyRqb5aB2QQGaHn7nU734znkp6LBO+x8dI+\/uS4XkpdHKVM+kYZtiYdPByeui07cdpE8sH7XxtZdaodU1va3LT6DdZOGuWd3tIpMbwiom5ZO+c\/sxrsYNosVZXax\/HOCVpOj9VoxFKdAe7TnQA3BtohBLmAQi8Ky9PiOLlrtiEWSg9vuNLm8rQjNzi0+N0HK+xINajobf3jP8DLsPNa3nLBja1BI0rYBIU3yqIKQ8Dl32xsc063rGPnZ+4xKu9Myfb2s3u3GI3oGkrhwU\/1sQwXPwuGtN7SwiZALjqLgHgfC\/8El\/VnwzeViayYEnclukedsZZq1ZR3YWbmiKeCCwlk9jmv2WHZEh8jZQ02nH\/6uAirsc4PzXtVqbEdP3Uf\/51U+sQ2p6kyPgxPJ0dJiulfpzegAk1g9URlFtj1Prm9nXN52Avs85Ku6PnWn2K5Oit6t5szIh7CpXNXZ\/r7lQTCzx1x4hjw2bMC4\/V4zZV4WAYezFgThubuHBYUA88rT2uj7dCArSt2N45qbwc4Mgwud71EluROJDlek42tV+tCsyiaMJdhkWkSEEHDQPlPnH1ij3N1iW3QwoTcs+h7cVopFBb+GUTNIJl1Qk9qCEm5UYTfWF6aVd987Lzl3tTyv5D0h+cV+Wv94Y6Bu\/GmojJU611wdu67nR\/gcxGb0oSe62fODz9zWZV7kmDKM8ibcM\/HbDPHzMlg3XQsDk+2kA7o3GGvnoL0ABy\/WVJWStRZAa5xIrmxaZRdp8pG0k8n7D0+KdVj++U2WeulgSlFklaHDSc62eMMQsSdHdlV62KC3i0iGJUMvejrPxkl+j6oLKhMF1+skGbQ5aFITVGA"} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_src_last_pkt_time":1621516405310392,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405310392,"pkt":"AAAAAAAAAAEATej1CABFAAViOaNAAH4RaqmokEAFwUSpZOPvAbsFTs7oyv8AAB0IzUnHeeUSQdQAAEU0YnBQC8L89wEgTmmr7BjHFODkqhpFJVx7yJAYrFg6afkiF3jCqd3RVPDW00NRXnMgjonKH81Ileorn5KxvS5+yQJRAfjCUHJ24j9a3WWl0AFqEbkF0TWWqMTP\/2idN+3yLS6puV95VhaYgqHrCvwkD4lAh7BWrsu31e\/HDOBztqIAj1XIxQN5nk4xsMisv2NZkICaS+1Cze8naUXXyoJiwMgIqBi5y8cABXF6JlVU6OWprkzVRIYKgbzPUVlJaith2PL9DAVy2TL8feQIj3EkaywH0gUPZYTZigDwJE1mDupdge9S6g+LSrQwDNdm8DmnC39N8zuv8VkX39gnJjPPIqLqt8YcZBaksYIxo+UVtdEoMWKD2dTTAbqL3muQp2Ja7H8Ae7XPH8EhKuwd7Kj3JTpB13ljCjHYeyiv5t8QcUXs+\/fTX+iNUrbYp27UUsB5CR6dNjgUgwn+qI9Kd2TVTpJFA+nvmNxH9t5xpLsEajZKGz0zBOH+ePQwjH4k6LiuIOgTcn56cc2K1OQr8g6DG6GL3qoUWI2dlMl0vWT7aDPYShopw41gzuRGjFELxdiX0M0b7As\/7rFy3G1wt+nR8GFD6BSLRMcYNH8HNXRu0MQO53XF18R+1YeIMH6X3b3CZuFq3Xfa2QILxODzwdrxgCNv+FS4NubkKVmTPXQe+uIgvq1qlryrWj\/xlUbBxH9IDjnd7Q4EC0wXt9aAeFTNi4El0ZGUFtEehFfXIXvGMKzGNTezfNJc+vD4F1uOWnnlAxd\/WNW79xPmd8oVDAkAoVRbYCE9wA05lkg9NHNsSNZQ4ZrHcfUP3vf64MKK+pkwlt\/1KIFbaqjllgaHwuNOpxQyFKZGOQ4mRm7MxKALa4\/fjze0Xdw0la4zY+K2Z6UBx0Bbe33vd2rVATAwh3fRljk25dM6tgVCsvKusLkEvU9VmPywN52CzB84wZBRt5xcE29SdbS99xZjGg98qXqdNlTjjAt8yu4XiAjezSVKKaQD3XaLeqSlZUs2O+44zB3zNNhhO5e5eFJ7vU6rWJlnEoMb5o7Dpqgg5GZm09GTgXY6uCnh4ZTxl96ofiZvX7ChhymeUh74eA1f1x3k5LEP7B+VvfkqNzqwQdVy+JB7y82M7PRA6h\/ZiXREpEY5E7rUhHhHzsCHTcFbeJCcw1KDmA\/8lN\/ad5x9wDVKuns1EoyFDZ39IMuXsGoV5K49EtAXhlRXfF2+Q4uYSZtKRw+dUt75YzrYSQ29ZHDGQClAhl8wOBfpzHpggjQ+gFIEYw0xq4417mXTvRAsHPlxM8bRQ8PcXIpBD1+\/T32bKmOrmzAVOK\/uM2XxkngmepayHjfPWCQlEhv1MTTUXO5FOHEIKK7YeWXB+45P5Jdn5DUTLIpWlu36Orwifl8JevozrwmxoIG1Zmf2m08oeXHqRUDXmNzjkDF8iRRGAJYOtcDtsPuCEzBA8dRTgS0HKprk4UBlCXOdnUl0o\/GH1EJbFeV6skk5xrmue7uPiLAyEVcPX3pmiAAOX53KWWhMQls04leVWEcDeyAFwvaITqnSDWVveqnmXMRxLOFZt1iaMGSJOlk+UqoJqz6OkW7fNx\/lAaehebe7Eqav3QkkugEaA1AnUOpe9DMxV3jHzO0ZsRV9G3EYn8EZ\/3pjUJ7Wdzgs2pUQKiy\/\/eGQsIQ+E9g46xeFn8UPrN8eiX3DgHzFdvQqN7n6GdAWkhJ2Tw7Bq6m8tC3wcytkE68x8FsP0lQnhvRc9Pi1wMCcL9Y5E9amIXbruhOYiuKw"} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_src_last_pkt_time":1621516405464431,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405464431,"pkt":"AAAAAAAAAAEATej1CABFAAViOaxAAH4RaqCokEAFwUSpZOPvAbsFThhFwP8AAB0IzUnHeeUSQdQAAEU0f14nS2wsq94otcbsx9Ja6N4Gglxg3u9DN5aawqtRKVNC4Pc2eIsI1t2bGSVlKf0XWigbLFgVoquYysOzgfEuJL\/MeSu45JN0vCO\/piH8bKThjLOmClUk1DH3WZNkFkEuaa0+lysZpqiBVvoWBmVXL7ELlhz6YnN18zze0\/2yDF90B6el4fx\/mt0wpW0qVA1R3rpNHACrqE8RyK6pVoPq3imcpEoLb3yO7yzrRrQA3ViWb4CcRSIQKKKvWiiBsQX5n0+0thXLMnu8ftL8SuxBDfepRmuDXajiiY60A0Ci0Vc1tK667yMn9eaC6rHTNh8nYovYhgNBYmIAwvsQCVPuw3uv7zcZj7QuzsQ+GoW7Ofo+0HVPqQPw3Fcv1w6\/sFDHM8ZQdgy\/TI9Xw4zrv10NHy01l+JQvzxLdL\/Mei6EzaqwXfOyDTaHClmTcUbiuXBRX2Vf7Bmroal1PmgVVCAi8AUTkagzmJDy6vDj2SKbbL\/ReTgBtoJf9YG9\/p5Hob\/OMMIyWWppTPBk2+0f1VYPZWnbqV9qBkb6EhNQ+49gd87e+9YYhhx1IWTlW9NLOLBaYwQFgXd9bbWWfmi29OGPyG3EG8nQHPU1eOA30M0hAL1iFzuLQ3C1KXPfegclGVZOp1CvUfjShhvg8c1OTN5s7Ps6ZLZZlgyBt9X6JmRDmehOI4NTymHV5ZtQR2lVl2TcptleL6k53AnKbBYD6fZ1m7Qm7wPSMZDBJsGDW2W75tps0sDwHgF2FlcJxcVSumnK5OY0dgyq\/v+QuVFHSKHpcM0iQXjJ9BYDELQJZka6TvX0wkBv\/HQW+INffppmt4qy4pX8Jnbh3Ni1t3tDnQ\/7fweO\/+RdKUkMiQ2HCjJPyE0ETTcZK654vByA7SxI0bxGOyrV39JtcFOkThujeZSYhhZM23Dz4XEH9y6JuKs63RrvY0IkUQVSK6GA0tRTMG3mwmAob\/hfPnlVRnA2pVbvTMeZUlWCHFzts0AL9+PXmCSER\/XfzrXwjfrJuvzm+7T\/lFRR+d\/i0xl2X0IkHFkuV9wydT+v0RqXfar5ItGT\/sh5mrWNveBVdVlQJkyY8DBePhN4ArItPiFG+htl6KN6q7WQdvLajCgHRaRtH4GQxWZtZmB1Fg3DZcxEek8e2BMmaOPY8gBgng9q608TDXo9Pt5mxnWStws0YA06UTqWaNh1x2Une7VSFk8tH41qCiAI\/n2bLjiAoqnpJB\/cQvnfvFuY74Da9t\/5SFaJC4LXt0ZQIRJhn8fMIsa+pDVIU+8qnOzaJqQU5AktC9HbX1ISQRPrusR+iRsZxLKNNS5lj2e3YvJYsOdA4xy3eH3PevVRBgLucZfc8W1Sg+7crP5FPF+V1oksLUAomnQAM+uLnpl7jWA5eWJfsqJT8r5wB\/HXm64IPwfS6kzQmr04rkzCSj4t9jKRGjOo1Cs0M2KVTyz5diNk8DfzKuTIVdn5aJBg\/JHs6Tfr60kgcyC4b4P7qkvjih7e9lIaD1s7QzKhQlA9RuZPuSNUkJNf9zFhAHrlKpelaHjuvOMD7bCvtJ13MWT53xGxxb3Tn2yae9wN5yrxBUdBvqKCc9sg8zRym9VCJUCAOFTs3LmsHQjtM74VOXrdEbkzWhp3f7mXZ2mms9zJ9eH6fhPzVnmEuOhWdc4vKs4t+Uni9Rz2QUxiNfcPb0AlKfZGRFS5DchrAfVT1vo9USbhMF3YNpBh\/huOyVHNzkm1++SOaPkTBO1wZlmVb\/GUDFQCUtbTRtKz5EY5n6osCa5b"} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418037037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -649,22 +649,22 @@ 01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418037037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516418245609,"pkt":"AAAAAAAAAAEAVM4PCABFAAViOjhAAH4Ruo+okEAFNWXkyO33AbsFTsjCy\/8AAB0ICh\/nnOWyISUAAEU0\/XSWRRoxvD58Z\/\/ltqn4D7VEFtfFH+jUGx0Einkv99\/DSfc2oPJY4DDN6JlHAc\/qXovlR01o81cgEAuTHi81V\/Ai4h2uKfJC8zpGb4iU8J9MQX3bFzSnnvrH0McYkR8dXhY+LkUeHEK56Er3NWFCyGj5bFUc6ULxpQIONyO3XCblXJAYYR1+HHMJV5rzq2a0tPhEQxMvfL9U2zDwAk9Znp3W+SBmkWdokjyAXwhbri5sLFI+o1IwVydXvtiLNEKZ6k23ZHvOevpJuly8FUhJlRZFzpQcsb8oqZg2pRE9C8POq2T6l9g2U9I6GvHiVjRZ98FT9qIvvDP6AD69Cajx3mGJWavv6aTsctL4VNEVQVix5W4yMVeC9v64prq2LuRUPHyNnEo9AoCfcOTMnnedkniclIIocpUSham+VwWsPb7ZVt6yBxcH8dnhbZwZX\/awC1yWaJ9PMxllHy6dWdwFXphZE0mlFrVD+Y2ViRFeWYhgXMd36a67EAh4KMOW1UUy9WRijdPxYzI\/3NPUKYw67EbvuD9TnJBZV9swUxHRb5oKjIJs\/zVJKEr4HgEriVT\/uHrCBUdG8YtziQ0VN1Hy\/c\/HszvPKD1I+6T3S74uGqEDJvz22fQycnxExC\/v2s2Io82JRN0DQ9+5+lgxD6yIJqUZ6xtHI\/7Qf+h1fMLSx4y8AKIJtJIOrgnAYrglEsKTnvJuZ\/7orf+yJX+h9BvEb+CqTGkkDjnK33BqpeiRlD+D5DuP3K4T+NB+diP9DR5dBkwLMLSdQF7qGWEWn7GBAMAcRho5edT66etmLlAdwVt2TRqnGXiBMNQSBXoW+toMKpTp1vnHlBgZmKFlg\/JJPZqOdbJdAyv3zJJRFPTBKEQoIS3zCUzYSTKEr7ud8E+tffKkIrAJ7EUAESGEhVWCM1DXL8i9M+Q9XJE3DJQpsWg6gUa9Fw98FeLlP+7TL0IhvOxx5LUeAalBQ0TKxj\/VCVN3UvSZDTeC9WpGfDhna9DGtD1xTnAi7jRi4CrseNR2IgaLm5JlbfkFLKccFrhInfwGJgkHj29LRsGRm1Es1jqRY3Ouk6bpGmMNWzcEEimo3csuOG58WiAdQz6WHsuiuYVG0DLgVi9H6doI1wsGghSdqDtHqoEwoIgb3tx5I7T\/h1Xq5LT9kt\/Uk5CeAEtSXIu4d9PJQM7OynI4I4wJApaL+JsbkbYJmUckRDj5+DcoOsYJRi+S3AzB\/jReXlCiXkDNx221LihD5QvdlILM9b41NYS1jREAGiqCaAAzmvoR5TwO\/4AEr0UdVZbLG6KYh5QUiJ4oy\/WVulKKHF6+TFf4tv4Um+NQ3oK95TXCRvmKZ3qS4aLtCdIbdrNCgVhBzlGHMjvmy6t7Qw421ogxqBJtm793TVCYZwBcnNLdGCCZCEtVQnfQzr8G1JOR1oO2iM8csHv28RhmsRXcaa4e0qdrR5f3akye3zgahdcjiXHhM7C+O7G\/1kLFug8TwlbhRgFQM9CkofyNV0s9NwP\/y3Hufd\/UIKneZE+EIy8AHj+5ijv0WoRhBnRJXYX5ycxl46tMEue8ARKo9MQUXx8V0we4qyXSx8gTP4pifQiQH82C4d\/Ia+gl\/7V0nVldVjo2XHTYnNKRl\/2r20w59XqRfVr2MyuvliKCJuXMORzGbGFmNF4tyPP98C4DrzmbvG593DjxQEJxLOd9WIDUQLYmSmdG68jG3Dj38xlZdbebj80NJ8y84A3+pm6EmRMXvK3LUyTKkRh1+p8LOow4Hx0dv+gfwFZd"} -01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01449{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516733869355,"pkt":"AAAAAAAAAAEAU0VlCABFAAViPaJAAH4RzyuokEAFkO1xOsT3AbsFTgHhyP8AAB0IbGyalH0+wYYANwDvfHyuzX0WyfJVw0PoKIyEKIwqfBNF14sFAvA9Fx6LB3xU9vL3ynu5LnbexvzNtyumb4fpTS5E\/XHfpwPYpXecyozflPK20TknHSDUVHAJTY9iUBdGsc+gRxEKw\/EnD4N0ApvBGoTWqmVkqyn2sk121zbYGDW6ErU1q+8hsbyKMoI4NfxjBnTspog\/m+eaL88Tqahvr6VuGmJOgsgyl\/gwce2fwd+d9PpunMJSkAS7yf2o1eZhJh9pY3klOtwZCFNQuDUJCJjazTJU7eVP\/0CtOYR0UdFKjm+WWzcoEB4VQS03kspRhaM2QP\/ptwjbxo6FO3oCmYBuOzT9NnCTurb66djTzhBQ7nPe1yBZiq6US4GpZG6aMK89NuAY5\/nz1pP2DYT5YcgrfYdhQ4YARsc04zYfLezdFb87pJyoch2m94u7HYMn24Xcbst7wof0dZvjDWkyw5cSFT4dsIwT2M8hyrtH3HjdLtgpphSCdYSyGuy9OvG7sn+MF0Jh5\/oJdnlWn\/USneemL\/aWfg+AXzhA\/IStwKORkQ6adbv0MxxQxhdhVlhABYhBf0naSCmQM2+cEelsB22JQdGyxVRZOb7H2e61nRmdya7eNqT+fobtyVJrZCrcoLN2LiU5dsnsqDNucCyYvDEkyd7kQp9qzPoYerFAw+PP\/vmmBvfd8Jm5zV8ExYYVZcEdRnY4EYoOzAPXdClrK9VuYF8c\/Y6ePAmXEmR1uClCx1ITHFshaCJhAhfyTByXjbfw\/nXGIZwveSnxeIYy1iabwqW2LFKaTx+JSk2nPQUZJdp\/gZHAXMi8UAeayRLCWh88FjEs+voztNRueCatb6uKPMygUEMEU+6M57k2I2+uTJVrFNtw0naiFrNM5aQWh\/8BtW73kEKOXlb2OOpWG33SsbDbt8f07KgzTSjaTcH+ym5fia5Rw7fV\/ORX4hRDVw6rpMBK8vHEzILGzqKPp\/Fzgy8Yu3yhNuwLA8BgUfSc1ByPGepdUQ33vZYRwkYXJIqjHVWQAfskEje0Wqn+YSnYlWZx7JpLG6MxX086GP6N+oCsmXNLxDtBJtSXiGmOVBp+cXeY5yNiplAtTeIdcdjOB66FqojPXZ4qFgzu67AqMMGZObJDMv\/Z4GW5X4Cgb4uXU+hjHX87oTa1YVxX0+H5LL9RQod7rJgo0j7m61cBp5xGUl\/xYmnsu3DdfPulCdT\/Xqvq9mDtvBpKPSZ89x120bFELyq+h\/m4PzITFcG5b0xOCTSTGB34QH9z4hfUNaP+WHZEXy5YNzh9YM1YXqvIrO+\/iwEMLfq33bR4jnXtPX1cFX+a4qrWOvuTa+bfX7Di\/IJNdHWVlIftUcO6+NFoLKQszqgdSRApeMWkwSgeT6R7yYowqnttX1EOkto0U21n9qsOOcZHS58\/p7UHB8lQVB8xDJnHjAwe2Yv8frMkPRsbdRaenhBn\/LLWS\/wyADvhqIIoQldbThikVaSXVwKU6ENOBP1gszcRFozOxr8R01PtBlDQ5QyH2EVc978OM4JjBCTbqtEjexBUwzGSaTGclsLHYMS3BuvKzOU5hVb9zTw+6jJKF0aIvgkbJVna7j07Xp335dcN+9bFri7aa2E4BpLCzZy+JNpokrgVDpYRk1pV3jGV9trdQsOs8CADI3foMn58d7Q949RGX2Zl7pv\/I5Gf1FwKxygyeU0D5cHoY5DXRYbGRoDOtCFxU18L0wLOrSKS8JC+eITcsIp6lD+\/42Vg3uHHr1yzTR3Tr7duzZ5RxafR49orBGtHZqde"} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h9_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} -01053{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405464431,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com"}} +01200{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405464431,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com"}} 01061{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392956083,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googleapis.com"}} -01062{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516402235332,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com"}} -01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} -00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":179,"packets-processed":178,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1621521142479654} +01209{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516402235332,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com"}} +01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} +00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":179,"packets-processed":178,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1621521142479654} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621521142479654,"pkt":"AAAAAAAAAAEAS1QMCABFAAViSrhAAH4RDvqokEAFTOdoXOdGAbsFTt8wzP8AAB0IF8C5lRFZ4pEAAEU0ArfW5P1VplOmF6lJC6sD9FD5t7ksW3G6pIV+pxy8yJt6ChAKFxnQmbZIV9dRmn9\/GhICwwKjJ2FzV0KvCGLgZ6X+Mdfa6UbhiD5fnkjyzmiIAB9HARV9mwW0qWFR+1JZ0wBSXcVhsdD76Sf9pAJ1VTq0AAsSZXJGpY6+ga64ul50F4bjriucLzjYYNDw+HNSeQ06KntY3GZGimI9HLzbEr2ITrSYMZjOiiz48+8lDJD2UCwemzRbkRRjVcXHUb3Tc7AmoQBva7BoUSsAyx1+D5PZLPsFdXibn+bgqwT1LLMkHG9RRpo1Tt0gtl2pZ3bJxzRqJmP\/hGWMpoj6aUkAKucuXZomz1Q3f30mL0XyV\/0uY4\/XJg7V1OPue2C09RRuIDP1ooFtROu\/pDDI8HImrmKLKKL9dpKh9adfi5YYuPF4Is4HNqqqizalARCmdFSjpPpy98YfUSi2cVRDkchscThNdK38ko4V8Xy7wPkbIt0O9VavKfmHr39w5Ez1eaWFGZRrA0sn6GcPn8Dm2mBcIqBG5MQXN4W5fy1Y\/pT1svPFcC4q5\/EbD0QNn3Z9BNP8nBLiOsibf3MO3CFnOCJM1lkXUrVAGUZnjxGG+8QqLn4EDZelxu\/GTjx1L24MAsKjWwR\/o8CwEfewYTHjpSyuURWOKkKoimK1sbXS\/GUISZay6CW3ipWXDAWnzLjYcodUIMxsb6EXUcIWUdqRY3ypfHKYpkR2gJ8xECJ7AqLMiY6ZE2uxoDH2mplysDswerJmf0vlCYZjDi32D9NrSZoCZTUeWm4xfiTRs2WDrsd1DqSJwRmQac3\/k55LOe6c64B2i8EEyZy11iQXRTuxGAnfwPi7J2P7G5iOmklAoJzzL\/0e8gKlYQz1\/eyL8HHdtP9qbl5P1U5o8IfoTp\/dirgLtL\/sstyNOECz3S+ayZnviqEPhmw1cijJYWOrYO+8pc6zVY+d8ULBF\/1MP6ychzNJOS7uwIVz2UYuxjSek3ViUJolFI52vwDbTLtTK7tzBEeEdAEchicq0jw14m4HZ+e4tF+ukL7pInPzJ8wSVQteMvhcM05Lb5IMk0dp0n21Lhhxk4rfjW5o1Rx9yGagxsLW0M2mEMuP4yB02zIA7SbqYa7jGL8IZqDCmafSvYT3KeNsojBFm3l7E4ABP4OKSMnTDQnziym3spGoBu55cpHlCNnGIXsDXfxDbCuGO6UHeS1fMSqOZnhD\/oZDnP5dYfsIXucQnrcx7lxhddVt4WAUUkUstn0y6l\/ZI+n+V\/0pwNIHkKelqc8pvPNG+JI1PSwYT7AfrchIoFXExUQsiqKPMuonW36NpxM3LkCC\/aUwvKOHDe1CykT5CBTVTcvM6LiDoQeKOvHkAxU7lNkROINSK7LsZzcm53MqryrrO1UQHIMBmC2YTcM98zz7PGYSirT2iXt7W+8GhlTLOcB3tKQE+B8YL\/1\/AkWmWJZpkom5dDgbzqOZa+I8DdrHM7ji5OZONbEY9iRhxqtTq74iTkjQ5ERERvH0t6mntYj+OqsnNsbFzFwalVuNQrhXP+gbh5zien4KTygiyFYCjV+NChiZy8pxs1wT4ESZqkuqAehNcFqGsDoVgPoQOLhzIn\/DzItGeAiDrfHRixyOVU1EWsb7b30saK+ncY8sFqQNqA5lAl9gdLvQcfuDvdrDHmseBNqFM+55fa677QDOLLZ\/8MAydrSpxVKh5KZf++uVTUj630nVHiL+6S9majjl00xS38l2C9stuZ3K6Kgv+3rXBnYm4l74dpkK"} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","domainame":"ogs.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com"}} -00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":179,"packets-processed":179,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":123,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":667,"global_ts_usec":1621521142479654} +01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","domainame":"ogs.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h9_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com"}} +00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":179,"packets-processed":179,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":123,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":667,"global_ts_usec":1621521142479654} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 179/179 ~~ skipped flows.............: 0 @@ -673,9 +673,9 @@ ~~ total active/idle flows...: 113/113 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10612721 bytes -~~ total memory freed........: 10612721 bytes -~~ total allocations/frees...: 144656/144656 +~~ total memory allocated....: 11383178 bytes +~~ total memory freed........: 11383178 bytes +~~ total allocations/frees...: 158671/158671 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 632 chars ~~ json message max len.......: 2404 chars diff --git a/test/results/default/quic_frags_different_dcid.pcapng.out b/test/results/default/quic_frags_different_dcid.pcapng.out index bf20eae10..5d1c07a4a 100644 --- a/test/results/default/quic_frags_different_dcid.pcapng.out +++ b/test/results/default/quic_frags_different_dcid.pcapng.out @@ -1,5 +1,5 @@ -00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784462738953} +00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784462738953} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705784462738953,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1705784462738953,"pkt":"AAAAAAAAAAEACN7HCABFAAT+2fZAAD8RG12BFVQhSbkirJFtAbsE6q4WwgAAAAEIrEmJjdxFkOgAAETQ6cs6Ccq1pNEEMNJuNBb9lu79dBj1BHV7\/Hab9lo47p5QEhqAOkEybAWlnO\/UUjb4NU+PkZiX1pRszXdD6sBVUmeCUh2CpMA4YeE4QJuwcEjDjsc96Q8Lag2Ur2dgQut9eX+pvVWhem00MwzP+JnurbkOYrjv0bXG8UAjB9WdDJfutZ13Epk1gyOyIUoacw\/jKI7O33QkruZyO9W1GQCCTlL9F3R74VCm71ki+WOVD4MOU8pv0LyNGVqyEo8ejhTBmGCoFws200ZL6kkfWYg66z+siAVNmqb6vKP5E1HEJZ2z5CNYFFqT+0WVXoYVxnD34ZyzysFJBYGyoQk6ojEJZK9zDdPlgUI8MZF0qE\/ShwrgJOvAG2phbHl5f6Lskubt5J4J9c4QkMzee2Jd8x9HrCW313q5z0GGsChL+8HjMoxcIWigrz4YK5GwyyQaG1vkwh1F4gE8+IeaCkwkOSpQvvaJbKecN\/ENmgOUAGUxlyQ256RNVaWe\/8+Ydq26EGV7MfrrDdWkZYHM9PQicYW9i\/DAvXTXEfFHwTmjAuUxHPvPT3czKYOb+XlCne2qxgpAUG1\/bLSV9cya09QfvwHn8IIOynI109JqChvGflrmeVBcgKm49sFn3BCfmtcOEINDCwOMbSdIi6gDMYHA2e9QsOGDqMNY4OrtoKaqY0zY8BJPYwiibm2+OaxYLfSl5yY5nV3DDV+\/OmaUZaeOLTxkqgzNbcGGy+EKMUwuBMGiZm1s+IMqKbdwf47B+0uQ3L9xrzTyNd\/UBimDwyzzCC5DVTWpSkoaGPdYUL5ULPDMZFQdg3gyN0JAeWQE5sCtpyJPxM6n5cn6eSYQXuz5RLHnQSEIjGYPrfGCctAn927NxnBuUhq0zt+GFxY2Hu1WCZyRfqdtfaCbjbYtVeI\/qATDFE9k1Vvc2z7tMY2N5u4EP7cIlezEHd2oIOpjohnDq7x8jRSaBrjTaOGdH+xIQ+9CjorXTjXDDrtLtDDoDeIYnywamm+bbeVsURyZaR\/DEMJpkyMs0mDXwEDTGvA2qVTMY4\/TPerwkQGBmA6kGIsaVdjS1LRZLcehUz\/ibWt06viAClYVTm4338E28+FD0deA37qN0uW8XQIR8NiJzEKzWN3FoExkCkWiHqsg4lfvJasS8fKy0r0IvdItAdKsfn0WMLBnCmkT\/wiqJQVgl8SWYiNqx8R9MpgcViBuNY\/HSEDA70tGw89Ak5z8hfd4fKS0YoJxpKtNnv8ac2mA5r2HbskOYwde2nXbZQdUSUsyb30dZYaWdFbfD1Lhu5tlRhHjobN9008UGsR85mCVJ83Gi1r11vJgUYEvGQzSEy9A51SVShxDEJ51rTtjb9+V9wKCQgLJ9uYskg6GcAGNoxN8cmCy0yfsbGisD8+IUVGlMdIf2B1Ci\/Fjpu6I9YcUePaM6AlpyFxoNSDwiLnbHeo6ml+Mn2dcoES5nYkcxcrPwZ3sF\/G7zj4A2xU9en7t7VfJykqzHbAdqh8dRJk+OXboX7iMaxM8C2fnbiDU0\/S7jGzKBldf5wTAWUXK0xU4IenizCO1sVDerbRTamQb0ppLT6q712gvkAX9bRK8IkDAkj3WbKoeg2QF7tIXvJoPCKP+fC1YK8iyVjLMRjVpK9Z1dVU="} 00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705784462738953,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}} @@ -7,7 +7,7 @@ 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1705784462994397,"pkt":"AAAAAAAAAAEACN7HCABFAAT+2fhAAD8RG1uBFVQhSbkirJFtAbsE6tr7wQAAAAEUAWS8ywvOst6PZK\/Jqc6mo2Q3q0QAAETEZamOiLKnxk6+6clU+bXTzOstOZ8c5cXT9sNOoQFkiOVgDYRmMaFa3hMp07rCZDDbcZvWrgsFfU7hsDimjCDfCaxFpg7y9+WrTrMLHJ7+NnxnYBPWEYV6sprlAwLLTy1Atu0eT6PBpwrvBAiTtgOMIZzsREaxVgyOIiBvaE8pOc4qQg3j\/AHw8SfhZxa\/W99cgeTknlH8I5uVQR0gF7KYPHFhcqo4nZ9ZfnaE8C8zNB7ahhNTwi8l51ZkvuGDit4ilAlXQ3XsxCE1u67CE+Sl2u5hueBQ57LDuKRVYjGLpdo94jmj6vdukbrbJnYDLRz+CHBk7mx7cRMU\/ZW1EiSIqi7mtCFhWqnCjjNhl1xUWxuxAKGqBVUFIy0zxvvpj88WGMEG9jBQ4XmcNY3QAI990P57yQb\/JJ4FEaFSDXHWJt1h01m295zYlMsqEqpRN1ffuCP9oZF2MyLRHvXabXdeWmv5T0SMNkfoH0MLOJM2AfK\/lJaos5N+LVjR2zdrXtFZKZkcwmqXHIt0N0JD8FKOZt9BE1kDqVhw6P5CraB336YFQ30lhjgXUULq9Nr3PBQoyyhNchxfP3wwwJHfQmzP+zVC0OK4ZGeJdjizTgY2Xf2wkxnY8nbH0lzTDpArqu6S1b6XdyM+AmqyA7vz7boj7HsFRaFPDofQdmLhTaSybatWiHetudJRfkxG24fxZia2dm+NpM5leGwzwfhm37ytnj7antROgzieqoB2O6HIKkfUQZlmT+Cz+JtLWY3pa2foc7aWLPy8WaL0H\/j0I4KyoETvZYAXAvtW9NFuRvoasjFy8yYWYCtnvfFEjBU\/YpF8qrVaXC9\/ZuD+6n6mE8KWADaTh7I1lKp7lwIu2043Yy20yVUwe+DiGSXR4\/LGvG9Nrt+5TXrAsdDHiWwkynckC7cV4gPkPDCxkLbijsiiuHOQZUYSZTYNLDdyBLRiI2wIINNmQ5aGePmYY5ueAZkxnW9V6VhExz4UVNTDJei2zVkoMefUnP\/PKiIBEIRiR3DNITlKPAROShC0sR3WvT6PsKXO5M+RWZeCn5JGZ4LLQrdxN5yY99rJfgYTeFlrvCH8X10m0t3M68bFKnzWnRLPe2CE2sDeJlukMcGoe9eyTr1ElLyv0b71qAejHjymuXnZ\/z1Zqm9TcOUUZRyJPr0cHv7pQCUpLrQWHWv1C7RuvTderrTjDPPd07JHa+mQ8UBbAL5dPwVcvrTLgBCaShAT715kwmey9jJl98mHlhil08+pqYpXZF2cOvS9RPEDodpaRNki6YjJR8mBbI0uBvRfiUq\/s5eqlA+jbP5ntOL1+7ElPWXr1ze0QsPPTFkbovZBUOKR259g6Mj3KlEydseFQAK4YZ1ekB7GhwhnYYyYobnCmcCjO4xSGs+BclHJaJ\/eF3ANbka7X3XlnIV4DyEP9HWCnWofqN94AoY+kzZ7DKH9Owxw+ZyZgmI0trVpc+4qtMRr58xNS8CrOgwS8uRRkWBW0oFrtMh84N0xnlMRicLmT7hSyh5NjVTrTALswGmcTGgKzuzY6pLPaXdwnPjsDB1t0ChuTFDNrdCdEPbTsh4Pal5HadTbwKY3DJAfF75GTCyhKaX7NAZZxQmn3frXii6FZ6g="} 01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1200,"midstream":0,"thread_ts_usec":1705784462994397,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","proto_id":"188.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"cdnjs.cloudflare.com","domainame":"cdnjs.cloudflare.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0311h3_55b375c5d22e_5a1f323ef56d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1200,"midstream":0,"thread_ts_usec":1705784462994397,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","proto_id":"188.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"cdnjs.cloudflare.com"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1705784462994397} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1705784462994397} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8669775 bytes -~~ total memory freed........: 8669775 bytes -~~ total allocations/frees...: 140578/140578 +~~ total memory allocated....: 9434149 bytes +~~ total memory freed........: 9434149 bytes +~~ total allocations/frees...: 154544/154544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 609 chars ~~ json message max len.......: 2225 chars diff --git a/test/results/default/quic_interop_V.pcapng.out b/test/results/default/quic_interop_V.pcapng.out index e9e33ea2e..12a93fecf 100644 --- a/test/results/default/quic_interop_V.pcapng.out +++ b/test/results/default/quic_interop_V.pcapng.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603816434507204} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603816434507204} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434507204,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -8,13 +8,13 @@ 00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507215,"flow_src_last_pkt_time":1603816434507215,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507215,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00840{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507837,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434507837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507837,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434507837,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434507837,"pkt":"pJGxgjQ5PKn0qB\/sht1gChbjBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrk\/QBuwTYWzDMCgoKCgiUaZcozIAAbQAARL5emZhgck3iuC3JUSB8iNm2XjGzLpnCsBWAY4Ojdy\/\/5MzHp06LTPIVKnl9FZGbcpBpkxyhd1DLZI+eYqtiEG5aKS74esaWBq8RL8\/CjhVxYArCrDSr+0hp9B1y+nWDHqDWr7MDZcNsju+tb0UHpoKlBgrUvyDGQhAsZRf7r39yd2xxEzbvuwQuuQ3ed9XQC5ng8bRhq403ZCE\/MYrs6MMmD1D8+1P9lcgzES1uneCIpx1HJrBTKP7nMlE81Z1P78Gu9qUmPawKzam5r0zOt6L0vp6aYOWsVv\/E0pz5vx1omUeD8AvBUEEvL\/DEN6PQFWuaU56poUyWE4zmT1fCmpfkQl2t9VM5S0DSjV9+bnc9oeMC84JGWazOmN+3mpmXoZcYRh07YBY2MZ4VnmznfQ80K1ED3kKFM39nycCSACELzlTXDOkJ\/ktY0JyGo358ZvTutgq61KEs8NzcRLv8hDrgsQWV4XjOrAL105eXrA5f784uvCuN2fslFwCeDS0drYeuYLl2X3IPLV7kaNRc+OWAxuENUrLcJjOCAml9vIubSnbhMgY8q\/R\/4iocbJeAZaxcxLWoaBL5Dy6c5RqwmcmQUw2FcUSfarB7m6DGemQRBI6m8IfxS6ULrn9t0ZaJXLuVmX9Bm2oeGECfAf31JRuwVJ9fv26n\/XDb55k0fcO\/t2QAqH5VfQ\/XE6N19TPKrMa5fdi51foR6Wyl8S6hOCeKDO2C9D5n0K\/H4Ph5+pkEEtQs72MottYSPihw0iY\/Fu1RfLXjTA4gqlduvFyO1c3LDQtaJKHg0vklnpsW\/ahvB9sqw1bthHTeyy2PAYGFyd5\/vPsWwu1prQnziZfvuZBv4r85RGoHlFs8OJLDxJP5Unl+UHM1ip66ezVc52fyagwU2p\/dNxSLNLq9ZZZxOqPXoRe4DIj2O5EE+tg2DBKVlqsKlvnpY2O8nYNOUYb06eUwLY7eUmyF5kAFPXCNi2RVkA+F1RffYC4TGxAF6olxMiRrcrs3c\/DtIuA3v9xxQcuNbfPZJrt6p2lhDsnJl0cXW7yahBQ3t8Vob3Fxn8maWSGCm5H4l+b5QiCXjD6aPLMIVSGOxlZuOuMShDlqCqLDm2rrFG\/Ex+58dfI4GZg27KkFrt8yKQU5xP3cDpmgWO8cz42odj5\/XN7ZJEwitO8kjLFt+mYDrVsscfg2UJe74+Xm4LAVvyTj\/b5G5HD1FrTlV0Rk9tUeirRMew509ZVXjW6YJYWL6zO9lgxLgoaV8Gd+v8yh8ZKPFv9a4RV\/5RBt4U2FAY94eskZ2SwKXWETml5yVCj4zuhjsEmm1HcHzPbvj3x0zXEiI2GG4l\/vpR4uTmkPxSOziP4F5ZFOBoaoWk92Q4T6koGjbXJnLz8U3PiyS0Qz4nAzJ2kSKRwz7zoxMiMJyM86M7+1Qefwixc4jngX8nk9EZniCllUXuWjwKpDQHahASkxBg+qPeRKYIoZbqfouV14QIMHyAa5JM7alvljGBrRgRAZXmcDpn2gAJImko\/gdF0i\/5wYy3K4UZeND0xxE7m532JLVgzS2+HslCBkUca8fdagWqHn+Gho8KaUeJhRfYw0ZgBrosRDMSIh0QMCIiGRjGE5z\/aohA=="} -01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507837,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434507837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507837,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507837,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434507837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507837,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00840{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434509409,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434509409,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434509409,"pkt":"pJGxgjQ5PKn0qB\/sht1gAK6QBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZtmZoK1IAWW54LXRx4BZnrJKuFoltIkcOXZOYajcaVAMSefQYGNrVyxL8AzXWJ9vEQ=="} 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434509409,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434509409,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434512961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434512961,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAtF1AAEARybfAqAGAA3nyNreiAbsE7OwqxgoKCgoIdQnXg0rBLY8AAETSdSNeqCjc+r6H8HOL2nfX9Nl4bt2\/tch\/k3WGu45v6swQRKEZjB5cL5PwQRNSezjETWlwl9x31DElYvPiaTjwEzV3uzPoPSD3RDsDoNIOdJfzM8eeT+YF8HtZxPxl8JfMcAWEYacVzCIRBiKkRKZDpR5dR0ouRtlV3GGe7kt0DtTyh+sL3vELhV2kHz6ly30R\/jiT47NHUtkHKuInrvyxjGqVvAYH34n7tXCBQ6D+AfZH11fptBBQ7utMKjJQetgZnmiyn4jfUks45DQLptmzmM7vacgVM1UXfvDRMiXWFLlgc2aMseReas3HNr0PU1Ye1gi1puLSN2a9gpcRb+O0YMFs0jlKm38N1LBqGTBpyiDu8QECyVyUyl5oER0iWXuG3TbvkN2QQTnAKlJqm0eLVl\/NYu3z\/fNWg32CWUDT2152nd1+esKzcxvEOyGhXuUWhYZ2f900yvrQLHcBQy2bY\/c28n\/CX4U8pxI6NyIasmjHd4xMKoES4DMmjTKarxqquM7dXQbXZLB8En20kKfdQRYHHg+reqWqS2rb8XL4IMSIg8+UsaueMDmzrfUZd\/56R7cXjRlq+VUmt81q5nNnKCMBQ\/7rvr4qOGOZ2CHm9V+uADTNbhvve0l68irgd7nnxQpElTgIyjHyFhvd8KPoLd2HsWPDEewjah\/d5eFL2o2JGexda6drG5JkIeHDe6OWKoobO2FfYrFha9u0nzvL0Czf21A7G+Hktz+GtzDop6GmMw9wX0x7PAWZ9MWVDxJhZqMOzlDofB1A88ZWDukm1Hm6PVA8JMNdUp3UJt5LtDBJLLAEOUN0BNEg9pXHjjKOVZeJN8ZQvkURagzOCo3aTho10tRkW\/\/buLsCCgS9oRh18BVjsveR+UkY4XmNAimeDQhBeVIZNQAbv63kh8fikt2GCen13aqn\/akV6vyA3xP9zH8BrXE0pnxbTdVJRyKZmPMfH+2L5gdn4Inm\/u2BD5yUOdsZkjyDYog2dorLJX+t+PSQ9uXuCwdbDKjjZw9L8++g9YMCmG+DuNoxchSfm4TcUkVs0SgbA\/r\/65YZBCmO6TdtJWtU8H5XFhYFiz1Q78xobCBsvaSvzLLye5aeCDzi6qFTLk0yIv3EAu91rP\/6ul6HmTBVTtG3x8oOLW5WVDEqHHQcQF2G5KsSqr4MhwRqiW0iF9\/6ruIt5OM0L8g5QVUhLrV+wAUx9TrMv+LPDrsvG+Dx5k4p3UodhKDHRb\/7ijQM2ozG8RHNrTry6RrGZAsgdT3BTj1sf\/spjmdgzIF2pwahJa8xi9tbBXrUI1dyXG3+uu21VtbunHyZrZPu9Lqmex5yNEoIMYh8ALvFMBlRu18WIDIANDkgo6akaO98LoftutjwPgqclkRUkaNJO1Z4mpP+D3JcJ7AwJfHttUsGFLMXeHC0rS3Jx8xlGehlDG8Gjx6MbqsW4FVSy5EnAw4UdsWYMoAQZhCtB79ozmulqNFitQkW9QOF9WX6McnEdk8YyUFeo+qc1Fhx\/ki2cnpObQM3wblVzck3qttvXup8w\/1\/pw0ra8kGRFKBe8QDkHMzVAmkeyW7Mq2NBPRoMSnnA3XB4x1u8DQAzActQ0v3Mr5WeVLSgCf9kg2BakZtD12MZbxnzu5AN97akX7cpg=="} -00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434512961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434512961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00839{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434518986,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434518986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434518986,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434518986,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434518986,"pkt":"pJGxgjQ5PKn0qB\/sht1gAXvJBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdvkMBuwTYCBnBCgoKCgiEPL7zH8M0IgAARL6eKfaWNoqFUZMIorsrR+PI0mjVI6LMaQTDmquE5419Uqg0GPvALnuSvRL73ivCKJwok1RPqjtpoqHTz45vYlbMW0kHssfjLAjOAUVEArsuhMOirtE412w2RU3RQOLAwrvAO4t8cjd0tkO3FdpXC1+6xCs\/9xwo3urZvY7tv+pPD0m9iy\/nLknxJjrg3PYY9NvAu4T1Yktb5QjJpDpv3IzaFim4vDdRfhCCfZLoy9vkSpiUxLSsp\/4K4guLZKTInOo7dc7L0u0RBuQrBPDDqK4FVSYOh3qSMuIrLfcW45Du9zFvbaiFI1Z3W2Zo1htxNdAgXrRsYiaF2UOsu3EWo22nmt3QVCTvxN40wXQBY474YpdLOSzJ8YT2z1lcFu0wBMnv5wKXxH924c65Vd8jn5+Ysdu9cokS2TeRsJwGH6f8UJWWqASwvtTblbNaAA1rpPkaZ6SKb5\/2SCA8NKsLTMfd9lXR\/TPIRkDa\/UKbcYJHJmruB8l71Ug149yMVHLyQ8PV4VkmIVimW0BwUZuqJHajnymZIECYtitexCiylm89U6E7Qol819M+CywoEZr0V1MUihq4vQCqT5IBPFtDKGbeUpuwEn9i1Sgfq7jW1ZF1lUJIXXxoY0W43gHceg0ibsXFS2Cu4BfCo2ARjzNDy5YP1fNhA\/sgI1UdsrpLLPnxOQD5MfwhgvGMBjmhjcscvgGoJNS3Mx4JzKbLqHshaWSTm\/LyTt9E6jEOyn\/elJ+Uz6TroidfobWRhT8DXti09Tw4xFpYjmFZS+sjqusErMX8BBmq9NavLEXrEkHMrSv7giTu2WivWYnhggGPBzPi9d7guvk48fb3nlBrDj9TyQ7mUjwRAlCv17XyLwk7KOYmtZZXJ3321lkp3bmJyRSPXB\/cv7ueIG6B+ug3kzrxt89xujNCeWtGdEmI4jIC4JS9GS8VFpY7y1HNYDb2ndNpNf5J7iwIXFXOR2gvyMqscy9rfPY85w\/ZzY6vHurlVpM9w3a5PREuXPDz6VgOdr20pgeNU8H73abMQojEillRJA93bqllSySvQYTvxdmLNI3kPK75CNOjeEksYsdF7tGWuteetV2CpVGc4fAfn7pKXvGC3QvR5rVa7kBRQpXGu246udb5IgCJQW4SWv9D41hRqVUqIhpV+jfVmbkfVSLTLo2RzlmBj7+a2aFtIWbpD7ANiOaRAl7rP5vSHQitoEDWhRQ+6AbGkwcuA7VjuhPuIHlBFBS73grpagTsbteLREgIXGdJVrSiF6wKPaotOPfLYFzLFzvsgAarE+d+Elzh343xLNOiKrK7GDHu3e49eOp9NamSo58Re3QCUDS3FIkTeME1ExL615hIro9N+tcv+\/TrXYarHmxDV0fGJC7I0oBmuLRb11ikCjaYc6FY98talPqVaf+74l6lZuX0twbSRQ9goQdc51kkKoNwIaEylg7FfWyw5YsxdYuXULPPqj5K3zNn8+VwtSMMfxRV+4q2DeFNLKi7SNoJlVxKbF9\/5E6m0hlFWybv1hE9ouYojrE6vOOYfXs3ptJPhGZaJArOV3rdeUnWT8I\/a\/Z7lnYxa5s8i\/zgpZP8zMFkDMjgYLge9GAnCTc\/tmQghNwZWih\/TQ=="} 01027{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434518986,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434518986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434518986,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -32,13 +32,13 @@ 01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434528228,"flow_src_last_pkt_time":1603816434528228,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434528228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434530418,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434530418,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434530418,"pkt":"PKn0qB\/spJGxgjQ5CABFwAJA69kAACYB7ksDefI2wKgBgAMDt3gAAAAARQAFALRdQAAhEei3wKgBgAN58ja3ogG7BOzsKsYKCgoKCHUJ14NKwS2PAABE0nUjXqgo3Pq+h\/Bzi9p31\/TZeG7dv7XIf5N1hruOb+rMEEShGYweXC+T8EETUns4xE1pcJfcd9QxJWLz4mk48BM1d7sz6D0g90Q7A6DSDnSX8zPHnk\/mBfB7WcT8ZfCXzHAFhGGnFcwiEQYipESmQ6UeXUdKLkbZVdxhnu5LdA7U8ofrC97xC4VdpB8+pct9Ef44k+OzR1LZByriJ678sYxqlbwGB9+J+7VwgUOg\/gH2R9dX6bQQUO7rTCoyUHrYGZ5osp+I31JLOOQ0C6bZs5jO72nIFTNVF37w0TIl1hS5YHNmjLHkXmrNxza9D1NWHtYItabi0jdmvYKXEW\/jtGDBbNI5Spt\/DdSwahkwacog7vEBAslclMpeaBEdIll7ht0275DdkEE5wCpSaptHi1ZfzWLt8\/3zVoN9gllA09tedp3dfnrCs3MbxDshoV7lFoWGdn\/dNMr60Cx3AUMtm2P3NvJ\/wl+FPKcSOjciGrJox3eMTCqBEuAzJo0ymq8aqrjO3V0G12SwfBJ9tJCn3UEWBx4Pq3qlqktq2\/Fy+CDEiIPPlLGrnjA5s631GXf+eke3F40ZavlVJrfNauZzZygjAUP+676+Kjhjmdgh5vVfrgA0zW4b73tJevIq4He558UKRJU4CMox8hYb3fCj6C3dh7FjwxE="} -01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434530418,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434530418,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":7.594034}} +01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434530418,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434530418,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":7.594034}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816434535255,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434535255,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434535255,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434535255,"pkt":"pJGxgjQ5PKn0qB\/sht1gAJBbBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYhUTOCgoKCggKh53oSKcUIwAARL7ptyuGj3sWoCfzmGYT9c5knffzFTiJ5lVJXbpctUGbKL5ySK19+FWpax4\/nAYQUfvCM\/bhsgFtS9G+ZFtPXpli7k9OwELHwQ20mBGQWbjmI7hP6morZpTeRWxaKack+BC0iQiX9\/LIrfrGdoT1oDoUDperL3\/EWfbsAzs51Fr37OKsXNxMOnNCWganJYQDoS1NHvgUii8j2RT7vFE3V9d23tm2baG7XTpJE\/KumpBsVLcT3VzQxufgdMiVwmhOfmQTPXaJDGA\/jRTiFeXg7nXwXEtAxzBQgrLuBhQxPykcUp0c2\/phwIU04regmPrsDteoZwKZzuohFTkgaiJgBEO37GhILvwwBeV77OMpz83mtpaFJrhJUhOB5vM0\/RgcMPtcx4bSZUJUYD6nBLhQJ\/GvQEu7UlOsfkiIrZE+ZKc7Xlk9faNEXsEX+cAq53XDHpAkkbtjxhoLLEgwqg9w2+pJHK905szCqPYz1ey662LeHpygS8mmmH\/gOERXnPY24ktfjRbIPk+3jjlRJg9AEQHddCfLs\/0YynFjxEK6SkUDk3GOa0sGfGsU7zt7rbEh4JS4h\/\/R08A7nHPChHXr\/7ZgHR966vNTPtSXBteBzHwou8p5yVwauN1gN5GaWb31oFnrNAxiwuz4e2fwfa69YtXI4XWHFBvj4iNrdRBF9sHDZoob5bniwmHivCxgMW4+Jtbnaqfrv4Sp3dq00y6\/ur4ZEHV5m4FIMmbgmAyq9vvgmIFyJKBMGegGOoZYhISRV4ufDNEsgtjnm1Ha96l8R2gH9UD5FvAjfB\/ZwRBGmgFyc1RY+15Vl0HTZ4Rr+yCWwF2I4UFS+jzuwD+H6WEkNUgBjeLztMlKSo7QMs7PpOgFdZAlYejckZA1WodUw\/1bgj\/U6KGLbos4yPh+0rFNO0QtSRdW2TgBAAQucKeIvxgOUjTBEAP34nCw3lpKpedULlo5yFoLMltnNpkze\/b+9gBG8\/1mSO3ivzeDC3y6mANlLBm2iJns641SQdnTkf3L8X6YeBJsMYcaaiKYOyuuOiyeZy0YQZa4g5mFBz1gCqnQwBTBq6z8JWs1a\/iBlFkdzl55MjJD1jFCxVWdLyjInYMNmKxijI+ky9lNUsSaDzc5mgZpk3C0ZBbV058wqQx49fSF44m14OWseuaF+VY+qapJWKKL5t18OkWciu9MrAdQ4l66KAXEOIsGmkn8zlOyO4gaBESlpwfIO6YAp9wh9uTR9L+wkJgDcSe\/JWX30SUzbiRxqTmU9\/OJu2YJTPKi8wBs0qops1o6F9bQ4myo5lBZyqDquGfUWvrEXAbX82yldqPSTFnXWZt1UdImRyp1aGJVLjK7WjTb+ZSUcMVvxEHERZUt6VlUBe9SscDBCFdepioRLv56MnqrV+s4p\/g3CZ2sX0A9nX\/xgQxdccpjrif7tgBq+g7rjwIDWgS4NTZeETjOCtp53wYAhZZ32G\/hgRuBjIwqGUhTXHOoeOasvV+WD6Qh9WG\/ZAOn3eXObqDuYhD21bQbu7H9CTSFHgZo5\/P4wYz2WlEjbWMiQ9K7B5MQdxXUQYTDHm1OtDv1m9inaq9E9Mp1YP37ABzmfZ+XPVEzLA7x\/VqZvQgYfBYQAA=="} 01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816434535255,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434535255,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816434542463,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434542463,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434542463,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434542463,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAsZBAAEARzITAqAGAA3nyNu1wEVEE7LiZwwoKCgoI7mu7hqnhXwQAAETSneZc0FuQOOHT\/teiEyKQKqzHkPCOdcJLNU5VOm5QOz0aoCJBEfqd1iT7e6uyMoRT8wMX7assdH+rfwhkbtE0fDQ53avKQe54W1J5UEYikBP8CP81hlJVbphH435fnVTq7nYhJQx3T1Y6AQ2\/Im2so+HMSUWdbbnrP5LSk6E7PUTbsjJ7Z4IK2AyVHeK5bSLg80JZ1Sph0HZzQaEbqIMyi\/M6v3qgHFPF1JKKXsbwx36aShFPp5YRv\/soCC3iJDKx\/TOoopux88iYZkKX6xmVToWLTybIql7tHDaiQwlFHhBfrjhT6cVIuDMNZVXE8b8dgJrnGR4ypA9uhBp9z\/Snjb7kplkcAw9Yd0vXwuJxwvJbKYWpGBSBjpqgJK2NnsY91gg5TfSt3JN+70Jk3br16yCjz7tX60zGh5oP2DwLrrYetR3R0GFUOxDMh6G7aF3I80uIHLzKM5L7Cyq+eH+E4Oik6IopSkw7bwloBrghPMa9hxFBVEXX58oWV2xJT38EqSdgZFBF5dbInQYsnbTRjhDYyaiyt8vlg88mj5YsiwANcazCph4gIDWa4gyKspP8BKvUtXz02RGy3HX6Vo5Vamtwn+2PjOM+Q+DQVEQnn5msYlkn7ZY5ovQgEgbBX+huA6I5hUWWsPR3M2Kzn\/TPASjM5rwK0KxSpO5g\/gQQfc1S7J7YuDP8zIp427rx9HJYduWfVC4rgRUnB6I166YLVcOlExTMzRX5aOez8BEzIES9YduVGcZhm9AP3doiK0e16CBoljKKN4NSkTnRww5pIG7SP9IPdlyMMhv\/F65HJ9\/Qdzi\/8AR0RRXgbK4KSLJ1ZazP98Eo4okuRh2hJvsVfDsF82aUOJ+5IPV21tikqeD52JJgCcbnY1xvwCMuI9Ev5Q1BzfBglIWFmd3vD8LInWrtA2LQjCeOq98mFJn6QDvRQu5wKPIA\/ZgOKwVAUTiw4oj9THEfNPce2Rwgs9BQNDAwTNfNzVG4Uo8HZPdnnHL7R4K8hI28\/uWO7cqQHN0rdSoqUztCrLRvMc8S2B6IG\/FwTC+hPTm4cIQtFOJMoo2kOuyujyZ1LEIJszajyM3US0Z7vDZ\/NVv7NhCjNliBh1qCCQmrc2ZARdMzfQTwRZSk4Qp8dafvvYQ1LF9kATiR56vOstwif8mcEeSGpGjxHRxxaPCnx1FqTSBlji1+\/mVUMSnwTjTbZ8+IlF5bvzWmxCP6SmcY3uiWmUe8ABNCdQ6oFUGX7MujoMfHqznJ22xd4jRp9Th8CAdO6AtXd2qNEMNXvt+leql1vYAShneyVo44syrCJhZftvKw0lIESx6N8bEm9qmNGkSLU3jwsr4qMQ4GeNejADIeIEW8ilf6RTOWWH8Ge9WQmD0aziJpeLMRGeBecvHxLqJRfNb4UoC\/aiW\/ii+JMaepnbYUiRD4TObTS04rz7zN9ijDMemj465LaVNq0Le86L1W7PC8e6cQH0cTJum0Jqv\/LLqUQa9dj8VqTQbmKBPwwLy4YSngRqKOkKFIREtmChIase\/5QfE6hq1lhcHS9+TUiZhdPLF2dtk3KG4eRvLu8IjED0rc3A3SIXUgqoM1eHsOUNqbWaqmodcwXD4BHHuC3EdxDzolau+txc2+xwm+NH4ee2DBykjljA=="} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816434542463,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434542463,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816434542463,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434542463,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434548684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434548684,"pkt":"PKn0qB\/spJGxgjQ5ht1gAW9\/ACMR7CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9AbuT9AAjezDGAAAAAAAIlGmXKMyAAG3\/AAAd\/wAAHP8AABs="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434519345,"flow_dst_last_pkt_time":1603816434551349,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1603816434551349,"pkt":"PKn0qB\/spJGxgjQ5ht1gCVbMAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AbvrugAfxC\/CAAAAAAAI4QMvVRUj5m0KGio6\/wAAHQ=="} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434566800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_usec":1603816434566800,"pkt":"PKn0qB\/spJGxgjQ5ht1gC985ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9Abu+QwArPVvlAAAAAAAIhDy+8x\/DNCJFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="} @@ -53,13 +53,13 @@ 00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434582773,"flow_src_last_pkt_time":1603816434582773,"flow_dst_last_pkt_time":1603816434582773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434582773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434584609,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434584609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434584609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434584609,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434584609,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXS5AAEARruTAqAGAEr1U9anTEVEE7CkgygoKCgoI3rE9GgKLpyEAAETS2D6FRkK87MNUIcKb45nDQXK7RIhN5jovTQDmFSK2M6QiVZpJOUYoJlkltsOnfd\/1F6U4IQkpFe+m1uV4F6oBz4RBkNPAAuUUBMdDtca4r1A9a73h9DF0dBCYcXkZBvDtL9wCuog66vADNiZMmDEEKyoT8ED6s88IFRXJtbENfR6cs0sHtB4WxRNwLE2yoS5jEYyQtDPhxoDW6y1RUStChGv8HnP3XMM2t\/jLHE+oLZ20Uei8+UFfPk0e8A5VrXwIo9k4jCJsPG1mMTDbv0YDgoPfvTmJTVTIw4QonxYS\/rk7SadZEeONmPaR6TtoWts1FnzUvtWOpV+5Dad83KsfG90X\/CIt\/vwYmyVKvj4VgDM6Pr4H+Uc\/bvz0KjdGW3xm9YMUTlsbI5ol2Pfvu52tXEEWdRjKK8g6DND8ZlC7aMVgSCICn0NKoRloC6NcE8Rw5LJBhOhPXDDbCt20z0FHuqxH9Vx85YXc89Y9JZS\/xEo6rLepUNAZyK4VZC62QFOzsGL6Lx8wSrVduZKsiJBZ4c3ThpGGJ+vaMWABr4\/cWq95Q7ZzLSuvRsXOk+j1He6DsUvm3J+RmjmrwYFgt\/M4CICjBS0Fm10ECgKhrWwd3J2E54DK4DKQ3EUyd3bjdTDHFVk2++CCDGOxGq+7NMa3RFtYVeMobAS4ZjFwkv3BS0m0bobUjHhoVD1GCqa6cx2A4+lBUsOhUXvuodo95jKqOaTXUqsvEaXzN3L7b43PXMpLAq+LaQ7Vzd1FgcpeaZ20BnyGL81mPGhvhcnQeusPeZeeqS6zV1B7OHOYc65wKxzUbYn1EC28EGygmnjZWc0jy2pYGDmTX7nQGQSjnYxGUcUGQPhaCfOeI1ggQvzjjmgpCyBH7XX3wXAV\/IVyilSo0omRqkl\/bMhBxO5UlcQB3HAXvh7\/CW9oHeT1wKQ3fB\/HEa9yU72ZB7d6KVeVKjZq17j4ybQ\/1ggtHYGp2pcGrXZzRwYjOkAZ0Opiy89watoyLGRmGLgTFsDl3McdaMNDx+9v81zsdMOm7BtAMYT6tRwsjrRofdkZ0fVa+YwJIBwtAhT8ajDn7UeBBPGRi94tJDcKF6j4s8my9KviboSu2mxdTOGQO7LtRIaKMRxlUFMtCi42onUa0qPaP+\/X0ttI9DVmM3lXTbZz7zAPwnKTDbrTvlsXFf+fb69MdPyK+0ZKLVzYuN6Rage1Taxjdnuj4OAM\/zUBa3m3soYXUIDBjkGYI3RorjKOgin\/VL4DsoJChrJPR888h8Xk\/IbBDawgJWzXLfoKqwSjYoA5BJLar1\/dem1\/5+HxdBDknyqV+PU2P2vYp8hNcb6mnUzN837UGUuA4NsueZUnc6zYaSL6DRRgrjjKhF6Tz\/MDuOVmRVnM76clbdBfnFUZ6P1n46WbYwkc\/I8+JIV6\/IqS+DjXGRm3N0QevTA6r\/68gEOcX6irDxw4FjiTMIU+OFUnGh6WsbCgi8K5SeV1kRKBmc\/TSum+LmX9s3PKC6cu25aK8beNwOxmv\/gY54CIgRosYlyDeYbWJdPZtKjt0TZLq4wV7HN+8OtqvsSQLBG9tsFDIGXLerkJmoKCBPMmTv62Jjm9BtEc0eZuVqDPUnoU+YqxHdkhj9bAhq0W1dwrlRBuS8N9Rw=="} -01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434584609,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434584609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434584609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434584609,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434584609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434584609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434585935,"flow_src_last_pkt_time":1603816434585935,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434585935,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434585935,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434585935,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgstAAEARnBLAqAGAhfLO9L\/\/EVEE7M7UxwoKCgoIFbSGVwPjC1AAAETSjkROzIIp8CK\/caOuFZYAfK1aOEqO4JwTw9D7z+uUbIBTx\/XH4yTcUJ1GJ5nL+Agpz8kkGqy7oh35jkjpRQSyzT2NyzB2NTBiZzOgYyNio+jROASCrTsvFc3Z7POk+A3z6nh\/zFa0LHBvwlp+McgWNFYpnLkD+S13ugMu2uizXqCPOTgA3G6sIsESNefWZzgDU6TE0Fie6rZUHLpsGk6\/rXINEPxgL\/9wq34N4qUhpvbCKjEq66pMlprpty+OzFobGyzV+ZfKcjfk9heS8\/Ktv46aaw96hlXnUfPZHMbA+CWsmthusRBP+K8uIWlnTbdNz9Rfn\/rIR1WmSXPxGkt7FVroGfbPWNtXVz4++NucTI\/gHddPWrZHVTxmD4eDZ+gEpCk9qXs4vIQRkuhhDT7KtsO5OQlx0LGSyxQmka20y1oOk5gC3euqSWQvmM8esR3UL4VI1v9ztMr8LjMn0OiMu95CEowBICOANwFprI0fObMHGsulwe5nvslar15BxrnmzEPNZiHa\/I2lrJGnez3fp4uBPMNgkQPccWwS7tSftVUqukoIkaMMDDugrSYQ99AP2nblRffqf3JA4AsmJuPW0X7qs\/Byp3V6ceyok7YXbgcjlYcvQaIYY\/lxFpek3Nn6KNssLG1fs0ok3z4gezAdPzCDxhvWVe5HYAr1IFeRj3nq\/RPsEA6C4W+4l7Yb2Q+t\/rGxDvAreWu6lw7r0fJV+s3RVQJy+tEW28PRfLsTsQmCiDcS3zHb84scMnkwv5bvftQiTHPxbXfuzIT64fpwltpQEBi3fJ3wBTXCGnFFnw7Nsf4\/JCCbl8lJDqInzgCs+\/Y\/bv7BFYE5WwvyQhhVAkY54ihB2e1U2DYdn7Zqiluxkz6gTqo9t0goC9XZwhqTLhcNfKD0XB23eFaY3KoEPWuPes1Ne6OhOBQfjbGBHAapLo8KpRyV6yba5+B3oKegQAyfeyrNROon4pshqrtlR67NkthaTNhbaMWzCPQYQ69NKAHv4GZAavtCgzoyw0xfFk74LvRxAfWd5OtjPWFSoU9lQ+1mdU\/bOKC6O4VAOilWKe6QbrEStrVui1p\/aQNyqAYvjHwGeocuQw5Apru2zL4CCg9jzkD4KS\/jN+UCk46yLdkn5Ubz2Y\/4Tqj5walihAnanr74XvviJcs00s6SbGZQRIQnGnA5QboJY2HvdZJa5px5WoWlaAtRNSjKOb8VqvcsOTB2gm51ybY2P8hwH3e8MTnT6NSTQUYxd9MKuGbtBlaY4If+PpqrBCmLTLCDHV17kk1VWuNwxmBudJ5goE4YQONWMQUK3S3Ul6LG6ZXlHy88HhO5x8L0R8jS+WOFGP6zSoYvhB8OXq99sB9qjRABZmtgMm6tlllhZ6+KyV6yl0udz2oNhS2Hk09RxStU8\/YuG1qMWFdf1q4PbwgPZ\/SEU8YEQ\/gK\/b3lzjqtkntdDToIJ29938u4+Oea0Z6Ovn9IPTGyjlhkBTrCdjCsinWeEj2Cr6kqLjEOPd09mljIQf3aovLDbm2AUoZWafgLqoeW0JnEY2b\/2gwE5NpGc2iu38L1nWR8EcAN\/w88hux95l3UfaGjHKlj3FFO34BXqnrmch2I8X4qZ\/Xqx0WznIwTUj71m8E95Pb58bFksDsyDw=="} 01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434585935,"flow_src_last_pkt_time":1603816434585935,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434585935,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00843{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434586380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586380,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434586380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434586380,"pkt":"pJGxgjQ5PKn0qB\/sht1gDM4pBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrnAkRUQTYkaDFCgoKCghrDAA38OgwkgAARL4V7fWqJD97ugGiMo3hEbsI2+6\/SpwaiwHfJYhBwe8nlBeC2wTuSe5rZV7amDM9N\/ui5SRbMnMa4jgRbgv6T7FxocLh78\/\/47xNpYbQ5OnVlvNw6YvcG6V3D9lglGS7SGlN5I9EKjcJ6eJNC\/yHA+fna1KNRS6W4dCmPZfMeeRKhPbnKLP\/zD\/hQ9u8WpY9sQzK7DxdC06QgW5OFPLciatcrURwr8u743b7gflxyjWj2XMTb8+OZThPj0RJwH3mLn1aP+ys3uq61x1VUHQw18JbP+jOhfjr5+O\/DOmynEaj9yDtlT8pCQmkvZjKW+qGdVHgPAjMhELPJZM+CKVtQWm40oviKQmQrLioe2xR08VjBsCQ33vDOtlEGlAArjadOrMBFc2+XUcBiGRd32aXmUR89tCzI1B+GouNtIblHFiotduRGiNABGg+3Qc29eltQIl3PdSG\/mv6xeCbqRlmFNb1hZDT0EPrntyPIWcXzd7I6R9yH\/OcuERuArM+R4UUu7HVGq3VOIpyJl\/8vVA0PxAitJPE3y7Z8KBR5Uk9ypmv2LBTFbQqleqxK9NsAkl7SzAMl4vTV6UfLWkE4v+lvbSNEQ+7\/h05HZdmM+ow0IuI\/BgPpOsDVtV1aa5VzDkkk9VWQdMUFySvpiE3OHVn9TUuuM9z5aYjx1qv5iZjNaxwGxQ2y+LC+sSOXYRfbtK34ZuCzCSfwzTrrGUTngeMOBfoZ0Xj\/ocEK17WUvslg9MAtjR1Gt3CBgVFOL0OMDBH4AMY+AhGxe0SgGsm9XvIgfhBa9vjDgpW2bJ0dEWPHP5qrAgfuKrrDizOESiLnlVMmMFXOgizTrGewuj0m\/x9ORClQAI0lFK+zVYRJsDUDjl8s8kMpL4rhzj3idhtdVWCdH8wFTr8WuyJ56hOdItfnc01ZNE8WReW4m6xZikAeggNMeWiKtQq+jfhT6qhFmDdif53uwIz3lMDO2crL14B2fVYDgPMUN05glordSj1PZRZS0OPJgjhG1Hs262PpADEzmqa1d8PWOn7489KV\/wKRhTXTO8HK3lkd68JU4rMEIXRiF4qH\/eZSGMgWSgdLEk9Ag7IV4F4aQpdDeOkRKGB\/bEnoIBfiBauwiLbdlgdD\/c47VmgQoRcvQk5GsUx0U0+wFCL\/ZkzcmI3DYCHTfNkG2aEAA+xvCWzWICgkMC5+W19MUzCoMuKizeg1ma9CdQgrL4sjg3iELKoYVCphaaL\/n3OYJYWvTTKTbT6OOq7SWtEDlUmidq13+s7Sl3Yj+afjtbetPkC\/8CAhhTxZQSPMQ1Ni1uSCgMYa8Y4VkddiZbjqAaSZzKfWrctUQrKqIadtSGNHtMQqjpEIWiMo8o\/UgBofbs5Kg3B8jC+JxO7Ld\/FGGhuabdGKUSF\/ZtUgLnPcGEW5kKFktT1D6fxQMfKzarearkPRdC9eF2UogCyGsrOxI\/GFB3vpOggGgWFiIo78PmOU0twqHHZC0t0srjfWKBrf\/fzPkN55ufN73EVurA0pU1TeEWhtid5II3hk9ekWAYMe+fHTtyW461m2tjhK9mczMG6wWszN2qKL3rLagh+IX9s8CJGYkrmfOhgpW1AdBPHq6OvvD7s1\/95DBb3hQ=="} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434586380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586380,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434586380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586380,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00838{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586718,"flow_src_last_pkt_time":1603816434586718,"flow_dst_last_pkt_time":1603816434586718,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586718,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434586718,"flow_dst_last_pkt_time":1603816434586718,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434586718,"pkt":"pJGxgjQ5PKn0qB\/sht1gAlC2BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWmsgBuwTYjDrICgoKCgjzgkejWnQFTwAARL7AEcGzrGiFbLDVVitPMjpX6T6us8klH0LZdsk33gK4kca790hWc9lEqiHw2zuG3cvmTx4edwCefhx9uVFQHbwCX7OdVaAKALQsTDf2esUnZnHqAVwqfHs0alGH87lg8LOQYMLCyJ5o4796Hi54oLNHvp1iBOlawAP1QQwkOrhTac81Z\/3lqw5txy4fqI2ulRUcc8HMVbAvriqgCRBafLPQysmCOVqjinACocPdi0ZP1pUx0qn0+kKcTF+7gFuANdSw5ZrXDF5v6YKUxiJ6vSw8Hy7vrpHpUiN+5fprlESKduOvuve2w8S0Rn1T\/QCLnqgsvW4zVX2obPqKMBoLM0FaRFm0tupv3jD2Bo6wMhEP7UVS6LQVCbX\/F5hZ42FQPL174ha0Yjp7fot\/ow92n0s8sDYpXdyVzzUtmI9H59mtClZBkXIm4hCy5YwKUBE5Htf0HL6v7tX\/C56I4bHgjD1kXDqKwEusnGxfxLkbm5cB84\/UPVfX54l5AlcUWrKt\/sWPHXza3lrXmjl3iKLayJGvSvxgwAyLdj+1dAf2mHjT3T9ZeLg4TPyNz17SLyKDROZpbuZtC2zCbnl+NoReuXxIIu553FeA7K1Fq06E+HYHhMw9+fWseAQfiQhoIBqlHGL+6zzFwJx8LqsX2kF9IlqJJkfGxh2dCK8J4o5uVhtnU3J2xj0GDXLtBrNSCk7DDd67hChkNkJ\/zra77RGExcKdo9KUDUUYykOLFAbdNAsP9djZJfE2+FIW26Q0ve6PvxjGma3cI1DAbfodw3x7gmpMenGXbAesto3GigfY8Dqk5DyVN2us4Q8jxijjrwa1uGb6WCWFIbPGsRxa2EtoUIAHsP\/pagnvZR1tK2myhxOFZczPeNlpxk1o3SOIXdZrMfCNqe8UgV89dZHklMi3hgQCyoO5n2p9n2UNtckDsulzdkWAkN7ELjfKSw3xLKX8QYYwRNZkrnslYV\/gNUyPn\/DAHxcrYsCggnVPpcMfjQHnjiySyU7agWUfxfnrK5KR0Hz1uxcerQD9r2dHrU5GwRgAJqiERgTrm61j0\/9g6EnJzaJxnY2YL\/8StPHOT4TbswEzgPxmOMhq3B3NyVJmRRvGKyoWosF33+eeRJZtqDmGzt7Y\/QslvmPGsoNyGhIfWD4qHCWm8JN2zWi8NKuiyFpgsC\/gseqp2COjYeHLzTsHE8Lb24ziOBbxiS8nhlUeyvkTXTnPgtpZev\/ducm+wW0A+YY2gp+9vovT+lMYKPoIIeW89qmvsTK34QrhAHBV8Gdi7IG6oE67NdkIrFleG4EtBQyuNTVG\/Hni6IlsFEhmcMOi9gtqRQF0bots7U2r2su6TX5cs\/tWsUtfcKDq01p1Oi+UeZRz\/V+lKX5GfCRE\/JIN8wqGMoYFzwTiwgXQFJuV\/tc8U4uoRYgnau5MAB9+BYOU44CnqwsIla5AaVfMisOMnVZhANbfOkDwWOMuBcFcvM4iPJEdLrpJXtiL7lozz\/DNjHrb6qIdiWBMUyCod\/1w5XY81jvBVw6EPdS52X\/61VYwnM6etnlrj2efLI9zOedaqcKmUUuU5hMhqfCCW6Ds62KH8dV8j+mD8L1skbcaPGiQBq8L77krzCDv+w=="} 01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586718,"flow_src_last_pkt_time":1603816434586718,"flow_dst_last_pkt_time":1603816434586718,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586718,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -74,7 +74,7 @@ 01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434595118,"flow_src_last_pkt_time":1603816434595118,"flow_dst_last_pkt_time":1603816434595118,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434595118,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434599720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599720,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434599720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434599720,"pkt":"pJGxgjQ5PKn0qB\/sht1gBgPLBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPy3ARUgTYU5HKCgoKCgjzn\/uzo5TjaQAARL4oIwXE1bV3X2RQF+ON3RTsnJX4an3jVlQ7KRPGPw\/cd1gZtN4yjes7ivlyOcq2vm957CNTb4Z32AWph+bIp0qE95znKWOclgtBgRpaMvlLDlaUbTJ1Kjqhg7PudTMGHo8kc8ERMms7zx2J4fSxALfbKS3w04Pkl3fNYWkwJZG9jA2z+7UujsQZ2YxzLHhbiMSZctmG+MqTnAcyQxUOVqOLFrLaBhAxisgQ5MezG68hwcDBiS0ypz8ByM9sY1JtZ4VMrD6ux21WiJ\/gTvOv91V5Grp5XnTWdbnNLG7GrfS3jGjTn2Un\/r3WCKJ0WajhNLHmPUR9BFLSVFG5JiyNgIWA0\/HgJTXD99jRhJkBHyvLeL3j9ePlCvGQ9KCY7A+MdgP5+hrP1QLH82VspHtB2VvSSvMREFxd8jKlKrGybrolBflILJX4GGJlg2hWcC+HeiZGufy5yPCOCbIVpSVQOMyBBe\/Ph0aL\/4q+E+2qJVdBHso12q7ZRf3KyV6KD\/C8p1m5HJ5lk4kmjjCsWakG5crp0wLCKMw1zK5GEWknO8UExqKvojXXFzU2Be74eZgjrj394KHSeeH524syPc8swoO75W7hTdsrJB\/rbuBB+sKBiDCauvTcD0r\/ZL2kwgN2l\/QahiKQcXG7cPXaL3PMAV+\/0HhLKSqjypOevG9iWlPhJOE9CkOrIJqW9G8TK1GKGdKLlPqAZLZ9m71TcFKjQ2zo2h9JsVhhsxqsVTUojf9bVe63KowZvJiNw7kbG5Dx9zv3qk76Scw0pW+2ZZHPjdRZTjmKSA5Y+PYOoxxOicDP9ZVOp+8YwJbnh4YepP36tZkoI4e5hYmgEwZOjt6Yo4GxIrGzuNcUfaa96FJIqS3n0i7MAiXzBsvTUSDnlPJz08s7uoWN3Db9JOSBxZX5qHn+WlZCt6oEKkU8FdQI+7reYK7AI5cK+7Fg6zvWA0dR4F7VGaHhGDIqy3gLf7KmEEyWYRoePUORLvgVC8XTilGAf6Bjlqx9PRGxm0Ja\/4HplWikLpRAYamguRrJONKI6nEhSn9lO27tMAcOTn8Tf6RTu95+ny6hbgPd\/mMKokSGNF7UUtZjCk6cbVH3J7cHgGQXOTjQysmlrFxV2bF8LUmKKxWDOYfmVKmHvf7ramU2h+1zK66w6qsQI2OFBYV6F\/QBKPRxAQlchq5r5kgySGLxmw3m6+Sf6hz7sbVIbyNA36ENRVuZXdVSayaI5VXU677nJtG12s5uEZtWJqnu3YVN\/KK+kE1AeI06S1byEfRfdS5qQoFDC+c6GGJFo5dVEZxLnoVZC3EhBh7dWvLthE6jKMd3CbXVgnSRl9JPjiWwsbn7FBHeycKSDuew5OQ1HtZpeRUJUk5nMgSUOUI0YZ50IJIEFtw5YNao7Ddw10e\/\/nmynctyewik6Tvc8zLrSWaSqgViA6i2PaP6Pv2MZCMyK\/X3XqMdRGKXZs\/jr8\/dMBZX3F\/DYmeMdlamiU1RcDJHP8r+9yBXO9yUXOhN7Pnl31zJ6vG4vR0yXekz\/kuQnX3VMYt3WopVdGtyLE43Smp\/Tz11cx6MymTg0YsqpJ+vSsiBwEm1Kebt\/+JMBAhlGhj5jM9y3tuD9xf5ApCnIw=="} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434599720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599720,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434599720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599720,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599728,"flow_src_last_pkt_time":1603816434599728,"flow_dst_last_pkt_time":1603816434599728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599728,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434599728,"flow_dst_last_pkt_time":1603816434599728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434599728,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8YxAAEAREMXAqAGAR8opqZMdEVEE7ChGywoKCgoIqaWx\/UJ+JLQAAETSRegWnRcPLKk7uYLS8VZ6A+zIwJb1mPqvy2MKL3Tt2jbz4sn5hDNSysWyy0Q1vrUZJyUEmOGV1jj\/0B2GZUMMnU+bx4P64TDztfWRCEsX9xqURkrteqGz6ltOPoTMK6uGDuQl8788DuRU6AkQ1v9y\/IX5DuObM3NrRxVsTfrPVsxKWrlvhhc8+bzP4RcGvyJ\/YYHHHWv8RiMZV8ZiNqzD\/Tz+RFWP04TpQ4H0wJGgAkCU7iYd4ab1bDvSCbzjD468MBlMvdV6E9+6rcgmFKBMzQQdE+3VD+cPof5Frq5N6HQby2yYtJudG6NrUX73fAa2KQZnzYR4AbsJmaaX8pjzhRDzDU9lkoPYf4Oc4\/nC0DEA60ezuIdY6ti8wvtU78brnoSIwXQNufJ3MzKMZWZJpg9zM9qPOZYsquFKurbo78k5\/rJeEvIak8OZ1yOE2HfW77PYo2g+KEWaP\/fvQAQmwoeHxVcoRheC4X\/2hnLsZC4VDGWTctTohPZkhIIguZevQcdGStgdNPOoe23oCG+cigtTE2XZqR98GoabuEhLVpX8IFbc399f2Ed3R9zv0BqRW7l9W+VGBCK8l7hYQJcjAGrqb6UxP9n5twWwwy63e4tac05Mv3YxsBf\/gpWY1CeGoH4A3AOIfnYfHjCBkCKDei184tAdAwJXAV8xwNIvdB1dw3Mc68J\/Pfqo1EfLZjZfaNqOe3f8viMQO4rriT8gdNtZ0CgbJJiTTs0v3CCooFyBSmtQOJYSnaqzYT+uTl0hY8Pv7OC+YTEfEJsGmbz3bNDq8LTl15HzHDF6\/S0tKU8O8InGVtk\/4xlinam6Cr3IODbyJ4bhBkIKy8MFcG+qdHGW4VYXvs5ZK3HFwh9xB\/co3gy3WkEyPgUxAVTluIvDqC8K6I1mGrN5z9mmI7+cQWr+bnYAVDEJN4rmkUxjOxyuiiOc+eUaT617fUn1I8bpVOZvNmAr\/m0w4TmV040UAJX8kNuv73I76cuzAXTqPGp1OIlB8p\/rUaLeRtwOv26NjRPMlDjdM\/2\/Ilg8tpUGW7j\/eqU5QmqHo\/Tiz3kNBpIfGMBMuOWA\/+PbBvi4AgIZ5msvRnQ6tvRm+GWBEDzs\/IRYnKTailefoHxjXB0DNFDc4zDa+tiGPQt7PmYE5fk8D2cP4OlLJtPGya0qenuuBZpE+9egccg6vsbROrFnslZRL6+0pFRqbKJZSvkqUbHUrlE\/JfB\/RdVa6sOFQkyGbFLPZtdG76DZnk7EFNB+78rrmYjzs6QdbL0HyurZ1UeWbBWI2fQCt4n30u475\/uIDFvQNfHznThYw1T3lHUvAqHOyJ\/ccQ7CPkJlpFBs41COx+7rd4GKmxiD62jg+b4QoriC8bYd6M7zXH9NxgT2wgi7+ApxeYKupXdFHK42Vnp2KF58erKh\/QyLOmaga5TR43mFPJ1U4Glvlilv1YLFtMnz+s5m3xpG9nXQX\/uLnoR+QzZ7ZpahZpcCH3jpOUBrBQLDS3SRPYGHiIfQ3MTxt\/K2HL9xf8n7chjG+XDpVfD+Ow4ZDOisoboLR0pMTJoCSzc7NiqX5QJC8lHEJcQJ84dLF0V8eZdiDwD0a\/E3DacaQJIW+8v0unPtOxdaQoXsSVsGNysZHm0clQcBwxWaX8rC0w=="} 01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599728,"flow_src_last_pkt_time":1603816434599728,"flow_dst_last_pkt_time":1603816434599728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599728,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -124,7 +124,7 @@ 01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434643783,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434643783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434643783,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434648476,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434648476,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434648476,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434648476,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVWdAAEARtqvAqAGAEr1U9YhXAbsE7B\/jxQoKCgoI8ujrluq3MPgAAETSSw3nndZy2B\/JR\/aFheBm1Am1dhHdGKFX4rQi398jOJ+Jn+ueiHb2+ayhrixzGiiTN9ufhk4Lx76CWjuYMe1esceEF2U0qEsZzm5HKOUSMwSJ5RaG7eBb\/NGtId7Q6oJPV32C4GXJOjD2zUmbaepzk+oaGFaN7rBeaveWtYLwkm3MCtZ9ixGvt1GVcZjsd3UxnGM0OVZjCX0r80DcWyuTZ+venG\/PF8dpMDihqsZpbR3kCGTkK2uMnVKt5rsbq8Q3DZ4G5gYRlETl0tKNNk\/HmutyUjflzkkuvzr4zZfbMn0fPfDD0j7mcNxEYvvd0jng9gG7f2g5c2cWdEOeL32TJuGaUD4LxEgTmtQ74vLlqJ2jtPbB5cHftJfgjUFjPeNm\/TPJhWl+3\/2FaFh7UtvKIQZYWOKggBRpbC9DfYZGBlcBdT4cVCcoYVYvdnofibyJj7qvtk9aBhQ8X8haBJHnwUiu9Fh6LP38l6DOudy0wo3ZglGsYmVQyJ13TOTkHezaV+ftjH2Ic2\/kdq8i3gBc5XmSKkmTiDbR3CJC6bVKLX4YKbycr7PwvmeAgaIww6YUv5UVh+vhnxqslyCYJ54KMPJqDqUt8WhJ8Cyji43HCRRNG5kipptq8jUrAU8gnwzNfotH5yFDF+SAJ3QrzY\/5UXiv\/luWN+jwEASOuxa49aAiqVUa6A2J9z+IULgzW9aUufnh8e6ojNPCROl0NOCqRnl5cZCiCryKj\/+UTBEx39zm8tG1rMtKw8QCLVg0thBdHS0CguNqIcZrFjoob99Ht9nweYVHyIifEGHrneZFx6IaFg2N2+vqZttN1BPnlJwB5SkjsSGnctAq0WWDJg53X0egLh7DxbpeFvo\/PmlH\/qw8mjFt+NYPN0Ckt589t68fWjAbTRqz6xR6iPzgtt26G5g9GSc+owtcPOoKDSY+FtfvQEy2FDAKor8oRuyToRIFoS3GHrsVAzOLHHMrzcmpnrq0hajchpZRX9\/japhKPdmJTqsBb+ql5oZkXtBdENW3VUtixBzrUWiVbOkyqYBTjYwbASaX1s4B0v9Dw3fdaQktg0huYIDe3RIztuWGLVXFqL3kiPstObyRA8wmGdfn5WqodpZ8U9Vfz6QFfvCBcYE1\/TFuOxsVuCGHj1fKdzqDxFgpT\/6zI3IgHHNl0RstA3RkolWL6H0I5f1KqOUjo7bKGh\/fgABUsvMtkL2jljWloerb\/OyZ8cMJbX4NbVoNGdWP6RjJXhmtbLlmGjr\/nG9lw0JPerfXWXztQQ84uR0ZUAsCJbt6PCEcektnL94QlE49op9jLT5v5WzhOshdDsHI9kPLgiBlXhxtuB\/4fh64dFKwIV\/bkeadS+6vx09Jc7DjJDplds16bxuhHniXD1+VLQYqMNvLfkmfXTcvt+DCDI5+MtT64WEYlvBN\/oRfvKNXOlpG0nbSIxax56Y8i7ywQwgVXRD\/tgIY5hSIvokl8C2Vtnw0ocpu1kRHmBam5VO2gvUlslhf1v2Z1lhZ3ZHKYC+go+hJTIN8eMiQlcB94ueuvx1ZXgPZAWpEgcGBa59R7aGipRkAIOU7VFYiFm+JgHn0wlJi1ePUMn2SyyfRo+5s5CeNkA7rfixGxD37LoDcJtDM1uCusOgWzzaoPX\/WMg=="} -00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434648476,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434648476,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434648476,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434648476,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434602877,"flow_dst_last_pkt_time":1603816434650048,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_usec":1603816434650048,"pkt":"PKn0qB\/spJGxgjQ5ht1gDoRdACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVHuNwArYcCQAAAAAAAIF6TDw+yG4BdFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="} 00839{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434652977,"flow_src_last_pkt_time":1603816434652977,"flow_dst_last_pkt_time":1603816434652977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434652977,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02221{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434652977,"flow_dst_last_pkt_time":1603816434652977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434652977,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVD8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWsxwRUQTYTRjACgoKCgjaL32MZj\/FsgAARL5kzfCcIzgmsxjP0G4DqL4uwGMN6uFXlzXIqULUmbWkTZimqkIWYk5J+U1Tm2aqd1MjW9rzMqELFmlAhlXckjXGsH+Agbi5yNw7OuSd0A2jkDOUIsWCSOJHKlMr0ObsMh5yal2tl2VuEVfSE0qsFV7WLAeEJZABZmjJDxwfk918siEfP+aSaQvEgBBkJ84hGcxa0pyg3zr9AdvoDzmITNfcVD\/SbxorVKGQTTyoV2KjJ4ODNMmCAzaGCyDD6BHN+TqaVnIG75iUky\/i00OWO2itqTOK5MK0gg\/F4dmZXxYm544SXt3mEIMn\/KiT58TB8AnvvoMM+zDcLjD2voYO7w6nQ7vjIZtfT9m3XWOP8J9F0bvPBS9+vGZTprqiR2e6PBnSg0KmchSjlKU1RP+jKuqXA5YZOjOGqV6O\/fewKbV40io0i1J+NIHqJBZhd5bjjAjtEL0\/jGHCJT8+kHWQVRnVxvJTULFHfSoFaOv0\/FAPPgQmAsV\/e7ePRse7PiP7AO9qzUpNTBIaRi7R7yEx60bIoFeYOSNhxPoca1fCTIiqpbf\/Lysq6HvKKUzNT0W7O4lfkb\/ZC1VhUlt7Od+qJCiRwXxU9D\/42IwUin8sjlUvg+KRX5ulSQOPGOYufZ92sil2AWQyHIIFULLz407V9+RW+9E6Q7FjwFkZOFtY3aV1T\/8FTKaaOHGLazcJjKUaGZC8AA2F6I9PGcFFC9RAXizVtqzUQ+iviDhJ+goUzdUB1agAa\/MIn7DGkbkQVOtD+1M6CKkE7hHdmiQ9n16NW3fCjz4YqlEqNM80RgogewW7AOxtVLzwj56n0cG2wRWB+HawQfkQIDtIJqSHPWB9OkV6tfXkJfbT2wlbh\/rfKSskLrk1sbYzY1PIDNmPjLRCZBVWmCYLPffYkG+b4MwNHB\/vAIrvElJ1puJF7jpzzegk3uRCXIKeAvnSIueoT+dVtLnf0DjT1SjmwFUtovRpxxTHtgK78PEBaNK+CFnXBiyxXF88QJhaPeav6oIj92LBjRUaBtpFYrGT7ukwX0CZJH6ss8DKRBYG8o1LXxAiSMdCM85xU\/D1l5JAQtiGzlNDH3qXy62dPdPRzmBTdsEvCTu1SJ4aTQ5HqZkZ8mdXkv1vSCrhXtjNjyM9ISkMXQl7Fv4snypY5dWEXtwWFf\/DXWrXLzy8bkZnUz7iRb5Ma6ol5Xky3YnWYit6Oy8bYeuXHVcQl7yxHmQFX9vlhcsmh3du6Au3WEc7fVr5+pChwI9eXXokYUBC373Pa\/y2+Tfslyg9\/dYBdfu3HiD4BKHBgCptEzxjJJoRocgeQEgIyTxnLazyy7tsTNsUIYjWNFhWoL2xJFntqowob7P44+WFAm6ZkZovEYYNmSKqBxSG9wAPXekCbXtH\/b+TOIK9+1XfTT1IrbkxQYHWASoekr6WZeU4jYlWrrn8X8ujjTBW3jswDbT7J2Z+rUudTp2RtVzFLtpsMRieCSQBEact92jCCupbg43ThfRz5r1sA\/97BYUtprJqYvONm9iufuMRRuGLpd5h9EBpE9lEEKcLT0QIsIjALGWNfhWnZdIJLXqAQgypProR3AsmTwuLfn7lEfngyfzJ6wUdezbTEtlDAdR3wg=="} @@ -148,7 +148,7 @@ 01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670390,"flow_src_last_pkt_time":1603816434670390,"flow_dst_last_pkt_time":1603816434670390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670390,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00843{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816434670583,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670583,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434670583,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434670583,"pkt":"pJGxgjQ5PKn0qB\/sht1gBxOBBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYLLrDCgoKCgiO5tu+VRPaUgAARL67x5+yoY3pY0MJItv\/fgrN1Aqjc+LGtbVLhqvz564YTYsK8b+1F2va9jRV8nEV+5OOHqmqaHlOCYYabeXxngu7jBV+i2zDD5mXOeNwP0vYEvtnoouvzEl7eLb5EE0+MuDiJt84m7jpfeD9j3nru+ZcUw2gN2lqFsUahOHFHxiiMRzquZrGDqevIu7WfSfXXUaDgMbSDA6CvWRjCP72DFgLsQ\/11QQP633nQ0SLKipyJqDr4JvqJmirsRRFK4Y2O1d4rwaWvjBQJbZEvrKGBhUisRe4vJCgt83q62hhhVwI+BmOHGZwcH1NeIw9OfXzIkzF9MfEbO7hX8+HXuUKtpvyJorRIV9+dNth0bRPExaC9oZ6eQgb4KnoyGQunWwMuV7XDIWVGPpUovXJ6L3rc7vDqV0O33okP\/XwzTuMfNCRModoaAMilI37jOSGD70L7Ukxtnkod00xzN\/rRqaOySSScNetQaqN\/b8SumEm0AclR2UEqVCZ\/oFDQW3dlFzOPiolM3TYJHmvPtQ07FoMBnxweA07DzM\/nlIehmUnkDIdfazZlo2WaXyT4kUCXiWSLkyBIKG6OPjGqxQRCjx7pyzScO\/zoIapRT5uA7FxkYfHjnUDRA4N+uhKsfgAHpDGOcVNfY46rti9HRBS+MLjtON8leaOxJHim+wQ0EeQlwbDu7H0Zej1LnLoFqMDWvyz+oUpsvxNgc\/S6MeDK9+JJrebwrhDc+tkmOK548PY4XvYXrqaTGIAivVpHbXZ3zU4Se3IsLa2rpf9EZv0u9D4VcFJRqv2B5CpAl42JhgNb9SlY4QjX\/zYb6IVVivP8oR+boam1SbalhEukEzoSf5vlgVVBVsupKLEgg8QJ4aPvxMTspsMlgkwzLYOK4L5ecOdzbax+0i5aGOmAs30VE0cR4zt2Dxp0GDF2dDg\/9qdw\/BFFFjufPPrjL58CEC5anG+0PnjLNiz99f9A5oIivUVqwWvAEBh3kOUatfc99UXPxAS5VMTgfEOgcxECNa+3dG45igyiOYw0SklHmGfzdommYyu2F0JXKQZKPR4P7uTdH4l9rTKALyu5hrveJCLxlBPzHhp5XxWlFHpXE7yqKl6JoqWNO9m4KnOkD1SiE0BK4iBcHTagyf\/j7KuNtCJQUEjQ59\/x7ZF1iPKFPPyQ+DFZfS4ZMMJAdRuce7PfZ2jZfkuletLSo94qexc6EAps2f0\/fcQwBTkA1Pa7cpknrlPE6nDQwDmYjfxjl2FPTHYb04B\/4LG+OuYH1R8tH+E5cKey0fYaMhnlyRtm7l4zhxXh88eVjpaZDsIoW7JAZhBUfEztlZ0AOc8r\/vP+qFhB8f0D7eEfpR8bO8\/EgtwQtTbuBaw0z2uWUEDIaafMNhsQ1f4mmfFO2liKZH6G6GRfv99KKrH35jUxqsjJeBwQM\/EJ113jCKlIApAONDGVtmrUbUM7eAMD4vuRho9kE\/w49GkWM1RjqkESV8QnS5lO0lusZRdgG0jcilTPBNKWvJtuU+BOtxOeZOoU0KAQk0iRVOjpxTJNLkEFDMqLOTl4GP6l1DPyRiUIbC9dxVJliklcqIHHcx9Son3\/0eV4Dlc9XMJzUFYLYDpip1il7dd3MOMzw=="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816434670583,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670583,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816434670583,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670583,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670588,"flow_src_last_pkt_time":1603816434670588,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670588,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434670588,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434670588,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCJAAEARDmPAqAGAjOM0XK5LEVEE7HYoyAoKCgoIlk3\/sw8\/b8wAAETStyAajltT68+ELYCklsRAAPKAhQKMXFJKXjIBWFRGvhiDbyM2RmA52mTO4kP\/LrjWRFOsZXPJwPYxhAgmyxVp2EaKhvInx5Lw6HoctLCI997uZ1ErbFrvVx2kMNsPbvf0c3KMKg04dEw3CGmIj1nwwAV3TplnDlLA8nGhigvTtzDcOYuThyFe7PNCKGoMhnIJglojVVIsBdMJYdSb90I\/+fQVaZ\/MIgmBIoSGWUE5ZAGntmDgtp0dgmx\/\/p7O+2ApCOoZi2+ZG1i32q4n752EIFh9R1W9\/09HXsuHjyhRiyoUZgqfvLkrSOvdv2ZApV3VMcrOD182D\/IFqwmSJhEKqa3Gz0XQ7x1AhDvKB\/98pdfLJuGPyAwXeMf3RbsjoJ7UbwIjIEtg2aJPV4zFaASkuBedOA0xRnIgegCv4bmWgElYnQC3X2r85hddZMtDhxN4hidUWYN\/uvDzyKGj38LAsQE2LOY\/U4yjUes\/A4X3Db4RMeoGGuaTPx8vHEhWcAZIkak3bdmdfUCKhTRw1Sobn\/0WZO3JeU\/O3LN6aaFNpd44oi+fv1YoqhJLtxNGYHj6lTz\/xWvwh\/5OpWupvnaRJw140wePCUI03nAaDAbvdgZhJxJUM9Ez2imcu\/DPUQxAcI87gwO9rHzyEFTZvBE2fYXUdWQ\/lBLvDIIIlbqrIBwZN4Rm1K7rJEsqaSGAetVKqYqrotg3G0Xv61dakHj\/9j5SGgi\/fc4wYQ4pRjWW7gItXzVqCglacLb3JoibdGgtA9WYGsZizewIUhH3c6imISZ6jCjLrzmXYytkHa2NT60DFmqp\/vbUzMpbFIHZoMMMlZrZErLgQqwcQrIy3BrvnbjZx8ZBklzbGPAwWqCy+HTuUfRLftp\/kFiVk1D\/72KMbyr6s7Bkxhgo4bI7zvMOHUidZ2hdC7UGsUUF\/x5smJeYW4wNdHD5iv58qpr6HaH2Rdza4ULK\/pyl75oX9CDKuX6jrGDlbgHOykS1bvJCTRfYwBjtGXraF58jEQVZJJ6HImPxPLTVvhi1weX0G57pwdQK\/6eBVH95xHZHTJaU4Kw3RS3xIWdjP6LitM0DZwW6TtS3P2G33o2Wkp7Fc9Y1dXTKUMs0nCmH9d7CCnjVWLYi1dhtz+Tta6lf48tU\/Qqf+zHItaHY7LtapxEIIsNEmVNQuXDZMbBZtU9UWcCYPTIXOZsOuWi+KlnlEVjhzxN\/kL7Rx56YZNVto9cOmH\/bByewHjhP8N44u7cip7U0HR+jmMmuxSSFw8RHPveSA9s0JovEVcJmQ19M5ynV7yxMWdfjeOMYtsTVM0tONAfzs92B1HE+34bwQSIOaG8X7No01hV+V\/yj+dryeODPmr1LKIAJ\/MbgypzFmTw29gDvyUBXq+ZwqdS3iCKSfowPes0BSJPSzSUi4Z4dIaBSLQpt9PNBOgH0m+JbP5PlkMRT2nmJjGR3PzvdWiWmCFTAb5JDoyjuyFHdi3lWKONx+lFmzZJwxs+UMErRJBVTz8V6tf9wiTJCTFmYGF4UgB\/CTJx3DI6wbo9X53d0S0QTy3dGXJZO\/H8qOsGI8aNw1qzLXLU6KpohKtMy7TWM8yk8onvWWarA524pLpTHLJknBb\/q73gznwGfXGsA9dvY+vw8XuLELA=="} 01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670588,"flow_src_last_pkt_time":1603816434670588,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670588,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -160,7 +160,7 @@ 01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434677860,"flow_src_last_pkt_time":1603816434677860,"flow_dst_last_pkt_time":1603816434677860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434677860,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434678156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434678156,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434678156,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434678156,"pkt":"pJGxgjQ5PKn0qB\/sht1gAjrXBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPlfoRUQTYrGTHCgoKCghDKzGtBgOvzAAARL61MEV7YMQkWdmZghiuiQz1o5QNdpzYuutf\/wdJhEZL1cudV76JEdjtP0Y3OyHIvIbsmMmNX4mYnmIsf1njial3e905frw0uHyw4\/f+5H0ef2WAdacdKOP40DoDeuCFxQz4bIKDgm8hBJ7vkD1IMm7AaEpvUQhSLgN8f+x+sA9RH+TmObL9fghOs+eNxWf96HoP4pMWR3XqHFfSqIk5FX3TNVvr+riiEz6IuctzVwm\/zqWSmC9dmXci8Fui7Q8OxkH6gLCU+aYM9wrrVZJ9j5ya5VCMnDAttNuuPdq5z4cDdXloIyyGypYPGlULxwG65oqg8RxhEo29up9ffJVpEaQX8UGyxOt3ZFGPweILYH6rNyUpje\/uB9d\/2Tqi9fZfaLpagN9mrVHJYMlLvkjpSaeasCrG6FDs+Nh7j2i5xAxuAkQ0xK7QS1Hlggg20h5t9cMg6O780ayQOD4SQCU+0AR1BtVV6iTy8Q0dm9tIpKWeNO7CSURoIrvTXKHBx5OXHuDteNJNabHxEW6\/e\/OGRw8IMWO65lgJPUK\/p\/99LM38gOa9gV2dzOdfDcRMvpSWbp3E44GpcUzlsSO+wF7JBY6P9esQ3iafS\/xZ5rdGYm06lyYTCDffm6X4KxkSuGJfTJKvPfMGPtO7M1PMG\/4y9kmbFwotO70O3qzn76AeIsqparz4gqE2VEl8QpfdxQliRyqZUZsoWB5UziEcGYDOQAbZw0c82QzSgLib58kPXBug4vmPNM71D9PmG+ZxduAFDFdu7EkUfNSxMfR6hOQumdYRVQ+J+QuJvYZ4r8AlRlJcX6HQpLdQXTOStQMDY7ErsX3+lkhbFCkOUvVD1zPSZ3X9i\/Jl3XL5dbrTO0oYnJiNAJHokvd9x91UJlo5E9+m85+BWm+iMzm3+6bNRAaSQKQrjdjennHLWo7GXNi4AtuurC53Pep+V5GsYHEa33KdpNHgca7X0HexhNHc2ElVJlmKiO9osCGww9ceX9y1pVU1v4UF5cspUvQ5RkcxirKgmOqDN1dbnXmgpQwLWcEgtJk0m+iyn9xNTJhEsJCf4M2GThouE0XLF3rBbGR8AaMV8IgL1g4CrqnSeTXeC0TiPef5r0N5Ew0ni6DodVZqUqNOv+QdCVcZaIWofYvBzMdvqE6zhO4AzOTz4GAPej5UV34aUDRCl13vR0NWFf5GvaZquOIg2EYE\/YyJl2nILl86w\/YT7aCfJJltdrHwSxGGAm2JodfqLx42fCKG98UlucLIjp39SZj8UGSr\/xymfE+UQrmVP\/eIDKUfQ\/F9RzSEtE4Gywjiw+VYseozSQwwkW8vYlep8AwdQshSEv4BOVgTV1jTbJ7jHDu3x3W7Ka2SYTSb3Yt+KkdDWxpTmyTJioeUboa1C8BSpZMyhJwlf1bmECMTVdLKtJOVuXslMtlUCVIAqqT9OTre4ouFYJNjliLNU9F808vVjFTZqlwwQjwIeKMK9tlRJNZxnWX+u5Tmaz0QgLbCP6pKnk6GGff9hBXEoVtopyfSJnogk4UBU3qLzTqqNWTse2gikbJRX2feLSYh9ICdhs0jcaXO512YMcM3tN6524plEU+japLcwChj4baYrOQTz7NVY1HU6hrUlA=="} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434678156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434678156,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434678156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434678156,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434679393,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434679393,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUArn9AAEARHfrAqAGAyu7cXJXeEVEE7GpTygoKCgoIN5KvB9nft6kAAETSd859O5gTcUYdl0d8aIlRj3zx4AjuKGa4ASMymO7vXZjT6sVM6pCw7HvmCO7cFlITvmBGM4kZgYz2DWfjjS2UhT8z6S+u4ZuqQnP6sPmHL0WtgrbFimoDsZXEWh5x4WsY15wAJFswtYDmxQkwEBAjgyKuyRv6VywYakyk9BNgIHVKy7BfjK1rPoWZ5w5I2hl2yWFdZ1\/dE9wNP5q3XxjhqAOQa4bzoBKefCRP60vRescDr5A1q9Gh9rEI1UxmIZexsLIorUS6jw27c7X3IRHEFYnp7damMbgudCUNTZ0D5\/x2EYQKzoV23CePPHf7CWo9eYf6XRWEJIBGs5xS8ziNV5+H6hYANEPNNnvMqWmg1CtTp6rU+5R3i7\/FA2u3qMYhl9YXtwck1Tx2THWWJnPTlV31JToDh9hcEx6ePHf\/HDVkBKTcysw+7WUh4g1S4U\/E6GwOzJUSl1j4FyQSA72MFR1nukBmK5l3E7lnPPMHE0UwlBbgRRjJIWWWMjukOyYVX7HOM8mWhaZJs8eEj1aINh\/eg4bAf1JY\/ufLTloR31S7y6OReDYCA\/J8a\/ZHMCpyo\/cgCYZnXroSqO5eUMiOd6mWZMV3WlojmNGGqUwidDXDOOAZnauH05acuiWNjN1drZ9uLl7kCD3klbBaB69xmhwOXqhlY+ov6Mo3v8dkwR3EXQE3Cj\/lQ4KJ2OrXiOlAmz\/GweVF9wuMVbg+hyvL7DdfTfw2qYLKgSNqwlGvO5T2f1lglyHLXCucOL7n\/zNjX0\/xlVOCxhUkQhgX\/XGJbbA7qxh9UXxvdZ3egx7Bshhqr1n6BUMoFOpjvUuGdgO0OjUEdRk5Gyk2HkFljHDaGm4ht4bH9hDtZ6HYm7nqyUay+Gd+WMBexYGDLQ2kaYG8GnHD4PrlcFbEvk3ju9rGX1R2QtLYbACEJdNJ\/zEc2GzZDjRz1o1gvI2iG\/x96iCGyzUz1N\/+nAKV+q5s2K22NkRxb1jIgd\/41FenkfbgFmpz0CA\/DQCyiLHlX2lw10drz3XG0f8LJfTp2vzPq\/+gH2c2gRSj2YcaBCyDTY5AKtyDkOEZKSL3C2C8JmYr4iJS8RMpB0jL35JgLPvSFgcoNymNWAjCjfeRN9n7RfdzVEX72bqAPdPKtdKHRkZOWGqcrp9n5GGjnQWG\/Jwx6RR+qXT6KecYDU2tCsKg\/XBFBnLfBCe2RP1K2zPx4D0wUdqR6tPZpisKmvW9Y3UI2tmUo9tLMaYgnRgRJ8M4\/14reEvtbK2a7xa1D+9b4yQoAoVStwjeuCruASzB76vQ7Oikq\/y28NWNAE6l7JAxtLpbUGRtWL7EwfR3329LDfnglJf6znmUiNxo5AmhhQH2+XGsnwv7e2QwJKwUtxfbSP6qjjAq\/IHu8Ph2sxgzDmxzqJS6NBD5\/rREJkwIRDPsPQN1aQTeYN2N94Pv5crstjdG+7f9DC85NWJZAJRxBLehoQTlbi\/SnUmr9i8puHfTCKc8NDOGVlMiWSfVcSKswlSyz9AjvXr\/Y+TehMUjsxQeL0lUqcIXfqPcJlum33ICV492562h19036aZai6yQ0yHgw3hE7aGMjyObE+Uh9o51GqJfXzYJ\/J3E7ReivOwkmjMio6pMVZIlFMAmLX7M2ggGLe5cHg=="} 01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434528228,"flow_src_last_pkt_time":1603816434679393,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434679393,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434680178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1603816434680178,"pkt":"PKn0qB\/spJGxgjQ5ht1gAQBvAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVLAdgAfFkT+AAAAAAAIs6FDVD5jbx4KGio6\/wAAHQ=="} @@ -179,10 +179,10 @@ 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434686051,"flow_dst_last_pkt_time":1603816434609154,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434686051,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9+cAAC0BNK0znmliwKgBgAMKTnsAAAAARQAFAF2XQAAwEYktwKgBgDOeaWKwwhFRBOz8KMwKCgoKCP1n32NN8EnlAABE0jB6HybCFUbabkBlXXQVvewn7zDYehbLSZDjKVLf8snzKJdjR\/3JsPdO+vxlafCYsOkUTueZwJWg10Sg8fn0URQdzFi5gf\/QXZQO6ykhfm8a5Zr2+yBt68dnry5zhANveVge4e8snv2G\/EjNXJKG6Jyq2Wd1UiHDsng78dU6PMilPEvqoDuVAeleo92UeM\/LYmvYaEQWibrlo50VzyM0Qv2OE8uBtE0321S2ppuHo\/ubVRja900u6Tdl87fZa+TqILwJoqVX3KxUJszQP\/m4sTr7SSAg4d30fbCCPgGuhd5vecogxfB3YV8fE8VleuNDGZEznGuTG3MEvmD8\/iDQCIxdLNqMLq4OHJR5K0P4db2PcHy\/HGrvnaBUxSsUFpFbt7dov\/pgLFhL9QjjASYLcFmP9aDGJ4WvT1nHm+247V70NABa4wQtolKRPLihtpaTI978PvhAx7OA\/FDrMALGCkkd0Ckzcuf5\/RdiusGznuJWz6dbRFAvYuAY6z+uTeSY3eMIQi5VhMcXXLlIqpnkVl9ay3z8cpya5MO76mkRAtNLAnc4uy4dq4IdWYKxFDEs514DLZLoll455nZesjVL6SKL9qMReSCKhO\/op5kVDv+GxSpbs9KycUr8HjhlDhtOqnPPf31XxGL0FX0honv9o2mTwKGu95c="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434590003,"flow_dst_last_pkt_time":1603816434688708,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434688708,"pkt":"PKn0qB\/spJGxgjQ5ht1gAY5iACMRNCABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVGLOwAj7QnAAAAAAAAINUX0m0oVmLXKOtq6\/wAAHf8AABs="} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434693386,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434693386,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApABAAEAR2hTAqAGAA3nyNu1wEVEE7JhqzAoKCgoI7mu7hqnhXwQAAETShPHzPPAkQK2NEhJGnleHaiN0ie5qTdnm464jrXCgs4dpEiXNx\/PGBx7TOLjXnxLSumidbRKwVj0cRR128B6iHNMflXwQht2t8Y44LmwMqcGdFgLa+9ZMaGseDnBaSdSq\/BTPBASRNPP5ViOFASdiCzWBBZ9WWzIm4Zq1cmr1m+3KYiXPZ4DYcjOiBC+RnrFuinz0kYMk86K9x6ewtyvVVkz06rH\/0pP52NDoXW\/b\/MQkNjC8KUi9qGQJPKOuv\/DmccHaQsbHCmJiyo\/0QNZTrabAtHI7akrTZimPvxnGDDh3iKeWTI0Rt9dVSQExok8KND6xq3GcpnEKSLoNMV4xJO\/u8Hd3ib0ZTAW90kp9rc7u7p5ChlZkz1hOn6CQxtLF+4Q0C+LoqzxjzQ7yi2OlbBMZIKyzLtWw7xW299MwVnAiFEtj5S1RjtdQdmj6SAPB0h4vvOCMTAjBLrzNUIzUQQ4418YwmRANW+EzePT6mR1Ale6pegThd1LeXLddvoztOKGJo5TEa5MgYMehxhTg2TXP6YXaavnooLGg557tbafcTn3wzp5jbVUwxY9sKGj16QzN8+Fynpug9j5\/9WGOFqWFzcYqmUsX0\/xG2xH8WvkKARD0l\/sk42N9NbTB7Ss95x\/zpvrC7DRs8wzKYSZy+NZzyMWwe4xcTPC8pdC3jzhcEXdF2RnCaPHIghUD9RT4W1CfQ1kNWOulxGvcIr6FHiUeq9MpQR4aV5XkRR5Ltsm0vYQyB2x6O6vPlGQo9UKOc2XAIsuJ\/UbYOmk2NYvlK5HnPtbkhJY\/IiZ7z23icAn3thnf9kKY5ERwFbNb\/un4e9T0EmsPw2t0OaIH16APDL4fOPl6+1VOOMCOqaajX6JJ\/\/VzPWdr3Gs+W1hKm0IJjwEBhbsb4P0Y6VCEvVHsNI7mTVZMkEAua9fwXy2V4utejHZLSRSgMPQJSvLG25D\/bKthcwd1lVPwIPmwpCJB1fyQWm6AhqFghO9Zupebv0zgTmzy1tLUnzVFLEzE4ypNxUpFeb7gzSfiS6a7+MCybpQYls379X4F53iU+GTINzG20LYm+XcA+4YEJemBM6vBH5vOwhicXfh\/S4xBSLLLmN+mSkM6sSSr11u3IsDj4PDyBLrk0cKt+Xez\/nYA53eqNQH8wobiK\/1UcQl+9e0C3Q5AQcsBs2MRhY6nnaLEFqMO55ANIVeq58cAWZ8Kve4BjvDSY3uaBdKWaqONn49IjBfiSMz4x\/Xbh8S6vECtoIhrWF90MTfHWh3iWZB5qXTSIFhe9owOmMU\/Usk6Uy8KzZy7KTlRZYfDqKbq7rcX5VnkanJDx7H6mBhnkfHnaTIQA9b0kFHyqiee8gwXA7SB4zEGStKbfX+Xbd7g69KwswEs89ObtiGhZFpjbWTpwnRcI37GAOjv5pgd2XQz9GL44DG\/Ek00OMz6SwbWFlAmxoWux+qNRG3HPl83lY7zEH0gjFnGpuAsctOGn\/CIgy+CcWiM9zeH26eSXIULjy6o2ia6cosWL5oxm4nSmaOz1jSNsNYx\/IuznZBNLujicdVabLMIwM5jHV5RNtJl7ORe2vMsPayIVVzDvXWDnuN4jRMZKSKWRDE7oTL2N532z74L8ugCqSdHwRCSsBvtnIezk0Djtg=="} -01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816434693386,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434693386,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816434693386,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434693386,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434699019,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434699019,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434699019,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAFhRAAEAR9f7AqAGAEr1U9dUqEVIE7BnSwAoKCgoIQzGFVS1wWEYAAETSpZ4u7UFA8Ku9qqY5kvFyNpSxiT1VV17cPvqBwMv7ghXKw28SABJKpVUQZhos8gZxtncfEnCPtRM8w32S0cMZDs5YJHMDp+qFqUFXljAhASDeFUYMjqqmqK2xXAN3z8w3vQiOdFiUtKcYWIVDP\/7fu1wx3cHjtnddQmoALaCYC2KIbsUH1tUKq7vT\/+BVt77LwCKryVjemBqkvXXluDjghTk40ivSQ8jJyGleEHicaKXla1GVH498NloK14kN7wg0ok7tb2sKhAfFsmt0dyCnuo0IC82\/BgTcTshonNbNn8yhRQBgaJANTlBk2qWY0ux\/DsdHPsovpEqFcqjpqtsKjJ\/5p6SGXORi9dQLphct9xf1v+6F1wTFVWPe3eHdsSOyp\/BwELawr\/f5+1egKWq7+4mbOVH+FCDZRkNVIFyH23guM2L5ae29avq\/lWL8pVDtTjf8abgfWtxqcSisE4YkAeGaq1eE5OG55ZyClHKNDn4L9XZjjbN9CQ1GCe\/OFVXpMI2PfEiWcGmIKeNgYRq4gzlAZODLuPV4QBEq7ZKp+5NVSaLqgSfrcH6xV4wE+0j7r5VEhvr2u6n\/\/bPNSsyoQaXU5+q7Q0w0lQEj77lMwQmrPw8Gljv7480G9NdUwkd\/\/p5S1RtQdUh\/qH46a+7aNhOrRHoFY0Uu4OeMbqyUyS5uevO+F6ddSemZlHL7dBD608g5QoisaEMsylH8q+6GxQ3RHsnKKd6RLtVMJcIb3s7eslhdiZbkyC8WugF1Uqbss8ag8jYafm2G3uWVNTOT2Al+MzrSr8taRs+g5iy1aJrDEMOzdQltsGCgG+PytPM2beF4Lq0IbrxQNCgE5IJ8\/Y9zeDmnJ4YuPZxOPAfYb360+E01gUjgcPnkzGMH3BDGaQWI5R9EypmAunCrFBomcVpqmknXQt3kkvX2OcNmQNIJtzXRbps8SEeNZRyPGf\/u+Vt+vdAKZlK9BUH2ROm9VEktt\/tTi8rHZSmWXH5uaAhoAcd2e3heLdg8ch4sYkqsJ1RM4Bd84Sjoz2WT\/JoF5Jn56aKdYJgDXqR10AhI9yS7PKXqAOUJVXWVnPWUzccZcD251mjyMn\/3GgjEsaksW4aLFNi7f\/QSOqeUIKFWMvnizPSh25WGY5rgFsH51tkf6hz04KlSxRXrJr0LIOYpZWWk4Z9QNd1K7akZKN59RDZMEAAGot\/SFcMVuXXKWbOlkRF3PR6IvnUq9PUtkadRAtAQNhw2A0EhGpp4ig24HdCqTnTlX+RSyn91Y962otVZtd4BhAeT6BQzG7\/NfJ9QU0qM31UlaB1H0R3mj33T6fLRu\/gftOixAPS4oO8hH1yfhcS8101GVhNDngCpOFPDr4rVR5IXS0BzEmSymuwkNKBp\/eXteAUsH19jQgtpJlB\/27Cf644Gbzfhi6gaDA1HPNpmXHxNHTWNp3TatC1i7mgiF\/z3wnwpcgZfu7NgfWsvkOlTH1JrhvlpguHwOE8X6csJxnEP2vFDhgFZ6S\/l6TWUOJpertvpldvGLMawH9EAcvDIDM+HIUbHJDdTMzgDd9oEnVJHFpIlh0JUOzKA7NaFr5ofLRvRbxomK6JpYR2wIpU\/OYM3aMfHBOnsu4q\/k76iU5zYtsHGX5zTrd9syVHbfA=="} -01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434699019,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434699019,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434699019,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434699019,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1603816434674356,"flow_dst_last_pkt_time":1603816434705146,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1603816434705146,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3PkpAAOIRsJYocL88wKgBgBFRtfAAI3\/u0QAAAAAACFIdWLoQ6nMg\/wAAIP8AAB06SjrK"} 00835{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434707537,"flow_src_last_pkt_time":1603816434707537,"flow_dst_last_pkt_time":1603816434707537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434707537,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434707537,"flow_dst_last_pkt_time":1603816434707537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434707537,"pkt":"pJGxgjQ5PKn0qB\/sht1gB7v\/BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUr3wRUgTYXLjHCgoKCgi+3m+0woW7wAAARL68vqjG4rI\/AvdsCirEkqkyqlwlEk0N+rawpRZGeCeIU2ZO32fsIEz3GXMviYe+v0IBqeytpgNCeytK9t+KOjotJ7QVqpveJICd7IlMjO1HSAYVU5lRgXMoT+y5Fi2RUxr4qo\/CS3kZAFjeRFuCIjbZwm3OtOHC+vVlVA\/Vw\/zluUbCb4Z9OC05o\/XWJAPFWPOrEt8\/bTpMWLzNYr6bh2AAai1D3O2xoHVdm8ri3GSO8bUq2pxMjIn3ptNmbrkSU87wQZXGqhVeWh1ZsC0DBFqUluwXb0pMgCqpEO80Nhq5+u4y4i3hGodT0H1FKzVcs3ew3eq9vaguwDBdaKE4exJJv6RCncKSyg4heYydolHckhPW\/oY2HqheA4pFoO8ZtX95wKBFjVm9bJpYTJJY\/z31z+aUhWVmurEfLmnYxlCSy12hLAruC+gNCD8kQ\/MW4jyBAG6d7BTS1znq6T231\/W7l3AXMCvXfMcFqFuj+gmi\/S9kywNWZ1fPa34hHlg7mTIWR7jlUo6tzEfq2oqDEs+5yTslMb5FZJK8ldyYKgyBcGRm4I\/ToW88j5u17EMJLsfUqwGMs8bmd2UsI3BzwJywAmNYdLVpOCfPHEMiC8WRAAlJ3Q+5SLhd9OVFXGtu7O6XRhOsbmI08WdrJBm5J9ucdgzWkbl3i\/2eDZiYxTYiiBKrxh1bpbDEXg0VTkBcE5jASPmJB6nxZm61WNxz7BBfHP5VadrI26UgUPsDMVwEUXD\/xbFcS2J1PJleFnNI2j+1DmMCTg5N9ExM1u3\/T+Y0uyk6l54KxtzqSgjBsg\/XhFcM\/ODubgSuXCIsXFgZYQWzYGSVjfGtlg9HMWTHqZ2juNRwZqE5L2Y1hMws3fsY1ili8zQQG6pzQd9m5PP\/4DGWVRfKxQ1ZOXjzlNFvAo1T8tuTM\/f+7uMOnSwbTJyF4JRbDwJLDbu2BiW4DyD++iUHI1TX2h0xwwlOfDtDU\/XKqzZV94CRnghKvgLSuVmReTC4nhbhAh1QzzHb4eVcBbud+vGs+t+FDW0s9Oe\/hnHEEnZnUGinZBTzGSWQRNGZp3cg0jUT4QPjdPy8XyC\/POLdeCDrPUB9mDaW3W7rOPVTXvP4IQV+x5zM0ESasNezQs+QGprgL1EDIBS8hvpGgXPlFZ33Fo7w2YppnMED08hMlvAS6uJ4t8YNFbTXcL5HnggJFHBH27Bm3yvE8hbfH6SwVufZ8xM+Tw3qfg4V3lxg8P8AwO4P99Fk6O5149Oq6tAEtMX+WnBYLaxWrBiKCCuc5plEPAU9\/ZoPaf8l47lpmb56KdTriyN73TanAKwfbP6jIuj4uNIxQka2RGbqyo\/uLCe+FVRjf9R6E7hPl6i9FsmDl51lDdfvDGWrftns8EcWHuJT1pCO7UIHJob2JLCsxavgPAwXAF3a5o1+uVFCKwWrw3snRqgYx5CEEXaScXy50PTK\/knIkowD2tWEjgiJ8xxxjFamG8tuawm7Urqq2+BqDf1V3I5W+o4QxOSaFEJ\/SP7Wg3EEs5WP\/+ds9hapCjPQlUIlkyNKi8R+ri6pcpgmc2WXtbdLyKWIrR+mhOTL4VpBkPN\/EhoXvYOWO65B7Ac2ZRH43fZmgo68Sg=="} @@ -229,7 +229,7 @@ 01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434601769,"flow_src_last_pkt_time":1603816434752617,"flow_dst_last_pkt_time":1603816434601769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434752617,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816434756670,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434756670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434756670,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434756670,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAOvlAAEARQxzAqAGAA3nyNtCaEVIE7JFKxgoKCgoILW5Ke\/Z2fngAAETSF+9lWl21JTgtfVHZ5XMFAV5iwNh8QJikNlPYLLcL257g14TEszj6j7gT+sZNJ3RW6GlkGKI0cLTiGhA4DZXSY2CRRkQV8aus3zX9x+wV2RPvN+4eYITQBIblhzLx6SrfCRaIuMd\/dIvuprgHzspSsGPsDVaFWE5RHWm8PvIf\/7WDS2AteLmXnCclnhwiNiESFMU\/JfLfx1BGNZvT2HLZlWqxE\/QH\/8leGOFh4OQdOMgDcrWH2aq0ZIEKOcT+22+SBNS+RXSivQkzWAWGACCn3yDlD4LrYX0EufA2pWqvz0bhI1bD1bMjQNQXTpb0IRYB\/IP9pUSfcl09eg\/8nkbY+WxJsi7\/OumDvzxFqxy1vKTBHoCkKcZU6KzCeDnpcN4UpeF\/P9Su7Hbnq6Oiu4kYT7w5TEYJlfr6hPZSINzK1N08yrm8sF5N1X+BgIp1nZKHO3z9qBo5uTSd7eUgib\/5hEBZVUjZfzcENhMxZ3iQWwxtVBdr1MPVUb\/fAHf\/LyB43r9qDPa9CjQlM9LQ10V7PuMS1mZ\/FoYoEt5+Lt+cJHI5bVFxc5jzohk+GAitdRUtpfiTuEwM1BTukQDiBma4oP3e14IOsjoG1G6JReouNpkBgpuToJ+jAbUrib7kmXzQdUA7kbNqdY9YbE3amA8AbTm+9U8XVMYkeWFdsFBWMWYdsARDe\/wNxFennwMBsN1VI\/Sf2kdpBwmikma9+VOfFyk1+k2sHTPIlSkVm3zjzWfLNM1PgYnwDxsauAlC6hmm0JtKmTtkv+Pn\/\/bRNz47TPwG\/lMWs1GWc\/Duiv2CyU27DrRqkZl9eIkxpCPq+lhf64B8FwAcAY126ezwgYeSIj\/2BPVLzj6uWaHdPFiHkcYmsVRVcNxcn7SbmC6vMu39440UH8ewpx4045LjoYhYGYD9wbNo\/kPCLdYB5lMNkMJTlPPmNe98ODz2WRVDN9gK0zjD8fscveFE1Bpk8Tltq8z87BasUF4e83PNj3KD2dMD7X3GtxvbnR3cIGT3a57NON24InRM\/nwZHwL2bk877r1hTuhvugTQiJQZIW+R7Cd76AgAWAnog5NJv6qFjoKKfxT4AV2tDLzRyjkMMrHebIWYVqs1aklZ5d7wxUYLamAar0CN+WpRkYSzgamBAcwe7BSMa1vimlqjo\/6IlbVmFAty4ZoLhk1JPUo0OTDJGfg7G5ACascLpelBjrrhC8q2UQKF8audmNUZRXmNP+namQx8VwfIgH5YHylOs57ZtHfGy6hvAJo\/Tqvp\/umN87FBHWfLNRT8fGjmReoFRPTt1LBgsiQauA98uLlL\/MhK3zSkvFJb8TpBWg0yrTs+EkEfcIYy\/54O1JGnSBS8+4f\/1DKIa1jmhY4F7hcK\/Y\/Zi33FgbmmvzZ+cspy2SIEhxePsUH3DOdZcJPxMiL9n2teu3XWpEwymkPM3I7Kauv6WrFEPbeyTEqbxV\/7RpTQ21VJA+vSCdBrxnvlGaubOeoQaS4+J\/ugEvRReICuHUPNCmQAnXPbJmcvvOj5p4u5B1t7PBGR3R1kOZNNBIvoThwX9CAlMfPhMMsjct7r8pVUeMkYfmNf8DVqscAvJ5\/vInV2if80iUDSzxy3mS373dztl6IVts0qx7XYaK5V4uL6xfDViQ=="} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816434756670,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434756670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816434756670,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434756670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434756710,"flow_dst_last_pkt_time":1603816434606208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434756710,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbRAAEAR5e\/AqAGAwb4KYsH6AbsE7NgwygoKCgoIc5O0PcfI+J8AAETSgTdR0pp7ROFzny7v80GZO+tdgWE1YYvBBVpTfYCLLZ9LR2R\/NMsrhl9CtsbdCKSqQlM9jeDSd7avtFbwkZgUMsGjQSFGIrauocKoeR\/IYUv\/3yqId1gln9QOjFOA7Vx3pZz\/40HjTDz++wnocf0Q7LKFbnIVVlAkyHprEOHxkx31yKlE1OrKPFXX64LJtMBzJGNe1ikJ4DBZc3CxM4VAmWh6jZ6Xziu1T48Y9Jp1rXJLZkDZluz9DNypT19E9aFE2QAE2YffnA08t2CC0Dav\/nelE7OXLvT3\/abxcTvv6lkWQ7Ws\/OGhflJV6pbd8DOAJlm41dw48U7866L\/ZVnZQGhC+qy29Rf0f9z7LTwYqeUnFBlTnrWIJUDejmyBK0xmX71p+M4ZDQYk6ksEN7ys9IhEK+0Ik4NF3m6iw+Y3srEwTIzK7SMuEUaqxHAnsnY0cY7xUBPiPgfPBbiLOeDS23803rHtAW6t+pcVbYzcUhLC5i4Fhsy5HB7swuOTaDalPrb1ks0Osqlmdnwi+VtFXIfWY5hiA\/takn+M6zgv2Z5TIeGz5PwD\/mNhYevqBSzxfqtF6pqWG4u\/KRjbRiKsndJKZWqgEurVo18heo2c6BuDo0f63l9uVIrESW645Q3fwcjj5n0WWKE8\/gOmB1q+Qfeb5YwzG2mkb0uuRf1dVhHaEpflcJ4\/TP64ezBPm2PEqdUJ98ani+HAdCRefhilKHlZCp8FaM0g6fLSIWNKgyXd08cPKg3kQr1QKPyCDeevRCjLROEYKMQBfMcVsYelRUae3sfcDjOm3duGl9ZwBYRTuhqBGmO8BgPbJTCOUP3SnFPjNHZReb65nPAq5CmaErExRB3aqj2X70FK4POxZDcdB2SCLeNQjD0gAdoPMDjy6TU8QbOW6emahG\/pm2XLGB82paRNLQ1UrajFFljlEad6px4jnFkmQswkS1ZCAcPuyjYtBQOoVyU6Jn8IET5bSZAQYtSzhJcRSsotN89chVt8BOmx9WoAiAY6LsHVmGCH8fyiVJ8R96liGv\/mCcZB6Oi41IwhqNraSx\/YHNb8PDeqgVZnzU7HOxgMto9BkhGXVAa\/MDhpy7ONbZFtXLugZH\/GeA4uKx4T\/QjSGOy8\/I8tKHhy1ciKQVx\/4efbfMnze1\/7wiD29p7nKFEe8jhCs0tUTtvbs5svZDkGpMLh\/X4M8hVxSKoXJ4GInFSKgl6TdVamGbNzyLxWmQUTAYnTn24BPh82ABwBHi8IX8bKxOnTE9ArtO1ncpBuGK6utDYd+flGgrwW8Kx3EAqCtI+xt3hxI1lVVBS5mqinEpT4rI7UFt6bivyn3w8QLN2BAypCK2nDcT4jrgs2l16Qbqcq5B1aHCyILvPoswAdCLirW7pESSTDoJJLaY3+F0tLUXrHW1QCvM\/i6MkbViFrAX1Wv2DuS4QGedw\/jPkFjn0PVCpFH1LNlSl\/mq7ojJPIzqm4YoISxxdl92D1MuRAOkcGfHDjHzu2gXU4R2SOjkBJKT78Z0m14Jd3agw7f8zNErlWf3mQN\/cPgefBr3GQB\/5hkj9h7mtqO0XsqbQtHpUzt2Y\/IzySgy2h3inpKHrAmHMy7nBwaqDcL8noSXoChoeTFZAF+yuWHR0EPcyX\/dJQEW5Avw=="} 01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434606208,"flow_src_last_pkt_time":1603816434756710,"flow_dst_last_pkt_time":1603816434606208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434756710,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00843{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434764038,"flow_src_last_pkt_time":1603816434764038,"flow_dst_last_pkt_time":1603816434764038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434764038,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -258,7 +258,7 @@ 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434782784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1603816434782784,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA\/AABAABwRNNQSvVT1wKgBgAG7iFcAK9mxgAAAAAAACPLo65bqtzD4+s6wDvrOsAH6zrAC\/wAAHf8AABs="} 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434784280,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434784280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434784280,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434784280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434784280,"pkt":"pJGxgjQ5PKn0qB\/sht1gCAvlBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrrj0RUgTYFNnOCgoKCgghNSPe1nPIHwAARL5EcEFiriZrD+ET8JYIbR9oI0xm+rhrvJqfLILgs8D3Ue0qQNbVhIpNUU0tlgUCj3R+EB0BmYAvw6bLa5fuluEc0rN9r82heJLvapv7VUF9l51pFcem49jTWjYnj2oS6+waPQZXW+lgdvo6kQGqK89XfdzR1PgUM0aNtvz7T3DIGxshf8Bt0Mg12xV8BKvDf+WpUoRZwtsOWK2raSvEzJiBDtp9+7hN2cxP9JSjYr8Ymo+djN+4mxQxt78BMIwseR0wrK25i\/FCRyQZdy2RkGo1CRXgmyDAvyZwFE4TbrzLF307bQj1syPR3dOu7kPw5RNRQT+t3L+8NYL3mVwzg8kMaSuoFMxCZQvln3VAPeh3OJLvvw5+EMXFzx9zqWLfnKXdAHEumvxqEmlR\/1Fx5dKWAiLy4VEiB68pm8cbRcxMeWpZLJsU99vTYR1NQ7ym2LdsdYmsLFkMBHZj6r8XWpZpYhelGHgVf6dBgfvJoDoveKLzHHW7IQW0Q3CRZrurV397BZfMCs6JGA+7vvWU+gtIQ6+afCAD2BGOodmj\/NZoYjSTSz7UleFuiy\/Vh89Rle0L+paWGt8DSK3GtOoMd1TE8\/cyKXC0DuFP7OI\/tvNCsVqyrqekypnTROZiw\/hHDf4fjDoJUlr9W1Nwoksz+NUOe+agaP03VJPXO6c8eR1g16+4NUIoRiQvQ0PsA7\/u1\/P3EtbO6kdIsAPEzJh9T\/vDsjetpZCO9B\/5U78SmuNIpzUeyMa0pZ3WKYxs\/S8iP30dyOyRmNpGcQ2OhBlF2DpsSjXyEdMu816faZPTNRUFFFKzjtvsO4TkLkupS4QKX8ZqjlbPKIDbq7pJvPq1yQvdi8dyUb+GRdEu83F1kTyqMVj3VhOrCFJc0NwPk0QIQVaRiHCaQM\/M\/CAEON1vbjPSs5TR\/CU4ctB4lWQERooxF86Jf+vt4BRo+E+RBZpGyY9TSyW8BYhtJJUh4WEUdOJYaaV9TsJb\/JsQlajq3H+ad6FKE+sN0lRn0vyD+XLhK8WIG31ajHwqBioHhepDDhLwoYsiq3DO2TeKvxXp\/qbpXpHbmWZzrHqrW57rxAic64eJNK8nbylzcqNgf8E5i4dPbpF2trFKH9Xo28gQRRftLrNFAzIkDO4sN7G\/s0Kd5rqq+U4C+5hUgd+K5TPBViJ0+ZA5X+DO59wdV3YWk6fe3rpcJwZqkWMTHB+M4lLppO\/yNE76E8Kr\/Uqw7z2y9O2Hv+NvCttG9qY2iyEqocZxBUTD+UcJwLZ5GMkOh04nY5cKAEPxYCG+ZT+E6zrOvBnQQZqy8s3d7C7XsImaGAvBZu0AsMYvrJw6+l+x2h42qzLWSCCzqB8YHNMAoyjY5EEPiHDB4aqsw+AvUgp3kmejvZBqsLkmz4XspOgx4+v9KHKqq4bc+dtdIyTgZmNbhwtVFRrJwGMGlIJO3dYTW+eFWTrmyY\/kU+ejjmIORkV0nipRgOem0UmubxMEgQZJeGXrQKTimh1Z9tS70mAbbB\/uGZjC6Urq2uLNfRgZdNhSsyCMoYQw8molzzh2Na0ZIW7YN2Gu\/\/Rf\/n13siixEZmXrzTIF7wcraimRKQ6DvgjgbL2hCWeF8mCngEFXTnoVA=="} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434784280,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434784280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434784280,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434784280,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434784280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434784280,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434792692,"flow_dst_last_pkt_time":1603816434641678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434792692,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7ZAAEAR9yfAqAGAhfLO9KXYAbsE7LC9xgoKCgoI+QsGqtFYjA8AAETSGVf3NpHzKNMNdfh\/V\/noLzrrCJTWCW2izc6gcn2txyrZ3vTYFw9oti5N5Zd0a4DdA1cWLhNby0WoxjcoN3uUL31I6AuWTRtQmld72DVp1nFbW14vxWrhBIu4agIQU6NycrkwLEV1tOoKdYlrthTNMwD3M+k5+y\/jdMVtkD0R0YQR7BZOnM3kTX1bH0f\/eldh4oH8S4GerrQ\/hVn\/PHliyMbE95mBKeNH\/XBKjPaVH4SE5iyuZ4o0cAJX6zKU4lajsV6QVuEgsemLtfWCChsdFvaI+RSAzByJ2Y7eGCh7v+Gh4DXflSFSrZUSBAmTZoA0Zou6ukZtsJNjsWY68k6WygqpiwhMQJreLyjeXVzk7oyGDwHO\/hAvmg6xY5GXfBPf0ls2P2OW7n3w7L66S3D+as25Ka5fB\/1n04+oJmaw3ADdYqeBwRa3iSrQ7F7kK3NaNAJNRq2zS4fr\/b+ubURvNfR5staBQwIu\/o7Zb5+LwmaF9rZXHBu2Tz+8wv0lj8mhBUzLNtcfw27CNl1txh1+lvdEzBQ0+1QdwfOwk\/hlq7\/lf8GrfqmLhlEPTaPG7AFa3IPuxLh84mmZwaTAXQbxug33HwUz22AWbGI9PCbve31PjWm1LgNNd+7+kMpoKF52auR5lPAUr8zA5LwEBGR1mQkQ7NprWlORnGh5UWqvkJJHwL2k2IRTag51mGTH5MB1+cfSjVWNAtd\/8JuYCSBC+KNhtmuCXomT7rLvgXGj6o1sphXx4atNA9Dn9q1FcbinWgv+WKWZhnHGGP6dn+mrWu\/7bvpjXjrtDgIw7CyPxH34BjhKbxZ7QcB83XEhpxelpCRa6WUEloOBWGYIeMG0gZJIKjNZe0ll5C9J5n2Eq3sqg9KP3L2k8K+5dmEqspUGb1NUPPi+n6\/iFHU1fhMvh64hs66vVu1aXgLA9dFfJPSu+8U4SVAQ9LQIkLt1yLRcKmzv7K8F\/1wJz\/\/VA0FnXA\/S3tZfKvHD4A\/\/6XZ0e0JKAMn5kSF7uTeS5e5gdjg52fvbQjQd6m1d25cld76mtRwuKWprxy2fwcaEL3Y3Vh5fKfWjC4aclIK\/BmtRNjMNgHLI8jT0sKKwQDoyu6Dl2oMw70Jg67MXwUeukQTS75rXVHrbzUA2pmGH7aReYW35h4TyF+C9spNA\/zEJJt\/SQ8ZE+FX35GC6kc6V2qla+i+Pq5C7DccKCdXqXuLKAqiNDsgQzxhbb58C67FdYeSem4xijEQ544+5VsmSgDw5Bm+f8kn5ITiUXjSnERiDrW8LMlRKSAtIBNf8TTQIdO73pxNtEY6ZK+aCZSZfuGLY5fcX7OoNql4qaH5tgUcAKTmfbm2Rny2woTB6j6YC1lH0CTq+8yvsMUtLcbQZpIVgD2w91k\/DHu\/rqh55qa43XObRLAN1Cas7QHa1faPFa7Kyh\/Dx\/uu2xJFLfWHVfeKsvw4nX\/4k2v0Isffs\/nVZE\/mcAdyEmoN0MJ38PQMKNvx6iNUa45euWiJAQh0n\/9FPVkaW3p\/pu55m0RYAv15pyglEYDeOzb9cgqoBOBFbL5F17NfFlR1TUtETcnCdxPpozDGGzr8327bzSnjwgFfcwdPtJKYxjWOqhjxgehtiPwt9WJP1lnTBRJMRI29aK4qFwi9tCw=="} 01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434641678,"flow_src_last_pkt_time":1603816434792692,"flow_dst_last_pkt_time":1603816434641678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434792692,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434794660,"flow_dst_last_pkt_time":1603816434643533,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434794660,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVgBAAEARrFHAqAGAR8opqcRxEVIE7DJpzAoKCgoIvbmHXcmpQ\/MAAETSE2e30YHkAX2XVfEpCGfOjyF840fDKozk89FYV10qOipSbcKfBwadYKaP2PDi2A7GqANLJXLXd1Ra2Q\/d2lyOKDnoc8x8gM9WzcPPQTUPx43cTsdSrSCDxUnpnuaj6yGd2N3XRIkY0gYWRPuFX7h\/fh1NFO2iAOlIL6UUnbjkaQBPj5+DK9Tkt1jAUKuz5C\/VX5NyeiPZztoZxmFEUkRFMohO0yR1d9jvsEZjpJxu1T2xxVadymVUvn+nPUj7gyxMFoi5gdzyUkI6qww5VGYT9o89cKQc7vz3RQ1j5HNSltr8teBgazRyqIezFwRxXQZzC0mfyCRRks8zmpYilpgAUrd6iKSrwI8xpH1mLLYEiIEokh7Nku+MJsQdaeXhqFHBdzmvpP2d5lWx83GgFuE+Dkn\/A4rNg8OLbx8Hd749+SlXxx2p\/3FSVDsm0u8FwDQ0TGJxo01kEWYz07BfKbG+vmnmpdKMZ0c+mcf5\/mMTkSlmCtsSWEbhtyGBpHj6Gp3P\/PHHW6qpxotr0bYpBtsptMaDfY0LOv36qEIsdtyoyFrcuYBfxE2rbRJIu0Oe5vS9+mDEauvlYu+hTOBWRYf3GYbB3IuMocvdH3ge3fFDDBDMar6Z4AzQD3wB4++BlRSMJ4Op1PtaLNuhvgHr+zWIE03DBlRJ+VplDnanX09JNXhTwH3H+AjPz1EvGjgEK6+YfNJQaFV7U9mDD9Ruthi3HVvk8\/fOat3XDJUwyHcciWPLz4ceNf3L7rSem0SlSz\/9sPlFDV+6MnWDTjz2MgYr10nBv91OfLa6dUBNOUc77cMVlTY946uEOebqDqBU6HTwpDrQQPOhfekx\/cwyHgX1SPiQ2jm0cco9gMyY\/biNH5Ae0kYwjthPOjVJSM3sD8k6twZNkrRaDgELJdCga8uI83ZLsJc3njlrx+9GoCKhJeSUcJrXmCVv5wqbYrzBtzlNPONszxo+vENua67+NrZXgrgkQf3D5vueityfehPXawW3uctYARfHo8es3+9km4o77SaJb+CNNegl3uhaafpl6DgQ+IXvsGebd9bGzfvvtGEjqvC8yYEyCoMopVY8b6KF028XUOHjcIIrxB9oRWGWX1t6qcAtpr5\/re1at\/9am5lVA7Gd9Xl3d+sVGUgFor51U\/E91\/+E5M5Qa008RYdjk8bxHdEi5qflOIKkQWLgH2ptDuy4K34mY60YaJX9MzZJHqAGBiOJyz2vC72RgiQqDDvCwlaJzHF+wCxLSno3fJNj+SzLPPJvdkMYQcGDVNBzW9gLntYHCPYZmwYktaxLJE5kbFfSUHtFwGEgRhMzIViDRf0rfOdiTfn8q1XUwHnBs2i86bgzg+ASxD5k9QGSx0i6DQMqkcfTxkRGAof6BOxVRYc9567BYEdhO\/\/6PdEmvCY3IgYkogHWhz0bGjMlwbJhFZn0\/rOkfEZRLdzHN3yIdh4NhKhCdUPWLn5T0v7ILIVw+5EDKoGAZZ6+44v3WJA9M5YTPJa8YeOn2nx3N3YEQRsjiBBWJmbxBrqvM2C\/FaZgvmTqe758ClWLW0UAseHM27RoZnUVhDYxYjRpjAi\/X3AjK7Y7RKIDkLHbl2y5Bqku+ZBD8\/fxJnSy0Fo82DtOYzY3K0yqjhL16Ji16juysw=="} @@ -276,11 +276,11 @@ 01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434664905,"flow_src_last_pkt_time":1603816434815809,"flow_dst_last_pkt_time":1603816434664905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434815809,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434818859,"flow_src_last_pkt_time":1603816434818859,"flow_dst_last_pkt_time":1603816434818859,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434818859,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434818859,"flow_dst_last_pkt_time":1603816434818859,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434818859,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAOvYAABwBN+0SvVT1wKgBgAMDupoAAAAARQAFABYUQAAeERf\/wKgBgBK9VPXVKhFSBOwZ0sAKCgoKCEMxhVUtcFhGAABE0qWeLu1BQPCrvaqmOZLxcjaUsYk9VVde3D76gcDL+4IVysNvEgASSqVVEGYaLPIGcbZ3HxJwj7UTPMN9ktHDGQ7OWCRzA6fqhalBV5YwIQEg3hVGDI6qpqitsVwDd8\/MN70IjnRYlLSnGFiFQz\/+37tcMd3B47Z3XUJqAC2gmAtiiG7FB9bVCqu70\/\/gVbe+y8Aiq8lY3pgapL115bg44IU5ONIr0kPIychpXhB4nGil5WtRlR+PfDZaCteJDe8INKJO7W9rCoQHxbJrdHcgp7qNCAvNvwYE3E7IaJzWzZ\/MoUUAYGiQDU5QZNqlmNLsfw7HRz7KL6RKhXKo6arbCoyf+aekhlzkYvXUC6YXLfcX9b\/uhdcExVVj3t3h3bEjsqfwcBC2sK\/3+ftXoClqu\/uJmzlR\/hQg2UZDVSBch9t4LjNi+WntvWr6v5Vi\/KVQ7U43\/Gm4H1rcanEorBOGJAHhmqtXhOThueWcgpRyjQ5+C\/V2Y42zfQkNRgnvzhVV6TCNj3xIlnBpiCnjYGEauIM5QGTgy7j1eEARKu2SqfuTVUmi6oEn63B+sVeMBPtI+6+VRIb69rup\/\/2zzUrMqEGl1Ofqu0NMNJUBI++5TMEJqz8PBpY7++PNBvTXVMJHf\/6eUtUbUHVIf6h+Omvu2jYTq0R6BWM="} -01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434818859,"flow_src_last_pkt_time":1603816434818859,"flow_dst_last_pkt_time":1603816434818859,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434818859,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":7.556211}} +01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434818859,"flow_src_last_pkt_time":1603816434818859,"flow_dst_last_pkt_time":1603816434818859,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434818859,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":7.556211}} 02229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434820874,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434820874,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCNAAEARDmLAqAGAjOM0XK5LEVEE7GREwQoKCgoIlk3\/sw8\/b8wAAETS7HTMpNcxINQW3ZN+iCGS1z1IAElwdp\/JkpB1113BzMoCCRTe4FQcqzRNlPfFUuL337y9c\/m0xOQ2BSNabPaJGHp30QAKNdTWLRiE0u0lhDN37WkJ3a18g080qiPj3NOKBzBb6Q2R2eP+Tu5VAgK0JBnSSQxscnBGZYx8erjfdk\/KfB+k80tJ23vgNCBrw5\/QJHyIKFr6T5gcmaoduB6MP68CbMsVTh+UudjvNuCb47BBuKD37H0qZ3vrzszhEdCnaBPaTgDC+BRg\/7zjd8y+\/IMXoc4lcJ6yCEUNd5PMsCArc8JfRjxmtTjKsNnWLKbOCz7De91KYHmwGYzaF+m0hYb600XnI1+GfBH+Yt7Rmih6ZJFb61s4n\/p947s86kVOIDjkRzXFc5rj\/5TsZlNwMgHK1trFOYKfIQD\/nGNPAy3b1yszE1t6bon4A+5+sfdvgO3Pb0vQv7a2RjiEoNWsOgLHHYRaOns5wLvhGDh7p2oiwYoA0dOQULiPA3oPFIYn3l5BexqjNtcP9rDwal7aPEC5NULq7Zmi8SqPrNQKrHxduW\/ejURdhLL6oGYtylwTjf6fFdLzV74euKvQMJtzqOmUVsGs7ytHwIW0zUSVdcXZXNdfHTIBhQmt1LEXywwM9sEku5ONFT5vw3iqnJaeuQ3Z9RVWM6JVZBIIyhtRHSHLMWoMYyVHbzNHU6KHtgRqx4XiFpODAS4ZKLu+YaxH\/jgJPdH9GCKqWFOo09L\/MFa9JOyzZTBHgPL9\/n6dV\/AjYlz2WHUbgl4B47TvtoGesKFiqCifWwa9T\/QAs6VqSsxDxakmj9BwRcyJY9Fh+S0GJgfOD3vdFv7r+qe3nnZPXIMdHvVuagTE0AYBONNrKgYdX4Ky4qhLEEd5cE9ERtsD2WvjOGP2X1nIyl6Z5fwtC4lFzD4HiYxcWYOwEoRb4XOLMLjHU1VRqf56Q7VOoNVljrqpfUTD3\/kymwOaOw9lLI9P78KYSDd0ItN84RFi9m1ZATEA4B8xDEQ0xgm7gZL75Bj+DcL6tIj3M5q5t+D3grLTkPWXTTA36Ac5nJ553GrmMeyNqRY+oz7\/jmpae2pHhn5y5a\/JNHh99ySrjiURwgTDidnXFv\/avhfUTEIKYf9vmF1mBR2BjGIWblU\/xSsHPpQooMBCE1pv+edhptbedN01raww3dKDhm8PKg0\/39zcyjrIDUoGuCyt7fcWYxL1rSfHDWFvTo3rOPuLREGMhWKH0rTw1rfsvP7pj9wRWFuq+5bjg1YEYzOa+4ow\/G36iMyOEYXSETkFxk1k9PKRQcdv+hmZ7Yysh6jGqSQYubSckYOn7rzqjXzTbZJ4cVerQWc6vzgu\/f8kKoOJaHeHCNS3S8Ih7LoFy\/3HhVH9BOwbPs1b8AjTnrabB9wJd2L4xt25UkVcDS6dONKmrmw3h\/i2PdMTiY3wE4W1wVKTbunysVPKp2ppBpsra6Hdm1iIJV6HfCSSXwO8AyqeAGhx5QFqNqN2LYiejuoyXFW2FmijSjtLOK+Ec8dkYkpgamnxA4iCyf\/yyvNIxQuF3Qi\/hZNj\/3Ane7tlBEi6cG9xsu3lWfzaAh0Qz\/MZBLCWHCiMGpcbinSxoJxeieJR4hwsH6aIGBBARlcM87JIeY9evAugxQ=="} 01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670588,"flow_src_last_pkt_time":1603816434820874,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434820874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434821128,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434821128,"pkt":"pJGxgjQ5PKn0qB\/sht1gDnzNBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYf3DECgoKCgiO5tu+VRPaUgAARL4uI1WmPGK3DVcwUtE9UzI\/fGSOKvWUIfYmoO3D6w75gyG6cAgBjzUk1WiaTNGr26SzX\/zj3x5ZOIMX2zmIddjoIJovY\/VksJrC3pfUCteiUGgedji71vrrn0fRMQEFiIkPaa+o8LGRwzZKy8VL3G9cV5Q0+xLvukUHxPfTXr+qeeoAkO2JrC0axiSb2dt+XmaJ0v8nr3ud+va3668mZsfa5EeFafHaj8m49xF7nuzVpSiWax1aZSZzIz6eskzoc+1ob4msOELhchJT5jSTUaY4j8tszC8K1inc5HuVJQLo8TDvFonmdmM0XKQKaWAqfBpL0CUAHrxZaa7bFxHWCI+KCUFVNkIiEsJLT7NG1KiOxkI4gvAPMqLHQoSqFHaylCrhyi1kFotT2StbIZXec2UmPZu2coK0kaliS7gU+LJp4Q8aOd\/VQfT+XwTsJ91oSb1hOc3RVgo0quwGh5ZyNdKZAdfV8mq\/WMkDj4BcFPubTYXGgusxS\/MyTqzT1EFGuLIWfyAbYZyodoA4VbTOGXJwfjifkHUQ+UF72jq+Pt7WCCIYrTBJQnTBEUt2MXfl7vDq69U1d9nIXWmxmxitkWebhf3a424eVpSg7vx40Hu84MnwnUTI47yC+ao94ZGXsWQUy81CB15Bxl9YeNY2dJgyiP+5AD9Mhxzqup58xGvvgfzwiN+8b9hNWQCIXG3bcsVJVlFTJ+jyJ9stfjENb7psSrJSchNgxcdmCDy8kzTYUD7r2Kyu23la\/A94iZaAc3a3efSo5IpoqV3d1rp5ZAXMrr7FuDpbBbwpjWOv21FHy9XJpndYMkbIqf\/7foTiABMd4OD5ZERwg0xFUm2\/h9OWCHJH83WAL\/V5NLmuNQVhvxqDt4v9kRbwpq1I6YlY65WMno6Jktn5XADL\/7yB9qcTbstxiHDTP9HA52vwZywCZsUeMNyVpwbs6++IutqZF2u1m5rA1TU892YkmC4kF\/6hNawh4kh9uCP\/dmrEgG3fl\/J1TK58qG0QytYAfCJ0cQ5JLCxfl\/NL8mZSVRO1SYiuLHK3ygtYTMGI6vHbmzBIw7efY9+H20\/n9OdFhPZypP\/u3dYpp4p\/C2O0s6ViK29wOFT+K2UH57w75L7qCQIQY8Jmg4QscecIv0AWmnfsG6wos8x03+j\/JR8bgGEsH1SV8kBWJgmpv\/L4R9h36Dkk7I7wbtNl01psL0lyiPNL+Ovmtqzx+\/3Q62hpJ76z0PUEL8rN8W\/mbea\/y56YejegoW0NiHWhNlluWfwxxnN42q0YVuXvbq45KHAswsaiAvSLHS1\/Hfet1IEJQbT92EAZjtTIJs1ukk6S8C7JBdY2mP1nien9nfYAxxwA\/H5mWvSq0j8RX\/AxShyK\/7L5A8yyjy03hGEmr9rECJ4SlYdMS5IlK68iFiJ4CMvIJ+6AyWXezGevi+5ey4ofkQCxFpY1W0uO7lu7+1aV90Ifn3KxnAwNm6+ry4yHqk6IaT4+FTyUTD70bZ5KtnE5J0z9NnVQAnXfMQNLWwACkQ3k4t1jyk2PI9+I4B+PL+e\/IT7Vzp7naSY2nO4exFruJXfEn4uVZmLymCx9K0eX21XvezrLYl21gesFXXXoMBP7pIhtLQ=="} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816434821128,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434821128,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816434821128,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434821128,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434822027,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434822027,"pkt":"PKn0qB\/spJGxgjQ5ht1gCEs0ACMR8CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9EVKuPQAj8mT+AAAAAAAIITUj3tZzyB\/\/AAAd\/wAAHP8AABs="} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434822056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"thread_ts_usec":1603816434822056,"pkt":"PKn0qB\/spJGxgjQ5ht1gAGSQADsRMCYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVGV+gA7uJfFAAAAAAAIQysxrQYDr8z\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMDpa+to="} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434822065,"flow_src_last_pkt_time":1603816434822065,"flow_dst_last_pkt_time":1603816434822065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434822065,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -314,7 +314,7 @@ 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434764038,"flow_dst_last_pkt_time":1603816434897001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434897001,"pkt":"PKn0qB\/spJGxgjQ5ht1gCwDeACMRMCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9EVHPlAAjX2HlAAAAAAAIQNHw6Rif2eH\/AAAd\/wAAGxoqOko="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1603816434871914,"flow_dst_last_pkt_time":1603816434904480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1603816434904480,"pkt":"PKn0qB\/spJGxgjQ5CABFAABHK1BAAGER5T6KW7yTwKgBgAG7nCcAMyiZ0gAAAAAACIcn2n\/RE+TiKroKmv8AAB\/\/AAAe\/wAAHf8AABz\/AAAbq80AAA=="} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434907412,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434907412,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA3mhAAEARn6zAqAGAA3nyNtCaEVIE7LaHzAoKCgoILW5Ke\/Z2fngAAETSHQTvnm0+9G1vb7BTEjZzskpzXjbpMrcHz0gPS5pzKBYihh0yQ0Sr1aV8k1o9rg6bOM\/GpzJjqER59i6aQJR65ImkCASlPNdKtEWudFUztJywRXJE0WMjx9vUk4XIDwannGz\/R5a2FTHyP0XTKvbAVKMqMB4I\/qqBFkjMC2huv7iGseMisHhGIvF9Y+glr4s1RnC1mBi+\/XPl87M7D5tgOS94AzsPh1UJInHt4tJL26Yz1d\/vwI5skVC2n\/1aowM5QId7E46DpTrGvFp9aCRfUESeicaIcFeSm3PrEN5ceYoafIYuqgYrvNLc+Yylsk\/yXvSiqy\/+zlTj2oKqOosPDwBqCmPm8vcMLoeN+v1W2ey8vVW5uMCUQufA8GB72HGV+2RT\/5vpz9qMaGq1HG76TMH8sBtth9W4AyPZ9iDMsFq6Eok54g0oUNvCiUylUAXizON3uBPLzjBVmJ\/C+2N7SmKTgUQRCeWphfZJlS4SKtCt0X3BauSbAIVcCj7MA+Yino5fMkxB0BMuPUxM7HQNbXJipLfEL4yQ3RRmqMbDqysPzzAJbuPOAFiBgqHLtzzo66UOAd6gEB7Py3DKhg76GgZYwqmZ8QC9h\/apIwLb1\/G6\/unmmq6kwAbrG3nN+gB9qQBpXSYJ26xeICrDLsOlzCZC1sB12XV05F763GPMHE2ZBFUDMrRzf1i0gViqOOuLWOG4VBPUAywK+h6mxta1MCe991YI3W7\/QeZ6AYIPo64W46ERtNoDZ5sOCRANdJ9zbQKKPxqhsH0N9OKKv3sTcSqimfwKTFMwuvnvH8dA+8CYqWk96ept9Bm7sqEiI3wqjQPD77olpE3nRvxcuyska3uKjRLs2SFTKqX1EzSuEOnwKJlX7ZuJxXk3OgociwN14vjMaNsE9uKQS9t3aLjk3q4sIq4AbSG9Y9h2vXVluTy7JswBTKlq4BfIhRlaY62Yy4QGtgGG75As7Wgdiv+hDmTUS+Ps6g4TCgl8phZw15L4FMY10rxpligHZI\/HjNnqcA4DaHo5+Tp7tX2hJmIZYOcivluexsro6Au7pMQ2n9HVR43rUZsjptw3UqQpCb2OWy4ZINNhAbgAwuaNPgYOzo7sYlyz97Tv3Wd2ttgTqNcPHqAwC7\/4YXtVPV\/YeLVt4w36xXmrwOzwatdcjFs8DuvI9hS6Xw4D9O0bV0DGBNCx1vrxtU8s8H0aEXgq4z+ZVAl2Q56i0ZJwzmdas7FoJCcN93cqdf6+P4xiOkFF8vgoVea3wu4xpylz6K9WVoY3cIZKqSa1klefZWmJJv3Ogtx6YIBESUWuXZeqPzng5GIWVHT69u3r9mA5+YwzBSVrT2vZx4Vydsy7kD4F9eUjgMyOn\/0WDplhSWEo3eEhfgi7NLlyhVp15dUW4g3RhQnRFfHjMJUfBdCNkHH550qSh8jMDE4kthZCIlG9zNTOQM0KDGNaRK84wtxEdxwqNtAICWTjACLWKANvCp+mzri1uWE+vxZY\/vj\/00KNTI6\/rk8ZgLhqYDIv+U4iG8FKYaF0SEzuwdSMMKP2iDo\/xuIOax6m1F3Efq3KByxp4yzQn85xQOQ8jpq\/8LHNvISy3pKDfrujYuy6FBSjRTfrk94N8BQ3p5w4+QWUDOQqCkq5qQHm6w=="} -01236{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816434907412,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434907412,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816434907412,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434907412,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434915890,"flow_dst_last_pkt_time":1603816434765563,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434915890,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAqvFAAEARB5TAqAGAjOM0XOJGEVIE7Nl7zwoKCgoIVNEfWrpr6t8AAETShrfNzo+9qnp+G1BNr+NPqmFaUkM\/h55Ql4tGCbbsST4ZsCOJH3iZ7JYO3P49peChePaLXVKdLK0YYrWQg8t7GmhaxB2CD0+epzIPZ66VD7rwq7OnkuE0fTw+H+5DGN6C4OOaKSyCoq+NFx3IU1x8euebBttPq2OSGkdu\/7D4j4Twv1xRu+oxQ8ZrSg\/kIQ2o7Lek57FPo3RdQMWtxO4D50KI6aMOX\/4vQJ0YhEvEZTDLL7P0zEYBS3FkfG5BRMnNM8OS2xFuAGNP8egA0odaLPbu7hnKK6dqMsWCHXaL4z1ts4rvHfV0qtZtYuT6HVeSDg+CFgq5ceN4wJte46d7MKuBURz7EzbVM2nIWikcCm+z5g\/TKbq+4EUu0UPWCrnCi2R0y4zlSgA8otElFMwv4eRVPM5DIi+4mgq4QZXLRxSncdM+e8i1FKdabyKf\/fgPnNPiqktWD2i\/Ytn6hwb0PT829KyNV8w8qQuINiVRNK8v6z4uDo1gpRHQGoEWEPzQmF66aZKhJUDALz0aLvuNs6E5DxkA7evDnMKx23ZgpplW0LpXvfZBf6sTpkqYA5bTCnoN77HxsbMVqIiyOi7BUt81Gm3oiul4eLOGeaupfnDtOFEmieChpFRV7QqpHR1gtfSZKcjqWsbj6yWSBfhj2IsVhoJ71A5dF9pMnHo7jzgI0QSId4q\/oBYeRhid4bbmPnOC8PfYUnLIeUTOc93iRQWwFW46ErsHgYcXsi8Kn65IE59H4qd2EfKOfDVq2FLXmwJm7OvBihgIS+X7vExDef2swcqSsItTKC2AEzOO48HPyOwQptpPwgdGzJZs10c50pg+LjPS4cC2KJBhPCVxFp+H1hQ12K7OIw6JRpTBgkRJyc5I2q\/VVKCZMXHjaqpVvycgRI08WMg+udiVEO6h+zKcZyNwJWwzUereDujzJy4kiGd5Q9nfNls85HhBiVfiWtWQA2IPq7ByLuONs6slYcfWmUoR5FOT4bTXkFSaONzDzhyg4gHbKvl7ndeHBoZA0iJ9K+n3W+hXA6WXw6uxieTqhbMdOQWxtLpMj4kyapDXQK7oZhuWyn1DF42N3y8jGmDuPxu2ETw5a49l2G37BVIw3scgJ0nddPhrj0zP7oEo+ekUENWF4pWlUP5Vx2CoiUpES577jZtdF+tdrAOeLVZkjD8eutborUoKEL\/vOt4yhj3o57GKGA9\/ybf5hbjojtdUNQqxQG55Acf5EMCz988WMxUNz8xCYM03n2C3QkOCdeodEEdHE\/QuIGQTlKt3nx1a7RfKBqe+h2OsJeSBzTqY3F35YiHnZvMCL1V70Hvo3moBF54RZwYiX0MROTBa8aTc+Fxl9EMhE+Pl\/rompnMpyNpDSyVm4UHe62Qx+QRaDkwtDoMxO+P64lmUE4zOarR\/nNH5j1TlIuE0TIjB8RiMvS7syyMZMp0+\/XnqsjuP5dy6Jm3KaUwMqJ8F3AWAoZvvcHPgwyOZoalFKfDP\/GAH5cw+fi21jidpbIXLmrk6IfSGScy3yq15JRb+cF3rRexx4pxdq9Hf2YRvE7vSiJocrJzQsagheeOZEsExtdqpMmUp8kXzR8YYYVfrEAPxvjiuO6w91xT5BhuCWvCmY8AlF06a8Pc+PpRpMSQ8Pd\/Wkw=="} 01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434765563,"flow_src_last_pkt_time":1603816434915890,"flow_dst_last_pkt_time":1603816434765563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434915890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434916407,"flow_dst_last_pkt_time":1603816434766398,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434916407,"pkt":"PKn0qB\/spJGxgjQ5ht1gCcrWBNg6NCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9AQREMwAAAABgCNHwBNgRNSABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYQzDKCgoKCgjBjvWe+MPFRAAARL4g348kA8mQBcAOi\/Ea5lVgGbx\/7eo9z03nW8pQoHBEiVFxap\/J7yF0T4ETOiXRrEVFzfKu4cp9\/aIHD8VuqdmnRI7ZUzH6nHP6t6XgWjPLu9gwncGiNpy\/62Nk4XPzeji4OQEhiV2wvPwilhPjz1Iw8tA6gxIE\/FJ4VwrM+jhjDDGeJX9BSVBF51kNOZwIfVwErkoa\/qCvtHlDAlGsd67naWgwRHPQ1nkSJwo+9sQMQloIehnYy66qr7McaNefwAbFS5vujjFD0bYEmGDHKA\/F\/y+3qGlJupB5YPSp8wB7Am1v5JD+D\/bG5B5luaL\/5MF\/tQnBG2dxtea8LZG5G\/eV6LyP9L4ooo4IJyvTlEaQ\/ZOeKwlHxchtWnc9B1fL75AWTflk927t027mF4gEUpMwkx4RQMESzJeKbiKyR6Kju8+GylIujiTUOWwe8Pt6FKBiAZLgvlK4YR6upjyxAj1yifEMXI9ck\/VO\/Ck0PU3TrRtvDl\/wfNsVtESwzsMNhYfkwDEb9HKwo5a2\/kMDB2oZkX2VNVeOAH0n3s8tB9WLVe8oKkFTUmog+0QRsMIpnLCWQ75LQKoJv6O1XJQVMkvkriwokuRy8CCP4EpIlVSvXuFArfX\/fbTPCluQ1NH50zOP6ysMQboAYq5P1UCN4zcLGWZaVbF9oa1jAJ6PadCu1EtWpxyNeTUpAe5jtCvh1Ek99dEg6bQ+j6gvn\/Yz8AhHWVisS\/4VPgx2sHYS2FDc4ug9W6gsAFExY3uSitd7XjxK\/bL1oNU+b0jZOhnX4xE5mnhbxzHNAKXSXB2aWDY3+BQWmASrCC3UyA8\/hE91TFVnfAmnegiopiURKjvi8DWlsXJi98UivPepk1KIUkyuwYljhDbFg+Ju8PdCQIp1RdqDT1rPQsla4QcsyF\/NLkn03\/oiCiTPViBgeLpx5IDNsz\/E5PKe7HtjsCqTGdF3JcVQGRMcs6XuK6eeXR39paD1+Ap5R7y4jtTYGF3ERVJnfLPi0OImMpLV78BBWUIiuk57yx\/ByVw1Vi231q0R5hJu+2UkRPleoRsn22QwOy5Wyt6YCa9Njzu+jmkM5SaTLiDskQIXBb6CNyIxDTqisRatDtzI4tGgpDJJrJLyZRRjwm4IUGl4MEcnCWz9P+nJkKiW91BFFECvItcE6tRgENAP6B07ROBWB4xJBDVhnX0WgQS8bETOrbEby5WFiD92Zha2iJfBanxLrhkMlyxfJQvY++OklEMvIXt3v8l2q3dZWFOn4kyWKCN09iij0w0AEDsYLWJZuX4Wd4BeQXUc0TQSuDLkBeoncn1cOIA9nbBX5JYvyr8xLwXYv1YbXFHRI\/Z6kEVdG+BSe850euHBVqJOat4IdCKJnu6NuFXRzdJnMp9gCv2PvmYfbsW9v5iJpCEm0G5joiY+1mWnVbfZAO5JyrBGv3ibTwQYFw\/SIY85UIif3wl0VVblUQH81ysGAOBc9Qkl\/ZLs9Nmdqg326DSTscTecRmY2x8\/F6T2e\/IU6BMaPO19yi\/FICyG9IeO7SjydAWQ627DK5c9b4kcDg=="} @@ -393,12 +393,12 @@ 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1603816437008990,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816437008990,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA3mtAAEARn6nAqAGAA3nyNtCaEVIE7BjqxAoKCgoILW5Ke\/Z2fngAAETS0wj5TYFweH+dUy5g1DAdjf9oKoUCQXK8bmP8CM\/pmnnKrwDJIaWt2iQRu9e1L0kCprXVSzTdVFH4i27FMskNVsFHCMTbWtlo6EAtCgXkSqHJiyT9o8JYd28EqGzdjJ0bdIywY7UgAxdFy6C1DEor3bVFFMrn5Arl9W07z7CTOag83Z15ArMOSSAE\/6sKvxXjQQc9QZmZnNwPQYNXiABAWyvW16ySZiWt8VQN5eTgk8n4CyfLsQmbBx8CJFsJT7XQuY8h\/bUEANENxCzc9+3d3dQVXVAcNuiV0Tce\/d6OBVMnO9bjuPIjUzWQGiL0ePPqtgy0bcNP9Mqlnrc9g2UatwRJd8g3DxXWDkOrzj6v1+TaeBtrn6NAzz6m45jGolWSOl9oszhqvlOiJxM7+0dxtANGsxJHLWWJz6Xi6O7i2IsHgoM1R8p35stEa0J1II2MvvcBdOBWIEdEvLfuLvdxD2tdSWZAYbABTI4G6BVI\/GrZi+JVOPE7LzdMKXuyAyCIXBegS3ugRBoxk4kVpeyRLAKkx98fEnsCyMOYSf9txBLjdIqHBeL1FKF15WY68SMCZM0ZZpHfHjnErnT2W+s7JDxtX9K96tXdatavL5jyJBjmLqWcfSaefoL0XFlv6xo3YbcLrda9ONNYIY93vGF84EOD2aTRahc22IIuPyQBLpTt5snP9fT1ZfadSSznr2ddd43y6K\/VsUk0bM2WLGAABJLdXxWom89Q3k462jYDfa61TBGWJ9rLvsBCFfwTiY31tCmB6lElAsDEjlOPbqnhvJtqLiy2FYTwNvNZQ83CFR0bSEUhftRgeVv\/OdajOJEmIVXX1ptvA2n0rB+iW\/F3WAgt0GhxVbON\/O40SO+JR2DRqwWtOUaHCa204g6puFFot6Zf05zRSRojZUGTvgmJhMegNaW16KsKWAHVBYiI3SqkWGWPrEhMMB+jQp994uYuZG7ZR0D+EAYwQxydr9UH8EyDlCWYgJ7dc6NhnO\/3nynrvy428ddSxIamAA3VBguRRXvtP7xTCDivn23qW49hHvu0Q5SAUnzShQXVs1I0HEzKPJW7cxBkK9OSZeZOHcjXD9MAB\/\/cufOrt3w1++oRtRf27eggQ3N48FsUEVXno2Zc1KLCSvO7jSdxxYSV3GGtdvyN\/+B3rxIFxOlIbhah3spVagftVOVLwzEjgltFIQxaDz2IDejfsRvtNrZ1wb74Mxlxn4Xoaty\/Qkp+Ij\/C2ANqDahEV4ogM\/KzcKzjcBLc7yfU1tYckm8KOXkTi5+382xA2GXv6uAu7VG3vMGymYzo4WYqcBUs79NOaRzuwxcuhH3ulI05NALrTEu4opmmXEH\/zdx9hNMv\/P8NcOkZAhipdP1nfveDyNWtKwIgTDncelLbfZhqvDTKb6JMocGx+Sdod2muZ8FDStAjegpOE34z68BReG66l7o8F30g1LMSNBzaxuSxnDF3c4g2w9rxoBGVgV+gf\/46dSDtAh+RxhlYFryABZXx5KfLajiHafHeeg\/Jp41CW4uXtfXb63YR+F\/8SDLo1uKAZWR4MnVbBf1Zlfkz87HR3Xoe1Apjuz1cSrsMrX0Wf6is8xZxTrKKObtiUqBqI3YsnkjQN5V8ahE+dGER3BhsvgNABXqapTBb6A=="} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434736042,"flow_src_last_pkt_time":1603816434736042,"flow_dst_last_pkt_time":1603816434736042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434776956,"flow_src_last_pkt_time":1603816434776956,"flow_dst_last_pkt_time":1603816434776956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816444721572,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816444721572,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816435054346,"flow_src_last_pkt_time":1603816435054346,"flow_dst_last_pkt_time":1603816435054346,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":79,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":79,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":79,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507215,"flow_src_last_pkt_time":1603816444490896,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434640692,"flow_src_last_pkt_time":1603816434640692,"flow_dst_last_pkt_time":1603816434640692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1603816435020512,"flow_src_last_pkt_time":1603816435194141,"flow_dst_last_pkt_time":1603816435020512,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816444524248,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816444524248,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01259{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729337,"flow_src_last_pkt_time":1603816444586281,"flow_dst_last_pkt_time":1603816434729337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434659010,"flow_src_last_pkt_time":1603816434659010,"flow_dst_last_pkt_time":1603816434682914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434766398,"flow_src_last_pkt_time":1603816434916407,"flow_dst_last_pkt_time":1603816435089399,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -409,14 +409,14 @@ 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434806510,"flow_src_last_pkt_time":1603816434937276,"flow_dst_last_pkt_time":1603816435089369,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743648,"flow_src_last_pkt_time":1603816434743648,"flow_dst_last_pkt_time":1603816434743648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434855086,"flow_src_last_pkt_time":1603816434997193,"flow_dst_last_pkt_time":1603816434855086,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434507837,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434548684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434507837,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434548684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434652977,"flow_src_last_pkt_time":1603816434652977,"flow_dst_last_pkt_time":1603816434749121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434886049,"flow_src_last_pkt_time":1603816435065947,"flow_dst_last_pkt_time":1603816435111871,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434670390,"flow_src_last_pkt_time":1603816434670390,"flow_dst_last_pkt_time":1603816434802819,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816444513189,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434584609,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434709551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":31,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816444513189,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434584609,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434709551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":31,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434601769,"flow_src_last_pkt_time":1603816434752617,"flow_dst_last_pkt_time":1603816435020471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434530418,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434530418,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434721106,"flow_src_last_pkt_time":1603816434871914,"flow_dst_last_pkt_time":1603816435054325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434643783,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434680178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":23,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434657595,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -425,22 +425,22 @@ 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434569071,"flow_src_last_pkt_time":1603816434569071,"flow_dst_last_pkt_time":1603816434601225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":23,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434628754,"flow_src_last_pkt_time":1603816434779850,"flow_dst_last_pkt_time":1603816435041611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434722567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":47,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":47,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01162{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434622862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434622862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434684954,"flow_src_last_pkt_time":1603816434836177,"flow_dst_last_pkt_time":1603816435089353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434602877,"flow_src_last_pkt_time":1603816434602877,"flow_dst_last_pkt_time":1603816434650048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":35,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434725950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434725950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743654,"flow_src_last_pkt_time":1603816444721505,"flow_dst_last_pkt_time":1603816434743654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434779296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":47,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":47,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434528228,"flow_src_last_pkt_time":1603816434679393,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434641678,"flow_src_last_pkt_time":1603816434792692,"flow_dst_last_pkt_time":1603816435089405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434519345,"flow_src_last_pkt_time":1603816434519345,"flow_dst_last_pkt_time":1603816434551349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":23,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01162{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434784280,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434822027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434784280,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434822027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1603816434609154,"flow_src_last_pkt_time":1603816434806535,"flow_dst_last_pkt_time":1603816434609154,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1668,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434629806,"flow_src_last_pkt_time":1603816434766415,"flow_dst_last_pkt_time":1603816434629806,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434643533,"flow_src_last_pkt_time":1603816434794660,"flow_dst_last_pkt_time":1603816434643533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434670588,"flow_src_last_pkt_time":1603816434820874,"flow_dst_last_pkt_time":1603816435086357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434699019,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434699019,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434642398,"flow_src_last_pkt_time":1603816434642398,"flow_dst_last_pkt_time":1603816434642398,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434524039,"flow_src_last_pkt_time":1603816444507501,"flow_dst_last_pkt_time":1603816434524039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434569249,"flow_src_last_pkt_time":1603816444507486,"flow_dst_last_pkt_time":1603816434569249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -449,16 +449,16 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434772881,"flow_src_last_pkt_time":1603816434831237,"flow_dst_last_pkt_time":1603816434772881,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434680209,"flow_src_last_pkt_time":1603816434845425,"flow_dst_last_pkt_time":1603816434680209,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434822065,"flow_src_last_pkt_time":1603816434822065,"flow_dst_last_pkt_time":1603816434822065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434721167,"flow_src_last_pkt_time":1603816444586338,"flow_dst_last_pkt_time":1603816434721167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434656025,"flow_src_last_pkt_time":1603816434806673,"flow_dst_last_pkt_time":1603816435111830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434587784,"flow_src_last_pkt_time":1603816444528471,"flow_dst_last_pkt_time":1603816434587784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434523543,"flow_src_last_pkt_time":1603816434674356,"flow_dst_last_pkt_time":1603816434855041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434664905,"flow_src_last_pkt_time":1603816444508084,"flow_dst_last_pkt_time":1603816434664905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434818859,"flow_src_last_pkt_time":1603816434818859,"flow_dst_last_pkt_time":1603816434818859,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434818859,"flow_src_last_pkt_time":1603816434818859,"flow_dst_last_pkt_time":1603816434818859,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434585935,"flow_src_last_pkt_time":1603816434765599,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01259{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816444528429,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434782784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":35,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434782784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":35,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434590003,"flow_src_last_pkt_time":1603816434590003,"flow_dst_last_pkt_time":1603816434688708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586718,"flow_src_last_pkt_time":1603816434586718,"flow_dst_last_pkt_time":1603816434586718,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434518986,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434566800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":35,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -466,9 +466,9 @@ 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434661281,"flow_src_last_pkt_time":1603816434812388,"flow_dst_last_pkt_time":1603816434997155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434750923,"flow_src_last_pkt_time":1603816434750923,"flow_dst_last_pkt_time":1603816434750923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01264{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434595118,"flow_src_last_pkt_time":1603816434745946,"flow_dst_last_pkt_time":1603816435011222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434822056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434822056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434765563,"flow_src_last_pkt_time":1603816434915890,"flow_dst_last_pkt_time":1603816435194117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":246,"packets-processed":246,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":30,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":471,"global_ts_usec":1603816444721572} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":246,"packets-processed":246,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":30,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":471,"global_ts_usec":1603816444721572} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 246/246 ~~ skipped flows.............: 0 @@ -477,9 +477,9 @@ ~~ total active/idle flows...: 77/77 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8838288 bytes -~~ total memory freed........: 8838288 bytes -~~ total allocations/frees...: 141660/141660 +~~ total memory allocated....: 9604104 bytes +~~ total memory freed........: 9604104 bytes +~~ total allocations/frees...: 155596/155596 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2241 chars diff --git a/test/results/default/quic_q39.pcap.out b/test/results/default/quic_q39.pcap.out index 90cc5386e..ea4d7075c 100644 --- a/test/results/default/quic_q39.pcap.out +++ b/test/results/default/quic_q39.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1509098995610775} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1509098995610775} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1509098995610775,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com","domainame":"s.youtube.com","quic": {"quic_version":"Q039"}}} @@ -9,7 +9,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995737241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1509098995737241,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA7AABAADgRuYgVnbfjqtgQ0QG7ltwAJ9O+AAM4OmALOTw1M50FdwtLmPXhOu9ZZKxYgqiuY5AjrA=="} 02249{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509099004752497,"flow_dst_last_pkt_time":1509099004382425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":14377,"flow_dst_tot_l4_payload_len":2074,"midstream":0,"thread_ts_usec":1509099004752497,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":577850.7,"max":6514643,"stddev":1531988.4,"var":2346988339200.0,"ent":2.7,"data": [8931,36678,89781,7,404130,1367,298294,119221,31,434781,6185342,12819,6514643,11351,11378,22730,702601,702694,435266,435159,11351,11442,16019,15861,397203,9235,397732,33897,93428,52,499948]},"pktlen": {"min":46,"avg":542.2,"max":1378,"stddev":603.7,"var":364512.4,"ent":4.1,"data": [1378,1160,63,1378,59,69,69,58,291,46,69,256,1378,64,1378,1378,61,1378,60,1378,62,1378,62,1378,62,1378,716,62,62,90,46,84]},"bins": {"c_to_s": [0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0],"s_to_c": [4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0],"entropies": [4.179285526,7.832315445,4.966748714,7.846248627,5.380072594,5.640916824,5.720768929,5.299251080,7.336034775,4.816403389,5.818665504,7.074090958,7.867320538,5.431150436,7.827050686,7.874505997,5.477433681,7.859999657,5.412702084,7.863677979,5.373553276,7.855113029,5.379174232,7.856376648,5.502585888,7.846080780,7.718618870,5.508206844,5.470327377,6.029057026,4.816403389,5.969577789]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":33,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509099044522763,"flow_dst_last_pkt_time":1509099044559423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":18965,"flow_dst_tot_l4_payload_len":2686,"midstream":0,"thread_ts_usec":1509099044559423,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1509099044559423} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1509099044559423} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646615 bytes -~~ total memory freed........: 8646615 bytes -~~ total allocations/frees...: 140594/140594 +~~ total memory allocated....: 9410956 bytes +~~ total memory freed........: 9410956 bytes +~~ total allocations/frees...: 154559/154559 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 557 chars ~~ json message max len.......: 2347 chars diff --git a/test/results/default/quic_q43.pcap.out b/test/results/default/quic_q43.pcap.out index 6d657ccd3..85ccbc237 100644 --- a/test/results/default/quic_q43.pcap.out +++ b/test/results/default/quic_q43.pcap.out @@ -1,11 +1,11 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388060203207} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388060203207} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388060203207,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google.com","domainame":"dns.google.com","quic": {"quic_version":"Q043"}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060251652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1592388060251652,"pkt":"AAAAAAAAAAoAtmi7CABFAAA6AABAADsR1dxId9kdM3gUygG7wFkAJsU\/COg8d72PiRX5AdVtByTcf3A7ZqGOSkABJDYBAAYA"} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060251652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1592388060251652,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google.com"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1592388060251652} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1592388060251652} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644933 bytes -~~ total memory freed........: 8644933 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409274 bytes +~~ total memory freed........: 9409274 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2323 chars diff --git a/test/results/default/quic_q46.pcap.out b/test/results/default/quic_q46.pcap.out index 7ea5749ef..cae233cf2 100644 --- a/test/results/default/quic_q46.pcap.out +++ b/test/results/default/quic_q46.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559632338055044} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559632338055044} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338055044,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com","domainame":"play.google.com","quic": {"quic_version":"Q046"}}} @@ -8,7 +8,7 @@ 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338308554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338308554,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTrzqQArMTUQF+qfZl\/j6GDEC\/I+tHha\/dgY9YrBnIQRh7ycTzuKlQRveBbgIPaLRsi0ExNkrNV7kEMqhWFB8DVw3+iXp7Q0SPR4wk2prQv0Z9EAI0pujRDgT83qm1mSoLM4iQy0bz0Gm96wSsATMKmUKyFyFBnpTsLUf9Xvid5CkSvVYq5IyCOuKfH87rCz5QTkBH6YTC+QDCSrAGsbffYz9bMQO0R4i01YSA9\/I4aHEs98s23RNpdZor+Q4Oguj04Ui1Bg8f3CMHs0B1wKZWu7IF605ju+my8Ex28FSM3yemKCvdolaLftpnKyeHoId\/QpIb8iwutFlbt0BwhTCDewVFpV7BQBJRHSzzcqF3KHmxfGeJEz8HgPupbuU58vn9Kst3qPAnRfWPM9Y\/xuqQrVroUhIzD2KcGL44idNWqzV9MuP5s0aD\/0n00A8OknoaT1Z0nD6uS7MwoMEp3hjaZrYh1FVS6ZqzuhHdMfQUCymEejFbSmXbd58wxV444MjFUEdTCH9C5nplkg2PrEbadm\/t1\/rEMeg\/JOLjOqZeL3RVNZnVu+64GiTXTooYqjnh40z9xHOOmQOZyfle2iCVO8R\/ivXtUThQIVkJxvD+lByIAMuKs19fjh7OTQuW6brcmUpLLxNTED3sSOJ1MHHkPoWBfdRuMlOs0Ryz0ZCwxjKB2QykP3nGHn+U9cQJjEEK5qvkEMPYypV1+HtjqlPnl6iu5Sd3xNKaZ9FcaL83oG6RIF4zjJ6ihumZijejW+\/cRyoX2\/M6YpKMTtn1WRn9rhtQry3eVZPeQNVSd7XZL0VdvQ5vu1ggAQn5TQ5togK+G+4pXqF5jfiQ6DBFgLpBhWv\/UFK7aVWxuJrDA5S4u1lGTu45kd+19qZi53LcaXhMl0qJBJJF3oCyKeyoTTUDuHU27jmLWrpsAktKlqGf+4TuB3lSO\/EPFyrp8KLENcsfa5\/l+B8TZFRRUwAQv7YeB+SquPT+XySpsyvSWPmJ1OkgDGN40H8aBclc9K0qdDBg5M2dE8QYwGrrNKoCeKgtW9TnOyhkw6iCeSMxUnEz7I72YmaU3B4Qdh4i1suSJJS\/Is5YBD0LYW9RGca2psLfKVVQ3pVzCNm+8iuLUD\/+N5dsKBm97UDJJu9QZbvh\/17ADMdqmqjGV7a\/KL1diOzof+kNEM6D63PNaEqTcdTJU679aUQuDA36PwnjOfPQ326RaECpj7agr5AR7cT1hl7xR6U2rhzkl0Kz5J\/fIaAVikO2T1YDzpEa6ViQoL96Re5TbD3QjIjfR4Gp0AjyScTnvjlkaS0KPbZ3dZO0yuuI8K2w5rv+O9wTz\/j3JIVxILrgv+nrmo9uCpzcwBNXvDg5SBwN8NZxMqNH+W5G7d95IPrVS2zW\/4pG\/B+zxKwHjBFjH1xLbTp7hfN1GljHGDpVEQpGi4OAY8li971mNtDTBydQJmQ7gQlhjFgMlfgoeRtSHU+o01scTey2+WUdu3zYtDsTDdxFIAdmHZbOrHyzRES5q\/KmutL7eczEoW1LzE4ioLwIH\/g4j5+nlj4cThgEcmecZB7Bt1chmjIYfJVOi0zwKH0\/NJvwsPzAtyn1PIZKiwEc\/CbD40rT48BToIWSWBLXxWuohMPnE3FrkoivOd4Gpa\/0yzU1wMDSMH+mbgsZhX5zYEoGglp3CbY5FVv9cUPm5sCy1UpjiUb\/pbUisccf6scx\/oiXxAimL5KCP061NTFY85qjPvir2+lXCW2MH9mnIP3P3l0xfA0+tgQ+tN730D7+w1UgNyI6x8+Gr2OtccMTyA1EwS8"} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338309852,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338309852,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTqtnQA9VWeqlnKi1He4wQWN\/f+ykkZ7EUoh++i5eD6CZN\/2OK1LLvIohuBQ6+oAOvGiKMTrPyoMy+bwMieLisXdiafKDJvZCKRyShiIE\/VsZZA592sxRa9Vg2pXH9j8435JRlNe5zXJlpHaHeTbO9GlYTmUN5Wk8dNnRtW2hdo25fc+9lOQWYGT0CaE9IiOnSr9tN9PQJxGm59j3+FpjB7JoRFF6QQtD4qRdkxQH1ljvfZOy\/NU3nHfLfeZPZJ75hGZb662tqPtx7u6RVD6+HRQ9t50R+x\/XDILWM07srC2XJdOD+9vMXyQZnHhaNfwt9CRyUEeHYvvI4s5LjOc7Mbgwm5E+3uTUaD0FMzn7S4eDN2dyeOzJGAHwGJcE6SUAzonQ4OeQrZPgaBZWVNmyKGxjKy3RWR618ul+UgR1pwa4+LeuwPByRnCcul0lBFI2RjWbPy7B4tvwCuJTWDNvttFv+HTU8o\/OMC0jVE6E40A6vQJGKHkOZ\/eHxWUXlsEKRm\/GXeQyO2JrKq91+JEuAU0WTmWUvpcxBbRgUThFcVxvkjStKjqJe0MlTP\/cYQFieJP8LkoVTkSd03u3SwfS+3XPGs5NZVFfRewRdYH0d\/EQA+OQ4qOBcwSzVxJTvoR9+aJTgns05wAao6IGVc00ppeEKy8o9B2PPCf2Yn13wVW2uR78+\/Sd8uRXih\/0hbDCAxr1YMdwv+eWb6z6r2HUEfmZfbZ2vZFFXy1XdNELipxBnZhyKw5gtJlK\/prcdMl689I0X4UmwUKvuaZSDK2qVQjQZ+WfWe7Y3+IIr6FePlmnyWxuwGx2NAcUjClYlSywa3SNafQ\/QnCxF9jWX851VWrmEKNrzufxVm9BLlnyE7TOg37UYKSnU7MFav\/5Y7S9+nCiGS0pI2h6bn9B89LgkNcy2P7evWjIvP\/b3J9WMvri5HVWcmKN3UKigYQLEtEZLWZFHS8dH+em70WrNuoTlSgtkGX3l78KdOLj\/JZ3BCtl8IlL8uhYijP1M\/3r1gWclDoY\/N++VS2piiStR0CBqTIjR1lVS9uLqnX7ydFKTP\/QLVmlxN2DahOn1ecixBGSgvwTN0wTqnzQ99268818kw4dNrfToAOz5UDyCmvlGbewpbh\/O7rwGiMjYWFa1wJFnhRK+U3vWbsPAKjCIVK5nitFyipl+JsLSS8NuBlvP1GXpicNGf68c\/aKS\/iTLOLXEYWxAXBoVkP8VTohEv+v+JkOUIqzU9aUAeXRmxabFQdwgmz6HZ5Sh6Wz588d0Il5MNXCmccVrr9R16l+BtvO\/6JwNOBkS2faZ+uXBgIOKPPEK\/VmJ2tHOGRGhP66mnMcsK6ppNBWsqw\/4teJOjdZ6zNkHNjYpMl1HHg9179N7hNpmxK3JQeEhM3Nd\/bwFjudZZ3xeZKb+RO5+HTvf6lOws9qjq9GRVdht6E7qZyfdu66KCGUZ236sgXx8\/tXdOG1GjNaZBSWQdyO3j8e3Szniom7EbDIbswnp+K0bpq6I03LBzwL5bcxiJ9cX6D22d2UJSBciDgro3a5rhSqnCgE5jx3RU7FGktThztnkynC0jB81m1fhkQfPfxfNUt1a9Okezhxk0bMu0BS4AVkvJ3ROO7KASlsLkd0UTIs2KqAJtOyK9weTtncnzcRNQfszERX2cx3V06dKgFWnFbRhfkN0NHXkYDEtKOXl1Mg2fVxyB0vQzYU6LSlvw6Dagv6NwzYn1c6Ac7E1lV9ZzFBiTOFF0umqRJzygwakMmhdAHqB0FbthGufvfPpr\/4MvkTCdu10K0kPvF7x6j+"} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":15,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338367037,"flow_dst_last_pkt_time":1559632338349062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1465,"flow_dst_tot_l4_payload_len":18936,"midstream":0,"thread_ts_usec":1559632338367037,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1559632338367037} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1559632338367037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645455 bytes -~~ total memory freed........: 8645455 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9409796 bytes +~~ total memory freed........: 9409796 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 2350 chars diff --git a/test/results/default/quic_q46_b.pcap.out b/test/results/default/quic_q46_b.pcap.out index 66c372bbd..3852f05da 100644 --- a/test/results/default/quic_q46_b.pcap.out +++ b/test/results/default/quic_q46_b.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561708873328442} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561708873328442} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_usec":1561708873328442,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","quic": {"quic_version":"Q046"}}} @@ -8,7 +8,7 @@ 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":39,"thread_ts_usec":1561708873447906,"pkt":"AAAAAAAAAAIAGNwmCABFAAA7AABAADgRW7Ru54YjrBtF2AG7sdoAJ2svQANZ0BQdTteTPGKYB0T\/Suu7ddNWywm\/bYiMAK8NlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1561708873542922,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":55,"thread_ts_usec":1561708873542922,"pkt":"AAAAAAAAAAIAGNwmCABFAABLWn1AAD0R\/CasG0XYbueGI7HaAbsAN3hoQNGjq6z2HGzRAkZgauR6jC2QY2hinAIQJlFz8Em5XwagPo8YW85xltrq2ilzWOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":14,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708874187856,"flow_dst_last_pkt_time":1561708876422246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2376,"flow_dst_tot_l4_payload_len":2844,"midstream":0,"thread_ts_usec":1561708876422246,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1561708876422246} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1561708876422246} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645455 bytes -~~ total memory freed........: 8645455 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9409796 bytes +~~ total memory freed........: 9409796 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 592 chars ~~ json message max len.......: 2419 chars diff --git a/test/results/default/quic_q50.pcap.out b/test/results/default/quic_q50.pcap.out index c5e945886..4f07cd840 100644 --- a/test/results/default/quic_q50.pcap.out +++ b/test/results/default/quic_q50.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388088469619} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388088469619} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088469619,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"} 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","quic": {"quic_version":"Q050"}}} @@ -8,7 +8,7 @@ 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088591706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088591706,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuYYx1EwNTAACN9KCJ5O\/156AEU0Os6NcND6sMIhR6wlQxJqDPKTFInXtiCVq7Oak\/Y82V0XywIxz2Whx8Wb2xUiZNk47rWK6oUgAo94MwN6KceEvFuaQASNHR6dakuMekdgMvKyWSoy7n6Kx6gcRhAvSIyiyivq7Xt5HstbWGNobzw5kW16it7xCvkjNeguznt0iKfYhVjHujng\/mIn7KT3rF0NdWtPKuRStas2FlOjD1KkMS9uq7qrUmpT72kEMNvQdgQQWc1+qu\/V9YVOZimYCxvO7Wt6gPNNMXe28X0qUb\/R88QoC9tLiwD8VmQcCZWnnwHftQT6t9mj6SOPLTxi3J6Qy\/azKCA+3g0XWUroXTAyqyxvYOnCkadn3eydA79hvFfw7hRWoftcfjYhFjSSDB+LG0NyE\/I5iYus6u9DedOhynlL8vB6tzr\/+1AR1X132TBRWmEZsyQ8fcEc631CffhAaA5uGUHlkoJHYaU3kWEHVpwR760NENnHg1MfTZ7ZUhVfph1lE1r5XNITcJrjlJRyZJBxNU\/IEEI8MujV265G21AcaVMc6szhK1Wx874zM+OeIwciAaHgXMYrNj7WthHd5PBtM8MF8SaNdoGYpcgsddH0GoZ\/3tq+2Q8GGxuJpOzfa7XVC9vJio2Lw3JZIvYv\/iXFhHxbjvAG6XePfv91jtV\/kZc0hXFCusoaLXfFJihI7q2H2FISpAQQjo5VEWT5vu3FajoiER6SQe23SIsEmgwipJFln\/ukd3HPHxZ1ul5RU9Is\/C1aceCEldcNKaN4VeYKoTWyjCpZFVZ64+HAtBk3D0GgUGD7T+h8BXpTq2yhqs7mM8jmOatp0xZo74R30wT0FPlVt2\/yhC68rDIjWIKyB36XIie2e3N1Xg+Rh14NvxElS3hevnImODZ6pAtqV3lpijp9PYtcTNZZa3GHwCxtjyxLKyjBt2PmeukOn3Z+1TzG6lAu72OuSA8F7Ipdp5l6SSFMGx5IdZ\/MoWGwImeADjm\/clLuj9hTf5G\/5R\/ywjTXtJUbbj9aynNQOMVZaJZ910woNruWRoBiqi0nI12HJIY2+WrYcjbAxySUwBouZ1gItm05egY4c98BytQ8TgT4l751mRafsIpIXzjdSoVg+yujlBxrLT0Pf3rdxZkIsfCnfW9j5TP3lqyw5u++O+cs7pDfPEEZ+ic1O+bSI\/Hy9wEZWf8jFhxDN7sOlIyYbXUleuvu8g4bpmRks4Jeg6SP67NjLTg\/Y8HwIsuf7EmrJVcQwMp6TCzthaROgfcAF5zF0F82CE71TICU5u9o1CBjiGKKuZtbbkV9Yue1RZbgp6ebsRkTBGsOnDf4SAZ3Ky6SdFm2TnUzcSdQ27ckpzIRvE6KaAPHZ\/Yf7varSH7\/v0fO8TvowM7\/1UwrIVHhejk0hlCXN1oRocyWJ1els7XFynG53RKgHQgTt0jEpWtqMOF1vfKXQy9Ta+FJvvGTrPQNW+\/28FJOSPCxZCqAvZM+8lJkqCZdh6lCet5KlK5IGz\/iR9WRBe\/96dCxsyck4A4u7INRs4Pr19tq0wHFmvgwhgJwYWr+DSNR573UiQZLAabtKJydHVcpmdxUE4aA4j2mtuMf3nWgmVwYD8Rc1oJthfCKlIBu0GXZYIyFxH63RL2xGpT1ye8Y32QC\/SymMtquCU6WSC58R+5BrLSghz9Iilf0uRYrSAy4nfJy8rwI10f9qZGmFH89aOtamU8Q+MnheA2OG\/dOcdAp9q81plhWrkT1601cQ7LPkz37vAFF6jkUbyboxo\/Fktak\/07yc8Vi"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388088618604,"flow_dst_last_pkt_time":1592388088591706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1592388088618604,"pkt":"AAAAAAAAAAUAeJuECABFAABG6fdAAD8RXQb4kIGTuJfB7ZkjAbsAMoiixFEwNTAI30oInk7\/XnoAAEAYRBPMrp71zr2EFj5wmqAqmjc3agH4W02K"} 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":14,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088898970,"flow_dst_last_pkt_time":1592388088935970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3327,"flow_dst_tot_l4_payload_len":16267,"midstream":0,"thread_ts_usec":1592388088935970,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388088935970} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388088935970} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655772 bytes -~~ total memory freed........: 8655772 bytes -~~ total allocations/frees...: 140573/140573 +~~ total memory allocated....: 9420113 bytes +~~ total memory freed........: 9420113 bytes +~~ total allocations/frees...: 154538/154538 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 570 chars ~~ json message max len.......: 2350 chars diff --git a/test/results/default/quic_sh.pcap.out b/test/results/default/quic_sh.pcap.out index f9ca14057..ab8324f2e 100644 --- a/test/results/default/quic_sh.pcap.out +++ b/test/results/default/quic_sh.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723407275497185} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723407275497185} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1723407275497185,"flow_src_last_pkt_time":1723407275497185,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723407275497185,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","dst_ip":"2606:4700:7::a29f:9804","src_port":37542,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1723407275497185,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":105,"pkt_l4_len":51,"thread_ts_usec":1723407275497185,"pkt":"ILAB4IZiNObXAhsnht1gBL+AADMRQCABCwcKPcESkbe5fgbi+tgmBkcAAAcAAAAAAACin5gEkqYBuwAz6z5TAd\/A\/mLGQHc83s7+AcZFeK6BRmC2KEO3r5UQVK7k8OWoUS6c\/hTxJk4v"} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1723407275497268,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"thread_ts_usec":1723407275497268,"pkt":"ILAB4IZiNObXAhsnht1gBL+AADcRQCABCwcKPcESkbe5fgbi+tgmBkcAAAcAAAAAAACin5gEkqYBuwA360JPAd\/A\/mLGQHc83s7+AcZFeK6BRmBEshJIK73Nlb3xL\/55Wvb3pDve6sYe6dpI9A=="} @@ -18,13 +18,13 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1723407282505786,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1723407282505786,"pkt":"ILAB4IZiNObXAhsnCABFAABHhhFAAEARNODAqAH1DeKvNZ3YAbsAM3\/5QRByBAInLtDojrU+kNAtT6ZtHczcxoDjBE8YUW+ixvB05Z93YizAOHyBJg=="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1723407282505833,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1723407282505833,"pkt":"ILAB4IZiNObXAhsnCABFAABHhhJAAEARNN\/AqAH1DeKvNZ3YAbsAM3\/5QxByBAInLtDojrU+kNAtT6ZtHczc+drSetCPqLTs8dsFTmGwR+hg38RhKw=="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1723407282505890,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1723407282505890,"pkt":"ILAB4IZiNObXAhsnCABFAABHhhNAAEARNN7AqAH1DeKvNZ3YAbsAM3\/5QxByBAInLtDojrU+kNAtT6ZtHczc52j34dVf9KFE4PqBJ3kYChjDc4bVDA=="} -01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1723407282505786,"flow_src_last_pkt_time":1723407282505890,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723407282505890,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"13.226.175.53","src_port":40408,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} +01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1723407282505786,"flow_src_last_pkt_time":1723407282505890,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723407282505890,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"13.226.175.53","src_port":40408,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1723407282505938,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1723407282505938,"pkt":"ILAB4IZiNObXAhsnCABFAABHhhRAAEARNN3AqAH1DeKvNZ3YAbsAM3\/5QRByBAInLtDojrU+kNAtT6ZtHczcq2e\/tGvEDsWX4BoBYg5lpNVH8Hjusg=="} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1723407282505938,"flow_dst_last_pkt_time":1723407282507442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1723407282507442,"pkt":"NObXAhsnILAB4IZiCABFAAXIAABAAPYR\/28N4q81wKgB9QG7ndgFtMjBTrWeMH5tzY4G5cqlbIL+SuXSLPDDvV\/sJ63EHnFPc3Blq\/U\/k6ibODyPuriDAJ3MG5bbpZ5lH6jbD38V8o148egWFkx3XxH+Gt1rxmyEFvbOCKiDlz1heTqhe5laV5p\/6WCi0R2RfXNr5SkdtcD5YvxsjuqVZAnz5Mfkgk++yyHzcrtNhHvLSsZaJBugv0N3tsLKL+MyMC804rzBSdxp\/5EvRma8cBv4kVQpoFa051f8wvIfqmLM5O7D3gAOeRvH8SqEHTionLuPy7MNBaepuoiQC10MjoergVzRqagdB31kzp8wpkj\/xUiinvvzzV36xvV8L9hQUvDBbKiO4Aa4p5dCUexU2t0qlPK2MUkAOLUnfnTY8deG7ZRMzwDCYiSLiMBoRfWWqIr9SLkPvu6Iy0ZYENbbwIYXegS2waP1JJ6KDoE3NaU1Y8sSYxJqYuS2cOOc0rmpJL6iM4vUO9Nxa5cV6yuXVC3cVIayys3eKGkG30LZ0k0Slv7P92t\/Mq84zZ64POEuvR8z4bBl9Nm1z70a7AENIwZdB5FKRD\/sEOzwFjqi3Mw74PwNgc25OBZHEvdiZzuzkDTM\/gDa1ZS30Wta+M8gU4GqqUTVvYBa+da1mg\/R0gn6E0KhQSgT9qpBtJo1yAomGbdytZ\/aikS6R6ZfL3pCvwn3ox8fHw1hg\/OGjipDC8PiGCfF4bhq7dz0QCuvplm1uQecmbIXUuY9jgTCRsp4NQqeHphWfpfNbF8hdbqqszojgJ\/8F9INFac27lQNndSskNaiEfBDVlEmYSKupEBK50kPd5UwdMBPeeSurUW2C3rhzu3TIUgWJS3ZG0fZcijTvtmuoY\/JNZsXPqQlZHhhdRKwrDG3X1JTjnpc\/bNwd6+eBv8\/4li\/JyrlDgAZZrp0m72su8CAvzQdvr5FdljW4JXsVnJVhX4x3kqCJR706ARX2I9khVJpuEop8cpuoJ4KIhHlR8QSFlmQm6vKsoP5Xw0Erj84XSQIvjX5mCWfTxeh2o1z4BuuecK4vqWQJntCeaDoUb2Max+ODtk0jw+a79CgyDwyJXpJEKRzpV73cC\/pPGJXImgIQYmC1PWv6eoUi7MoPlGQm2Db7lq1r4s0UM1JkK07VpXeJcKKmriXGAnhLKOpQETjlsj\/vjbcVRW1R0zTzbT9TwdzjrNmN+mr\/28NeToL8ocb9gMMUmz3lFA2J30axDBn4xfAc7MIBEpfJ9wQjZJuLccJxlxEOmWwi8FXpjNoUflPVugjgj8HYvr8JBwhiqwm+MIALOlkq\/AuQyu3+RrMua619SbjyqNQ53ewLZO7FrDch+YC4pM5PkZRwNvqqkLYl4sKLCEL6i0vsuP\/5amRZA0wMNuAZ5itGaE0h2aE0mx9Ko240+o7CTNmZMay1n9+MIz0cL7fADYg\/vEASmonMIcqITQT1fgZHqXXmLotXMXEgMfw6vSFF467rqdSO2cxPpE4zxcX7h4aOPG1qkuSqeqVBR\/JH1dNa3HYiOJjDlipIjvucSYxOlH02lgf\/gTPS29slS6SH6eaAF\/jqofkxXpnzVHVHYB4hI8Ut8cUVaiYesn2zZhZs335ns7Sq3TwZoBcSWNwdt0jsizIeUvQNw4rubJxBwjeyNN2qQpokAUDcm1FBYqRdjUpoC9dTBqMoQkuvTt130JJU+o0yvFqpo80O8DRA0Q5vBOWKdqclGpHowOPago27l6vOltEhPOUALfmY\/yH9dH1yScYEQ3bHMCJXQZNdRQ6k6UXYXlX1vmhGXgIIvwfh5ib+8UtiL8APZBcvTJ8d8jXP3ZZCOy\/\/7yu+C4VYlZV\/5YsClafCFemROLXV4I4P1hxVJ48EUQJ1js0gv3A3UUhczsXhyNIPYnjEh6h\/\/u1fCvR\/1dCsQG\/g58ELsGp8FBndnvikH4+XZjB3U0sJGXXAJBVbDML"} -01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1723407282505786,"flow_src_last_pkt_time":1723407282505938,"flow_dst_last_pkt_time":1723407282507442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"13.226.175.53","src_port":40408,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1723407282505786,"flow_src_last_pkt_time":1723407282505938,"flow_dst_last_pkt_time":1723407282507442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"13.226.175.53","src_port":40408,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1723407281575531,"flow_src_last_pkt_time":1723407281577293,"flow_dst_last_pkt_time":1723407281601021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":3690,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip6","src_ip":"2a00:1450:4002:411::200e","dst_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","src_port":443,"dst_port":33144,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":15,"flow_first_seen":1723407275497185,"flow_src_last_pkt_time":1723407275605171,"flow_dst_last_pkt_time":1723407275604060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":12143,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","dst_ip":"2606:4700:7::a29f:9804","src_port":37542,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1723407282507442} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1723407282507442} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650984 bytes -~~ total memory freed........: 8650984 bytes -~~ total allocations/frees...: 140598/140598 +~~ total memory allocated....: 9415323 bytes +~~ total memory freed........: 9415323 bytes +~~ total allocations/frees...: 154561/154561 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 2490 chars diff --git a/test/results/default/quic_t50.pcap.out b/test/results/default/quic_t50.pcap.out index 83bbb58bc..da24c87d9 100644 --- a/test/results/default/quic_t50.pcap.out +++ b/test/results/default/quic_t50.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598618820564956} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598618820564956} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820564956,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"} 01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","domainame":"fonts.googleapis.com","quic": {"quic_version":"T050","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h0_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T050","tls_supported_versions":"TLSv1.3"}}}} @@ -8,7 +8,7 @@ 02339{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820678307,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTsI14VQwNTAACFVfMtNfKdhjRTV+TZdrbCv33x6iH690PyehJilsagoNTR5bonnLL0dBgoMc3YX6O7TqPoYEmBQhBo9qpBXyGoeAWGhcJFKsYDc7\/u4ZX2hLTAloQ+a\/pdH22A8suHezIhbLeb5134q2RA5HFoZzTMTZSBCIhgTstv9PXQCwumfychHJYHs0Ft6yq7RAocqUEq1\/LWFpsGhK1ImBcJ8BnDM5dxDKgRMGlmxspqHoB9\/LPeslqcwLzWl9OQB\/VcpU8C8sGBntQaRgPwf94pa0UqHMz\/2obpKwKjbwwgbEskSQbqBuFooA5L9rz6S2jrVdw6PE85FWIxp4KWk1jQusgYQi5jN8GLyCPIvXHA53qb7OcsTkg4Ww7b64NWwW9ifQuXd+Gqe+UisPjifLIntlpGXlYNIY7BnAWTPSpwUdXy6Qtqrk8X\/ruvgOsv6aDjOLl4Ge8zEim8Amf5sqpEA8LJyB8Sv5O66dtJK+I50u7YFLUA7h\/tgVP1iPhpJTEnCH16DKyMXZFkbh9DilxI7c0pOAZLYJr48QuJox4RoLFZ9lMTvsKjVku\/fWAMDXEQvaFNwvlBvlnQb9JbaVASSjOzlsBofk50BdO9mypm2dSeER4kNd6Y3YDYqrbu2dewaFT5S3EXYNt0lT5NZS8OaF9O08WAiSZmR5vmuAfuLO1zLgGQ1Euwq86NKKfd7X3h+4ViguppZQrMcNF2YojGrt5MMBgpSYR9Hb3pj7xTb0uSkVCu72ZrfL98amuFAUy7Fx+treVOyYo3k4jCPb2dH2G7olLbbzBoDbI3iNF6Ekqomn+sjkEDznbOBqf5f+SFEITZLVshGDkaECMNIlb08WSbhHUCFxGcOQ3UPyKpjOEVlwdNr04Te9hF0D8k4p+KIgi1A+waaYVHLFETZeT8YPT8ZDHf6kMrYR4r7+vw1sGIhuXD7dlP3xV7QBWhPLWn09Zzf+Fjtn\/rGO7M7jIytdlLNCA7WWcqkE38zytO4rGXwn4Db\/WD3qNvU2vCguVZQJh7TYQjHrvQ1m\/kei6U2kUJxRU9pZY4RgTao34mbxevGfXtL4ZcIwdhIqpGsExlSBqASylYBW8VtVsRikCdpzuCR29+fKrJ5GQKsbKq67MSom7g1SPuKRUVpcCxxtEonsShqkNxNzZ\/KxLmT8v5MWSqqjE373M3Qtz+UlarcxgwlqXMcKkepFzis88I4xRmO9NUhDQaOshdj35UPLk\/InvvlEsTluejP7p5FAbc8LG6s0arB0tweHuxaedQ3ZSCoivRmpoiifHNeSVAt5G5yOhX3uHflkqbYAvXXJvJz\/9ghC6SZTst4VCRHHiBQrVKQogZkzh\/ykPsgutAYqQ0MMye7j5zhBayUaElfmpZhnfHZOgPfYCxTTc\/RtMexJr3LPcYh5ge32zWBwHlWorfSgmJcAhbebG7\/n9y6h\/ty\/9E6FoWOluyMMDQ7gv2jL3WXLU+cqEBJmMDsz\/0XHB8yjYAMFXAREmTS0tJ32G3QTeLJYyzJ7BvLKslWQtK1WmiJD+z\/wfOk5auh4iSdzg1KQ669g2tPVS4uwbx16g0jlqJL3MH78oeMHfTePuvb550Dwg8s3yCO8hnNoYt3ZDALl0JQkpBdmXoMEdlyv12lpf7U0iRGf\/4pr0CE0SG8rDso+ecL+ggGjpdwPWgfQ8nk+lOeLsTXddVYv03OgnFqwhUvd21zzUyTUY4mKGWFoQ1WIUFHdZw7rjCzG6mB\/mAXdXyriXrRQk3wIAGulMvV8xiE03NCdGQQ5kPv7nYJRK7sO"} 00959{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_usec":1598618820678362,"pkt":"AAAAAAAAAAEA4e3RCABFAAFmAABAADUROGOm8LzRKJp\/yAG7wqwBUiB24FQwNTAACFVfMtNfKdhjQTkel0q94ZItOeKbj6OxbcFJoQQVaZZak0Bh1BLF\/\/NZ4vK9O0\/Iy6KVVmpDncSZrSRwHvcZHSWbwZiCstsEDdWrPtcbInQbWLg22euJTVfuU5XsciFULUWeQPLAOQqZdm4TGL1RYGogRCrzgy1YIhzTA\/sljiH\/YgFkGkv55prkYaQZ0L3X+SHIw3ScFYOOfEaTKZ9UZsO3Pvc\/FFafyEjWlGZWGLfwpFNh2DMcKPiZNzTcUxqJpYEehuKjdd3uPDmJPzfrMlq9RlSvd1c7GpiMmPJM7M1+8CxZcfUFGSEw4zxFM4YKu39AIJ8LU\/VWvgMbS5kedIXCxCBRacLcGxpZA9djAjOLWYiPP6gwUSpIvz7Pr2cVDzE29sJajeCR2+5l7nzkQtdzjYwH+dxZXr47q1lihmuSWcEW"} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820984161,"flow_dst_last_pkt_time":1598618820815062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2894,"flow_dst_tot_l4_payload_len":5022,"midstream":0,"thread_ts_usec":1598618820984161,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1598618820984161} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1598618820984161} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655556 bytes -~~ total memory freed........: 8655556 bytes -~~ total allocations/frees...: 140567/140567 +~~ total memory allocated....: 9419930 bytes +~~ total memory freed........: 9419930 bytes +~~ total allocations/frees...: 154533/154533 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 590 chars ~~ json message max len.......: 2355 chars diff --git a/test/results/default/quic_t51.pcap.out b/test/results/default/quic_t51.pcap.out index bb6fd807f..4fdc6bbe8 100644 --- a/test/results/default/quic_t51.pcap.out +++ b/test/results/default/quic_t51.pcap.out @@ -1,14 +1,14 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598620434413428} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598620434413428} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434413428,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"T051","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0308h1_55b375c5d22e_e7bc1e4f333e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T051","tls_supported_versions":"TLSv1.3"}}}} +01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"T051","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0308h1_55b375c5d22e_e7bc1e4f333e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T051","tls_supported_versions":"TLSv1.3"}}}} 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434419300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434419300,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvx1wFQwNTEACP+UFbWwBYYNAEU0cA7ob5DRu6SNsqDMEz7qri8UnfijZV8Hhw\/oxky0x+Zt0s6erWm7kWn2+1owrYTdI9p89OpW\/6ptpwv9v0J5BjJyyLuuQ7qMgzGXDs2ur++juUsUpOdkAs5K5BYVfQAmPmXEGyVgmyCeUg1T7Vj6FslmnDV909IngQqr2X3bAL3as4fB8O0bAq64I2nnjXRSsXtOF+WecFDOIkhsUozc+8M2nJh6kczAN6BO7Q6B24T4pTF7f\/SWotAh0wmioZGWvmsK3tbjrCGONmSc7G6EA+eCMtEUY\/yq8VyKOSmIHald\/L7JGCPyNYCQuoSWiWNaW\/I+iZ2Tm83YJ0ULZZc8urwFDYH3aj1AkglwflqENARW1+\/0Wgf8CdNT18FiabAis+X7vPL\/K0rfVmIy72rlRNRfOG7y7nzx1KwQOQc8aCVF3CWYU+Lmd10cKRMsTRDen+t7CfJT6D6czKmRS9zHy8defw2VL+sr4ea6knMol1lydS5om9MxXCYpqegXuWZiFTSbzJvhE4RaqOqWqlC3CyDO4ySp0wcYRr6Xiz\/ypHsBLBgujZNocUdxB92srmLhWvU+EKXNqnvn4sN9tP\/B4VI81UNJfpKqafd5TbC3xVerPG2FpOE4rg1k2rQi9r6v1+PQ\/d3R0LlFcbJ1hI9fgnNKZUfeIejFNzw84ZCPAGKEZF9DRij\/q7+ynKTHsKprl5SyrzqmDatgR6jPni4YdUIipVxz2xAMDSfgGHJudxWet0g70XvUgRUnZwnINCVHKug\/Cwaar4s1XCM8uhzoEef40bHIf\/1cPPikcn5BGvUj0yq5vKOgKlUAn1Pgd3RmxD4udRVK4hr3Qq2qz0yzGHjPkF5V31PdO+LbljCDil0atM9nNzYRQDTxXIy4ROBhbRF0GC5xxy\/5G1Z3EVEXnUgV7cKAoSoRYsJk+ehBddHi\/2\/aZLTP9GUgaj03e1ZAUqg\/pLbgzkOggtkBYwlEystem00J3RiW59azSXPWDzpQD37GvUqWpvchJjuAPROhp0eQOeyP6Sm5m8Ha1f9MDT\/mDWqN\/iBuFORPOJebKiYDmtBTotFqfXW1txgynw6EHUJzSE+pl4MdTTWGiKeLLjK6VcgkjK3QCvZi2YAV34jHwjHZGw2P\/U6KrMCfYoKLgcta7eGwEJgt1TEOATVA86YdSNrUK8Cm6qplxo7u2vCTdHfHERZHXlWiV5V+M6yg8jJ+w71hYe+9QRnWDWxxhFwqS3Rom5NgfL3qyZPAg7B0TvVcGC3k1t2hVxdIBJT1YLB9P8xcq205KojLAkrnJ6A03YtC2cE+\/GfTI6rrSdcn22uQHH1uwQgPFlvo5F8SRGnmtqbBCoQkhDA10opFpEUHAKVRysF1xT\/NgfiMQHD+An4IrPRfuv9gDg0rUkwJww22wh5gLlRkZ\/Syy5BClTzH9Eje2q1QlkG4NyNIdxlgTeTWfrV+owYm4Q+FXDFSqiziTTjYt929oBaNekN7DaLZNKBHzE9aRpnZjKaGJOIkilbSRnfMsOP+KhOdyxkYqJB7lgyVuE7zA+Cs6QfiNfeFBdysqGJcMLaCJe1XQZYseYZCHv9I1fYRd7rHJDJ5TLxG9ZoKBvyy9qAFruCnQdJM3kRJUF0ZdxtTsL1YtSrJYqn3hcGRfsN64Wu2ioNCdgwzJ\/IOr225URP0O\/yfvAjNTo393KgekGIplrSAr2vqB7j6oyQmlBJgPRuYDzTKmIMBKNHRY+Gk4U31TV\/ldcN5g5htDYX20DA3i7tEfKzfbUYY"} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434419300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434482713,"pkt":"AAAAAAAAAAgAH83gCABFAAViXl9AAH8R7F2744iY0\/eTWtg8AbsFTtamzVQwNTEI\/5QVtbAFhg0AAEU0KsIg8w2st8fMy25uq6gsPA7KRO4wWARaQxn0e+nvMAG\/ncVOK2\/1iV8zM1GT+gj2yfRnYitTLViCwPF0TV0R7p64xnLqwrHTiNaW89JgMAHQze00LP7FiTbOvqpo5S+7AzCO4J36LH8gasnIPNye5ytyGP9hxarM0Gwv6wB1BKIgh6Hfi9vN\/Jaq\/hKaWtnsFyqFx21T1U0YmQzCOhcYGHZNHNGEmxqlfOiET0cy7A2zooythTNQBScefWz4fyugA0KO5z5EPbOCuLPnOhJ8u0jAA5snZ9Av4lfTCNurCTo\/b96gqEMXFCAN6kklskS6mSW1P2yxo93FRN9w3VFPyMe8m7WnAxPUMrijM3bZFrpYXz6N3LoSvj\/7t1mbaz3Ew6W7CCET2\/vUPuty0yYuKN9hlZRGZDAOI7p7UV84zBa3MKUoIB90BBwtqXlv\/AcyfRFhSrAf1TPDIen8IRojBr5qTqwwDIcvMREVIsmeXYDDAIh87njz+3l6UiC0r72z0Vz8KlwPmvyd1tNbK4UoVu5yliqV7BzHAT0P+flRjAVL+Vtw\/1eTO0KLmizThDqycqyAF1MjS6cC4BRlgBDuBvC7oqizuHTk4JOICP+TLa71t9U0MO4SvptmKRFy9UA159ziHHDRbAhIzzVEm+HGxTjT93PUzlkT4beWAgYYW5swcH8m2E+qX\/jfh4l+RAJ7s1FC99eqQD\/G2qHKz49sTvtw3eknSSHiADw1dFNDiGytHeAJqgKsYZ6xbxYgMT8vQQJWpcCaoPnc1R\/36QBSKDfO0Ei6I0Nk2Twp2jW7ybYg3WV9zcO8mcO+t2rUANioNNaghKiQ6\/\/kCvnfaOZl9\/nMaaP8oRI80YNnM3bBLePCUoIodPlfRsS+qRORwVaYVbmTkVd+7OOE68KIf+CtQJzWPG1I9szX6EUokwcVW4JeKB3DLXSgUJqbrCp8nB5Gt1Xl+DVmAWNn0zlmAkUkIYwVaRlUBt12nmZM5GfCFjeNYwyxKhMtco0zqNoFh6GPimEo\/HJoIaculB01PGh4MlKE33m6lcbQnV2mcjQy9+X6G7gJAvssvNVim+h2CyUIa0AFnvBEp0BZ0LQBw4xxW1+LO+851oEKlpBHf2CaPTJQbQ3lYLcFUbbZ7WxtncvtHzy\/SI9UgKeWcagnCcsYLbPsnPnloEl6cnUj6vnGVoFZ0zI4TVPk88\/biBoFXX37AYSAsISWoXJh5fdyK7Ub3uTshAtqeqBBTUeUFjb5Aj4cdCLyefeqdX7eVX7iolZTDjMHw6WHcQg9j8QT5ZehE6eQ3EWBv\/dyJkxi+P\/\/5RRqzAOol5xZb6h4LuhsvzWHQihAaP9MzFNZJKsrSoe\/spLPEQi09YKZ53xMfFjPTNozP7awNtIb6QltDJNIByFfslEQklWBp3nSDDraHwFBspLwhrXO\/4KJq80I0e6UvL2AGkUJ3WcnYVtrSbxxk4APJ7JesOtrVvfG0zUeYMWMSCdfwkF4KodqZGtJ3QATjzBea+nTD5uHk34dDyJnSJKk0ILq0jIFLho8LlWIyJH4QOXOz4qaWrv1Yq7zohspvZk7qqBfzWtq9nyRWQ1TZln6OTuRj1nSwDkH3Qwyv3P3ftVCIjgLduzJ1KxoPir\/gAp5xz8YWBMXoD3IJzkv\/PGQNpizq54tSdx\/+EwNQ0FXkMrTDVKVITAuSnBIkg9sH6JW+WpNYsbAPv3JnEFyzt8fIeM\/r0Qmf+N6zxgE9jaSg9C2Ue6YSiQO2VAdyYTxTvnFaxwR"} 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530068,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTube4VQwNTEACP+UFbWwBYYNRTU7ePJ1K+FSjOzh8I+88Xo3glhGN\/ISVgfZLjon36o\/Ic8wElvtdYWOln5kitImSZYvUwk1fG0vvw0gN4Ua6Bk3jF4z2+DlEmg31OHq+boraULEIZuAwjhjODmyz5ftYwgYtTSwoERmJiUKmhlyGLqx3S+tX8EjcRIqYjSOyHMu2jndr\/C7BAPP7JVT9ieYljjMWtEQ72Flay2RpFT4RImtEH0\/RK6iWf3t7LgbxjhC97n0j1DDD4P\/sZZ0bVIicKPYmXAEngVSoh3oIH6poziu1qlEA556yxALTbdx8jtmJX0Z9ooraLIBrb+pueGEs6xQAtF7up+LVAjymIfJeMB5q1EfGiD2ya\/Jh+zUG10j5iOvBK28sWnXxVEamKBupu9qXaXG0OjhurIE3b2Aod2vtsJ1NalOos0dYc\/g5+XXDK8tcQHad8aZpGNSUiRyAtmWcaYe8vO\/\/qYA5pPey63z\/sGlL7Ey0S9M9ZT2ZRHnqlxrqhQIy7XXexnza+a3DNLwUI04v3Ks1B1peq0gsFraKmD\/6yO0vbt0fXLwVt2hr3SDHm0oGrN74iZrIwUWQiIQl22WxQHTTjtYOTcvqWfO7uam1Ph5DVbFaDddigRvWdhF73OvmxThMwCc9l6X3P\/tUIdb8CggvQWiMRN5Vhy4Rljya+ZIOcdjbzMw68oRgdgPhct14QVofXpMjJfC3oqi\/nNbGLQ5rYKneQ7CWh9RSv34L3R5RDGC\/pHwyv6PGgI8KRf9+QUC+7gYPb+kZQquYvru8Z0knElk\/9u3Xyd8knK1jpgFTg1HNdqhCD3oyFIuAFRWqcgNxU6wz1LaRi24VFE+eJ0o+rsi\/pnfI0su+wrGhXYRbyyiy4ZzbqahkZoPZ2zQGAKW1nnvD6p\/zaLVXZsU4jxLWam2WqckX1QTbgPxB0wawYNhyf2CAAhEQ29\/cwWUpxFyoXDPB+hK4kW7liS10zysc5bs+sslvGCpqRb0Lis637gfgiMEACVosS5TN56wDxHV6753I9W1zSBCNXxUKOAdDNb1MGhBZT\/uUW49hJ6JXcGEhfw+P+5AzMdiqKpUSFKgaiqJSf3iiv2\/RtnFbJ1FaRBOTOgw3ARkcPvJN0sfzLk7RKlSqTCXk8peiPFwt5uzAbWqrhfe\/Yen8D2DWvWSruKHIC7o+GazJ+\/eyppnocCPGQQZ2lonOQT2qyNSZ9COW8HeAaqf7QCJhvb8S9SVVml5KBhnwRNbnuZICaxg9vyFjeBwKI7SstbJ3b7slReERnG3DvEqM+ouROXRlpGgUREXlGwb7N2UJ1jjo460vUe38pW2vZ1XnXYGDBL3642Nhsv8\/xSPSuRmLvvooBVMWLWW5v+LMlMcoNIIM6xibupcxuyIqKDqNmsScanfhq83xCw4xKptGbS9bu\/A0yrmv3Atgn3WXnx2khAoVngZCR0MbqmA7T5k\/rUKhB49pS3ip3KT03PKvjuwDr50ynUXfZOYJ3+OmI37LBmqEhKgv5YHHEjRB8VHHXAh8Aok+ht+KljGfYLx0rx0y2IXVcxRnvPFVtHn6kBareUX1Lz56co6YIb9788QnPlkfq1D0P\/\/4uwz67uvdUChfS0JSNQ18zYOyJ360r3AVfKXmyQ19aUMj\/EcNueVwU0nbl2KSsYn1Gfl7zj0ewbm+BiPQNHMgAkoRMw02Osi\/TmhB+pfcq61IRV5796uYYuP\/e1+49LMsN6JtJapar+\/bfHd+ip7c\/\/L52jGcE3Fey3bVNYI8YmxgiEd0S1usipgR\/OJ"} 02336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530087,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvWw7lQwNTEACP+UFbWwBYYNRTWFFap3NZueejSHTEbypHeKREWRxqFhCyZ5IFZ0eMPI1H48IlicfZNkXoAWlnYiFV7bh\/SgyFOQ1pzqpY4Gn+dZg1igPWwPXjEkbDJ6Uie4ErETtBEXPCHdh0EPbcG66CEGsqP3FcGhBvmBZ6nLZXtHGFm8TZPZLCjcEWUg3j+yh1uJpfKvfgdjQXh\/BKjL946XeM8A3dQwTCj7w0RU4XQ+LgKO5R5jUOWwNACvmRA4ChETSCDHR4\/BAzDovDeZBIcfCGhDNPuYCn0YgSbiKK\/zKtEbn2g8SAWOGtzORXbtbz7cr3FZq9+52D1ciyRqZMVAhZJn6boHkLy8FiSsJcgUNmFlpFnM5CbmVt+Z3TalUOLmIad0ZBJ\/frS25nxzdMvyMkHuNowggmF5lhEeoHaWyFEIcqz0HqYgX9hRGG6fJHHJDeuqY2DZzkMFK5lXdq830OGjj5x2saXsr3OlkQRqhBSGhxG8UUKpcbzUIRCc14PBKwtK58SIzfKg9C2dH1Ndip\/iMgaZp1dLSjMgGMxpFjTnm18D2DnhMbRC3SF0n9NQv1yxds\/5\/VLS7vlRw085hWdBDcF5JsrSqCb7FrIGqCAJ6aEeEk2C5NCIEHLGpE\/8Mrk0r3V+oyUCi5EUJoj7yFrgbAI\/RLP2DX5PzYPxVTVcCPNWxwAsonFHo2UzqB9GByR9XsVOyiNMiXSmCP1h7RNHRBTW+W+GEKnZsHlit\/daPgCMDsn+uRJkfq08o0Wc8dtlQdBvGaiOyAz5kxn9XlLa2XMJVdY5fa0fvmKEA8kLRIsUWffWkNMWjlbFbe4\/4K6v5\/2vl6j4PIKwrTE3NX480XOutB0tHFeaBywMhTUrJM8\/2LEUuohxcw8ZJUMhyz8KLelYrkfR4ZEmPHlrlks1U+ptnZRctCqp6xS15oIDC2K9IvH6W4XVPXW5E6wTMgi2mDpZEkWMsRcntggQXrcuBYU6Zv2UWEKNUfFTBgz1KVhJpmpS4Xtc7F4NEQ2NoEIYQl+RaDfoFKprDp3shiANgPwfFEVHOLO72rKzBM1JtbcQAk2OwIiNamkunnJ\/nJitxlIW52Xeo0s2OwSYNPFF5zyhBUq5ylZcmxfa6MxT8JqgkvJT6UrrMDYFURtuX0ryQCk\/XPnIFL82IABneSi4Hs5V82gBRFJuY536RKXy0Y+Fmmlg3ORBkeur7nF4WNLwf4uKdeZDa4zi4F5ERbAlPepeCgnqktYXzIIcX+zttEmBzBP8oQgxfobusz6BiWXRPhFCorFz9af2XffpBUFzon7jFEaUHMZEWx2T\/G0b6rOVrMUsciysio8OUm3qepoHWfs017iLVwdUjBzLV8bfsI876uYCB7FOOWmpFjtlfEcfFvovuxYQo3c2P2+FTRFibJG3fxpLnuZL+xZ9WuB0sUCqoGe0Nj8mWgJjvIMlZr4UBHPVa9FuCSvw43Jx3Z4zkFEFLwlnXF7XomFdjjzfNyGEva90KOeWy3V0Xm36xhL9ZfJd7024bmBrSU07\/OIwQL4RM2pylqUn8vtXHdDenj0RW6L9cUJF5+gefDnLwPN\/LkqvDQ9XoQLkYPyIOrW3yOipSRZ6qssVteVhp7yz6wIlf+om4vamOC+pjDHdk54a1\/tUFkk6iLfsqzmXEDMc9twzy8aI6ruHx9Y75G06eKdfUoetoe+oo6I+bKN+bF3ODBFJJL3VoG2yoSGLlcmnzauulsMAmGP4trS\/oNUS7VcK8uv8Q4iCrkL2Z7LQ3A3kywkt3RVfSW0P5p96Zzps"} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434650828,"flow_dst_last_pkt_time":1598620434610128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2888,"flow_dst_tot_l4_payload_len":5904,"midstream":0,"thread_ts_usec":1598620434650828,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1598620434650828} +01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434650828,"flow_dst_last_pkt_time":1598620434610128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2888,"flow_dst_tot_l4_payload_len":5904,"midstream":0,"thread_ts_usec":1598620434650828,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1598620434650828} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655556 bytes -~~ total memory freed........: 8655556 bytes -~~ total allocations/frees...: 140567/140567 +~~ total memory allocated....: 9419981 bytes +~~ total memory freed........: 9419981 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 590 chars ~~ json message max len.......: 2354 chars diff --git a/test/results/default/quickplay.pcap.out b/test/results/default/quickplay.pcap.out index f696b782d..cbc64ac80 100644 --- a/test/results/default/quickplay.pcap.out +++ b/test/results/default/quickplay.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1429000030398627} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1429000030398627} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_usec":1429000030398627,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api-singtelhawk.quickplay.com","domainame":"api-singtelhawk.quickplay.com","http": {"url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} @@ -21,8 +21,9 @@ 01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000037314978,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037314978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000037314978,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","http": {"url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037600378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000037600378,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037600378,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":241,"pkt_l4_len":205,"thread_ts_usec":1429000037600378,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOEBz0AAPwbyFAo2qfp4HBrngf0AUJlyzTdc8IHSUBgAc3meAABHRVQgL2dlbmVyYXRlXzIwNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogY2xpZW50czMuZ29vZ2xlLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037600378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000037600378,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"clients3.google.com","domainame":"clients3.google.com","http": {"url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037600378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000037600378,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients3.google.com","domainame":"clients3.google.com","http": {"url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":137,"pkt_l4_len":101,"thread_ts_usec":1429000037659613,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHlLmEAArQY6l3gcGucKNqn6AFCB\/VzwgdKZcs3wUBgIIqKRAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNClNlcnZlcjogR0ZFLzIuMA0KDQo="} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":81,"midstream":1,"thread_ts_usec":1429000037659613,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients3.google.com","domainame":"clients3.google.com","http": {"url":"clients3.google.com\/generate_204","code":204,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037771704,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_usec":1429000037771704,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUMgAkAArQYAVK38ShYKNqn6AFDMQGR3Qx6qvJUxUBj\/\/2USAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogSENQcUMxYW5HZGxXZUVqMEIwU3F1MHVIQzU2N3BTRzJERlZvSXdHYmRXNFovN1dydjVhM0ZQZEY5V1FIMDUrNFREZVFXV3FiZjA4djA4c1RURE81VWc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1429000039509711,"flow_dst_last_pkt_time":1429000030498602,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":365,"pkt_l4_len":329,"thread_ts_usec":1429000039509711,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAV1DA0AAPwaoIgo2qfp4HCMpxewAUEHDig\/6xw2tUBgAhzcPAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3ZpZXMvNjI0MT9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1429000039509711,"flow_dst_last_pkt_time":1429000039635657,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":1247,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1247,"pkt_l4_len":1211,"thread_ts_usec":1429000039635657,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBM+mvEAArQbS2ngcIykKNqn6AFDF7PrHEyVBw4tEUBgIQyc3AAA5k4rFlCrdYwiPuAJFEwekM3yc3Alim1hlFe+JRrhWUADufFTMN+B+kLv5aTZpkyHGdP\/zFU0RvT+gG0C1SrWa3UWawiXwn2e00tLPa8mrdG+FO\/\/z0fnlJHLKaeikDi8\/ebychARtzR9Dq5yPrfJTcLXMgoNO28C4jih+EkhgI2HKrDNRQPZ4yDlRo\/tVXmWzciad4XBqhnKi7V8PpU0JFTdC32zM6Unu3nCUCj0q6celK7M7IyNE38hkEzdZ5FO0wm02iy+wgfafM\/T1PFSa++tGR0oQnC79Rk0s3HL9ckcTxUOqMcLv2y+kZLVeq51WjusV+skCxX8jaRYpqlE9aVQqp89QfIbKw4dSIUcSv97324t8vMVJyekjuSWUjqu1dRq+GPFYuVuz7B6rlcpBbn+ZCbfpo\/SyE2sjxxWU2fWU9do+alsuaQ59H\/rPs+n78ElT+PtQX6su78MkW7Heh0OSqB7z1Ds5YpX7ktT3PiySdLrKpv8nhwtpBFXvIi7rPed2Da8MXtdrR5o6rxfkiA1l49LEuejj4SFKMeZNs2+RpdA6Tfh8evCfWHrTSKF1RHeVItLfv1mBNswT56sTeyjZ6nxFbab9Akq+AkBVD+3hD44Law7nfBjUKo165egoQkcCBQ9RpBr7lRr+HV6BwuBCjtFcqEH79mu\/eXl9+3WwOjDodpr93+86g87Xy5vr3tWgNqgMbvp3\/UHt6OzkeBTZwcnpUb16Vjv49K1zuTc5P2vXm83WxUnnon7SaB53W0j9rUa7c1qvthonrcrZUbNVP2p0O2fd01qj1bjoAFavXDRbx51mrVrdzk+RQYcN1y4LUO04Vw6oLfrBnYcClJ3jaQvK36GdC5OR5m6\/epQ7SG0dquwTolZZI4yROB1ZuyoZjNYLbg6TlpujRr7aTKVv1+g8q+pZTEqndlCtn9RPj44bnbNcB1As02hdnLw0GXttEiYD+ZksSoZTm3\/5WFIw4kZORR8NJpn2MLvwW\/bd4Dwx4V66dO2fU4Oxl3POea2yl7wGnP9SO01n+F\/XxvFff6md7aUDNAHRXdFaJsSyKQfdCBhgQmhi6pXD2CWJ4D4NwUdoaYQxza2puHyb2D5x7PRy8BzsoZ136evUi9oVChMi77nnrXdOjALMbtzbGpPwS+9QT0PGBsBufC+0F9NjH3\/xESxlXozaUQIarIp4b9jfjeslqPcm6IMKOiZ6K9iAeRvmdhvuL4F2Y3+llcL0qdfnnSz7Isyu3DF3F3UtGwG78b1GVosotYVFjVkxajcJPlMxwzypiq4agZDnNuJ2EwETmcOM3DTO9uhJqCgCV1hGYEi0Eb+jRLGlB8AiOTYiduN8JzgN0\/3vBbxXGPYiaEf2OuCYKouYb0Tsxrnnya7scqRzWxSJgO13JdsM3E2K13wv8da8v3NDT7odermlN8ygOCms4Oxn+N2Esp4cydFP3fIT2AYZNowQaWP41l+svLVtxqZawLX1bsXq31FRO\/iJRzwU9u1vqBsXJcQ+H3OlX3LDblynhWX5M0YV\/orGNxNxHzJLq2+NR1q75VfYDx8e\/gcAAP\/\/AgwAv12nFNYeAAA="} @@ -79,7 +80,7 @@ 01526{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000110528479,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkminorshort.weixin.qq.com","domainame":"hkminorshort.weixin.qq.com","http": {"url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"thread_ts_usec":1429000117728278,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com","domainame":"api.account.xiaomi.com","http": {"url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)","request_content_type":"application\/x-www-form-urlencoded"}}} +01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com","domainame":"api.account.xiaomi.com","http": {"url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)","request_content_type":"application\/x-www-form-urlencoded"}}} 01583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":831,"pkt_l4_len":795,"thread_ts_usec":1429000118045538,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAy+57kAArQaZmTazjEEKNqn6AFDcPeCiut6WGFOiUBgIJVI5AABIVFRQLzEuMSAyMDAgT0sNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpEYXRlOiBUdWUsIDE0IEFwciAyMDE1IDA4OjI4OjM3IEdNVA0KU2VydmVyOiBUZW5naW5lLzIuMC4xDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDU1Ng0KDQofiwgAAAAAAAADBMHXokMwAADQD+pDVCuuR7VCzdrerESNxijK199zgLVnYggNE5ULioIZGP6CKSQ+J1Ue9LQPP\/PeL9xYw3Gkgs8aCeFd\/zZqCdqbSs4SDagv3Q8gbXJOLHNZZfmdTsJ6vPDYpe+\/rdailf+Vy4WCt5JCSfPLvLm\/VjBPjj45GMX6eUks60t+xxt21vhZm+cZaqa7DoZ7yob2ejBdIHAVjR1TTdJhFubG5KBya8nY0zzMWLsuzvCvt9glIynGQHg+BLRZzPC8ZTGPUyOvUh05tiZ\/balrrwKQt2cEeJstEBP0D5BLZnKvY160w+\/OrxB+sjFauMt5dnHUcI3t7SoTqChgxCrhMkNhG6YVl2LK8pgjuYhqcDRox+KgQzOA\/hLmGzg3uirtssbFIVC5Aro3ACcGCwISGwb1VxWHonPvyWHNDlG81Bqq3QQetunNZnl6oz4rq\/ZHNPTVG61wMgLdvvo4GWhjgZ\/bnblrSFNGd7Mdr5MexXVx6SfeJVyvwBelPETxWHKKoRDa8ZjUvT0cEJOB7G\/G7e4ZZ\/83OAc7CIIAAEA\/iIulwzriBqhJkUE6bpVlTg1QY+rX1\/uCF5JNOyMtykH7DdhqEwaXY8s7mPz38wS8mngvjnR+4AS+bZOCqFuqMeaMn6SzJIMOPFhSp7GcsxUbtqiwMa7\/yvtnpf2t24H4WaAC+sVExSgCQaWyVTSeVY6vezz8ABeIl3WAAgAA"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000153937720,"flow_src_last_pkt_time":1429000153937720,"flow_dst_last_pkt_time":1429000153937720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000153937720,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1429000153937720,"flow_dst_last_pkt_time":1429000153937720,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000153937720,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeag6kAAPwZJswo2qfp4HCMoyzEAUC00WpDdwOXGUBgBycCpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} @@ -128,15 +129,15 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1429000375190710,"flow_src_last_pkt_time":1429000385363074,"flow_dst_last_pkt_time":1429000385174414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1784,"flow_dst_tot_l4_payload_len":2108,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 01286{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com"}} 01286{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com"}} -01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":775,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":775,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com"}} +01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":775,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":775,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000031075232,"flow_src_last_pkt_time":1429000031075232,"flow_dst_last_pkt_time":1429000031382971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":53,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":81,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"clients3.google.com"}} +01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":81,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients3.google.com"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000050062079,"flow_src_last_pkt_time":1429000051366980,"flow_dst_last_pkt_time":1429000052145575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":540,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":89,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000041481085,"flow_src_last_pkt_time":1429000041481085,"flow_dst_last_pkt_time":1429000041819556,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":181,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000031698279,"flow_src_last_pkt_time":1429000031698279,"flow_dst_last_pkt_time":1429000032158423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037314978,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037771704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000048159796,"flow_src_last_pkt_time":1429000048647467,"flow_dst_last_pkt_time":1429000048795905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":487,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":487,"flow_dst_max_l4_payload_len":1169,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":1169,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":155,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":139,"global_ts_usec":1429000385363074} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":155,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":140,"global_ts_usec":1429000385363074} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 155/155 ~~ skipped flows.............: 0 @@ -145,9 +146,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8716164 bytes -~~ total memory freed........: 8716164 bytes -~~ total allocations/frees...: 141150/141150 +~~ total memory allocated....: 9481229 bytes +~~ total memory freed........: 9481229 bytes +~~ total allocations/frees...: 155117/155117 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 2445 chars diff --git a/test/results/default/radius_false_positive.pcapng.out b/test/results/default/radius_false_positive.pcapng.out index 8f1895cac..7a61da033 100644 --- a/test/results/default/radius_false_positive.pcapng.out +++ b/test/results/default/radius_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638897892722857} +00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638897892722857} 00834{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897892722857,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_usec":1638897892722857,"pkt":"AAAAAAAAAAUAHNVSht1ohf3HBNYRNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQTW\/+II9QTO5\/6moMoBfKc4frxprVfBsxdaQAED2QEABgCgAQJbUkVKAAcAAABTVEsAOAAAAFNOTwBsAAAAUFJPRmwBAABTQ0ZH8wEAAFJSRUr3AQAAU1RUTP8BAABDUlT\/GwIAADVoRFFcZEfiQgn1oXI2ORzyXhwGYKf\/Flu1\/kK\/l4UH4q9DCId2Xb2zn9efGujSc\/F0aNOeHZb6KAjEeRC9dXjLQIA3XVxkxqhCJrs95QV3gGPSLgjsQQ873Rxpmhq\/VDe1SdA9fAVAXfMUX1s0Z5mAWpV6sSbDkPHYULs7X0KVe+fR2Ai5noT8neP+HJa14zskJKzRF7WTWAfIPB94k7XcyneleZDZy\/LsPNPpKzumkgJT693IGvFFGpwQ7o47hVb2V37u8BaJMyzZuDr4CIc8F1YA1joFN7OPyOLc3a+gm+fEb18FG1gS\/ZrcntqavJ3HLz5Vi8zFgzSja7rxlz5ZT0Fgr\/\/hUJDycGNBHRHMai1MLz1CKo55ez2Vq+oMFJFtHL8m7Yk0AZ6oTphvz\/47C32mJ\/BonrdxqQzXuP2SrkxlJp8ughvQJBkM+kPiZ+nnveyN+ypLny4LxyWPno4oScYJJSbW2FdJTZlTQ0ZHBgAAAEFFQUQIAAAAU0NJRBgAAABQVUJTOwAAAEtFWFM\/AAAAT0JJVEcAAABFWFBZTwAAAEFFU0dDQzIwYXTY6XlRVYYUrxtElpX4jCAAAK5TCWYobSWz756zKFc0+OhHde7JrmIR8db7Z6FsadZoQzI1NVZwm2DcDowaV9aKYgAAAAANAAAAcj3bAAAAAAAC1l9bpELMSn4CHk1io2ZOe6cCwpjjNUiKNMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01021{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897892722857,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} @@ -8,7 +8,7 @@ 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638897892752869,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892752869,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDlccwABGVF2QcnpzsvNwXHhnVYuvotOEZAFZyRstLhm5Vh8Y\/qjK+eAOivL9FfakfqselPfzU8unBIuLM1Gkl3hUCkDyi+vg32wZhmWtIpghdDZrkT8mPeJhzpBInbvmZgkVuAprrK41CoxKKjDlIkF+W84hfikpn3qkgLCEYuKToKkyTwbJLdd0NDQonRVcTPtbDVskjblaU5087vFl1B3+DiXjvx4mrrxoJ1o2m4QK+5Itx4XXf\/cDDYpVAKVU4JUhg7EBvC5CSSa69pj7lgUC+G\/vuoC9GDJzbBnxQBog=="} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638897892775793,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892775793,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDluwgABfL8+5jX9fJKzrGkYq50E3Kkrx2byhv\/1lxrsSEANv3rwV8oSZP1Kf9LnwvyulYNqHc0eA8kixsVINh0AEVVU7DdtZDWH0NB+uRHdIIMWflJVbH+jmh9USiXpEGMxWJMIsMKuWOo1oHx\/4WcMYLRLNqhlbRCt1SlzydohkUP0dPUhy0JEmQ2dcM9ySIjkPYCfM2x3oISOX1bfEnNb7p3pKZ5PyZPkuqec+dbYP0kRWjDfMgN9cmqV8B57rWtYeFeQ7inL7drCI8NtuFQhaY3EFIVsYr2d9Va2PyzOQ=="} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1638897893066501} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1638897893066501} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645165 bytes -~~ total memory freed........: 8645165 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9409506 bytes +~~ total memory freed........: 9409506 bytes +~~ total allocations/frees...: 154509/154509 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 2231 chars diff --git a/test/results/default/radmin3.pcapng.out b/test/results/default/radmin3.pcapng.out index 0ac17c211..7f5646877 100644 --- a/test/results/default/radmin3.pcapng.out +++ b/test/results/default/radmin3.pcapng.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1706118225579475} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1706118225579475} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706118225579475,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706118225579475,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49736,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1706118225579475,"pkt":"CAAnXtCJCAAniDE8CABFAAA01stAAIAGAADAqFjQwKhYxcJIEyOILII4AAAAAIAC+vAzDQAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1706118225579656,"pkt":"CAAniDE8CAAnXtCJCABFAAA0z0hAAIAG+JTAqFjFwKhY0BMjwkhWkmpFiCyCOYAS\/\/+bcAAAAgQFtAEDAwgBAQQC"} @@ -16,7 +16,7 @@ 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1706118232219766,"flow_src_last_pkt_time":1706118232220056,"flow_dst_last_pkt_time":1706118232622772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":14,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":14,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49739,"dst_port":4899,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1706118225579475,"flow_src_last_pkt_time":1706118226345962,"flow_dst_last_pkt_time":1706118226346137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49736,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1706118232219766,"flow_src_last_pkt_time":1706118232220056,"flow_dst_last_pkt_time":1706118232622772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":14,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":14,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49739,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":84,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1706118232622772} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":84,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1706118232622772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8651887 bytes -~~ total memory freed........: 8651887 bytes -~~ total allocations/frees...: 140565/140565 +~~ total memory allocated....: 9416293 bytes +~~ total memory freed........: 9416293 bytes +~~ total allocations/frees...: 154531/154531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 1110 chars diff --git a/test/results/default/raft.pcap.out b/test/results/default/raft.pcap.out index cf9decad1..d30d206f4 100644 --- a/test/results/default/raft.pcap.out +++ b/test/results/default/raft.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705997809280892} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705997809280892} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705997809280892,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997809280892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46286,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705997809280892,"pkt":"AAAAAAAAAAAAAAAACABFAAA0zl5AAGYGSGN\/AAABfwAAAbTOIypHoKR3AAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280904,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705997809280904,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAGYGFsJ\/AAABfwAAASMqtM6Kl47pR6CkeIAS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -18,7 +18,7 @@ 02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809281323,"flow_src_last_pkt_time":1705997810410479,"flow_dst_last_pkt_time":1705997810388511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":38488,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":72140.1,"max":137171,"stddev":57048.4,"var":3254516224.0,"ent":4.3,"data": [20,29,20,35,15,13,6003,6005,206,208,119086,119085,125076,125088,137171,137161,116381,116396,102323,102307,21955,21953,125134,125135,125120,125120,125280,125280,103357,103382,22000]},"pktlen": {"min":40,"avg":62.5,"max":88,"stddev":22.7,"var":516.8,"ent":4.9,"data": [52,52,40,80,40,80,40,80,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88]},"bins": {"c_to_s": [2,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.268320084,4.514606476,4.391446590,3.897243023,4.391446590,3.032760382,4.391446590,2.986443520,4.341446877,2.850570679,4.341446400,2.873297930,4.391446590,2.850570679,4.391446590,2.791660070,4.341446400,2.768932819,4.391446590,2.791660070,4.322574615,2.791660070,4.391446590,2.791660070,4.391446590,2.768932819,4.391446590,2.791660070,4.341446877,2.791660070,4.341446877,2.760354519]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809281323,"flow_src_last_pkt_time":1705997810410479,"flow_dst_last_pkt_time":1705997810388511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":38488,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809280892,"flow_src_last_pkt_time":1705997810407653,"flow_dst_last_pkt_time":1705997810388430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46286,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":64,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1705997810410479} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":64,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1705997810410479} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 64/64 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653224 bytes -~~ total memory freed........: 8653224 bytes -~~ total allocations/frees...: 140610/140610 +~~ total memory allocated....: 9417630 bytes +~~ total memory freed........: 9417630 bytes +~~ total allocations/frees...: 154576/154576 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2174 chars diff --git a/test/results/default/raknet.pcap.out b/test/results/default/raknet.pcap.out index d48b3aff0..eb32892b3 100644 --- a/test/results/default/raknet.pcap.out +++ b/test/results/default/raknet.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946711624286000} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946711624286000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946711624286000,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624286000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946711624286000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624286000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946711624286000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUl7RAAD8RIvLAqAJklJkjza3V6n4FwDU+BQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624328000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946711624328000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4I79AADcRpIOUmSPNwKgCZOp+rdUAJGm+BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUiIAAF1A=="} @@ -15,7 +15,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":946711673464000,"flow_dst_last_pkt_time":946711673481000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":946711673481000,"pkt":"YDjgxTWgeJS0JASgCABFAAA\/cD5AADcRV\/2UmSPNwKgCZOp87REAK0g4CAD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUd9gSlRXt67RECQAA="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946711673484000,"flow_dst_last_pkt_time":946711673481000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946711673484000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sVJAAD8RDvDAqAJklJkjze0R6nwAJOBohAAAAEAAkAAAAAkAAAAASQ8CfAAAAAAAAO7jAA=="} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946711624286000,"flow_src_last_pkt_time":946711624422000,"flow_dst_last_pkt_time":946711624425000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":1703,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":946711673573000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946713048252000} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946713048252000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713048252000,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048252000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713048252000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048252000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946713048252000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUUWdAAD8RaT\/AqAJklJkjzYC36nUFwGJlBQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048272000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946713048272000,"pkt":"YDjgxTWgeJS0JASgCABFAAA45d9AADgR4WKUmSPNwKgCZOp1gLcAJA72BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgURqAAF1A=="} @@ -92,7 +92,7 @@ 01033{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713304628000,"flow_src_last_pkt_time":946713304628000,"flow_dst_last_pkt_time":946713304628000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":110,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":110,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713304628000,"flow_src_last_pkt_time":946713304628000,"flow_dst_last_pkt_time":946713304628000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":110,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":110,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":946713124625000,"flow_src_last_pkt_time":946713244627000,"flow_dst_last_pkt_time":946713124625000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":66,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":19,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":946713304628000} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":66,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":19,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":946713304628000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/66 ~~ skipped flows.............: 0 @@ -101,9 +101,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673468 bytes -~~ total memory freed........: 8673468 bytes -~~ total allocations/frees...: 140717/140717 +~~ total memory allocated....: 9438194 bytes +~~ total memory freed........: 9438194 bytes +~~ total allocations/frees...: 154683/154683 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2473 chars diff --git a/test/results/default/rdp.pcap.out b/test/results/default/rdp.pcap.out index 4d871b74e..9d4740035 100644 --- a/test/results/default/rdp.pcap.out +++ b/test/results/default/rdp.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559207465138576} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559207465138576} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465138576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465138576,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465138576,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1559207465138576,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1559207465180991,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="} @@ -8,7 +8,7 @@ 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465181421,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465227138,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"thread_ts_usec":1559207465227138,"pkt":"AgAAAEUAADtflUAAfwYqKMCoAo6sEAK5DT3NDkeav735vOJsUBj57ULVAAADAAATDtAAABI0AAIfCAAIAAAA"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":7,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465466244,"flow_dst_last_pkt_time":1559207465509666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":1179,"flow_src_tot_l4_payload_len":1081,"flow_dst_tot_l4_payload_len":1661,"midstream":0,"thread_ts_usec":1559207465509666,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1559207465509666} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1559207465509666} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645430 bytes -~~ total memory freed........: 8645430 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9409804 bytes +~~ total memory freed........: 9409804 bytes +~~ total allocations/frees...: 154520/154520 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 512 chars ~~ json message max len.......: 1105 chars diff --git a/test/results/default/rdp2.pcap.out b/test/results/default/rdp2.pcap.out index 1cbd46198..7e2eb5b24 100644 --- a/test/results/default/rdp2.pcap.out +++ b/test/results/default/rdp2.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1622724948504706} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1622724948504706} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622724948504706,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948504706,"pkt":"UlQATzIvUlQAsDb7CABFAATsljsAAIARKb3AqHq1wKh6AtXnDT0E2Hry\/\/\/\/\/wBAGAG7\/1aHBNAE0KaQQMHfeUi3j6CMTWNjAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948618376,"pkt":"UlQAsDb7UlQATzIvCABFAATsY5IAAIARXGbAqHoCwKh6tQ091ecE2Hryu\/9WhwBAEAVNZ3lmBNAE0AABAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} @@ -7,7 +7,7 @@ 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1622724949145111,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"thread_ts_usec":1622724949145111,"pkt":"UlQATzIvUlQAsDb7CABFAACtljwAAIARLfvAqHq1wKh6AtXnDT0AmXazABTBAfQBZOBkAAEAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} 01854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1622724949145292,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1622724949145292,"pkt":"UlQATzIvUlQAsDb7CABFAAQLlj0AAIARKpzAqHq1wKh6AtXnDT0D93oRABTAZABlAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_usec":1622724950156874,"pkt":"UlQATzIvUlQAsDb7CABFAACqlj4AAIARLfzAqHq1wKh6AtXnDT0AlnawARTAZgBmAOAAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643703419087056} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643703419087056} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703419087056,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00981{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1643703419087056,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQABbs46AAB9ETIeCgglZApkAlfJxA09AVquCxCXYDMEAAAMAAEAAOZfhG3mX4RtFgMDAQYQAAECAQCjjsoVyw+wo5FaSAnrLg7K010lQhKSScz0HLEo3RbZDQpHIM8DOug1fzIMKYQ2jr1qowGGVp24rW1cdiGjDHjQOV6PWcwrK5xD0WVcizKFPsYpQTtmVwnbnunVKrb34miQP6S1q3usJoH3aAZyOYvZbk4IHBINWfdUFriPIrr\/SRiWhs0LUsB7qGIfahccFklYvuNjsKIrrqlpK9h8xbck3KFIyOS\/BaBtH43KUJPeIPtNHkAhuKAAgbpPg2MKYItrXno+cMr2LGEd0ULgohWYbDXUDjsQaQwA4c0J9bC\/KQhXBR8FkPLIAN0p1hYzlzPs9uypXcQ2aPmSQzdk3iOuFAMDAAEBFgMDACgAAAAAAAAAAJIpZ7YKWBdulQDNq0fLThVvneR0HNcHCdIdQMDnwqsj"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419092080,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzWuAAB\/Ecm1CmQCVwoIJWQNPcnEAE8+OeZfhG0AyAAMAAEBABCXYDQQl2A0FAMDAAEBFgMDACgAAAAAAAAAAPQpDcwTGHQPEV9SAgzXooQGKEmtXTjZ+jovK+hcCckC"} @@ -16,7 +16,7 @@ 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1643703419098831,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419308184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419308184,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzXBAAB\/EcmiCmQCVwoIJWQNPcnEAE+UuOZfhG4AyAAMAAECABCXYDYQl2A2FwMDAC4AAAAAAAAAAtZqt5fQ0\/FIQe3F9rNB1YJWn0rvMRZkJ5CRsPpUxN\/e+geUeRF5"} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724950268127,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":142,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2526,"flow_dst_tot_l4_payload_len":2250,"midstream":0,"thread_ts_usec":1643703419813768,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1645516407326363} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1645516407326363} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645516407326363,"vlan_id":1108,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02178{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407326363,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7GmRAAB+EbsVCjK10goySSTrww09BNi18v\/\/\/\/8AQBoBn9Z1KwTQBNBytTuEe0pHXbarayMEAgAAAAAAAAAAAAAAAAAAAAAAAAABAAJxu76IlD5YIdOR5pAOInyh18cxrcRBftGPwdGegtbSDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02176{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407357265,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7Gh0AAB\/EbsyCjJJJAoytdINPevDBNiXc5\/WdSsAQBAFx21cFwTQBNAAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -26,7 +26,7 @@ 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407447477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1645516407447477,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAbGh2AAB\/Eb+wCjJJJAoytdINPevDAFgPqJ\/WdSwAyAAMAAEATMdtXBjHbVwYFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/ICkHUCOZ3SBJZt72VIcV8EqRaEuGxgoLTFfRn5x3ANZP"} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419813768,"flow_dst_last_pkt_time":1643703419812713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":902,"midstream":0,"thread_ts_usec":1645516407454743,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407450379,"flow_dst_last_pkt_time":1645516407454743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1723,"flow_dst_tot_l4_payload_len":1328,"midstream":0,"thread_ts_usec":1645516407454743,"vlan_id":1108,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1645516407454743} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1645516407454743} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650860 bytes -~~ total memory freed........: 8650860 bytes -~~ total allocations/frees...: 140596/140596 +~~ total memory allocated....: 9415298 bytes +~~ total memory freed........: 9415298 bytes +~~ total allocations/frees...: 154562/154562 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 2183 chars diff --git a/test/results/default/rdp3.pcap.out b/test/results/default/rdp3.pcap.out index 0d7ef7598..7891c3415 100644 --- a/test/results/default/rdp3.pcap.out +++ b/test/results/default/rdp3.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1138119414226584} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1138119414226584} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414226584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1138119414226584,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414226584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1138119414226584,"pkt":"AABeAAEPABI\/YyDTCABFAAAwYyVAAIAGdLoKlgkVCp0EoQaVDT0VSOJYAAAAAHAC\/\/9UxAAAAgQFtAEBBAI="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414283512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1138119414283512,"pkt":"ABI\/YyDTAAWFpSfwCABFAAAwEwgAAHsGCdgKnQShCpYJFQ09BpVuMr5rFUjiWXASQADoKAAAAgQFoAEBBAI="} @@ -8,7 +8,7 @@ 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414284882,"flow_dst_last_pkt_time":1138119414283512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1138119414284882,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1138119414284882,"flow_dst_last_pkt_time":1138119414319556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1138119414319556,"pkt":"ABI\/YyDTAAWFpSfwCABFAAAzEwlAAHsGydMKnQShCpYJFQ09BpVuMr5sFUjigFAY\/9g4twAAAwAACwbQAAASNAA="} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414897306,"flow_dst_last_pkt_time":1138119414854817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":519,"flow_dst_max_l4_payload_len":386,"flow_src_tot_l4_payload_len":1629,"flow_dst_tot_l4_payload_len":862,"midstream":0,"thread_ts_usec":1138119414897306,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2491,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1138119414897306} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2491,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1138119414897306} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645719 bytes -~~ total memory freed........: 8645719 bytes -~~ total allocations/frees...: 140564/140564 +~~ total memory allocated....: 9410093 bytes +~~ total memory freed........: 9410093 bytes +~~ total allocations/frees...: 154530/154530 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1102 chars diff --git a/test/results/default/rdp_over_tls.pcap.out b/test/results/default/rdp_over_tls.pcap.out index 8e173c1ec..e1733b12c 100644 --- a/test/results/default/rdp_over_tls.pcap.out +++ b/test/results/default/rdp_over_tls.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1729281221506087} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1729281221506087} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729281221506087,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1729281221506087,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAANBgFQABwBjmQW+61FVkfTwyMMA099+lCngAAAACAwiAAwSsAAAIEBbQBAwMIAQEEAg=="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1729281221506377,"pkt":"ICAAAACqLOp\/QeD9gQAgTQgARQIANARRQACABj1CWR9PDFvutRUNPYwwOv6XXPfpQp+AUvoAFUcAAAIEBbQBAwMAAQEEAg=="} @@ -10,7 +10,7 @@ 01499{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221577979,"flow_dst_last_pkt_time":1729281221544114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":19,"midstream":0,"thread_ts_usec":1729281221577979,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i280600_bbd4f008d9b2_f28add8e7af0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221577979,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1729281221579370,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12i280600_bbd4f008d9b2_f28add8e7af0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=topsalon","subjectDN":"CN=topsalon","fingerprint":"A2:FF:78:9D:71:42:7A:00:97:9C:96:C2:E7:D1:C1:AD:A1:82:CC:2C","blocks":0}}} 01463{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281222755934,"flow_dst_last_pkt_time":1729281222722150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":638,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":1194,"flow_dst_tot_l4_payload_len":1518,"midstream":0,"thread_ts_usec":1729281222755934,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1729281222755934} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1729281222755934} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649603 bytes -~~ total memory freed........: 8649603 bytes -~~ total allocations/frees...: 140561/140561 +~~ total memory allocated....: 9413977 bytes +~~ total memory freed........: 9413977 bytes +~~ total allocations/frees...: 154527/154527 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 564 chars ~~ json message max len.......: 1785 chars diff --git a/test/results/default/reasm_crash_anon.pcapng.out b/test/results/default/reasm_crash_anon.pcapng.out index 02d9db8dd..fb4fabbfb 100644 --- a/test/results/default/reasm_crash_anon.pcapng.out +++ b/test/results/default/reasm_crash_anon.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1410865705717955} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1410865705717955} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865705717955,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1410865705717955,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1410865705717955,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1410865705717955,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1410865705717964,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1410865705717964,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} @@ -8,10 +8,10 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1410865705719495,"flow_dst_last_pkt_time":1410865705719465,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1410865705719495,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBjkAAQAbTlcCokZMK0QiUyBJV7zv7ZAzdkduQgBAhO1EYAAABAQgKPplWLTphWHY="} 02013{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865856222147,"flow_dst_last_pkt_time":1410865856222116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":3158,"midstream":1,"thread_ts_usec":1410865856222147,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":9709947.0,"max":30165638,"stddev":14064983.0,"var":197823744180224.0,"ent":3.3,"data": [9,1510,1527,4,1248,1237,4,30097711,30099473,1765,3,1246,1236,30097518,8,30099327,1814,1237,30097422,1775,4,30101686,1241,30097498,30165638,1254,69395,30031106,8,30032779,1670]},"pktlen": {"min":52,"avg":155.0,"max":777,"stddev":234.8,"var":55144.5,"ent":4.0,"data": [65,65,126,52,52,777,52,52,65,106,52,52,765,52,65,65,106,52,52,65,52,52,777,52,65,106,777,52,65,65,106,52]},"bins": {"c_to_s": [23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0],"entropies": [5.512839317,5.512839317,3.005599976,5.193430901,5.193430901,5.327538013,5.193430901,5.156889915,5.391298771,5.590394974,5.079966545,5.101990700,0.545940340,5.140451908,5.395370483,5.389761925,5.628829002,5.193430901,5.193430901,5.482069969,5.118428230,5.193430901,5.310135365,5.116507530,5.433681488,5.596330643,5.286610126,5.010550022,5.397304058,5.397304058,5.612702370,5.193430901]}} 01042{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865856222147,"flow_dst_last_pkt_time":1410865856222116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":3158,"midstream":1,"thread_ts_usec":1410865856222147,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5079,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1410866307727956} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6225,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1410866909737971} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5079,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1410866307727956} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6225,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1410866909737971} 01081{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":195,"flow_dst_packets_processed":14,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410867180785359,"flow_dst_last_pkt_time":1410866307731044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":5441,"midstream":1,"thread_ts_usec":1410867180785359,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":209,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6420,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1410867180785359} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":209,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6420,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1410867180785359} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/209 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652952 bytes -~~ total memory freed........: 8652952 bytes -~~ total allocations/frees...: 140743/140743 +~~ total memory allocated....: 9417326 bytes +~~ total memory freed........: 9417326 bytes +~~ total allocations/frees...: 154709/154709 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 2018 chars diff --git a/test/results/default/reasm_segv_anon.pcapng.out b/test/results/default/reasm_segv_anon.pcapng.out index f5a482772..730e3d941 100644 --- a/test/results/default/reasm_segv_anon.pcapng.out +++ b/test/results/default/reasm_segv_anon.pcapng.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} 00351{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828553466,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -41,7 +41,7 @@ 00353{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422837968976,"packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976} 00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422836808446,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":54,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422844222036,"flow_dst_last_pkt_time":1550422844224430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":72488,"midstream":0,"thread_ts_usec":1550422844224430,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":82,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1550422844224430} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":82,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1550422844224430} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 82/82 ~~ skipped flows.............: 0 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647220 bytes -~~ total memory freed........: 8647220 bytes -~~ total allocations/frees...: 140615/140615 +~~ total memory allocated....: 9411594 bytes +~~ total memory freed........: 9411594 bytes +~~ total allocations/frees...: 154581/154581 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 356 chars ~~ json message max len.......: 2505 chars diff --git a/test/results/default/reddit.pcap.out b/test/results/default/reddit.pcap.out index e743f1615..b86b016d2 100644 --- a/test/results/default/reddit.pcap.out +++ b/test/results/default/reddit.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605291684451133} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605291684451133} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684451133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684451133,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684451133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684451133,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684451247,"flow_dst_last_pkt_time":1605291684451247,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684451247,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -310,14 +310,15 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688371819,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688371834,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688371834,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688372055,"pkt":"qtsDr8lk5EKm5WPyht1gATUNAiUGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBgB+yzJAAABAQgKCLeWs8LXQaUWAwECAAEAAfwDA9hatQx\/QktbULCFc2FQNgXPGrp+qPvBQrE5NDlBZlE\/IMd+e8Lduh2\/OW58Rm5lIQBoGyh8j\/3MT9YMf0bL3Me3ACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUcnVsZXMucXVhbnRjb3VudC5jb20AFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKUpKAAEAAB0AIOhk20ZK7Hqhb4\/e3Kx4aK6U4Kcjb5InvqFomt\/cTww3AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAtraAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688372055,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","domainame":"rules.quantcount.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688372055,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","domainame":"rules.quantcount.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688397011,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688397011,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k29KV6g6gBALMC9uAAABAQgKwtdBun8mSzU="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408044,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxE2CKk+gBALMCKeAAABAQgKwtdBvn8mSzs="} 01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":915,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688408515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408515,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9SJtEBmgBALMNufAAABAQgKwtdByQi3lrM="} -01330{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":925,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688411963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688411963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","domainame":"rules.quantcount.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":925,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688411963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688411963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","domainame":"rules.quantcount.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":975,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688488430,"flow_dst_last_pkt_time":1605291688495517,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":4278,"midstream":0,"thread_ts_usec":1605291688495517,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10832.1,"max":42730,"stddev":14959.8,"var":223794400.0,"ent":3.6,"data": [41079,41100,165,31856,11033,42730,469,1,470,25,2812,1299,93,34223,10205,1,40205,536,1458,1,938,16571,1,3,16547,20,17,4417,310,12670,24540]},"pktlen": {"min":72,"avg":250.0,"max":1460,"stddev":362.6,"var":131502.0,"ent":4.0,"data": [80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72]},"bins": {"c_to_s": [11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1],"entropies": [4.857011318,5.329952717,5.273682594,4.540163040,5.139187336,7.843326092,5.273682594,7.862450600,6.539532185,5.273682594,5.273682594,6.134756088,6.541216850,7.446951866,5.166965008,7.636521339,5.100924969,5.273682594,5.932955742,5.111409664,5.777672768,5.263197899,7.737014294,5.703792095,5.962306976,5.301460266,5.329237938,5.329237938,6.057867527,5.878192425,7.107053280,5.166965008]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement"}} +01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688488430,"flow_dst_last_pkt_time":1605291688495517,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":4278,"midstream":0,"thread_ts_usec":1605291688495517,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688483940,"flow_dst_last_pkt_time":1605291688560007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":4488,"midstream":0,"thread_ts_usec":1605291688560007,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46567.4,"max":216552,"stddev":67587.7,"var":4568099328.0,"ent":3.6,"data": [29231,29299,228,29539,187299,216552,332,0,326,7,1815,188,30,70254,211900,6516,1,182884,58339,20162,41757,64,46,873,11694,10868,9898,6233,112514,128634,76106]},"pktlen": {"min":72,"avg":258.4,"max":1460,"stddev":353.4,"var":124913.6,"ent":4.1,"data": [80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338]},"bins": {"c_to_s": [9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1],"entropies": [4.822575092,5.245516300,5.245904922,4.574756145,5.111409664,6.787540913,5.218127251,7.353115559,7.586227894,5.162571907,5.190349579,6.362659931,6.273279667,7.149994850,7.138213634,5.083631992,5.055854321,5.055854321,6.419822216,5.083631992,6.981730461,5.245904922,5.900056362,5.218127251,5.636374950,5.857635021,5.190349579,5.083631992,5.083631992,7.496485710,5.175263882,7.287763596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688611238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688611238,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688611238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688611238,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z44AAAAAoAL9IIe6AAACBAWgBAIICvY2BR4AAAAAAQMDBw=="} @@ -415,14 +416,14 @@ 01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1289,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690449109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690449109,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690449141,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690449141,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690449801,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBgB+08XAAABAQgKXwTqpcLXSbcWAwECAAEAAfwDAxCE81jPge8Q+eqa2\/VX8jLyZJaHeUn1XbD4+8ZfZCrNIP1iGayHUC21LtXXhZv4JDAqZ2p5lGfiZ6mCAOAtx5YLACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAARQBDAABAOGE3NTVhM2ZlZjBiMTg5ZDhhYjViMGQxMDc1OGY2OGEuc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACOrqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp6uoAAQAAHQAg8Yk1cLvPAYaln8LnFtEe1h9mnh8DzZmOv04zXf8MiXgALQACAQEAKwALCmpqAwQDAwMCAwEAGwADAgACGhoAAQAAFQCcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01645{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690449801,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","domainame":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01389{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690449801,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","domainame":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1310,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690482348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482348,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx\/CbDtmcgBALMDKbAAABAQgKwtdJ3AKUPyQ="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1311,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690482349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482349,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUSc0w+JgBALMOG0AAABAQgKwtdJ318E6qU="} -01690{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690483975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690483975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","domainame":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01434{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690483975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690483975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","domainame":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690501383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1605291690501383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"aax-eu.amazon-adsystem.com","domainame":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01689{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690502241,"flow_dst_last_pkt_time":1605291690502750,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5440,"midstream":0,"thread_ts_usec":1605291690502750,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"aax-eu.amazon-adsystem.com","domainame":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B","blocks":0}}} 02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1364,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690511816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291690511816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7680.9,"max":45875,"stddev":12464.9,"var":155373568.0,"ent":3.4,"data": [18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526]},"pktlen": {"min":72,"avg":280.1,"max":1280,"stddev":371.7,"var":138197.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1],"entropies": [4.830388546,5.286173820,5.175123215,4.582562923,5.135614395,7.820514202,7.848834991,7.840905190,7.029392242,5.204868793,5.232646465,5.232646465,5.232646465,6.256432056,6.550828457,7.277585983,5.097352028,5.107836723,5.107836723,7.629249096,5.686814308,5.260424137,5.260424137,5.854413509,7.698106289,7.556940079,5.871694088,5.222162247,5.166606903,5.166606903,5.962721825,5.004921436]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement"}} -02451{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1383,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690527565,"flow_dst_last_pkt_time":1605291690527527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1054,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291690527565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6873.8,"max":34221,"stddev":11275.4,"var":127133528.0,"ent":3.4,"data": [28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22]},"pktlen": {"min":72,"avg":323.8,"max":1280,"stddev":408.2,"var":166632.7,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0],"entropies": [4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738]},"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement"}} +02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1383,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690527565,"flow_dst_last_pkt_time":1605291690527527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1054,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291690527565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6873.8,"max":34221,"stddev":11275.4,"var":127133528.0,"ent":3.4,"data": [28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22]},"pktlen": {"min":72,"avg":323.8,"max":1280,"stddev":408.2,"var":166632.7,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0],"entropies": [4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement"}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1397,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926655,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926655,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690926734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926734,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -519,11 +520,11 @@ 01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1835,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697033621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291697033621,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","domainame":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01735{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1841,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697033689,"flow_dst_last_pkt_time":1605291697034463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5484,"midstream":0,"thread_ts_usec":1605291697034463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","domainame":"d9.flashtalking.com","tls": {"version":"TLSv1.2","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3","blocks":0}}} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688896703,"flow_dst_last_pkt_time":1605291688963146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1029,"flow_dst_tot_l4_payload_len":9937,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688470730,"flow_dst_last_pkt_time":1605291688502649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":6261,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688470730,"flow_dst_last_pkt_time":1605291688502649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":6261,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":37,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291698436193,"flow_dst_last_pkt_time":1605291698440198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1474,"flow_dst_tot_l4_payload_len":17331,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687902854,"flow_dst_last_pkt_time":1605291687902833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1053,"flow_dst_tot_l4_payload_len":3947,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690520906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} -01368{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690530149,"flow_dst_last_pkt_time":1605291690571265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690530149,"flow_dst_last_pkt_time":1605291690571265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com"}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688585627,"flow_dst_last_pkt_time":1605291688585505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1673,"flow_dst_tot_l4_payload_len":13072,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687145529,"flow_dst_last_pkt_time":1605291687185325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":998,"flow_dst_tot_l4_payload_len":5014,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291688158853,"flow_dst_last_pkt_time":1605291688326694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":5643,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -543,7 +544,7 @@ 01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684592898,"flow_dst_last_pkt_time":1605291684592779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3497,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687640950,"flow_dst_last_pkt_time":1605291687641102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":7244,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687604676,"flow_dst_last_pkt_time":1605291687604665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":947,"flow_dst_tot_l4_payload_len":3489,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement"}} -01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":22,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688544035,"flow_dst_last_pkt_time":1605291688572828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1441,"flow_dst_tot_l4_payload_len":4595,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net"}} +01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":22,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688544035,"flow_dst_last_pkt_time":1605291688572828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1441,"flow_dst_tot_l4_payload_len":4595,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"Mismatching Protocol with server IP address","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net"}} 01020{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688453280,"flow_dst_last_pkt_time":1605291688453229,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291691033551,"flow_dst_last_pkt_time":1605291691043564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1291,"flow_dst_tot_l4_payload_len":10174,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291691043840,"flow_dst_last_pkt_time":1605291691043780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7975,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -579,7 +580,7 @@ 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688976798,"flow_dst_last_pkt_time":1605291689005094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":976,"flow_dst_tot_l4_payload_len":3675,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688883590,"flow_dst_last_pkt_time":1605291688927912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1007,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291688031097,"flow_dst_last_pkt_time":1605291688025071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":3824,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1942,"packets-processed":1942,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":546888,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":582,"global_ts_usec":1605291698602574} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1942,"packets-processed":1942,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":546888,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":85,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1605291698602574} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1942/1942 ~~ skipped flows.............: 0 @@ -588,10 +589,10 @@ ~~ total active/idle flows...: 60/60 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10151367 bytes -~~ total memory freed........: 10151367 bytes -~~ total allocations/frees...: 143744/143744 +~~ total memory allocated....: 10918119 bytes +~~ total memory freed........: 10918119 bytes +~~ total allocations/frees...: 157726/157726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars -~~ json message max len.......: 2456 chars -~~ json message avg len.......: 1509 chars +~~ json message max len.......: 2209 chars +~~ json message avg len.......: 1385 chars diff --git a/test/results/default/resp.pcap.out b/test/results/default/resp.pcap.out index a13e1b933..fba73b9fd 100644 --- a/test/results/default/resp.pcap.out +++ b/test/results/default/resp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702898943330035} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702898943330035} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943330035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702898943330035,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943330035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702898943330035,"pkt":"8C90rUP1aFRakVvWCABFAAA82P1AAEAGLqnAqFjdwKhY58qqGOuGnszoAAAAAKAC+vAzRAAAAgQFtAQCCAoubDTVAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943333135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702898943333135,"pkt":"aFRakVvW8C90rUP1CABFAAA8AABAAEAGB6fAqFjnwKhY3RjryqrbKb5Ohp7M6aASfHA16gAAAgQFtAQCCAr2ajg9Lmw01QEDAwc="} @@ -9,7 +9,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1702898943333759,"flow_dst_last_pkt_time":1702898943335142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1702898943335142,"pkt":"aFRakVvW8C90rUP1CABFAAA0AAVAAEAGB6rAqFjnwKhY3RjryqrbKb5Php7M+oAQAPngFgAAAQEICvZqOD8ubDTZ"} 02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898964665655,"flow_dst_last_pkt_time":1702898964668744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":20272,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":90193,"midstream":0,"thread_ts_usec":1702898964668744,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":1376591.2,"max":15069914,"stddev":3743897.5,"var":14016768376832.0,"ent":2.2,"data": [3100,3194,530,2007,1366,2825,76,62,1842,1818,38,30,46,26,1566,1613,57,43,730,714,27,27,56,44,3178194,3181407,3266,15066911,15069914,3076323,3076477]},"pktlen": {"min":52,"avg":2873.3,"max":20324,"stddev":5036.0,"var":25361708.0,"ent":3.2,"data": [60,60,52,69,52,7292,52,7292,52,10188,52,14532,52,4396,52,2948,52,20324,52,5844,52,5844,52,12041,52,66,59,52,52,52,94,57]},"bins": {"c_to_s": [16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1],"entropies": [4.792549133,5.312701702,5.078045845,5.327735424,5.053296566,4.681052208,5.026988029,4.653189182,4.962661266,4.634037495,5.154969215,4.594288826,5.154969215,4.638483524,5.169486046,4.692945957,5.207947731,4.656515121,5.116507530,4.706604004,5.169486046,4.658525944,5.078045845,4.651947498,5.169486046,5.347818375,5.210581779,5.207947731,5.246409416,5.053297043,5.398960114,5.159096241]},"ndpi": {"confidence": {"6":"DPI"},"proto":"RESP","proto_id":"182","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":17,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898971841005,"flow_dst_last_pkt_time":1702898971840965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":20272,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":90212,"midstream":0,"thread_ts_usec":1702898971841005,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RESP","proto_id":"182","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1702898971841005} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1702898971841005} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645969 bytes -~~ total memory freed........: 8645969 bytes -~~ total allocations/frees...: 140572/140572 +~~ total memory allocated....: 9410343 bytes +~~ total memory freed........: 9410343 bytes +~~ total allocations/frees...: 154538/154538 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2189 chars diff --git a/test/results/default/riot.pcapng.out b/test/results/default/riot.pcapng.out index 0b4577833..5982e3c23 100644 --- a/test/results/default/riot.pcapng.out +++ b/test/results/default/riot.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679740451287612} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679740451287612} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1400,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740451287612,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaetAANwGmP00KYeHwKgaFgG7ymlvVZVZdql7b1AQAG415gAAFgMDD+sLAA\/nAA\/kAAdYMIIHVDCCBjygAwIBAgIQD6KljRei+mqTVyEujADhITANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIyMDMyNDAwMDAwMFoXDTIzMDQyNDIzNTk1OVowgdAxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwc0MTU1ODQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxGTAXBgNVBAoTEFJpb3QgR2FtZXMsIEluYy4xGjAYBgNVBAMTEWVrZy5yaW90Z2FtZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus13vndQVpCZQ\/6PU8G+iDtU3rn+bD7d3d5AQ0WHga2RFZSUS4+6wZSACw1hvY9jxBAMKhZCGI2lsyH3XsGZcqmDGaQNAesHLuc6DvGlXCziBRbNOFBP05C\/on20exh8HLy3EJ\/LZMxR89Y3ZwTAOu691hgcmW6+p0X71KlNaQIO7fGLFtbN4DanvTd4uh5guifZZf9uVE7Y\/bar80NdArcGHl+U6zztdb3TJScjZRMR153rnT1qzYEjEUWDpFzWAVWCPkDLeueyPLhUoG8Wi4cDjpqnNqH4oHo2cbTeuoG+8\/gGed9TZeQgA9QE3N7f5bmLcS7A7+s47IsJ1RrFgQIDAQABo4IDgjCCA34wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFFeL4L3PsxfrUVsE8HMc96hHy9G1MDQGA1UdEQQtMCuCEWVrZy5yaW90Z2FtZXMuY29tghZ0ZXN0LmVrZy5yaW90Z2FtZXMuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDBKBgNVHSAEQzBBMAsGCWCGSAGG\/WwCATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABf70O7bsAAAQDAEYwRAIgZcAfjxYIGLSb7O8oj5RjpQ8KzltiTGJYuU6CKygHjkICIGg7XyVQ50yZJpsXatTr+CnOqs1Ofw9NfwN15OxsGC1WAHUANc8ZG7+xbFe\/D61MbULLu7Y="} 02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaexAANwGmPw0KYeHwKgaFgG7ymlvVZrRdql7b1AQAG4YEQAAJyAmUeo\/4SrvqAPDO9ZMAAABf70O7ewAAAQDAEYwRAIgbExkqx\/44d4BgvWQpdxRieBSelu86su7x8R8AGdR3CsCIDADQRj1HF0cGtcNaC1YS22cWe09BnL84k7bSvuslPfPAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF\/vQ7uDgAABAMARzBFAiEAsAO\/XUJkEUyCF1g0U+MQyf6ugkG6ZlpEvNTq+J8MobECIG4mIF3E1GfYS4up\/O+nPD3Fc6JMxp0dsgeIANHAro39MA0GCSqGSIb3DQEBCwUAA4IBAQBArYmu+AQtIEuKrCGgjIojRxWSY2o6aMd1q3E29BWJDeZO56UpuaUbOuK97nyjGup3Lr6fQa5e3qpL\/uejTwGkV4SeqDKMuM5D3q0MuOU0ekxfpXSxhGONh14TIDMQ1w0Z2\/HKDfIECyfBEfg5XhF7XcI3eKoTogXveVOzeFDgPja2UbS6HAh\/z7JYI+q3ymzgJIgWN15ksiiDFZVmRjD0VfmxNorVeBx6P86FPbnEVCiBXKe6fvuPwRCgTcjwUE377F7XetwlfTxcK\/rgSX8BPdMUonImi5ilfgK+EHj9++mKQrwbgVoka3afJB6Z6A3\/2l4WB5hZvkSD0v9l0LZHAAPJMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0tMqbf5YE\/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH\/BAQDAgGGMA8GA1UdEwEB\/wQFMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe\/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR\/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CA="} @@ -11,10 +11,10 @@ 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1679740491800062,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUAz7FAADUGHMQj6lXawKgaFgG7yu2QLA6x3sfhBFAQAH6dXQAAaZnszOnuGa18jh\/9epnGmEYL5BV119LNVo5luWshvG\/kifk9mHjtkA8LzVdsOkvCrmHBpzpDo4qyPk2lDypq04IU48JUqhFrG4kvlPz+VO7sse0uxYXj81FdNb2qoJnvAjqV+Zj4Nii8PIcuNGqghDjzrs2PW\/gEhkaWDikhhSY7DjOLiQIDAQABo4ICjjCCAoowEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwgYkGCCsGAQUFBwEBBH0wezAwBggrBgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL2NvbW1lcmNpYWxyb290Y2ExLnA3YzAfBgNVHSMEGDAWgBTtRBnA0\/AGi+6ke75C5yZUyI42djCCASsGA1UdIASCASIwggEeMIIBGgYEVR0gADCCARAwSgYIKwYBBQUHAgEWPmh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy9pbmRleC5odG1sMIHBBggrBgEFBQcCAjCBtAyBsVRoaXMgVHJ1c3RJRCBTZXJ2ZXIgQ2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCBJZGVuVHJ1c3QncyBUcnVzdElEIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC9jb21tZXJjaWFscm9vdGNhMS5jcmwwHQYDVR0OBBYEFIm4m7ae7fuwxr0N7GdOPKOSnS35MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAdMrY9RYwNyVgzeOqqcbdIxy5gHRQFbh3RTuIi0fsnbEh3v7BN+I3zmXJq71gyLOzG9wvqCulXtLQNAZnrlSacXichYDV5zdcnbBrFH\/CXt47oW4L+9yD5LPMKaSU5DP9DEu88ws+QAjzL6\/q+hP+CLQh0\/vr62HoEGS1+NyLfnJIN0RVcVDxBAwVqNF8MU5An98ZmHj4XaSPA6s2s+3794ULe6r2TzVXiLtun0JJ0kBZL3Mx0plhONvhq7jCsa6bYCF71DNs7VhrNUh+BZNdQvLqAdfQJtFY5EiWpExhiPC\/ZdtVYN5RfrOMCWgBbjnl5e2n5WYa7LM4HR+z7U+6JCBqaRjlbaNNLed\/qg+OMdpBJe16qJJT9E5Uzdc4PsUbL2a+9IUbuxx8nmrbQswe8p4yvcy9RLje07a4Y09otZ\/Aai3Gijup67jTCez1hd7VYIAuznqPos6SLponh2vVcHu9vQoT18OCL9janJ2Ilh3lJHUxv1kHD9IxZNpn0j\/QPzGFv2EzUXZVAECEQLS80qWh6zCXhXl6dVAeM84sSysIiY4Kv8oaXA=="} 01073{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":456,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":456,"pkt_l4_len":422,"thread_ts_usec":1679740491800062,"pkt":"rBWiWIrRJhEKmxQ6CABFAAG6z7JAADUGIAkj6lXawKgaFgG7yu2QLBOJ3sfhBFAYAH4d+AAAQXkC3KDQtxS4HojCCDcr9BRjdC6yeOsNyAZHKhafRm3neZ4wKLcLSGhD4WtDfMXj\/vC3EqcYYEfmEoFTbczZesoRkvlGYZmJ2lY\/pkFu8SzYypIPvNwW9hYDAwEsDAABKAMAHSC0MXhZC1eR2qDSDBY8B01l+mdFSJcUUl10IHfhF\/8kEAgEAQAQUdC8\/U4nys3JUQGs8TxvFSJbStpIbrbU939RaECvS5n4IOPPX8nXRI2EMqABJ0IvFCQCxap8M31MXwU+ZJcb\/1IT9BJWzj1\/lQ5QWXimUiht6Gz8LdTtX4wAZ6M+YO3i+BWuK\/wTi7nhnL51Nxe8wCQWUPSDZ5VF0L5CiEmhjQ0AX\/4WG73GQQiE6MxIIMYVG7QvLpEsbtZo7DxUCLHKxpyaoG0A+2IZBv3huGFCw\/2bzTlQN3xJ7H82KHHVTiHI9+OC\/xlUCBLzaufql4+bUEJXgTP9rJIztltFGS3VRf7ioZwc+TNQHLqT9s8yvEK5qapHXkXGRLkY+O\/ULLmeFgMDAAQOAAAA"} 01470{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RiotGames","proto_id":"91.302","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","tls": {"version":"TLSv1.2","server_names":"embed.rgpub.io,sites.rgpub.io,*.embed.rgpub.io,*.sites.rgpub.io","ja3s":"827b71c134bd28975c2d605a06ef00ef","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=IdenTrust, OU=HydrantID Trusted Certificate Service, CN=HydrantID Server CA O1","subjectDN":"CN=embed.rgpub.io, O=Riot Games Inc, L=Los Angeles, ST=California, C=US","negotiated_alpn":"h2","fingerprint":"CE:85:16:DF:E3:42:05:16:39:97:1F:6B:7A:53:22:22:C8:DD:66:44","blocks":0}}} -01157{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01155{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RiotGames","proto_id":"91.302","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1679740491800062} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1679740491800062} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668895 bytes -~~ total memory freed........: 8668895 bytes -~~ total allocations/frees...: 140565/140565 +~~ total memory allocated....: 9433301 bytes +~~ total memory freed........: 9433301 bytes +~~ total allocations/frees...: 154531/154531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 588 chars ~~ json message max len.......: 2417 chars diff --git a/test/results/default/riotgames.pcap.out b/test/results/default/riotgames.pcap.out index ec3dac414..35ac15d29 100644 --- a/test/results/default/riotgames.pcap.out +++ b/test/results/default/riotgames.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644446178115000} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644446178115000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644446178115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446178115000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOUAAH8RfLDAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644446178115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,49 +7,49 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1644446180176000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446180176000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOcAAH8RfK7AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644446181179000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446181179000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOgAAH8RfK3AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644446182183000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446182183000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOkAAH8RfKzAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1648063928092000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1648063928092000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648063928092000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1648063928092000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkz4FAAD8R+pTAqAJk1bPY8r2Ow1QAECUCEzfK\/goAAAA="} 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648063928092000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928151000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1648063928151000,"pkt":"YDjgxTWgeJS0JASgCABFAAAk5k1AADcR68jVs9jywKgCZMNUvY4AECUCEzfK\/goAAAAAAAAAAAAAAAAA"} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446183618000,"flow_dst_last_pkt_time":1644446183613000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":686,"flow_dst_tot_l4_payload_len":177,"midstream":0,"thread_ts_usec":1648063928151000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1654781451507000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1654781451507000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654781451507000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654781451507000,"pkt":"eJS0JASgYDjgxTWgCABFAABAaVkAAH8RJE3AqAJkovlIAfWGH\/UALPN\/c3T2DHIyQgSrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654781451507000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451526000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654781451526000,"pkt":"YDjgxTWgeJS0JASgCABFAABAcP9AADgRI6ei+UgBwKgCZB\/19YYALF0BcjJCBAAAAACrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928151000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1654781451526000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1654783623503000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1654783623503000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783623503000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654783623503000,"pkt":"eJS0JASgYDjgxTWgCABFAABAtqAAAH8RVRrAqAJkK+VBAdPXHz4ALLwuE5sFlpUyRyCrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783623503000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623769000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654783623769000,"pkt":"YDjgxTWgeJS0JASgCABFAABA3N9AADARPdsr5UEBwKgCZB8+09cALNVflTJHIAAAAACrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451526000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654783623769000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1654785423332000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1654785423332000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785423332000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654785423332000,"pkt":"eJS0JASgYDjgxTWgCABFAABA04EAAH8RuiTAqAJkovlIAeL6H\/UALG1KXY5aogEy\/RarWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785423332000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423380000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654785423380000,"pkt":"YDjgxTWgeJS0JASgCABFAABASwdAADYRS5+i+UgBwKgCZB\/14voALCV7ATL9FgAAAACrWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623769000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654785423380000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1654790643639000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1654790643639000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654790643639000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654790643639000,"pkt":"eJS0JASgYDjgxTWgCABFAABAp6MAAH8R5gLAqAJkovlIAcNUH\/UALPlTK70DER4y\/RWrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654790643639000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643680000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654790643680000,"pkt":"YDjgxTWgeJS0JASgCABFAABAVJVAADURQxGi+UgBwKgCZB\/1w1QALCgiHjL9FQAAAACrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423380000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654790643680000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1655323563669000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1655323563669000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655323563669000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1655323563669000,"pkt":"eJS0JASgYDjgxTWgCABFAABAIVQAAH8R6mbAqAJkK+VBAfY+Hz4ALJnHE5sFlpUyRyCrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655323563669000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563941000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1655323563941000,"pkt":"YDjgxTWgeJS0JASgCABFAABAW6NAAC8RwBcr5UEBwKgCZB8+9j4ALLL4lTJHIAAAAACrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643680000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1655323563941000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1655757069043000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1655757069043000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655757069043000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1655757069043000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkrucAAH8RlrbAqAJkQhbxCO6rw1QAEGNsEzfK\/hYAAAA="} 00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655757069043000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069107000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1655757069107000,"pkt":"YDjgxTWgeJS0JASgCABFAAAkQStAADYRDXNCFvEIwKgCZMNU7qsAEGNsEzfK\/hYAAAAAAAAAAAAAAAAA"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563941000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1655757069107000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1657052125163000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1657052125163000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657052125163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1657052125163000,"pkt":"eJS0JASgYDjgxTWgCABFAABRqHYAAH8R5R7AqAJkovlIAcCSHBoAPQSXzcb7QPwy+QMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657052125163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -59,7 +59,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657052126476000,"flow_dst_last_pkt_time":1657052126497000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1657052126497000,"pkt":"YDjgxTWgeJS0JASgCABFAAA9pxNAAPYRL5Wi+UgBwKgCZBwawJIAKbEE\/DL5AwUAAAAAAID\/PQwqd\/zywtfCXzxlgMLEt38OVBEK"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069107000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1657052127590000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052126580000,"flow_dst_last_pkt_time":1657052127590000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1657052127590000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657052127590000} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657052127590000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -68,9 +68,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8665606 bytes -~~ total memory freed........: 8665606 bytes -~~ total allocations/frees...: 140665/140665 +~~ total memory allocated....: 9430236 bytes +~~ total memory freed........: 9430236 bytes +~~ total allocations/frees...: 154631/154631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/ripe_atlas.pcap.out b/test/results/default/ripe_atlas.pcap.out index 04dcb7801..9b189b0c2 100644 --- a/test/results/default/ripe_atlas.pcap.out +++ b/test/results/default/ripe_atlas.pcap.out @@ -1,18 +1,18 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685618151731153} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685618151731153} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618151731153,"flow_src_last_pkt_time":1685618151731153,"flow_dst_last_pkt_time":1685618151731153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618151731153,"l3_proto":"ip4","src_ip":"207.246.88.254","dst_ip":"96.78.208.202","src_port":56857,"dst_port":29195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685618151731153,"flow_dst_last_pkt_time":1685618151731153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685618151731153,"pkt":"AIT+\/Ph8PJTVQTiBCABFAAA11DEAAPIRmnjP9lj+YE7Qyt4ZcgsAIS\/qTUdMTkREXzExLjExMS4xMS4xMTFfMTExNA=="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618151731153,"flow_src_last_pkt_time":1685618151731153,"flow_dst_last_pkt_time":1685618151731153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618151731153,"l3_proto":"ip4","src_ip":"207.246.88.254","dst_ip":"96.78.208.202","src_port":56857,"dst_port":29195,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618337121693,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618337121693,"l3_proto":"ip4","src_ip":"23.57.157.60","dst_ip":"152.246.227.169","src_port":36137,"dst_port":4712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685618337121693,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPIRw3AXOZ08mPbjqY0pEmgAIQp2TUdMTkREXzExLjExMS4xMS4xMTFfMTExMw=="} -00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618337121693,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618337121693,"l3_proto":"ip4","src_ip":"23.57.157.60","dst_ip":"152.246.227.169","src_port":36137,"dst_port":4712,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618337121693,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618337121693,"l3_proto":"ip4","src_ip":"23.57.157.60","dst_ip":"152.246.227.169","src_port":36137,"dst_port":4712,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618151731153,"flow_src_last_pkt_time":1685618151731153,"flow_dst_last_pkt_time":1685618151731153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618337121693,"l3_proto":"ip4","src_ip":"207.246.88.254","dst_ip":"96.78.208.202","src_port":56857,"dst_port":29195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1685618794391712} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1685618794391712} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618794391712,"flow_src_last_pkt_time":1685618794391712,"flow_dst_last_pkt_time":1685618794391712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618794391712,"l3_proto":"ip4","src_ip":"168.139.124.224","dst_ip":"19.132.223.32","src_port":11476,"dst_port":36467,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685618794391712,"flow_dst_last_pkt_time":1685618794391712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685618794391712,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPIR3HWoi3zgE4TfICzUjnMAIQjFTUdMTkREXzExLjExMS4xMS4xMTFfMTExMg=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618794391712,"flow_src_last_pkt_time":1685618794391712,"flow_dst_last_pkt_time":1685618794391712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618794391712,"l3_proto":"ip4","src_ip":"168.139.124.224","dst_ip":"19.132.223.32","src_port":11476,"dst_port":36467,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618337121693,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618794391712,"l3_proto":"ip4","src_ip":"23.57.157.60","dst_ip":"152.246.227.169","src_port":36137,"dst_port":4712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1685622915920658} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618337121693,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618794391712,"l3_proto":"ip4","src_ip":"23.57.157.60","dst_ip":"152.246.227.169","src_port":36137,"dst_port":4712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1685622915920658} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685622915920658,"flow_src_last_pkt_time":1685622915920658,"flow_dst_last_pkt_time":1685622915920658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685622915920658,"l3_proto":"ip4","src_ip":"9.160.203.32","dst_ip":"68.90.0.255","src_port":41059,"dst_port":38409,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685622915920658,"flow_dst_last_pkt_time":1685622915920658,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685622915920658,"pkt":"3gwp30Y4PJTVQTiBCABFAAA11DEAAPIR2mwJoMsgRFoA\/6BjlgkAIYqWTUdMTkREXzExLjExMS4xMS4xMTFfMTExMw=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685622915920658,"flow_src_last_pkt_time":1685622915920658,"flow_dst_last_pkt_time":1685622915920658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685622915920658,"l3_proto":"ip4","src_ip":"9.160.203.32","dst_ip":"68.90.0.255","src_port":41059,"dst_port":38409,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -21,18 +21,18 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1685623440012672,"flow_dst_last_pkt_time":1685623440012672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685623440012672,"pkt":"bgwp30Y4PJTVQTiBCABFAAA11DEAAPIRrKL6r80Sf\/sAJlDraAEAIdZMTUdMTkREXzExLjExMS4xMS4xMTFfMTExNw=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685623440012672,"flow_src_last_pkt_time":1685623440012672,"flow_dst_last_pkt_time":1685623440012672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685623440012672,"l3_proto":"ip4","src_ip":"250.175.205.18","dst_ip":"127.251.0.38","src_port":20715,"dst_port":26625,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685622915920658,"flow_src_last_pkt_time":1685622915920658,"flow_dst_last_pkt_time":1685622915920658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685623440012672,"l3_proto":"ip4","src_ip":"9.160.203.32","dst_ip":"68.90.0.255","src_port":41059,"dst_port":38409,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1685625149426545} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1685625149426545} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685625149426545,"flow_src_last_pkt_time":1685625149426545,"flow_dst_last_pkt_time":1685625149426545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685625149426545,"l3_proto":"ip4","src_ip":"147.63.105.185","dst_ip":"128.53.92.31","src_port":48224,"dst_port":2164,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1685625149426545,"flow_dst_last_pkt_time":1685625149426545,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685625149426545,"pkt":"ADHC4dyOPJTVQTiBCABFAAA11DEAAPIRGzmTP2m5gDVcH7xgCHQAIT77TUdMTkREXzExLjExMS4xMS4xMTFfMTExMQ=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685625149426545,"flow_src_last_pkt_time":1685625149426545,"flow_dst_last_pkt_time":1685625149426545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685625149426545,"l3_proto":"ip4","src_ip":"147.63.105.185","dst_ip":"128.53.92.31","src_port":48224,"dst_port":2164,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685623440012672,"flow_src_last_pkt_time":1685623440012672,"flow_dst_last_pkt_time":1685623440012672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685625149426545,"l3_proto":"ip4","src_ip":"250.175.205.18","dst_ip":"127.251.0.38","src_port":20715,"dst_port":26625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1685626243085697} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1685626243085697} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685626243085697,"flow_src_last_pkt_time":1685626243085697,"flow_dst_last_pkt_time":1685626243085697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685626243085697,"l3_proto":"ip4","src_ip":"252.216.99.208","dst_ip":"255.103.25.63","src_port":15422,"dst_port":5081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1685626243085697,"flow_dst_last_pkt_time":1685626243085697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685626243085697,"pkt":"AM1PogZtPJTVQTiBCABFAAA11DEAAPIRezb82GPQ\/2cZPzw+E9kAIRO2TUdMTkREXzExLjExMS4xMS4xMTFfMTExMQ=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685626243085697,"flow_src_last_pkt_time":1685626243085697,"flow_dst_last_pkt_time":1685626243085697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685626243085697,"l3_proto":"ip4","src_ip":"252.216.99.208","dst_ip":"255.103.25.63","src_port":15422,"dst_port":5081,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685626243085697,"flow_src_last_pkt_time":1685626243085697,"flow_dst_last_pkt_time":1685626243085697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685626243085697,"l3_proto":"ip4","src_ip":"252.216.99.208","dst_ip":"255.103.25.63","src_port":15422,"dst_port":5081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685625149426545,"flow_src_last_pkt_time":1685625149426545,"flow_dst_last_pkt_time":1685625149426545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685626243085697,"l3_proto":"ip4","src_ip":"147.63.105.185","dst_ip":"128.53.92.31","src_port":48224,"dst_port":2164,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1685626243085697} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1685626243085697} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659633 bytes -~~ total memory freed........: 8659633 bytes -~~ total allocations/frees...: 140605/140605 +~~ total memory allocated....: 9424199 bytes +~~ total memory freed........: 9424199 bytes +~~ total allocations/frees...: 154571/154571 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 982 chars diff --git a/test/results/default/rmcp.pcap.out b/test/results/default/rmcp.pcap.out index 0cd59ac67..decec4c4c 100644 --- a/test/results/default/rmcp.pcap.out +++ b/test/results/default/rmcp.pcap.out @@ -1,21 +1,21 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685886497916092} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685886497916092} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685886497916092,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685886497916092,"pkt":"xpffLU2SPJTVQTiBCABFAAAzHmlAACIRH0x71Bnlqy+tF8F7Am8AH+\/XBgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685886497916092,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1685905522978060} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1685905522978060} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1685905522978060,"pkt":"xgwp30Y4PJTVQTiBCABFBAAo5iEAADQRzrQ25ZqYDlVPrOohAm8AFKqEBgD\/BgAAEb6AAAAAAAAAAAAA"} -00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978073,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"137.141.61.18","dst_ip":"82.132.4.178","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1685905522978073,"pkt":"AAwp30Y4PJTVQTiBCABFBAAo5iEAADQRzrSJjT0SUoQEsuohAm8AFKqEBgD\/BgAAEb6AAAAAAAAAAAAA"} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978073,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"137.141.61.18","dst_ip":"82.132.4.178","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":47,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1685929216370306} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":47,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1685929216370306} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685929216370306,"pkt":"AAwp30Y4PJTVQTiBCABFAAAz1DEAAPQRz8SB3pkevtuOlOLRAm8AHwAABgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978073,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"137.141.61.18","dst_ip":"82.132.4.178","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929237726279,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929237726279,"l3_proto":"ip4","src_ip":"64.240.55.240","dst_ip":"30.144.16.67","src_port":57984,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685929237726279,"pkt":"AJffLU2SPJTVQTiBCABFAAAz1DEAAPQRz8NA8DfwHpAQQ+KAAm8AHwAABgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} @@ -26,7 +26,7 @@ 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929316901739,"flow_src_last_pkt_time":1685929316901739,"flow_dst_last_pkt_time":1685929316901739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"127.36.88.103","dst_ip":"164.114.97.252","src_port":34698,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929237726279,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"64.240.55.240","dst_ip":"30.144.16.67","src_port":57984,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1685929316901739} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1685929316901739} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -35,10 +35,10 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657196 bytes -~~ total memory freed........: 8657196 bytes -~~ total allocations/frees...: 140594/140594 +~~ total memory allocated....: 9421730 bytes +~~ total memory freed........: 9421730 bytes +~~ total allocations/frees...: 154560/154560 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars -~~ json message max len.......: 964 chars -~~ json message avg len.......: 748 chars +~~ json message max len.......: 963 chars +~~ json message avg len.......: 747 chars diff --git a/test/results/default/roblox.pcapng.out b/test/results/default/roblox.pcapng.out index 236717778..8396c7f2c 100644 --- a/test/results/default/roblox.pcapng.out +++ b/test/results/default/roblox.pcapng.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1686316283692571} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1686316283692571} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686316283692571,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARjlvAqAycgHRZcafV+XYFVItnewD\/\/wD+\/v7+\/f39\/RI0VngFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1686316284145726,"pkt":"Jjb1W8R1CL6sCxduCABFAAXcEjxAADUGZiOAdHoEwKgMnAG7mHqQakPs+bx0zYAQAAnwhAAAAQEICkEwULPVk0gbFgMDAHoCAAB2AwP4BXPwGT00VIKjwhz\/iAjBX5hcQlAkH8qUL2GYRZ2JDyCEEkqPT4hvfG5BhIptV74wk3A2PYO6qS2cp+AMu2mVSBMBAAAuACsAAgMEADMAJAAdACDv+sSz2sc9nAJ2xwbZNggYo\/XMPVfMs1rZ+FhiOG7sbhQDAwABARcDAwAqj+ObT3wmRQmspaK+qrIa0FIN2nKpicKwZLltd1NMgyZxPs+Q5NFbKMq1FwMDFt7NiDihBiTew2A1WYHeDFdb5XjnvadO4mz9ZVoyi1Ud7AuqmJ+YhFC\/tSnrhA\/L9YMIX2NDYlSfhkKS61LUR3CsO5LWxV6DUNKqWrFqcTDF8xzIxNty2lMXpegl17yEWyWtR4qECJaNI0mFsBGmeiHmJCTnM1GmMWo91RdX4cVtapki45ZCFFhYF7chaucSShcOZFWE63CfZodB8A40WMSp9k7zkyemrxe5n0d6xWkWN8TPelzxLckRFGlo8kHq+PtReTKHOKWX5Zy\/6g4PcgoBi\/6rBmWM45HnQ+\/LknwOl9OivcqylNqUEfZO6tK2muefZQVPfbuuj+VXsN60KrKQRolxaOXUyCjHdGsiOv21Hn31cZeqEh5fNBDNGGOGaHas494sghqnDFo4qeI3vRmyL5KQVb3s9rt+Ci8FuYv10vMhHS1aLhUHGod3kY8qnWue1aHYZnxHYkk5YwGoz\/bf4MMd5ArSh27vxxzyYrYCFzNRDox47Dy1phgxx4k5IiPGwqGraYagHEj4rzEJuaJSgbhvXVx8ur8RBTFWlbn9V9o7zCyhFyjpdF8Vr1GNh\/5cfLE84m6h1kHKyQxl1YRe+0iZ6LpbSYEG3alX+6vxuOKfc8y9tVeg4A0MXdj3bf5SY8tForlzUVmEyfWkEvXuIG5TbGI3BbQTi\/x9B63QNDd8HujYxb4IKgGUYPxObk8szG+W3pZljxqX7uKnvHk7gF6WS1N+\/SdVK8FeBQZRRtnUXBSYfMNUQVr4PZnIRzwdZpS9BpXNqLj+w7eQcFCVWDU00\/cMybr2LM0khbNMHA0G9NB3RsWxJz2d8kJcY3XuEG3eiJnPzBo0AxV8u8rXuzBF56HtPyrdp6CsITbT2CK9OdxNnHlB6yXkXulNvClvweEwpJtm\/IxMsqEEOYhNsr4whK3WPvN7X6bOC\/dQfyaxmfyYAWB3dFl\/JGabl8sJoB6fxJaBAAcKLtRAXYmLBv6ZmmZj5WyC7bzZwBnoCmJmyMK1sMXQv1Pk5WMVJEPtEvxX0nxspeMnd+A+UZPGnb9Rmh6bp43bceptOmDswoXcUs2K31dd8Ly4f63mJHzOOcNTe6BlkHJf12AyJ2ke3vR2afu1m5ra3u79zEP\/SK5u5S0TNxJWBMK9F+WNbvSgx9WgrGqGuUWHiLuX9ckai13\/ulSH0DmgGDWc+V+Z6DLKD0HiOd+WQNkMLFV1jVvCZf3HDSS0yv\/SQ54Y9YBBBTdI+Y5i+Pv\/kQo5sBDRkyHDG33HajhsGNrGOZCybwHs5a1kpsDabpgf0VU8GZJBD5Hgd+lIZxqt1YblX3jwEpkKjCar+TbJ6HyKIVWdhHeOEhwwLFfki93bsT0beK8KJMz63nEv0YIOtQHWsiAuAwpzSnHJtznf2Z0+uCEPwMJgLEO5V7OAd5wxrDhI8ONbOPL3DL3HH6ggibiIQLcFi6HiI29Y+9b6G6RmmPAlyA4rw6PIK9cU9BFkJujokIKPu2o0\/4jJkMpL316i4xHdbWh4\/7\/2JB\/A9H9JyIhKoSZPq0IKNmOZejI9rUJowqzW+B9m3zB1DZjf8MdO6LjPPDYFYzeu1pKFrZH0c0aWZ8cwagPf5nE6xiuAQ8ZdqDMiYsu\/R992FEud16tqrGdqp0G6kY2eJinf4uLYYyuxMS4THTGHQDSMdrIGDdz+Ri0="} 01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1686316284145726,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","domainame":"assetgame.roblox.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d3113h1_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316295462569,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686316295484971,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":746596.0,"max":10785585,"stddev":2538101.5,"var":6441959161856.0,"ent":1.7,"data": [28467,194118,21533,215727,23,12,472,7,126878,1267,3499,273,4379,2627,513,240,137878,55,702,108040,106788,174593,10000206,310,357197,548002,10785585,40059,91693,5740,187593]},"pktlen": {"min":40,"avg":357.7,"max":1500,"stddev":487.7,"var":237869.3,"ent":3.9,"data": [60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40]},"bins": {"c_to_s": [13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1],"entropies": [4.779968262,5.300120354,5.195351124,4.779649258,7.870378971,7.875164032,7.842136383,7.870733738,7.754308224,5.156889439,5.156889439,5.118428230,5.118427753,4.988526344,6.087430477,7.824826241,7.718070984,7.273851871,7.313729286,5.195351124,5.118428230,7.627631664,5.195351124,5.716266155,5.233812809,5.065449238,5.742581844,5.142372608,5.118427753,5.663634777,5.118428230,4.019286156]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":48,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1686326648493170} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":48,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1686326648493170} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686326648493170,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbJ90IkFVNfxAQAAHwERAaMCLkuAjaPJ6FqVJdO4\/a0CBgoJAJDQiXsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -26,7 +26,7 @@ 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1686326648735662,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686326648735662,"pkt":"CL6sCxduJjb1W8R1CABFAABfhZcAAEARex3AqAycgHQsIbJ90IkAS7YiAQAAHwERAoJSCQq+6il8U+Lfk82kmGMCBgoJAJDQiQPawcSA\/bOuR7gJ5LgpDk+soFdu7AZnfJ12rVYjGKUI3M\/gLA=="} 01012{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316296142505,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283794515,"flow_dst_last_pkt_time":1686316283806465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":2977,"flow_dst_tot_l4_payload_len":498,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":65,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1686333469750635} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":65,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1686333469750635} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686333469750635,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbWryO4FVEvhAQAAHwERAYlJ+hMYU2DqGCGy2n4VfpgCBgoJBgPI7nsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -36,7 +36,7 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1686333470028956,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686333470028956,"pkt":"CL6sCxduJjb1W8R1CABFAABfb+QAAEARkNDAqAycgHQsIbWryO4AS++iAQAAHwERAkoGEJobUjvDjWy+zNTNvQ4CBgoJBgPI7ncnCfOsPT8PcVse23VWPpNtYldufworZLI4u9rBGniKI+a64A=="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":1,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333470172917,"flow_dst_last_pkt_time":1686333470150567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6225,"flow_dst_tot_l4_payload_len":1332,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":2,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648875787,"flow_dst_last_pkt_time":1686326648846178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6363,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":78,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1686333470172917} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":78,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1686333470172917} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 78/78 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8712318 bytes -~~ total memory freed........: 8712318 bytes -~~ total allocations/frees...: 140657/140657 +~~ total memory allocated....: 9476821 bytes +~~ total memory freed........: 9476821 bytes +~~ total allocations/frees...: 154624/154624 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2509 chars diff --git a/test/results/default/rockstar_games.pcapng.out b/test/results/default/rockstar_games.pcapng.out index 9f87f9b69..d541bc193 100644 --- a/test/results/default/rockstar_games.pcapng.out +++ b/test/results/default/rockstar_games.pcapng.out @@ -1,14 +1,14 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1745233283504613} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1745233283504613} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1745233283504613,"flow_src_last_pkt_time":1745233283504613,"flow_dst_last_pkt_time":1745233283504613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745233283504613,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"92.123.164.188","src_port":50624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1745233283504613,"flow_dst_last_pkt_time":1745233283504613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1745233283504613,"pkt":"WJz8EPJuaFRakVvWCABFAAA01J5AAIAGAADAqAEXXHukvMXAAbsuz36OAAAAAIAC\/\/\/DHQAAAgQFtAEDAwgBAQQC"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1745233283504613,"flow_dst_last_pkt_time":1745233283547302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1745233283547302,"pkt":"aFRakVvWWJz8EPJuCABFAAA0AABAADYGgc1ce6S8wKgBFwG7xcBQBkbVLs9+j4AS+vCldwAAAgQFoAEBBAIBAwMH"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1745233283547498,"flow_dst_last_pkt_time":1745233283547302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1745233283547498,"pkt":"WJz8EPJuaFRakVvWCABFAAAo1J9AAIAGAADAqAEXXHukvMXAAbsuz36PUAZG1lAQAP\/DEQAA"} 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1745233283553282,"flow_dst_last_pkt_time":1745233283547302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_usec":1745233283553282,"pkt":"WJz8EPJuaFRakVvWCABFAAH31KBAAIAGAADAqAEXXHukvMXAAbsuz36PUAZG1lAYAP\/E4AAAFgMBAcoBAAHGAwPpfpHYB\/eyLcImX2eudyqLSj1GLdoa0yWQ9PvEBPfuJCCgBWg6yiw62nYlGmwS\/ko9WLFZfSmIi0snWciwnxHjHQAoEwITAcAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwEAAVUAAAAkACIAAB9nYW1lZG93bmxvYWRzLnJvY2tzdGFyZ2FtZXMuY29tAAUABQEAAAAAACsABQQDBAMDAA0AGgAYCAQIBQgGBAEFAQIBBAMFAwIDAgIGAQYDACMAAAAKAAgABgAdABcAGAALAAIBAAAzANAAzgAdACBmNnFzFTJgSwui5RlomVzx6+WIqFDQEthRTeXfSUTOCQAXAEEEy2XNLttanO6j9\/gdAyWuvoskZdDRbkEoB8ArdAbu1OJ6WDZ9ZOtSe2cE\/jPLY\/dFp5jybWdVAKDFuDUlAUn7ZAAYAGEEayXeYX77sfP9pmqMkdLIYYAiNEIIqZ5x1S9HmNc5jqW4\/ZAG0\/LDo8FHKPl4BVcdAZHp7dSlltIqFJAWtXJFejyPIAm4R5uxxXm6kU5BDz9zeXog4MQVu8QeB6zSts18ADEAAAAXAAD\/AQABAAAtAAIBAQ=="} -01360{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1745233283504613,"flow_src_last_pkt_time":1745233283553282,"flow_dst_last_pkt_time":1745233283547302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":463,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745233283553282,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"92.123.164.188","src_port":50624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"gamedownloads.rockstargames.com","domainame":"gamedownloads.rockstargames.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d201200_2b729b4bf6f3_e24568c0d440","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01361{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1745233283504613,"flow_src_last_pkt_time":1745233283553282,"flow_dst_last_pkt_time":1745233283547302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":463,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745233283553282,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"92.123.164.188","src_port":50624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"gamedownloads.rockstargames.com","domainame":"gamedownloads.rockstargames.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d201200_2b729b4bf6f3_e24568c0d440","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1745233283553282,"flow_dst_last_pkt_time":1745233283595683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1745233283595683,"pkt":"aFRakVvWWJz8EPJuCABFAAAoTO9AADYGNOpce6S8wKgBFwG7xcBQBkbWLs+AXlAQAfXdYgAAAAAAAAAA"} -01420{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745233283504613,"flow_src_last_pkt_time":1745233283553282,"flow_dst_last_pkt_time":1745233283597276,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":463,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1745233283597276,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"92.123.164.188","src_port":50624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"gamedownloads.rockstargames.com","domainame":"gamedownloads.rockstargames.com","tls": {"version":"TLSv1.2","ja3s":"15c4d139d9f284ce5a6e4380e77c1f5c","ja4":"t13d201200_2b729b4bf6f3_e24568c0d440","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1745308933771485} +01421{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745233283504613,"flow_src_last_pkt_time":1745233283553282,"flow_dst_last_pkt_time":1745233283597276,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":463,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1745233283597276,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"92.123.164.188","src_port":50624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"gamedownloads.rockstargames.com","domainame":"gamedownloads.rockstargames.com","tls": {"version":"TLSv1.2","ja3s":"15c4d139d9f284ce5a6e4380e77c1f5c","ja4":"t13d201200_2b729b4bf6f3_e24568c0d440","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1745308933771485} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1745308933771485,"flow_src_last_pkt_time":1745308933771485,"flow_dst_last_pkt_time":1745308933771485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745308933771485,"l3_proto":"ip4","src_ip":"192.168.1.27","dst_ip":"104.255.105.53","src_port":64057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1745308933771485,"flow_dst_last_pkt_time":1745308933771485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1745308933771485,"pkt":"WJz8EPJuaFRakVvWCABFAAA09y1AAIAGAADAqAEbaP9pNfo5AbvrwuNFAAAAAIAC\/\/+UHgAAAgQFtAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1745308933771485,"flow_dst_last_pkt_time":1745308933912618,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1745308933912618,"pkt":"aFRakVvWWJz8EPJuCABFAAAw6n5AAO4GDlFo\/2k1wKgBGwG7+jm8znTT68LjRnASEODiqwAAAgQFoAQCAAA="} @@ -22,11 +22,11 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1745308934032523,"pkt":"aFRakVvWWJz8EPJuCABFAAA0AABAADYGWY8XJhJQwKgBFwG7xcax2JybQ9xd64AS+vDRMQAAAgQFoAEBBAIBAwMH"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1745308934032523,"pkt":"WJz8EPJuaFRakVvWCABFAAAoqj1AAIAGAADAqAEXFyYSUMXGAbtD3F3rsdicnFAQAP\/rTwAA"} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1745308934032523,"pkt":"WJz8EPJuaFRakVvWCABFAAItqj5AAIAGAADAqAEXFyYSUMXGAbtD3F3rsdicnFAYAP\/tVAAAFgMBAgABAAH8AwOs2eTtiJHXQ6ZoLke9g24y3baTJIKymL89EW4vZdxm3iAz2DhyfiWYjVYRUSxAKrrxEZtvqJIbNmXdZbvg1iA62AAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAAAAAA0ACwAACHMucnNnLnNjABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACBzPmhl1WgaVrChI0dPfYm5ajr0DSHYwjMfQkRszNDPbAAtAAIBAQArAAcGOjoDBAMDABsAAwIAAkRpAAUAAwJoMioqAAEAABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1745308934032523,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745308934032523,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"23.38.18.80","src_port":50630,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"s.rsg.sc","domainame":"s.rsg.sc","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1745308934032523,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745308934032523,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"23.38.18.80","src_port":50630,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"s.rsg.sc","domainame":"s.rsg.sc","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1745308934032523,"pkt":"aFRakVvWWJz8EPJuCABFAAAoEIJAADYGSRkXJhJQwKgBFwG7xcax2JycQ9xf8FAQAfUI5wAAAAAAAAAA"} -01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745308934032523,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1745308934032523,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"23.38.18.80","src_port":50630,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"s.rsg.sc","domainame":"s.rsg.sc","tls": {"version":"TLSv1.2","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745233283504613,"flow_src_last_pkt_time":1745233283553282,"flow_dst_last_pkt_time":1745233283597276,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":463,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1745308934032523,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"92.123.164.188","src_port":50624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1745848676334001} +01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745308934032523,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1745308934032523,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"23.38.18.80","src_port":50630,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"s.rsg.sc","domainame":"s.rsg.sc","tls": {"version":"TLSv1.2","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745233283504613,"flow_src_last_pkt_time":1745233283553282,"flow_dst_last_pkt_time":1745233283597276,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":463,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1745308934032523,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"92.123.164.188","src_port":50624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1745848676334001} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1745848676334001,"flow_src_last_pkt_time":1745848676334001,"flow_dst_last_pkt_time":1745848676334001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745848676334001,"l3_proto":"ip4","src_ip":"192.168.1.42","dst_ip":"192.81.241.191","src_port":59487,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1745848676334001,"flow_dst_last_pkt_time":1745848676334001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1745848676334001,"pkt":"WJz8EPJuaFRakVvWCABFAAChfQkAAIARAADAqAEqwFHxv+hf8BEAjXSCFv7\/AAAAAAAAAAAAeAEAAGwAAAAAAAAAbP7\/A1nm8Tht4zqcZXAZzL8fTuGXeTeU243L2hIPhYK\/KTcAAAAQwArACcAUwBMAOQAzADUALwEAADIADQAUABIGAwUDBAMCAwgHBgEFAQQBAgEACwACAQAACgAMAAoAGQAYABcAHQAVABcAAA=="} 01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1745848676334001,"flow_src_last_pkt_time":1745848676334001,"flow_dst_last_pkt_time":1745848676334001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1745848676334001,"l3_proto":"ip4","src_ip":"192.168.1.42","dst_ip":"192.81.241.191","src_port":59487,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.0","ja3s":"","ja4":"dd1i080400_051fb07a0855_133c09cafeba","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -35,10 +35,10 @@ 01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1745848676451258,"flow_dst_last_pkt_time":1745848676744991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":867,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":867,"pkt_l4_len":833,"thread_ts_usec":1745848676744991,"pkt":"aFRakVvWWJz8EPJuCABFAANVGgUAAHQRta\/AUfG\/wKgBKvAR6F8DQcTGFv7\/AAAAAAAAAAEAMgIAACYAAQAAAAAAJv7\/X+f82KenWIUVTVczBw2zkSAe2YC2DZsPR\/L03EC9urcAADUAFv7\/AAAAAAAAAAIC1AsAAsgAAgAAAAACyAACxQACwjCCAr4wggGmAgkA3\/IIOdDHPtUwDQYJKoZIhvcNAQEFBQAwDTELMAkGA1UEBhMCVVMwHhcNMTQwOTEyMjEzMTE5WhcNMzcwMjE1MjEzMTE5WjA1MQswCQYDVQQGEwJVUzEmMCQGA1UEAwwdKi5yZWxheS5yb3Mucm9ja3N0YXJnYW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUbKLr0+0\/DzZUkhdQPAIUSf6vOnkd3vz7LMzwfaRy4xYymZYxZ\/q5Ed6EaW6JqCZ\/oLLe25NsTXHmZDJ9bcDe9YOclIL+6LY6GeN4pfa6Hz+jx2zbKLHveils\/9ARmlq7hem2J4bSrsrAmxBAUMu5I64ihzl5jm9DYyKyUFW51pWgePj0eF8P9dMIaB69GlwcMK1R94D2eXFYtOo55DIY4k+tZnErrkNmE6s9MT8hstIKuhDP9Q4XPojoGCcUNCKm6tzoPU2WN3aKCtbekibukMkhDb6jPcXz5o9twDMuJ3vVS\/f9U54Gdx5927EWXG44Ptt7M7QKZ1DQXEVYwHoBAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGsDUuhvkBDEsohQGctVpkQYC+VB2RYrWcOG\/BuAnJAchnyGe0vUHkNpCOa1W7QJTxyQmEZgVIJXyBvl2SlD8vRwY8YZYq5ScMlHbwx6IOdYiakctDm6\/hphAz0AMeZ9ER6pMQ1b0SbrLR4SfATQmDBiycNsSO9IQH\/tWD+h7XnpYN3d6I\/deTbmPTX+BS4Ni+JKX\/\/0TDJl1LB3dzdPXVthq9rivdIMTX6GB4FfVrCPzwTueYvVVKiMK1NeQNIsIbiOhX5\/j2p5slNKg8\/0rIFgR1N+GWp975Q9KJiE\/k45+fuMu2uWIiauD7DpNeE9cFNSPZZkeJxPz8ZTFCj+\/Y4W\/v8AAAAAAAAAAwAMDgAAAAADAAAAAAAA"} 01631{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1745848676334001,"flow_src_last_pkt_time":1745848676451258,"flow_dst_last_pkt_time":1745848676744991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":885,"midstream":0,"thread_ts_usec":1745848676744991,"l3_proto":"ip4","src_ip":"192.168.1.42","dst_ip":"192.81.241.191","src_port":59487,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.RockstarGames","proto_id":"30.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","tls": {"version":"DTLSv1.0","ja3s":"749bd1edea60396ffaa65213b7971718","ja4":"dd1i080400_051fb07a0855_133c09cafeba","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}} 00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1745848676745284,"flow_dst_last_pkt_time":1745848676744991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_usec":1745848676745284,"pkt":"WJz8EPJuaFRakVvWCABFAAE3fQsAAIARAADAqAEqwFHxv+hf8BEBI3UYFv7\/AAAAAAAAAAIBDhAAAQIAAgAAAAABAgEAChi22ooDJ66FUVtMNnmXYs59luPtXEe+8vYgb\/IueVThQH9JpSD8uhs6Fqy15X9eqqBNBTRskLe9vogA3zFMMl0V2vkdgVJEwIpXoTcg9cbJcqGT2IfnLy2NvPnaH1ltVgbiq9Utl1qwMex5d7ZhSgUuV5BGJyXYWVrvzvb+clQbHxfKqbBIxCg0rizoii5Ln1QmTam+h+qFpmfynQcTg+lxVgUQAL9JoRAVBQmtS4FLmGE9FEbmcXsUOHVDKeQsUNFdHp9GeCivkE7NTAYNrJe5v79Lrdq+yy1bj4PSeaaibuCZJD\/+BqR7iMmN8EbQR6NvmhoUM\/IIVTlTLOVtpg=="} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745308934032523,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1745848676863735,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"23.38.18.80","src_port":50630,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745308934032523,"flow_src_last_pkt_time":1745308934032523,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1745848676863735,"l3_proto":"ip4","src_ip":"192.168.1.23","dst_ip":"23.38.18.80","src_port":50630,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1745308933771485,"flow_src_last_pkt_time":1745308933913373,"flow_dst_last_pkt_time":1745308934032523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":147,"midstream":0,"thread_ts_usec":1745848676863735,"l3_proto":"ip4","src_ip":"192.168.1.27","dst_ip":"104.255.105.53","src_port":64057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RockstarGames","proto_id":"91.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01339{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1745848676334001,"flow_src_last_pkt_time":1745848676745402,"flow_dst_last_pkt_time":1745848676863735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":976,"midstream":0,"thread_ts_usec":1745848676863735,"l3_proto":"ip4","src_ip":"192.168.1.42","dst_ip":"192.81.241.191","src_port":59487,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.RockstarGames","proto_id":"30.449","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":25,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7612,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1745848676863735} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/rockstar_games.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":25,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7612,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1745848676863735} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 25/25 ~~ skipped flows.............: 0 @@ -47,9 +47,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668254 bytes -~~ total memory freed........: 8668254 bytes -~~ total allocations/frees...: 140610/140610 +~~ total memory allocated....: 9432724 bytes +~~ total memory freed........: 9432724 bytes +~~ total allocations/frees...: 154576/154576 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 1648 chars diff --git a/test/results/default/roughtime.pcap.out b/test/results/default/roughtime.pcap.out index 9863b5bd0..2afd57a50 100644 --- a/test/results/default/roughtime.pcap.out +++ b/test/results/default/roughtime.pcap.out @@ -1,12 +1,12 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688459063439932} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688459063439932} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459063439932,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459063439932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"64.233.164.158","src_port":36225,"dst_port":2002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"thread_ts_usec":1688459063439932,"pkt":"eJS0JASgYDjgxTWgCABFAAQc8whAAD8RnDTAqAJkQOmkno2BB9IECLEkAgAAAEAAAABOT05DUEFE\/0Wcq29INM2pt7PJg+O1BI4WJW5l7JY+YL+Mo2mtPLST1ZCeaNj4vUmemQfE0Nou3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459063439932,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459063439932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"64.233.164.158","src_port":36225,"dst_port":2002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459068453261,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459068453261,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"35.192.98.51","src_port":39393,"dst_port":2002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"thread_ts_usec":1688459068453261,"pkt":"eJS0JASgYDjgxTWgCABFAAQcyDpAAD8RJpfAqAJkI8BiM5nhB9IECARZAgAAAEAAAABOT05DUEFE\/0Wcq29INM2pt7PJg+O1BI4WJW5l7JY+YL+Mo2mtPLST1ZCeaNj4vUmemQfE0Nou3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459068453261,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459068453261,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"35.192.98.51","src_port":39393,"dst_port":2002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1688459897600597} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1688459897600597} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459897600597,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_usec":1688459897600597,"pkt":"YDjgxTWgeJS0JASgCABFAAGElUFAADsRe3qin8gBwKgCZAfSv30BcDv4BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWF72woTE4E5m4pnuoj1g82Q3it+Rx1lIQrBa+8w7HA20l6CzRcDEXkryqN2wT\/P+b3mIy6HIl\/aMzUOaDSVLEQsDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AwNhpNKX\/BQB7jicHExuCXvBNcLG4RqixZQOag9vqNLYumLuF3317E6Q8mr4tG+MrZI87Z9D66Ly9BFCOUmG8HUC4CmDEBDMsAgAAAEAAAABTSUcAREVMRc341JCd\/F7MyqhvbaGn9fBbN3l6OufgeMTVuHUjpgnyQAAyTDjLnT2vaGE5ZvT5lzQ\/oq3rcNcoCDZlulpBsQADAAAAIAAAACgAAABQVUJLTUlOVE1BWFRCqhilXUVGMeeZqqSgs6sgq6EAXuQ\/ffyzcVoUrgDAppCLOyef\/wUAkOsSRbP\/BQAAAAAA"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459897600597,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -17,7 +17,7 @@ 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688460392257946,"flow_src_last_pkt_time":1688460392257946,"flow_dst_last_pkt_time":1688460392257946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"35.192.98.51","dst_ip":"192.168.2.100","src_port":2002,"dst_port":57626,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688460392257946,"flow_src_last_pkt_time":1688460392257946,"flow_dst_last_pkt_time":1688460392257946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"35.192.98.51","dst_ip":"192.168.2.100","src_port":2002,"dst_port":57626,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1688460392257946} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1688460392257946} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652266 bytes -~~ total memory freed........: 8652266 bytes -~~ total allocations/frees...: 140570/140570 +~~ total memory allocated....: 9416736 bytes +~~ total memory freed........: 9416736 bytes +~~ total allocations/frees...: 154536/154536 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 1889 chars diff --git a/test/results/default/rsh-syslog-false-positive.pcap.out b/test/results/default/rsh-syslog-false-positive.pcap.out index 69e52d920..eedfd1d11 100644 --- a/test/results/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/default/rsh-syslog-false-positive.pcap.out @@ -1,5 +1,5 @@ -00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1464076252936094} +00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1464076252936094} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":292,"pkt_l4_len":272,"thread_ts_usec":1464076252936094,"pkt":"RQABJL4eQAA8Bq0urB9OgawdK8kjTwICdUbR1TedTUKAGABzPQsAAAEBCAoozL9YkELf7TwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NTErMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCg=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -12,7 +12,7 @@ 00361{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101} 01658{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_datalink":12,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1400,"pkt_l4_len":0,"thread_ts_usec":1464076253006101,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076253018101,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":958,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4939,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076253018101,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1464076253018101} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1464076253018101} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645074 bytes -~~ total memory freed........: 8645074 bytes -~~ total allocations/frees...: 140541/140541 +~~ total memory allocated....: 9409448 bytes +~~ total memory freed........: 9409448 bytes +~~ total allocations/frees...: 154507/154507 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 366 chars ~~ json message max len.......: 1663 chars diff --git a/test/results/default/rsh.pcap.out b/test/results/default/rsh.pcap.out index ad485215e..6a6aa7230 100644 --- a/test/results/default/rsh.pcap.out +++ b/test/results/default/rsh.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654277359673876} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654277359673876} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654277359673876,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654277359673876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1654277359673876,"pkt":"AAAAAAAAAAAAAAAACABFAAA8BJ9AAEAGOBt\/AAABfwAAAQP\/AgJQUgi+AAAAAKAC\/9f+MAAAAgT\/1wQCCAp\/2NwKAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1654277359673899,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQICA\/+d65A3UFIIv6AS\/8v+MAAAAgT\/1wQCCAp\/2NwKf9jcCgEDAwc="} @@ -16,7 +16,7 @@ 01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654277362292565,"flow_src_last_pkt_time":1654277362309472,"flow_dst_last_pkt_time":1654277362292703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654277362309472,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","rsh": {"client_username":"lns","server_username":"someuser","command":"some random command"}}} 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1654277362292565,"flow_src_last_pkt_time":1654277363725020,"flow_dst_last_pkt_time":1654277363725000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":18,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":18,"midstream":0,"thread_ts_usec":1654277363725020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1654277359673876,"flow_src_last_pkt_time":1654277360987203,"flow_dst_last_pkt_time":1654277360987169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1654277363725020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1654277363725020} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1654277363725020} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652148 bytes -~~ total memory freed........: 8652148 bytes -~~ total allocations/frees...: 140572/140572 +~~ total memory allocated....: 9416554 bytes +~~ total memory freed........: 9416554 bytes +~~ total allocations/frees...: 154538/154538 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1243 chars diff --git a/test/results/default/rsync.pcap.out b/test/results/default/rsync.pcap.out index 520b108c4..bf0943533 100644 --- a/test/results/default/rsync.pcap.out +++ b/test/results/default/rsync.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1387144174826849} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1387144174826849} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387144174826849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387144174826849,"pkt":"AAAAAAAAAAAAAAAACABFAAA8ACBAAEAGPJp\/AAABfwAAAdTZA2mzXXC1AAAAAKACqqr+MAAAAgT\/1wQCCAoAPHCVAAAAAAEDAwo="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387144174826876,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQNp1NlRGhcWs11wtqASqqr+MAAAAgT\/1wQCCAoAPHCVADxwlQEDAwo="} @@ -8,7 +8,7 @@ 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174827057,"flow_dst_last_pkt_time":1387144174826876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387144174827057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","proto_id":"166","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1387144174827057,"flow_dst_last_pkt_time":1387144174827090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1387144174827090,"pkt":"AAAAAAAAAAAAAAAACABFAAA0Z4JAAEAG1T9\/AAABfwAAAQNp1NlRGhcXs11wxIAQACv+KAAAAQEICgA8cJUAPHCV"} 00966{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174967121,"flow_dst_last_pkt_time":1387144174967173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":346,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":411,"midstream":0,"thread_ts_usec":1387144174967173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","proto_id":"166","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1387144174967173} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1387144174967173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645708 bytes -~~ total memory freed........: 8645708 bytes -~~ total allocations/frees...: 140563/140563 +~~ total memory allocated....: 9410082 bytes +~~ total memory freed........: 9410082 bytes +~~ total allocations/frees...: 154529/154529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 971 chars diff --git a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index cc3ec182f..7cb27d9e5 100644 --- a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502626544321377} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502626544321377} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502626544321377,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626544321377,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIxyZUAAQBEqXdkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXBNYU34AAB9AAAAAMgAAH0AAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544329483,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"thread_ts_usec":1502626544329483,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAHhMIEAAQBFQttkM92LZDPQie3FlawBknhSByQAHAZMttAAAAAABAAABAAC+wgAAAAEAAAAAAAAAAIHKAA4Bky20AQcxOTMyZGI0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAAAA=="} @@ -8,7 +8,7 @@ 00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626548341364,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1502626548349503,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626552361361,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIyDdEAAQBEZTtkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXhXnSv1AAF4QAAAAloAAXhAAZMttAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1502626552361361,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1502626552361361} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1502626552361361} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644959 bytes -~~ total memory freed........: 8644959 bytes -~~ total allocations/frees...: 140537/140537 +~~ total memory allocated....: 9409333 bytes +~~ total memory freed........: 9409333 bytes +~~ total allocations/frees...: 154503/154503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 621 chars ~~ json message max len.......: 1009 chars diff --git a/test/results/default/rtmp.pcap.out b/test/results/default/rtmp.pcap.out index c6def2637..ee36cb987 100644 --- a/test/results/default/rtmp.pcap.out +++ b/test/results/default/rtmp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1196541506793783} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1196541506793783} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506793783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1196541506793783,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506793783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1196541506793783,"pkt":"AAwpfMZqAFBWwAAICABFAAAwAzJAAIAGH8TAqCsBwKgrgASZB49J0s7PAAAAAHAC\/\/+GgwAAAgQFtAEBBAI="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506794048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1196541506794048,"pkt":"AFBWwAAIAAwpfMZqCABFAAAwAABAAEAGYvbAqCuAwKgrAQePBJklcSWUSdLO0HASFtAknQAAAgQFtAEBBAI="} @@ -7,7 +7,7 @@ 02519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1196541506797289,"flow_dst_last_pkt_time":1196541506794048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1196541506797289,"pkt":"AAwpfMZqAFBWwAAICABFAAXcAzVAAIAGGhXAqCsBwKgrgASZB49J0s7QJXEllVAQ\/\/8QugAAAwAHqlcAAAAAxP+V\/xr\/4\/\/AAMEANgCvAPwALQCS\/7v\/eAfZfC4GB3w0BsV8Cl+TADAA8QAmAF8AbP9d\/4L5awLoAAkAHvi3AqT59QL6MENvoAAhABb5DwLcJY1vcuwbb1hPOQAOEGd8FDolAOok828QAFEABv+\/\/0wAvQBiXcsAyARpAP5ZF0aEAFUA2gCjAIAAgQD2AG8AvADtAFIAewA4AJkA7v\/H\/\/QAhQDKAFMA8AGxAOYBHwAsAR0AQgErAKgByQDeAncAZAK1ALoCAwBgAuEA1gTPAJwETQAyAdsBGPv5As77JwLU7uV8quyzb9BPEQDGB398DAZ9fCL5iwKIASl8vgDXAEQAFQCaAGMAQABBALb6LwJ8Aq18EgA7APgAWQCuA4d8tABFAIr6EwKwAHEApgLffOwA3QAC\/+v\/aACJAJ4ANwAkoHV\/evrDACAAoQCWAI8AXAANAPIDm3zYALkAjgDnAJQApQBq+XMCkOPRfIYyP3zMAD0A4v1LAkj96QJ+AJcABP\/V\/1oAIwAA\/gECdgXvfDzkbXzSBft8uAIZAG4GR3x0AAUASnHTAnAAMQBm+p8CrPSdAML8qwIo7kl8Xgf3fOT\/Nf86AYMA4JBhf1YCTwAcDc0AsgBbAJgAeQBOAKcAVAVlfCpfMwBQAJEARgD\/AIwA\/QCiAAsCCPCpAj4AVwLEcZUCGnHjAsACwQA2Da8A\/P8t\/5IAuwB4ANkALgIHADQAxQAKAJMAMIXxACb7XwJsAF0AgmVrAOj\/CQAeFrdxpPv1AvqkQwCgoyEAFvoPAtyjjQBy\/BsCWCE5cQ7YZ3wUTSVx6gLzABACUQAGAL8ATAC9AGL7ywLIIGkA\/vsXAoQAVQDaAKMAgACBAPYAbwC8o+0AUk17cTj7mQLuAMcA9ACFAMoAUwDwL7EA5gAfACwAHQBCACsAqADJAN4AdwBkALUAugADAGBx4QLWAM8AnABNADI+2zAYIPkAzgYnfNQA5QCqMLMA0P8RAsYAfwAMAH0AIgCLAIgAKQC+ANcARAAVAJoAYwBAAEEAtgAvAHz7rQISADsA+AVZfK5nhwC0\/EUCigUTfLAHcQCmBd987BbdcQL86wJopIkAnqM3ACT7dQJ6o8MAIP2hApYhj3Fc2A188k2bcdgCuQCOAucAlAClAGoAcwCQ\/NEChiA\/AMz8PQLiAEsASADpAH4AlwAEANUAWqMjAABNAXF2\/O8CPABtANIA+wC4ABkAbi9HAHQABQBK\/NMCcAAxAGYAnwCsAJ0AwgCrACgASQBeAPcA5AA1ADoAgwDgAGEAViBPABwgzQCyAFsAmAB5AE4DpwBUAGUAKgAzAFAAkQBGAP8AjAD9AKIACwAIAKkAPgBXAMQAlQAaAOMAwADBADb8rwL8AC0AkgW7fHik2QAu\/QcCNAXFfAoHkwAwBfF8JqRfAGykXQCCMGsA6AAJAB4AtwCkAPUA+iBDAKAAIQAWAA8A3ACNAHIAGwBY\/TkCDgBnABQFJXzqYvMAEP1RAgYFv3xMCb0AYgXLfMhiaQD+LxcAhDBVANr9owKAAIEA9gVvfLwv7QBS\/XsCOAWZfO4LxwD0BYV8yi9TAPAAsQDmAB8ALAAdAEJTK3GoX8kA3md3AGQAtQC67QMAYKPhANYAzwCc\/E0CMgDbABj9+QLO7id81AXlfKr\/s\/\/QBRF8xhl\/fAwAfQAiAIsAiAIpAL4K1wBEWBUAmgBjAEAAQQC2AC8AfACtABIFO3z4AlkArgKHALQNRQCKBxMAsAVxfKai3wLsBd0CAgDrAGgAiQCe1TcCJAF1AHoAwwAg1aEClgCPAFz+DQLy7pt82AG5AI7\/5\/+UO6UCakJzcZAA0QCGAD8AzC89AOIASwBIL+kAfi+XAAQ71QJaBCMAAAABAHZB73E8B20A0lL7ALj\/GQJujEcwdEQFAkoH0wBwADE="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1196541506797289,"flow_dst_last_pkt_time":1196541506797539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1196541506797539,"pkt":"AFBWwAAIAAwpfMZqCABFAAAoK39AAEAGN3\/AqCuAwKgrAQePBJklcSWVSdLUhFAQIjhARQAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541506798015,"flow_dst_last_pkt_time":1196541507028289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1196541507028289,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","proto_id":"174","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1666211805308016} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1666211805308016} 00293{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211805308016,"packet_id":27,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211805308016} 00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1196541507836444,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAGSCXAAAQBG59wqGGUwKhA+wCGgIaABQxGkw\/wBAAUzBDEUAAEAAAEAAPgY1YgqMUMzLzeAwwl0Hj2gaLJgAAAAAsAL\/\/7r5AAACBAW0AQMDBQEBCAoWh\/+GAAAAAAQCAAA="} 00293{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211805431039,"packet_id":28,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211805431039} @@ -73,7 +73,7 @@ 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211820897272,"packet_id":59,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211820897272} 00527{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":176,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":176,"pkt_l4_len":0,"thread_ts_usec":1196541507836444,"pkt":"AAAAAAAAAAECAAD6gQBNQoEAQHEIAEUwAJp1ngAAQBHGogqGGSkKhA+wCGgIaACGR2gw\/wB2BmB3WUUAAHYAAEAAQAb0gwqMSs7Bdi8u6HUXcn6HvCgEmTKtgBgIAGxEAAABAQgKAHbpEA\/nUVIAJiWgQwAAAAAAGRQCAAxjcmVhdGVTdHJlYW0AQAAAAAAAAAAFQwAAAAAAFRQCAAhfY2hlY2tidwBACAAAAAAAAAU="} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541507836444,"flow_dst_last_pkt_time":1196541507670099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3452,"flow_dst_tot_l4_payload_len":3496,"midstream":0,"thread_ts_usec":1196541507836444,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","proto_id":"174","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1666211821073153} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1666211821073153} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/26 ~~ skipped flows.............: 0 @@ -82,9 +82,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647699 bytes -~~ total memory freed........: 8647699 bytes -~~ total allocations/frees...: 140562/140562 +~~ total memory allocated....: 9412073 bytes +~~ total memory freed........: 9412073 bytes +~~ total allocations/frees...: 154528/154528 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 298 chars ~~ json message max len.......: 2524 chars diff --git a/test/results/default/rtp.pcapng.out b/test/results/default/rtp.pcapng.out index b1b577b09..feaeeb6d9 100644 --- a/test/results/default/rtp.pcapng.out +++ b/test/results/default/rtp.pcapng.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1332741131936370} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1332741131936370} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131936370,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741131936370,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU5xAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBEAAJ6IYAABZGAHAAAAAAg2oOAz\/8BcyOIdPfi8B4Xzz4VNYRGWcSjryldGYkqct6gbLBqCyFX7tOlxeIIyF41H7ve+11iRZEGoqbwZ8BxR\/mM7KSRJ8a7UYJLYgDupNskRvB7P\/F2+LyfF7a574\/f+Lxn4vAVwvkkYGQXzbheLgvjV4X8Aa7F5KLyf\/8U5YkvSlSWuDTEZb0+E4729QFtoqKTwvcF8OiLQsC+Lnxe+F+GXC9kYu\/90rt4WPWgJo2qDsfwPr\/s8F+F8Vv62za3pYs8Xhd7p\/i98XhSLxkLxBGcXsDIXnBeHYVhZ82dGyFsrGurb0PKNMBNPBU+DvepwY8CtUDJEhapZpZIfKDCenAv0sFZOFvEPq6SZq7ZGC0WNCD2rohpuFfeNnaOtWBov88A8KFlaIPuQZiCvwFUkMwNWSIPTwx46XBXMxdc42ukZKZVwxk2MwtjIOP\/GAoW2HqFRtGE73km73jLbNuNdOi46FTnGw\/R5AsQRD5jTGCdKjCRjiBlaZGSWLULBeGIXxhT0LGyulampWjYCxcF88NBf0Xi8LBeCcLwVpIx1vm4Wko\/FoveFXaTlRQDmASsdIAYgD0sFgelgVHlPWhCKjTYfCoK3tToCnTxwjU0U6tJ1AoURKc6uoVavqBuwaBU2OKB7UZZ3wVNNMoQYsCoZEGnR6rMgMCr1Frc0MVxHgMuBS\/GaQWA0H+4KeVNJ0oilvFwCGUrXanZuJMO1Ru9kW\/gGO8HW6BUMgZL++I9LM4DjgWRFoKwZlpAL3BfQAkhSFv51ulgMX\/AxwG+BgmOjn0tWELaDFAZG2y2GgOYBJdic8FLrZ1FZqzejckZ7ZxPnt4tN0qT8Owt4mbIBiOCYV7Wa0gbYzISFJsL7Z2HAqbO5veAZ+i9hlrl0GL\/luyqfe6BQ+WJQWpAFTDhlLguaUNNM9wsbX44KudOi8B4\/4RhX7EoFSstNLAXG0wJsF\/QrC+2C0xGKwtf+ZKIqQc6DFgSMykGg1F4NCAhWJteh8JkAM+AvF5WzpUeC+OQvBpQF4XzwtCtlK0STpXxwL8Kxfe6Lgq+bWQVZ7CxlrRWkFjIrCzh54VIwIaOLAtXTLlQJABIXeslIsZFAW+75LwHUAugsGkLJ4LbzreoPAx39Z0iDgXhM1zo46V8cFvAnqacHCmk+JEg5CoGb\/yMKTT9bClvYCKGC05V1BUOz4oBfCvje6uiZ7QMpjwfCwXrkIVutoFmhDDEHw\/we\/\/C+uZIRXre6tVwnDALeO5wFeLBusNLwWi+jfogBMF+BSaCxqbjX+ItQBiV60CR0F0JuLVopDELwvg0ACLtDYYhfLRqfC17qexbedTNNMnkQIwX2jclCk2IH6KMoYiM+S1ZNErU1PWiYcgqcKkhlkH0\/wVhGJNbvGupmesn9wrzn7QVSnoy3G1wacBeFj6ixeUt5riJwvBngE+L0iHSML5khhU2UjVGxKVUCQhkwSiYV+sJ14mSIDsJmv9RWtEIvCodYctsFJgKAsZY0zIsFIuTBiLwXYX+muPF4pFtBWFL4UJqKt1jGmTwgiPKhUFNPpiwoCYO3jPkT4Go6lAgL\/Zg46ysiOCNKUqM2M9lsBVwi4O20CYOHgsxRtsIBBjL3Bd+AvT4\/C4KXbgGE1mX9S772dBUjRhpD31BFfvayiUFKdZwCiYKT7Nb2p+\/qOjh4jVgqsQcRn7erJ2yk8UkJCFnlXLKVLO9F7sQ4UDMF8fCrgyf9ugQ6+o0e4A9ockoTBZ2gZH+KhP1Gi\/BkD5\/4sCzwsAq0VH22MxdSUYjN8B9\/8NwjCplKTaC63nKp1ZRBzrw6pDwViHpBF1IW6lIWYwVojIEKUDkZA+QCFT2MrCI2pTZmg5YFSypr\/qP9owB8f+g+H+FTvA4LaLWly3SoJwXoLEK3vUSA=="} 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1332741131938296,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"thread_ts_usec":1332741131938296,"pkt":"ABNyjb9k0GflFGvTCABFAAOcU51AAIARAAAKzNxHCszcqxdwF3ADiNIkgKIBEQAJ6IYAABZGAHAAALUmHytcLGiML59YxC+2D4f7x\/dGA9s6LUsIgqL6t9mJKOwYsCwYxfFCTd\/EbKc1WTIyCk1LCi4WlIZNs3QVRZ0YtLzVrXAvQvC31Kk4U7gfk4NF\/6FcZEMXBZ+e81yFiMRHcxvlqbCkj2pxXGHDnS9oMQB1fON6nOtI0AKpgCYZlYdheFJ9ggX8QzYebHG7kCflEEcesByv1MlHJrqEBIUL1CBL8iFQoGOLjcsBzv4F4E6+kKFCBSq0ae0CiQ+zsCH75ZvxcB2VgFVgRCnBlAIpUC+zUwKqITTdXCYZNHuI9BVbULusaiwozjYOKBYIN4gEcYpGToyY6jExkpTIBl3yzfIHyVnzcBwv5Dfr8yFmjAaijTAxYENxAOBHF58LeyIiEejkXlh4KRN5mANBoAEiF4ZC9kUC8Bg9xSFbqryv9z3tqY6RthYJNOCuk6hDKLDcGN\/hwQ0mC3p8aYImFyIJ2fmFPWqsI18NKg6zc0EbSUfjIfkIvCmFCwZ8BSYnov4kQSh4cBof8MKF4018YTasVIjgcMrbTgz\/Rc3eDkGbATXu3kEIFpCorIxXzGmgMsLLtBKGAtp13CovkAInT5YWpm9VTurR4cjAGgAToU8CbURFZOrBD3yhVMgi9nahRiOif38aqXo2gwi\/eVjoMb\/YDlgVOoD7pC8Z+LzsVYNEA4Lw\/PM6YGcAYMcb60BScBi\/6ioc+Y3+gj0XdlEbEV0q880OV7rHE+CEDlf2h1AYv+6NBo6i8VhZ4y3NArvwJe40z10illdj+2pAODMwFgW\/uUPBkSAtR\/rJOF8XBaF7bI3hV+Z3mCANUkkaT7xOJgbABPrJycc9upGBDvu6ip7nStgFVZqOnTgyaNljAYz+4FjA2Ht1OBsXB+I45wZBsMXS3TH7t28fvc1E3AYv+6mzgsDgPSYcfWuamjTaUBsRip1u4vkC4L4JUF4\/JheFu7YunR6b+PxmtpNBnAFHkepsN4l6K+sMJShkaBY+6mBiwJNwWU0DYf5CFnDxsCNvpGgcUCbXRMFQ7RnBYD3\/4W\/AIohZSkMAWgXwsCyPyUXmBf1K2MheZ\/H7rp4VdhLRzwI4mAxJUd4LhcKh\/0lH5GP0AJIW9A0lLRufBcnB37e9RZ742whXTGAvrkJofgsgvmCYL5lcHrAReKQv8XLSajU="} @@ -7,7 +7,7 @@ 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131999309,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":896,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3784,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131999309,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 01890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1332741132001295,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1054,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1054,"pkt_l4_len":1020,"thread_ts_usec":1332741132001295,"pkt":"ABNyjb9k0GflFGvTCABFAAQQU59AAIARAAAKzNxHCszcqxdwF3AD\/NKYgKIBEwAJ\/qwAABZGAHAAAC2RhlqOQwsQc9BiVkAVPG8xsRapg8Ld2AUDMONR8vsLCLSsJ+BOFbxcQUHIhegZGQxF6zMeF8OegtgcMCC+nEIiFAXwer\/nDQXsBosdEF8L6aCp9\/ODpHt0CNlg1Ecb5xOCaH4VjUKTwC+gRngYwC+VENHS1iYRyh2z6Jfp1lboMyBFoubDoXhX+4V9KDWXiNmS0cxE9hKHAfEzQeHQp\/bWx3Ud+ibGha3xZHePpYlZhDB74DMbBxf7Ae8BCUc9xuXEqnxSWDFJlmM33\/wGJ\/cmgSGTCYOgwEP4z3YBdQgVc+CrehgEYLQZQCBjf5WqKSEPiosIRE2V4kshWdRcRz4RWsgx4EC+ShqnCwb6GlYMWBH7jfONboMcBcE9NDruM9Q8KAcr+CoU6QpvymhkDJ\/ykGLAv7RlozCz8ZmdW\/4q05dq9R2iohBPET+ptT4WDJnW+daK6oUIp0kzvaiwdod+GUSoQSQr\/iqpUXY5drnMpXxAycB9P8kt+ZGiutgRONZaBH4oCi5v0kAwIG4jhD6ltvQTJGOJkqek4flozuiofg4\/8F9gLNeL2ApC7QD3j9w\/JgsbDWZixT0atAsiwHwAWdlvZWGqpT6PSxkkRsMZSraWXCQfjML4sNi83C34vSiRKIBMHQJvHBY+43usJdXsupunwxGXH74tp6L4sn36YZetYl6Eg6gegtxP5g7a6OtEXNHK2nFXDgNF\/ioX0+F0nuC9ic4F9AC\/BV5Ae\/\/CnjrrPtXh0v4wByNAopbal+O\/lsVLRwi6pxNwcHlujuoIgBwv5YQj61GzYU8fk\/teanBXIU5OFn523gEGAVdIquIRVkGYenmGhW36plk96J9t1B4spMKnvFODkHb\/qFzfcqZD1GDhAQr2u9LRsMwGiL0rba9iOqeIHjYPB02BUgjU6HBON2xwJwvlhlkyP0pOF8iFg\/CUXkwWfmML2AyH9hXg17wqTo5VAzRogm6CyCzxu8rO8pQbBi\/6gQyJPeBy\/4QoCYu2OiGL33T7p3bu3V5lUph2OioXz+Wda4HZoLH7ESdPnUNMtAsqCKhGI\/NwvhXTgvrwuoPX\/vC+mJHhbx9Jq7z9IPx+7dqpwQFMwcAxf7HcZ5o5BVlrwq5QBko7fUZNCIOSkZgl6bCzpNareQs1SFsD\/mgxgF4ZMhyRrgKC2ugxIHE2dAqpj+6JicL+NDmmQTx\/Bni8J4vZPf+FXKAOgxgHQHa20OmkrYhkJOKx+cF50L4XJQev\/C1zog0cZEVeKQsCz5ZghFHaidFLcXmAmbiUZXgyCxtyzfxGOejCmAWcL4RALH7CwpF7ZgL6bBkhNA=="} 02467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1332741132066361,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741132066361,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU6BAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBFAAKFpQAABZGAHAAAAAAg3oOAz+DZvj92FjUNSxqhkDRgJ62JgTcfirF74vFUKmEAD5fGx9VAFvKeJy+aq2BgEAGB+fJ42SxT5eAmqx5VhoOMuHpcBbgdpSZ62XIiEWoLP+tl7gvhoEiB4vBaxeC0x+96xV+zRvN6ke4LOJQKAuoiAQ3xVgek4BwMCDgplavzegpYCqHgxiiJCw38e\/SoKVnws4QMEmZiufXHrZShU1IaAOHol8Uj7QKXQYsCivRl7KxaVixWpgGIUlmQZBSYB0CCXbZR6jPF3i8uoiqmGQ94LBKBgQcu\/oHJ0FMOmiwZe6mB2f5WCiAvEHwc0CCj4hK1zIIAMCEqNHheX+oErEEnhiAZIJIKcuVgV4nY9EhvyKpRCOqx4srlQ+GIVMAwEMv9ikSP8ZVbYg6MQgQA8fW5qigXghldTu8p8TqwPK51QUjMLqL3i1e6i9+F9lZcKjovIovOR+bH7x+4fu\/H9JQsuEKhAEqiIooFv2Fm4lOAHAwIQrgMGCBD\/6d5YPQV7vKIkSB8NVcL\/gVS9GIWXAOBgvX28EovSb79LcGYBwMD8f8DB\/glF8SRT5DBNMsZQiYvU+ZVQCXByMAo8IHggiV8FKh2UZ+qpV8R1XqQCQDAhCpOqRgxv8ATB2sCsLD6sDi98lFQUWXYlLaKwhAeH\/oBwSdW8r9papKnAHVWEHwMIC+VwC38KxNNSxkXKwPLWfRi0KihAgB4+EVSqrWfVU2qA+XXgH\/IRydGv6pjceLwiH7hecH7heNcXkEX0Bn+L3i84LzgqS3sHc98Cvp8t+fCsLLiQDAhRcxR\/4GHA1eQGLAtGYkDwIfqBwf+qYv9ShToy4CyVj34FUuUVhb4q1QOx1eiN1q1owA3W95jeCcX0F2LwHxfmHh+KQvi54vCyL2kgPT\/uk7TpC93hfe903ttVZwLewkaK6EpoyLwTYvJIvNwrbCdJOI61UR8H5\/zUXhfF2Fl07pumL3i+jMW08e7o76mS0GLAsF5aLAvsLtkrovIIv6D4\/4WtkcB0GDeGDwWfQLRP3ofXrWn+CK030EoybCtt60y1zSgBoNcAjEHy\/4W9HxpvsSTOHURCNRE0SIQ6eYi45q4DdT7UZY3hPAiChYIidu1cZYVNFLZYeFwXBQubSpEgWRtEWo0uaWCsFiFgU9TcwdN3MKW2oGMtxVftMDNZeYy3wCOCAfTz4jWdTo4sTYCJApKBkFE14eQDCOWxMDiAVXAkHlv1uDrCesro2aE4dDkaA0QCJxl1Q8Bh\/1F\/5hUDEfv0ec4kha+Ft52oA8w4FDf4Dq\/gIXaDlfwX3G8XnWOUGbAgYz+NijT6BdtC0LRcLwZ\/\/BNF5kL4vIheCWFvqRPtSzDgNWAoSQnhfCswFbqOdSUGLArcwmRgv9BbCbSiOCKGbCUlEmgbbYhSMOJFx0DHgXheDPf7BKJNhIBfCq\/HoyRDvC0qFwDhRtjutI5ZC39LXtioKnS1Hg4g1\/o3EM6GIShRba\/BAW2mu+XBiwIHN\/hHW+DFAcBjv5ASgmHgp9QcEKXdIkbaNa83VwujQiAQ4iuq4DlAVZ3cApPltUVIDiAYIpYLSYX1l4W+s9bAr8WhGCvCtvWYDTgOX\/BZ7kZaQ2gqsByv5pEjidgWm1zYWf+M7GeqNbBNVs8RpkBVJFzxCC1EFyZre61GkaHGBiHcxMuGIuC+TEwVtvGBwlUJGLeEoPf\/h4JwqbSao\/ypBGKhrWWIlaQ3A\/NbIIYL0FkF+FuDApIY42EiPUDWEYSBfAaZFT+7dgIoneF\/dwmIAvrHU5ML06A2F8QRiVAkhb+r\/wJwXlGgULu3MU8dwqKhxIdQhW4UdDvrBhqpUAzC3gYYwDDA0DwPDAWBZ0YMWBtgmiDMKmzGNg04Cf0FuL1+BKKvmc5AlSig=="} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1452082723926279} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1452082723926279} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1452082723926279,"flow_src_last_pkt_time":1452082723926279,"flow_dst_last_pkt_time":1452082723926279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1452082723926279,"l3_proto":"ip4","src_ip":"172.16.168.24","dst_ip":"172.16.168.64","src_port":40252,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1452082723926279,"flow_dst_last_pkt_time":1452082723926279,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1452082723926279,"pkt":"ZFEGDr6xAJC4HVbBCABFAAA8RJtAAEAGTaesEKgYrBCoQJ08E4h51uZ7AAAAAKACFtDUwwAAAgQFtAQCCAr\/\/6LgAAAAAAEDAwI="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1452082723926279,"flow_dst_last_pkt_time":1452082723926389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1452082723926389,"pkt":"AJC4HVbBZFEGDr6xCABFAAA8AABAAEAGkkKsEKhArBCoGBOInTxtGE\/GedbmfKASOJAO\/QAAAgQFtAQCCAoC2uQ3\/\/+i4AEDAwc="} @@ -17,7 +17,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1452082806850157,"flow_dst_last_pkt_time":1452082806850239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1452082806850239,"pkt":"AJC4HVbBZFEGDr6xCABFAAA0q\/BAAEAG5lmsEKhArBCoGBOInTxtGE\/HedbrOoAQAIj\/tAAAAQEICgLbNTH\/\/8NE"} 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1452082723926279,"flow_src_last_pkt_time":1452082807092242,"flow_dst_last_pkt_time":1452082806943418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1452082807092242,"l3_proto":"ip4","src_ip":"172.16.168.24","dst_ip":"172.16.168.64","src_port":40252,"dst_port":5000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 02239{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1452082723926279,"flow_src_last_pkt_time":1452082808893215,"flow_dst_last_pkt_time":1452082808744238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1452082808893215,"l3_proto":"ip4","src_ip":"172.16.168.24","dst_ip":"172.16.168.64","src_port":40252,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":110,"avg":5476932.0,"max":82923850,"stddev":20338496.0,"var":413654440738816.0,"ent":1.2,"data": [110,767,82923111,82923850,93229,93179,148856,148867,149150,149232,150979,151006,151543,151418,148416,148540,149040,148926,151726,151812,150927,150869,149665,149628,148360,148373,151331,151326,150797,150823,149039]},"pktlen": {"min":52,"avg":621.6,"max":1266,"stddev":605.3,"var":366444.4,"ent":4.2,"data": [60,60,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266]},"bins": {"c_to_s": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.659215927,5.154205799,5.101990700,2.844452143,4.935547352,4.443674088,5.026988029,5.479323864,4.988526344,5.514104366,5.026988029,5.763203144,5.026988029,5.730160236,4.950064659,7.345358372,4.986605644,6.633060932,5.010550499,6.320373535,4.972088337,7.249912262,5.049011707,7.189931393,5.010550022,7.249042511,5.049011707,6.371730804,5.010550499,6.932887077,4.986605644,7.123292446]},"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1643703745877296} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1643703745877296} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703745877296,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745877296,"pkt":"AAAAAAAAAA0A6CjdCABFAABmXqIAAH8RTaGW23YTwHHB49Paw1MAUs7pAAEARgAafnMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAixk="} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745893698,"pkt":"AAAAAAAAAAkAifetCABFAABm7FVAADgRxu3AccHjltt2E8NT09oAUln0AAIARgAafnM4NS4xNTQuMi4xNDUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA09o="} @@ -35,7 +35,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","vlan_id":1508,"flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGd7QABAEZsQCoxDp5SZVWHYahd4ACClNIFvzdUeUT0\/uAl02AAAARxIBuNyJ9wGQA=="} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703821596170,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703821596170,"vlan_id":1508,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":19,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703746016700,"flow_dst_last_pkt_time":1643703746015681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1104,"flow_src_tot_l4_payload_len":993,"flow_dst_tot_l4_payload_len":13839,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1643703821596170} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1643703821596170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657395 bytes -~~ total memory freed........: 8657395 bytes -~~ total allocations/frees...: 140677/140677 +~~ total memory allocated....: 9421865 bytes +~~ total memory freed........: 9421865 bytes +~~ total allocations/frees...: 154643/154643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2487 chars diff --git a/test/results/default/rtps.pcap.out b/test/results/default/rtps.pcap.out index 813d1237d..47f2f6a33 100644 --- a/test/results/default/rtps.pcap.out +++ b/test/results/default/rtps.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1498024847652004} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1498024847652004} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498024847652004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1498024847652004,"pkt":"AAAAAAAAAAAAAAAACABFAAAsAABAAEARPL9\/AAABfwAAAW3MHPIAGP4rUlRQUwIBAQFORERTUElORw=="} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498024847652004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -16,7 +16,7 @@ 01091{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025267652809,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025267652809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01091{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025327652932,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21076,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025327652932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025337682781,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025337682781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1498025337682781} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1498025337682781} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645705 bytes -~~ total memory freed........: 8645705 bytes -~~ total allocations/frees...: 140563/140563 +~~ total memory allocated....: 9410079 bytes +~~ total memory freed........: 9410079 bytes +~~ total allocations/frees...: 154529/154529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 1555 chars diff --git a/test/results/default/rtsp.pcap.out b/test/results/default/rtsp.pcap.out index 241c95b8b..b4441efff 100644 --- a/test/results/default/rtsp.pcap.out +++ b/test/results/default/rtsp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1627567277506127} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1627567277506127} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1627567277506127,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":149,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1627567277506127,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_usec":1627567277506127,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1627567277506127,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":149,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1627567277506127,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} @@ -62,7 +62,7 @@ 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":60,"flow_first_seen":1627567406342871,"flow_src_last_pkt_time":1627567465366594,"flow_dst_last_pkt_time":1627567465366846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":7540,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":52,"flow_first_seen":1627567466882987,"flow_src_last_pkt_time":1627567526623393,"flow_dst_last_pkt_time":1627567526623799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3772,"flow_dst_tot_l4_payload_len":7560,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":48,"flow_first_seen":1627567528106056,"flow_src_last_pkt_time":1627567528308580,"flow_dst_last_pkt_time":1627567528265801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3176,"flow_dst_tot_l4_payload_len":7568,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":568,"packets-processed":568,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1627567528308580} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":568,"packets-processed":568,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1627567528308580} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 568/568 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8690759 bytes -~~ total memory freed........: 8690759 bytes -~~ total allocations/frees...: 141188/141188 +~~ total memory allocated....: 9455325 bytes +~~ total memory freed........: 9455325 bytes +~~ total allocations/frees...: 155154/155154 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2224 chars diff --git a/test/results/default/rtsp_setup_http.pcapng.out b/test/results/default/rtsp_setup_http.pcapng.out index c341c0aa3..3c32ae762 100644 --- a/test/results/default/rtsp_setup_http.pcapng.out +++ b/test/results/default/rtsp_setup_http.pcapng.out @@ -1,10 +1,10 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625568705778896} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625568705778896} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1625568705778896,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625568705778896} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625568705778896} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646992 bytes -~~ total memory freed........: 8646992 bytes -~~ total allocations/frees...: 140537/140537 +~~ total memory allocated....: 9411366 bytes +~~ total memory freed........: 9411366 bytes +~~ total allocations/frees...: 154503/154503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 599 chars ~~ json message max len.......: 1103 chars diff --git a/test/results/default/rx.pcap.out b/test/results/default/rx.pcap.out index fa802fd62..d91c29700 100644 --- a/test/results/default/rx.pcap.out +++ b/test/results/default/rx.pcap.out @@ -1,5 +1,5 @@ -00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00800{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1460647264018403} +00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00800{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1460647264018403} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647264018403,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1460647264018403,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1460647264026287,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} @@ -37,7 +37,7 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":31,"flow_first_seen":1460647299704750,"flow_src_last_pkt_time":1460647320158014,"flow_dst_last_pkt_time":1460647300329629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4792,"flow_dst_tot_l4_payload_len":4266,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":9,"flow_first_seen":1460647299605656,"flow_src_last_pkt_time":1460647300326863,"flow_dst_last_pkt_time":1460647300326798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":7708,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264026325,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":132,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1460647320158051} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":132,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1460647320158051} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 132/132 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8658274 bytes -~~ total memory freed........: 8658274 bytes -~~ total allocations/frees...: 140704/140704 +~~ total memory allocated....: 9422776 bytes +~~ total memory freed........: 9422776 bytes +~~ total allocations/frees...: 154670/154670 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2164 chars diff --git a/test/results/default/s7comm-plus.pcap.out b/test/results/default/s7comm-plus.pcap.out index f00686d78..7dc8d5ea8 100644 --- a/test/results/default/s7comm-plus.pcap.out +++ b/test/results/default/s7comm-plus.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1412165336989258} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1412165336989258} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165336989258,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1412165336989258,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1412165336989258,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1412165336989258,"pkt":"ABwGD73lAFBWK1xlCABFAAA0OSlAAIAGDRbAqBmxwKgZg8+qAGYnLnytAAAAAIACIAAmnwAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1412165336989265,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1412165336989265,"pkt":"ABwGD73lAFBWK1xlCABFAAA0OSlAAIAGDRbAqBmxwKgZg8+qAGYnLnytAAAAAIACIAAmnwAAAgQFtAEDAwgBAQQC"} @@ -9,7 +9,7 @@ 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":2,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165336993088,"flow_dst_last_pkt_time":1412165336991654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1412165336993088,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":8,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165338064240,"flow_dst_last_pkt_time":1412165337104285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":297,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":545,"midstream":0,"thread_ts_usec":1412165338064240,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":38387.4,"max":995818,"stddev":175089.4,"var":30656290816.0,"ent":1.2,"data": [7,650,924,9,417,4,1746,2469,6,13767,4267,17657,4,12269,6,17776,4831,6,1514,9,7246,5693,10,28619,8,33319,4688,5,36256,995818,9]},"pktlen": {"min":40,"avg":100.3,"max":337,"stddev":73.0,"var":5323.4,"ent":4.7,"data": [52,52,46,40,40,76,76,76,257,257,46,177,47,47,162,162,71,47,47,123,123,84,47,47,133,133,337,47,47,46,133,133]},"bins": {"c_to_s": [12,2,6,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,2,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0],"entropies": [4.554988384,4.554988384,4.522394180,4.680641174,4.680641174,5.319911003,5.319911003,5.158287048,5.535624981,5.535624981,4.075662136,5.208230019,4.635028362,4.635028362,4.666445732,4.666445732,4.204725266,4.592475414,4.592475414,4.629901409,4.629901409,4.268610001,4.549922466,4.549922466,4.866230011,4.866230011,1.580462456,4.549922466,4.549922466,4.075662613,4.866230011,4.866230011]},"ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":25,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165344069312,"flow_dst_last_pkt_time":1412165344104127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":297,"flow_src_tot_l4_payload_len":3254,"flow_dst_tot_l4_payload_len":2655,"midstream":0,"thread_ts_usec":1412165344104127,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":79,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5909,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1412165344104127} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":79,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5909,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1412165344104127} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 79/79 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649177 bytes -~~ total memory freed........: 8649177 bytes -~~ total allocations/frees...: 140613/140613 +~~ total memory allocated....: 9413551 bytes +~~ total memory freed........: 9413551 bytes +~~ total allocations/frees...: 154579/154579 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2147 chars diff --git a/test/results/default/s7comm.pcap.out b/test/results/default/s7comm.pcap.out index 1e20d9a47..458aeef47 100644 --- a/test/results/default/s7comm.pcap.out +++ b/test/results/default/s7comm.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1408528803880679} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1408528803880679} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1408528803880679,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1408528803880679,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803884414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1408528803884414,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="} @@ -9,7 +9,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1408528803887617,"flow_dst_last_pkt_time":1408528803887528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1408528803887617,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLU1AAIAGAADAqAEKwKgBKBBZAGaQRN3RAAL7QVAY+r+DpAAAAwAABwLwAA=="} 02135{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803957564,"flow_dst_last_pkt_time":1408528803957480,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":794,"midstream":1,"thread_ts_usec":1408528803957564,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":66,"avg":4957.6,"max":9013,"stddev":3321.6,"var":11033309.0,"ent":4.5,"data": [3735,3883,3114,3055,66,6981,6927,4642,8989,4385,568,7037,6437,271,5970,5746,295,9009,8666,204,8975,8763,201,9013,8819,232,8990,8762,250,4988,4713]},"pktlen": {"min":47,"avg":77.2,"max":261,"stddev":40.3,"var":1625.5,"ent":4.9,"data": [62,62,65,67,47,73,121,47,73,121,47,73,261,47,73,121,47,69,101,47,69,101,47,69,101,47,69,101,47,71,77,47]},"bins": {"c_to_s": [17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0],"entropies": [4.432188988,4.290980816,4.257703304,3.892863989,4.469065666,4.562385082,3.916244507,4.469065666,4.445193291,3.499234200,4.469065666,4.517119408,2.438902855,4.367897987,4.497249603,3.901077271,4.469065666,4.394919872,4.398461342,4.469065666,4.423905373,4.398461342,4.426512718,4.412964821,4.410789013,4.469065666,4.412964821,4.372174263,4.410450935,4.692483425,4.443362713,4.469065666]},"ndpi": {"confidence": {"6":"DPI"},"proto":"S7Comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":19,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528804003972,"flow_dst_last_pkt_time":1408528804016478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":1202,"flow_dst_tot_l4_payload_len":1088,"midstream":1,"thread_ts_usec":1408528804016478,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"S7Comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":55,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1408528804016478} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":55,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1408528804016478} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 55/55 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648457 bytes -~~ total memory freed........: 8648457 bytes -~~ total allocations/frees...: 140588/140588 +~~ total memory allocated....: 9412831 bytes +~~ total memory freed........: 9412831 bytes +~~ total allocations/frees...: 154554/154554 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2140 chars diff --git a/test/results/default/safari.pcap.out b/test/results/default/safari.pcap.out index 46d5126cd..155bb9ffe 100644 --- a/test/results/default/safari.pcap.out +++ b/test/results/default/safari.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620898024056646} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620898024056646} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024056646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898024056646,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024056646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620898024056646,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024084984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620898024084984,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="} @@ -66,7 +66,7 @@ 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1620898025217296,"flow_src_last_pkt_time":1620898025483096,"flow_dst_last_pkt_time":1620898025512858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":1347,"flow_src_tot_l4_payload_len":1121,"flow_dst_tot_l4_payload_len":1488,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1620898025217638,"flow_src_last_pkt_time":1620898025483303,"flow_dst_last_pkt_time":1620898025371358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1125,"flow_dst_tot_l4_payload_len":4576,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027166473,"flow_dst_last_pkt_time":1620898027166397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":378,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":706,"flow_dst_tot_l4_payload_len":4696,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":168,"packets-processed":168,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":72162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1620898027166473} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":168,"packets-processed":168,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":72162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1620898027166473} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 168/168 ~~ skipped flows.............: 0 @@ -75,9 +75,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8873392 bytes -~~ total memory freed........: 8873392 bytes -~~ total allocations/frees...: 140824/140824 +~~ total memory allocated....: 9637991 bytes +~~ total memory freed........: 9637991 bytes +~~ total allocations/frees...: 154791/154791 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2298 chars diff --git a/test/results/default/salesforce.pcap.out b/test/results/default/salesforce.pcap.out index 0375a6ba1..b4c2e2336 100644 --- a/test/results/default/salesforce.pcap.out +++ b/test/results/default/salesforce.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1637949675032008} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1637949675032008} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675032008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637949675032008,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675032008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1637949675032008,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675060899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637949675060899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="} @@ -10,7 +10,7 @@ 01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1637949675088486,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","domainame":"help.salesforce.com","tls": {"version":"TLSv1.2","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 01612{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3465,"midstream":0,"thread_ts_usec":1637949675088575,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","domainame":"help.salesforce.com","tls": {"version":"TLSv1.2","server_names":"support.salesforce.com,help.salesforce.com","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F","blocks":0}}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675181063,"flow_dst_last_pkt_time":1637949675180938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3585,"midstream":0,"thread_ts_usec":1637949675181063,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1637949675181063} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1637949675181063} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655755 bytes -~~ total memory freed........: 8655755 bytes -~~ total allocations/frees...: 140558/140558 +~~ total memory allocated....: 9420129 bytes +~~ total memory freed........: 9420129 bytes +~~ total allocations/frees...: 154524/154524 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 1617 chars diff --git a/test/results/default/samsung_sdp.pcapng.out b/test/results/default/samsung_sdp.pcapng.out index 6065d1e7c..82e803af5 100644 --- a/test/results/default/samsung_sdp.pcapng.out +++ b/test/results/default/samsung_sdp.pcapng.out @@ -1,10 +1,10 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1757861543059723} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1757861543059723} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757861543059723,"flow_src_last_pkt_time":1757861543059723,"flow_dst_last_pkt_time":1757861543059723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757861543059723,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"192.168.0.255","src_port":60111,"dst_port":15600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1757861543059723,"flow_dst_last_pkt_time":1757861543059723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1757861543059723,"pkt":"\/\/\/\/\/\/\/\/wCONtffCCABFAAA\/8BFAAEARx+jAqABkwKgA\/+rPPPAAKwztU0VBUkNIIEJTRFAvMC4xCkRFVklDRT0wClNFUlZJQ0U9MQo="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757861543059723,"flow_src_last_pkt_time":1757861543059723,"flow_dst_last_pkt_time":1757861543059723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757861543059723,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"192.168.0.255","src_port":60111,"dst_port":15600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SamsungSDP","proto_id":"456","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1757861543059723,"flow_src_last_pkt_time":1757861543059723,"flow_dst_last_pkt_time":1757861543059723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1757861543059723,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"192.168.0.255","src_port":60111,"dst_port":15600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SamsungSDP","proto_id":"456","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1757861543059723} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/samsung_sdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1757861543059723} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644843 bytes -~~ total memory freed........: 8644843 bytes -~~ total allocations/frees...: 140533/140533 +~~ total memory allocated....: 9409217 bytes +~~ total memory freed........: 9409217 bytes +~~ total allocations/frees...: 154499/154499 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars ~~ json message max len.......: 984 chars diff --git a/test/results/default/scanner.pcap.out b/test/results/default/scanner.pcap.out index 99977c90a..9b381c84c 100644 --- a/test/results/default/scanner.pcap.out +++ b/test/results/default/scanner.pcap.out @@ -1,10 +1,10 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748365995662265} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748365995662265} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748365995662265,"flow_src_last_pkt_time":1748365995662265,"flow_dst_last_pkt_time":1748365995662265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748365995662265,"vlan_id":77,"l3_proto":"ip4","src_ip":"104.234.115.90","dst_ip":"89.31.73.45","src_port":21893,"dst_port":10847,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1748365995662265,"flow_dst_last_pkt_time":1748365995662265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":1748365995662265,"pkt":"bCtZld1KNO0bVMeBgQAATQgARWAALDC+AAA3BtQdaOpzWlkfSS1VhSpfx\/pTzAAAAABgAgQBeekAAAIEBbQAAA=="} 01153{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748365995662265,"flow_src_last_pkt_time":1748365995662265,"flow_dst_last_pkt_time":1748365995662265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748365995662265,"vlan_id":77,"l3_proto":"ip4","src_ip":"104.234.115.90","dst_ip":"89.31.73.45","src_port":21893,"dst_port":10847,"l4_proto":"tcp","ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748365995662265,"flow_src_last_pkt_time":1748365995662265,"flow_dst_last_pkt_time":1748365995662265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748365995662265,"vlan_id":77,"l3_proto":"ip4","src_ip":"104.234.115.90","dst_ip":"89.31.73.45","src_port":21893,"dst_port":10847,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1748365995662265} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/scanner.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1748365995662265} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644938 bytes -~~ total memory freed........: 8644938 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409312 bytes +~~ total memory freed........: 9409312 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 559 chars ~~ json message max len.......: 1158 chars diff --git a/test/results/default/sccp_hw_conf_register.pcapng.out b/test/results/default/sccp_hw_conf_register.pcapng.out index e2eddf394..1ac0bf852 100644 --- a/test/results/default/sccp_hw_conf_register.pcapng.out +++ b/test/results/default/sccp_hw_conf_register.pcapng.out @@ -1,5 +1,5 @@ -00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1557178511664958} +00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1557178511664958} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557178511664958,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1557178511664958,"pkt":"AFBW6tqSuDhhiHXECABFYAAsOMQAAP8GkNUKtG46CrRuMLV9B9BgU38BAAAAAGACECD5kQAAAgQFtA=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1557178511664958,"pkt":"uDhhiHXEAFBW6tqSCABFAAAsAABAAEAGSPoKtG4wCrRuOgfQtX0KPck5YFN\/AmASchDEGQAAAgQFtA=="} @@ -8,7 +8,7 @@ 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557178511664958,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511665950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1557178511665950,"pkt":"uDhhiHXEAFBW6tqSCABFAAAo4mtAAEAGZpIKtG4wCrRuOgfQtX0KPck6YFN\/ilAQdUDYHgAA"} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511908949,"flow_dst_last_pkt_time":1557178511907942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":496,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1557178511908949,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1557178511908949} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1557178511908949} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645331 bytes -~~ total memory freed........: 8645331 bytes -~~ total allocations/frees...: 140550/140550 +~~ total memory allocated....: 9409705 bytes +~~ total memory freed........: 9409705 bytes +~~ total allocations/frees...: 154516/154516 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 997 chars diff --git a/test/results/default/sctp.cap.out b/test/results/default/sctp.cap.out index 740aa9732..a74e83a24 100644 --- a/test/results/default/sctp.cap.out +++ b/test/results/default/sctp.cap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1088696689784578} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1088696689784578} 00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1088696689784578,"pkt":"AKCAAF5GCAADSgA1CABFAAB8FBwAADuESlQKHAYrChwGLEAAC4AAAW8KbbAYggADAFsoAkNFAACgvQAAAAdNRUdBQ08vMiA8bWctdHI+OjE2Mzg0ClJlcGx5ID0gMTc0MDkxewpDb250ZXh0ID0gMjU1ewpNb2RpZnkgPSBNVVgvMjU1Cn0KfQpn"} 00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -10,7 +10,7 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1088696689872631,"pkt":"AAGvDAaWAKCAAF5GCABFAAA4u4FAAP+EnzIKHAYsChwGKgtZC1kNU+b+jI4HRgUAABgAAQAUQORLkgocBiwbZq9+AAAAAA=="} 00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689872282,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784927,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1088696689872631} +00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1088696689872631} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647394 bytes -~~ total memory freed........: 8647394 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9411800 bytes +~~ total memory freed........: 9411800 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 930 chars diff --git a/test/results/default/selfsigned.pcap.out b/test/results/default/selfsigned.pcap.out index 4c30c7959..18391df8c 100644 --- a/test/results/default/selfsigned.pcap.out +++ b/test/results/default/selfsigned.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1588921646472768} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1588921646472768} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646472768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472768,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1588921646472768,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472882,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1588921646472882,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="} @@ -9,7 +9,7 @@ 01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646472909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646479120,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01720{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646482756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1588921646482756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost","domainame":"localhost","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","advertised_alpns":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B","blocks":0}}} 01307{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646517296,"flow_dst_last_pkt_time":1588921646517337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":849,"flow_dst_tot_l4_payload_len":1785,"midstream":0,"thread_ts_usec":1588921646517337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1588921646517337} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1588921646517337} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649687 bytes -~~ total memory freed........: 8649687 bytes -~~ total allocations/frees...: 140561/140561 +~~ total memory allocated....: 9414061 bytes +~~ total memory freed........: 9414061 bytes +~~ total allocations/frees...: 154527/154527 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 1725 chars diff --git a/test/results/default/sflow.pcap.out b/test/results/default/sflow.pcap.out index aa571c0ac..ff14a81f0 100644 --- a/test/results/default/sflow.pcap.out +++ b/test/results/default/sflow.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1378125488790492} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1378125488790492} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125488790492,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125488790492,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1378125488790492,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125488790492,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfoAAEARuUSsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAZ9nPdcQAAAAAQAAAAIAAABsAAAhJQAABAwAAAABAAAAAQAAAFgAAAQMAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAYwszAAAm4MAApAWAAH2cwAAAAAAAAAAAAAAAAAAAAAAUz3BAACgtwAAIYcAAAjXAAAAAAAAAAAAAAAA"} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1378125507793302,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125507793302,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfsAAEARuUOsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaBnPiFIAAAAAQAAAAIAAABsAAAAaAAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmHZAAAPY8ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHWdKAABT9wAJE0IACVxYAAAAAAAAAAAAAAAA"} @@ -9,7 +9,7 @@ 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1378125537795814,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125537795814,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIf4AAEARuUCsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaNnPpZ4AAAAAQAAAAIAAABsAAAAaQAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmQegAAPa0ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHXouAABUFQAJE1IACVxrAAAAAAAAAAAAAAAA"} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125537795814,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":748,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125537795814,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","proto_id":"129","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125597799203,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125597799203,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","proto_id":"129","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1378125597799203} +00809{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1378125597799203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645075 bytes -~~ total memory freed........: 8645075 bytes -~~ total allocations/frees...: 140541/140541 +~~ total memory allocated....: 9409449 bytes +~~ total memory freed........: 9409449 bytes +~~ total allocations/frees...: 154507/154507 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 973 chars diff --git a/test/results/default/shadowsocks.pcap.out b/test/results/default/shadowsocks.pcap.out index 7c86e5b4c..4fb582fc5 100644 --- a/test/results/default/shadowsocks.pcap.out +++ b/test/results/default/shadowsocks.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690018458225809} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690018458225809} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690018458225809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225809,"pkt":"AAAAAAAAAAAAAAAACABFAAA8OlVAAEAGAmV\/AAABfwAAAZQQBDjOLDYWAAAAAKAC\/9f+MAAAAgT\/1wQCCApvLCb4AAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225829,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQQ4lBAtEiM8ziw2F6AS\/8v+MAAAAgT\/1wQCCApvLCb4bywm+AEDAwc="} @@ -16,7 +16,7 @@ 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018459714485,"flow_dst_last_pkt_time":1690018459714444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":16384,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":67329,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00913{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1690018459714642} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1690018459714642} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652785 bytes -~~ total memory freed........: 8652785 bytes -~~ total allocations/frees...: 140594/140594 +~~ total memory allocated....: 9417191 bytes +~~ total memory freed........: 9417191 bytes +~~ total allocations/frees...: 154560/154560 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 973 chars diff --git a/test/results/default/shell.pcap.out b/test/results/default/shell.pcap.out index df9a9761c..b556b48d0 100644 --- a/test/results/default/shell.pcap.out +++ b/test/results/default/shell.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712518786333703} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712518786333703} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518786333703,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518786333703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518786333703,"pkt":"AAAAAAAAAAAAAAAACABFAAA8UINAAEAG7DZ\/AAABfwAAAboWgjVOSff2AAAAAKAC\/9f+MAAAAgT\/1wQCCAqKFvhnAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518786333714,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAYI1uhZ8EbgHTkn396AS\/8v+MAAAAgT\/1wQCCAqKFvhnihb4ZwEDAwc="} @@ -24,7 +24,7 @@ 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1712518852431973,"flow_src_last_pkt_time":1712518853691948,"flow_dst_last_pkt_time":1712518853691932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54970,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01244{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12250,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1712518853691948} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12250,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1712518853691948} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662137 bytes -~~ total memory freed........: 8662137 bytes -~~ total allocations/frees...: 140595/140595 +~~ total memory allocated....: 9426607 bytes +~~ total memory freed........: 9426607 bytes +~~ total allocations/frees...: 154561/154561 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 7473 chars diff --git a/test/results/default/signal.pcap.out b/test/results/default/signal.pcap.out index bb68594e2..7107709ad 100644 --- a/test/results/default/signal.pcap.out +++ b/test/results/default/signal.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569051245838268} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569051245838268} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051245838268,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac","domainame":"lucas-imac","dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}} @@ -21,38 +21,38 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247599529,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247643687,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73rrg+UqLaJ6n1qAScSCOEgAAAgQFrAQCCAqWTinBKFVR7gEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247645554,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247645554,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66AbtonqfW4PlKjIAQBAspvwAAAQEICihVUhuWTinB"} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247645675,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGRr3AqAIRFzkYEN66AbtonqfW4PlKjIAYBAt1eQAAAQEICihVUhuWTinBFgMBAgABAAH8AwORcncPsZ5qIVMCFuWgfAh6It7r+HS2ZZg+ldmkQzu5TCBZnL8ZiCuWJmLRaxcsIL0Nu9GPkgNG7xXFvEs6oR8pMAA0EwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEGl0dW5lcy5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgWo6on7tfmVX9S3E+N7mNvysCblDKK8M25vsu0sA3gR4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247645675,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247645675,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247689292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247689292,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0iWYAADQGC1wXORgQwKgCEQG73rrg+UqMaJ6p24AQAOsqrAAAAQEICpZOKe8oVVIb"} -01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247690070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247690070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247690070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247690070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247594090,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247704415,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG7wEr7fyfqQK3D1aASaN\/uCAAAAgQFrAQCCApkFVboKFVNgQEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247706588,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247706588,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcPV+38n64AQCBZ9JQAAAQEICihVTfNkFVbo"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1569051247706645,"pkt":"xiwDYGpkxGGLNYKpCABFAAD5AABAAEAGY7fAqAIRIuHwrcBKAbtArcPV+38n64AYCBZZNQAAAQEICihVTfNkFVboFgMBAMABAAC8AwNdhdJvuXs\/d642PJRF7UI\/AdVwXtSGkzdnBwsA+gkrIgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZwAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247706645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247706645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247600467,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247709413,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73rtLEL7asq23cqASaN9\/CQAAAgQFrAQCCApkFVbqKFVR7wEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247711067,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247711067,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67AbuyrbdySxC+24AQBAsSOAAAAQEICihVUlpkFVbq"} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247711181,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd67AbuyrbdySxC+24AYBAsbUQAAAQEICihVUlpkFVbqFgMBAgABAAH8AwNvt088oc+wJ\/keps9Nd59wAmt0exXgkmLypgOxJ3yQxCADkYPnm5qJAc81bPMGd68mU3RC86F4komLht8jFwvJuwAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgDvSu5WvgGSyqdaiHWcjph88Rx8PSoGix+VWVEEqv9GkALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247711181,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247711181,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247603797,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247714648,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73r1n96jrbdjHEKASaN+tQgAAAgQFrAQCCApkFVbrKFVR8gEDAwg="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247601573,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247714775,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G9nMi4fCtwKgCEQG73rwJHv1\/xsFthKASaN+4LQAAAgQFrAQCCApkFVbrKFVR8AEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247716291,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247716291,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2McQZ\/eo7IAQBAtAbwAAAQEICihVUl9kFVbr"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247716407,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd69Abtt2McQZ\/eo7IAYBAtWzgAAAQEICihVUl9kFVbrFgMBAgABAAH8AwNt7hXbpLjXMRR\/bxdtzkjvB4xS1PwDQ6PxbRaUrO0qwSDVSMeS43dgzqJuDX9Nz7D77w9PJu+JEAZF32iZkikHGQAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAggkVxJnNxvx7yRJ3IWr6\/bePVPj3hLoE6hEcrUhAYuEMALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716407,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716407,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247716684,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247716684,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW2ECR79gIAQBAtLWAAAAQEICihVUl9kFVbr"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247716836,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd68AbvGwW2ECR79gIAYBAtCawAAAQEICihVUl9kFVbrFgMBAgABAAH8AwMC\/iq\/29\/bfQmL3NywRdaHPxawxpN\/gjq67bcZmEul+iC0YvLniq6GFUwRgLKNIv\/K1BW3lLi2Y9hIO9HhpF3gJwAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg4ti0IjmHHcY34Qh7EHKKwWM8SOIvozUrzGlVTZfDoB4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716836,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247791544,"flow_dst_last_pkt_time":1569051247792234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":10648,"midstream":0,"thread_ts_usec":1569051247792234,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":12410.3,"max":52274,"stddev":19984.8,"var":399390400.0,"ent":3.2,"data": [44158,46025,121,45605,778,217,319,168,47796,18,50,46011,44670,7772,1684,58,381,118,52274,18,1127,18,42555,122,704,525,120,879,64,358,7]},"pktlen": {"min":52,"avg":413.3,"max":1492,"stddev":522.5,"var":272968.6,"ent":4.0,"data": [64,60,52,569,52,1492,1492,1268,1492,52,52,52,659,52,132,98,95,87,193,323,323,52,122,52,52,52,52,83,1098,1098,1492,413]},"bins": {"c_to_s": [10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1],"entropies": [4.496222496,5.260978699,5.115703106,4.449790955,5.154164791,7.842132568,7.877580166,7.812294483,7.873640060,5.077241421,5.115703106,5.032077789,7.623220921,5.154164791,6.284255981,5.843806267,5.875387192,5.767893314,6.860127449,7.271677971,7.350573063,5.115703106,6.393777370,5.115703106,5.062724113,5.024262428,5.038779736,5.628359795,7.828307152,7.836736202,7.865890980,7.503857136]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716836,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247791544,"flow_dst_last_pkt_time":1569051247792234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":10648,"midstream":0,"thread_ts_usec":1569051247792234,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":12410.3,"max":52274,"stddev":19984.8,"var":399390400.0,"ent":3.2,"data": [44158,46025,121,45605,778,217,319,168,47796,18,50,46011,44670,7772,1684,58,381,118,52274,18,1127,18,42555,122,704,525,120,879,64,358,7]},"pktlen": {"min":52,"avg":413.3,"max":1492,"stddev":522.5,"var":272968.6,"ent":4.0,"data": [64,60,52,569,52,1492,1492,1268,1492,52,52,52,659,52,132,98,95,87,193,323,323,52,122,52,52,52,52,83,1098,1098,1492,413]},"bins": {"c_to_s": [10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1],"entropies": [4.496222496,5.260978699,5.115703106,4.449790955,5.154164791,7.842132568,7.877580166,7.812294483,7.873640060,5.077241421,5.115703106,5.032077789,7.623220921,5.154164791,6.284255981,5.843806267,5.875387192,5.767893314,6.860127449,7.271677971,7.350573063,5.115703106,6.393777370,5.115703106,5.062724113,5.024262428,5.038779736,5.628359795,7.828307152,7.836736202,7.865890980,7.503857136]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247816804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247816804,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cO8AAO0Ghowi4fCtwKgCEQG7wEr7fyfrQK3EmoAQAG6D7AAAAQEICmQVVwQoVU3z"} -01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247818667,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01772{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051247818679,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01381{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247818667,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01770{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051247818679,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247820470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247820470,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06d0AAO0GDZ4i4fCtwKgCEQG73rtLEL7bsq25d4AQAG4TtAAAAQEICmQVVwYoVVJa"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247822394,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01736{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247822421,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247822394,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247822421,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247827539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247827539,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/+sAAO0G948i4fCtwKgCEQG73r1n96jsbdjJFYAQAG5B6wAAAQEICmQVVwcoVVJf"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247830388,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01736{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247830426,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247830388,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247830426,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247830427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247830427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qogAAO4GS\/Mi4fCtwKgCEQG73rwJHv2AxsFviYAQAG5M0wAAAQEICmQVVwgoVVJf"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247832906,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01736{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247832918,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247832906,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247832918,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569051248547165,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051248547165,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTAAAP8RkXUAAAAA\/\/\/\/\/wBEAEMBNJw9AQEGACG6jqoABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1569051253252519,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051253252519,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTEAAP8RkXQAAAAA\/\/\/\/\/wBEAEMBNJw4AQEGACG6jqoACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051255515841,"flow_src_last_pkt_time":1569051255515841,"flow_dst_last_pkt_time":1569051255515841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051255515841,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -65,7 +65,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1569051255515909,"flow_dst_last_pkt_time":1569051255539575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051255539575,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qAQAADEGen4R+JKQwKgCEQG73qSsUOk6vJjB8IAQBCu0ZAAAAQEICt4q7JEoVW9l"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051257169058,"flow_src_last_pkt_time":1569051257169058,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051257169058,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1569051257169058,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1569051257169058,"pkt":"xiwDYGpkxGGLNYKpCABFAABLAABAAEAGjWvAqAIRAhLodt65Absqy4Q4WMZypYAYBABE5AAAAQEICihVdq6vX9qZFQMDABKEOlUEciue5QZs7g3+sWQHUk8="} -00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051257169058,"flow_src_last_pkt_time":1569051257169058,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051257169058,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051257169058,"flow_src_last_pkt_time":1569051257169058,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051257169058,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1569051257169426,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051257169426,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGjYLAqAIRAhLodt65Absqy4RPWMZypYARBABBggAAAQEICihVdq6vX9qZ"} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1569051257169426,"flow_dst_last_pkt_time":1569051257192060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1569051257192060,"pkt":"xGGLNYKpxiwDYGpkCABFAABL884AADUG5JwCEuh2wKgCEQG73rlYxnKlKsuET4AYAQIBNAAAAQEICq9gUAcoVXauFQMDABK6ebhIWf6gqCdSaZoYDdKf06A="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1569051257169426,"flow_dst_last_pkt_time":1569051257192085,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051257192085,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0888AADUG5LICEuh2wKgCEQG73rlYxnK8KsuET4ARAQLO+gAAAQEICq9gUAcoVXau"} @@ -92,51 +92,51 @@ 00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264115004,"flow_src_last_pkt_time":1569051264115004,"flow_dst_last_pkt_time":1569051264115004,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264115004,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":3.664498}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264116081,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264116081,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3a+K4DuqGYAQBAvjSwAAAQEICihVknGWTmoX"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264116204,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGRr3AqAIRFzkYEN6+AbvH3a+K4DuqGYAYBAtznQAAAQEICihVknKWTmoXFgMBAgABAAH8AwPawK\/+wN1+Tx0CNiEAg+cUW3czvaCh\/qY5WXGzJz9xKSBQ\/3brog7H4kKz+Cr0Y+KAPc0Wuh7pzTw9CcTlpz8EzgA0EwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEGl0dW5lcy5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgQjLeK9mUdDm2SPbON0\/yv\/211C08osOnnwisGWfkQjYALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264116204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264116204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264150664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264150664,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0riEAADQG5qAXORgQwKgCEQG73r7gO6oZx92xj4AQAOvkPwAAAQEICpZOaj0oVZJy"} -01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264151436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264151436,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264151436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264151436,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264073974,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264185629,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG7wEvNn9QhBdFlyaASaN\/LpgAAAgQFrAQCCApkFUBJKFWN0AEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264186713,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264186713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAQCBZawQAAAQEICihVjkRkFUBJ"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264090815,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264198395,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73r+o1iHY6c+USqASaN9tOAAAAgQFrAQCCApkFUBMKFWSWgEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264091926,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264203333,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sBFykuNjtdEXqASaN9RcQAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264093006,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264203483,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sEV2c5FmCCLjaASaN+uMAAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1569051264229464,"pkt":"xiwDYGpkxGGLNYKpCABFAAD5AABAAEAGUHXAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAYCBbVbwAAAQEICihVjm1kFUBJFgMBAMABAAC8AwNdhdKAFZvPd8KN3PrIuLJ+p3RN76tFaWi69JIAQQd9fgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZwAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264229464,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264229464,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259275,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259275,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5RKqNYh2YAQBAsAMQAAAQEICihVkvtkFUBM"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259325,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN6\/Abvpz5RKqNYh2YAYBAufSQAAAQEICihVkvtkFUBMFgMBAgABAAH8AwN+5Ttf6YokHynLX4ecaPrHKATOoW12Tu+wzd9uDQspWSA1hUwuwgYjwI2sT5j3KinfN4lvjC3KseF9UMaW83tPxQAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgepTejFE5doby0DivzOsCuvXU1Qv8gn4J5BRpbhy8vDQALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259325,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259325,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259363,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259363,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ReRcpLjoAQBAvkagAAAQEICihVkvtkFUBN"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259470,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7AAbuO10ReRcpLjoAYBAsKeAAAAQEICihVkvxkFUBNFgMBAgABAAH8AwNYXsKfONHmzDFwOYBHmMHWccv+TKZTGPJmOKuaWv\/yOCDtD78sld\/x8V+rzxyBuU3uWmdAA4D7yp8sPLtMpD+m1QAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg1yEhEumbjcw84EpI\/aJKwlqb4nNO3GXKiR9CVTP9slYALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259470,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259470,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259507,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259507,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYIIuNFdnORoAQBAtBKQAAAQEICihVkvxkFUBN"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259677,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7BAbuYIIuNFdnORoAYBAvQ5wAAAQEICihVkvxkFUBNFgMBAgABAAH8AwMBrKJ6lAeYyvz4VxhLDcDvBph9JELZn65LIOXEqYKG0yBO77oSw5+zVdfbslJwrAju9uKTARXrNL8JS7VTuLS\/cAAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgH0+fBZOWslk8wxPYbGM9RiS44cUzBW0Uf6uB5Vg5FGAALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259677,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264310199,"flow_dst_last_pkt_time":1569051264310869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":862,"flow_dst_tot_l4_payload_len":11255,"midstream":0,"thread_ts_usec":1569051264310869,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":14977.4,"max":100663,"stddev":25001.2,"var":625062336.0,"ent":3.3,"data": [34916,37696,123,37363,772,231,309,173,37044,153,34846,100663,83343,17640,1078,2531,59,427,91,36023,34,31611,467,2412,13,489,2231,1076,233,244,7]},"pktlen": {"min":52,"avg":431.7,"max":1492,"stddev":520.4,"var":270842.4,"ent":4.1,"data": [64,60,52,569,52,1492,1492,1268,1492,52,52,659,52,659,64,132,98,95,87,193,323,323,52,52,52,122,52,52,1098,1098,1492,413]},"bins": {"c_to_s": [9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1],"entropies": [4.496222496,5.227644920,5.115703106,4.414837837,5.154164791,7.853477478,7.870889187,7.817573071,7.876551151,5.115703106,5.062724590,7.664700031,5.077241421,7.657122135,4.978374004,6.355051041,5.966256618,5.935075283,5.821801186,6.831858158,7.289732933,7.287264824,5.154164791,5.115703106,5.154164791,6.311809540,5.115703106,5.115703106,7.817995071,7.817259789,7.852911472,7.453959465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259677,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264310199,"flow_dst_last_pkt_time":1569051264310869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":862,"flow_dst_tot_l4_payload_len":11255,"midstream":0,"thread_ts_usec":1569051264310869,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":14977.4,"max":100663,"stddev":25001.2,"var":625062336.0,"ent":3.3,"data": [34916,37696,123,37363,772,231,309,173,37044,153,34846,100663,83343,17640,1078,2531,59,427,91,36023,34,31611,467,2412,13,489,2231,1076,233,244,7]},"pktlen": {"min":52,"avg":431.7,"max":1492,"stddev":520.4,"var":270842.4,"ent":4.1,"data": [64,60,52,569,52,1492,1492,1268,1492,52,52,659,52,659,64,132,98,95,87,193,323,323,52,52,52,122,52,52,1098,1098,1492,413]},"bins": {"c_to_s": [9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1],"entropies": [4.496222496,5.227644920,5.115703106,4.414837837,5.154164791,7.853477478,7.870889187,7.817573071,7.876551151,5.115703106,5.062724590,7.664700031,5.077241421,7.657122135,4.978374004,6.355051041,5.966256618,5.935075283,5.821801186,6.831858158,7.289732933,7.287264824,5.154164791,5.115703106,5.154164791,6.311809540,5.115703106,5.115703106,7.817995071,7.817259789,7.852911472,7.453959465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264341086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264341086,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0lEcAAO4GTvIjqQMowKgCEQG7wEvNn9QiBdFmjoAQAG5hVAAAAQEICmQVQHAoVY5t"} -01382{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264342899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264342899,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01771{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264343005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051264343005,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264342899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264342899,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264343005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051264343005,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264367627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264367627,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0Ya4AAO4GgYsjqQMowKgCEQG73r+o1iHZ6c+WT4AQAG4BngAAAQEICmQVQHcoVZL7"} -01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264369936,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01735{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264369938,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264369936,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264369938,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264371125,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264371125,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0jjEAAO4GVQgjqQMowKgCEQG73sEV2c5GmCCNkoAQAG5ClwAAAQEICmQVQHcoVZL8"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264371989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264371989,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0C\/kAAO4G10AjqQMowKgCEQG73sBFykuOjtdGY4AQAG7l1wAAAQEICmQVQHcoVZL8"} -01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373131,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01735{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264373258,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} -01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264373882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373882,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01735{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264374011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264374011,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373131,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264373258,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264373882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373882,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264374011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264374011,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264666082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264666082,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264666082,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051264666082,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7CAbvJrSrvAAAAALAC\/\/+7dwAAAgQFtAEDAwcBAQgKKFWUiQAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264775024,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sL5Zid4ya0q8KASaN+dwQAAAgQFrAQCCApkFUDdKFWUiQEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264776703,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264776703,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSrw+WYneYAQBAsw7wAAAQEICihVlPVkFUDd"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264776825,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7CAbvJrSrw+WYneYAYBAsKOgAAAQEICihVlPVkFUDdFgMBAgABAAH8AwPqnmHY+ky08QaEFpsYq0FGVLaxG+964Hq2icanaO7xlCBmz3takGKujlgk83\/DuHgM2oWMrAxFhkG7HMIkIEBMvgAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg5cIrTlOOMEP5oixl5QwpN10lLFAYbdhRGOo98Zyw2T4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264776825,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264776825,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264885425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264885425,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0Z4EAAO4Ge7gjqQMowKgCEQG73sL5Zid5ya0s9YAQAG4ybAAAAQEICmQVQPgoVZT1"} -01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264887563,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01735{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264887591,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} -02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051265118031,"flow_dst_last_pkt_time":1569051265227415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":12293,"flow_dst_tot_l4_payload_len":2636,"midstream":0,"thread_ts_usec":1569051265227415,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32686.5,"max":114919,"stddev":49905.0,"var":2490513152.0,"ent":3.3,"data": [108942,110621,122,110401,2138,28,112445,4951,114919,23,109553,1892,17,11,122,779,118,231,116,111402,211,108448,1776,614,1715,181,200,291,136,109394,1485]},"pktlen": {"min":52,"avg":519.2,"max":1492,"stddev":606.2,"var":367455.8,"ent":4.1,"data": [64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52]},"bins": {"c_to_s": [4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1],"entropies": [4.390677452,5.215063572,5.101185799,4.568855762,5.154164791,7.123593330,7.686298847,5.024262428,6.455136299,5.824676991,6.354698181,5.077241421,5.747490406,5.596203804,5.551773548,7.089583874,7.859809875,7.887398720,7.860632420,7.352869511,5.192626476,5.919520855,7.736015797,5.115703106,5.115703106,7.850556374,7.899875164,7.874493599,7.879738331,6.114603519,5.154164791,4.993616104]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264887563,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264887591,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051265118031,"flow_dst_last_pkt_time":1569051265227415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":12293,"flow_dst_tot_l4_payload_len":2636,"midstream":0,"thread_ts_usec":1569051265227415,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32686.5,"max":114919,"stddev":49905.0,"var":2490513152.0,"ent":3.3,"data": [108942,110621,122,110401,2138,28,112445,4951,114919,23,109553,1892,17,11,122,779,118,231,116,111402,211,108448,1776,614,1715,181,200,291,136,109394,1485]},"pktlen": {"min":52,"avg":519.2,"max":1492,"stddev":606.2,"var":367455.8,"ent":4.1,"data": [64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52]},"bins": {"c_to_s": [4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1],"entropies": [4.390677452,5.215063572,5.101185799,4.568855762,5.154164791,7.123593330,7.686298847,5.024262428,6.455136299,5.824676991,6.354698181,5.077241421,5.747490406,5.596203804,5.551773548,7.089583874,7.859809875,7.887398720,7.860632420,7.352869511,5.192626476,5.919520855,7.736015797,5.115703106,5.115703106,7.850556374,7.899875164,7.874493599,7.879738331,6.114603519,5.154164791,4.993616104]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051266396342,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1569051266396342,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} -00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051266396342,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051266396342,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1569051266396673,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051266396673,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0yV4AADQGy2MXORgQwKgCEQG73rjhiC9VLB07wYARAQL5ggAAAQEICpZOcwIoVP9f"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1569051266743731,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1569051266743731,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV8AADQGy0oXORgQwKgCEQG73rjhiC89LB07wYAYAQKXnQAAAQEICpZOdF0oVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1569051266743731,"flow_dst_last_pkt_time":1569051266980874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051266980874,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN64AbssHTvB4YgvVYAQA\/9Y6QAAAQEICihVnPyWTnMC"} @@ -146,31 +146,31 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1569051267121677,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051267154562,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAPEG\/LQNI\/0qwKgCEQG73sO\/wI8zI0fK7aAScSCWtAAAAgQFrAQCCAqvNN\/RKFWeFwEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569051267161440,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051267161440,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8rtv8CPNIAQBAsybAAAAQEICihVnjqvNN\/R"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051267161538,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGa7jAqAIRDSP9Kt7DAbsjR8rtv8CPNIAYBAvKhwAAAQEICihVnj6vNN\/RFgMBAgABAAH8AwOed0BRRXhHmhS2o0Rd7s+quzaOqPDOekK9aAMPsTMIOSC1IZE3ylyuwin+a6TID60OpC6k\/IyX7sen4PPIFu25JAAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAABMAEQAADmNkbi5zaWduYWwub3JnABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIKiOhVxjy4KSaZXVIZPgxwuPZSXAvfjlA0iNSRIg7yBrAC0AAgEBACsABQQDBAMDAAoACgAIAB0AFwAYABkAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267161538,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267161538,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267194585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051267194585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0UOEAAPEGq9sNI\/0qwKgCEQG73sO\/wI80I0fM8oAQAHYz9AAAAQEICq8039UoVZ4+"} -01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051267197332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01625{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2383,"midstream":0,"thread_ts_usec":1569051267197345,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","server_names":"cdn.signal.org","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12","blocks":0}}} -02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267296344,"flow_dst_last_pkt_time":1569051267317465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":11716,"flow_dst_tot_l4_payload_len":2541,"midstream":0,"thread_ts_usec":1569051267317465,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":11950.2,"max":43365,"stddev":16041.8,"var":257340416.0,"ent":3.7,"data": [32885,39763,98,40023,2747,13,39382,7752,43365,416,22,34673,57,7463,493,19,81,373,5900,119,379,42152,16,471,26781,7559,10672,123,259,280,26119]},"pktlen": {"min":52,"avg":498.2,"max":1492,"stddev":608.0,"var":369644.2,"ent":4.0,"data": [64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52]},"bins": {"c_to_s": [5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1],"entropies": [4.433722496,5.194311619,5.024262428,4.269306660,5.062724590,7.102223873,7.698739052,5.077241421,6.281415939,5.115703106,5.989915848,6.360937119,5.077241421,5.077241421,5.716584206,5.596204281,5.530496597,6.966745853,5.422244072,7.874898434,7.862365246,7.863490105,4.937912464,5.888910294,5.077241421,7.631612301,5.077241421,7.861750603,7.881488323,7.873866558,7.857449532,5.115703106]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051267197332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2383,"midstream":0,"thread_ts_usec":1569051267197345,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","server_names":"cdn.signal.org","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12","blocks":0}}} +02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267296344,"flow_dst_last_pkt_time":1569051267317465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":11716,"flow_dst_tot_l4_payload_len":2541,"midstream":0,"thread_ts_usec":1569051267317465,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":11950.2,"max":43365,"stddev":16041.8,"var":257340416.0,"ent":3.7,"data": [32885,39763,98,40023,2747,13,39382,7752,43365,416,22,34673,57,7463,493,19,81,373,5900,119,379,42152,16,471,26781,7559,10672,123,259,280,26119]},"pktlen": {"min":52,"avg":498.2,"max":1492,"stddev":608.0,"var":369644.2,"ent":4.0,"data": [64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52]},"bins": {"c_to_s": [5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1],"entropies": [4.433722496,5.194311619,5.024262428,4.269306660,5.062724590,7.102223873,7.698739052,5.077241421,6.281415939,5.115703106,5.989915848,6.360937119,5.077241421,5.077241421,5.716584206,5.596204281,5.530496597,6.966745853,5.422244072,7.874898434,7.862365246,7.863490105,4.937912464,5.888910294,5.077241421,7.631612301,5.077241421,7.861750603,7.881488323,7.873866558,7.857449532,5.115703106]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051261595218,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}} 01077{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1569051255515841,"flow_src_last_pkt_time":1569051255541412,"flow_dst_last_pkt_time":1569051255539776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051267100183,"flow_dst_last_pkt_time":1569051267098946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":938,"flow_dst_tot_l4_payload_len":3555,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1569051257169058,"flow_src_last_pkt_time":1569051257194834,"flow_dst_last_pkt_time":1569051257192407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":23,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":95,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267569935,"flow_dst_last_pkt_time":1569051267601717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":195730,"flow_dst_tot_l4_payload_len":3003,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"cdn.signal.org"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051267100183,"flow_dst_last_pkt_time":1569051267098946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":938,"flow_dst_tot_l4_payload_len":3555,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00953{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1569051257169058,"flow_src_last_pkt_time":1569051257194834,"flow_dst_last_pkt_time":1569051257192407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":23,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":95,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267569935,"flow_dst_last_pkt_time":1569051267601717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":195730,"flow_dst_tot_l4_payload_len":3003,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"cdn.signal.org"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051264088425,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264113960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"textsecure-service.whispersystems.org"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264669892,"flow_dst_last_pkt_time":1569051264664676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":2828,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264679871,"flow_dst_last_pkt_time":1569051264678301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":3041,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264674713,"flow_dst_last_pkt_time":1569051264673423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":2793,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051265237202,"flow_dst_last_pkt_time":1569051265235427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":12293,"flow_dst_tot_l4_payload_len":5429,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264669892,"flow_dst_last_pkt_time":1569051264664676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":2828,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264679871,"flow_dst_last_pkt_time":1569051264678301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":3041,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264674713,"flow_dst_last_pkt_time":1569051264673423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":2793,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051265237202,"flow_dst_last_pkt_time":1569051265235427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":12293,"flow_dst_tot_l4_payload_len":5429,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051247593701,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247630078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e673.dsce9.akamaiedge.net"}} -00948{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051267048829,"flow_dst_last_pkt_time":1569051267005795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":63,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01012{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":20,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247843054,"flow_dst_last_pkt_time":1569051247841181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":10672,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com"}} -01013{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":21,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264482482,"flow_dst_last_pkt_time":1569051264481174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":11279,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com"}} -01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051257495298,"flow_dst_last_pkt_time":1569051257493175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":818,"flow_dst_tot_l4_payload_len":2835,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00949{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051267048829,"flow_dst_last_pkt_time":1569051267005795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":63,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01013{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":20,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247843054,"flow_dst_last_pkt_time":1569051247841181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":10672,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com"}} +01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":21,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264482482,"flow_dst_last_pkt_time":1569051264481174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":11279,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com"}} +01113{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051257495298,"flow_dst_last_pkt_time":1569051257493175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":818,"flow_dst_tot_l4_payload_len":2835,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264115004,"flow_src_last_pkt_time":1569051264115004,"flow_dst_last_pkt_time":1569051264115004,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051261087134,"flow_dst_last_pkt_time":1569051248058195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":2793,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051261087155,"flow_dst_last_pkt_time":1569051248073795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":2828,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051261087166,"flow_dst_last_pkt_time":1569051248067523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":3041,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":637,"packets-processed":637,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":173,"global_ts_usec":1569051267601717} +00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051261087134,"flow_dst_last_pkt_time":1569051248058195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":2793,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051261087155,"flow_dst_last_pkt_time":1569051248073795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":2828,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051261087166,"flow_dst_last_pkt_time":1569051248067523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":3041,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":637,"packets-processed":637,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":173,"global_ts_usec":1569051267601717} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 ~~ skipped flows.............: 0 @@ -179,10 +179,10 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9031363 bytes -~~ total memory freed........: 9031363 bytes -~~ total allocations/frees...: 141508/141508 +~~ total memory allocated....: 9796379 bytes +~~ total memory freed........: 9796379 bytes +~~ total allocations/frees...: 155476/155476 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars -~~ json message max len.......: 2185 chars -~~ json message avg len.......: 1364 chars +~~ json message max len.......: 2183 chars +~~ json message avg len.......: 1363 chars diff --git a/test/results/default/signal_audiocall.pcapng.out b/test/results/default/signal_audiocall.pcapng.out index 29e139667..3db6fb245 100644 --- a/test/results/default/signal_audiocall.pcapng.out +++ b/test/results/default/signal_audiocall.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024252560352} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024252560352} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024252560352,"pkt":"dNo47VMyYhO2esBpCABFAAAwRWRAAEARGavAqAxDI9jq6rFrDZYAHHVvAAEAACESpEJXWklqc1dDeWlGaWU="} 01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -37,7 +37,7 @@ 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024262578771,"flow_dst_last_pkt_time":1732024262586393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":29,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024271632164,"flow_dst_last_pkt_time":1732024271627708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":2352,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1732024255310800,"flow_src_last_pkt_time":1732024270121601,"flow_dst_last_pkt_time":1732024270117593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":992,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":12261,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":268,"packets-processed":268,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1732024271658206} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":268,"packets-processed":268,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1732024271658206} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 268/268 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659810 bytes -~~ total memory freed........: 8659810 bytes -~~ total allocations/frees...: 140830/140830 +~~ total memory allocated....: 9424280 bytes +~~ total memory freed........: 9424280 bytes +~~ total allocations/frees...: 154796/154796 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2262 chars diff --git a/test/results/default/signal_audiocall_2.pcapng.out b/test/results/default/signal_audiocall_2.pcapng.out index bcb41addd..96aafa1cd 100644 --- a/test/results/default/signal_audiocall_2.pcapng.out +++ b/test/results/default/signal_audiocall_2.pcapng.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1741528492221089} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1741528492221089} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528492221089,"flow_src_last_pkt_time":1741528492221089,"flow_dst_last_pkt_time":1741528492221089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528492221089,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1741528492221089,"flow_dst_last_pkt_time":1741528492221089,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741528492221089,"pkt":"dNo47VMyYhO2esBpCABFAAA832ZAAEAG5OXAqAxDTN9cpbloAbt\/gJNlAAAAAKAC\/\/8flAAAAgQFtAQCCAqdC0blAAAAAAEDAwk="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1741528492221089,"flow_dst_last_pkt_time":1741528492224295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741528492224295,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAAPYGDkxM31ylwKgMQwG7uWiLq6Pzf4CTZqAS\/\/+KyQAAAgQFtAQCCAo2+i4hnQtG5QEDAwg="} @@ -47,7 +47,7 @@ 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":24,"flow_first_seen":1741528492226636,"flow_src_last_pkt_time":1741528542565107,"flow_dst_last_pkt_time":1741528542562123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":5040,"midstream":0,"thread_ts_usec":1741528544877755,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"chat.signal.org"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1741528530074946,"flow_src_last_pkt_time":1741528540100828,"flow_dst_last_pkt_time":1741528540113160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1392,"flow_dst_tot_l4_payload_len":1284,"midstream":0,"thread_ts_usec":1741528544877755,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"141.101.90.1","src_port":43281,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.cloudflare.com"}} 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1741528531527397,"flow_src_last_pkt_time":1741528544877755,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528544877755,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"10.219.164.8","src_port":43281,"dst_port":50017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":258,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1741528544877755} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":258,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1741528544877755} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 258/258 ~~ skipped flows.............: 0 @@ -56,9 +56,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8718063 bytes -~~ total memory freed........: 8718063 bytes -~~ total allocations/frees...: 140855/140855 +~~ total memory allocated....: 9482631 bytes +~~ total memory freed........: 9482631 bytes +~~ total allocations/frees...: 154823/154823 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2264 chars diff --git a/test/results/default/signal_multiparty.pcapng.out b/test/results/default/signal_multiparty.pcapng.out index 8e2d3b396..65bf0643a 100644 --- a/test/results/default/signal_multiparty.pcapng.out +++ b/test/results/default/signal_multiparty.pcapng.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733239341173023} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733239341173023} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341173023,"flow_dst_last_pkt_time":1733239341173023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733239341173023,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733239341173023,"flow_dst_last_pkt_time":1733239341173023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733239341173023,"pkt":"dNo47VMyYhO2esBpCABFAACAzjRAAEAR8PbAqAxDI8+Kh5WfJxAAbGD5AAEAUCESpEJwZ3QzcmROMU00NUMABgAJaDMrWjpFZVhBAAAAwFcABAADAAqAKgAI8t7zQbISIGgAJQAAACQABG5\/Hv8ACAAU6J251WfQ5z114UuxJd3wiXnphpSAKAAEllidBQ=="} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341173023,"flow_dst_last_pkt_time":1733239341173023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733239341173023,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -10,7 +10,7 @@ 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1733239341221458,"flow_dst_last_pkt_time":1733239341242183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733239341242183,"pkt":"YhO2esBpdNo47VMyCABFYACAtuJAADkRDukjz4qHwKgMQycQlZ8AbFyyAQEAUCESpEJDaXByL0xFWlhoZ0wABgAJRWVYQTpoMytaAAAAwFcABAADAAqAKgAI8t7zQbISIGgAJQAAACQABG5\/Hv8ACAAU90Nkc7I3jWePLnbox4hjB+wj3w+AKAAEhx4wsQ=="} 01046{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341221458,"flow_dst_last_pkt_time":1733239341242183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":255,"midstream":0,"thread_ts_usec":1733239341242183,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":6,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341632534,"flow_dst_last_pkt_time":1733239341575898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":8051,"flow_dst_tot_l4_payload_len":442,"midstream":0,"thread_ts_usec":1733239341632534,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SRTP.SignalVoip","proto_id":"338.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8493,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733239341632534} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8493,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733239341632534} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645684 bytes -~~ total memory freed........: 8645684 bytes -~~ total allocations/frees...: 140562/140562 +~~ total memory allocated....: 9410058 bytes +~~ total memory freed........: 9410058 bytes +~~ total allocations/frees...: 154528/154528 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 601 chars ~~ json message max len.......: 1051 chars diff --git a/test/results/default/signal_videocall.pcapng.out b/test/results/default/signal_videocall.pcapng.out index 9beb3a1e4..eda7efe21 100644 --- a/test/results/default/signal_videocall.pcapng.out +++ b/test/results/default/signal_videocall.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} 01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -28,7 +28,7 @@ 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1732024444862357} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1732024444862357} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 334/334 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659316 bytes -~~ total memory freed........: 8659316 bytes -~~ total allocations/frees...: 140886/140886 +~~ total memory allocated....: 9423754 bytes +~~ total memory freed........: 9423754 bytes +~~ total allocations/frees...: 154852/154852 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2255 chars diff --git a/test/results/default/signal_videocall_multiparty.pcapng.out b/test/results/default/signal_videocall_multiparty.pcapng.out index 2ecc9b85d..8b3775cc6 100644 --- a/test/results/default/signal_videocall_multiparty.pcapng.out +++ b/test/results/default/signal_videocall_multiparty.pcapng.out @@ -1,5 +1,5 @@ -00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247515941563} +00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247515941563} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247515941563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247515941563,"pkt":"ILAB4IZiSKRyNpegCABFAACAiykAAIARhhPAqAF1I89DROg2JxAAbAzQAAEAUCESpEI1NEg2QU95UTMyRVAABgAJMWFMNTpRTVhDAAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAUcpt5C\/\/iaNePSUPaFGAUyh6\/HmKAKAAEM0IRaA=="} 01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247515941563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -11,7 +11,7 @@ 01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515990690,"flow_dst_last_pkt_time":1733247516018904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1733247516018904,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 02240{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247521000514,"flow_dst_last_pkt_time":1733247521314176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":1239,"flow_dst_tot_l4_payload_len":830,"midstream":0,"thread_ts_usec":1733247521314176,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":300,"avg":336502.1,"max":1071142,"stddev":395522.0,"var":156437676032.0,"ent":3.9,"data": [32884,48827,300,44457,50533,44084,223767,385,25289,800734,1030880,20622,201493,673,800784,981685,21273,210614,756,118515,13444,1043663,879515,925,1071142,1007160,651,274470,390884,400116,691039]},"pktlen": {"min":56,"avg":92.7,"max":128,"stddev":28.2,"var":793.4,"ent":4.9,"data": [128,128,64,128,128,128,128,83,64,64,128,74,128,83,64,128,74,128,83,64,76,56,74,83,64,74,83,64,128,128,64,74]},"bins": {"c_to_s": [1,14,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,1,0,1],"entropies": [5.630286694,5.730687141,5.077819824,5.651809216,5.741195202,5.841376781,5.766547680,5.757154465,5.171569824,5.046569824,5.753524780,5.387711525,5.789052010,5.652456284,5.077819824,5.626456738,5.428714275,5.731467724,5.790346146,5.060848236,5.754378796,5.151015759,5.367309570,5.684864521,5.159774780,5.404538155,5.853539467,5.171569824,5.637804031,5.766547680,5.049053192,5.377511024]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":68,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247533917504,"flow_dst_last_pkt_time":1733247533913543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1184,"flow_src_tot_l4_payload_len":67701,"flow_dst_tot_l4_payload_len":18298,"midstream":0,"thread_ts_usec":1733247533917504,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1733247533917504} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1733247533917504} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 260/260 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652354 bytes -~~ total memory freed........: 8652354 bytes -~~ total allocations/frees...: 140792/140792 +~~ total memory allocated....: 9416728 bytes +~~ total memory freed........: 9416728 bytes +~~ total allocations/frees...: 154758/154758 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 2245 chars diff --git a/test/results/default/simple-dnscrypt.pcap.out b/test/results/default/simple-dnscrypt.pcap.out index 7b5df9b49..4e1ec0751 100644 --- a/test/results/default/simple-dnscrypt.pcap.out +++ b/test/results/default/simple-dnscrypt.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1491813284555591} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1491813284555591} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284555591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813284555591,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284555591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813284555591,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284666208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813284666208,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"} @@ -42,7 +42,7 @@ 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286718876,"flow_dst_last_pkt_time":1491813286718848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":7183,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286753444,"flow_dst_last_pkt_time":1491813286753424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":7183,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286845298,"flow_dst_last_pkt_time":1491813286913648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":280,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":8306,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":111,"packets-processed":111,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1491813286913648} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":111,"packets-processed":111,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1491813286913648} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 111/111 ~~ skipped flows.............: 0 @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8744797 bytes -~~ total memory freed........: 8744797 bytes -~~ total allocations/frees...: 140725/140725 +~~ total memory allocated....: 9509333 bytes +~~ total memory freed........: 9509333 bytes +~~ total allocations/frees...: 154693/154693 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2196 chars diff --git a/test/results/default/sip.pcap.out b/test/results/default/sip.pcap.out index 77d74c067..015f11e49 100644 --- a/test/results/default/sip.pcap.out +++ b/test/results/default/sip.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469572844249,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=903df0a","to":""}}} @@ -23,7 +23,7 @@ 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470100322200,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4613,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470158626389,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4623,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470216689496,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4633,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 02291{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470235521078,"flow_dst_last_pkt_time":1120470235448732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":825,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":7448,"flow_dst_tot_l4_payload_len":4947,"midstream":0,"thread_ts_usec":1120470235521078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25935,"avg":42751008.0,"max":279041814,"stddev":57873684.0,"var":3349363405357056.0,"ent":4.0,"data": [136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102]},"pktlen": {"min":33,"avg":415.3,"max":853,"stddev":273.0,"var":74531.7,"ent":4.6,"data": [495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"entropies": [5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -34,7 +34,7 @@ 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470373595117,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8884,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470431658642,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8894,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470431658642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":15,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470490643822,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":10471,"flow_dst_tot_l4_payload_len":6852,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":17,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":11616,"flow_dst_tot_l4_payload_len":7824,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":21,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470848686860,"flow_dst_last_pkt_time":1120470848682926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":13926,"flow_dst_tot_l4_payload_len":9670,"midstream":0,"thread_ts_usec":1120470848686860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":24,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470900060556,"flow_dst_last_pkt_time":1120470900056743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":16021,"flow_dst_tot_l4_payload_len":10997,"midstream":0,"thread_ts_usec":1120470900060556,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -56,7 +56,7 @@ 01131{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471094413365,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19714,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655589 bytes -~~ total memory freed........: 8655589 bytes -~~ total allocations/frees...: 140683/140683 +~~ total memory allocated....: 9420059 bytes +~~ total memory freed........: 9420059 bytes +~~ total allocations/frees...: 154649/154649 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 2296 chars diff --git a/test/results/default/sip_hello.pcapng.out b/test/results/default/sip_hello.pcapng.out index 5ab899177..74441759d 100644 --- a/test/results/default/sip_hello.pcapng.out +++ b/test/results/default/sip_hello.pcapng.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515834707950} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515834707950} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515834707950,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515834707950,"pkt":"AAAAAAAAAAIAsZqMCABFAAAh925AAP0RDAoK75zrrB0mWxPEE8QADQAAaGVsbG8AAAAAAAAAAAA="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515834707950,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} @@ -17,7 +17,7 @@ 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516227953912,"flow_dst_last_pkt_time":1645516227955969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":999,"flow_dst_tot_l4_payload_len":1104,"midstream":0,"thread_ts_usec":1645516227955969,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516277109636,"flow_dst_last_pkt_time":1645516277111440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":1109,"midstream":0,"thread_ts_usec":1645516277111440,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516326265358,"flow_dst_last_pkt_time":1645516326267438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":1962,"flow_dst_tot_l4_payload_len":2172,"midstream":0,"thread_ts_usec":1645516326267438,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1645516326267438} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1645516326267438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645712 bytes -~~ total memory freed........: 8645712 bytes -~~ total allocations/frees...: 140563/140563 +~~ total memory allocated....: 9410086 bytes +~~ total memory freed........: 9410086 bytes +~~ total allocations/frees...: 154529/154529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 982 chars diff --git a/test/results/default/sites.pcapng.out b/test/results/default/sites.pcapng.out index b42487e30..0f479c4c2 100644 --- a/test/results/default/sites.pcapng.out +++ b/test/results/default/sites.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595957694169758} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595957694169758} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694169758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694169758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694169758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595957694169758,"pkt":"CL6sCxdumt9Y+uvcCABFAAA86wlAAEAGQqHAqAypRav6FLRQAbvxSUO4AAAAAKAC\/\/943AAAAgQFtAQCCAp3CF\/6AAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595957694175849,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAFUGGKtFq\/oUwKgMqQG7tFDMBUIi8UlDuaASbHAk8gAAAgQFeAQCCAqwcikLdwhf+gEDAwg="} @@ -7,28 +7,28 @@ 01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694181636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","domainame":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309h2_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1595957694188758,"pkt":"mt9Y+uvcCL6sCxduCABFAAEMv+hAAFUGV\/JFq\/oUwKgMqQG7tFDMBUIj8UlFNoAYAHHhaAAAAQEICrByKRd3CGAFFgMDAIACAAB8AwPUEITn7mCrvulT\/NdcXKN5KijcI4g9k3CK2XQ772s3WyCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unBMBAAA0ACsAAvsaADMAJAAdACAO0nP6nc6Qo9rpWYhM5FN2IQ7onG5IGH\/bMnw97GrsYgApAAIAABQDAwABARcDAwBIGZYMK775StJv8IeA6uX06XwsLuMhuuiwj099ayB3wMQVpJF0HhA8WjwU9NAQeMRhHSdrrGCE3zuMW3mj8V6sAMmDjxeKSHVB"} 01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1595957694188758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","domainame":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h2_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1623221441867993} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1623221441867993} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441867993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221441867993,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441867993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623221441867993,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8opRAAEAGGajAqAH6XHpfY6OWAbs7TQBaAAAAAKAC\/\/9coQAAAgQFtAQCCAqqdeFuAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623221441879742,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA8AABAADgGxDxcel9jwKgB+gG7o5aALohKO00AW6AS\/ojeuQAAAgQFtAQCCAoeqlgsqnXhbgEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1623221441880963,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623221441880963,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA0opVAAEAGGa\/AqAH6XHpfY6OWAbs7TQBbgC6IS4AQAKwLVQAAAQEICqp14Xweqlgs"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1623221441893147,"pkt":"pJGxgjQ5AoEfHBPlCABFAAI5opZAAEAGF6nAqAH6XHpfY6OWAbs7TQBbgC6IS4AYAKwUcgAAAQEICqp14YkeqlgsFgMBAgABAAH8AwM\/3MJgstGRUtF6IdQy8M+MWTtJ6vnewHlZ2NQfnRVozSAkvaOHjaKYwT6xTKEA19qtioq1YZm7fTnqMkZGpaur+gAiiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZEqKgAAAAAAFwAVAAASdmNzLXZhLnRpa3Rva3YuY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKfr6AAEAAB0AIHWJ5XleYC+4v5XxNTlfMpiOcRthD\/EJBjx\/JG87h9EPAC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAtraAAEAABUAxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221441893147,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","domainame":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221441893147,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","domainame":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441907431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623221441907431,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA09P1AADgGz0Zcel9jwKgB+gG7o5aALohLO00CYIAQAfoH2wAAAQEICh6qWEaqdeGJ"} -01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441911029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623221441911029,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","domainame":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441911029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623221441911029,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","domainame":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1623221442073719,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623222051753416} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623222051753416} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051753416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222051753416,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051753416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623222051753416,"pkt":"pJGxgjQ56CrqthSFCABFAAA0YDdAAIAGW9bAqAHjNElH4sOXAbv6yL58AAAAAIAC+vC20AAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623222051852336,"pkt":"6CrqthSFpJGxgjQ5CABFAAA0AABAAOkGUw00SUfiwKgB4wG7w5czz+y6+si+fYASaQMoIwAAAgQFtAEBBAIBAwMI"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1623222051853870,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623222051853870,"pkt":"pJGxgjQ56CrqthSFCABFAAAoYDhAAIAGW+HAqAHjNElH4sOXAbv6yL59M8\/su1AQAgHP+AAAAAAAAAAA"} 01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1623222051854478,"pkt":"pJGxgjQ56CrqthSFCABFAAItYDlAAIAGWdvAqAHjNElH4sOXAbv6yL59M8\/su1AYAgGKagAAFgMBAgABAAH8AwP2Khmv4999vpwUP1EoOnS31ke3fIberBET9vuKKMlNryBAWeuhiJlCTX0W\/4n0WweRVOsTuqKwvLZX4E9fXeRQ6QAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAAAABYAFAAAEXByZXNlbmNlLmZ1emUuY29tABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwDALvzziNiqB4Ze5MFSHnlzb8hWYrj0cRDYaZNHMomiUFqCxXUzlrycHOkMSmF+mAs4FoNodV+GmtF4XtMEjgO5kwhNORzSobD6od0D3\/aYbaar\/\/DYonxXBprMXmBcJ9b4RCnDhU+XdW+BpxOSa4HjtNqWMxADm+Su+UBHYSh9IVxix9h+ArygY6V1EBkwmyTVuhfQkTb9cH78Ij40gm1v\/C5e1V15IVRYMTYsvrr++ynGCrB3Tx5v+KGj9UxhY+8yABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACBbsP\/9QyQIQO4OIyzz4ZB5pqvnxU3VMizp3PdADRuUTAAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAKamgABAAAVAAsAAAAAAAAAAAAAAA=="} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222051854478,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222051854478,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051956164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623222051956164,"pkt":"6CrqthSFpJGxgjQ5CABFAAAojDhAAOkGxuA0SUfiwKgB4wG7w5czz+y7+sjAglAQAG7PhgAAAAAAAAAA"} -01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5281,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","server_names":"*.presence.fuze.com,presence.fuze.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79","blocks":0}}} -00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221458497766,"flow_dst_last_pkt_time":1623221458494846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2486,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1623222052202072,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1623223595952198} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5281,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","server_names":"*.presence.fuze.com,presence.fuze.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79","blocks":0}}} +00979{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221458497766,"flow_dst_last_pkt_time":1623221458494846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2486,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1623222052202072,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1623223595952198} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595952198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623223595952198,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595952198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623223595952198,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZBhAAEAGCeXAqAGAW8au0MW8AbvaIBcHAAAAAKAC+vC78AAAAgQFtAQCCAq86k7VAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595999034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623223595999034,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfP1bxq7QwKgBgAG7xbxrNtsg2iAXCKASqbDzDgAAAgQFnAQCCAoXn7wwvOpO1QEDAwk="} @@ -38,8 +38,8 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223596051971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623223596051971,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0PfVAADEGPxBbxq7QwKgBgAG7xbxrNtsh2iAZDYAQAFTIswAAAQEIChefvGW86k8J"} 01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223596052201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623223596052201,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org","domainame":"upload.wikimedia.org","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1815h2_e8a523a41297_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02132{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596109406,"flow_dst_last_pkt_time":1623223596108936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1036,"flow_dst_tot_l4_payload_len":16479,"midstream":0,"thread_ts_usec":1623223596109406,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10127.3,"max":52937,"stddev":19772.5,"var":390950848.0,"ent":2.8,"data": [46836,50076,2241,52937,230,0,0,0,52220,0,0,0,1478,638,2420,52443,0,779,3077,0,237,0,0,0,0,0,199,47900,0,0,235]},"pktlen": {"min":52,"avg":599.8,"max":1500,"stddev":646.4,"var":417856.7,"ent":4.1,"data": [60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83]},"bins": {"c_to_s": [10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0],"entropies": [4.713301182,5.220872402,5.008629799,5.408417225,5.079967022,7.845353127,7.893048763,7.841969490,6.480354786,5.047091007,5.047091484,5.085552692,5.085553169,6.254513264,6.947219372,7.136369228,7.362440109,5.997154236,5.666953564,7.893563271,7.867501259,7.878776073,7.865104198,7.874600887,7.869311810,7.861063480,7.860395432,7.425109863,5.085552692,5.047091007,5.085552692,5.564384460]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222112086485,"flow_dst_last_pkt_time":1623222112185361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2226,"flow_dst_tot_l4_payload_len":6554,"midstream":0,"thread_ts_usec":1623223596203292,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":119,"packets-processed":118,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1623226283573712} +00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222112086485,"flow_dst_last_pkt_time":1623222112185361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2226,"flow_dst_tot_l4_payload_len":6554,"midstream":0,"thread_ts_usec":1623223596203292,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":119,"packets-processed":118,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1623226283573712} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283573712,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623226283573712,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283573712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623226283573712,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8M5RAAEAGJgDAqAH6LVLxM5vSAFAXgCu+AAAAAKAC\/\/9tawAAAgQFtAQCCAolvfRMAAAAAAEDAwk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283601626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623226283601626,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA0AABAADMGZpwtUvEzwKgB+gBQm9LNImc9F4Arv4ASchAIQAAAAgQFeAEBBAIBAwMK"} @@ -49,7 +49,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1623226283612303,"flow_dst_last_pkt_time":1623226283640806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623226283640806,"pkt":"AoEfHBPlpJGxgjQ5CABFAAAox9pAADMGns0tUvEzwKgB+gBQm9LNImc+F4AsfVAQAB66DQAAAAAAAAAA"} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226284678348,"flow_dst_last_pkt_time":1623226284677149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":18862,"midstream":0,"thread_ts_usec":1623226284678348,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":71228.2,"max":1031142,"stddev":245139.1,"var":60093177856.0,"ent":1.6,"data": [27914,29082,9509,39180,2950,0,249,0,0,0,0,59912,0,307,0,0,304,0,974261,1031142,0,0,0,29550,491,2002,0,490,0,730,0]},"pktlen": {"min":46,"avg":645.1,"max":1500,"stddev":701.2,"var":491744.0,"ent":4.0,"data": [60,52,46,230,46,1500,1500,1500,1500,1500,1500,1382,46,46,46,46,46,46,46,230,1500,1500,1500,1500,46,46,1500,1500,46,46,46,46]},"bins": {"c_to_s": [15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0],"entropies": [4.650921822,4.854286671,4.347350597,5.690956593,4.347350597,7.663578510,7.860166073,7.846680641,7.877070427,7.858085155,7.884421825,7.865271091,4.347350597,4.303872585,4.260394573,4.303872585,4.303872585,4.347350597,4.347350597,5.731587410,7.670816898,7.866776943,7.851586819,7.865674973,4.303872585,4.303872108,7.855195045,7.870656013,4.303872585,4.260394096,4.303872108,4.303872585]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","proto_id":"7.261","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"videosnap.like.video"}} 01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223766553269,"flow_dst_last_pkt_time":1623223766548680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1177,"flow_dst_tot_l4_payload_len":16557,"midstream":0,"thread_ts_usec":1623226286427901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":231,"packets-processed":230,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1631088115362469} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":231,"packets-processed":230,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1631088115362469} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115362469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631088115362469,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115362469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631088115362469,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8aylAAEAG8xTAqAGAx+hSbbaEAbsR7WhdAAAAAKAC+vCzrwAAAgQFtAQCCAqzLdcpAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115376274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631088115376274,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADQGaj7H6FJtwKgBgAG7toQ\/rdv6Ee1oXqAS\/\/\/HZwAAAgQFTAQCCApg6mr7sy3XKQEDAwk="} @@ -60,32 +60,32 @@ 01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115392643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1344,"midstream":0,"thread_ts_usec":1631088115392643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","domainame":"f.vimeocdn.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01537{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115392667,"flow_dst_last_pkt_time":1631088115392674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4032,"midstream":0,"thread_ts_usec":1631088115392674,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","domainame":"f.vimeocdn.com","tls": {"version":"TLSv1.2","server_names":"*.vimeocdn.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37","blocks":0}}} 01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":54,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226466507324,"flow_dst_last_pkt_time":1623226466414542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":71491,"midstream":0,"thread_ts_usec":1631088115406479,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","proto_id":"7.261","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"videosnap.like.video"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":256,"packets-processed":255,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1637349011376367} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":256,"packets-processed":255,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1637349011376367} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011376367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011376367,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011376367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011376367,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TGJAAEAGkyTAqAGAj8wJQb8WAbs5hVBVAAAAAKAC+vA+\/wAAAgQFtAQCCAoHfmCrAAAAAAEDAww="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011393884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011393884,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5MAAPMGHPOPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQpgAAAgQFoAQCCArIQyJ4B35gqwEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1637349011393902,"flow_dst_last_pkt_time":1637349011393884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1637349011393902,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0TGNAAEAGkyvAqAGAj8wJQb8WAbs5hVBWtnYCioAQABDE0gAAAQEICgd+YL3IQyJ4"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1637349011393902,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011393908,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5EAAPMGHPWPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQsgAAAgQFoAQCCArIQyJsB35gqwEDAwk="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1637349011393914,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1637349011393914,"pkt":"pJGxgjQ5PKn0qB\/sCABFAABATGRAAEAGkx7AqAGAj8wJQb8WAbs5hVBWtnYCirAQABAcuwAAAQEICgd+YL3IQyJ4AQEFCrZ2Aom2dgKK"} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011396134,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","domainame":"prod-static.disney-plus.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011405023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1637349011405023,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","domainame":"prod-static.disney-plus.net","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011396134,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","domainame":"prod-static.disney-plus.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011405023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1637349011405023,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","domainame":"prod-static.disney-plus.net","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088168165179,"flow_dst_last_pkt_time":1631088168165177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1637349011425927,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":285,"packets-processed":284,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1642584017659993} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":285,"packets-processed":284,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1642584017659993} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017659993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584017659993,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017659993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642584017659993,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8EtFAAEAG2zrAqAypFwxoU5lQAbvzO0RFAAAAAKAC\/\/9KaQAAAgQFtAQCCApYVYYCAAAAAAEDAwk="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642584017680129,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADcG9wsXDGhTwKgMqQG7mVB1nT8a8ztERqAS\/ojzIwAAAgQFtAQCCAqw3vMWWFWGAgEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1642584017681498,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642584017681498,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0EtJAAEAG20HAqAypFwxoU5lQAbvzO0RGdZ0\/G4AQAKwfuAAAAQEIClhVhhew3vMW"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1642584017683650,"pkt":"CL6sCxdumt9Y+uvcCABFAAI5EtNAAEAG2TvAqAypFwxoU5lQAbvzO0RGdZ0\/G4AYAKxdJQAAAQEIClhVhhmw3vMWFgMBAgABAAH8AwP1FYw2XqcZXmePN\/Nf+9e1LzHXZeCulXOtpIacdAs37yCRvlsjJ1cDJi3yxp9rVrpjjUJgWxk34YBmx2q1d+sadQAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAYABYAABNhcGkuYWNjdXdlYXRoZXIuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAAQAAsACQhodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACDlaTawkMdxT+YGJN2RtDSPZPswvY9sO\/h42xN4XNh9ZQAtAAIBAQArAAkIAwQDAwMCAwEAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584017683650,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","domainame":"api.accuweather.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584017683650,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","domainame":"api.accuweather.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642584017706128,"pkt":"mt9Y+uvcCL6sCxduCABFAAA0SOBAADcGrjMXDGhTwKgMqQG7mVB1nT8b8ztGS4AQAfocSAAAAQEICrDe8zFYVYYZ"} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1642584017706175,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","domainame":"api.accuweather.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011425914,"flow_dst_last_pkt_time":1637349011425927,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":6975,"midstream":0,"thread_ts_usec":1642584019409362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":315,"packets-processed":314,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1643355518166568} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1642584017706175,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","domainame":"api.accuweather.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011425914,"flow_dst_last_pkt_time":1637349011425927,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":6975,"midstream":0,"thread_ts_usec":1642584019409362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":315,"packets-processed":314,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1643355518166568} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1643355518166568,"pkt":"pJGxgjQ5SKRyNpegCABFAAT+PElAAIARThnAqAF72DrRLubeAbsE6urRwAAAAAEIZ7HskbOWr9QAAETQNKtjIjiCXCI+9vqBWPy31G7jDH4RlwYv0XhaWuj0UrdcSVWZIrVwzwDrJa8dEWOeUvaAw7BXeYev6bi8Nu9Z4LWOvt0+XPgNkeHB6PvaZ9N4cpB1UIRx6byg5QljaxCkgdia5\/WZz2yX\/TayWJG0egLwFK4DYqDDADilA59ewmPTSu6+F3\/EVfKw86o2Yio5HeQqtUOtEdw6pRwxBehgjTrZf0PMuk40XDPug94YB\/sEApD8Ghq1zUUVofn\/jZoji68n+CZ74BkmZ8LSaemosx3Vm7YV3yQUauQU4lBHNM2XdkooJSDGv9YINXu8hmpHdW\/1encLGdPSyOJC8itWve1maDbUaMRhrbQrpaAPeVfgND5alDCN2DMGvFe3nB6Pz2LOpDsj\/3ZN3caT5Nt0nSv8HN+DYWZc+2JmBlBY71FJ57bmTqruFnoZ\/GjM0BGxB5WlpJ0M3zE3M16k0p8WRYGK3bOkXFB5rtEix709VUri+WnB1ivvzP4A8iO977JvKVGlPddOYZ4k7qZne6v\/jb1y0P5AatOM7YYIeRI7u8jf\/xM8RY8UTL\/Pv+EQzBcgac+DyXJSt\/sJo+Uuz0dGCYpa4Aa01DbWUiA5x+j4g5WT5LGdKrytMkGgkIcVSlNAt4nWOQc2IroqJjfmf+NbusGe\/Gviz5jV93bOaTFv7sGyuvESP0iH2MD2mwPgizF6t5EabtXWaevGbit0evQ9O3bHeRpQwTlwh0hRD7WqrIf0Wri9spAJN53856UKZFRupvrVqTH40ht5wGl2g3HXmJvEKnWBsD1hEB3sacVd4lWjKim62JMTY6yUmMhRBlNu2AupnyFsChUJ1NgsRbg5cQPowXRIBVG8WcjCs7OHKUH\/zza5xjXEz1FrdKQASDLCvFyh9YUzlRmDx7d99nX5vf9AwJejikY1uel\/yRMHcT9IqYO0kZBeGiX2ZDJD7vD1sF+05Qq++ztAL3CTqhuU\/7KSbWKiGOoFGj9phj6fZiE+g9e7+HIVuvPAKr+aSbxS71gHelt+hKMcDj7jdDFk5P6TqQdUXfqrnN38RDusNZmvWB+23Sj9NvIjlpua1MtXRWVJaLY5mX9AL1kTENCHtxomZwiXSqkSWtzS8dZocOlqjfWrd2hnw5yl8b7T0843OsmN6ZOoho4X9bhFw\/52C+NFDBAC42\/6jsH2i4NdbJBqOAuf4tLWi3oaJ\/0r5Y0wWyVnBbFtq1sx6d6EHxqir52O50dkkD8SF7j+wGSCG2L1l5bcQGnAqpzpZNB8AgofMTbrgYgdYIyrh\/neffOlCQyXy2EgLb\/xWEt+QftF8p5n2FzevDADqTCGGVeWULgrEsb\/3qULNf4uZHaY4HBD6To7yTuITvaXdqFt30MJBKnhBexi0dhA\/MGpMyVJfR\/PhbhWZmiNdx\/LRAV2Semg\/nPWe+DzSBBXm7wJXZiE\/8ewkRVdkujJi\/QhXAX0aOL76X77YYeny\/V35WiIqUmuxRHrBRdP5AMMQo\/adJoX4bzVdEvw3cGw7\/\/hO2VzwL5m0trABzWAWdjRjsrTEu\/mWAVCZDP5\/peoG8YXeXsdHWwpRLyNJpzOlRz5aND24Jgn5x2v3PqoD5RBiIEHwD8jlV2fRCZXq1e7tPV6eLhSI74="} 01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","proto_id":"188.281","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"classroom.google.com","domainame":"classroom.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} -00974{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584019409362,"flow_dst_last_pkt_time":1642584019407774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":924,"flow_dst_tot_l4_payload_len":5666,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":316,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1646482623895784} +00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584019409362,"flow_dst_last_pkt_time":1642584019407774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":924,"flow_dst_tot_l4_payload_len":5666,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web"}} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":316,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1646482623895784} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623895784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482623895784,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623895784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482623895784,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8U5dAAEAGwa7AqAGAH95DcIjuAbuZU7+5AAAAAKAC+vB+rAAAAgQFtAQCCAqYsCyFAAAAAAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623937401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646482623937401,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADIGI04f3kNwwKgBgAG7iO5SHRbemVO\/uoASa9CRawAAAgQFUAEBBAIBAwMH"} @@ -105,11 +105,11 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1646482646628933,"flow_dst_last_pkt_time":1646482646628933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482646628933,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8eQxAAEAGb\/bAqAGAAhGNgKZUAbv+Ru5OAAAAAKAC+vDfwAAAAgQFtAQCCAp7uQs2AAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1646482646628933,"flow_dst_last_pkt_time":1646482646646506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482646646506,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8QICEY2AwKgBgAG7plR0ThXR\/kbuT6AS\/oh2XAAAAgQFtAQCCAqpkTIKe7kLNgEDAwc="} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646646506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482646648976,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5eQ5AAEAGbffAqAGAAhGNgKZUAbv+Ru5PdE4V0oAYAfbaKAAAAQEICnu5C0qpkTIKFgMBAgABAAH8AwMSh5Kk8yD8gdWVB2YFzzg9KRBCWJ\/pzlApBrokxgf2OCBs84UpHDw4uY4jKpCVZJzZAhJUrEs0AlJ7gTtfJSwiWgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cuYWN0aXZpc2lvbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg40qefHDImQJEkibGm9hnpGwl44lKo4KOQS8qsLRSATsAFwBBBPNBVrG5A+ZLqrow1aQOaEgsW+53RcPAplpAt8ULtljoAJH8CjL7YTSZ+PIOiRhMhirRlex47cXc5PiOAFYE9T0AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646646506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482646648976,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646646506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482646648976,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646665639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482646665639,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcd01AADgGdBUCEY2AwKgBgAG7plR0ThXS\/kbwVIAQAfqb3wAAAQEICqmRMh57uQtKFgMDAFQCAABQAwMSqtJ8eER6O\/1kuWPcyWxOQ3XrBneIapjEO2SmC4s8\/gDAMAAAKP8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwMPswsAD68AD6wACw4wggsKMIIJ8qADAgECAhACiweA2Zr6e84+z+bwzVw\/MA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMTEyMDcwMDAwMDBaFw0yMjEyMDcyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQHEwxTYW50YSBNb25pY2ExJDAiBgNVBAoTG0FjdGl2aXNpb24gUHVibGlzaGluZywgSW5jLjEXMBUGA1UEAxMOYWN0aXZpc2lvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbg3ttx5\/jVn3uPSHg51dYJw2C\/HhUcEFRJBoUDUAbszH3JZsuunxK+CF6DGOrwYtoJBSsn3e3zPloka7WL7rfO5NOUsiIW13pmwHYBrB8mRBUkJzKuafLjEpAhxznpqT\/p5Jwr6+DRppjEDksDurlkpE3Lyoujc8M4svRdMT\/420+SWk3BQORySViujkcxVQgcEXu34yoeXcYjdJRxnstpdHrE27wbJjY4aoP03Oq4lQ3yF5\/+D13l6ma5esTSvpzcS0JG7l\/CuglBWAxTbVyv9gyY5lwshqOO77v0uogozAqGXPxe31m4DrDzrNZbyboDssOIJkbtMv1LALTMjgPAgMBAAGjgge5MIIHtTAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQURe0k84cbYUEzu80ezxpPzHYumaYwggSEBgNVHREEggR7MIIEd4Idd3d3LmJlbmVmaXRzZm9yZXZlcnl3b3JsZC5jb22CGHdvcmxkc2VyaWVzb2Z3YXJ6b25lLmNvbYIMdHJleWFyY2guY29tgg50b3lzZm9yYm9iLmNvbYISc3B5cm90aGVkcmFnb24uY29tghVzbGVkZ2VoYW1tZXJnYW1lcy5jb22CDnNreWxhbmRlcnMuY29tgg9zaWVycmFnYW1lcy5jb22CEXNla2lyb3RoZWdhbWUuY29tghFyYXZlbnNvZnR3YXJlLmNvbYIVcHJldmlldy5kZW1vbndhcmUubmV0ghBpbmZpbml0eXdhcmQuY29tghNoaWdobW9vbnN0dWRpb3MuY29tggxoaWdobW9vbi5jb22CDmd1aXRhcmhlcm8uY29tghlldXJvcGVhbndhcnpvbmVzZXJpZXMuY29tgg1kZW1vbndhcmUubmV0ghJjcmFzaGJhbmRpY29vdC5jb22CGmNkbi5naDUucHMzLmd1aXRhcmhlcm8uY29tghRjYWxsb2ZkdXR5bGVhZ3VlLmNvbYIXY2FsbG9mZHV0eWVuZG93bWVudC5vcmeCF2NhbGxvZmR1dHllbmRvd21lbnQuY29tgg5jYWxsb2ZkdXR5LmNvbYIZYmVuZWZpdHNmb3JldmVyeXdvcmxkLmNvbYIUYWN0aXZpc2lvbnJldGFpbC5jb22CG2FjdGl2aXNpb25ibGl6emFyZG1lZGlhLmNvbYIWYWN0aXZpc2lvbmJsaXp6YXJkLmNvbYIOYWN0aXZpc2lvbi5jb22CGioud29ybGRzZXJpZXNvZndhcnpvbmUuY29tgg4qLnRyZXlhcmNoLmNvbYIQKi50b3lzZm9yYm9iLmNvbYIYKi5zdXBwb3J0LmFjdGl2aXNpb24uY29tghQqLnM="} -01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646665639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482646665639,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646665639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482646665639,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646665667,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482646665667,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcd05AADgGdBQCEY2AwKgBgAG7plR0Tht6\/kbwVIAYAfrWBAAAAQEICqmRMh57uQtKcHlyb3RoZWRyYWdvbi5jb22CFyouc2xlZGdlaGFtbWVyZ2FtZXMuY29tghAqLnNreWxhbmRlcnMuY29tghEqLnNpZXJyYWdhbWVzLmNvbYITKi5zZWtpcm90aGVnYW1lLmNvbYITKi5yYXZlbnNvZnR3YXJlLmNvbYISKi5pbmZpbml0eXdhcmQuY29tghUqLmhpZ2htb29uc3R1ZGlvcy5jb22CDiouaGlnaG1vb24uY29tghAqLmd1aXRhcmhlcm8uY29tghsqLmV1cm9wZWFud2Fyem9uZXNlcmllcy5jb22CDyouZGVtb253YXJlLm5ldIIUKi5jcmFzaGJhbmRpY29vdC5jb22CFiouY2FsbG9mZHV0eWxlYWd1ZS5jb22CGSouY2FsbG9mZHV0eWVuZG93bWVudC5vcmeCGSouY2FsbG9mZHV0eWVuZG93bWVudC5jb22CECouY2FsbG9mZHV0eS5jb22CFiouYWN0aXZpc2lvbnJldGFpbC5jb22CHSouYWN0aXZpc2lvbmJsaXp6YXJkbWVkaWEuY29tghgqLmFjdGl2aXNpb25ibGl6emFyZC5jb22CECouYWN0aXZpc2lvbi5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBgNVHR8EaDBmMDGgL6AthitodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LTEuY3JsMDGgL6AthitodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LTEuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAX2WfxDUAAAEAwBHMEUCIBISkBbQZNriCyoIdBCE\/cgggWQAekqH8O2AfL7+bc+CAiEAjAqn46A2h+20pFviedEv72vQn6dfOoDX9ceIQC9v8DgAdgBRo7D1\/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX2WfxCkAAAEAwBHMEUCIEpBa7X3XgVNqCYCeFO4DHrNiW0+E5rl1UiIPDa9tBV3AiEAqF6N89fxuCAoWiK0aqAOrsK+6J4P3aWqD0TmvXVpE9AAdQBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAX2WfxBgAAAEAwBGMEQCID+AS2nmynkq\/suUOBEHLyiPBCM03jkRsvq1sDTrFOiTAiBibUucsS9dw9YHXtwyX5ApJxYx0wrkEBM66ZDooAD6ljANBgkqhkiG9w0BAQsFAAOCAQEAEmJviAcPdhvZSOkS8uzYwoToN9CGL8904Fe1tHX\/OkxfkOsGfAgfksDPXrGEIeL4wi\/NWvX2inx9zgDmTmgG\/30mAEChidRPK3c6m5FVjAbmN79Dv7Odh8U1YWyw9zhCVK2QjnLwIZQeDHThq8pDL8OhwQJeUNQT301kOqynS5mkt84TxWiKjbe6yCFr3WvNcAtpShMYfQdzpEtPHG4PlPB+42mYmB+o\/\/giMLiKGuBMd4Tli1Gw04jubi5gIUY+c92ndpjaviizKQHT9TeTV6B4g\/R8L5uJwWk="} -02664{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646669027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4944,"midstream":0,"thread_ts_usec":1646482646669027,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41","blocks":0}}} +02665{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646669027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4944,"midstream":0,"thread_ts_usec":1646482646669027,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482659915877,"flow_src_last_pkt_time":1646482659915877,"flow_dst_last_pkt_time":1646482659915877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482659915877,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1646482659915877,"flow_dst_last_pkt_time":1646482659915877,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482659915877,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NwhAAEAGcJnAqAGAkks+p7QEAbuPD+ThAAAAAKAC+vAn\/AAAAgQFtAQCCAp9leqxAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1646482659915877,"flow_dst_last_pkt_time":1646482659944153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482659944153,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrqGSSz6nwKgBgAG7tAQzgGmMjw\/k4qAS\/\/\/dhgAAAgQFTAQCCAr4JbCIfZXqsQEDAwk="} @@ -124,23 +124,23 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1646482724450800,"flow_dst_last_pkt_time":1646482724450800,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482724450800,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sa9AAEAG8DvAqAGAEkLEZspeAbv+oP0DAAAAAKAC+vBIlQAAAgQFtAQCCAqQpxNDAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1646482724450800,"flow_dst_last_pkt_time":1646482724458587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482724458587,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8e2QAAPYGsIYSQsRmwKgBgAG7yl4LcBoC\/qD9BKAS\/\/+NCwAAAgQFoAQCCAqOOgLQkKcTQwEDAwg="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724458587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482724464401,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5sbFAAEAG7jzAqAGAEkLEZspeAbv+oP0EC3AaA4AYAfbA9QAAAQEICpCnE1COOgLQFgMBAgABAAH8AwM6K+sImNx3dIej3yQBfsHlSQyH5l4F8hLKFYurrt+jPCCUv6qySiadEZg7Gj4\/vX5jrLg\/JYOIeoxWa\/ahTy7RDQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5zb3VuZGNsb3VkLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDq1odYnjLE9YoHd\/igeLWhv14ukLQSyf98ZPyHkQn7OgAXAEEEKYWpJR9uHJSJZBwzi1pAC8cLX9iNXc5VMFPlSgV8HHXqYbwegIwyfo36+y7oUVZIFeBilQuBs9gLF4NzHajtKwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724458587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482724464401,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"soundcloud.com","domainame":"soundcloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724458587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482724464401,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"soundcloud.com","domainame":"soundcloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724472137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1646482724472137,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIe2cAAPYGqvcSQsRmwKgBgAG7yl4LcBoD\/qD\/CYAQAQV0hQAAAQEICo46At+QpxNQFgMDAHoCAAB2AwMpKPyVs6e3zfQcSbCgU1oPNtNqgbyYwl2hcCOgAM4oyiCUv6qySiadEZg7Gj4\/vX5jrLg\/JYOIeoxWa\/ahTy7RDRMBAAAuACsAAgMEADMAJAAdACDgxP9iQxCvSLWFu0jblz700ELRHbAHNOJQi+PLEW3dGRQDAwABARcDAwAk0YxZcrDzBMJ9T2jLmHAfvkG2kRiZYyygT682dQ8Ku5OnFj73FwMDEL3W+YwhZbSQ9wTfTQZ4OCn0G7d5Dhn6ETJZMcynItKgXUq5jk0t0YnhBkjCUMoNcwqRY2n4C9\/Zh0ZhumDIzb8iV93r7Pc\/+NaIk+JCXg65aqj5sCWEPrtNQ+6L6mJfEkSLO6k4NErBgfl+zCtqNddFbvHn0fxnMUOVFlWdyJ3z83tKw\/R6491FMgIDcrQDV04NXo6+2SjxlGNtv05X92MIxsZef\/R\/qF4FbjcoswNUFg3uLoWvEjPRMdrGtQf5AAjeSTNVkJrq3JNYZaWVsDP0BE05JUqGZuZMyrwe6cjW3zmOn14ov6Z9x1WdKWS19m12LMwwpsWS+lauTY1gRP4Z+DKOKnTw0ZZBQyceCWdkbpxL6nqpVDkTDnYqLlRuSuH0RsS08f2lNu15EReKchkG6ZuC2QgvHfSDVQmMZr3A6SVJGVDE960IsX+R6c0NFyxx4CEKWEk\/O5lgjDV3ftPpOAO9bRTz5K07yU4RUMuAEJJId8qAwOufaI8X7xlT8sBANgCtgZlZ7bSCOn0zXEkIMumBiqi1VUqG5d11srYcFasAFUp9713SxD6Uke0\/NtYfUjIvICxpQaZ07Y3DS4A\/oG8QYsprreB8t87bh8bpdNDPR35Kbnu7JoGcXSgerY+rtK54lN+S8yUJSD3brf5OyDEt\/3dcKXQjCd+M\/xgLxSoA6TJo65stJfAhPvRzmIRxmIV+SRvsA0sRRQ0APq2Aeg0p5VV7in\/vZrqq+sz15yQNZMI\/ZumLE\/1f7dmTpFa8vfWmfkSTAi6i6OWrhhVOU5p8rJAT6gBS9bnwD7SkxsJzyAsBj5Z0gB3nNdaq+CToyOPCp85FZVBSdhYv\/gnYl60VMEk+HYRa\/ifHXQ9SKfBs1EpSKifKi9fbcrkuVBnXJisGPc0Fz7GCqQxxqe6GduiBhj9oSLleMiP8XMszRqQSUtB0n0VkegIQE66s+kAwyepnuqlNcHfAY84dunqTDqVwlG4kEQGufymR1QZQcm5AIMtLAm8PtjoeqMJk2YLmHjJ0Sf+ZkuTtMi3dRuYO1O2nAfvMV\/+eQ1PW6Unvaulw8ru5YqECp4xrUtLiEUhW5TrjlQwVIUg+EIVcu5hTqsrvXvMcpT1nqIEJfty\/qzmMOkHCn1zCF0FMwlkPr9Y1GaSMQOgRHniGlc68VOBaNck8OWyEEUCmQ1wa9Z93zZBImm+lVha03tbKDdR79iY382829E\/dXsPEcaunx03Bf6mOOk4\/9yery+deGWbiUfgkvdKuAt\/ysHjV7yBS3C6QGIaojAXktb02KcrjTBNx\/JUPP+\/\/uLaXQJ7W\/eDtc1aU\/ofSQQ1a0pFKdCkUSqNfHC4c+vTgn97gYXEoIDcMcxmcmqGYxEMohO9S+nT47sDmQd1K5W3ARKhiA3sij469\/xwPKMYQmHMAKWj1CP2xtxvRLp85oZUZ9ph4DQOYkaq6r2pPe1UDsrURTzVsaiJmB5k5tGd5Pe4LEk4KCeuifgNqZzKSr+0aSKKiA2l7\/Sp0mhYb9d372IKAMHq5jM6O5Zm8l\/6pr7dOzYLN+s8ZSzHGdcMM4VxxBzUQzf9dSf2S5mBdA1JIC06vjaWrFuEz6tHmuJMKPCjYy7Z\/jPgNptonNJ477pjlo6tTKTA8RTrRvEWLuh0fazS+Rvo7MlYD"} -01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724472137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482724472137,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"soundcloud.com","domainame":"soundcloud.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724472137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482724472137,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"soundcloud.com","domainame":"soundcloud.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753482315,"flow_dst_last_pkt_time":1646482753482315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482753482315,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1646482753482315,"flow_dst_last_pkt_time":1646482753482315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482753482315,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SaBAAEAG1aPAqAGAFwFCT7wMAbtaGHg4AAAAAKAC+vA\/9AAAAgQFtAQCCAr10Gu5AAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1646482753482315,"flow_dst_last_pkt_time":1646482753504024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482753504024,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJkQXAUJPwKgBgAG7vAwZG5KKWhh4OaAS\/ogYMwAAAgQFtAQCCApuzQml9dBruQEDAwc="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753504024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482753507544,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SaJAAEAG06TAqAGAFwFCT7wMAbtaGHg5GRuSi4AYAfZqJAAAAQEICvXQa9NuzQmlFgMBAgABAAH8AwOUyHhinsfe9G2IXNgY9L7xAzZ+DjB199btap4Cw89cViDuti6QLvXTxzS8GPAI\/LqrruRicKAVDOLPOdfZnGvHHQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtjZG4uY25uLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCyATmKdF69bnRwMVBRd98tu612XdMkfb0+p4HzFN6fBwAXAEEE+SEvSVfUiTeIP8IKKsjphsMZuVwTWztloapho\/r89Lhgv68xO7BDbwW8nmN\/dVf8z\/v3pQVdFakWyi7cuNIpiwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753504024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482753507544,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cdn.cnn.com","domainame":"cdn.cnn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753504024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482753507544,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cdn.cnn.com","domainame":"cdn.cnn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753526341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482753526341,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqy5AADkGdXUXAUJPwKgBgAG7vAwZG5KLWhh6PoAQAfrUUQAAAQEICm7NCb710GvTFgMDAHoCAAB2AwMtELqVoM\/mfusUlOC2G51WdvJI4PR9JQSsEne1FzCFpiDuti6QLvXTxzS8GPAI\/LqrruRicKAVDOLPOdfZnGvHHRMCAAAuACsAAgMEADMAJAAdACAMQOAmSslfiCXikKsKApYMmSSlt7yCWobEIBvUlOejNRQDAwABARcDAwAu4DLCDDP1zoo32vpNDY+QgLMOEQU9zY8LcQaPU15zF6hqlC\/LNjIbfPJYzN6t7BcDAxSlnjhb6n+pLks2VVtJP460ZAyw8Bl1OmTdwGu2wo2uxEHkwqe33ZCoWCu4Sm5+AA\/lWfvt+ZWkOcPbUc5uYE8vL\/zDbBPNHU4+Eg+zakC7YT2ofcCUrQRfPlbPGUzXmVNXrXNdVkZrgFC4IX7zu1bWuhmJ9AH7dBAkmF8X3gAu4MQGdTId4SXc+MPgiyr88Ot7\/WhiDydQqj9XpVgP+F4quMRR9\/BKkk3DpI9W00QRT2INOIE1S49K0quPIhuvHfTgXlbkbwlfeH+ZZctXZ7DNsi9+fkWIGCfVVB6nOy18S\/NuHFMKyrn1L6KpSgIbEUkZ+mi\/ErFsTYuayoj7+xh05N3B8O6TBmgZp42iAwDy3K5njcJ+h9R\/O+4bj1AsPSym9NJn\/cGAMCpE6UPPv8Ro7nmrZNvk0hvRb8fshN92eohk42AUoj9oQpnVhKev1982wP8K2mqq4OqsFgVlK7XFf1EyzdgdByRTERMljTHIQ1HsrRQbbMMDt53P17+v2IzwtZJRyS+Uzj9fkK3LCn8Nf8Q5WR\/\/vbKZhKG2zqs+0noJv3XfAf75WbabtCUSk\/PRJbIPO8FmtvyDACnC700eTLcqT\/sg+xPlItYB6m0JVx+OCs1w9ZK\/2\/WoeWmC25Imfzk0EpfPuYQ3rmh1BHyzpmDqcvpY72VBAX2aL4yJL4cA7d62M5gOOqCwQbjDPiFJetMBiYsZ8j4ymjHbVfMYWddyE1TVDscvY638bBaw4Y2jl+Rz6R2X4h1cvLBxQVyApPyzrvKNvsuEu1NmZRRHTXr15WVlcQOovVo5xZ4hnFz2ch\/sk\/NZ\/zlkMVGGwiYZOOUc4i7DfKJu08HqO27LWlQOeRwGlvjxok8vlKvbTK9ZLzjZYOTq947V\/5oEKonyeFr\/1ElMdE+Oj7uOAV6fWp3XD6YiEEE+\/TAiuakwEz6LLb05h2XgWDItlPLhPiix7JYw2J9gWxXo8hYQYODQGvnV3MWaEtRT4n14XwM5+zB+ttvQJq3GL3b0sIQrR+12JFWnEwUjK26PlJhpSORXka\/WnbO7Tz0s71A\/5xRrUlY+GXRfZJR37RLwixU3eBBXrzm8u+0jzUXDt0j7aqVn3wV\/6rDnMzjqQAocgK3ImA7E4UCN7yCnWKy39PuNrJ0pLEjccqMCQwRX3NLBL810NlxSFsld\/kohp932kseEFr5nPNHDHifHxylHl5Nej9C4JYXu95YXh+owYS6MsZsMVuQbzfaIIDO53H50voFRaE\/3gTWW0+CbPc6hrpszkVtqutsyOEEMScqapd03Y4p\/WRuIxUc2D89aKgf3d+28LqgFHLYvN7zML2ageMxxeGpKPfS4nwEtZkNLp0wftvcYt1cBBlYywgMOnroNUDXz8QPiNKaoquh8u8y5v+5JMtV0BK+GGHWB33XGRg2TPMle27g5avLv2xS0jTnSeQMETrnxwnPYJG5kWLb14u6EIMrXd6B7VdbWaa\/KQXBoOqwjM1CIuyrWKrqQtrWxb0vxkynNtXqQNCr32FptQg1BHeyaaC5sAg+Gn5TeaOoTGUbV3PI2To7vxtif80pzEH96vXhipAp23s1hzJgr+OzTn0pDz\/I2SmvZCU05CykAvgsHuHx2qUsEaXEmsSxz\/9XE+Ekhqi+IsF3MxbuDX0d+qgFcT60QupWGlkllU58="} -01244{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753526341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482753526341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cdn.cnn.com","domainame":"cdn.cnn.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01245{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753526341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482753526341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cdn.cnn.com","domainame":"cdn.cnn.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759960442,"flow_dst_last_pkt_time":1646482759960442,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482759960442,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1646482759960442,"flow_dst_last_pkt_time":1646482759960442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482759960442,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N8NAAEAGsY7AqAGAAhGNMZ+AAbsz0CpkAAAAAKAC+vAbqAAAAgQFtAQCCApTrIzgAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1646482759960442,"flow_dst_last_pkt_time":1646482759979922,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482759979922,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8VECEY0xwKgBgAG7n4Axx0rTM9AqZaAS\/ogIXwAAAgQFtAQCCAq1xN1AU6yM4AEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482759979922,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482759982731,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5N8VAAEAGr4\/AqAGAAhGNMZ+AAbsz0CplMcdK1IAYAfb4fgAAAQEIClOsjPe1xN1AFgMBAgABAAH8AwO90p\/YrOJd\/Z4tss7jqktThIJxJIB3e+qrLLFobtKKlyAX6YhgDO5LSOYTxZN2IGu+QsQ1WdlQy7VgjD2lE+VvBgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZWJheS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgf8Mv24G6SSqxNEfrqm7W\/bejLWA6OGSZmHTWefPpxiwAFwBBBD+GtRBdEP9fCUeld\/IGhJTQe0q9+sY1uU3D5mNCoqM6EROqE0XBEIsVt1XPe0XwL5d6JRvhBZsY2OXTwlPA9KoAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482759979922,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482759982731,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"www.ebay.com","domainame":"www.ebay.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482759979922,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482759982731,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"www.ebay.com","domainame":"www.ebay.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482760002525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482760002525,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcuS5AADgGMoMCEY0xwKgBgAG7n4Axx0rUM9AsaoAQAfqTWgAAAQEICrXE3VdTrIz3FgMDAHoCAAB2AwP4eNz\/n8cCZry+ixJO83AQZCZ84GkG5fx8Y\/DYNS0zqiAX6YhgDO5LSOYTxZN2IGu+QsQ1WdlQy7VgjD2lE+VvBhMCAAAuACsAAgMEADMAJAAdACDCgAbnVEyzVgGI2GLj7QnsAr4k6GrO4d+u+gLgppnKRhQDAwABARcDAwAuXcRaS7EMPvvI8Bi5+1VRQVP+aN2IhSF01R\/ufbCE63OvJFtaIdcRQNe8GKgNsxcDAxJxBUDzHPBV2nbiXj67AyxJcSX3xvCRTrizxUacFAONLacwPCgC8q9QY44SMCOLoVEjkWNszY7wh22xgHoAJYtP3drvZWZNUpU\/lluQ5cANfo+wjGMVPslEonnAicb+MLlTfhSNxpRw+RKqvH25UyKyiM5ryerZDsxFOUUjmhitTw6geEy+etATAIDd0VQBJqh2aCKYum8vModwo\/TVetVoTXM7duql5dl52xVFkDW0SmQZQ9VQNxTi67IujgWSciMudmaJeWMJyvZoEtCxmC8ThEnOSmk0Nf2tGE4wog8jjrJ3IXAOKq\/moyfPl+8lXvGiGY44WmDwnzFaVXNjN6RiE0P5rXfwgPUk3X6yQSwXRpZ+LKNcgJI8VNVqF7Dal1vIB\/xP6\/Xullv686yEuHetqgJyMFzbt+AVvJSbSShYAva\/s+oaWzS2gJAL98i47g\/HIRQP9RCvJja7q\/7M8X+Gh2sXg3EJlz6QRBwSaMDZyP5WqCMXyehhSTE3NwOIPs1m7i5bsf+hKoKyVWcNYQjFAWJE9O7oVlv1lFN8sjxPJyUuTexnbTe4d9X+xywL0nbC9qwueKbKlDbyZazcPgZAmnYeDaNlLUVdT4M3qten86Q9eVAaa9n7d\/wmJnrcu+ZJFpo+k3kaj6iZ7JFoZgHUFAtMr6FPWryt0BfK0gvkusNFNKEOuqB5qE2Cdr0GQ7vpuQMdfPQhRe6KQBUywepPiU\/lcM4erSEGzwffxoKlx6g3W9ygHzQAB+eeUDuAxrJvbCOaBi8lwlWVC\/EEZtQvSwV0z7\/nadsG8T7nhaZ0fVUELum7N\/BWmVrUlJx3imZ2yHVlkflCMtYSgpkn8vA+H+j9RtqwwCw+RIk3CwTDLYTX2tplK3MLQ1KLT1V6C7Az9JEp9RfaC3NL0nHh1P753EDdbzB12hqy3quab3lhN96fKHXk\/HrRdxAhNhZN+gv7dDnyKpxjufS1fcfZgOUM4cpIYTf7BQFjNz0w+rQxXB0v2d55jpGK6GLSO\/kqezJgcBKlv8XJyAhu23kpXOjWcO+ekergwhg\/6jD47XEgGbClpFjmjhgAHJb1O8KjpxAhRXG86qwVWktU3MZZOugVOFEvhENZ4Z0dQcFpPE\/1Q5Wc62yaiGT\/cDQuLi7KefvBq8wpJGVIFUObuKrhVTRGORmQ\/hwX8m2Map1UwjyjzTRDADoQ5qCZ8NV0G7giKbdx9\/4MSk9g3ewBcXEZQWvDKnlxg4Mgwe44noAq4mm2HhmBXPR3PKJYp+ltK2a3a9CbU7FIEopfzAQG1gAMp\/hr5jlS9w68POJO1iSr0R68olhW3BuZXX\/3Art3DPdsVVPrk1U6mYOPVIr6XEZ2ccsx+4C7proBN1nhXjgZDUkxMgKEFYF7SIoyxc91JhF+dXfbyIlRUVIQGLddEMgFsUq8qlzovVUjcYk7NgtCuaATKnD44qeTEzDmrr6Jzwho1JfhlESpB8J0v+e5xqEzCZAs0gX179nqGncTZjZuFMdBtJydpot2DaeAYjLywd4OgtvnWwG7CiXyGr6hB2Ylq\/NDz\/ua4On5isYreE8iCOlfMR3tZ6h4FiXAve+mmjqyJKFdyjFSRCVlAIsrPt27xSy1LnHVjYdN0qqLLPeIV\/GkG35byV5GVMvnsBK8dgiuiBzX46N1mRwcQYAG\/ek="} -01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482760002525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482760002525,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"www.ebay.com","domainame":"www.ebay.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482760002525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482760002525,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"www.ebay.com","domainame":"www.ebay.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482772264409,"flow_src_last_pkt_time":1646482772264409,"flow_dst_last_pkt_time":1646482772264409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482772264409,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1646482772264409,"flow_dst_last_pkt_time":1646482772264409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482772264409,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SfdAAEAGtwnAqAGAuX2+FaeEAbviQ3M+AAAAAKAC+vAD2AAAAgQFtAQCCAo3btlLAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1646482772264409,"flow_dst_last_pkt_time":1646482772292707,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482772292707,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADcGCgG5fb4VwKgBgAG7p4RVAzgX4kNzP6AS\/ogvJwAAAgQFtAQCCAoh0SIcN27ZSwEDAwc="} @@ -152,9 +152,9 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1646482791144413,"flow_dst_last_pkt_time":1646482791144413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482791144413,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8FF5AAEAGQPrAqAGAX2XD1sjoAbs9AWSXAAAAAKAC+vBfJgAAAgQFtAQCCAoz72hZAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1646482791144413,"flow_dst_last_pkt_time":1646482791167258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482791167258,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADMGYlhfZcPWwKgBgAG7yOhRyYQJPQFkmKAS\/ohadwAAAgQFtAQCCAoA0SpiM+9oWQEDAwc="} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791167258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482791170130,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5FGBAAEAGPvvAqAGAX2XD1sjoAbs9AWSYUcmECoAYAfYkYQAAAQEICjPvaHMA0SpiFgMBAgABAAH8AwPkjLny33P+mExr32cMRl62\/8RJSZlKid1V05U+ySIWLCA+yoN1VMfFXakU81pmrArAv4PMFa74gV6zhhtZIkRahgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAhodWx1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACATY1QXYS0qh7KvKliQF74PNyaFCqlZEZicpu9ccKADKQAXAEEEtcC0kqJMuUk4fNE8PcFvshva3wSMZbKQk5Gr6YxJX1t14RCVX0X4nJLqvHYB8ofAk7LBbtBWK6qUGB5XQIzcOQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791167258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482791170130,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hulu.com","domainame":"hulu.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791167258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482791170130,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hulu.com","domainame":"hulu.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791191818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482791191818,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcuNtAADMGo9xfZcPWwKgBgAG7yOhRyYQKPQFmnYAQAfouIwAAAQEICgDRKnwz72hzFgMDAHoCAAB2AwNKvD71o6ldv\/wfhnoctkUMQVOvBdL\/E538pqaDgOfuVSA+yoN1VMfFXakU81pmrArAv4PMFa74gV6zhhtZIkRahhMCAAAuACsAAgMEADMAJAAdACCyyuRTekSEiWRB0kCryf7fkyMQ7C8wFQctevnYnU\/wFBQDAwABARcDAwA0UU4SzG5kAazJz6oJmOMa4\/3cbc8An8Ax3vFpz+lLrfOsJSYY+jNTJOIlB+TSvMbFk1QBbxcDAxFVQsq3i22go95F2TH4hzyRL\/GaBx\/EhdzAbHQbZt7NNGyPWdpcv1kI9anvi2FlI9qqqPP7uC86f\/gdLFqNlPe3nJPqKsz7bxpgVS5pbAnShoqlKaEruVFI3neCFibkmTVDlEf8vM246WMlsX5ixYFtLwZ\/mvMPxtDHh2WzrJ+n7DQksnM47MMRCREyWN7ZrMRSGXd9QypHlUAZjMYu6WZvFU2YeUwMAR6clqPZLbwkI5hy88NeHQy6aYhbnjQlUiCH6kmJ59m9qkJVXniwyXopOb\/J7SXMeJJ2UAUQQP3u6S6S3GkBc4xDPE6Mc1bH6U66CnJG76FAz4bS2cZAXCKH5FtLjT2c5rWowhh1l3bHXhVeWKAk2cFc+p+Xz3e8gF3rv4gHpzbg4Msi5e6TrUOFaTe0PmZN+xS8quBwTwc49uGPA7g876JdQRHv1\/gZ7T9gwvAvELqdtRRXpAlNBta8\/oLpSEgivmQyOQwNcFoq75YZ55NYBhlApaxIoQbouDSirEWPaWx2TgVm+qv8XwyhPqX9zkbnxg0PCwSA3\/EKf7Ec09fXZsFXkLxaiRAz55M\/GMUtLGXQa31PFigZ7EN\/fCA00QCwwEF4FE1Kwh0Amlvdy6U7750rffzLKHom43504oZFsmRmykVUHpb+O7CnlMhNlzg7wgpuDV1ALe\/dmyr3GfnOD2VOoi7fjQyxeRqnirIh6d2HpDwh3uJPd+zBajHfKXdywY5uko1IWzsK7VwB\/0J\/ngGPk8gR2Xfx3Bd9GVKf3\/z8QjNLORZh53kW4G4Zs3w\/DrrxXKO37G3NuCNzrDVfsLpImAZDsvQjjtfrr\/yOi3x2G\/lTubHV5DvGgwgHi2B067UOiFZIkFOieH5sgvdLNCbfHzty3XKZDZ2\/nU8W0WEXjdVGiYmtUZg4xTpNqTbEm4swqVFqctFcf97+etpyAJRDWxl05HNb3RY2G3Dbxn+cRhLkhYU8QfSCkthkTZKAaGbPdSaNNa+elToVNPdFyujMnbJycAjnH0TKtTRgy7kcZBst3U6hmj1I\/HO90yvJhm4a4SnGKi12fc1bRwTY9nNMp\/ZcGcEmzutKggsy9TQp7sAxq1EUXnEtPtmCC1rOnrGhH\/SxH5nDnGn2Nnlowwh0GbCGlxfll94w39K1HeT9db+fJf6\/BfnnjyiGPRxVgV693fvsyTv5LviTo8wQ9+a4i1UVpJ1ZfZuST7cDFAE2eBOW7ollq\/xTu\/Xsv39Q098zVKvq4hDyqBBs9erd8GSXhLxDZasOqhH0C\/0lkKUQE+ezHN+HmLiBWneTeawsXlkYLDNbhRysBSEoJT1loyBx0vhFTdEdKhrz24mRcGOGOkCYP2eeHD\/GMbbEojKflwP+w5ED0RtHdBMHLu0ERNOadvL8Kk69t2ozzMFigio\/ImdE9zi4uRvOeGkishcSqiVSvdAywhejwcoSKSkjxzEmgLyzkYYHhJMLG+bO4JaDM+U7V13ZeVQIHosTp7vUTgscdOaR4yNXS4JqjNtcKv7DhfNp0F4Jw9bUk\/wbpu4qHHoMyJ0CLubJmIWRVMyKQH8PR5AJlupMCB7t4kcSWwTNVbbP52WPjFBgHVafIJldhk\/qlUudJwbjTHC00rd6aEJC8MFTEDha17tFm+o0bE3giKIR3X51xzpF2zJlGKw="} -01249{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791191818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482791191818,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hulu.com","domainame":"hulu.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791191818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482791191818,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hulu.com","domainame":"hulu.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482801387341,"flow_src_last_pkt_time":1646482801387341,"flow_dst_last_pkt_time":1646482801387341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482801387341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1646482801387341,"flow_dst_last_pkt_time":1646482801387341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482801387341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8u7RAAEAGHxDAqAGAImB7b6+aAFDTrORQAAAAAKAC+vAeUwAAAgQFtAQCCAqmtsAlAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1646482801387341,"flow_dst_last_pkt_time":1646482801394699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482801394699,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8tJQAAHkGLLAiYHtvwKgBgABQr5rfpgWE06zkUaAS\/\/9QBgAAAgQFlgQCCArcngeAprbAJQEDAwg="} @@ -184,9 +184,9 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1646482845216543,"flow_dst_last_pkt_time":1646482845216543,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482845216543,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZOJAAEAG1L\/AqAGAbIvSZt62AbvYtDuvAAAAAKAC+vDuhAAAAgQFtAQCCAq3z7DKAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1646482845216543,"flow_dst_last_pkt_time":1646482845236185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482845236185,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8MSYAAPgGkHtsi9JmwKgBgAG73rYdOl\/82LQ7sKAS\/\/9A+gAAAgQFoAQCCAoefQzKt8+wygEDAwg="} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845236185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482845241664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZORAAEAG0sDAqAGAbIvSZt62AbvYtDuwHTpf\/YAYAfbCEAAAAQEICrfPsOMefQzKFgMBAgABAAH8AwNDaq9+o2\/m1P9XaJsuL18rMu\/cbIc9LrPA5zUbsuvbziCdB7Y010YsAP9WvlmHthVAcmE9qTBtm04O9SpF9+K9iwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAhAB8AABxzb3VyY2Vwb2ludGNtcC5ibG9vbWJlcmcuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFWzj0ex9WIWXeCl2qveVdo+cRB1gHroBn+mOFydyRUDABcAQQTZ7Kd3Dh15jhsRvRpWp2w5A6ZrOrpRgthYeTOHm9lBNbC7SyMy7sz4nAvG5eX8+75Yb0V9pFtY29+UzxdUbzEpACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845236185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482845241664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"sourcepointcmp.bloomberg.com","domainame":"sourcepointcmp.bloomberg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845236185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482845241664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"sourcepointcmp.bloomberg.com","domainame":"sourcepointcmp.bloomberg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845260491,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1646482845260491,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIMSkAAPgGiuxsi9JmwKgBgAG73rYdOl\/92LQ9tYAQAQVWSwAAAQEICh59DOO3z7DjFgMDAHoCAAB2AwMl00JNBhjoDTpue8OJUtDI7gWrENRehivML0uiJZw+aCCdB7Y010YsAP9WvlmHthVAcmE9qTBtm04O9SpF9+K9ixMBAAAuACsAAgMEADMAJAAdACA6ANhx1SULZ5qicHmcZpgOcKzyDJFZ4gyvotfcMC7xUxQDAwABARcDAwAkmehBQSsokWn1+0xD1Ekz\/emWUgmYCHXTpXumKfkkeAhEZPb1FwMDDdQsVccoMVo+96JdzPbhNPdALkbarmAR5a29lK0\/NdmKqcwPR+V1gffSxJKNaqhaiikQk1bK7YYDLKeNYrQ2fYtgQhJ1kLS7Q\/BwFAtLwkQZm3pSfglioGxnCtPRUl8OedqJS1IHYsXjUVUnZNbiUW4XiIPcFw8z9jgypB9ajSZRPFvDsCesm5Mok8748tu2PljORa+fVT0PBZVIIVOIZssACXOZHB9ialf6dAx\/dx3mnn9ZvFrrUV936EU2e7njSQ74xl6JgM7UfntfwrniAxgxW+NSqSBWGRf0Vje6YkWYW2G5Yc\/WNwhE1sfvVaBo4S8lFZTACgG+cvXDc\/c4SuK9ClLp\/bgTLtQ\/84s6saAL6CIyRtNJOfQapfqQ52tBEw9WWRQRx+GVxe\/qFZ7Q6\/RY\/jAOIX9Vu77gloPqU5l9m9GtURRXaaIgOWf6CnARAJ\/lrIz9A7+X+BK1JT5vxW+o262KGPCK\/e51NeZPqvd6+ZAb2KB94B3Lw6vfzGlWJjXf93hk6CFqaYqDSJ9wdq8l3DiC83OgRXvtu6v8hs7Nyhp0\/Dhsz0M4sjiH64sLXf7NUSvFzBsPr8Zwmc3l84oRo5Oz8ZykhchBCEXuGm0NUSniu5qly88yhPgXv3DH5BIbUJ5YY1LY86QRRmreSSxLMMYCdQDwtA25NnbEgqBn6eugtUhVOhe35f8mL9+IH7HeIHovRyF+FAhrnRf2x3vAI6IV2N5D+TngPrbltBGlfU74buGa2\/UTdnAwm3kXNkF75teSUXRR3W0Ae+7Vde7scMX1UXXs7Myuv8g9WsMdHhRzgWukNecHwfZKuZRSQjzLYV4S50tDsvrdwBaFlfgJoVXRTlkYGJauaMaseVVSmMrFLnDvY5Q3qlTOmiyt4PXiVhbVzIR5\/yjVRJEuxMqMIvKMCASwC9ejgMzwYWEVJ9COaaqFwo73yLZzoRXG7bb4Jvx+yLz2TiUdEJkDx7Tz4JrMuTX\/iYeBcMePikQhsOo3ecgAAEtWhklIiWyV5IZsWx+pDVKLvyIkaHh4surWWPL0\/gDbsafXtWKQGo5yUc4VU7rABE8\/RZ\/EyilMuaY+GUtcEI09RyqJj8utYvyIOaOl+qwkJf1uQ\/HlzJGrHLYJYbm52c5E4W8sphVASbEoo5wBc80ipoOk5oRHUKatThn2v0kGZRwO9d0edN0LHVskXzDOAg9cshMRuy0wXIAEyNTlWnDY8+qbUyKyJbnST1OcV4jVO342qF5Qt31fM0ZWlp2TKesvoZNeH+6muAu4P+Pvu+y1yPdzbolbedSPSORYPSOvByajv5MZPAxsDis4mNRcaJiQ0zQG7+37qZ5Y4SYLWRGGN6nfvoEBfHcwjtLTwludHgGykbRE8Os78V1m7rs6OTc0zfR+BVxlbiThNAg6I0wNJdLl7ZerAQlHURWSgkIR0ZS2jDVHkBye0buCzGJ28kUKq3ocUk1VGT813+Lxn3OXqK5v34Y6GJVShc3Pc+CWnBbtICjaYSvoklRiXx+o+PtsG1\/DuoitHuvHYrXBhlc9SM0VoERTyCuuR8v7kZkS+V3H34LXnYnPeR56LoSgM6ItoHUrI67gt8eWgArjEaLeDSA65qb9ZZTPHVGM1FsXERms\/AxnooVxQJxS+QN5jS1zbPGaInFY1oaU"} -01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845260491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482845260491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"sourcepointcmp.bloomberg.com","domainame":"sourcepointcmp.bloomberg.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845260491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482845260491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"sourcepointcmp.bloomberg.com","domainame":"sourcepointcmp.bloomberg.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482860064890,"flow_src_last_pkt_time":1646482860064890,"flow_dst_last_pkt_time":1646482860064890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482860064890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1646482860064890,"flow_dst_last_pkt_time":1646482860064890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482860064890,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8zthAAEAGckLAqAGADWsqDr4OAbv2xGogAAAAAKAC+vA6VgAAAgQFtAQCCArF2TKPAAAAAAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1646482860064890,"flow_dst_last_pkt_time":1646482860089011,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646482860089011,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0KdNAAHUG4k8NayoOwKgBgAG7vg7o0cSg9sRqIYAS\/\/+nUAAAAgQFoAEDAwgBAQQC"} @@ -206,25 +206,25 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1646482879566800,"flow_dst_last_pkt_time":1646482879566800,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482879566800,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZJ5AAEAGuDfAqAGAFwFEvd\/4Abu+RY+DAAAAAKAC+vCgEQAAAgQFtAQCCAqibL0tAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1646482879566800,"flow_dst_last_pkt_time":1646482879585905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482879585905,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGI9YXAUS9wKgBgAG73\/iES9VYvkWPhKAS\/ojG\/QAAAgQFtAQCCApEcjdUomy9LQEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879585905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482879590126,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZKBAAEAGtjjAqAGAFwFEvd\/4Abu+RY+EhEvVWYAYAfb4UwAAAQEICqJsvUREcjdUFgMBAgABAAH8AwPTmj1yotJrCU5Axy8WSqX4RbWM\/SINHTcC+qIJwwqdWyAtxwR2GOpVXqzss+L4QuffJNllYoSRruXn4YOMT1n2UQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABN3d3cucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIO+m+y4kE\/Ul0wRfLnWkNqXDSHnFmA3tI1g\/5Tv\/EZwCABcAQQQh+3EFl7VEJWAHnTsK42aVbCexqYTb9DwqjdAN6Pu9IMJwjvRFdXg\/Y6aZYu3btbo89OdSMmSsifn4YkrISGSJACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879585905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879590126,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879585905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879590126,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482879608912,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcuGRAADkGZdEXAUS9wKgBgAG73\/iES9VZvkWRiYAQAfqCIgAAAQEICkRyN2yibL1EFgMDAE4CAABKAwOBBacTcxLQcpf\/xOGxRR2CePwULm5vU9EXzObSIHQCawDALwAAIv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIWAwMLgAsAC3wAC3kABtswggbXMIIFv6ADAgECAhAPQ7qsH8llHaxnrRr1FzWXMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMTExMTkwMDAwMDBaFw0yMjExMTgyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMSswKQYDVQQKEyJTT05ZIElOVEVSQUNUSVZFIEVOVEVSVEFJTk1FTlQgTExDMRwwGgYDVQQDExN3d3cucGxheXN0YXRpb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3Qgt4P9Y224g0zoPtHTQ62jOmkBDHAJt9oe2ENfUBlMYZiYOdvuj2oWA0hWM\/1u2BCu36V67lS4b99HLRCikrHVgUNxkudO8rkdL4tH3t3WAQRMskVgepd2HaZYil3INmaLa6f1JMFYIa68G4gbbt8fKYh1+Di2herOlebADQ7GSx2oRUf8lmfZDdNvX8NLVcQNNtiGFDQx9PawZErjW11tozNDi9Hu43AfqEjTn5Cy7jcNbRSV\/vWHhX677Er6den3rznV6K6msbmWNeoygSfN+QtGW4zaFzWy6AymB9ZWyjAZKxZIPykYuNIT8iMwCrVJVtekRIgiSWVoBxqHSQIDAQABo4IDfDCCA3gwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFABNUfVgXrmPa\/rV+1oGI\/9o5f0PMEkGA1UdEQRCMECCD3BsYXlzdGF0aW9uLmNvbYIYd2ViZm9ybXMucGxheXN0YXRpb24uY29tghN3d3cucGxheXN0YXRpb24uY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwbwYDVR0fBGgwZjAxoC+gLYYraHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi0xLmNybDAxoC+gLYYraHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH\/BAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF9NYkWGAAABAMARjBEAiBw4adKSoTaEg1DG55p72lSiGR59iIJtfIV11QzYcKSNQIgYgMdbbAZDTRsdEJJx3wKfM4qIJgNRlkkzStk2fCy0fQAdgBRo7D1\/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX01iRZPAAAEAwBHMEUCIGH9aujoguOS89DfmthBnuGimJ20LoIiOLkOixddzmM+AiEA8SGoDfP+SexGTJcaM5VPyxRoJmO+qb0="} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482879608912,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482879608912,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482879608943,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcuGVAADkGZdAXAUS9wKgBgAG73\/iES9sBvkWRiYAYAfpUtgAAAQEICkRyN2yibL1EFHEbMrNgcVqrAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF9NYkVygAABAMARzBFAiAdEk5JcTg8\/7GZwox4xrDJHor+3\/hk3iSBi12D9ueQhgIhANG8suAsXaZSFftsGvqVxcd1ECVM96JTmkQn+zmro7bDMA0GCSqGSIb3DQEBCwUAA4IBAQBh8+lX4cGkwrI0xajnGJa5hjhshafy1dyi\/OK4pBstrak8J6018kBebB7pfBJGDtjbyBZX8BLbBKhJz\/Nx0vUlLATCADCv66zTYDxI2g4AQQxmfIxPzWJn17x61253yb1u9bwdDmdYnm20ReQGI1Jp7iuMIm8SAwduBJdQX5t2CQTHqZPFZE2yYFlqsLZxrGlahLhssMIqGyXODC0TdYPmmK0vAagsTIFv\/2puBbc\/Ev+ZY94tP4yxJB8wirxNYgWiTpS7RaLXNUqd5rbSxdA+6k4w\/QGU5huraHGEt9GCs9MGoO2Sko2KouqwpMrBl9+pRLpf3jl7H+LH01LaIGV5AASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza\/P96rtxcflUxDOg5B6TXvi\/TC2rSsd9f\/ld0Uzs1gN2ujkSYs58O09rg1\/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME\/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\/RR3w6RbKFfCs\/mC\/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq\/sELfeNqzqPlt\/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEA="} -01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3863,"midstream":0,"thread_ts_usec":1646482879608957,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A","blocks":0}}} +01640{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3863,"midstream":0,"thread_ts_usec":1646482879608957,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879964649,"flow_dst_last_pkt_time":1646482879964649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879964649,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1646482879964649,"flow_dst_last_pkt_time":1646482879964649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482879964649,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nmNAAEAGzLvAqAGAFzP2QbS4AbvcfW4jAAAAAKAC+vARXQAAAgQFtAQCCAo1KzXVAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1646482879964649,"flow_dst_last_pkt_time":1646482879981627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482879981627,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGcx8XM\/ZBwKgBgAG7tLg0LEpK3H1uJKAS\/oiOFAAAAgQFtAQCCAqG0XpXNSs11QEDAwc="} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879981627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482879983523,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nmVAAEAGyrzAqAGAFzP2QbS4AbvcfW4kNCxKS4AYAfZhPwAAAQEICjUrNeiG0XpXFgMBAgABAAH8AwOVj3yfLLIdpS7ph9cCyv5vCYAGlSzvdrVr1N5tbcI94SDvfvqZxXeUOWdQ166wenjn8HB2CzcmnFG8kG7bSApHKAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAbABkAABZzdGF0aWMucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AID7op1onM6THMaho0vMOrhWIG6UTS6n8xwsrP6D1biscABcAQQR0Q9Knvll2eKORbkRyexBvYc7r+Q69FpqwjjnvO3KMU7d3ZPOw9jaGO1B0c9lo8UIHFSOSayE0o5gPreutfPv3ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879981627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879983523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"static.playstation.com","domainame":"static.playstation.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879981627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879983523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"static.playstation.com","domainame":"static.playstation.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879998959,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482879998959,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcGehAADgGU5cXM\/ZBwKgBgAG7tLg0LEpL3H1wKYAQAfooOgAAAQEICobRemo1KzXoFgMDAHoCAAB2AwMdNiKdQS66TG1dyCOwptjBRt9POx14VVunuYZo7ql18yDvfvqZxXeUOWdQ166wenjn8HB2CzcmnFG8kG7bSApHKBMCAAAuACsAAgMEADMAJAAdACAXC3BnxXibQvXlPvXackVE6qVSM0uTzNS9wtehVYweARQDAwABARcDAwAuL9AYW1FJVOW2DFct7yJrAUSOFYcyR53maDik3s6L0ac\/+QVeexvew\/fM3kcU2hcDAwyBPzkyEyhEOs2cpsRzb56Q\/t1RuVr7dNNfhe6Pbsx6BmeRf00Xwmly1L6c4+FMLrgVmDa33uzJWX8VpfADSu4RnVvSm5Kpl0DoLZbTDVZ419fjRRioYU0kLoXsZqo9oXCLh35NJTARKEJfxuooDVVxrcOLS6QfUNhPFhqBi3rgPlELjpHdcwOv6kI5zWblIn0FKOaRx+edul5eSLPJrRbkKlQ4jFt0Ck0AEVaZYiX38MX+xcaA1n8XHTW3iOKt+1vCPn227UZ6XtwYdwRcJbXGNokr1rRrdNRo5uYAm+dXDAIpF3yIuPQXdhN5ojiwFprQOTsAsI5ez92QKqchMb1S15IPNdrUpw81cD4\/apouU520O9HsWFKAV+PRNLC2n2HZO9oMipSQ68TSDBnEJnUQlaAww6dAp0mphDPNloNW6elzTX6RTCJF0jmxs290U+JHrVByif4mDGvgWI+rWYoaprsCluFl4BJvai47IMcYMluMnEC\/F++q1CYOP3eCqlZLRcEDd4b3UsruiEehsAOSUAfM5Q\/5wQvUfevnbH3NaVqtcGcXsd9s5l\/mKBzlcEwtCcswGDLaQEHMzQfLnCay5caDVfVlVmtZHGa7X321aC88WROxZKXmDX\/vQ9F36+LH5dnKKpajdKJbWIhCb96hTTZFeSWIB6qVvukD4Mmn\/ql7qRBBqiaz92nT+gAdbAzWCmC5ZdbsE9TPNAOstQZm1gTyw4vtNHQhzRfQ+5CzWePQjJeH55NKulgYi93t+WmO\/Xw+nqLHaNTLVjvuFiPTN\/XDyI9enaPq5vi9cnU+92Esp9jVmsK87CoeAU\/hnqM4xtrq3\/s9F\/o0Ej0oLOXrvQJGJjvBX8s+Bwloch8k+G9qMCXqaOVmCA799Qf+MAnXUP7rHQH8ELm5p7p+GsHItR\/GY0iI7Qsk2oo3hxxPs0pfRHz5Wuhta5hUSg5TPSn+0JbFK4u6xfuBF5RFSPCdCVORHRUTa4ZYFnVIuheBC4PiSUp2O\/unoO6RGdIXqHTvPXrruCiYHkDcCPwpzJOrveYQRDcJDrcRik4nFoltpseMp7BD\/xZsgYY6V91gTJ\/6D+G\/91QVUv2Vfsat8xMhXcZs2XmJGMGnIoaAEU1unOdnbZ3gJA1rrsSqLVxT6c2hYt45Hh5VUuv32GdC2suPUROPPEa8vMa4SMnMtdYw+PQuEO4jkicw3rS4Ey8slQisoznZT7vA1Ic0iky+7DOalhCN++7Cco3WhKh35HQsI4DmMCYJCph8O6uU24eZFuH3bkCIlyuzY3+VHZFZIkeL7BCC4dYIkKe3ZOg1YWefN5f02xNOtgNYMMlFLU71s3SUIyDfKuLdTwhQddscQvWAga5bWF0yyq+Vqs4+IKLNTHwC\/Mr+y8YmShr+3eKA3WgxKI6\/wUUK\/yoxaTe54\/RKfMiVNrFleXpdBS7R95axKVhuyZSVrpd\/y0DqWdQDmtiuPN3GyyKs+zmnhamFXHyn\/PBnbm7zbuX1wRJDYRsJ\/0qCNS2YtdRPQAWEW0vkhpa+O\/TU4UaeZg3gE70cq1mLgxqurTLoy3ZMcyVcT3GAirx7NuzqPTCDZBmHGgl86eVUA8kiczF5TGrEsBM7bn+ewxFeluJyf0CEZfnjRgMVfuDjKxY80X+tNZ68XOcc5Y0dNf2\/P5Q9g1LzUBk="} -01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879998959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482879998959,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"static.playstation.com","domainame":"static.playstation.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879998959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482879998959,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"static.playstation.com","domainame":"static.playstation.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896911097,"flow_dst_last_pkt_time":1646482896911097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482896911097,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1646482896911097,"flow_dst_last_pkt_time":1646482896911097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482896911097,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPpAAEAGn8vAqAGAbIrHQ6iOAbuXn2EUAAAAAKAC+vCb0AAAAgQFtAQCCApW0sF4AAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1646482896911097,"flow_dst_last_pkt_time":1646482896918912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482896918912,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8E58AAPcGuiZsisdDwKgBgAG7qI5txRYul59hFaAS\/\/+2KgAAAgQFoAQCCAqPYc1DVtLBeAEDAwg="} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896918912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482896921314,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pPxAAEAGnczAqAGAbIrHQ6iOAbuXn2EVbcUWL4AYAfaXogAAAQEIClbSwYKPYc1DFgMBAgABAAH8AwNMrbkme+2pG6WKGaUcTfCs10ic95it0jPiimTr5KWaaiCmUwwyrZpDXgONpktntKRQJ28LAppHGUwuuBwH65AqlAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAApkZWV6ZXIuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIAS3iFI+Lml2aqbJ99HMOh2pxKpjuORM+VA6AJN2jS5cABcAQQS2OgHZ7hQeCCurKRe6Z6o4CXtv3DRVG4xO7HV8XVI+fMr+wQD4VFXUBMvHu9XDFEguxQ+LZymMWbInoPBoAAbBACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896918912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482896921314,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"deezer.com","domainame":"deezer.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896918912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482896921314,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"deezer.com","domainame":"deezer.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896928135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1646482896928135,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIE6EAAPcGtJhsisdDwKgBgAG7qI5txRYvl59jGoAQAQXBQwAAAQEICo9hzU5W0sGCFgMDAHoCAAB2AwOS1XRiQhtHbsWk7IKMotNVJhoQERPfN6Zn9M8Pa\/9DzyCmUwwyrZpDXgONpktntKRQJ28LAppHGUwuuBwH65AqlBMBAAAuACsAAgMEADMAJAAdACC5e9xEfCV5fqDbMwqybkRNE38lDRLma9iWS1wPjNaVVBQDAwABARcDAwAk0F2uVi6cSugSVE5OnZzVG+pqX6vJqyLz11UQdWeMUASCS55bFwMDGeAaTkAQDlR2oi1a4CX3A43w\/i8sDBJV1bvBwohVahX\/jSqWGg3EbXZ6QP8zOTm+7UOdvBjp\/L\/Q06PJudYZ5nElqSGGv7wsN99O0PVbuoC6cMYGjAUaR2N6zjlkla6lYoZOaqqRopkEuw9+jdD69Q+LfVB6JRDMXGav9lD46FNEyIJiVeqB6ZzDvQsF0hDvsVRLgJL7+9brRJ02cWQjc790lJ5\/IV6KYzt9j\/RSvFj6tOV2tIGd37EOisJ+YPY1IBH+PgWTwA3DRjV16UoEmGah9+FadbHorXKCxyXACRs43RPkzvqTtNUWmE8AwOgUe7EC\/9J8tF4f+VwcjMcXUOYGHI\/\/TbgrRbD0olswt2g7FOU08CXcT4q9P5EhZJqdbRLAClKDhcpaHpnIALhs9\/spCNwC+fiiZV7Tw53HfD87aMzVul00joHapiXu0xAHWrzYnvyxan3XTUK4brp9Rd+ypqosrQYXg8tXxXhN2gCrvAxSSqhOi0AEpca8xK6G0v9v0CUzNQz6kqvZlDH6p\/ve+I\/UJjJzO2r+nwP\/kkYPLKURLPOlU2LlQVqmdEO\/WVisJkEHuHJPR23A7KQeH2thBVN+Thg5ujNqOKhOViVqbNg8pufR9snMUVLyyRwm0dnmj2+FzEkPaQh989nT0XCkEi0rSXY86hPcWR9iFN2lZhArJyPVa294V25rWpEW\/OHvdM4ADDANCrM1WZ5WMowmqzunXEtoleaiigLpTCxd3LlJjaFXYrDX1BHEVq1WV3plT4j+nixhYNZq8ZE3\/hyW94eyv6KpvG4EtBSeFQsErwEBuzBi7drPC7om+\/FvzbX0weIxfmZ7jj8ny7KpxaZJELgimpU8u8e83uxIN4BoeSkjfj5VjWx+D7jYgHNq8OgG9twFoxZ3H9zw6VXSCdI1NOfnM2KMD\/3NndebVP7Bw4g1OFMOUMQaJE+p\/hutYxtSNinlqyIasmpEe17RoinamTFr\/UB3iWE5cRk3un3Y\/INeyqfATd6MvewBZd6w2CNW6Ut+QR3OHXzfAPR7\/6gZw80h+dkNvvv2YZhLNR7fFCytlqLfKwcE3ac55lwOG3aYgFqk7QMi8RtpRnejscum+EPD+yhSiEYWEnZF+QhwLomph17hHIbFo6Hy3fB67GLdiSZRhhq4JWcd\/G4Lan+GLmjZ\/bpffZhDJ6tGdL0VJ+cIf2HIzZIXgD8ThWXTKhtlCSiluKhML1guk4QbgZ7Kfg+yYtWCWYNXSV0Bgr7iKsXTsyOQrPSbiA2XbgpfWQnVMOWf6HZk4b4nBF2flUOzID6kjCWzDJN1ov0HY\/u8vkWdZpNVcjbEPhSJYGQuZZjMMwm2AXSr\/FZ512IZZWu0x\/bqScS1nrcHl4mMWzmktdpY8gnlQqutW2y7D1vLp9D4gwkK4UCyoyGVWxcRj+DKF\/FqWRPZFc5lycA7umQmzsHVnR8GTgFUoQIgh5uawTFmxhQqbijSqxg3OVo3sGtJN1EoU6aKaaG1yE6y77re34HM8f3YDYAEa4+f0AjOre1v6n1Cck4EY35qQF3adiya7gTfgi4es9Tl7wB4xkY4G0CO0rR4BPOB4HF7LSimiolDJQ5noah3uv33nk2NTgYmKd0pWY4Rh8M4Jbl3fwk+0Ih3zbPXNJaElCiPyaFOc4r5"} -01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896928135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482896928135,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"deezer.com","domainame":"deezer.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896928135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482896928135,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"deezer.com","domainame":"deezer.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482916232520,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916232520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482916232520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916232520,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482916232520,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ooZAAEAGcYnAqAGAEkFSQ8tmAFAueWmfAAAAAKAC+vBogwAAAgQFtAQCCApZaACoAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916249193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482916249193,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Lu8AAPcGbiASQVJDwKgBgABQy2YtbN9PLnlpoKAS\/\/+hEQAAAgQFoAQCCAqviQYeWWgAqAEDAwk="} @@ -239,9 +239,9 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1646482995689179,"flow_dst_last_pkt_time":1646482995689179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482995689179,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8enxAAEAGb8fAqAGAAhGMP78GAburV\/8MAAAAAKAC+vDqEgAAAgQFtAQCCArEqeKzAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1646482995689179,"flow_dst_last_pkt_time":1646482995709387,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482995709387,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8kMCEYw\/wKgBgAG7vwYhgnsXq1f\/DaAS\/ohOCgAAAgQFtAQCCAocht8\/xKniswEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995709387,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482995711939,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5en5AAEAGbcjAqAGAAhGMP78GAburV\/8NIYJ7GIAYAfY3gAAAAQEICsSp4socht8\/FgMBAgABAAH8AwNFE1YF0dNQQhTDT2LTts3l72ip1ON6WYuBYFjp45zAOSCfsggN3rEBQ1caacueVCEG9V0G2r03kBuc\/FQ9ILx8tQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBhY2NvdW50Lnhib3guY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIKOdg7M8WplrJ1dHmYhafGTWEV65\/XHCmgpJRZB9OyhxABcAQQSUMlyZp7X5PylQs43MbEemG5LZD4aMK86EfSyduzhW1kr6wtZBIJI7MJb\/MCOqF0\/ebXOaYXIP5autWsClQmu8ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995709387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482995711939,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"account.xbox.com","domainame":"account.xbox.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995709387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482995711939,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"account.xbox.com","domainame":"account.xbox.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995732146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482995732146,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXc7bJAADgG\/vACEYw\/wKgBgAG7vwYhgnsYq1gBEoAQAfrt7gAAAQEIChyG31fEqeLKFgMDAHoCAAB2AwMgX4ftb3H0svKlo38gLKwNa0xpkKciGui3rSBOzeSziSCfsggN3rEBQ1caacueVCEG9V0G2r03kBuc\/FQ9ILx8tRMCAAAuACsAAgMEADMAJAAdACA\/mq72l\/X5wYV7xiehWSBoqC1e8kd0tL5DyVUibFxDIhQDAwABARcDAwA0H3JUn0f6qbdT3p32P454HXDP5IYRoxi3lMRFsJHODkz7xJR5rgRz4MUUYr3T2Jjw+aFRMxcDAw3vtHQjBW4T4HPZPzNcevH+ta4BZOrEGpO7JPPFGNMR+SZNYvq8Khg4xVIZT+TJqq4y1UdQbC0SHZwa\/cWCWVOHJ4ToIVpO8se5z1kQiKjO7tsa2hkllD1P0sE5LzYwhtMXNA34pNAfv+zFj8O8gPl5LrwDPa1lbD2QeNv0JAamm+bK1Ft6MAnnldnEPrq4Dkccu8V4aAK0s4ks79eKH0mEL0W9UbhZ\/5MCDtImAaVNE61E4X\/V8nN1yO04U\/M+zGq+QDSb6KI96yZb7pWQdSDUi8WnroCvk2JjcCQc8V2UmPAo9fJoyWPbso1Qcx9oZRbVGmpDVZpZJrOWGgi+06OP2BFabKp31yRGr4hDuEmV4NyDCCZTO+xQcDQhQmKL+4kf+QXUjoQxs4kZ88In0LC8TmMi9IijejQwkzlmz\/SzXuijmdP4d53ubD8lHcJlgRL3kBKwJzVPYcrYAX1CRyAMdo\/IbRMxxljQ3DomuICtMsuRYbp6mcwPqcIrAT7lmeHwMLiMyHvHZD1A84phaqUY6HK1zep6jPPCQZmcFMe30aF1x5yH+SkMcCyghsMHgbI1R7ukgiBmTOqo7jWbcmiVhQ3L3yDdmanbC\/X\/QWSu9qcxgRX7ZRVxVFJmzrTymCMDxFbbv2s3CZ0yeoVuu+IcPZLPrhl+Zu5URwP4SVK7vlh+4+GvIza4+GqkN\/iTotsJRUh9xU4kieK2ilr07rartoyURS14Wp5ysWUErig4i+Z+g9iCLb2Kl9qn2bQtpePtcXWE0zNCULJ7JKcijniRn2yuzvIbkXJJ+SK7X6gnb3S8RqXxvVa++ZzrhsMsIU1nRIA07F4N5mhI7fT2QOEr1bIB0sF0uUym9USQa2dyAvnC0TjciJMoOroLp+vr9nabRkfhC2rBP+CXRdy7SmA28jGR8iqEYPclnhbN6dpxNxc1ehduJDl3kVBB2ILxwRQaC2afQVb3RTsRefzNwhGX0O98j0\/UpFxsecWW6hkIRJ8PK33ReXB8k1u812Eir3c9+LWrCTMeng5jKJ8kaYlG+UUY7TZF6IJ8qxeaVvJtLvA2a95yHiFCLFCUfViAueCzeu1GIcNv8C1gMmzRalbCLIwqt\/eKesslRNFwLRiOzBi84gBDhUvvVhNjB1RHyyCCpB8MFBTrE5ciQu9PoVtt+eRfCvPulNoFZQ\/+XXXf5uN7WstK2SMAt8kd6Dm8rW5vjIat7oHHJOEVyrEXtFNLBmnsyp\/+A8uu9jhioaZcZu9PbsqgX947cUyzg8DzCw0VYjIzyvV3G+a2\/Dp989Tky7diemEbBta01GDvPjz84jn\/J2yStVEHLiyEi+TIicgi4S5FjZZFIQm3iLCFQn0EI\/LUligLugcu8t3StyiOntIzSbpLiYRvBOQnIAKh0Lq4Ldubzwflx6DfySliFcQtqXOW8YQd6ZIpT21SsUY\/aWaBZy\/s+VcZ73YYOW3ozEwB6pj1aTRZW4iEGdlMBjwMQsIDjKZwJh1m8Kc1S54TnIcrb+2bm66cbtdj1oRkqUnYQnBYu8GAY8z\/8pmY559B3eyC1WTmKaZPMDfFxDzfAZjcjEGDHNdHsDaJiqGd5E4e3X89yPf1bRwd3zq2Ak8YKKRjVBmHmZaDPd3TnmaIa3TKzkLGemc\/Rb\/maLvxxnCwh6Mshn4="} -01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995732146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482995732146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"account.xbox.com","domainame":"account.xbox.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995732146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482995732146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"account.xbox.com","domainame":"account.xbox.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012464918,"flow_dst_last_pkt_time":1646483012464918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646483012464918,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1646483012464918,"flow_dst_last_pkt_time":1646483012464918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646483012464918,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NmFAAEAGec\/AqAGAKGGgApuUAbvrsR4tAAAAAKAC+vCXKwAAAgQFtAQCCAqLefivAAAAAAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1646483012464918,"flow_dst_last_pkt_time":1646483012642016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646483012642016,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0h61AAOYGgoooYaACwKgBgAG7m5Tksd5d67EeLoAS\/\/96NQAAAgQFtAEDAwgBAQQC"} @@ -250,28 +250,28 @@ 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646483012821762,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXch65AAOYGfOEoYaACwKgBgAG7m5Tksd5e67EgM1AQCAPV9wAAFgMDEU4CAABZAwNiI1ZE1H27b6T6JRvCm\/MD0luKFyMTDe3jrQbpiHy4ICC5MgAADb+Tw4RbiKuNvdQaqUF3iqCf4+0IdypYCofcN8AwAAARAAUAAAAjAAAAFwAA\/wEAAQALAA2dAA2aAAiqMIIIpjCCB46gAwIBAgIQBlZfm2qDLxvIgJ9OV3KS5zANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxEaWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTIxMTIyMjAwMDAwMFoXDTIyMTIyMjIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB9wlkgtAgWRPrtQjN+hjPY9n1E5BhRmtLNo5GgPTzKcmU9tJGqc3zsJF3xgbCIc1AB8dt7DonJfZNasePo6d0IRrMqsbrNLn0GUGS9qjY3dLxV51XQ61Sd9T5EQIE\/XwKZh3BtIehwUH0rE3omOA9+auyHPSNQb+BS4A5N6ZgG9TmdvEIgWfY9f1Id2M+DUxfatVW0Jp89Wvw8GBDfyzllLm0\/EDzmv3rk1vx4MWpb91yl2TwrYu1EMiyNNtVWRMGhTp1gkz5aMgVZO6TpdbLjcEUMxNrBEfUptVSqyzS++eERCA14Kg2rdfoONwwYHx3GIbJwcFbAJhsLXa\/I7dxAgMBAAGjggVlMIIFYTAfBgNVHSMEGDAWgBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAdBgNVHQ4EFgQU3Odtv0FtIj23r9K5dpo4sXI2NS8wggIQBgNVHREEggIHMIICA4IWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYINKi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CDW9mZmljZTM2NS5jb22CDyoub2ZmaWNlMzY1LmNvbYIXKi5vdXRsb29rLm9mZmljZTM2NS5jb22CDCoub2ZmaWNlLmNvbYISb3V0bG9vay5vZmZpY2UuY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIbYXR0YWNobWVudC5vdXRsb29rLmxpdmUubmV0gh1hdHRhY2htZW50Lm91dGxvb2sub2ZmaWNlLm5ldIIgYXR0YWNobWVudC5vdXRsb29rLm9mZmljZXBwZS5uZXSCFmF0dGFjaG1lbnRzLm9mZmljZS5uZXSCFiouY2xvLmZvb3RwcmludGRucy5jb22CFioubnJiLmZvb3RwcmludGRucy5jb22CHWNjcy5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tgiFjY3Mtc2RmLmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CGHN1YnN0cmF0ZS1zZGYub2ZmaWNlLmNvbYIaYXR0YWNobWVudHMtc2RmLm9mZmljZS5uZXSCCioubGl2ZS5jb22CFm1haWwuc2VydmljZXMubGl2ZS5jb22CC2hvdG1haWwuY29tgg0qLmhvdG1haWwuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY0GA1UdHwSBhTCBgjA\/oD2gO4Y5aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NBLTEtZzEuY3JsMD+gPaA7hjlodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRDbG91ZFNlcnZpY2VzQ0EtMS1nMS5jcmw="} 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646483012821837,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXch69AAOYGfOAoYaACwKgBgAG7m5TkseQS67EgM1AQCAPVywAAMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB8BggrBgEFBQcBAQRwMG4wJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NweC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXNDQS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAX3fdqGRAAAEAwBHMEUCIG19vZQ3ztPNq5S85GBThQ4+TBDHFxFC0nXZ4LXpUu3rAiEA8+M15TzZmOUopQftFbHUpCuDhU09pI7ZIoZ4rqlvzwYAdwBRo7D1\/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX3fdqIKAAAEAwBIMEYCIQCCt\/CWyrB3z5L9JJQqtKhuKwSHXVPO\/nIzLQIRvE8QSAIhALAUu2+684sYBmTAWbK9qLsoHMJRLVDtf7PKkkuPEhCsAHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF933aiIAAABAMARjBEAiAmY6DHSC0PRZfjQURv9gfH7XNEvLtjnimdIZ9DL1pP\/wIgEm240\/6jgHbB2vouW4klCYLhx1mBUl2EGyo40QGnLN8wDQYJKoZIhvcNAQELBQADggEBAKs0Do0f0D7XJa8EwMbjj8gm+KWD\/Y615EL0mYouOSdmvSw1h3kWcf3Z3gP9p7LPMTiWc9WgaATbbQQyCdIiD4lE+y\/Hgw+bok2WmRbY6mYbpvHNrk5MrGqzAuJQP6PKt3aBz7PPYPmXPTacuSVPid0KRE9WekJR9Qbk7uWzQ9sUrU4qL0vpapgXTftedAVBzNTW+x6T9ZQXCGPbPWrvcN8p2WRUpvQPorVZ+8K6hKQ74Unfe858rN6lgFCEo0o1k\/W4HSPYM\/GX2BRkg5zPfLO7nMgTuWoOm6j0aPk8QFiDRXKTGIlkTm3CU1U8PU5zGVtJrxLepFiwH8haosDkiUMABOowggTmMIIDzqADAgECAhAPFxpIxvIjgJIYzS7W3cDoMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTIwMDkyNTAwMDAwMFoXDTMwMDkyNDIzNTk1OVowSzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzElMCMGA1UEAxMcRGlnaUNlcnQgQ2xvdWQgU2VydmljZXMgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGt9ocUeVQnV8cvBWg8mzzNZ+xFECyE8qRHxNlTQkUJu+T+M8HXvEYv0Yvmt7VneHxqcL79uOW2VM9MXqy4InRzVSkIc8hk99CVCQ55g1C\/X\/XUzJtCYY6ABLlBqs5OEpmbrNbFvlsCc7UWpKtxYtSY6kA5hab2uy\/o54fCi\/acMs3s+D6\/ied0I4JL2uq\/c6YlPP2\/qeVo\/\/gwomDHOy6j88V\/Ozv9DzGhfHQP0L8UxL1o8aXna6ffmwB+RiVO5ugT8\/YGx9RvCycgQl1hvD9g0nyWcsl8sIv\/+UgFUwT6Iq+3zVFdbd2QdAPwM0\/0x8A+VkZHr3Mgi9x6PqPyXf8CAwEAAaOCAa4wggGqMB0GA1UdDgQWBBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAfBgM="} 02010{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4435,"midstream":0,"thread_ts_usec":1646483012821897,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","proto_id":"91.21","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"outlook.com","domainame":"outlook.com","tls": {"version":"TLSv1.2","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3s":"71d9ce75f347e6cf54268d7114ae6925","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58","blocks":0}}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":434,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":185341,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":24,"total-active-flows":33,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":253,"global_ts_usec":1646495488872237} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":434,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":185341,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":24,"total-active-flows":33,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":253,"global_ts_usec":1646495488872237} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488872237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488872237,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488872237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495488872237,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8\/MhAAEAGRHDAqAGAD6Anu7NKAbvmP22QAAAAAKAC+vBpUQAAAgQFtAQCCAoE\/txmAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495488880478,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGTzkPoCe7wKgBgAG7s0optQbo5j9tkaAS9LPzBQAAAgQFtAQCCAoEQEeaBP7cZgEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646495488882948,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5\/MpAAEAGQnHAqAGAD6Anu7NKAbvmP22RKbUG6YAYAfaZtgAAAQEICgT+3HEEQEeaFgMBAgABAAH8AwO25geT89HZVQIHdAvPqVcdroWBp1YfQbaMJ\/IT9jA01iAQ9v2Qg1QtgoSL\/wrZgtn2pCmqUafGB71JcGJ1a5vPpQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFndXp6b25pLmFwcGxlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAfoSMbRE149N9PW6YpT\/B1gLVQ\/izORnimYk5vzkOPIwAXAEEEYgA3US97mm0LBVaj+yl1ih4nt3Ma4wqV+qwTQtcgUnIu95ynuvYl8aODuWCNRrQ8KDDItT25yW1YelOufG9kvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488882948,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"guzzoni.apple.com","domainame":"guzzoni.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488882948,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"guzzoni.apple.com","domainame":"guzzoni.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646495488890513,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXc3OJAADIGbLYPoCe7wKgBgAG7s0optQbp5j9vloAQAebPtQAAAQEICgRAR6UE\/txxFgMDAHoCAAB2AwNJ2HRqoT52PRFw7cmJJgArKEzeqz+jlvbkw\/WJIh9cmyAQ9v2Qg1QtgoSL\/wrZgtn2pCmqUafGB71JcGJ1a5vPpRMBAAAuADMAJAAdACCiqYYCZfqcpaqWbOn8XpMx60m948SzpJySebBBQcJXcgArAAIDBBQDAwABARcDAw6p3GJeV40OLlIOgvs6jLGbPMEcdT4zKG\/rVsUsq9ymTcYjT7RyyNUzyEMQE+S2Zd7yCWPh\/OyiGHU6g8os2NCfseJGLoK7lbSLwXQa3FDIkf6yhpXHPGTc10MmnkAoDaVFX0aAZ5PLjqC+tXrOLCMEeUq3rQWeQwWvDvlbnzHvNaPAbd1NBT\/UAJ6Na5yRPrnesEFTl+9q5rCZ1fXvAoCX0glY4wCzt6l5vOP1A1nO4vnps2cZ9ThTckti2FChzBRLR6ClfR2SG3kjGN+1W4ipMLw0+QtWjvnS+WxrGHUNL2fovCY5M1fRkd3bP+yHpRWMS2p4dpxb9dVTLye9c1ap7SaIdd7\/HgBrivEF08UI7YeMs2IEerr4OOaHf1N0kxHNhtQ3bVXniVdYbR6zkSPli9+nnPjaNL4O8hez4C8MJXhsSukIcNDZm4PF4L\/rHSVZxTJQHDGlsiw4wwr19KcNmuoGHexlFvakHZ6PDkrqR7ujT9Ep6Dj\/CzQ592O+w6F9IsocfqVB56rY+bg6lajMzzOiakFaiBadRsPq2ENUszExC0jisja0iw4snp0\/+POhBKKhbdM\/sVfmeDfBzpi\/3wjEFn60tvJMYOaRpCne2S60gpFJ9qyepqTGMIHVY0ww\/9dEhDz+P46yv52XhYyewm6W74Tp59tfHLtqBHQFmO82lFAY7+2MbuGSPzAQAazKDYijfVnptZ48m+HWM5RxnMbYHQLaOPJGR8a+4bZ2n89Z6rSEfpkMFcu0YAqB1SuQq43+W4jGbpojxeEPrSpL2e05DJ5Td7zSaatqEKZLLoJLxArCEuhiO5xyQQ12BF7KYp+ykEyGGRaw8lRoNzFrZbolwcLJHNbiCqHsPQLLrqsWIBZMvXRQWNLk3zOCwr4gvtRVNRsxDTCJWoZiuZ3gXYo6ZT57kYkOtQAgWHUTz15wcxgIY6ZvzFFlzrOSETElJDMmreyYinxqBFgF9g5gsWbFrEjNBnDevi7joYbVislYKg6YD7zEweiWl+cBs5enDDuQNmgYBE\/YHqsFBdedvFjNr0qEgDpTRxGOWja9YpG6SAOOLYIX88admQUKSk1Rzi0esjjBPnt5tBRTJ0wWdv5EHqKTbfYUJDML44YwiAK3CNKWaiMowrqoyT7eKq1gJn2qr2kK7aHPu\/UkGFaycKY4\/z9cWbTM8GkZX4QuNkD6mWq4Yo25McmerRc2mv0HQBveUQo4zdL62txvtqlZE\/qf\/GuYRk9dEVG4D7o7nnLBCBg3Ln5JwT+0KIxZvsaLFe07yrHvILrhgOyqVYe86QwZYd3ARcSONBjCfwGzWlKPMT6pJZqd0QD1Fx+PEavK4aQ23zI5AcDyKlMOmhWqPhNXqPyZZRpKIyWKid\/\/TmsDguDOykvIDl7nSF8NSG871hK5WzkITmp\/zBszG3faHyeVPl8T8JMA2yvXwSCkNmrFzOPuzojqw1l4ab1OMPUqVLntrRXRFIwAcdhzF+19UWU0j9YQvmoU3xjbhvLNgkOtM8QMdNstONtHAHSSo4bZjVCFFZdC6Q\/CUmE7rdGltQcSlcqdkxPjZmqhxTzIrDNCtin1EVB6wuhVjWfwWHIN60C2CD8ay0MB3Gi+SHpOX6MeAvrP30pcgOuLqkKAB7VFhq4MbYWubAogOnNNhDcMknhXoa6bpJcD0O1KZR3urXANhx4EsWg30jyw6DXL3kOb8fH6pXnItSNnRB96FDbfluT58nmg91VBbygcbA4="} -01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"guzzoni.apple.com","domainame":"guzzoni.apple.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"guzzoni.apple.com","domainame":"guzzoni.apple.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":1,"flow_first_seen":1646482825245035,"flow_src_last_pkt_time":1646482890229130,"flow_dst_last_pkt_time":1646482890325852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Bloomberg","proto_by_ip_id":246,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":1,"flow_first_seen":1646482825245035,"flow_src_last_pkt_time":1646482890229130,"flow_dst_last_pkt_time":1646482890325852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879614533,"flow_dst_last_pkt_time":1646482879632889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4121,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879614533,"flow_dst_last_pkt_time":1646482879632889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4121,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623941304,"flow_dst_last_pkt_time":1646482623982001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Badoo","proto_id":"91.279","proto_by_ip":"Badoo","proto_by_ip_id":279,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879998959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845260491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879998959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845260491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012833860,"flow_dst_last_pkt_time":1646483013011740,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":4761,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","proto_id":"91.21","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482659915877,"flow_src_last_pkt_time":1646482659945895,"flow_dst_last_pkt_time":1646482659961974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","proto_id":"91.195","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482802720593,"flow_src_last_pkt_time":1646482802732248,"flow_dst_last_pkt_time":1646482802742412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LastFM","proto_id":"91.134","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} 00968{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646482686914106,"flow_src_last_pkt_time":1646482686914106,"flow_dst_last_pkt_time":1646482687080565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646482686914106,"flow_src_last_pkt_time":1646482686914106,"flow_dst_last_pkt_time":1646482687080565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00970{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646482916232520,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916249193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00975{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646482916232520,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916249193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646482916232520,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916249193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724472137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724472137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} 00974{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646482801387341,"flow_src_last_pkt_time":1646482801387341,"flow_dst_last_pkt_time":1646482801394699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646482801387341,"flow_src_last_pkt_time":1646482801387341,"flow_dst_last_pkt_time":1646482801394699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1646482844787933,"flow_src_last_pkt_time":1646482844818910,"flow_dst_last_pkt_time":1646482844825719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":4736,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} @@ -279,13 +279,13 @@ 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482634412021,"flow_src_last_pkt_time":1646482634434348,"flow_dst_last_pkt_time":1646482634459323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GitLab","proto_id":"91.262","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482772264409,"flow_src_last_pkt_time":1646482772294676,"flow_dst_last_pkt_time":1646482772325972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Canonical","proto_id":"91.169","proto_by_ip":"Canonical","proto_by_ip_id":169,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1646482860064890,"flow_src_last_pkt_time":1646482860127141,"flow_dst_last_pkt_time":1646482860150984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":4801,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LinkedIn","proto_id":"91.233","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791191818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482760002525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping"}} -00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896928135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791191818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482760002525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896928135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482866432813,"flow_src_last_pkt_time":1646482866451722,"flow_dst_last_pkt_time":1646482866473555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Pastebin","proto_id":"91.232","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Potentially_Dangerous","category_id":7,"category":"Download"}} -00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646676232,"flow_dst_last_pkt_time":1646482646693050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5202,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753526341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995732146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646676232,"flow_dst_last_pkt_time":1646482646693050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5202,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753526341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995732146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650748124,"flow_dst_last_pkt_time":1646495650748124,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495650748124,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1646495650748124,"flow_dst_last_pkt_time":1646495650748124,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495650748124,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GIFAAEAGaR3AqAGANHHChOIWAbvSHIRRAAAAAKAC+vCUIQAAAgQFtAQCCApnoF3vAAAAAAEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1646495650748124,"flow_dst_last_pkt_time":1646495650768253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646495650768253,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0H0NAAHQGLmM0ccKEwKgBgAG74hatJvO00hyEUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} @@ -298,9 +298,9 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1646495669804673,"flow_dst_last_pkt_time":1646495669804673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495669804673,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GxZAAEAGN4nAqAGAbIq5aoOAAbvmWe+jAAAAAKAC+vCvxQAAAgQFtAQCCAqEU9WfAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1646495669804673,"flow_dst_last_pkt_time":1646495669812499,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495669812499,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8yYIAAPcGEhxsirlqwKgBgAG7g4CERzW35lnvpKAS\/\/\/nPAAAAgQFoAQCCArIqUDThFPVnwEDAwg="} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669812499,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646495669817020,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5GxhAAEAGNYrAqAGAbIq5aoOAAbvmWe+khEc1uIAYAfZdLwAAAQEICoRT1avIqUDTFgMBAgABAAH8AwN96ffJWUDTazcjPKRqPmlOCDA7EP6e0q+5Knlqzgn4siDXwLeA2RnsV46x7ZH7OaLw+Chjc3EP4ZBJc+xWJC0l1wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cucHJpbWV2aWRlby5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgGExhTuOW51jqeKeMnZIkirN5TNVDUu2atdTJKyWyDBgAFwBBBNa6zHPDKyGGZ8TLrmG8xe75hAb+vBq5zYOy2EFwzMFPukEZchYJ5onOljVZmDEEihxmPvbweI2eyfjNpyF4jCAAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669812499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495669817020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.primevideo.com","domainame":"www.primevideo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669812499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495669817020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.primevideo.com","domainame":"www.primevideo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1646495669824646,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIyYUAAPcGDI1sirlqwKgBgAG7g4CERzW45lnxqYAQAQXOcgAAAQEICsipQOCEU9WrFgMDAHoCAAB2AwPjGPqRWOOZxoE8Is66m3RbsRkzGxkAVyndH8vLKDSFwiDXwLeA2RnsV46x7ZH7OaLw+Chjc3EP4ZBJc+xWJC0l1xMBAAAuACsAAgMEADMAJAAdACDISjE6jXcvj9RkZAQbID3cTd8KiX3I6r8KlMDUfzpPOBQDAwABARcDAwAkpXCZp7P2SmWlib1QnzplpoJ0swWQp1U5VYR06dN6UDtp8KXMFwMDFUWkGP2MGe3FAwGKBhFw\/Jol1Cslq4CaNEUF4psGqChmXnyKIxZ9bGet7KJMQSMSmVps\/wJ78uDP0zpsjLU+9DI0yiZeroYWeNtF4WO6IC6m6KH2ZqyZGg6mBln66ppe8Q2K7bAz3F3AA0XuUIubsbaI6Ob5xMmHyRR3u+t8nkVOk+CjcvdxoDy\/sANcJlvygrPr74Oeo5vNVLlWCTGqYVU6QlfZqQJ3QnY\/xE+ojgaWujmoQqETzZevsrLUPdnqUxHUs9e9cpjzkB6+5Q2VLYqW1wxAUEKvTKDhKq1YG4fKYU2iyvJxlHYWk\/uPHeEgmu98EKFLLBYv6ZqAisqpbnEbRU06WqOVb2Mx0jHGuZJaJsUhl9BBdifJPOyt4jzzvvflym+nG\/f5RsoekLx4I3eqlIfqYzVKnwepYJmTYDVWJJzV6kf6xt0WtCxQRgyClopmVxjByYUgRrzZhpkr4haP\/bisqUAXy0DS10EmVGcuT\/\/BlEnHqtm9b70DinljQu4e7LsuvkmJDqIj+eqlL9K8TLQN3XWrNefrwxAUM67y7WmtUYR1HskcrIsb9cLZNbZa11tXGjPtIx47b1SrhPyFPwQYKhpLs4B6ZOjI26Mb52wtP7MByGLSreL9dCImwZXH1g8dMYIgAzodAkCs0y+UfpADrwvK5Na3F86\/LC3Yxx8TqI7tDwYP\/noxruaJ3Z0e4d5osqflvLnkjykiJYvAp0iwD6RXLDcg5QbBZC0omKLL2eeCegLL3z3xcxzLXLCElnvdWSTEdX2KM\/6xU\/fcSCXjw1UW60R\/+PcNGh6JnpG6L9fHdTOpY0ZCYTMjtwuGtdJxyamzcgfBlX3hwkJNjJSOR5Sz1W6nUFSbNl\/Nvt1GCViAIBmX0aHSd4QX3NFyYH8nRt4QW7y66WRNjQvXholMEcwljQRtRINDG+tTs+X\/N+\/4MaSm9avp3D2q5M72pWibbtr1p4kJvt\/49cGAOSxbbSR9VtW3JAk3uEFtpton9E9dVfF3XswDIfWyBMpQGIyRU2I7ikBzEeqptwmaI3LVSw\/tsaTNEmWypf846ELIWpxhVRxr4N5NcdDBI7pck\/uB3RYMLbAVRZRY13iUzKkqXqCqGrUmV9d9MrkFXI\/WaIrItdGX0TpRiVcSbmMlgipUjXB5Wpendqsxsm37vdc3Yaq+4CAP+vO8mZ+UUwAjRe4DvJzB5rUaUUGDIQlPLn7p7aS3odLZbgqmos7VNwyBEJTuqtC800r1GZq6B\/tnBme0\/v2BpkbWSRuM5m6WQKlPAG\/zOtbk\/ZVj\/Z7JNeDlzl29F3gOXMq0dp1Ik5040UJDvF6XCIN3i+22Q83JDnLeKVV+bUwHCj+33x\/hGx2vBPyng1TfhKUB9ypvsJnPEZOebIumH3VFPlRvc63pYo\/j2e\/xOlyXd4apuGMcj7LHNuU37mTvGgT2RMTztUOVJC0MEFgzWfSfGaR\/AOOtS\/5Rh5Tfa1v4ADdqzkpGWw1fTB8N5+nCcqq8lX6x7ZVw1lpibzaWDePIBIen5U+z5Ta5n70bzX14q4OTZS9LhwJinWbq1uUJC3Qxax+Tgs4QTr1SpjCOf1htCHr0iEf5yrvqfXrbCg5+Qtiny27tDzWoYEp4+vN8D2fPj52oz9fDwK6Id2cOhs9frfcJuQjW"} -01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495669824646,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.primevideo.com","domainame":"www.primevideo.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495669824646,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.primevideo.com","domainame":"www.primevideo.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495697787579,"flow_src_last_pkt_time":1646495697787579,"flow_dst_last_pkt_time":1646495697787579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495697787579,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1646495697787579,"flow_dst_last_pkt_time":1646495697787579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495697787579,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TvVAAEAG4RXAqAGAjvq5jtyKAbuisGnHAAAAAKAC+vDU+wAAAgQFtAQCCAq56si5AAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1646495697787579,"flow_dst_last_pkt_time":1646495697803322,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495697803322,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8kPwAAHIGrI6O+rmOwKgBgAG73IpV9E4KorBpyKAS\/\/903wAAAgQFlgQCCAoX\/J8euerIuQEDAwg="} @@ -349,7 +349,7 @@ 01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495837086190,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"plus.google.com","domainame":"plus.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0314h3_55b375c5d22e_2d2a40a25571","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 02351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837102627,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495837102627,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMROvOO+rXuwKgBgAG7j+AFVSXtyAAAAAEDuYLxCBrJK2uwimWBAEU4Tznrzq28hb1XmRDs0MFqelTnhcFUZ84H4q1aY4G8iO4oHDfc48pBHn\/VwFJa95gqSHvH4Ev8Om2dP0drKfHTm5RIabnMUwABEpNiK30Wb+s0DC1P8fJqrYirSkcMUtk+OScepXvvMoUJqb3oK\/SHueY\/CR+1r94ahlb+lQ5CMkRrFEpV8Y80c9Tk558ky1YvZroBJocv+D8x22dTrB3Nr2zV5BXUe4IfZjyM1uOvrGOzm7BFlSrMgOj6FKIkCgp\/pf+jrmIN6zoTCYHljLfpxOi3CtJlotE5kvBNJfYTIlpV6ePxOeaBHnLAnR8AUiLMe4EQhoCyafpPSu2uRilBt0zY24SPHj+Vr1q8JDD3+tdbrEpwnhqALSf4fMlI0nlCiW6KDCz9YYUL75K4IS9444yNzf1Yr99Mh0kbqbRkqVD2lz0sc+tejmla91jt2s1ymwqM2Dkc57wq\/ZGL2qTvHoCDCrWXzzSFq2DtMODbeFddKrW7D2S\/WC6gNpi8CkmnUEfrksPztXbMxr+4svM2m36IzD+uTDtBonQOeeetS42fSNmayHtkfbHFRhxhKIWxbXnDeYhaHVYjCQ+4X0zwkTVPladnLIcVEBYqwYQv5\/bz9ieX8wyoykaDLtE9CrJi2EKtZ8wkCC7Z741Zd+Wml1GFTEX8vTPcXOs4jWXGa8by36ak7R21cVgtCbMzCsX51MXYO9rxKpqzQ90YL3ZJybESTLyCZVaetnFQQy0zj9i3aMbEeaF1GIY8fpv41LJIfBTcuddEsku5mHk0ET+hIJRQHhrqv3\/7dLCFIB8IbFzqoMNXvst3vFd153RNd4+wDFw0PTKp3WxAax7aH3o4vpIKkH5MYZZm6QdYg4AXeCOVs+yOQckfo449mppsZnBCauNFwyGHgfdImQc5ChUcBackKfZKPm+8gpfez3Lh5cIH5TVZfBcX2049yxCxwBIQNMHRFZ\/l6px98JrGqv9wlLvZ9x05f9o+OBwqtGjSma1n6CqkHTjCKDb9wEKbD27oXi\/IB1KPHp2u9d\/c+7X2RVtjWmizhI43eqsfAt6YQSI\/I6i5XWGJRa1qw\/6lLbvQvj\/jHqXTS68GWhBdBLJUtfTko6qCsN7rqu1qRzGoIhl0BkGE92lNyYY\/ZTU6\/hdcvPHH\/gVolLu3hFDPu+ipgvDDLIZuRl+UaoOI4gJccnN1m37oKsX6NQtnyeGSc2tM6+62ei3A6X8waSaElCusvteiUGCHQxwaHmAxN+l0Fnrtj2W9v8HqhbG8zavLaMSK9TCSurpq1GtTp5SAztNP1KCrvVnqVhJrjpPBsMoRZgIibHU+b02bSrZ5vLUq8fMRq1DHjSpmxuFXNZXv4gyNl3Dl6lhcF466Vu3DVIKOpmXUnOt94P9drBleL2pc6g\/Rsi+uKui90velUE0hGPgoOIhhDJ0ymy34LYnDdDZuGwprFKEAglwy2+YC1sXbba6gKVjcOV1Ca5zHuLIWZHit470RXXzr7m1Xi\/5cXZYyKSyJACVo6ge6ve+Upi7YI+aW+jgyPqmHMKb+I\/eIOcKZeHyih24R2l7AgjvcvMggC5W8nbNUSu9cpnGWdlPqjTB0D+d7oT5+bGyUabkzh3dJ2t9fzH8gnGtlT1zFzufTmcBCKpbCY6sP\/0lUq7vHjuvu650M0IhuYA8e9G78Y8vHGY8YN9zIOLD+CF2bDXHwqf3VW0Z0KdlLeLkOH0oqFJ9UgLOZLQqYMUReoZ97In3a7hJ65ZurIhpFxCeAoO9kMhJrGIJTN\/Ls9g=="} 01023{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785351813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646495837102627,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hangouts.google.com"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":221442,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":39,"total-detection-updates":41,"total-updates":1,"current-active-flows":10,"total-active-flows":43,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":352,"global_ts_usec":1646568788171099} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":221442,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":39,"total-detection-updates":41,"total-updates":1,"current-active-flows":10,"total-active-flows":43,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":352,"global_ts_usec":1646568788171099} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788171099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646568788171099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788171099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646568788171099,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8AQRAAEAGfpzAqAGA0FUontLaAbs4n4KKAAAAAKAC+vB1NgAAAgQFtAQCCArSjLpwAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788337647,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646568788337647,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Ke1AAPAGpbLQVSiewKgBgAG70tpN2CtOOJ+Ci6ASOQiNqgAAAgQFtAEDAwAEAggKXyXRHtKMunA="} @@ -361,15 +361,15 @@ 01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788673958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3272,"midstream":0,"thread_ts_usec":1646568788673958,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pandora.com","domainame":"pandora.com","tls": {"version":"TLSv1.2","server_names":"*.pandora.com,pandora.com","ja3s":"7047b9d842ee4b3fba6a86353828c915","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF","blocks":0}}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495697787579,"flow_src_last_pkt_time":1646495697805649,"flow_dst_last_pkt_time":1646495697827917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","proto_id":"91.217","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837102627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"plus.google.com"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495750527068,"flow_dst_last_pkt_time":1646495750848034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3946,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","proto_id":"91.202","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495836963393,"flow_src_last_pkt_time":1646495836983510,"flow_dst_last_pkt_time":1646495837006974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1646495710534404,"flow_src_last_pkt_time":1646495710590410,"flow_dst_last_pkt_time":1646495710610809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":6170,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","proto_id":"91.221","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785351813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hangouts.google.com"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1646495710343950,"flow_src_last_pkt_time":1646495710423757,"flow_dst_last_pkt_time":1646495710456993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":5890,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","proto_id":"91.221","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650812560,"flow_dst_last_pkt_time":1646495650832457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":4252,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":225679,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":40,"total-detection-updates":43,"total-updates":1,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":372,"global_ts_usec":1705785496290955} +00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":225679,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":40,"total-detection-updates":43,"total-updates":1,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":372,"global_ts_usec":1705785496290955} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496290955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705785496290955,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496290955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705785496290955,"pkt":"SKmKCiNt8C90rUP1CABFAAA8WxFAAEAGa0rAqFjnuQWhy4SAAbsqMmHbAAAAAKACfXh0jwAAAgQFtAQCCAqBTLs4AAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496317442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705785496317442,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADgGzlu5BaHLwKhY5wG7hIDVhr3LKjJh3KAS\/oimXQAAAgQFoAQCCAoinSn+gUy7OAEDAwc="} @@ -387,7 +387,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1705785496365954,"pkt":"8C90rUP1SKmKCiNtCABFAAAoTbhAAOYGzf2fmb\/wwKhY5wG7wx6oa+tFx38bIVAQAf75kAAAAADOeU3u"} 01767{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3087,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"accounts.ea.com","domainame":"accounts.ea.com","tls": {"version":"TLSv1.2","server_names":"accounts.ea.com","ja3s":"7b6819ed58e8d8415604b7dfcef92d55","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D","blocks":0}}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788681368,"flow_dst_last_pkt_time":1646568788847834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":3594,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231228,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":45,"total-updates":1,"current-active-flows":2,"total-active-flows":46,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":390,"global_ts_usec":1708371748027374} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231228,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":45,"total-updates":1,"current-active-flows":2,"total-active-flows":46,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":390,"global_ts_usec":1708371748027374} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748027374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371748027374,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748027374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708371748027374,"pkt":"ILAB4IZiNObXAhsnCABFAAA8gTRAAEAGkffAqAH1oCzExtWiAbvECMZsAAAAAKAC+vAnvwAAAgQFtAQCCArUZE7pAAAAAAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748055776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1708371748055776,"pkt":"NObXAhsnILAB4IZiCABFAAA0AABAAC8GJDSgLMTGwKgB9QG71aITcGZwxAjGbYASchD5sQAAAgQFrAEBBAIBAwMJ"} @@ -409,12 +409,12 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1708371750154536,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708371750157379,"pkt":"NObXAhsnILAB4IZiht1gDeAtACgGOyYAkAAl6hIAAAES2FoAk6EgAQsHCj3BEsBEptQIDV1VAbucIrjctzlpsy+1oBL\/\/9X0AAACBATEBAIICspyNLidRH3kAQMDCQ=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1708371750157414,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708371750157414,"pkt":"ILAB4IZiNObXAhsnht1gDsawACAGQCABCwcKPcESwESm1AgNXVUmAJAAJeoSAAABEthaAJOhnCIBu2mzL7W43Lc6gBAB\/7FfAAABAQgKnUR958pyNLg="} 01489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":764,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":764,"pkt_l4_len":710,"thread_ts_usec":1708371750158421,"pkt":"ILAB4IZiNObXAhsnht1gDsawAsYGQCABCwcKPcESwESm1AgNXVUmAJAAJeoSAAABEthaAJOhnCIBu2mzL7W43Lc6gBgB\/7QFAAABAQgKnUR96MpyNLgWAwECoQEAAp0DA0lhCxZfHJxOLvTjSJDu4bOLSSpK6Z0wtJUVWTwBPDKXIKMEDyWEoDyKuKyP12dVNul0vecxGrfnmzBFntrbF0ngACITARMDEwLAK8AvzKnMqMAswDDACsAJwBPAFACcAJ0ALwA1AQACMgAAACMAIQAAHmNvbnRlbnRjZW50ZXItZHJlLmRiYW5rY2RuLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDpj5aM9rjS5Xw7ViF9USpkgtp+vbu8zyEsqmNqymilMwAXAEEEli8s8GLgAzgsLcfOsYxrSM+Tk9g28iWs8Z5YgoFqkYV7skglWG1mcGiEgbsUL27l37sTaiUhj9JyeTz7\/Rxk\/AArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAGyACBGjkJG8A4FFXcLd8bQRtu3GnJJmfPPiwZFPoNYJ8k\/6ADviwxEIHbFL7CsRproYUXtYU3Cky4HFbbeuWk3q+3hO0hYI9kjRpwD5igAo\/Yii3uLz+g2+QN2Bbo\/4q7pdqXpJD21KTfS1DV8xzRHmkZq+RA4G9\/8KCA4hvD+aBZiLZ9mA\/0riNGEMOz1Gu+0DeGOr1twDTvw04HJ25rs14KZTlTRMSD0c1RcMuocWQqt3We6rFme5rDloX+sLLUhGLEP2+YEWLmOS5XPhc7ZpPWgrEghaUk\/BO56RYvMqb1E3wtiXexuged5IdBtQZZieoRz+DZlCYqE0HuLjWHRcwPSKnSz9nwBSRxSQqR9qEBAvhQ="} -01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371750158421,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","domainame":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371750158421,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","domainame":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750161538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708371750161538,"pkt":"NObXAhsnILAB4IZiht1gDeAtACAGOyYAkAAl6hIAAAES2FoAk6EgAQsHCj3BEsBEptQIDV1VAbucIrjctzppszJbgBAAgwCiAAABAQgKynI0vJ1Efeg="} -01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750161724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708371750161724,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","domainame":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750161724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708371750161724,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","domainame":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3087,"midstream":0,"thread_ts_usec":1708371750169001,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1708371750169001,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":563,"packets-processed":562,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":263723,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":45,"total-detection-updates":48,"total-updates":1,"current-active-flows":3,"total-active-flows":49,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":417,"global_ts_usec":1708719352773616} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":563,"packets-processed":562,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":263723,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":45,"total-detection-updates":48,"total-updates":1,"current-active-flows":3,"total-active-flows":49,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":417,"global_ts_usec":1708719352773616} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352773616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719352773616,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352773616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719352773616,"pkt":"ILAB4IZiNObXAhsnht1gDW8BACgGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvdIBu4y3QWIAAAAAoAL\/KM6bAAACBAWMBAIICh++fS8AAAAAAQMDBw=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352791118,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719352791118,"pkt":"NObXAhsnILAB4IZiht1gDcpXACgGNiABBnwE6PAEAAAAAAAAAAkgAQsHCj3BEpoAuniGseF3Abu90sxyPm+Mt0FjoBJvkDRGAAACBATEBAIICmIWPwsfvn0vAQMDCg=="} @@ -441,8 +441,8 @@ 01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353843817,"flow_dst_last_pkt_time":1708719353862648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1708719353862648,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"telegram.me","domainame":"telegram.me","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1708371748597659,"flow_src_last_pkt_time":1708371749213915,"flow_dst_last_pkt_time":1708371749213883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1027,"flow_dst_max_l4_payload_len":3900,"flow_src_tot_l4_payload_len":3616,"flow_dst_tot_l4_payload_len":12100,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.158.42.215","src_port":49558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748206605,"flow_dst_last_pkt_time":1708371748165737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":4380,"flow_src_tot_l4_payload_len":1281,"flow_dst_tot_l4_payload_len":9124,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750169001,"flow_dst_last_pkt_time":1708371750165742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":1269,"flow_dst_tot_l4_payload_len":5105,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":277398,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":48,"total-detection-updates":51,"total-updates":1,"current-active-flows":3,"total-active-flows":52,"total-idle-flows":49,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":445,"global_ts_usec":1708962497309716} +01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750169001,"flow_dst_last_pkt_time":1708371750165742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":1269,"flow_dst_tot_l4_payload_len":5105,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":277398,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":48,"total-detection-updates":51,"total-updates":1,"current-active-flows":3,"total-active-flows":52,"total-idle-flows":49,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":445,"global_ts_usec":1708962497309716} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497309716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708962497309716,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497309716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708962497309716,"pkt":"ILAB4IZiNObXAhsnCABFAAA8tohAAEAGpTvAqAH1BT0XHrReAbvuMckPAAAAAKAC+vDfJgAAAgQFtAQCCAoHPO3YAAAAAAEDAww="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497355167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708962497355167,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAADYGZcQFPRcewKgB9QG7tF7fzYik7jHJEKASqbCmNAAAAgQFoAQCCApaSfP3Bzzt2AEDAwk="} @@ -454,7 +454,7 @@ 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352792127,"flow_dst_last_pkt_time":1708719352810168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1708719353812053,"flow_src_last_pkt_time":1708719353853281,"flow_dst_last_pkt_time":1708719353853244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":5660,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353862698,"flow_dst_last_pkt_time":1708719353862648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":605,"packets-processed":604,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":281689,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":49,"total-detection-updates":52,"total-updates":1,"current-active-flows":1,"total-active-flows":53,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":457,"global_ts_usec":1713874727209515} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":605,"packets-processed":604,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":281689,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":49,"total-detection-updates":52,"total-updates":1,"current-active-flows":1,"total-active-flows":53,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":457,"global_ts_usec":1713874727209515} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713874727209515,"flow_src_last_pkt_time":1713874727209515,"flow_dst_last_pkt_time":1713874727209515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874727209515,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"116.211.202.129","src_port":55272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1713874727209515,"flow_dst_last_pkt_time":1713874727209515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874727209515,"pkt":"SKmKCiNtCAAnZaFTCABFAAA0IZVAAIAGAADAqFirdNPKgdfoAbu+XAjuAAAAAIAC+vBYzwAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1713874727209515,"flow_dst_last_pkt_time":1713874727497923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874727497923,"pkt":"CAAnZaFTSKmKCiNtCABFAAA0IZVAACgG2IZ008qBwKhYqwG71+hkrGzzvlwI74AS+vCq9AAAAgQFoAEBAQEBAQQC"} @@ -468,9 +468,9 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1713874733252417,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874733275989,"pkt":"CAAnZaFTSKmKCiNtCABFIAA0AABAADkGbTi4VgLCwKhYqwG72KwwiLhDLvj13IAS+vC3rwAAAgQFoAEBBAIBAwMH"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1713874733276046,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1713874733276046,"pkt":"SKmKCiNtCAAnZaFTCABFAAAoYRRAAIAGAADAqFiruFYCwtisAbsu+PXcMIi4RFAQBAXUhgAA"} 01294{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_usec":1713874733276281,"pkt":"SKmKCiNtCAAnZaFTCABFAAJgYRZAAIAGAADAqFiruFYCwtisAbsu+PXcMIi4RFAYBAXWvgAAFgMBAjMBAAIvAwM36gHQ8WJD1nEl8wiu1LqX\/jct7N70ybcAycpHJyRGviBLiHRDq3aFqg2CodnqrsXXF4RTmJo4z6On72ECHUJjZAAgiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAHGGhoAAP8BAAEAAC0AAgEBABcAAAALAAIBAERpAAUAAwJoMgAbAAMCAAIAIwAAAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAoACgAIiooAHQAXABgAEgAA\/g0A+gAAAQAB6QAgikkjaMLn4qFX6CZIoAyBKDeRkwH+M+tclUeqJopmZVwA0K+2kHwBNMF5+kzhOcY51BnKsRXfeeuNDdCjKwUVDvzTCV\/N76H7KDb3T19A4Q+nWMkej3ifilmJbQUMqQPokmxQdqUZ1YJqFq8TqENfz7iVn1Rz737Q7DaaB0FfQm7dSico1zdg105P115swwMhHZP+\/Otlvs5MKFpcae8iFD0mNA2lZQW6FJN7mjesIpN0tGMtcqJJ3miAWpfYrB+WzIHnj5U7eLuONZMWUdXjaoMnWals0AfPokLuu0nxuEcHra2da11HxywfjHXqpMsTDtgADQASABAEAwgEBAEFAwgFBQEIBgYBAAAAFQATAAAQc3RjLmlxaXlpcGljLmNvbQAzACsAKYqKAAEAAB0AIA6JmKmQY52DGDMLSrlUQAPjRLERtj0oC6x1Giau13lMACsABwbKygMEAwOqqgABAA=="} -01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733276281,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stc.iqiyipic.com","domainame":"stc.iqiyipic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733276281,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stc.iqiyipic.com","domainame":"stc.iqiyipic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733299535,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1713874733299535,"pkt":"CAAnZaFTSKmKCiNtCABFIAAonKFAADkG0KK4VgLCwKhYqwG72KwwiLhELvj4FFAQAfXvMQAAAAC7f6Mm"} -01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stc.iqiyipic.com","domainame":"stc.iqiyipic.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stc.iqiyipic.com","domainame":"stc.iqiyipic.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874733301391,"pkt":"SKmKCiNtCAAnZaFTCABFAAA082pAAIAGAADAqFirfO3hFdfwAbtZPhTDAAAAAIAC+vB3fQAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874733301391,"pkt":"CAAnZaFTSKmKCiNtCABFAAA082pAACMG7QJ87eEVwKhYqwG71\/DaowzrWT4UxIASAADKiQAAAgQFoAEBAQEBAQQC"} @@ -480,35 +480,35 @@ 01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.qy.net","domainame":"msg.qy.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.qy.net","domainame":"msg.qy.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00954{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497495798,"flow_dst_last_pkt_time":1708962497540736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":839,"flow_dst_max_l4_payload_len":2170,"flow_src_tot_l4_payload_len":1416,"flow_dst_tot_l4_payload_len":2875,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":624,"packets-processed":623,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":287611,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":52,"total-detection-updates":55,"total-updates":1,"current-active-flows":3,"total-active-flows":56,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":483,"global_ts_usec":1713890981649495} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":624,"packets-processed":623,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":287611,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":52,"total-detection-updates":55,"total-updates":1,"current-active-flows":3,"total-active-flows":56,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":483,"global_ts_usec":1713890981649495} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981649495,"flow_dst_last_pkt_time":1713890981649495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713890981649495,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1713890981649495,"flow_dst_last_pkt_time":1713890981649495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713890981649495,"pkt":"SKmKCiNtCAAnZaFTCABFAAA0W3JAAIAGAADAqFirNtBq2sBBAbtizhVCAAAAAIAC+vC7JAAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1713890981649495,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713890981788412,"pkt":"CAAnZaFTSKmKCiNtCABFAAA0AABAAO0G0sU20GrawKhYqwG7wEEwlJewYs4VQ4ASaQNIwAAAAgQFoAEBBAIBAwMI"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1713890981788451,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1713890981788451,"pkt":"SKmKCiNtCAAnZaFTCABFAAAoW3NAAIAGAADAqFirNtBq2sBBAbtizhVDMJSXsVAQBAW7GAAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1713890981788767,"pkt":"SKmKCiNtCAAnZaFTCABFAAItW3RAAIAGAADAqFirNtBq2sBBAbtizhVDMJSXsVAYBAW9HQAAFgMBAgABAAH8AwNYJQnyv+kG3\/zovTj7qX9XJh4oLXDFJswU162ES1iswCCPdRwOOCh8\/xhvx4nk4BJ16rOyYghIu+Q8WQ1leY6BQQAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAACIAIAAAHW1lZXQyNzA4Mzc0Mi5hZG9iZWNvbm5lY3QuY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACBN42mECH\/OsFhIIzl2ttCUwK0fnCzxZkD4ZqYsf84lAgAtAAIBAQArAAcGCgoDBAMDABsAAwIAAkRpAAUAAwJoMoqKAAEAABUAugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713890981788767,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"meet27083742.adobeconnect.com","domainame":"meet27083742.adobeconnect.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713890981788767,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"meet27083742.adobeconnect.com","domainame":"meet27083742.adobeconnect.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981927880,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1713890981927880,"pkt":"CAAnZaFTSKmKCiNtCABFAAAouuxAAO0GF+U20GrawKhYqwG7wEEwlJexYs4XSFAQAG7wDwAAAABCWvWq"} -01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981928323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"meet27083742.adobeconnect.com","domainame":"meet27083742.adobeconnect.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981928323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"meet27083742.adobeconnect.com","domainame":"meet27083742.adobeconnect.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874727209515,"flow_src_last_pkt_time":1713874727498785,"flow_dst_last_pkt_time":1713874727797620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"116.211.202.129","src_port":55272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":630,"packets-processed":629,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289568,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":56,"total-updates":1,"current-active-flows":1,"total-active-flows":57,"total-idle-flows":56,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":495,"global_ts_usec":1714854984089683} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":630,"packets-processed":629,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289568,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":56,"total-updates":1,"current-active-flows":1,"total-active-flows":57,"total-idle-flows":56,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":495,"global_ts_usec":1714854984089683} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984089683,"flow_dst_last_pkt_time":1714854984089683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854984089683,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1714854984089683,"flow_dst_last_pkt_time":1714854984089683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854984089683,"pkt":"ILAB4IZiNObXAhsnCABFAAA8\/VBAAEAGRUjAqAH1A4gx\/sPeAbv5QqzqAAAAAKAC+vD4UQAAAgQFtAQCCApwdY9LAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1714854984089683,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854984207475,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAAOkGmZgDiDH+wKgB9QG7w95OABkI+UKs66ASaN8GPQAAAgQFtAQCCAoKEgQMcHWPSwEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1714854984207530,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854984207530,"pkt":"ILAB4IZiNObXAhsnCABFAAA0\/VFAAEAGRU\/AqAH1A4gx\/sPeAbv5QqzrTgAZCYAQAfb4SQAAAQEICnB1j8AKEgQM"} 01436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"thread_ts_usec":1714854984209200,"pkt":"ILAB4IZiNObXAhsnCABFAALE\/VJAAEAGQr7AqAH1A4gx\/sPeAbv5QqzrTgAZCYAYAfb62QAAAQEICnB1j8IKEgQMFgMBAosBAAKHAwOM4CjTVIpAuGe4FgpI+FPD5Ii2bAsYD+blLuEs+tvBdSDmxu7BFZ\/fl\/62zNYeFmksEJhOusXd7NK35cby7MeI\/QAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAhwAAAANAAsAAAhic2t5LmFwcAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACD5wYr3ry\/P654CBZq1HHZFv8s1qSOxxy7aLmDeYtMAIgAXAEEEwFsY7qYe2EwUlltWbosudjwkqxcNudHhv\/Tb\/I4mlocfHIg8UFXYELwZSvzYAL0fTe8++olbJFLmjcTOy1llXQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAHCACBkHcYxtOIsDzO7bYvJGF70ZbDQiPTwVGuUSds8OGq4LwDvX\/vd7gY+Xar+eLDa1olYv5NluNvkSlBuXh4Dt8d9b3fiHZ2FNM98equEbvxX7qiFrfpfrwXVhExMwU+4l9H0WuBXiLJ4bsYEAeizIpkPe2ofZXWaoT2Oe3HL6zRlwYynegy\/4fu\/CbLzb09ZHYqRR2upZcCK5eLn7H416+qyqGeg85bFY4KCiqCMM1W42YGI\/m2Qu7KhfZ+fa4r3KBYYCejrXk1mZDAgK1oWSz8vLRnmHXLHCQFTz9Qurqa9YXtQgiIreihXpSx7v+QENwhshE000whgaQIN1YH0wH7l7UK\/8GzTAgOKkPfZ+Ne0ZrQ="} -01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854984209200,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.app","domainame":"bsky.app","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854984209200,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.app","domainame":"bsky.app","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854984327006,"pkt":"NObXAhsnILAB4IZiCABFAAA0GW5AAOkGgDIDiDH+wKgB9QG7w95OABkJ+UKve4AQAG6Z\/QAAAQEICgoSBINwdY\/C"} -01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1714854984327006,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.app","domainame":"bsky.app","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1714854984327006,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.app","domainame":"bsky.app","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854988939343,"flow_dst_last_pkt_time":1714854988939343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854988939343,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1714854988939343,"flow_dst_last_pkt_time":1714854988939343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854988939343,"pkt":"ILAB4IZiNObXAhsnCABFAAA8RWNAAEAGApHAqAH1LNoDUdhCAbtRjP2\/AAAAAKAC+vDy9gAAAgQFtAQCCArFdlPyAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1714854988939343,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854989035518,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAAO4GmfMs2gNRwKgB9QG72ELQOtrOUYz9wKASaN90GAAAAgQFtAQCCApcyi2nxXZT8gEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1714854989035570,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854989035570,"pkt":"ILAB4IZiNObXAhsnCABFAAA0RWRAAEAGApjAqAH1LNoDUdhCAbtRjP3A0Draz4AQAfby7gAAAQEICsV2VFJcyi2n"} 01433{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1714854989037367,"pkt":"ILAB4IZiNObXAhsnCABFAALHRWVAAEAGAATAqAH1LNoDUdhCAbtRjP3A0Draz4AYAfb1gQAAAQEICsV2VFRcyi2nFgMBAo4BAAKKAwNz+rqLmPTZUTcjeGZOtZjQKymonWlon\/tFKwPwnrJzgiDNx4EMpJhxwvkclPpI\/ZVlkLlh\/mfPbmmu2dzMahyPEQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAh8AAAAQAA4AAAtic2t5LnNvY2lhbAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCpIZxHQL33HscVPtnfOLqUoN46my5B\/Bx0i4y+5moEEgAXAEEEn58IKqfTLT54L9SlCrrNAOVBv2ReCc5sOzwkClTXGHHN52Yha1qLi6ue8SpwziBeDtx3FjVho8jfWXELtLxsZQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAPKACDAArcTJ1rrBj0C14tyOasFGCAOUYY9VEv9prMz\/gWtmwDvMa0lwavgH0cPPTd0cKH1K4i5tntaeFDoVlLNYmA+oOHE5MrK9jxcJSAFF1d09GqGqHspqUHK9k2qIGuX3j8iKlYE1BpfOO22FqbkQdGzCQtB0RguiARx+VjynKvYjM9STwoHDvG6n2LYbLCTTA76iwkNoaZdKvUl5oVN2\/ccVwcnVUpSJyuwTmiKosMZ2fQs+HZJPG7wFdE3SU4UxXZ+pjZk2xrlMuHMTzFvm6jIbWUt8pVQxmIzM7aPKaf16xlwTaycCAQr4hc1HPYYvGC4k3tIZs8qplIfPIkRVe7qGhfN4Jx0kM5mG3FUNAT5vP0="} -01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854989037367,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.social","domainame":"bsky.social","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854989037367,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.social","domainame":"bsky.social","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989133216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854989133216,"pkt":"NObXAhsnILAB4IZiCABFAAA0Et1AAO4Ghx4s2gNRwKgB9QG72ELQOtrPUY0AU4AQAG8H\/wAAAQEIClzKLgnFdlRU"} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989133315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1714854989133315,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.social","domainame":"bsky.social","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989133315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1714854989133315,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.social","domainame":"bsky.social","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993342168,"flow_dst_last_pkt_time":1714854993342168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854993342168,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1714854993342168,"flow_dst_last_pkt_time":1714854993342168,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854993342168,"pkt":"ILAB4IZiNObXAhsnCABFAAA8cT1AAEAGMfXAqAH1D8zFIIG8AbuPxXDPAAAAAKAC+vCXuAAAAgQFtAQCCAoWM3riAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1714854993342168,"flow_dst_last_pkt_time":1714854993436846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854993436846,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAADAGszIPzMUgwKgB9QG7gbykxf7Ij8Vw0KAS\/ojL5gAAAgQFtAQCCApeZc7fFjN64gEDAwc="} @@ -517,7 +517,7 @@ 01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993436846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":679,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854993438910,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"enoki.us-east.host.bsky.network","domainame":"enoki.us-east.host.bsky.network","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 04471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993534151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2962,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2962,"pkt_l4_len":2928,"thread_ts_usec":1714854993534151,"pkt":"NObXAhsnILAB4IZiCABFAAuEfQNAADAGKucPzMUgwKgB9QG7gbykxf7Jj8Vzd4AYAfijAAAAAQEICl5lz0AWM3tDFgMDAHoCAAB2AwMqmi5Whmv7FO5Y61Gs0lXMBhlY2PXWaAg4XJD3BdhCzCCNFgDlN+XvuhOJbygGgeQEG\/GKE35OBKdwlDCl403cpRMCAAAuACsAAgMEADMAJAAdACCpZ1Nq3tX06CICpn5aopjml6DP\/qYehZGJhxDC9IxWaRQDAwABARcDAwAkwKf4iMzrBmAPR5sm4UlS+c4Zzu4otSIvX9a2C+2teRyjmTMgFwMDCkrQ5jGpeJkHlhPuVfnIV2oPNbs\/ymV9rUL8gY1qyM5FcblARFI+h6RkfCvSEjjskg\/kMQcSmecXIdVuVsfcXfaNLkKRTcoMd90erzxmdwirz5awGutCA3ZZHTD3+6IJwCwBYLrv1UnSM67YEuwj2g+oBlC9CyYRTHjdvcc4tAHn3c9JNjkXUMJYOHPOK9cXOUl8iSolkBKyaeMebQhMcqGtRFQ3zo8BdB2HCTV2DWaO\/mEPMHUBad8Tf6LcEKTrCz6iVgL1Q9NmFHU0LkIA2Pv308InOrafkIZ56wkb6sNUG0IK4X6vIH35RwGvZBmwVjHFiF4F9D+oVy+4hROzKL8mQKw+et2KkZkflySXY+uEYtPMGfXacKRRR+8a\/yU1lMSlx+ngGRgZPujGDuYPK2H2AvkJ21sVe8LzGPjOUBAvJbm0GbTMLBZ5jtxzfGQxGZiZ\/M\/bOYIPWmDg+ATQ89i69qWqmHiWBG1SnTw22s3Ne8EbxfVWHO2wzJaYtdKQYh8ti\/weL+MfD6YfxxEBnX92eP0TJg8Sq5ktUfAY0RP\/Q1ZP\/MuDETSijfqkHEJMziY\/5EnWvv9GDiAsUbRaza1VuXUety0Aa\/YL9fMKxjPlpi5fgJwCDkENRjl+63TcuV6aBXnaqamEmXv2\/ZoBleDOVpV3F1OgsCb4TBCxUgGBCSK43vHiigN46heF8oX4cDFETdqX28xjlZwMt9IFgf1TNCIWS+o9GcX+zVWWi5Uh7oZH4m+rSDNdx+Jma9JiNN\/+bWn\/cjczKe94YgMYCtKjqOp6WqS8xl8Dda6x3iWiAxr6QdlazZPj3OWYRydSOMFH2qoGezEbTv2vTRrx68z6iUerfKTI4lS2+4bnEKiRrwKZUMV0guazsWlDa7QOmC1UBFBb2XxZFilifSMg5dzLZ5IJ\/C9kBOVVPKPIE0Rg+wYvqMYyuf\/4eSQlUF4THR4SHPza4TVFXBmkeqTiX8oolUv5jfOFZsUq74yOymwf9tXrIyA\/I+njJYDbCh6VZkRTWEDd4Yg708GnbM57dWPLEpb7YJcgp33iGYfZp+sqNczdyb94r58S9c+idRHcqEJfux6HiGD3tWKL7pa+gWPs92RCA3fmPeAWhUlTJ4kKl9qvuPwPBYd+9KVqJgYf5ydZwIh\/u3sqsSQJRyrwoeskF9Fa81tFnqfJiDF7gXhfQroCT2oauGluvYqeVQKyL6f53LZLK3As5aRfFq\/KL6\/IF4EvW3wL49e2Uy5FeRk+1DZzfkW7+NEKRQRio3VHB4HS1PzDbQ\/EiHrASUBmt6\/DVCSkuhJWFgnSg6zv7dqsBSfY6gRhscxkFP0VWOBEULa\/GGhOd28LvPvRg9GFR3HGj6oyDFfN7vqlXoH9RKgFSc\/AndL9hgJFBy6GjN2\/dVtE5a\/djjn+IlXVTccTI7JX6xJdYQvxu8Xv\/aCTsrafhG+MTYUNNvwNrllCt1XE9oaWMpwP1SoDbkkt2GAlwlonpyBihp7pkS6bm75aJnL7TE0ZEcYfeGZ\/8GJAP+zMPOEr8eIJ3epXKryJHykJhmgv7db0UHwfc4oX2fUb9ixV3RIXKvuwG6CVEwluIkXgmicd1Pw6kPPNL8+4y45EDReT5IBHQQu5rfGfOGggMlViuupYgi3ss05I5DpJULXl1EKZKhaWHh6Hgti+mggbai55CZTFJtz6xG\/mapCOcS7tawnIv7OORZ\/KGPhSoeSzrfJ2jU62gU9qSijoj55nWQseFCMicOezUdb69+wTS\/dlYi9yHFpijnYusdhwevdkeO6YmnjVJrcQhpe6PPRnz5Jf+Y3ebVpLhIsJ35IWjCeWxVGzNT4qI9DY73VVPwGMWsN5snXbKiOchDZ1I7cUQDymWf9\/AcG6PKDC1qFhPGFkIwAZXG4MZz0G4C9Rj+ManSrHAE5fZBJ5z6NxhW3DR89m6VlddXn\/5H+gt9H\/mtUin3oV0VdBPJfjVkZBxy+ns02mOBneI\/Xpvl3UW4uTKzrwAR6D7IrzMlRgURRiCSZEgDbEEn1txQvqjiR0W4jAd4WtSM3IGZ9\/5mNbO37LXc\/CWvTkKvmSd2Af07ih4Er3RizWRsm8u4O3dmm7rpr2KE0kXJNcjJJ817QeqpOXgqLX7hbiOorXRG\/+ZgwF6AFgRTf2mKwdmTNM2tv7PM93WmEfSm9j9F+fgUwHxmJjAtMxPwN04SQL50mHPm\/FcFhqCYwfAneDV4trNHOcbuEpgwXBspHXnARsdcbA0HWUTjUTF2hf1DghnyftsBbA3L5xfpD0bmv\/O60AXrhqm8qVK2ZEvZFhUjmcVecpdXl3OhWnTbWylUhNpoXthEVrO+rcsQCevw0OLVKCYHg6bd\/ginVaOaVncDbOOHCDPpKIAhpUBPtzl5FU4Upadrtr6W5sIlyiVA40bafrzd2WfLnoZL1MDN7fH6ZOqOod1bmc1E0JrR5ZjP4m4tHePJfdfQG\/F7MLBzVjSQ0\/Z5o4X2a5BbvHZvaHDvyYB1A7nLac+VRrwNEs9GAi+LtbzUVwWI2EvvWw8En4+9SVDlMjz4vWw5ZHWbVVYi3RNtnEc2EOYouUQxsDy9X7t\/R1UT3VjozdeH0M8AEKGMt3FABEIFGXAN+LpcoArPdhpHnoAOL000yS5uplPBRgIV2soye1edc0rO4ihLwIi3GmbAk4r2yGYOLS1jtmSBMCweA1py7TCbNULwqGG91vTpALMVtkb0f\/X\/\/x5zm1Uc6e3u9\/9I25akIjPHZVVPdk7CiYfvHhipAnpBdP0yfRB3RpD09gxTI86ti6r9NSPTXqpCa7Hkk2XobCHF7HjYPi71\/gfAbST3TtYOOZA8NQwaVGh1AySfXOTkbFw5zJ0+s4G3o3\/saMiRTY4nVwxfWOt+aODouCSHFEVqSgTF5tNg+LgBX0zTJPqL9C4RtXfYCUyeXjha9r4ELWf8CMHfFaG0mp7eOtzfNFl9MoCykSeanOaoK4gY8cLbfKT5xdje27ZSDRxveE6US1zF9DV+Yqf9pdJW\/leRyayCqXPdTtHhoz\/BvMsFoE3qArEBoXhdGg8IhbHq0W5N0Ajk8hWC7B2HQXJGEMFDYSz+q3nak2ecQxQ3Lp3uoeyABXlMk7oww0oiqYJF7jV2+TZKcslT+jRz6SL+xW3d7XIe\/oeiNnrwo+mFzQVqal4PxhfIth+6plxuMGo3h7BfWV7WMbG0qLN2HyDDiEP7Y5QXm8dQa8TUy5TIrqPoc7zM9YUrSnBcEkdp3d78biqBNhVnng98+ZHvq6TPo\/SUykIvgVYwctyjKt5EOFfcxSmpG1ikmjMoYAKYH\/op1mn54u3Vntx4XoQmJ0DD1mU1D8Wuf3f0tqAQZBYDGb7O050PUC52FfZQNC+m2BSFuQ+7ys3mm+9mtFkNbyBxQwddr5yAAqc+k7sANJRYrpDIbkCZgdVH5BsNt385bpVingDBzdeGjhixGyn7Pn+GxmckdvAMhsERRc0TtbJipiOWNybJ1Cy8ukLvEdTzEXAwMBGXycNlQy1\/4fjmDO4jX3JNk0IeWUne+NHRFH3bARsnozEpAwGgukgRYknvO4E5iGOk6SpqQ2KAWFYqNOU8ByXCGT4CXkqD2Ixn0v1Sm8Jw=="} 01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993534151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":679,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1714854993534151,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"enoki.us-east.host.bsky.network","domainame":"enoki.us-east.host.bsky.network","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981928323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1714854993534195,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981928323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1714854993534195,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508634175,"flow_dst_last_pkt_time":1714855508634175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855508634175,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1714855508634175,"flow_dst_last_pkt_time":1714855508634175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1714855508634175,"pkt":"ILAB4IZiNObXAhsnht1gAza5ACgGQCABCwcKPcESbqWrUpIwC6UqBE5CDAAAAAAAAAAAAANHjIABu8lYr1sAAAAAoAL\/KDXhAAACBAWMBAIICkOABtUAAAAAAQMDBw=="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1714855508634175,"flow_dst_last_pkt_time":1714855508637050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1714855508637050,"pkt":"NObXAhsnILAB4IZiht1gA1LzACgGOyoETkIMAAAAAAAAAAAAA0cgAQsHCj3BEm6lq1KSMAulAbuMgH1JAY\/JWK9coBL\/\/wG3AAACBATEBAIICiSfHLdDgAbVAQMDCQ=="} @@ -526,11 +526,11 @@ 01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508637050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855508638270,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Mastodon","proto_id":"91.412","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"mastodon.social","domainame":"mastodon.social","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508641708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1714855508641708,"pkt":"NObXAhsnILAB4IZiht1gA1LzACAGOyoETkIMAAAAAAAAAAAAA0cgAQsHCj3BEm6lq1KSMAulAbuMgH1JAZDJWLHzgBABBivwAAABAQgKJJ8cu0OABtk="} 01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508643170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1714855508643170,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Mastodon","proto_id":"91.412","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"mastodon.social","domainame":"mastodon.social","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":656,"packets-processed":655,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307433,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":57,"total-detection-updates":60,"total-updates":1,"current-active-flows":4,"total-active-flows":61,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":529,"global_ts_usec":1714855626875150} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":656,"packets-processed":655,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307433,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":57,"total-detection-updates":60,"total-updates":1,"current-active-flows":4,"total-active-flows":61,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":529,"global_ts_usec":1714855626875150} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855626875150,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855626875150,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a03:2880:f208:c4:face:b00c::43fe","src_port":41590,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1399,"pkt_l4_len":1345,"thread_ts_usec":1714855626875150,"pkt":"ILAB4IZiNObXAhsnht1gAqQwBUERQCABCwcKPcESbqWrUpIwC6UqAyiA8ggAxPrOsAwAAEP+onYBuwVB56HPAAAAAQntgqIw4+DzXG8DDjV4AEKHhuUnnf7aCsqjJ6n9uzsKazMDl36U3lgejMwMjFcChCo2U\/4egl84ETgP50PyNnQWj7l2NNX\/opJ2P6uWw+PhENIBM8sJ\/NgHq0VgbJtgDw3uez8\/MAaZE\/cl1TB\/c8CQyzdHNaaSDYGOAQWweSfIzAvWDP9hbdYh07ywhlGFuog+32Prts5MQG1WwihrPli5ULgVB865Pxdl4W\/uWX4tIEsaOq9yIUZikgtiIN\/lJ2MxWV87IMALL\/0xAnAY+oVEWruI8jd5eyEWek8DNQV53lL5nQuMu3yl1yA6PxDnzcfqiin+FXddHI3Mc15ugeOrDFLl92\/b0O83dAMS4WrgPl6nBxxv\/os70fJ9pN09aByi3MJajU7WYJifrAL5gbjNCl6HGQPh3w5kIYjMAE+4ea\/yJs9k52ITu9vwsi79PJSiXFX618uK+2jw5tOOXQVOK\/udu505vNAfkQffevVF6JBDr5h3rBgRTW6GUmAIrbPzYR6AeXyxXeTosExy8waiPa+\/8j8wNeFh42rj8mEVgdp+mvgDsoP3vBpzghC3upVNf1PnkwrL\/8puXPkr4Bs+DlC8FdJKSu5haPhdqgqXK6sKSAQTtauSV\/p4szNlL6\/UPMWULqzYXXFmG\/yqneMUt6G0Z0JzxovHx85dvQR8drgQOvo8Mp\/SUgwTb2wa0eNMwq+SynOrpUTF+jxGyaNjewWA0nnY5XakI9XBaWhGxqOjRxflsIsIxNN98VUMvRFu3Yl23bEq70Q5NVqtiOoM\/g3mm6bnNnKcPqiZlCAeS3sItwr1C6TXBPxOkaO3AMYujWFGytVr8mplzr07A9ONMULDElcuPUhzBm0DoR5ecEkv0t3rHXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855626875150,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855626875150,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a03:2880:f208:c4:face:b00c::43fe","src_port":41590,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Threads","proto_id":"188.413","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.threads.net","domainame":"www.threads.net","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0314h3_55b375c5d22e_61e396c58b1f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":657,"packets-processed":656,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":308770,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":58,"total-detection-updates":60,"total-updates":1,"current-active-flows":5,"total-active-flows":62,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":533,"global_ts_usec":1722431353907697} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":657,"packets-processed":656,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":308770,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":58,"total-detection-updates":60,"total-updates":1,"current-active-flows":5,"total-active-flows":62,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":533,"global_ts_usec":1722431353907697} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353907697,"flow_dst_last_pkt_time":1722431353907697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722431353907697,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1722431353907697,"flow_dst_last_pkt_time":1722431353907697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722431353907697,"pkt":"ILAB4IZiNObXAhsnCABFAAA8zQxAAEAGppLAqAH1aBCcb+UAAbvi6sc0AAAAAKAC+vDHSwAAAgQFtAQCCAoCIa4cAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1722431353907697,"flow_dst_last_pkt_time":1722431353928918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722431353928918,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAADkGep9oEJxvwKgB9QG75QChV1Qc4urHNaAS\/\/\/CaQAAAgQFeAQCCArZVK68AiGuHAEDAw0="} @@ -541,10 +541,10 @@ 01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353929964,"flow_dst_last_pkt_time":1722431353952901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1153,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":1153,"flow_dst_tot_l4_payload_len":287,"midstream":0,"thread_ts_usec":1722431353952901,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NordVPN","proto_id":"91.426","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"s1.nordcdn.com","domainame":"s1.nordcdn.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1715h2_5b57614c22b0_7121afd63204","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855626875150,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a03:2880:f208:c4:face:b00c::43fe","src_port":41590,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Threads","proto_id":"188.413","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.threads.net"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508643170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Mastodon","proto_id":"91.412","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989133340,"flow_dst_last_pkt_time":1714854989133315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984327058,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989133340,"flow_dst_last_pkt_time":1714854989133315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984327058,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993534195,"flow_dst_last_pkt_time":1714854993534151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":679,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":679,"packets-processed":678,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":317899,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":59,"total-detection-updates":61,"total-updates":1,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":547,"global_ts_usec":1722540110191305} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":679,"packets-processed":678,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":317899,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":59,"total-detection-updates":61,"total-updates":1,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":547,"global_ts_usec":1722540110191305} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110191305,"flow_dst_last_pkt_time":1722540110191305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722540110191305,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1722540110191305,"flow_dst_last_pkt_time":1722540110191305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722540110191305,"pkt":"ILAB4IZiCAAn\/ADWCABFAAA8BCdAAEAGK7zAqAG3kka2M6xGAbuT6uEmAAAAAKAC+vALCAAAAgQFtAQCCAq7v5eGAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1722540110191305,"flow_dst_last_pkt_time":1722540110194850,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722540110194850,"pkt":"CAAn\/ADWILAB4IZiCABFAAA8AABAADgGN+OSRrYzwKgBtwG7rEboU0P1k+rhJ6AS\/ogVTwAAAgQFtAQCCAoNiXkPu7+XhgEDAwo="} @@ -554,7 +554,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1722540110195491,"flow_dst_last_pkt_time":1722540110198684,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722540110198684,"pkt":"CAAn\/ADWILAB4IZiCABFAAA0mz9AADgGnKuSRrYzwKgBtwG7rEboU0P2k+rmz4AQAD88twAAAQEICg2JeRO7v5eL"} 01304{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110195491,"flow_dst_last_pkt_time":1722540110198757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1956,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":1956,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":1722540110198757,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SurfShark","proto_id":"91.427","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"it-mil-v086.prod.surfshark.com","domainame":"it-mil-v086.prod.surfshark.com","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1517h2_8daaf6152771_b0da82dd1658","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353994238,"flow_dst_last_pkt_time":1722431354035876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1153,"flow_dst_max_l4_payload_len":2782,"flow_src_tot_l4_payload_len":1671,"flow_dst_tot_l4_payload_len":7458,"midstream":0,"thread_ts_usec":1722540110397706,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NordVPN","proto_id":"91.426","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":700,"packets-processed":699,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329326,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":60,"total-detection-updates":62,"total-updates":1,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1739618620340283} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":700,"packets-processed":699,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329326,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":60,"total-detection-updates":62,"total-updates":1,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1739618620340283} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1739618620340283,"flow_src_last_pkt_time":1739618620340283,"flow_dst_last_pkt_time":1739618620340283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1739618620340283,"l3_proto":"ip4","src_ip":"192.168.88.98","dst_ip":"109.238.90.239","src_port":65086,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1739618620340283,"flow_dst_last_pkt_time":1739618620340283,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1739618620340283,"pkt":"LMgbpH+D6MgproQOCABFAAA0vNZAAIAGAADAqFhibe5a7\/4+AbvJAVcuAAAAAIAC\/\/\/iDgAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1739618620340283,"flow_dst_last_pkt_time":1739618620345591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1739618620345591,"pkt":"6MgproQOLMgbpH+DCABFAAAwAABAADgGYOBt7lrvwKhYYgG7\/j4Jh6K5yQFXL3AS\/\/\/V5AAAAgQFggEDAwk="} @@ -565,30 +565,30 @@ 01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1739618620340283,"flow_src_last_pkt_time":1739618620345845,"flow_dst_last_pkt_time":1739618620354780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1739618620354780,"l3_proto":"ip4","src_ip":"192.168.88.98","dst_ip":"109.238.90.239","src_port":65086,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RUTUBE","proto_id":"91.443","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"rutube.ru","domainame":"rutube.ru","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1517h2_8daaf6152771_fca9c764716e","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02132{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":731,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":24,"flow_first_seen":1739618620340283,"flow_src_last_pkt_time":1739618620404970,"flow_dst_last_pkt_time":1739618620417846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1991,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2588,"flow_dst_tot_l4_payload_len":27471,"midstream":0,"thread_ts_usec":1739618620417846,"l3_proto":"ip4","src_ip":"192.168.88.98","dst_ip":"109.238.90.239","src_port":65086,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":4588.7,"max":39059,"stddev":9828.0,"var":96590432.0,"ent":2.8,"data": [5308,5340,222,9189,0,0,0,0,9037,1787,198,11102,0,0,9044,39024,0,0,0,0,0,0,0,0,0,39059,12940,0,0,0,0]},"pktlen": {"min":40,"avg":980.3,"max":2031,"stddev":674.0,"var":454340.0,"ent":4.5,"data": [52,48,40,557,46,1500,1500,1216,941,40,120,2031,46,327,327,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,40,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],"s_to_c": [3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,17,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1],"entropies": [4.500089169,4.951495171,4.671928406,6.625383854,4.670969009,7.831572533,7.875962734,7.855746269,7.747753143,4.671928406,6.160531998,7.902746677,4.714447498,7.261562824,7.307878971,4.671928406,7.903173923,7.858101368,7.873634338,7.895243168,7.859722137,7.886281967,7.878189087,7.856512547,7.879987717,7.880470276,4.671928406,7.873325348,7.872891426,7.877501011,7.861202240,7.865600586]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RUTUBE","proto_id":"91.443","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":793,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110397706,"flow_dst_last_pkt_time":1722540110391236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1956,"flow_dst_max_l4_payload_len":3460,"flow_src_tot_l4_payload_len":5083,"flow_dst_tot_l4_payload_len":6344,"midstream":0,"thread_ts_usec":1739618623913267,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SurfShark","proto_id":"91.427","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":799,"packets-processed":798,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":428098,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":61,"total-detection-updates":63,"total-updates":1,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":568,"global_ts_usec":1744805534078918} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":799,"packets-processed":798,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":428098,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":61,"total-detection-updates":63,"total-updates":1,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":568,"global_ts_usec":1744805534078918} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1744805534078918,"flow_src_last_pkt_time":1744805534078918,"flow_dst_last_pkt_time":1744805534078918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1744805534078918,"l3_proto":"ip4","src_ip":"192.168.1.125","dst_ip":"3.165.239.54","src_port":60828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1744805534078918,"flow_dst_last_pkt_time":1744805534078918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1744805534078918,"pkt":"ILAB4IZiEJgZwDaQCABFAAA8pvlAAEAG3sHAqAF9A6XvNu2cAbtIAriWAAAAAKAC+vC1LwAAAgQFtAQCCAq0M1UBAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1744805534078918,"flow_dst_last_pkt_time":1744805534081400,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1744805534081400,"pkt":"EJgZwDaQILAB4IZiCABFAAA8AABAAPgGzboDpe82wKgBfQG77ZxK2itdSAK4l6AS\/\/\/+ywAAAgQFoAQCCAqQuJQetDNVAQEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1744805534081444,"flow_dst_last_pkt_time":1744805534081400,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1744805534081444,"pkt":"ILAB4IZiEJgZwDaQCABFAAA0pvpAAEAG3sjAqAF9A6XvNu2cAbtIAriXStorXoAQAfa1JwAAAQEICrQzVQSQuJQe"} 03098{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1744805534082298,"flow_dst_last_pkt_time":1744805534081400,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1961,"pkt_l4_len":1927,"thread_ts_usec":1744805534082298,"pkt":"ILAB4IZiEJgZwDaQCABFAAebpvtAAEAG12DAqAF9A6XvNu2cAbtIAriXStorXoAYAfa8jgAAAQEICrQzVQWQuJQeFgMBB2IBAAdeAwNKqm3otAihQQ6uVJZmwsk4M3G6S++Y3nZ5TKSYpdWM8yCkTrujV18AQU\/9UedND9gQQ7RuuahAHpQNWf2VOg+bjgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEABvMAAAAPAA0AAAp3d3cudWkuY29tABcAAP8BAAEAAAoAEAAOEewAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAEgAAADMFLwUtEewEwC\/CL9xYmr33K2U6Tqjwr7x4B4pWx1rSL5rzlV4cg8OIwMEwagHrN7n0t9ypyZ2GPO6sijqKwuKImMqEN1JlQ01Mx+7KNa3zmxjQrr+5TqJ5oDihpl6nUyKgwECHfBMySwMYYGUnHJn4HHAwS+Q5Dt0IHtooienzyEF7sICFPROZLg5mcjXlmf\/WudFLzbzzK3A6tQVzPTrlEp4FatVpAaq4NQM2oFm0eGr5J\/tjAWrkn3fwB60ZQKUbI2h4uS7KtfMRhOYlXqhDcxDaa00SvPj7LprCU585rEeVyeckG+dmgrYpmWhLZlQwIxVotGDAerKWpRYQQRqKypMkkDi4DurgnV7brPS2eZD6aHo2bUIxm5RIj7krAqYcinqGbztqUOJ1yTz6FjaysQmAkf8AMOz1vm2XpD6GeNQ7B2tpCfq7s9dYnsYscEnnkNOhCSN3igyhJhhRzJZiJEVFnjsZMbOGQlRTjo8JSi0qDvYnZbBDdzHMaoTpptoKy6hnRaOsIPpVTz5ock0VId5QypSmTGzWoLeMy0RUEPmEahnbw5XwgZG6IdJzj+U2sX90cwWzKgjam+Dss6gbT+S4Om6qm3csLlkKapA0maAxEeilztXjNgQkO3lHoOIUXz6JkI6IE6xyWQ3UUIsSram4JKSYCCCYPT0ibCmjP\/T7sSfYR51Cl+MMFmBDuFjLdW5nqq6SdozQrSSTfnypie\/WzgQlPwmlLRiyBtzCpryMUvsJEqEUtBWqGKzHWvyaNvJURWwKXdw6zGGmXrEVKfPVkOZgFPFbG961JYybZpwYqn7sZB7Rz5njVQXac7madrVVNeU3V\/NxIqxcVY7zNHjVQSd2Z1+Ikok4U\/LSJREDizHLo8HzaYGzObw8FR4ynPIbkxeQsHVwIopILTVFuhcZka4pXihIWI8Rz3V2uvIjuAjJI60rnbN0kJNbYB0wahbcvNv0bqRVT7Y5ZTQGHCLiV1hMNsJwpLJIoRIUTeb7fuAJgIWawHBABFY3a7RVcGkSlSSAIUV7lBJprrKmKE9qcCUXA51QWEWmxfqToZ\/sXfZxIAmwes3jLkAAYytyF3gkla8hay8hhotJkIUpJxG0fhAil1IJZxlYPSazLEpzQTKJkGeQn0ihPFOprD\/Hv9OzfVW1buMYZC5aHGcgAep4N6nmrYp1WQanSeYLeTe7ZHI0DEF6AWS4yx7sPxVKTYaCcyrhgUpLbVzUQBEsxaXjJpx1XyH1tm77QwzJY8iDNoTnW2xlr6FWvlc6Hul3MlSqoVsCGTDXOElydd+BNYVCE00Thv\/jeTSrS\/VxsQCnaV6rNqtbThsLmP1iB\/Hcm+Q8kFxUxhMLDw8ageHTYyAznkD1s3nkB7GwMHUWSsaWbuhmI3pYx99HSzoZcNqmkfcYnTxrgrG1Y4lcOQkqX\/LFBb30XlelU8CQgybXLvy6s7YENcX1R8xGiAmjUBr3clMIziOibrDLsEDRGEmJFhUFxljyNwHCZ7hjUAzVtiH0yL70YLZQkLjAsNtxI8MmhW85SxfceNKjvfw+\/FgI+8dB8tGz\/KfO4vlMye88hcs91Yy8uA9p8\/\/jRUG05bLcVFg3YxrXMh20cjUCluA4JFQlpOzo31UAHQAg8\/\/jRUG05bLcVFg3YxrXMh20cjUCluA4JFQlpOzo31UAFwBBBFg3UmeXStalXsTba55Ojnpxk8GHjLzlXAck2TkIGDppDbBL3PkuGfzb8AvsZuUOhPseMHtIpPE07SCI30g9kYwAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABsABwYAAQACAAP+DQEZAAABAAGjACAP8uu2IskPCkfsXM7DsXz3w+rhU4yCYR6rIBnkjqK5xQDvoutoLaAKKwW58rV7jEnotTcJlgCqFOLgd7QJ56LFk8axOagJU5aoNNczk6GgMLMzFUfVbVjxgNeLCg2HfvjXVapAOuVoguxMivsIP0EE+GJZtNJeD2CCDyER33GAvC3cudsqYIkkvWqkQ\/7ESDnxDL+SwFLkhPiBkracEfyYfg4ZYiKzzT6B7UtCN36jNZC1tB52YnBiWUu2DiegJkcJFIXIxCLxp+asBIWcVvA5ldDqE9gpXZbEWpOYpxOEOAC+8rpSBlBQZpYZSTnl4UWhSSvy9ROqZAIs3xf50ZyqpvBIZN8lsiJOfr3Su+YxJFM="} -01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":802,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1744805534078918,"flow_src_last_pkt_time":1744805534082298,"flow_dst_last_pkt_time":1744805534081400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1895,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1895,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1744805534082298,"l3_proto":"ip4","src_ip":"192.168.1.125","dst_ip":"3.165.239.54","src_port":60828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ubiquity","proto_id":"91.447","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ui.com","domainame":"www.ui.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1717h2_5b57614c22b0_3cbfd9057e0d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":802,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1744805534078918,"flow_src_last_pkt_time":1744805534082298,"flow_dst_last_pkt_time":1744805534081400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1895,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1895,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1744805534082298,"l3_proto":"ip4","src_ip":"192.168.1.125","dst_ip":"3.165.239.54","src_port":60828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ubiquity","proto_id":"91.447","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ui.com","domainame":"www.ui.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1717h2_5b57614c22b0_3cbfd9057e0d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":5,"flow_src_last_pkt_time":1744805534082298,"flow_dst_last_pkt_time":1744805534084898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1744805534084898,"pkt":"EJgZwDaQILAB4IZiCABFAAA0ZbIAAPgGqBADpe82wKgBfQG77ZxK2iteSAK+K4AQAIYnZAAAAQEICpC4lCK0M1UF"} -01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1744805534078918,"flow_src_last_pkt_time":1744805534082298,"flow_dst_last_pkt_time":1744805534084976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1895,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":1895,"flow_dst_tot_l4_payload_len":4284,"midstream":0,"thread_ts_usec":1744805534084976,"l3_proto":"ip4","src_ip":"192.168.1.125","dst_ip":"3.165.239.54","src_port":60828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ubiquity","proto_id":"91.447","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ui.com","domainame":"www.ui.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1717h2_5b57614c22b0_3cbfd9057e0d","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1744805534078918,"flow_src_last_pkt_time":1744805534082298,"flow_dst_last_pkt_time":1744805534084976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1895,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":1895,"flow_dst_tot_l4_payload_len":4284,"midstream":0,"thread_ts_usec":1744805534084976,"l3_proto":"ip4","src_ip":"192.168.1.125","dst_ip":"3.165.239.54","src_port":60828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ubiquity","proto_id":"91.447","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ui.com","domainame":"www.ui.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1717h2_5b57614c22b0_3cbfd9057e0d","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":75,"flow_first_seen":1739618620340283,"flow_src_last_pkt_time":1739618653956061,"flow_dst_last_pkt_time":1739618653959838,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2230,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":14776,"flow_dst_tot_l4_payload_len":83996,"midstream":0,"thread_ts_usec":1744805534143644,"l3_proto":"ip4","src_ip":"192.168.88.98","dst_ip":"109.238.90.239","src_port":65086,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.RUTUBE","proto_id":"91.443","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"rutube.ru"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":817,"packets-processed":816,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":435269,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":62,"total-detection-updates":64,"total-updates":1,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":578,"global_ts_usec":1746811140823206} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":817,"packets-processed":816,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":435269,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":62,"total-detection-updates":64,"total-updates":1,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":578,"global_ts_usec":1746811140823206} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1746811140823206,"flow_src_last_pkt_time":1746811140823206,"flow_dst_last_pkt_time":1746811140823206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746811140823206,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"176.112.173.3","src_port":50095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1746811140823206,"flow_dst_last_pkt_time":1746811140823206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1746811140823206,"pkt":"WJz8EPJuCAAn0IAdCABFAAA0BIJAAIAGAADAqAEfsHCtA8OvAbvkXkJcAAAAAIAC+vAfYgAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1746811140823206,"flow_dst_last_pkt_time":1746811140825975,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1746811140825975,"pkt":"CAAn0IAdWJz8EPJuCABFAAA0AABAADcGJImwcK0DwKgBHwG7w69TPz7s5F5CXYAS+vDWlgAAAgQFoAEBBAIBAwMH"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1746811140826022,"flow_dst_last_pkt_time":1746811140825975,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1746811140826022,"pkt":"WJz8EPJuCAAn0IAdCABFAAAoBINAAIAGAADAqAEfsHCtA8OvAbvkXkJdUz8+7VAQBAUfVgAA"} 02847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1746811140826341,"flow_dst_last_pkt_time":1746811140825975,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1774,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1774,"pkt_l4_len":1740,"thread_ts_usec":1746811140826341,"pkt":"WJz8EPJuCAAn0IAdCABFAAbgBIRAAIAGAADAqAEfsHCtA8OvAbvkXkJdUz8+7VAYBAUfQgAAFgMBBrMBAAavAwOf9pEiD0BXgdLXuOxLXAmEBCHDuHrOPFTwO++hJHZP0iAUz+870ws6C7cj\/44yDHR2bHL4SVb8tZ5Y6tf1kTfe9gAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAZG6uoAAAAQAAsACQhodHRwLzEuMf4NALoAAAEAAfQAICdLzXj0AbXuCetKeB19LRBDYkaa3AYMOWPafrbsVblYAJBY7t9UQA\/QvUzmsXE+YvcgmHJXCCkrAWMcOXPLEfF1sSxo4k+WrvAb3jX446cl\/yKTOQa4wXYB6\/8UMcTLngVyiO28nPYqbYUGG6S6LgyovJUTgqZ7v\/paEbNlnC2EX4ldFp0JnRpnqG8W8DYOGeOUdQ0eMbTWPgZOxVcyWkzmzjnzroxrIK5YG7GmqukzvFwADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAjAAAAFwAAAC0AAgEB\/wEAAQAACgAMAArKyhHsAB0AFwAYAAAAGwAZAAAWcHVic3ViLmxpdmUudmt2aWRlby5ydQArAAcGKioDBAMDAAsAAgEAABsAAwIAAgAzBO8E7crKAAEAEewEwG+XtNHFwrV1OSTUEBKjR9X0Ukebpm7Db8axb8KLyPalgWhKzbwSO3NSuOE4bAb0WMshDI5xXkSDYMhWnYVFMXlEPcOpyZoXZNZ8mko4ko5Xir7SYTKTxolBnMw6wGtKxYpSrKi6a6SlAi0ZPvVmmhtxi1A5J\/SCWtxywiQCYLz4Yt+RH2M5ACakulWDagcsB3fyBPubOe9oYQfZqEMrxLExQ+g7zBcJWqLiqBPSMFjWKgphlkGpwpVGAhIKg2AWocCUHvGUBF1LoByXdDh8KU2QT7iHCnVbBT\/puIX5QYrlSKWhPVQ5qOtwbTiLn6+nGFYWYe+XQ+9wWoU7ViA6bpgJrTipXHcbNt8iEbqzFRD5o7qGXsyVedWVwhKnX4WQuLDRve\/CpeLszSp7XDXrVqDJfHJHSsagoFlJWOGAJgdGeDu7NDlDSm\/XBYFjcfRcway4dNCnfMEkZCwhx7VDUOWbJx7kM5pXLWe2apl2cTMpj+\/IZoKqJE\/GWrm7GGJ4NLX0lN0VzgalWRSSCEgJJDJRpEOqUBsHo7cnapS2njEZyEnonsUBRkjaMeP1FRCpxiZVEbzmokhYNNtKaI9rdwwaK5uwemelws6HXyRxbQDobkyKXgIlPFGCLZmcUiIacpRZmaXHasKDh6OVEEQXWzZro4xGHdRxyGZZsof3Ck2mlPH6ypyRVvGru\/fRl2BJe\/oXoMq2QdqiqQxHzb0JNpaUqZaroAQFHvwhRyvib1bAWuC3ifpiOtWWx5QrU5aqLbFixyP4B0M8z+loum+KKhMcMn5GfnjbFiiENrJwLkQrUKsWpEfqvghlS\/wMsYt5rNz8LGqAkplZEPnzSNtJjUWFJn0KOW3LcOfxf3YTC8maPl3bsTNFe1raJiFcuTeqNRpGUoYwY+lEjNR4p1gXNsCgmvI2GmDLyqfxfeDgFKNgLj0ZCs2TmcQkl\/AQUYA0YvaQWQWnZV9QzCGlVmgiN4pLoMHkiBiWSWG5IcWESFvQDgSor1yjFa0TZOPoa55cowW0BZV0qLqlH0vAXuHUGur7DIHwkPWSKWy1qSJUlNOEQcu1ODCBxG4afm2cg8CxHkChP9+mGnBpoo7LfAlURJN2CeT6mEPnO+gAKAOiInPGZzklWrT2E73EYDHAigvbzo0oCoXzos81InPClawQmEPAS8smx7pFWC5AX3tMpNaWq7dzbr6jPld1aOfQwdiXJXrKQxokMVgnLNKGyweHyOB0jeGyWozLChHQJwGippXnGkeKNkdBNt5xLwdrcyRHZ1qGpBFoqOKkeu4ApTgBAmQDFpIrXdp2latMjJ5Zv7WzUwB2hRxCZNcmzBRzQvxcleI4J1CTwuMIv1CKaFaDDZk5j5JATemWNwdMKb+XxZCFFM5BqC06EnKmaWDYVU8ldvPDeR1TD4Coa97omowbxHFwWEnWoqqgX+GomfK5Cm+KyDJBIIbQfglDUd3MZXfGguKYYl7JDOLXBz1pdSTwNOWINTTgufU3b0+wzlgzE0wlheb2nu4xUkOYoTGaXIKgzPqSxPdzREhziaXaDrd8EndlfvlsdjOLFtxziqdyUj9bxkMU9NHKTqjGO1lBzOOwU3U+7Z7qzkx\/18ulpR1n\/x8AHQAgRA+lIANgLhv8KpHwZYDF2xSuPn1wknpEtItq6fxVeH4ABQAFAQAAAAD6+gABAA=="} 01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1746811140823206,"flow_src_last_pkt_time":1746811140826341,"flow_dst_last_pkt_time":1746811140825975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1720,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746811140826341,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"176.112.173.3","src_port":50095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"pubsub.live.vkvideo.ru","domainame":"pubsub.live.vkvideo.ru","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h1_8daaf6152771_0a20fe35d3a5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1744805534078918,"flow_src_last_pkt_time":1744805534090244,"flow_dst_last_pkt_time":1744805534143644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1895,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":2082,"flow_dst_tot_l4_payload_len":5089,"midstream":0,"thread_ts_usec":1746811140826341,"l3_proto":"ip4","src_ip":"192.168.1.125","dst_ip":"3.165.239.54","src_port":60828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ubiquity","proto_id":"91.447","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":821,"packets-processed":820,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436989,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":63,"total-detection-updates":64,"total-updates":1,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":586,"global_ts_usec":1747236560002789} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1744805534078918,"flow_src_last_pkt_time":1744805534090244,"flow_dst_last_pkt_time":1744805534143644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1895,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":2082,"flow_dst_tot_l4_payload_len":5089,"midstream":0,"thread_ts_usec":1746811140826341,"l3_proto":"ip4","src_ip":"192.168.1.125","dst_ip":"3.165.239.54","src_port":60828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ubiquity","proto_id":"91.447","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":821,"packets-processed":820,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436989,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":63,"total-detection-updates":64,"total-updates":1,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":586,"global_ts_usec":1747236560002789} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747236560002789,"flow_src_last_pkt_time":1747236560002789,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747236560002789,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.164.68.49","src_port":59392,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02209{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1747236560002789,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1747236560002789,"pkt":"WJz8EPJu8C90rUP1CABFAAUAAABAAEARLF\/AqAERA6REMegAAbsE7A6MwAAAAAEIYYNXxF4MJQwDFOvNAETPyDTLNNJgdvoSWwtGBVMVPTAlfXgrIMFfmuepBGo6uAJ9h73MDlcXzsXSIRTR1IHSr2AZOE\/P6KiSkLGWNmf2bsYPD7OJ+93QNBjfLvIPJX1Wn1V13dDDYZ19HiuUcExGNFZ9ah9L7MYSvbJMTxoDaFuk5CFeGVDJDbbIKJZ5Y52VNHUMY9YS9tqwDQ605ZtUf5R+Y1elkt0z0iot1OWoYJW3+QsaMmlX9obtzY22+f9asOxUdTCrT3eMlIjvhkadzah2kFjjzct7jLrLY1UX6sQMcffSeY0D0+AmWuqE0cEvFFDsCc7taUc9MA8sqGfZ9gcwRAAxHfUoZvzwPz64zgmq8h\/7uMfGusqNaBCnRNwIabgbmRxflhbKJZwtqg2zL+5cK\/ZwWQBWn5+0vi5PY\/V68mUQl2nMGsh1zKqHFRsU\/S7uqeZhayJjffatw+R3sy5cpVehcZ9OsqTcuuvIOl8VO8HJoRoEESnd5RD4VT2otFe4UlQoUmIRXNlRQKRxQD4J7w6YLA\/fAIAWDg5VHznbTenwIqufKE2\/gy8BfZFI1g01GO4GTBR4idD8ngnpom9+BKN4fIpo5uKJgi0gHvT8NLrwcQiaEfJjvRzajzxHlhs9uaDjPyj1p\/8tovyFccJhvw1Oo2SGK2WgtwES+Mcz9pltelWJHS5ilJSHXllggmqj8VD2J5jLuWNGcA7FJQR\/Imzd1nfm3I1m4sfOC99AuWBVludEBdz\/Ib+ysujqealbnn1q+20hfk2Z4bu7RxqjIC4YNEBzWsmvCiUKUh1kZgNnOOCwkFW7Tr3wxLw5m5s8+fG5kDh760OmXqJF2dD9HZNVwF7JqbngWnsMIU2YNYd1vQOLMYz0MqBTOWqAsXHfkAT+gLJF25\/BU879kNoXPZkSpWZj8qizhe8TRw6FI0wUJOOfHEEWlyxoBFhOEANuVtC4I0fKnjp6O+0Li6laxpxNkaNh+4vwV46hcsG05T6ATZNkbbVNEgXAyJfek9uWGUwsE6I9tMd3I\/yofQJe6Pfe\/GpnUyaOZZNVbkJXqZL01UV8+MDx4Li3h\/XNgl2oCgFfLtJtVRHx8tnMjtK7eAzdnJ4VnXe5m\/q6f5lR69ZC6uh3hhKeUdF7E3RBSoiuBNOBbdaFor45LVpl\/Peo1g+GaOmQiuUT+2psVcjkMQz9vcJaHBg49+NJhVW5nLkox6QEwQ1ylM9b\/W9U3ISeWIOoNWd2YZIGMRhWFyxOjUhfzi16XipfLytn3+9rhLtQ7dO5MdMy\/wPTmc3thsYbqOhgLU99BC2w4d0xfV0Bk5P6QQlO9A8fybGzKU1Ec86pwnS9WvH9Y5QZmAD42oDMaNDU4E2ygsGc1DnR17Vg1rUoMhgrONvDtduN2WxPc17DVuJInxhfn2r6z9FfIlOuHLVe6BI5F+9rAnIp+ytFJF+BvToyzYv5sywHzgE9bMYG7HPiEBrjjIPBpMlV47HWMsRb41jThISKqEnXbMTkJPFMygcqdc1rHqKP\/qo5OWCFn+64huxTLFTfDmmlembFntYJ3sV7S+QHpL6DSBDcomeFBZrXBBW7ierhKJE3rrdO\/+0mKoJwIhhKkVfdt2w1QSpdXERPC2n2hqPDmtOYgVM8PK93bBABxzopjA=="} -00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747236560002789,"flow_src_last_pkt_time":1747236560002789,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747236560002789,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.164.68.49","src_port":59392,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}} +00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747236560002789,"flow_src_last_pkt_time":1747236560002789,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747236560002789,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.164.68.49","src_port":59392,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}} 02204{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1747236560002810,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1747236560002810,"pkt":"WJz8EPJu8C90rUP1CABFAAUAAABAAEARLF\/AqAERA6REMegAAbsE7A6MygAAAAEIYYNXxF4MJQwDFOvNAEKTBy10TNvvZgi9V\/W+FozN8mCeXOp5Ybe79Ntm23nCpSLplx5geWM0RrzqfEXx2iAgp8DQB5Whr4D7GfA4s3Sv4pExDkxX1sq13AOOAHolngD4C9TFa0rVTxkUL13h68owfpKWeoxkmQeD\/ucdflFRjyckz4BrT\/ih+ERAntOV6Ob\/0QFw4aAiPZAsv7rs30618sH4WDl+zEt4Ip\/XEk5Gc3u42hOUzuGIjvKFl8gH3W9zGHv66mw8Luaqo8S8NU6ppemgd+yVNX461SkeVnWRpeO0LKdJQsPu+5LEfWsC8EzY50467lAgoE33iE5INA7L5jPnrOrjdIbhe\/xLfpmiaepRDfZ+qJmyK4xDCBU4COf8cbxPqgQmyZr+543u\/EKjBM2oJGLrteGwedQAdNtsrnQrI8q\/bhPLp1H3AkW1Olx1SNMHGI52qoqXJg5GesvgOyfUvGrQ7w\/85b+nBac0UN6fCpLYe5PFPYjAfZsI0yr8wD+jp35X9u6yhY\/IVhFeqf7hO+iw9wqztfLbdT4H\/xT3Zj2+VEs3AGTEL\/Bh5wK53SUNbFXne+IHiWTzq9vHnFMo1T+d1lG9aLF0ubEMVESNyVtdZ9693K6GFwNidPLfG4\/R+v9h8WWmRrC7dkACHWTat3KPq93HGAhuE9bdOfelb1zj\/jIaZQmrAvg6xQu3L+VqkdCXw8yYbdqXcohx0reGxBY+aNYR+sosMuJmZyFIj45pvU3e+Bd4q5aLADthX+V2m2f0o0E4C3XZh4B9sq3wvvCg+yimQdpkfe+4iRxB8GLn\/phS2+0q9oNFujFL2SMLdG3mmLZF4j9nU4rBuSqbhkAIXxVKtOXlLOk9WvZHh1GEW+lk2WdT8ZtBKdY0tBoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01353{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1747236560002789,"flow_src_last_pkt_time":1747236560002810,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747236560002810,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.164.68.49","src_port":59392,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Kick","proto_id":"188.450","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"clips.kick.com","domainame":"clips.kick.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0314h3_55b375c5d22e_61e396c58b1f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1747236560002789,"flow_src_last_pkt_time":1747236560002810,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747236560002810,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.164.68.49","src_port":59392,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Kick","proto_id":"188.450","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"clips.kick.com","domainame":"clips.kick.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0314h3_55b375c5d22e_61e396c58b1f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1747236560024804,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1747236560024804,"pkt":"WJz8EPJu8C90rUP1CABFAABSAABAAEARMQ3AqAERA6REMegAAbsAPgne5gAAAAEUDSMRAz8lJ8ZOtCEUOt5DbElvjLADFOvNQBaG\/snsVM0+HtteXtJIvhZYmbU2XShD"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747236560024804,"flow_src_last_pkt_time":1747236560024804,"flow_dst_last_pkt_time":1747236560024804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747236560024804,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"188.114.99.224","src_port":55956,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1747236560024804,"flow_dst_last_pkt_time":1747236560024804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747236560024804,"pkt":"WJz8EPJu8C90rUP1CABFAAA8Vz5AAEAGAXLAqAERvHJj4NqUAbsCaWUjAAAAAKAC+vDiOgAAAgQFtAQCCAo87YQrAAAAAAEDAwc="} @@ -598,14 +598,14 @@ 01173{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1747236560024804,"flow_dst_last_pkt_time":1747236560024804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"thread_ts_usec":1747236560024804,"pkt":"WJz8EPJu8C90rUP1CABFAAIFV0FAAEAG\/6XAqAERvHJj4NqUAbsCaWq4oL5RnoAYAfbkAwAAAQEICjzthC2JX4hgoWe3wfpUyOa+5W1ADKQlAB0AIF20xED5iNVQZj2QpaSfOMbcoWe3wfpUyOa+5W1ADKQlABcAQQSIFWWFFe5Q2Jk2Din9WefB6rsA6udOJ9rYOfaGwqnzkyv1hhSrumkQkAxLDxIwbQv1m6494PwtMcqkzcx6hR+hACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAbAAcGAAEAAgAD\/g0BGQAAAQADngAgVFegVDFNwqiwqBANGypKl1NeHiFmre\/Utf6CEblS10cA7zXGOA2RNnWWSMBfqfLZp4cZuoR9WyIO4WtxA6eFMARyUdPnPT4hymHkHyFreUoT4MfBRN1eoQY\/7rAcyCi0tnb4sd2lORARV9oZFCckBwa7e6m9fmas\/lYUz9j6Qy6D1j8b+nNQc7wu2QckJr2eZeBO3S608j+thDmOnnPWMq9O6ZImN8DAsxMfbir13A5+p\/TT5oyOb1BklYcKhpKqSVtcJDYq0IP+z5fynbWOkBsRp7aqmxmYg+RtgBaUEW\/YiJYeTcCEoLogIKzf3VG1dUSg0UN2cbn7vWlQnoMa9q6o14JtYBEqzTS9ny4cfJZ3"} 01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":828,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1747236560024804,"flow_src_last_pkt_time":1747236560024804,"flow_dst_last_pkt_time":1747236560024804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1893,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747236560024804,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"188.114.99.224","src_port":55956,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Kick","proto_id":"91.450","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"kick.com","domainame":"kick.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1717h2_5b57614c22b0_3cbfd9057e0d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1746811140823206,"flow_src_last_pkt_time":1746811140826341,"flow_dst_last_pkt_time":1746811140825975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1720,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747236560024804,"l3_proto":"ip4","src_ip":"192.168.1.31","dst_ip":"176.112.173.3","src_port":50095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":829,"packets-processed":828,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":441440,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":65,"total-detection-updates":65,"total-updates":1,"current-active-flows":2,"total-active-flows":69,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":601,"global_ts_usec":1747335444296661} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":829,"packets-processed":828,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":441440,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":65,"total-detection-updates":65,"total-updates":1,"current-active-flows":2,"total-active-flows":69,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":601,"global_ts_usec":1747335444296661} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747335444296661,"flow_src_last_pkt_time":1747335444296661,"flow_dst_last_pkt_time":1747335444296661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335444296661,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"213.180.204.183","src_port":55718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1747335444296661,"flow_dst_last_pkt_time":1747335444296661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747335444296661,"pkt":"WJz8EPJu8C90rUP1CABFAAA8XyZAAEAGd3DAqAER1bTMt9mmAFAhgDy2AAAAAKAC+vBkVAAAAgQFtAQCCAqujJqXAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1747335444296661,"flow_dst_last_pkt_time":1747335444306622,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747335444306622,"pkt":"8C90rUP1WJz8EPJuCABFAAA8AABAADoG3JbVtMy3wKgBEQBQ2aaSJm9gIYA8t6AS+zRf2QAAAgQFggQCCAqGx39NroyalwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1747335444306633,"flow_dst_last_pkt_time":1747335444306622,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1747335444306633,"pkt":"WJz8EPJu8C90rUP1CABFAAA0XydAAEAGd3fAqAER1bTMt9mmAFAhgDy3kiZvYYAQAfZkTAAAAQEICq6MmqGGx39N"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1747335444306742,"flow_dst_last_pkt_time":1747335444306622,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1747335444306742,"pkt":"WJz8EPJu8C90rUP1CABFAAEFXyhAAEAGdqXAqAER1bTMt9mmAFAhgDy3kiZvYYAYAfZlHQAAAQEICq6MmqGGx39NR0VUIC91YnVudHUvZGlzdHMvbm9ibGUvSW5SZWxlYXNlIEhUVFAvMS4xDQpIb3N0OiBydS5hcmNoaXZlLnVidW50dS5jb20NCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MA0KQWNjZXB0OiB0ZXh0LyoNCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDI1IEFwciAyMDI0IDE1OjExOjIxIEdNVA0KVXNlci1BZ2VudDogRGViaWFuIEFQVC1IVFRQLzEuMyAoMi43LjE0KQ0KDQo="} 01157{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":832,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1747335444296661,"flow_src_last_pkt_time":1747335444306742,"flow_dst_last_pkt_time":1747335444306622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335444306742,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"213.180.204.183","src_port":55718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Canonical","proto_id":"7.169","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"ru.archive.ubuntu.com","domainame":"ru.archive.ubuntu.com","http": {"url":"ru.archive.ubuntu.com\/ubuntu\/dists\/noble\/InRelease","code":0,"content_type":"","user_agent":"Debian APT-HTTP\/1.3 (2.7.14)"}}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":833,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1747236560002789,"flow_src_last_pkt_time":1747236560024804,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2558,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335444306742,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.164.68.49","src_port":59392,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Kick","proto_id":"188.450","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"clips.kick.com"}} +01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":833,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1747236560002789,"flow_src_last_pkt_time":1747236560024804,"flow_dst_last_pkt_time":1747236560002789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2558,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335444306742,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"3.164.68.49","src_port":59392,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Kick","proto_id":"188.450","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"clips.kick.com"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":833,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1747236560024804,"flow_src_last_pkt_time":1747236560024804,"flow_dst_last_pkt_time":1747236560024804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1893,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335444306742,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"188.114.99.224","src_port":55956,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Kick","proto_id":"91.450","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":833,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747335460562349,"flow_src_last_pkt_time":1747335460562349,"flow_dst_last_pkt_time":1747335460562349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335460562349,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"185.125.188.54","src_port":60888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1747335460562349,"flow_dst_last_pkt_time":1747335460562349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747335460562349,"pkt":"WJz8EPJu8C90rUP1CABFAAA865dAAEAGF7fAqAERuX28Nu3YAbuwxe5gAAAAAKAC+vA3nAAAAgQFtAQCCAoKH\/lhAAAAAAEDAwc="} @@ -622,7 +622,7 @@ 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1747335460613071,"flow_src_last_pkt_time":1747335460613071,"flow_dst_last_pkt_time":1747335460613071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":402,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335460613071,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"185.125.190.80","src_port":57042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Canonical","proto_id":"91.169","proto_by_ip":"Canonical","proto_by_ip_id":169,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1747335460562349,"flow_src_last_pkt_time":1747335460613071,"flow_dst_last_pkt_time":1747335460612879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335460613071,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"185.125.188.54","src_port":60888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Canonical","proto_id":"91.169","proto_by_ip":"Canonical","proto_by_ip_id":169,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1747335444296661,"flow_src_last_pkt_time":1747335444306742,"flow_dst_last_pkt_time":1747335444306622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747335460613071,"l3_proto":"ip4","src_ip":"192.168.1.17","dst_ip":"213.180.204.183","src_port":55718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Canonical","proto_id":"7.169","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":840,"packets-processed":840,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":442319,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":68,"total-detection-updates":65,"total-updates":1,"current-active-flows":0,"total-active-flows":72,"total-idle-flows":72,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":625,"global_ts_usec":1747335460613071} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":840,"packets-processed":840,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":442319,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":68,"total-detection-updates":65,"total-updates":1,"current-active-flows":0,"total-active-flows":72,"total-idle-flows":72,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":625,"global_ts_usec":1747335460613071} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 840/840 ~~ skipped flows.............: 0 @@ -631,9 +631,9 @@ ~~ total active/idle flows...: 72/72 ~~ total timeout flows.......: 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9964179 bytes -~~ total memory freed........: 9964179 bytes -~~ total allocations/frees...: 142944/142944 +~~ total memory allocated....: 10730891 bytes +~~ total memory freed........: 10730891 bytes +~~ total allocations/frees...: 156912/156912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 4476 chars diff --git a/test/results/default/sites2.pcapng.out b/test/results/default/sites2.pcapng.out index 56800b061..e23a1f4bd 100644 --- a/test/results/default/sites2.pcapng.out +++ b/test/results/default/sites2.pcapng.out @@ -1,14 +1,14 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731420396936795} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731420396936795} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396936795,"flow_dst_last_pkt_time":1731420396936795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731420396936795,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731420396936795,"flow_dst_last_pkt_time":1731420396936795,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1731420396936795,"pkt":"dNo47VMyYhO2esBpCABFAAA8cxdAAEAGXTjAqAxDAhebarcsAbva3WCRAAAAAKAC\/\/8PbAAAAgQFtAQCCAowkKk+AAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1731420396936795,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1731420396938623,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAADYG2k8CF5tqwKgMQwG7tyw6TIb02t1gkqAS\/oh6cgAAAgQFaAQCCArMawkBMJCpPgEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1731420396940464,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1731420396940464,"pkt":"dNo47VMyYhO2esBpCABFAAA0cxhAAEAGXT\/AqAxDAhebarcsAbva3WCSOkyG9YAQAKymygAAAQEICjCQqUPMawkB"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1731420396955865,"pkt":"dNo47VMyYhO2esBpCABFAAI5cxlAAEAGWznAqAxDAhebarcsAbva3WCSOkyG9YAYAKymUQAAAQEICjCQqVHMawkBFgMBAgABAAH8AwNCffeD+K2cUK4j5RgMvcl79ueCaJQ7pg9OgWHZMC5IYiDxnoKw55RCtQbS+vq+GdnMBrQWNTa5DPMGZny4XrhSeQAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAABIAEAAADWltZy5zaGVpbi5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIK4zAy8E8JUwWPGSr1OkypoqibRb+3gAeRNNeIeRFp44AC0AAgEBACsABQQDBAMDABUA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731420396955865,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"img.shein.com","domainame":"img.shein.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731420396955865,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"img.shein.com","domainame":"img.shein.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396958564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1731420396958564,"pkt":"YhO2esBpdNo47VMyCABFAAA0y81AADYGDooCF5tqwKgMQwG7tyw6TIb12t1il4AQAfqjVgAAAQEICsxrCRQwkKlR"} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396959572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1731420396959572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"img.shein.com","domainame":"img.shein.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1731423286975849} +01263{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396959572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1731420396959572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"img.shein.com","domainame":"img.shein.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1731423286975849} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423286975849,"flow_dst_last_pkt_time":1731423286975849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731423286975849,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731423286975849,"flow_dst_last_pkt_time":1731423286975849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1731423286975849,"pkt":"dNo47VMyYhO2esBpCABFAAA8ewVAAEAG3rPAqAxDFA8ACbpOAbsf3889AAAAAKAC\/\/9A2gAAAgQFtAQCCAoqw1A3AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1731423286975849,"flow_dst_last_pkt_time":1731423287023947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1731423287023947,"pkt":"YhO2esBpdNo47VMyCABFAAA0AABAACoGb8EUDwAJwKgMQwG7uk5XA\/aIH9\/PPoASfXgX0AAAAgQFtAEBBAIBAwMJ"} @@ -26,7 +26,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358700774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1731423358700774,"pkt":"YhO2esBpdNo47VMyCABFAAAofdUAACsGjt07UnrgwKgMQwG7qbZPQaeBCaes11AQADzTxwAA"} 01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358702659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1731423358702659,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"umdc.taobao.com","domainame":"umdc.taobao.com","tls": {"version":"TLSv1.2","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01964{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358702664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3683,"midstream":0,"thread_ts_usec":1731423358702664,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"umdc.taobao.com","domainame":"umdc.taobao.com","tls": {"version":"TLSv1.2","server_names":"*.alibabachengdun.com,*.alibabachengdun.net,umdc.aliapp.org,*.ynuf.aliapp.org,sgynuf.alibaba.com,pum.m.alibaba.com,ynuf.aliapp.org,mum.hzchengdun.com,mum.m.alibaba.com,umdc.alibaba-inc.com,umidiot.aliapp.org,us-mum.alibabachengdun.com,sg-pum.alibabachengdun.com,sg-pum.alibabachengdun.net,umdc.taobao.com,umdc.tmall.com,alibabachengdun.com","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1713h1_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alibabachengdun.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"A4:84:85:BF:7A:3D:54:C0:EE:F2:8B:39:E7:ED:56:FB:74:6B:5E:61","blocks":0}}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1732445063203009} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1732445063203009} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732445063203009,"flow_src_last_pkt_time":1732445063203009,"flow_dst_last_pkt_time":1732445063203009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732445063203009,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"151.101.1.233","src_port":39974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1732445063203009,"flow_dst_last_pkt_time":1732445063203009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1732445063203009,"pkt":"dNo47VMyYhO2esBpCABFAAA8ui9AAEAGGlPAqAxDl2UB6ZwmAbtWoYiZAAAAAKAC\/\/9YtAAAAgQFtAQCCApeiK1rAAAAAAEDAwk="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1732445063203009,"flow_dst_last_pkt_time":1732445063205466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1732445063205466,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAADkG24KXZQHpwKgMQwG7nCZHn3ZAVqGImqAS\/\/+8LQAAAgQFTAQCCArTpwtWXoitawEDAwk="} @@ -35,18 +35,18 @@ 01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1732445063203009,"flow_src_last_pkt_time":1732445063210226,"flow_dst_last_pkt_time":1732445063205466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"151.101.1.233","src_port":39974,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ParamountPlus","proto_id":"91.439","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"vod-gcs-cedexis.cbsaavideo.com","domainame":"vod-gcs-cedexis.cbsaavideo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h1_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358973813,"flow_dst_last_pkt_time":1731423358968432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2286,"flow_dst_tot_l4_payload_len":3957,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423287471416,"flow_dst_last_pkt_time":1731423287519256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1403,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Temu","proto_id":"91.435","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420397022641,"flow_dst_last_pkt_time":1731420397024867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":597,"flow_dst_tot_l4_payload_len":3609,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17177,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1732825707164882} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420397022641,"flow_dst_last_pkt_time":1731420397024867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":597,"flow_dst_tot_l4_payload_len":3609,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17177,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1732825707164882} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732825707164882,"flow_src_last_pkt_time":1732825707164882,"flow_dst_last_pkt_time":1732825707164882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732825707164882,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"213.180.193.9","src_port":52124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1732825707164882,"flow_dst_last_pkt_time":1732825707164882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1732825707164882,"pkt":"UP8gvIqNuIdu9d+0CABFAAA8dKxAAEAGbkXAqABk1bTBCcucAFAg9TdYAAAAAKACchAL3QAAAgQFtAQCCAoKHEP0AAAAAAEDAwU="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1732825707164882,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1732825707169484,"pkt":"uIdu9d+0UP8gvIqNCABFAAA8AABAADsG5\/HVtMEJwKgAZABQy5wPoJr0IPU3WaASqUrGHgAAAgQFggQCCApMeBeVChxD9AEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1732825707171476,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1732825707171476,"pkt":"UP8gvIqNuIdu9d+0CABFAAA0dK1AAEAGbkzAqABk1bTBCcucAFAg9TdZD6Ca9YAQA5GacQAAAQEICgocQ\/ZMeBeV"} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1732825707173272,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1732825707173272,"pkt":"UP8gvIqNuIdu9d+0CABFAAC0dK5AAEAGbcvAqABk1bTBCcucAFAg9TdZD6Ca9YAYA5EqTQAAAQEICgocQ\/ZMeBeVSEVBRCAvZ2VuZXJhdGVfMjA0IEhUVFAvMS4xDQpIb3N0OiBzY2JoLnlhbmRleC5uZXQNCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiB5YW5kZXhtaW5pXzIvMC4yNzAuMS40OC4yNjgzNjk0NTAyLjIwMjQxMTE1LjE5OQ0KDQo="} -01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1732825707164882,"flow_src_last_pkt_time":1732825707173272,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732825707173272,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"213.180.193.9","src_port":52124,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.YandexAlice","proto_id":"7.440","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"scbh.yandex.net","domainame":"scbh.yandex.net","http": {"url":"scbh.yandex.net\/generate_204","code":0,"content_type":"","user_agent":"yandexmini_2\/0.270.1.48.2683694502.20241115.199"}}} +01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1732825707164882,"flow_src_last_pkt_time":1732825707173272,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732825707173272,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"213.180.193.9","src_port":52124,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.YandexAlice","proto_id":"7.440","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"scbh.yandex.net","domainame":"scbh.yandex.net","http": {"url":"scbh.yandex.net\/generate_204","code":0,"content_type":"","user_agent":"yandexmini_2\/0.270.1.48.2683694502.20241115.199"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1732825707173272,"flow_dst_last_pkt_time":1732825707177726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1732825707177726,"pkt":"uIdu9d+0UP8gvIqNCABFAAA0KQpAADsGvu\/VtMEJwKgAZABQy5wPoJr1IPU32YAQAKmc0QAAAQEICkx4F50KHEP2"} -01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1732825707164882,"flow_src_last_pkt_time":1732825707187512,"flow_dst_last_pkt_time":1732825707184702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":78,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1732825707187512,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"213.180.193.9","src_port":52124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.YandexAlice","proto_id":"7.440","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"scbh.yandex.net"}} +01018{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1732825707164882,"flow_src_last_pkt_time":1732825707187512,"flow_dst_last_pkt_time":1732825707184702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":78,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1732825707187512,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"213.180.193.9","src_port":52124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.YandexAlice","proto_id":"7.440","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"scbh.yandex.net"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1732445063203009,"flow_src_last_pkt_time":1732445063210226,"flow_dst_last_pkt_time":1732445063205466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732825707187512,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"151.101.1.233","src_port":39974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ParamountPlus","proto_id":"91.439","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":62,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17383,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":49,"global_ts_usec":1732825707187512} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":62,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17383,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":49,"global_ts_usec":1732825707187512} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 62/62 ~~ skipped flows.............: 0 @@ -55,9 +55,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8713444 bytes -~~ total memory freed........: 8713444 bytes -~~ total allocations/frees...: 140688/140688 +~~ total memory allocated....: 9477946 bytes +~~ total memory freed........: 9477946 bytes +~~ total allocations/frees...: 154654/154654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 1969 chars diff --git a/test/results/default/sites3.pcapng.out b/test/results/default/sites3.pcapng.out index caa89d042..40d1ce6ec 100644 --- a/test/results/default/sites3.pcapng.out +++ b/test/results/default/sites3.pcapng.out @@ -1,14 +1,14 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1751380979069858} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1751380979069858} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380979069858,"flow_dst_last_pkt_time":1751380979069858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1751380979069858,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1751380979069858,"flow_dst_last_pkt_time":1751380979069858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1751380979069858,"pkt":"FF+U0O3DPKn0JXS4CABFAAA0hclAAIAG1kTAqCufNNd9l0q3AbvdErc6AAAAAIAC+vD0qQAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1751380979069858,"flow_dst_last_pkt_time":1751380979261506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1751380979261506,"pkt":"PKn0JXS4FF+U0O3DCABFAAA0AABAAPIG6g00132XwKgrnwG7Srcmdv2n3RK3O4ASaQNizAAAAgQFUAEBBAIBAwMI"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1751380979261587,"flow_dst_last_pkt_time":1751380979261506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1751380979261587,"pkt":"FF+U0O3DPKn0JXS4CABFAAAohdFAAIAG1kjAqCufNNd9l0q3AbvdErc7Jnb9qFAQAQQLOwAA"} 02361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1751380979262043,"flow_dst_last_pkt_time":1751380979261506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1751380979262043,"pkt":"FF+U0O3DPKn0JXS4CABFAAV4hdNAAIAG0PbAqCufNNd9l0q3AbvdErc7Jnb9qFAQAQS0dgAAFgMBB9IBAAfOAwMNDKJyObBSC\/DoKR\/5hw9NII6LBH1aAnED3lBztwTsgyD21DRFdMuSy3Of60Dc5qgLGCrgG9VeDhd1FnxgNHl+nQAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAdlmpoAAAAXAAAACwACAQAACgAMAApaWhHsAB0AFwAY\/wEAAQAAMwTvBO1aWgABABHsBMDC1rJFp0hTmAZUalQjRL5EYXdvKjLrup9ekIL5mn9qmpfr4TJg+CY6FJ0HnFIYoVh8BoSommDHe3ml9s925kNABUO3l30GYJMlW8h7drOS1AuS525GDA1LGLvLBwUa9CKo+4R0qqNpA2QtgJQ68oWj026wR56xSBWXBWUiiYkT43C6rEAplzw\/xDDXE0t4iywmiqPxzFEChoY69XM+JlnU6mr20BiR8qtzAp4RIMXHQZcgSGDU0YJZdJJHRRVI6YwFh1oAeikg1EIKKcazIK3H6AkXlTRztKTDclZQ03PDmrwCgp+1AIBH2qw6yX3gkmtbNjNwmMnqdM96TIH7w3gV8lB3Bhf7dlX2o6pblX1w+hYSOoklEDe0+8ScV0j7SHgmdxHA5WiTMDXw0s\/FLIYCsYVAJIHe5EiZCHDk9qzC6pvC1EEvIl7+V0PZhS3op715KHe\/IkSOt5vTYK7RIguFYgaktiYl4H\/w0QRjkEb6s62rgoJThDAClCurmBRb+Dy4xUbVyhTlJjiyJ3+D9JEgtkF\/BiZLpsaJvFfCxyIjnKcqBLal0mOSxM+dyBnvyWoxZQpoiocLgbhBQklYxBlflohhCTO6uqch4adJfBYyqGtHW5028ziMoEKY67CXVRZ3or17GQj1cQ5+OyD0IKue+6xMUpQAKGdoS5vqQa2rc0W\/eTTu2W9oYh3BS51VUavoGVrrtkU2cyORaYg3KqTCrLjQ2U6yRk1yurvoqWfOw4LQMmQ+B0lICajzwrPGNbTuUYrRw2sbyxbWAT1KOlfUgYC8s2NWcsU7SVMSo56K9zdnJxN2UIPZU6AuKDuRrDxwwjkS7BEYMJDWtWp+wWzPU56n5kkcyGl8ds3xVJT8tYluNZ+qusynwmsbjCbbsktqgoWwCbGsAj+MQ1lxysQ8q8I3G0FmS0KRRHu1lQtvEb55hy0YYyiPrM4e2U54ZbC8AyrQwiU3OneLIlQbRMuuCk3m15oY8bpZcrc14Q6IxDNUwjJpp7GaOlbrojOxyHO4SHffkFoJEE9sKQaFRyEa8hpN94suM5nQNQlv4cQ3G4brhlAFIpnhLJgZt5NKBZrIZojxbHWA1FoCqE+WoLBEdzURXKygWJOocXqZOI18jLJEXEUHYQHNxYQy4ysu4h1QFi0PIZkLYjAleBGa127Ph2A9lE4ttZDgfJnzOUx2TB82S1jGUT+Apm\/hkp9nhXxmRq9c4I7l+DOP5nkJmM0J7CWFADrkG24ZAKvb52yfwA6H5wELqKcS4FSdtJxL5wTKJoVRdCq8lJozJgZtObRappEfRKg+k6Y7WW6yGYsp+IQSl7082LEgVpIkcBC84r1v1Saz8pjpCUmMdrq7fA8MAp9PqWMp01BWZzb\/NIs0K4jsIUdh8oP9J1iZdaCOsCXXimI1C36HWMeykZLi407wR1DzSgrWJDTrNBGIlbYDy64mfB2qBaGaqaqbl7HLeHGaqj\/+u4hBJAc08KkyZA8LAjx\/LKHnnJg\/ayspsYgRFi1cAIubeL+lNYd2QsIIGEbm0NWJPZvnmviEDWs2KYWq8i2KPPBXvwpwJHTJJDl+9ZiYUiH20Y67EY5PbQ=="} 01400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1751380979262043,"flow_dst_last_pkt_time":1751380979261506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"thread_ts_usec":1751380979262043,"pkt":"FF+U0O3DPKn0JXS4CABFAAKvhdRAAIAG077AqCufNNd9l0q3AbvdEryLJnb9qFAYAQQ8jwAAongMPkx9UL5GtaS5DXJTaAgXjBgAHQAg1zqTuC3EQnJwiUy2Ntgjj7nKevpojOyvbYf75H5hsxsAAAAVABMAABB3d3cuYmxhY2tudXQuY29tRM0ABQADAmgyAAUABQEAAAAAABIAAAAjAAAAKwAHBjo6AwQDA\/4NARoAAAEAAboAICIn9SJo4Da0LadGbMK8sYJVC9JaK\/T4SEmx+iwfdlF8APBF3aJYV7TwTEgM1lQ3Vzh4LgaLSv46gJ0Q0BV5AuqC\/6\/kBiRokKDgwXIoYloG0O7jJDV75q5Si+QrEBwWePqmTV1ZvrVHBhJFmCGHLpPlOLTKSYCJP7F1Q0R0ina7rLvTlVnJSKqzaVwrfBn1jv3RkuH8WiG+nhkiwt9Xb2PWgfMUyapEHtBZSQO4tVUHLdoEkvSMT4HevJbzFjib8OyILhnh7oTG2cpr7QSnKQJ8sarRDSqTqXtrq8ToTYlMexKqFNins5ZvDu7NwXuvSTbWaUb3GU\/RupNqi4NHM1ZT3BIULaHl\/ekjW35kcTGx6tkALQACAQEAGwADAgACABAADgAMAmgyCGh0dHAvMS4xAA0AEgAQBAMIBAQBBQMIBQUBCAYGAYqKAAEAACkAtQCQAIoBcCKn7TeMHFM+sFMZ9+Y\/lZy6WVqnftwe+x8HJb9L5sNTcmzkZJzI5q8QbUvEmDDt9PTqBmb\/9YNbQsDvINUYaHOy1xxTMSQ60MZPUm4y6pVsOyzPBaf+8cPdusaxL46rmKT3hEH9GGdITU16jFfmql1wK3OeUfDaQZH2SLEsvIthT4D8fdYrAdmFlxkRACEg6ioh5j9vTY+PGkg9IZKYCosjwrbV7YLAw3AFd0A9yGM="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380979262043,"flow_dst_last_pkt_time":1751380979261506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2007,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1751380979262043,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Blacknut","proto_id":"91.107","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.blacknut.com","domainame":"www.blacknut.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1517h2_8daaf6152771_b6f405a00624","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380979262043,"flow_dst_last_pkt_time":1751380979443605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":2007,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1751380979443605,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Blacknut","proto_id":"91.107","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.blacknut.com","domainame":"www.blacknut.com","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1517h2_8daaf6152771_b6f405a00624","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380980547137,"flow_dst_last_pkt_time":1751380981057554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":6003,"flow_dst_tot_l4_payload_len":10578,"midstream":0,"thread_ts_usec":1751380981057554,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":111773.4,"max":489732,"stddev":135576.3,"var":18380933120.0,"ent":3.8,"data": [191648,191729,456,0,181880,219,0,181933,182908,0,227224,0,235242,188351,0,0,0,379060,3533,0,202603,290270,379,0,0,489732,3612,234716,278539,941,0]},"pktlen": {"min":40,"avg":558.9,"max":1400,"stddev":594.5,"var":353482.7,"ent":4.1,"data": [52,52,40,1400,687,40,40,265,104,40,219,1400,81,40,1400,1400,883,67,40,1400,81,40,1400,1400,881,67,40,1170,40,1400,1400,316]},"bins": {"c_to_s": [4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0],"s_to_c": [9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1,1,0,0,0,1,1,1,1,1,0,0,1,1,1,1],"entropies": [4.714205742,4.884933949,4.831686974,7.786003590,7.385989666,4.784183979,4.784183979,6.727743149,6.053701401,4.834184170,7.026135445,7.878670692,5.975535393,4.780641556,7.856169224,7.871372223,7.742848873,5.623528481,4.931687355,7.872314930,5.998993874,4.834183693,7.836326122,7.864439964,7.803820133,5.457807064,4.981687069,7.824966908,4.884183884,7.831421852,7.888859272,7.341914654]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Blacknut","proto_id":"91.107","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380979262043,"flow_dst_last_pkt_time":1751380979261506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2007,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1751380979262043,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Blacknut","proto_id":"91.107","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.blacknut.com","domainame":"www.blacknut.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1517h2_8daaf6152771_b6f405a00624","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380979262043,"flow_dst_last_pkt_time":1751380979443605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":2007,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1751380979443605,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Blacknut","proto_id":"91.107","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.blacknut.com","domainame":"www.blacknut.com","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1517h2_8daaf6152771_b6f405a00624","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +02173{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380980547137,"flow_dst_last_pkt_time":1751380981057554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":6003,"flow_dst_tot_l4_payload_len":10578,"midstream":0,"thread_ts_usec":1751380981057554,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":111773.4,"max":489732,"stddev":135576.3,"var":18380933120.0,"ent":3.8,"data": [191648,191729,456,0,181880,219,0,181933,182908,0,227224,0,235242,188351,0,0,0,379060,3533,0,202603,290270,379,0,0,489732,3612,234716,278539,941,0]},"pktlen": {"min":40,"avg":558.9,"max":1400,"stddev":594.5,"var":353482.7,"ent":4.1,"data": [52,52,40,1400,687,40,40,265,104,40,219,1400,81,40,1400,1400,883,67,40,1400,81,40,1400,1400,881,67,40,1170,40,1400,1400,316]},"bins": {"c_to_s": [4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0],"s_to_c": [9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1,1,0,0,0,1,1,1,1,1,0,0,1,1,1,1],"entropies": [4.714205742,4.884933949,4.831686974,7.786003590,7.385989666,4.784183979,4.784183979,6.727743149,6.053701401,4.834184170,7.026135445,7.878670692,5.975535393,4.780641556,7.856169224,7.871372223,7.742848873,5.623528481,4.931687355,7.872314930,5.998993874,4.834183693,7.836326122,7.864439964,7.803820133,5.457807064,4.981687069,7.824966908,4.884183884,7.831421852,7.888859272,7.341914654]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Blacknut","proto_id":"91.107","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1751381023798684,"flow_src_last_pkt_time":1751381023798684,"flow_dst_last_pkt_time":1751381023798684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1751381023798684,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"172.98.56.177","src_port":19180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1751381023798684,"flow_dst_last_pkt_time":1751381023798684,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1751381023798684,"pkt":"FF+U0O3DPKn0JXS4CABFAAA0Vp1AAIAG0svAqCufrGI4sUrsAbtw5dUsAAAAAIAC+vAQCwAAAgQFtAEDAwgBAQQC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1751381023798684,"flow_dst_last_pkt_time":1751381024227013,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1751381024227013,"pkt":"PKn0JXS4FF+U0O3DCABFKAA0AABAACcGgkGsYjixwKgrnwG7SuxnNiTqcOXVLYAS+vCEPgAAAgQFUAEBBAIBAwMH"} @@ -26,22 +26,32 @@ 01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1751381031097046,"flow_src_last_pkt_time":1751381031266638,"flow_dst_last_pkt_time":1751381031264829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1730,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1751381031266638,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"172.67.42.21","src_port":19191,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Boosteroid","proto_id":"91.108","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"cloud.boosteroid.com","domainame":"cloud.boosteroid.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_d8a2da3f94cd","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1751381031097046,"flow_src_last_pkt_time":1751381031607399,"flow_dst_last_pkt_time":1751381031781304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":3090,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1751381031781304,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"172.67.42.21","src_port":19191,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Boosteroid","proto_id":"91.108","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"cloud.boosteroid.com","domainame":"cloud.boosteroid.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_d8a2da3f94cd","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1751381031097046,"flow_src_last_pkt_time":1751381033537362,"flow_dst_last_pkt_time":1751381033666838,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":4436,"flow_dst_tot_l4_payload_len":10174,"midstream":0,"thread_ts_usec":1751381033666838,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"172.67.42.21","src_port":19191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":161616.4,"max":876863,"stddev":251562.1,"var":63283486720.0,"ent":3.4,"data": [167783,167959,1633,0,340761,516328,0,147,0,0,174031,2239,0,2303,4809,3592,108651,11261,765245,269,0,876863,504389,711616,113435,363976,171815,1003,0,0,0]},"pktlen": {"min":40,"avg":498.1,"max":1400,"stddev":553.4,"var":306248.8,"ent":4.1,"data": [52,52,40,1400,410,1400,40,40,1400,1400,841,40,52,841,52,104,665,40,40,1044,181,67,40,697,40,578,40,1400,71,1400,71,1400]},"bins": {"c_to_s": [6,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0]},"directions": [0,1,0,0,0,0,1,1,1,1,1,0,1,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,1,1,1],"entropies": [4.661227226,4.884933472,4.831687450,7.780591011,6.857981205,7.736375809,4.834184170,4.834184170,7.845101833,7.874835014,7.784056187,4.881687641,4.778976440,7.785583496,4.794297695,5.947743893,7.669537067,4.784184456,4.834184170,7.828474522,6.797306538,5.593678474,4.884183884,7.729642391,4.784184456,7.708610535,4.734184265,7.869575977,5.705943584,7.840100765,5.628342152,7.863358021]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Boosteroid","proto_id":"91.108","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":52,"flow_first_seen":1751381031097046,"flow_src_last_pkt_time":1751381036750269,"flow_dst_last_pkt_time":1751381036750198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":4436,"flow_dst_tot_l4_payload_len":45330,"midstream":0,"thread_ts_usec":1751381036750269,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"172.67.42.21","src_port":19191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Boosteroid","proto_id":"91.108","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"cloud.boosteroid.com"}} -01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":41,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380991755233,"flow_dst_last_pkt_time":1751380991757758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":11875,"flow_dst_tot_l4_payload_len":21154,"midstream":0,"thread_ts_usec":1751381036750269,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Blacknut","proto_id":"91.107","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.blacknut.com"}} -00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1751381023798684,"flow_src_last_pkt_time":1751381031959673,"flow_dst_last_pkt_time":1751381031959617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":295,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":595,"midstream":0,"thread_ts_usec":1751381036750269,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"172.98.56.177","src_port":19180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Rumble","proto_id":"91.446","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":150,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85465,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1751381036750269} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85465,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1759689931679048} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1759689931679048,"flow_src_last_pkt_time":1759689931679048,"flow_dst_last_pkt_time":1759689931679048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1759689931679048,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"3.124.173.63","src_port":52752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1759689931679048,"flow_dst_last_pkt_time":1759689931679048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1759689931679048,"pkt":"ILAB4IZiEJgZwDaQCABFAAA8xNxAAEAGAv7AqAF+A3ytP84QAbtRf\/KQAAAAAKAC+vBzEAAAAgQFtAQCCAoMGWIFAAAAAAEDAwc="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1759689931679048,"flow_dst_last_pkt_time":1759689931692456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1759689931692456,"pkt":"EJgZwDaQILAB4IZiCABFAAA8AABAADcG0NoDfK0\/wKgBfgG7zhC50u9pUX\/ykaASi9TMWQAAAgQFtAQCCAqS+r6rDBliBQEDAwk="} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1759689931692480,"flow_dst_last_pkt_time":1759689931692456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1759689931692480,"pkt":"ILAB4IZiEJgZwDaQCABFAAA0xN1AAEAGAwXAqAF+A3ytP84QAbtRf\/KRudLvaoAQAfZzCAAAAQEICgwZYhKS+r6r"} +03106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1759689931692871,"flow_dst_last_pkt_time":1759689931692456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1963,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1963,"pkt_l4_len":1929,"thread_ts_usec":1759689931692871,"pkt":"ILAB4IZiEJgZwDaQCABFAAedxN5AAEAG+5rAqAF+A3ytP84QAbtRf\/KRudLvaoAYAfZ6cQAAAQEICgwZYhKS+r6rFgMBB2QBAAdgAwM9IJ6jWBs3Nxtrmd92edYybLxe5ylxjHHUmZOvEvAc4SCXt1X4UGui2fRf+NdNxpzOOvZUO2TVYdKmP9KBk4OfgAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEABvUAAAARAA8AAAxkY2YuZXNwbi5jb20AFwAA\/wEAAQAACgAQAA4R7AAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwASAAAAMwUvBS0R7ATA1iwCoBYZX4G4F5hreTxYUeqO6co1OdBkQXkIn7i4TuDA7Vm\/7+QG1BWIc+CnsMVnw7tJlAe3wgmPIQB8o3U\/wKvLpksfJDyAKCKyifybJnth0kh1ZKxs\/VJX5jE+p5dkMJqrZveYRyJrHLcZQhSVnpx5LnsOmsJfs0ozytVtqHmmpBNvtIFhhgtrPgA73HlecGWFrgCV2VXK02IuPbGGvkCgtQOjnWQgomsOA7ASf0qCT7ed2FvMibJwLdaNkEg4KFq1+vSGRhx5V4c4mKoMtCm7gMSDigw+dqCUGnAOa3El8pdngYt+hskRR+CEsNiBPmSno+VGpUisWmy4rUqmYdBxumtB+YZnDlgwZlF4n3pajKkjJMdPHcsbvnax\/7cclFMLwixxgMChs9tR1dSDNTqSLrYyzUFukgPMF9EnH4iQcUNDRASWf5dR7xAyeaV6tTN6mFYZMteC3lkFR5mkyeixPVu9t9JqRTACN4SqBoM3MOovspmtV\/rNW8eeD3ocb9qc3aRv\/1YYVuGJJ+G7dQvADnymODCXwrpOQCdxeqVHCMusCKg+CUQXFqtB+vylFMWbGNaN9UR+qMlJK0SfhKrEGBQNbZCVX+NS80sZ\/\/esReIuPwVKnGAT37kndNqyx8DAjCFCdBgWrGNqlHOCTTM9fYybetmpbtqVy9iPG2wSNlyhgApOsBnC8WyuDZMDp0FoTtlBbTAW3UwuHgEbg3MIu3mZvfqzgvZOJZG9YVIYZGiUM0pFqKPPtZq7nFeUR1sHSJGBotezAzpBSYFY4oScYdC8BcVaccB7oBSczStZyjq388JSNnC96UUSbuqBgkg1tNSER9bETEQtpksEFdoYvZay2RRG9KyyaguXLSYFXjiMc5CBlpHKYeArF6UPn\/YpazO4QiqKFqC3kIoIShMpH4eAv3bJ5mLKL0W5Z8MxfKqvFGywciZiyFaqnlmIGqzCycBYFladhrfMOdQHVITAzXlvZhs1WzhDR+lYRZzA5jwVoltXHddIosmF0mZQVLFxZkIQ2ROV2znIngSOz6rB0YYeWeWXmHN6n\/MCB\/eEkypgpzamEVRfW9rGrkm8cCCBfUWQmoKMYaNpGpKVVEAOrGEn48YEHxUjqOa+eNyT2NcPvZMllsF+OsLMyNpf7Fq78Jga+rsdc1w1DqJX2yc4fIBm+TDGMaQhF8DJ4RK6TkZZ40ePdglA0EMpudIiFFKtSKVuqgCAK2Mm6zNWinrMSuRN+kBd\/qmfT7MImhKo4icXbuxNL4ZYGCJm2Om0TDwM1MfIw\/QI41hC5+NN\/OQew3IuuZIjMuMuGXANt5QqiasJJfW4wwu8l3Blbda8v+qEo8BUGIdRoLpnH0eL9AO4PDOBYmMMsgKltWuw+7lFfuYLlGc6UPGaHYBDnbUI\/gScOwt3\/Ru8i7GOEYlWngwGBEKCsnqhG6JkrVEC4uowTvSIfzdPT6OK+wVgX+tKtncP7ug7tHHFX+mSYjKQUVNMcmd9SAZshDQDLcGSeCQfQUImtDAvZQib9YxEAHktVbFamW6e9jJhFd1UJi2xpDkyaY+OzKdRO11Bdyc67JYI8HSZGldKmjr6ldtIxbUInbQAYSLSM9S3t3ROBSdbZwAdACAI8HSZGldKmjr6ldtIxbUInbQAYSLSM9S3t3ROBSdbZwAXAEEEyvyD\/Y1AVzcJ7tl\/QQ1bUPfq0F56T+iZ+yGDV4XgAiGpGHVIzlIinp4iTeURO1nmebnCfLEb3DSTn8fzwn599wArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAGwAHBgABAAIAA\/4NARkAAAEAAUoAIFUkeQ04WcVqDOrxy7gbF9SsxAijHXuv97q0PpdX8\/8oAO9pziksdVB0GO20948knRHp3lVCRmbKNyLgN3vnk+XKmlv0VOhI2ZBa3GEDDvEnDzUTyqydXN6zIueaSI0uPhSTyiN4dzW8P1u41QXcEUs+KxDbDaYj8ivTZ01gw3lKhvP\/TcTGAjNq4ELq3nyHSoI2o22XeQrCtq3qQ7ET73e3QB4okZydQok7Dv7xR3kncLZqOhwRyPCj\/3KljewnjKnee8CdWdlJAM1DejUwyoL59tuE\/B9xKZNlwzudNrZFQ5riuViyaJmpCXzkboY6JJTdmEaTGjGhuFszkLDWZf08jEgDOni58RuY3pOH1FOz9Q=="} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1759689931679048,"flow_src_last_pkt_time":1759689931692871,"flow_dst_last_pkt_time":1759689931692456,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1897,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1897,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1759689931692871,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"3.124.173.63","src_port":52752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Espn","proto_id":"91.466","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"dcf.espn.com","domainame":"dcf.espn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1717h2_5b57614c22b0_3cbfd9057e0d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1759689931692871,"flow_dst_last_pkt_time":1759689931705228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1759689931705228,"pkt":"EJgZwDaQILAB4IZiCABFAAA072xAADcG4XUDfK0\/wKgBfgG7zhC50u9qUX\/4OYAQAESA9gAAAQEICpL6vrgMGWIS"} +01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1759689931679048,"flow_src_last_pkt_time":1759689931692871,"flow_dst_last_pkt_time":1759689931705664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1897,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":1897,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1759689931705664,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"3.124.173.63","src_port":52752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Espn","proto_id":"91.466","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"dcf.espn.com","domainame":"dcf.espn.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1717h2_5b57614c22b0_3cbfd9057e0d","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":52,"flow_first_seen":1751381031097046,"flow_src_last_pkt_time":1751381036750269,"flow_dst_last_pkt_time":1751381036750198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":4436,"flow_dst_tot_l4_payload_len":45330,"midstream":0,"thread_ts_usec":1759689931707839,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"172.67.42.21","src_port":19191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Boosteroid","proto_id":"91.108","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"cloud.boosteroid.com"}} +01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":41,"flow_first_seen":1751380979069858,"flow_src_last_pkt_time":1751380991755233,"flow_dst_last_pkt_time":1751380991757758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":11875,"flow_dst_tot_l4_payload_len":21154,"midstream":0,"thread_ts_usec":1759689931707839,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"52.215.125.151","src_port":19127,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Blacknut","proto_id":"91.107","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.blacknut.com"}} +00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1751381023798684,"flow_src_last_pkt_time":1751381031959673,"flow_dst_last_pkt_time":1751381031959617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":295,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":595,"midstream":0,"thread_ts_usec":1759689931707839,"l3_proto":"ip4","src_ip":"192.168.43.159","dst_ip":"172.98.56.177","src_port":19180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Rumble","proto_id":"91.446","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1759689931679048,"flow_src_last_pkt_time":1759689931707839,"flow_dst_last_pkt_time":1759689931706520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1897,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":2069,"flow_dst_tot_l4_payload_len":5789,"midstream":0,"thread_ts_usec":1759689931707839,"l3_proto":"ip4","src_ip":"192.168.1.126","dst_ip":"3.124.173.63","src_port":52752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Espn","proto_id":"91.466","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/sites3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":164,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":93323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1759689931707839} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 150/150 +~~ packets captured/processed: 164/164 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 85465 bytes -~~ total detected protocols..: 3 -~~ total active/idle flows...: 3/3 +~~ total layer4 data length..: 93323 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8776624 bytes -~~ total memory freed........: 8776624 bytes -~~ total allocations/frees...: 140742/140742 +~~ total memory allocated....: 9560652 bytes +~~ total memory freed........: 9560652 bytes +~~ total allocations/frees...: 154742/154742 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars -~~ json message max len.......: 2379 chars -~~ json message avg len.......: 1453 chars +~~ json message max len.......: 3111 chars +~~ json message avg len.......: 1819 chars diff --git a/test/results/default/skinny.pcap.out b/test/results/default/skinny.pcap.out index 91eb81b26..541c45819 100644 --- a/test/results/default/skinny.pcap.out +++ b/test/results/default/skinny.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1317801130501299} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1317801130501299} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801130501299,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1317801130501299,"pkt":"ABTy5fxCAB56JnR1CABFYABAE3YAAEAGYUrAqMM6wKjBDMD3B9A1u8s7p8yxgFAYIAAcEAAAEAAAABQAAAAmAAAAAQAAAAAAAAAAAAAA"} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801130501299,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -58,7 +58,7 @@ 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1317801134383882,"flow_src_last_pkt_time":1317801134663930,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322539,"flow_src_last_pkt_time":1317801134662589,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134649425,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2752,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":200,"packets-processed":196,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1317801134668514} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":200,"packets-processed":196,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1317801134668514} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 200/196 ~~ skipped flows.............: 0 @@ -67,9 +67,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8665002 bytes -~~ total memory freed........: 8665002 bytes -~~ total allocations/frees...: 140790/140790 +~~ total memory allocated....: 9429568 bytes +~~ total memory freed........: 9429568 bytes +~~ total allocations/frees...: 154756/154756 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 2175 chars diff --git a/test/results/default/skype-conference-call.pcap.out b/test/results/default/skype-conference-call.pcap.out index d7ead8222..1d1ace035 100644 --- a/test/results/default/skype-conference-call.pcap.out +++ b/test/results/default/skype-conference-call.pcap.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1501061916646303} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1501061916646303} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916646303,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="} 01025{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -9,7 +9,7 @@ 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1501061916690803,"flow_dst_last_pkt_time":1501061916708296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916708296,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTgAAG4RtBVoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916821040,"flow_dst_last_pkt_time":1501061916812989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":6417,"flow_dst_tot_l4_payload_len":1824,"midstream":0,"thread_ts_usec":1501061916821040,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":11013.6,"max":100094,"stddev":22446.4,"var":503839616.0,"ent":3.0,"data": [7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718]},"pktlen": {"min":63,"avg":285.5,"max":943,"stddev":317.0,"var":100457.8,"ent":4.3,"data": [132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121]},"bins": {"c_to_s": [0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0],"entropies": [5.475533962,5.430079460,5.716311932,5.616310120,5.445230961,5.668762684,5.554492950,6.549376011,6.536014080,6.412748814,6.806855679,5.203801155,6.467489243,6.520809174,6.645484924,6.590196609,6.458263397,6.501328468,6.432456017,6.550292969,6.547129631,6.477230072,5.552665234,5.568275928,7.755900860,7.787482262,7.793358326,7.793142319,7.798308849,7.784828663,6.622673988,6.318281174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":133,"flow_dst_packets_processed":67,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061918126158,"flow_dst_last_pkt_time":1501061918151791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":915,"flow_src_tot_l4_payload_len":19259,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1501061918151791,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":200,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1501061918151791} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":200,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1501061918151791} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 200/200 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650614 bytes -~~ total memory freed........: 8650614 bytes -~~ total allocations/frees...: 140732/140732 +~~ total memory allocated....: 9414988 bytes +~~ total memory freed........: 9414988 bytes +~~ total allocations/frees...: 154698/154698 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 603 chars ~~ json message max len.......: 2191 chars diff --git a/test/results/default/smb_deletefile.pcap.out b/test/results/default/smb_deletefile.pcap.out index 575d8def4..8917c827d 100644 --- a/test/results/default/smb_deletefile.pcap.out +++ b/test/results/default/smb_deletefile.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1584368315417275} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1584368315417275} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":380,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":380,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1584368315417275,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_usec":1584368315417275,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="} 00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":380,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":380,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1584368315417275,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":""}} @@ -9,7 +9,7 @@ 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1584368317575781,"flow_dst_last_pkt_time":1584368317576871,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":522,"pkt_l4_len":488,"thread_ts_usec":1584368317576871,"pkt":"KDc3AG3I2MuK4S0uCABFAAH8OLFAAIAGO8nAqAG7wKgBdgG93hDyQzQX6KAIKlAYEAdr9gAAAAAB0P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJ8PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAHF8fnEN3tQBwjwds5371QFsgQlGF1nVAZpBFPwbWdUBABAAAAAAAAAAEAAAAAAAABEAAAAAAAAAEwQAAAoAAADNAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAAC4AAAAoA8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASABwAAAAAAAAAAAAAABsgQlGF1nVAaWmw1ic+9UBpabDWJz71QGlpsNYnPvVAQAAAAAAAAAAAAAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5UGAAAABQBMAHUAYwBhAP5TTUJAAAEAAAAAAAYAAwAFAAAAAAAAAKEPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368317627960,"flow_dst_last_pkt_time":1584368317628867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":412,"flow_dst_max_l4_payload_len":500,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":3826,"midstream":1,"thread_ts_usec":1584368317628867,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":20,"avg":142654.1,"max":2158424,"stddev":529256.2,"var":280112168960.0,"ent":1.2,"data": [1172,1225,2157281,2158424,1159,87,1253,1160,7461,9355,1883,124,103,75,20,492,151,550,5618,5637,4741,5866,1131,107,1245,1127,130,997,857,25951,26895]},"pktlen": {"min":40,"avg":252.6,"max":540,"stddev":190.9,"var":36432.9,"ent":4.5,"data": [420,540,40,364,508,40,380,524,40,452,166,40,540,40,144,140,46,144,40,116,40,380,524,40,420,396,40,284,356,40,388,452]},"bins": {"c_to_s": [10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [3.069277287,3.365245581,4.461769104,2.731584549,2.957580328,4.511769295,2.886561632,3.152696133,4.511769295,2.994292021,3.490118504,4.511769295,2.920198441,4.511769295,3.495491743,3.175110340,4.402616024,3.673908472,4.461769104,3.397419930,4.511769295,2.886561632,3.164842129,4.511769295,3.078800917,2.788191795,4.461769104,2.814971924,2.968542337,4.511769295,2.599048853,2.976962328]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":39,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368317802053,"flow_dst_last_pkt_time":1584368317801987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":476,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":11034,"flow_dst_tot_l4_payload_len":14218,"midstream":1,"thread_ts_usec":1584368317802053,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":101,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1584368317802053} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":101,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1584368317802053} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 101/101 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647771 bytes -~~ total memory freed........: 8647771 bytes -~~ total allocations/frees...: 140634/140634 +~~ total memory allocated....: 9412145 bytes +~~ total memory freed........: 9412145 bytes +~~ total allocations/frees...: 154600/154600 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 2190 chars diff --git a/test/results/default/smb_frags.pcap.out b/test/results/default/smb_frags.pcap.out index 15ecdb8e9..3d095a92d 100644 --- a/test/results/default/smb_frags.pcap.out +++ b/test/results/default/smb_frags.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623514369772545} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623514369772545} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623514369772545,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369772545,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPJdVQAA+BrVNCsrTfQrKBwjTaAG9gKLxEgAAAACgAv\/\/GS4AAAIEIwABAwMGBAIICs5HDEsAAAAA"} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369868191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369868191,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPE51QAB8BsAtCsoHCArK030BvdNoZ4rlhYCi8ROgEiAAlmYAAAIEBWQBAwMIBAIICowopxfORwxL"} @@ -8,7 +8,7 @@ 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1438,"pkt_l4_len":1400,"thread_ts_usec":1623514370258205,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAFjJdYQAA+Bq\/6CsrTfQrKBwjTaAG9gKLxRmeK5leAEAgZ6PkAAAEBCArORw4xjCiopgAABjz\/U01CcwAAAAAYBdgAAAAAAAAAAAAAAAAAAAEAAAABAAz\/AAAABEEyAAEAAAAAAK8FAAAAAP\/SAIABBmCCBasGggAGKwYBBQUCoIIFnTCCBZmgggARMIIADQaCAAkqhkiG9xIBAgKiggWABIIFfGCCBXgGCSqGSIb3EgECAgEAboIFZzCCBWOgAwIBBaEDAgEOogcDBQAgAAAAo4IEcmGCBG4wggRqoAMCAQWhFBsSQ0lWSUxQRU5TSU9OLkxPQ0FMoi0wK6ADAgEDoSQwIhsEY2lmcxsaaHFkYy0wMi5jaXZpbHBlbnNpb24ubG9jYWyjggQcMIIEGKADAgESoQMCASCiggQKBIIEBmtnVxcxBmkz4ZUsh+F3XvsymQ5mvu2LX+7W56rZEvZ1qmgF5eVUK11Yc3PdU24ZptZsf6GIgZZft7fDTc9iDA3FbzTWHDPjEHl6G+GfrKQ\/U66sLyoe01eLCDNDlzdYPbQNI5B+D7epgO3OqLoFCxgQnXg89dHq7kxLRlfyZ75yHYmd3cly0qeBA8TtEpLELIy5RDwh88Bbqx9lJkPNQiMt24H0yao67pgfp9aEdZ4Emm7xmyPRkPeqZWtM0bkNvn+WavQvx80wJ6ZQyFIXkOPKpVcd2AB5qVKkumKBLzfPVIv+5LsBnADCgXZoEckKZht4ry7NolrE+0HKHhPwkaoxc8bqcUuiYOluxmO4DjfSfFQueOoelGhXJ6pEhCQozBPoeArsog\/CMnvfwyGHeu2So9navfrEV7TGs9oPppW3oNCUuXo36cbimBLvIiY+Pgl\/ynJhxwXsO0RkVS9r\/PsoEMTLWDn3S3vAe\/TBqkOtoyPQJWg1FVpj7frmvNArPBFi14wVJfxtnd\/+3wtnQozSQyeZaiwe0Uki1A7mEEoQtV7AOgPYFp8ri4dHhClZYELTbpijGa0Jwtj6x6ZJsOiFg2SsOWyGploNv1wUt9FpkKTtjSnMILP9mkkt0GsDX19lwQbnfeVgl0kxeaZBDtMtasDDJW8MObctlpQH6UeIoFh4zd\/+AvklrnI66FLbyQfjFSQzmIzIW3ydE4bjVtwWmU1a9nvT5VzFxoGr9N75Jd1QR+seVejR1FQ5L+uOs9WAbzPwvooNtGJ9P10oltq2AAtLxvL22QGd7qWFsKNlILCcAk48pdh4wUcKf+EMjG6Xonr4DPvLkEyb43oHO1NuXf6G+7ier+62p0AeSbzutesdffNAKWx8nx125SeKQpNnBXnpDRdJnIJIcuLAdAebbsP88MDOzOSgr6S6eirG1TuF29PveiUZjxoiDLHdsyainMdtGrd0\/Ydkl2AhTK3O7gYsi1PPi2xvUVmDCWCipGeZ\/HFXUKBq15ucDAkq0dcppKqtynTA4t8XrmdpQTW\/R3zKQXp4YteUcutVoA63U60MWJlP325IMdQpih2Uk59JH5Dnux3Rd568y7AglM4Wn\/qV3HT6TOIU2RCepqW+t\/HKqI4PXOnM+5Qj2R2MJ25pMdBIvMiBfAjqOHwQwwec\/8syUlp9kgV4g09X0ubW+5o5iaoEB4ngqDTvZXkAfrGm9\/PFvCCGKK5LcZsH76QYjCwvtb7o+MxSnlo+MKjMgwdfysFP0RY4mM0xlHSbO4qyXFBgLhHZiagn1nbfnXKd28YECfDeWdHC\/Ig4+JxagNp\/3VNKyRkP6A4EbfQ3batKWXNlXzxKQjFl\/HI4d1Rq1dIh9CGkgdcwgdSgAwIBEqKBzASByVkzbk+ekX38PCwMB3OZSxR7r8vyZItGdtHn7\/EFdfCld4D4NfFt4ny5\/YJLf0FZrLolqw=="} 01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":1419,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1623514370258205,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"","domainame":""}} 01338{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370351676,"flow_dst_last_pkt_time":1623514370345783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":536,"midstream":0,"thread_ts_usec":1623514370351676,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623514370351676} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623514370351676} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647180 bytes -~~ total memory freed........: 8647180 bytes -~~ total allocations/frees...: 140545/140545 +~~ total memory allocated....: 9411554 bytes +~~ total memory freed........: 9411554 bytes +~~ total allocations/frees...: 154511/154511 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2423 chars diff --git a/test/results/default/smbv1.pcap.out b/test/results/default/smbv1.pcap.out index 8187fb6d9..1cf5e8e47 100644 --- a/test/results/default/smbv1.pcap.out +++ b/test/results/default/smbv1.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492191036092974} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492191036092974} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492191036092974,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036092974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492191036092974,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036092974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1492191036092974,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036120420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1492191036120420,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"} @@ -8,7 +8,7 @@ 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1492191036120691,"flow_dst_last_pkt_time":1492191036154924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1492191036154924,"pkt":"AAwpAu9qAFBW6AqxCABFAADlcSMAAIAGdOoKgADzrBCcggG9xu+bfBqQ0ttpeFAY+vD0\/QAAAAAAuf9TTUJzAAAAAJgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAAA\/8AuQAAAJAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANwA2ADAAMQAgAFMAZQByAHYAaQBjAGUAIABQAGEAYwBrACAAMQAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANgAuADEAAABXAE8AUgBLAEcAUgBPAFUAUAAA"} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1492191036157874,"flow_dst_last_pkt_time":1492191036154924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1492191036157874,"pkt":"AFBW6AqxAAwpAu9qCABFAACGF9QAAIAGzpisEJyCCoAA88bvAb3S22l4m3wbTVAY+b51+wAAAAAAWv9TTUJ1AAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAABP8AWgAIAAEALwAAXABcADEAMAAuADEAMgA4AC4AMAAuADIANAAzAFwASQBQAEMAJAAAAD8\/Pz8\/AA=="} 01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1492191036092974,"flow_src_last_pkt_time":1492191036191677,"flow_dst_last_pkt_time":1492191036191436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1492191036191677,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1492191036191677} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1492191036191677} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647098 bytes -~~ total memory freed........: 8647098 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9411472 bytes +~~ total memory freed........: 9411472 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1326 chars diff --git a/test/results/default/smpp_in_general.pcap.out b/test/results/default/smpp_in_general.pcap.out index be97db47c..fda870fdb 100644 --- a/test/results/default/smpp_in_general.pcap.out +++ b/test/results/default/smpp_in_general.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1217149853878966} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1217149853878966} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853878966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1217149853878966,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853878966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1217149853878966,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853879393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1217149853879393,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"} @@ -8,7 +8,7 @@ 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149853879690,"flow_dst_last_pkt_time":1217149853879393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1217149853879690,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","proto_id":"207","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1217149853879690,"flow_dst_last_pkt_time":1217149853886293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1217149853886293,"pkt":"ABbU5r3hAAKlxo7UCABFAAA9My4AADwGoR0K4so1CuLKdiMoBuqoDP5B5r37o1AY8AA72wAAAAAAFYAAAAIAAAAAAAAAAVNNU0MA"} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149884833956,"flow_dst_last_pkt_time":1217149884833947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1217149884833956,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","proto_id":"207","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1217149884833956} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1217149884833956} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647380 bytes -~~ total memory freed........: 8647380 bytes -~~ total allocations/frees...: 140551/140551 +~~ total memory allocated....: 9411754 bytes +~~ total memory freed........: 9411754 bytes +~~ total allocations/frees...: 154517/154517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/smtp-starttls.pcap.out b/test/results/default/smtp-starttls.pcap.out index 644742973..b486eb393 100644 --- a/test/results/default/smtp-starttls.pcap.out +++ b/test/results/default/smtp-starttls.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1388017124762850} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1388017124762850} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124762850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388017124762850,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124762850,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1388017124762850,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124774018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1388017124774018,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="} @@ -12,7 +12,7 @@ 01186{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124864532,"flow_dst_last_pkt_time":1388017124876575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":1653,"midstream":0,"thread_ts_usec":1388017124876575,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} 01186{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124876854,"flow_dst_last_pkt_time":1388017124876863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":3924,"midstream":0,"thread_ts_usec":1388017124876863,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} 02433{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125217215,"flow_dst_last_pkt_time":1388017125228642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1388017125228642,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":29682.5,"max":156957,"stddev":34710.8,"var":1204840832.0,"ent":4.2,"data": [11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080]},"pktlen": {"min":52,"avg":240.3,"max":1470,"stddev":368.1,"var":135468.5,"ent":4.0,"data": [60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133]},"bins": {"c_to_s": [9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1],"entropies": [4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1524746968365832} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1524746968365832} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1524746968365832,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968365832,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAAAgBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS8AAAAAIACIAC67wAAAgQFoAEDAwIBAQQC"} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968366576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968366576,"pkt":"AAwpwTTctAwlBY4TgQAAfYbdYApHlwAgBj8gAwDeIBYBIAAAAAAKCABTIAMA3iAWASX8NoMXTobLcgAZHYpcyZ8kWgX0vYAScIBuawAAAgQFoAEBBAIBAwMH"} @@ -25,7 +25,7 @@ 02551{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968661622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968662121,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19099.3,"max":202908,"stddev":48707.1,"var":2372380928.0,"ent":2.8,"data": [744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736]},"pktlen": {"min":60,"avg":180.5,"max":1200,"stddev":257.1,"var":66086.8,"ent":4.2,"data": [72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60]},"bins": {"c_to_s": [7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0],"entropies": [4.281427383,4.959185600,4.579100609,5.619654655,5.411477089,4.829739571,5.596319675,4.894675732,5.166758537,5.366472721,7.601028442,6.201757908,5.921764851,7.156020164,6.896310806,4.658349514,6.097513199,5.672229767,5.596776009,5.715824604,5.162304878,6.073466778,4.799921513,7.803120613,4.833254814,6.058705330,5.062202930,5.764057636,4.995513916,4.579101086,5.463903904,4.446732044]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} 01246{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":19,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125228821,"flow_dst_last_pkt_time":1388017125239930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mx.google.com"}} 01399{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968663137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968663137,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"dovecot.weberlab.de"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":69,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1524746968663137} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":69,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1524746968663137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 69/69 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8671664 bytes -~~ total memory freed........: 8671664 bytes -~~ total allocations/frees...: 140649/140649 +~~ total memory allocated....: 9436136 bytes +~~ total memory freed........: 9436136 bytes +~~ total allocations/frees...: 154617/154617 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2556 chars diff --git a/test/results/default/smtp.pcap.out b/test/results/default/smtp.pcap.out index 94aba4bd0..40c589248 100644 --- a/test/results/default/smtp.pcap.out +++ b/test/results/default/smtp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":934028408568957} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":934028408568957} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408568957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":934028408568957,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408568957,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":934028408568957,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408569273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":934028408569273,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"} @@ -9,7 +9,7 @@ 01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408647164,"flow_dst_last_pkt_time":934028408647434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":934028408647434,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"pigeon.eyrie.af.mil","domainame":"pigeon.eyrie.af.mil","smtp": {"user":"","password":"","auth_failed":0}}} 02290{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408659170,"flow_dst_last_pkt_time":934028408659389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":469,"flow_dst_tot_l4_payload_len":576,"midstream":0,"thread_ts_usec":934028408659389,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":316,"avg":5827.3,"max":55118,"stddev":11962.2,"var":143094448.0,"ent":3.2,"data": [316,1134,19693,31096,24595,55118,2208,21382,1142,1166,1125,1230,1225,1086,1083,1063,1064,1068,1066,1077,1106,1085,1057,1068,1067,1048,1046,1060,1062,1055,1054]},"pktlen": {"min":46,"avg":73.6,"max":124,"stddev":15.2,"var":230.1,"ent":5.0,"data": [46,46,46,124,46,62,46,66,62,84,76,83,79,78,79,78,80,79,79,78,79,78,80,79,78,77,77,76,80,79,78,77]},"bins": {"c_to_s": [5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.217956066,4.965921402,4.414441109,5.606353760,4.414441109,5.401541233,4.398030758,5.373719692,5.366997719,5.482748032,5.540370464,5.525596142,5.518477440,5.566954136,5.471196175,5.560668945,5.565314293,5.578667164,5.537589550,5.586310863,5.547144890,5.611951351,5.485757828,5.482342720,5.493423939,5.506668091,5.516471386,5.546820641,5.505877972,5.562905312,5.524069786,5.501934052]},"ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"pigeon.eyrie.af.mil"}} 01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":44,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408801393,"flow_dst_last_pkt_time":934028408801610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":16527,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":934028408801610,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"pigeon.eyrie.af.mil"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":95,"packets-processed":95,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":934028408801610} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":95,"packets-processed":95,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":934028408801610} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649683 bytes -~~ total memory freed........: 8649683 bytes -~~ total allocations/frees...: 140630/140630 +~~ total memory allocated....: 9414057 bytes +~~ total memory freed........: 9414057 bytes +~~ total allocations/frees...: 154596/154596 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2295 chars diff --git a/test/results/default/smtps.pcapng.out b/test/results/default/smtps.pcapng.out index ea69862b2..e59a2428e 100644 --- a/test/results/default/smtps.pcapng.out +++ b/test/results/default/smtps.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938504972279} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938504972279} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938504972279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938504972279,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938504972279,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938504972279,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0\/aNAAEAGZc0+KyRjFUFfhJMyAdF0clasAAAAAIACFrAhIQAAAgQFhAEBBAIBAwMC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938505205257,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938505205257,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0AABAAC4GdXEVQV+EPiskYwHRkzJiRoeidHJWrYASchDbkQAAAgQFtAEBBAIBAwMH"} @@ -7,7 +7,7 @@ 01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505205257,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938505342085,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1614938505439757,"pkt":"AAAAAAAAAAEA\/khbCABFAADb8dpAAC4Ggu8VQV+EPiskYwHRkzJiRoejdHJWrVAYAOXjtAAAMjIwLWdhdG9yNDIyMy5ob3N0Z2F0b3IuY29tIEVTTVRQIEV4aW0gNC45MyAjMiBGcmksIDA1IE1hciAyMDIxIDA0OjAxOjQ1IC0wNjAwDQoyMjAtV2UgZG8gbm90IGF1dGhvcml6ZSB0aGUgdXNlIG9mIHRoaXMgc3lzdGVtIHRvIHRyYW5zcG9ydCB1bnNvbGljaXRlZCwNCjIyMCBhbmQvb3IgYnVsayBlLW1haWwuDQo="} 01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1614938505439757,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614938505439757} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614938505439757} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649119 bytes -~~ total memory freed........: 8649119 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9413493 bytes +~~ total memory freed........: 9413493 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 1227 chars diff --git a/test/results/default/snapchat.pcap.out b/test/results/default/snapchat.pcap.out index 984323c5e..5fd5af329 100644 --- a/test/results/default/snapchat.pcap.out +++ b/test/results/default/snapchat.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1431417993318652} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1431417993318652} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993318652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431417993318652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993318652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431417993318652,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993319843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431417993319843,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"} @@ -27,7 +27,7 @@ 01202{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417995589216,"flow_dst_last_pkt_time":1431417995588971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":238,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":375,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008701836,"flow_dst_last_pkt_time":1431418008651172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1431418008133607,"flow_src_last_pkt_time":1431418008853156,"flow_dst_last_pkt_time":1431418008802736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1069,"flow_src_tot_l4_payload_len":1784,"flow_dst_tot_l4_payload_len":1221,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":56,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1431418008853156} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":56,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1431418008853156} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 56/56 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8663687 bytes -~~ total memory freed........: 8663687 bytes -~~ total allocations/frees...: 140623/140623 +~~ total memory allocated....: 9428125 bytes +~~ total memory freed........: 9428125 bytes +~~ total allocations/frees...: 154589/154589 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 1400 chars diff --git a/test/results/default/snapchat_call.pcapng.out b/test/results/default/snapchat_call.pcapng.out index 02369d3ba..b47fe7688 100644 --- a/test/results/default/snapchat_call.pcapng.out +++ b/test/results/default/snapchat_call.pcapng.out @@ -1,16 +1,16 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595865799020160} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595865799020160} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799020160,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q046"}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q046"}}} 02357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799037006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799037006,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60BAACUR+rISuIqOwKgMqQG7pGMFThqhw1EwNDYFw4BG53qjBuoAAAABHHnqt4ztMz51vP6XgAFSRUoABwAAAFNUSwA5AAAAU05PAG0AAABQUk9GtAAAAFNDRkc7AQAAUlJFSj8BAABTVFRMRwEAAENSVP9OBwAAbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4jBFAiB3SpfbIfQpyAe+ZsA1KXWbSYFVXmlAhM9hKVIcNwAFzwIhAKINNKjm9Y0DRmywB4GeockL0Y3PJJ2PTHmxvqAl6rucU0NGRwYAAABBRUFECAAAAFNDSUQYAAAAUFVCUzsAAABLRVhTPwAAAE9CSVRHAAAARVhQWU8AAABBRVNHQ0MyMAO\/Pud+GiRqUM930xoSwNMgAAAzgoMwBXTcjfX\/uLgWESbe\/GDn3+Z5Wy5eude5hIrxK0MyNTUy3iwBeDJ0hdzKD01zAQAADAAAAHLO80MAAAAAAQEA6ggAAHi7IlF+sTNiZQCWXKx6Bk0smxcAyyAmJgFO2z2LJtgwHuFZfF6JuflcqgEXGwewWDpny8LMbOCDWiSJGghD0i2PS2Z6Jqg4ACVbQzWg\/8FJRBYu7OrsjFmUAwsFIwNgXkJkLSMjUNYyNAJzDVJQbYOmUQ5hLmdg+knLL8rLTIQ5gV2YJzgxryRRwTc\/Dxh4hkIGAhCXcQbnJRZAMhNUKTMPj5YeMFhzMstS9TLzDSKBwuxgHzIxQr3KzMjO7MTA0igTPiXBhk\/onni666rTEwW2GV7P0HIt5RAIXKgqHG0lyz+LaQ37Sb9X68wmMzzfpJMbI+6\/war2EINr2z3pHSav6hc3MccaNDFHokTO4rnP5H\/esvQ\/kPdi4umpS28ZPuKaj1RHBL7\/ujNAPVOn37WS752O83bRN1k7DJRB0oIsMgZSTShub+JC8gdKYcjeQKjszISUlUkGCQZ6C3QWaLVpIMpKY72UTKR8UVycnKibmpysm24IrtEw1JvgV+8DKQhdDZyBxSOkYfA3h5ERX\/GLYp5zQLABBxtbeiMPMIEaVCPltXyDXNx5DdkMA1ekvGYJc3kiSLoY1TJYkgWmWEiCRSp3StBqrCbGWjYucEl5rZKJhYmliTEXiDMZ0xnKGNyWhr4u\/TVRwWDros7ML59rBXUcS\/b99dzRuvrTn4J\/ue4MDIyF97xNnBgYWJgZ3A1cmRQZZl+WnuB1dsnif3fPXLu66NVPttQQNgnXFyeSpjbviVMPvsSkkKnJ8SbX7sSrj30mcX6\/VAWXm72+rLYpIjtI\/4Pe2rlv1IH2Krm6skeGqoRNs1+o\/\/F7btsDZbXktQe862OPNcfkPeJngtqrDrdXwUB1507jl12PbQL\/ybLt+9VWcsd2\/4OdQYxPekSfzHnGdBnksoD\/k8V3L9Lbv0bDO\/WlV93k58q8IeJ7Shd\/k5gaMNlDhaGUIXDxhq9\/GSvnhOXuMK\/o51lSdUZa\/fT3eR1Os3j\/XelmfQq11x5sr5uBC5NC2tpbFwyfLJZe8nnhYvF5pYurJx\/i93xZwbWvt+mx29md\/5kUgrJ0vgl\/6lq870XJzFvZL9lvZZeX8D\/9s4v3bXp609M\/CshlE3Mmg0EakyHDDbOtMsq6skVXu5mVPu76eNXwNe+pKj\/OfovXBece+Cifdpz8TnOjJcPFhjtTSzUqxSSAWrZv6p0iOl+y6nXK3m9XXNa84pm1qPWQefDM"} 02331{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799037074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799037074,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60FAACUR+rESuIqOwKgMqQG7pGMFTlWjw1EwNDYFw4BG53qjBuoAAAACYTy54mZ50XnS5MjxpAEFJgJoF8maXr+sg1zn\/py4s01uT+X8o3fm32Z\/27aBGVRqMq8xaGKaAi01uU5r7HKLe2rJUVZS8PnsMSHkxhwPsDGXSFTBCa1buYUF0POAoYKBHKRMFYfrgNSNCkH5+SWw9rKxgbGBBbT4BJamyFwql91lwAIWXmqyajeyMCgxJzGwPOJwelV+Q+XeAp2UJcLnHOYoF61k4uIzt1c029EbLPLt6sSp3p+nMfUWyh25cXr5\/Lj3C57VR00SnBac\/\/rAaft1f6Pt3VWez2LXm7Zvhf7ucIn1hUv2VljJvYi2yU4R1D5jot2zuIlREZjtZA2E4BmRw4ANSDEBW4soJSBjm4EJUkmhYaBGZEnhBCkYrUGNuQWmC4zbDHEWjLAggsQEKCIgzRMDW0iJZwas2ozYWIBMBpIKO0R1gLW2QK5OmO8FmIZd9Nmd9mHxI2npw9M32V4MRUt84P7L8a4Fzt5vSk4eXX1V3sDULG9GWLXHGtbkddWzwlXCz+T\/urc6d87xbbvenHt+qjjl9n0Wcy4Gz83289XWTuxReCHfwaf1O838hMGLS4dUlrt66L5iDPAynCJ8vzf+ltZuT5vEz5Un5qRNkpqm9aXaLGKxjqNAidTltx7bLu3uYnMtNBYwqKqaoXhXZeebOVsnsa9tPnYk60f5M9N9wvzqKZuc9ze\/LA+7zdE+xV3ka7zG+sUZPs39Cd+nNVS2ZpWpzZ3Ko8Dca\/euSiM1JW3JzeZXM0vO5vnWyrzu3XR0vZi034nPoa86LARNZAXX27Ov8M+6VCKor\/WneHv8IVFn1pxrtbeY9irN9r\/8sxwAcED2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02326{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1595865799050574,"flow_dst_last_pkt_time":1595865799037074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799050574,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIpAAEARymnAqAypEriKjqRjAbsFTgAjw1EwNDZQw4BG53qjBuoAAAACKKznrhPUqJ5o7BjwQAIYOgIApAEEAAQAQ0hMTxUAAABQQUQAIwIAAFNUSwBcAgAAU05PAJACAABWRVIAlAIAAENDUwCkAgAATk9OQ8QCAABBRUFEyAIAAFNDSUTYAgAAUERNRNwCAABTTUhM4AIAAElDU0zkAgAATk9OUAQDAABQVUJTJAMAAE1JRFMoAwAAU0NMUywDAABLRVhTMAMAAFhMQ1Q4AwAAQ1NDVDgDAABDQ1JUSAMAAENGQ1dMAwAAU0ZDV1ADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4lEwNDYB6IFgkpIa6H7tgIaiFYKRkQOZdTLeLAF4MnSFOq4wCsGZFGIlTmcj5MNiAOJd\/wxBRVNHA78+534aJGpQz3fTGhLA01g1MDkBAAAAKAAAALCir626Nfdlr16nNUFUTgfR1r6cqrNy6jaIgHxu7sBUVbGuAflhncgG\/tarPbDP8Z0PbFQMXHjUk17jcBtg1V9kAAAAAQAAAEMyNTVQ9M9VwKYsE1D0z1XApiwTWWjAu58dEhUAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1595865799050670,"flow_dst_last_pkt_time":1595865799037074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_usec":1595865799050670,"pkt":"CL6sCxdumt9Y+uvcCABFAAJjAItAAEARzWfAqAypEriKjqRjAbsCT65h01EwNDZQw4BG53qjBuoAAAADhya4qYtt5V0x0ahvjuC9izVEzqKNd9dFg0dMX2kM7C7o65\/lwye0QEqUC\/fCGnlM\/1CMtfUwRQbzGMRImbuULyAzl42+\/yFFWWo+QUuwBatFfFmK4zNTm\/z1uJiJx45q8MwBT1SF49h8D00FJwLEhGuT7lLo38hxyrt1V5gKeN6Yici\/BYXIFDRbsK658sEE\/624H625s4aKxx\/\/iaYlWlw1NYemvZ81+xME4wR5jIWdtJYhoBMPjsjzd8fMlI0iroodQ9egC+VsB1acfUpvzEnydha4p2YSnGCF9FkGgwvrldhD9oOEyLcOj8IOpmDh6FQpmfIFw2Nd9YmWV1bvGPdjTV3ii5rvSBAQeyyc4GueHrrLpMcI7K5nT2bA5kT5Jb4rsXauVMAfSvIN1lWQGw2MaYoXdHWOIG9cbnVekJxe4MHacCqdA8LlfAl2pvwfeJr31UBoFfROcR5Wz9HeaGVQMd5IbPaMJh2CqwAdPKy4NjqBvTPwMr323VnfvxK\/vHBkeEfqQhhF4Yhfz\/DZ\/EJiugX4801fCaoDsbad+zTLUqhhfpcRcwnjkv4rmF18bOTeFFfjrqDCHH8kM8e9WD23FJW64Y9cQ95jV\/W9f05cZIJtKFGufGrZx\/n9lODrwnKI59iaqR7wdk8EKFX\/qunAqnHF901nrhXV22WTg54nqMXdoPFE1cRkI83F7fXGCKfTAgNcGKIOPxN8ZzZnxRc4IEYD7BWzsnJSf3+hCIEUT\/wmgg=="} -01132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799615597,"flow_dst_last_pkt_time":1595865799120864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3730,"flow_dst_tot_l4_payload_len":4552,"midstream":0,"thread_ts_usec":1595865799615597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","quic": {"quic_version":"Q046"}}} -02337{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865802042641,"flow_dst_last_pkt_time":1595865802853531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3902,"flow_dst_tot_l4_payload_len":5824,"midstream":0,"thread_ts_usec":1595865802853531,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":221156.5,"max":1447282,"stddev":397282.2,"var":157833134080.0,"ent":3.2,"data": [16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800]},"pktlen": {"min":48,"avg":331.9,"max":1378,"stddev":468.5,"var":219532.9,"ent":3.9,"data": [1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72]},"bins": {"c_to_s": [4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1],"entropies": [2.189238071,7.706800461,4.743436813,3.984874964,7.719462395,5.249389172,7.849965572,5.376628876,7.440353394,5.374054909,5.683540821,5.644934177,5.675237656,5.595766544,6.808179855,6.041157246,5.293295383,5.251628876,5.209962368,5.540976048,7.375632763,7.234831333,7.426898956,7.225734234,5.603883266,5.407986164,5.336557388,5.692057133,5.063577652,5.570461750,5.619208336,5.674763680]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865807298358,"flow_dst_last_pkt_time":1595865807311868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4245,"flow_dst_tot_l4_payload_len":6427,"midstream":0,"thread_ts_usec":1595865807311868,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1595865807311868} +01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799615597,"flow_dst_last_pkt_time":1595865799120864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3730,"flow_dst_tot_l4_payload_len":4552,"midstream":0,"thread_ts_usec":1595865799615597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","quic": {"quic_version":"Q046"}}} +02335{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865802042641,"flow_dst_last_pkt_time":1595865802853531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3902,"flow_dst_tot_l4_payload_len":5824,"midstream":0,"thread_ts_usec":1595865802853531,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":221156.5,"max":1447282,"stddev":397282.2,"var":157833134080.0,"ent":3.2,"data": [16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800]},"pktlen": {"min":48,"avg":331.9,"max":1378,"stddev":468.5,"var":219532.9,"ent":3.9,"data": [1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72]},"bins": {"c_to_s": [4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1],"entropies": [2.189238071,7.706800461,4.743436813,3.984874964,7.719462395,5.249389172,7.849965572,5.376628876,7.440353394,5.374054909,5.683540821,5.644934177,5.675237656,5.595766544,6.808179855,6.041157246,5.293295383,5.251628876,5.209962368,5.540976048,7.375632763,7.234831333,7.426898956,7.225734234,5.603883266,5.407986164,5.336557388,5.692057133,5.063577652,5.570461750,5.619208336,5.674763680]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865807298358,"flow_dst_last_pkt_time":1595865807311868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4245,"flow_dst_tot_l4_payload_len":6427,"midstream":0,"thread_ts_usec":1595865807311868,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1595865807311868} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646338 bytes -~~ total memory freed........: 8646338 bytes -~~ total allocations/frees...: 140584/140584 +~~ total memory allocated....: 9410679 bytes +~~ total memory freed........: 9410679 bytes +~~ total allocations/frees...: 154549/154549 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 2362 chars diff --git a/test/results/default/snapchat_call_v1.pcapng.out b/test/results/default/snapchat_call_v1.pcapng.out index 7941c6aef..910ec6b7f 100644 --- a/test/results/default/snapchat_call_v1.pcapng.out +++ b/test/results/default/snapchat_call_v1.pcapng.out @@ -1,16 +1,16 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642584090467068} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642584090467068} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090467068,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GNAAEARienAqAypIvbnjLmgAbsEuOe0xgAAAAEIhBCu4jQ62egAAESetqOQdYkJpUmUbLd7dCny\/mAX1uVpyJthsRXpRU8VWePV6W9beCrSrw4bfN95OOqcQUuDSKA2fVL0D5kDJ\/asNmiUDm2dTxwoLy5LKegbuvpOEgXdXJGz6Gk+MnVuMvTucZRlP+kU8Z0hZYkJrEueNZLXvMiZw+w\/3JMAscB+SXgxqObQ7yqheFwPcswCbW4HViy9+ZaTJc+BYhkJ055qYehc\/zFI0KCoMBJhsKt2St7\/X\/sFqgI4XAc07X8JocrJhc\/vYXREaOwS1grTxRlgBfafpoYoos9uZIUmAfZUhVF+lLWk3CqNkdJgUXPdulhipVVYaytwLHOIKcNR+3k5D+\/5ip9PadVan\/IjuHWRUPMyGV6b3kpvu4ZcMqB6rJq4vpE73h2pGF0y4EfGtr2FNVuu\/KuZJ3dp3JvEjR\/jeOHRA42IPdKCIbXpvaPGXS28mVqFTiEIIj88lm4BOyrmXPIPMtTECpPWXYf1XbpuuCUtRrtjD6xtUwvOdF9\/49wZuztXpaWoqNcQwFnDBkZcK4JaXOC2goCGnfAWoYp5AJBHldfKbfHbk4OnTcNEk1Fc\/jmV0Dwf0S3IJ8\/MjTctjPx\/KD5qo0FuvyoLHkOQ909\/s0dlEKb3vF9qIuNXDktsuA8b\/CMA\/PICfvKu+us2XV4zg9UBqIz\/wYrRHey95hrlR2Gz9syR8cUSxAjGBEfwfSBTo+DQ4ZP4AipF\/o\/3HAEIDbIYHCtLdSkqDEGjYxeZ2YRMTfV9dex7lm1iCVcGCqNklEhG2Mmj0J3t83ZH4j+nee6OiFL89sraDjJa3wwZ8+3ZqrljAmdHSfpk4LOQDpcbbltBW5wDrl76HafLd6injkxl9HTuPqNi4WWIeQ02C4UykD3hQffn63eGYR\/x9OLvJ+YUn8A32KaYS9sQwjTZBg0J9pe+BK1hOaXgA2xiCU1YHz8WM5n0aNeT9iBNNuHuzHlzpHLfqgYDp9JcuPKHRPRujBhigh48qLYtBSwjrSf2d0jQlkgTDYM\/o8BMBgAnLPxb3W0\/3RRiGRSDSgbzQdMEpQxmRiPSdiwP+EH8+IyeRPWFFfm4uiJoQUwnY5uFAZvnFcuw+f1iwJTbp3HCxFFmpBTc\/xIvkWFx3AeN63YiZu66yn2nCpER2XafvDOLi1ZIBu6TajSC28+WMrnkUqKFx1b3gCNvogeYcsVVy7HrZv3I4oy46NRbHrQPi\/GptSdY\/S22zjlh4dpGHbjNttrFqXg645yNyJLRKndem5QJ1LpM4OCevsgIJIjTdrinLDDbDze8ywEiM5GtX3Hhdo6Ac0xvMkmw9sPMaE3r1UeGIp5+NEQ0sWutpw9ro\/rlPmKqQLBnXWwkeDL1D1SG9R39++9bQ\/PgYXx5eDDg3XSqp1bmEfBjCvyTuN97k\/U7r2ALo84ZR2EmlZemvZ3C+jFclmBJEJgBqLhouZp5kCgMVAEd5F5py9kLD1XMjkSEOrXxTq8EZ17YEC3TbzqAvAERJ52Q\/z+r7cjUfqDXPbUa8sDfuVcAF5mcmS7HgRUgcPp\/HmAfl74+cll\/xMfoNZDYD1gRHGC8lt7l"} -01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"str1-euwest1-34-246-231-140.addlive.io","domainame":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_08189d42dc81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"str1-euwest1-34-246-231-140.addlive.io","domainame":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_08189d42dc81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090510899,"pkt":"mt9Y+uvcCL6sCxduCABFAATMACtAACsRcyIi9ueMwKgMqQG7uaAEuIDvzgAAAAEACIQQruI0OtnoAEB0QD824LrLAyxFBv1fqC0vaUKEAPqXWhnEZkjfTAB\/njOtOw2ulcbmFIEugSJafyUehXXTD3itxf7ksLUq9y\/k3UQN6H0MWJJfU39bTLcLNZtRgCmzLh\/pdC+zrpjsjqE+DlwKWQj6ZxmWOATbtX5yapzh\/zLvAAAAAQAIhBCu4jQ62ehEGRgqb0lDHv2OzRv9SYMh++M74n\/5C6L81Y+NbqIA9wYxgdpUtSrpq30E8MtuyEa1BH4peOzFirFPBl3rWJrGSHKnrfhVIC+f74RkClApg0X6KrTmEQthpSukiFMtP+gmZ3vezghCdkGYaRbeff1ArdW\/idTFFtL6+Ybod4h9ZLheGlfqXbzlFncRv2O4JSFT4xwVInmvI+2OdCXpJ7mOCzyaHFWPEVM4O9G0qQ\/PCSTEGb+ie9L9Y3j4npfXpYlb\/iKV\/+TVa0bXxNltC72TO8M\/fXMHxLxD5BAtV7iS9wp+L5ktQDVhS5fTXmD2Bb6L6tmUlhdicMfEmv5cz43FS0Qeqb7Rj+y3qhWxhS3VX82JHgiD6fZ2h9mlpL731QifUS3g0SdRRwg1JqnrDFxd5zm9GKu\/W+k\/pkAX4dlueS87EYy1O6YGhluke4E3O7WB6qTdh8E1RzCSHtVmA5Tim1tmajYL+sgbjJ\/QlPS8DA23hij9dRCuyOsuNgd8u0XlhrsM\/drrobHl+YJpdSfvZPaJHatKlWeqR1i8gWtCGC2f4NeZvc6\/PIiENQezJRk0X0NcvTjGkol0THr49kxRjrte+rh63Pzl7oh2Yr3YSX6O+jWhOOUanPMASyAapnuTcMkc5Fnoeu9iaLOA70rejlFy\/be9kaaK9Bu3BhXclBx+bar9CtBzeHCgHBZuHAjXO\/0OBQavnaC3mVdtMZziyna79W8Gvr\/htuENoGE0LgBeUx+pgQFztajZzvugufZ4p0vnjbld5enolbbLNXWUx63+TZ63MnV\/dMGR8qEnzRIr1PfiFE\/6cjG6tjPbO2VdyOWae2YWMINhT+N9qcf4H1hp4pDFszQ3lWXDto70MVIjkxju0PeGj92dMPx7MNqJilcDShlGJwsLGmmQSGn+HSl\/mgwJpzWHQpNOo\/LlaLTyqBSY7pxdmX9kN3h8UN4Hd2Hr3Fk0rar\/KvXJ3mVHBaDaCVmcHltt6SahAtc\/ocPI+afleJ+CTQhyn2dj+rcBHfFgNBc73fIN+mOHAAEWC9riYo3FUcM6dZUITQhOeK4Uuqw1LA4YUs1EL7ddtpf7l1\/fuZIVcN3Lc6l59Vm5Th6IPGL\/LPZbppV\/hJBl4pDYlu2qvZ33CJfgCRxwbmj5SOWDeMzZguVTLty80nucVTJUpD3z7ix2quIVwIYifZZYIF+VzC6\/drr8N\/br1f5DsfYeJPRGr\/P49nJiWl39BNFrK0OYQv44JIlRlAt9CGCdR4g0dN3FgfiL4\/lUi8YPSU3cDIZxCdnQkdCIGcAhjfN4gggt7zg9kOnJIzAY8njDa5SRxm8rijaozS5CsNDVLCBZ40nww0LginRe2hYCVIwXbJ1vICjAFnUQldXnI1vBYa\/\/GLFN5BSD"} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090510947,"pkt":"mt9Y+uvcCL6sCxduCABFAATMACxAACsRcyEi9ueMwKgMqQG7uaAEuL937gAAAAEACIQQruI0OtnoRJ8S2CbWB5Aa0NIEXBtQqqcNr3LJSM6luXrG5NB5jmw8BTTb7hBzxN9NXN6dQKMU6M\/xqCcyR4cjD6lSS3pMKiulwTRvlYIwVKrYm+LhqRSNNN9rSSBVey45DhDraPxQlvFusIccmf5pTLSUteoQRBy1cLSEm6nBu4RC7azyB5EL8qSVtz4J4crJKZsjs2lCJk75A3KNytR6nhnlSjUnkVZtt5RLi5uyOfP2DILzBp51r4LGtW0yXDAIdHwvsWXI2hJjcdIIrmWloDxkCwAKZC5EYqgdbkZgTSRifx9y1B1lCrjW28p0er\/SsLQRO63igT0BRcTPDDeO9SrSeefcILOCfEmPAzXPV0myN+1F3OMJ9M7bwSMdmh3Te5QLMWdOoH41yu2FlDOIypWVO9Pv96cTS5Ilj+GV7aLGyHyXi3IZYZEoKKqyhwIna2a6e4MNNKf3EAzpThQGbjqo7698qgbQUq2HL3qjCWS+CRtbfNkK9wg8uCu82wlsfmGGlRR1nmIOZXfFcAZR4x8GrXvDXKntFSIQOZB0U+tJ5PrbDi01e\/aYdqhfMwxXZtyx7KiW+TmbWbPelbmOCIHI0e08tuHB1CLCzz+4upnoCogpOKVLLALGcUjxCAu+pUv61bCHRM7tptNufqfA2xkBjhsI+cJGtnHDBDBMFoijVrmS\/zSO1u4SFIytu33p6ATJUJwcyOqZJTlezz7IqzsJSkrCe1jMss6AdqR9bqpEA0iW9qSanlGm+y0KhhX9IH9mvDfS2wHTL9vXoVLM30efMTCC2eMOc0hF2hJ\/SKhnX9kZ8nM4pLNdOggzvdJ78QbLL3XonQffjLfTUj8pdg\/k07T\/wHaWvnMTATaV8twc5oalBK1G57uIuWEU0BWTbqqh\/d8vW7HoP43MPPQqP8uleQpJ6QzGgNQchwb8GlPL+54hnzRkSAfTWDJ9fJwDnOrjl8eAuB7PaUyjnVOLK1gwmeLc4NDXtW6mSM5Y01gq5urH3wxuN7NP7cNwE1CKjtQFsHdkC0yi+1PWjuoxQQ+goJ7LxkZ0DMB6xsrceuDyQ53d9lKQ5UOtQ4OeGnOdu6vbi1BlMTpaUfbUQDIXwlgsT+DKpO9MEkG\/jS3hCwDx0\/yc0glnOfiK9kAZmEz+hgjHHRBHjnkmdeXNU4+OBDMgHXhepHBoO95qvrx9a7GP\/A2J7r7tse+Y56SOhiM8jHzI9H1U+puIjp83iWJK5CpnEU3nbD80GSM1Sup9eAXtXiCr\/B75wJKor2wn4UOj4Ux2FIHok41GsJFHB5HnorW20r\/l52IrOjHVjIhClksdjbVScYXPR5YirFs2nXT5Dva19DDqRCOwzsDyQEXH1U9vYygdFoXKcAu6wd2fHrGin9eaCK77QGr0XthC1gxPqYnqN3RTsiiUjThCv2IUTFyxqSK1IIKKHi5ZU9T1jkHGZi8dSiiLSTJD3c8mUAUTgUhTJlqsUhDQFp+o\/bCVmR9kyAbQNGBaFAYpXivaz9UsJiT0gzypPGjc+PWwg+YLHNYCZO\/PXld5eNlHXPcL3D8XCr4Hs7EURSi9cIytLJ4GUjbFU5Es"} 01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_usec":1642584090510965,"pkt":"mt9Y+uvcCL6sCxduCABFAAGxAC1AACsRdjsi9ueMwKgMqQG7uaABnQGY6QAAAAEACIQQruI0OtnoQYQYnnnY\/TwH7sisj44tuL3+S79sTC6Ii7C544FpS6RA5K1Gjsz5ONuvxXkzNOLK1cYjM1BZc5en4+alF+S80t4B6oLjeiQw6GIRzLlWrhpcCm1NOSkaA\/Dko4qIqQCni16yxQTaptE0AGFcNNAX0GOfi3XN6s6XzCG8je1LlpGI4thEqvIt2xXW\/SZWNt2Vx\/5\/xFRoRuRR+KCPJu4DsSu6O6ErV0wG+KCg2iwG4IOhINae17UeS3ykPewIVzmk3whB7bdUPJFLAycMOsw8SbTyqEDisfw54GfpPiOpKX+W6oKkLysbm3C16rjWGPHZVKbLFMTvswpdijcDfHnbZYf4Ep1ysQYvni7qm7sEvSLMA24s5MIVcSslKhAapH9jij90YjMTlIz8R5xVW5MggGl0JNueETv24ewnHSBvxe0Pai6GjyV4wsLWk95rG87iLl7hrkng4a+Va8b3OX4VTa5JNyAQz82r6PxxBKFbXxWWmpq85DihpLMv42c22LkBA1V336p6"} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642584090514239,"flow_dst_last_pkt_time":1642584090510965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090514239,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GdAAEARieXAqAypIvbnjLmgAbsEuNIaxwAAAAEIhBCu4jQ62egAAER1VsqkkGCUXUoSghfrHSEv2MjVBQn+ZioJyigAeY0ikBzmb7200Tcvi1hSBAOmhV480\/Q3Cig\/aTvbP+dCfpgUSwwzyRAaWrI+yr7LtA7hieNtNBGEuSSMGWfoH\/jhIeviO+ZkLZpBdKOHigiHov1PtOx7eqf+x1fkl5S0Ta+8YrqYQTOrQ5gbixM44N8cBqxem6ogn6PSloYENciwutVZ8uGPqP5kD87+jC0216PUNN+CNV0Iw85UiWsZNfReg3piVDPNxpLS\/Lq5So0r1ainNJZ30tyNKCH7gkA9CuIBHCA2D2ylb0wjO9HjJvee\/1k+bKFtIBjPAdWCtc\/97hbww9XmC7u84pjPn5UtwvpvXaf29PG3\/k15\/ymEzAoTbb68fA5ffoMapeBbeXpvquTAHlTNIC8pEaoC8+jnjuxKkbkK1CImwgrjpHaCJ7QogmpbGVbWj\/LoXlKNTgt2BkVjRqg5kjNM9rIcTg4E\/YZHHd4V3KvVXKGoTXM9IwoyFPfzesrHOYi1Hjt4f2AwbK4nFM06lFtiAbK+Ncrds5MU3hu+fOjlvapu2nBl2hlTpUwEwNu2OTjTlHXqodNGtfSJqqiYhKK7gghfP3NiPkmpSjYHviqpD66d6Mk7f+deYdAKb+6f\/XsxiTz2thmntL44NWQsEAKWHvWQbuVYItT9gS3oDGRAg\/xsDBVjGmSwH3hzXuNQIBVIKmEM3M7kJBgsBDwVQ+2a5KSUmaPV50LFyFxcxzfRKrreKzRGpNVe4GCu1D4gCeS71HDlqQ+Guu66i2IvHUe26\/3eef1zP+xEjiZ37QsjbcmARgOBFA03gEmFTiW8I73ezpo7Ae6zLyUrtB5D2b6UVkQTmof1nEWlxPtkQqw7rzKidHVgBiXIyA6cg2A9oIJLl6K4+N8fZ+cA\/K2C9XoaOq7axDszYDbWpbzadrIZO0XCIDio+8UlywF3Eh6ohyNKRFGWqt4ZEggeRtd0+dqXiEsZ471e5S5uB\/IzkjqcnucZa3X2fiBogCeL2N\/DBj9QLgNz3zsylLwCj08CFgQSU3mCULZED+eJzRynvoEJ1kGRR3VtKzXfrtRrmq7+djaxxg8AuFxERvP\/mW9VdBiLkd\/BIjuIYXKa+m2vheE2+KRSRWL1QKg+99GKR9b6JY7oucgWkBXG\/3wnLSMKV6p6ZfGuMDrlW0dZtMCirEdHJNgczeVIMRB5nVmfHyH83HYOIZbVxER9EnpsuxOmjRc+\/TqVm8I5ZGJj6Ay0JEsjykwHpfroi6F6Dz1DuLzXkMkl+IrYgQSnma2yYchVZd1jJylMWrw8tlBnca5vCx6PPA\/pYkCH1qBXkKvwn1TFAKFSBGzeDrxDTSrDdjOQc03vBTwF9WxXstbO8dcPEVplg3\/IV1GPORubDjghygFqmDO\/FNUWN34+k2k6vbfiDMK63+w+xqAUDJvonoFixikWEN290hSxoc+3AKJx2tRNT7+iLBUQw5rELbGYoLqE+DHx8VKNtgeaxuD3UDIMOZR3c+UAAAABCIQQruI0OtnoAEAYjLgYZ1DeuJwCT8AWduwfbAEyRKkz6dYI"} -01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091048184,"flow_dst_last_pkt_time":1642584090986004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":3706,"midstream":0,"thread_ts_usec":1642584091048184,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io","domainame":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_08189d42dc81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} -02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091097462,"flow_dst_last_pkt_time":1642584091088958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":10528,"flow_dst_tot_l4_payload_len":3826,"midstream":0,"thread_ts_usec":1642584091097462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":18,"avg":40396.3,"max":284273,"stddev":69954.6,"var":4893651456.0,"ent":3.5,"data": [43831,48,18,47171,5912,7197,49242,50,34720,7943,33195,29741,120469,284273,668,11816,262103,35232,126423,262,9441,12613,6510,7068,102933,21,6234,340,1312,2360,3138]},"pktlen": {"min":53,"avg":476.6,"max":1228,"stddev":428.3,"var":183471.5,"ent":4.4,"data": [1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525]},"bins": {"c_to_s": [0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0],"entropies": [7.846151352,7.818212032,7.842855453,7.458201885,7.834816933,6.378828526,7.731168270,7.464651108,6.216168880,5.760650158,7.392130375,5.557705879,6.136295319,5.508872986,5.957851410,5.707712650,6.936640739,5.357929230,5.395664692,5.928121090,7.845738411,7.830622196,7.823609829,7.678224087,7.645185947,5.669923306,6.181212425,7.564388752,7.568304062,7.613670826,7.625892639,7.577367783]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io"}} -01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":386,"flow_dst_packets_processed":91,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584099996389,"flow_dst_last_pkt_time":1642584099885088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1259,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":337357,"flow_dst_tot_l4_payload_len":7923,"midstream":0,"thread_ts_usec":1642584099996389,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":477,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1642584099996389} +01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091048184,"flow_dst_last_pkt_time":1642584090986004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":3706,"midstream":0,"thread_ts_usec":1642584091048184,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io","domainame":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_08189d42dc81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +02270{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091097462,"flow_dst_last_pkt_time":1642584091088958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":10528,"flow_dst_tot_l4_payload_len":3826,"midstream":0,"thread_ts_usec":1642584091097462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":18,"avg":40396.3,"max":284273,"stddev":69954.6,"var":4893651456.0,"ent":3.5,"data": [43831,48,18,47171,5912,7197,49242,50,34720,7943,33195,29741,120469,284273,668,11816,262103,35232,126423,262,9441,12613,6510,7068,102933,21,6234,340,1312,2360,3138]},"pktlen": {"min":53,"avg":476.6,"max":1228,"stddev":428.3,"var":183471.5,"ent":4.4,"data": [1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525]},"bins": {"c_to_s": [0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0],"entropies": [7.846151352,7.818212032,7.842855453,7.458201885,7.834816933,6.378828526,7.731168270,7.464651108,6.216168880,5.760650158,7.392130375,5.557705879,6.136295319,5.508872986,5.957851410,5.707712650,6.936640739,5.357929230,5.395664692,5.928121090,7.845738411,7.830622196,7.823609829,7.678224087,7.645185947,5.669923306,6.181212425,7.564388752,7.568304062,7.613670826,7.625892639,7.577367783]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io"}} +01063{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":386,"flow_dst_packets_processed":91,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584099996389,"flow_dst_last_pkt_time":1642584099885088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1259,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":337357,"flow_dst_tot_l4_payload_len":7923,"midstream":0,"thread_ts_usec":1642584099996389,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io"}} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":477,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1642584099996389} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 477/477 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668708 bytes -~~ total memory freed........: 8668708 bytes -~~ total allocations/frees...: 141031/141031 +~~ total memory allocated....: 9433082 bytes +~~ total memory freed........: 9433082 bytes +~~ total allocations/frees...: 154997/154997 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 600 chars -~~ json message max len.......: 2277 chars -~~ json message avg len.......: 1430 chars +~~ json message max len.......: 2275 chars +~~ json message avg len.......: 1429 chars diff --git a/test/results/default/snmp.pcap.out b/test/results/default/snmp.pcap.out index 29e0ca316..01f9fb010 100644 --- a/test/results/default/snmp.pcap.out +++ b/test/results/default/snmp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597326815572660} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597326815572660} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326815572660,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1597326815572660,"pkt":"AAAAmdpxAAwpCIFqCABFAABHM75AAEARRUaw0zwrYQBzo6gHAKEAM+IpMCkCAQAEBnB1YmxpY6EcAgRLeBpuAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326815572660,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":0,"primitive":1,"error_status":0}}} @@ -9,9 +9,9 @@ 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1597326815679824,"flow_dst_last_pkt_time":1597326815833131,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1597326815833131,"pkt":"AAwpCIFqAAAAmdpxCABFAABTAAMAAP8R+fRhAHOjsNM8KwChqAcAP3UkMDUCAQAEBnB1YmxpY6IoAgRLeBpvAgEAAgEAMBowGAYIKwYBAgEBBQAEDFIxLmxhYi5sb2NhbA=="} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838035473,"flow_dst_last_pkt_time":1597326838035473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326838035473,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1597326838035473,"flow_dst_last_pkt_time":1597326838035473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1597326838035473,"pkt":"AAAAl9K2AAwpQXJyCABFAABHTItAAEAR8ldBAqLBgkaVuepUAKEAM4b6MCkCAQEEBnB1YmxpY6EcAgRQZ9ZcAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} -00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838035473,"flow_dst_last_pkt_time":1597326838035473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326838035473,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":1,"error_status":0}}} +00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838035473,"flow_dst_last_pkt_time":1597326838035473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326838035473,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":1,"error_status":0}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1597326838035473,"flow_dst_last_pkt_time":1597326838141627,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1597326838141627,"pkt":"AAwpQXJyAAAAl9K2CABFAABVAAQAAP8Rv9CCRpW5QQKiwQCh6lQAQXYnMDcCAQEEBnB1YmxpY6IqAgRQZ9ZcAgEAAgEAMBwwGgYIKwYBAgEBBgAEDkdsb2JvbWFudGljc0hR"} -00989{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838035473,"flow_dst_last_pkt_time":1597326838141627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":57,"midstream":0,"thread_ts_usec":1597326838141627,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":0}}} +00987{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838035473,"flow_dst_last_pkt_time":1597326838141627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":57,"midstream":0,"thread_ts_usec":1597326838141627,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1597326838143720,"flow_dst_last_pkt_time":1597326838141627,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1597326838143720,"pkt":"AAAAl9K2AAwpQXJyCABFAABHTNhAAEAR8gpBAqLBgkaVuepUAKEAM4X7MCkCAQEEBnB1YmxpY6AcAgRQZ9ZdAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1597326838143720,"flow_dst_last_pkt_time":1597326838291092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1597326838291092,"pkt":"AAwpQXJyAAAAl9K2CABFAABTAAUAAP8Rv9GCRpW5QQKiwQCh6lQAPxn1MDUCAQEEBnB1YmxpY6IoAgRQZ9ZdAgEAAgEAMBowGAYIKwYBAgEBBQAEDFIxLmxhYi5sb2NhbA=="} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326858008780,"flow_src_last_pkt_time":1597326858008780,"flow_dst_last_pkt_time":1597326858008780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326858008780,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -23,9 +23,9 @@ 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1597326858140036,"flow_dst_last_pkt_time":1597326858289894,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1597326858289894,"pkt":"AAwpCIFqAAAAmdpxCABFAABcAAcAAP8R+edhAHOjsNM8KwChkWgASO5zMD4CAQAEBnB1YmxpY6IxAgQJUAlaAgEAAgEAMCMwIQYIKwYBAgEBBAAEFW5pY2tAZ2xvYm9tYW50aWNzLmNvbQ=="} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863415554,"flow_dst_last_pkt_time":1597326863415554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326863415554,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1597326863415554,"flow_dst_last_pkt_time":1597326863415554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1597326863415554,"pkt":"AAAAl9K2AAwpQXJyCABFAABHlH1AAEARqmVBAqLBgkaVueRBAKEAM6R0MCkCAQEEBnB1YmxpY6EcAgQesaH7AgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} -00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863415554,"flow_dst_last_pkt_time":1597326863415554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326863415554,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":1,"error_status":0}}} +00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863415554,"flow_dst_last_pkt_time":1597326863415554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326863415554,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":1,"error_status":0}}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1597326863415554,"flow_dst_last_pkt_time":1597326863591445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1597326863591445,"pkt":"AAwpQXJyAAAAl9K2CABFAABTAAgAAP8Rv86CRpW5QQKiwQCh5EEAPzhuMDUCAQEEBnB1YmxpY6IoAgQesaH7AgEAAgEAMBowGAYIKwYBAgEBBQAEDFIxLmxhYi5sb2NhbA=="} -00990{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863415554,"flow_dst_last_pkt_time":1597326863591445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1597326863591445,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":0}}} +00988{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863415554,"flow_dst_last_pkt_time":1597326863591445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1597326863591445,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":0}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1597326863597558,"flow_dst_last_pkt_time":1597326863591445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1597326863597558,"pkt":"AAAAl9K2AAwpQXJyCABFAABHlIBAAEARqmJBAqLBgkaVueRBAKEAM6N1MCkCAQEEBnB1YmxpY6AcAgQesaH8AgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1597326863597558,"flow_dst_last_pkt_time":1597326863776609,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1597326863776609,"pkt":"AAwpQXJyAAAAl9K2CABFAABcAAkAAP8Rv8SCRpW5QQKiwQCh5EEASFzLMD4CAQEEBnB1YmxpY6IxAgQesaH8AgEAAgEAMCMwIQYIKwYBAgEBBAAEFW5pY2tAZ2xvYm9tYW50aWNzLmNvbQ=="} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815679824,"flow_dst_last_pkt_time":1597326815833131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597326863776609,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -43,27 +43,27 @@ 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1597326981298075,"flow_dst_last_pkt_time":1597326981296375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1597326981298075,"pkt":"AAAAuxzeAAwpBeNBCABFAACPyaxAAEARWPkeNo7w+jpwV8zTAKEAezX3MHECAQMwEQIEW6KoIwIDAP\/jBAEEAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIC0QQMTk9BVVRITk9QUklWBAAEADAuBAyAAAAJAwCqu8wAAQAEAKEcAgQMVb4dAgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1597326981298075,"flow_dst_last_pkt_time":1597326981448347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1597326981448347,"pkt":"AAwpBeNBAAAAuxzeCABFAACaAA4AAP8Ro4z6OnBXHjaO8AChzNMAhgO2MHwCAQMwEAIEW6KoIwICBdwEAQACAQMEKTAnBAyAAAAJAwCqu8wAAQACAQwCAgLRBAxOT0FVVEhOT1BSSVYEAAQAMDoEDIAAAAkDAKq7zAABAAQAoigCBAxVvh0CAQACAQAwGjAYBggrBgECAQEFAAQMUjEubGFiLmxvY2Fs"} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1597326981449947,"flow_dst_last_pkt_time":1597326981448347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1597326981449947,"pkt":"AAAAuxzeAAwpBeNBCABFAACPyb9AAEARWOYeNo7w+jpwV8zTAKEAezH4MHECAQMwEQIEW6KoJQIDAP\/jBAEEAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIC0QQMTk9BVVRITk9QUklWBAAEADAuBAyAAAAJAwCqu8wAAQAEAKAcAgQMVb4fAgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} -00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863597558,"flow_dst_last_pkt_time":1597326863776609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838143720,"flow_dst_last_pkt_time":1597326838291092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863597558,"flow_dst_last_pkt_time":1597326863776609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838143720,"flow_dst_last_pkt_time":1597326838291092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326858008780,"flow_src_last_pkt_time":1597326858140036,"flow_dst_last_pkt_time":1597326858289894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815679824,"flow_dst_last_pkt_time":1597326815833131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":29,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":5,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1597327640387630} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":29,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":5,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1597327640387630} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1597327640387630,"pkt":"AAAA82AcAAwpEAFdCABFAABcnENAAEAR56EjX57ZHk\/WJOwYAKEASB50MD4CAQMwEQIEPsyxCwIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBGdAU6sCAQACAQAwAA=="} -00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":3,"primitive":0,"error_status":0}}} +00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":3,"primitive":0,"error_status":0}}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640485257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1597327640485257,"pkt":"AAwpEAFdAAAA82AcCABFAACFAC4AAP8RBI4eT9YkI1+e2QCh7BgAcbQKMGcCAQMwEAIEPsyxCwICBdwEAQACAQMEHTAbBAyAAAAJAwCqu8wAAQACAQwCAgVkBAAEAAQAMDEEDIAAAAkDAKq7zAABAAQAqB8CBGdAU6sCAQACAQAwETAPBgorBgEGAw8BAQQAQQEN"} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1597327640489979,"flow_dst_last_pkt_time":1597327640485257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1597327640489979,"pkt":"AAAA82AcAAwpEAFdCABFAACZnE9AAEAR51gjX57ZHk\/WJOwYAKEAhSYyMHsCAQMwEQIEPsyxCgIDAP\/jBAEFAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIFZAQKU0hBMU5PUFJJVgQM+aZLjyUgeKDqkPwVBAAwLgQMgAAACQMAqrvMAAEABAChHAIEZ0BTqgIBAAIBADAOMAwGCCsGAQIBAQUABQA="} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1597327640489979,"flow_dst_last_pkt_time":1597327640649963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1597327640649963,"pkt":"AAwpEAFdAAAA82AcCABFAACnAC8AAP8RBGseT9YkI1+e2QCh7BgAk756MIGIAgEDMBACBD7MsQoCAgXcBAEBAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIFZAQKU0hBMU5PUFJJVgQMuT7ljb8Wlqir20\/EBAAwPAQMgAAACQMAqrvMAAEABACiKgIEZ0BTqgIBAAIBADAcMBoGCCsGAQIBAQYABA5HbG9ib21hbnRpY3NIUQ=="} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1597327640653531,"flow_dst_last_pkt_time":1597327640649963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1597327640653531,"pkt":"AAAA82AcAAwpEAFdCABFAACZnJJAAEAR5xUjX57ZHk\/WJOwYAKEAhQWOMHsCAQMwEQIEPsyxDAIDAP\/jBAEFAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIFZAQKU0hBMU5PUFJJVgQMDwMaWGwn6kzwc\/52BAAwLgQMgAAACQMAqrvMAAEABACgHAIEZ0BTrAIBAAIBADAOMAwGCCsGAQIBAQUABQA="} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646611250,"flow_dst_last_pkt_time":1597327646611250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327646611250,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1597327646611250,"flow_dst_last_pkt_time":1597327646611250,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1597327646611250,"pkt":"AAAA82AcAAwpEAFdCABFAABcoAFAAEAR4+MjX57ZHk\/WJMCaAKEASMHoMD4CAQMwEQIEaTnV4AIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBH1wgzUCAQACAQAwAA=="} -00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646611250,"flow_dst_last_pkt_time":1597327646611250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327646611250,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":3,"primitive":0,"error_status":0}}} +00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646611250,"flow_dst_last_pkt_time":1597327646611250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327646611250,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":3,"primitive":0,"error_status":0}}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1597327646611250,"flow_dst_last_pkt_time":1597327646725952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1597327646725952,"pkt":"AAwpEAFdAAAA82AcCABFAACFADEAAP8RBIseT9YkI1+e2QChwJoAcVZ4MGcCAQMwEAIEaTnV4AICBdwEAQACAQMEHTAbBAyAAAAJAwCqu8wAAQACAQwCAgVrBAAEAAQAMDEEDIAAAAkDAKq7zAABAAQAqB8CBH1wgzUCAQACAQAwETAPBgorBgEGAw8BAQQAQQEO"} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1597327646730994,"flow_dst_last_pkt_time":1597327646725952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1597327646730994,"pkt":"AAAA82AcAAwpEAFdCABFAACZoDlAAEAR424jX57ZHk\/WJMCaAKEAhS98MHsCAQMwEQIEaTnV3wIDAP\/jBAEFAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIFawQKU0hBMU5PUFJJVgQMdsqnL4gHLPYGipA6BAAwLgQMgAAACQMAqrvMAAEABAChHAIEfXCDNAIBAAIBADAOMAwGCCsGAQIBAQQABQA="} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1597327646730994,"flow_dst_last_pkt_time":1597327646879749,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1597327646879749,"pkt":"AAwpEAFdAAAA82AcCABFAAClADIAAP8RBGoeT9YkI1+e2QChwJoAkZc+MIGGAgEDMBACBGk51d8CAgXcBAEBAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIFawQKU0hBMU5PUFJJVgQMGU2tFbxt2ThLnUZwBAAwOgQMgAAACQMAqrvMAAEABACiKAIEfXCDNAIBAAIBADAaMBgGCCsGAQIBAQUABAxSMS5sYWIubG9jYWw="} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1597327646881056,"flow_dst_last_pkt_time":1597327646879749,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1597327646881056,"pkt":"AAAA82AcAAwpEAFdCABFAACZoLlAAEAR4u4jX57ZHk\/WJMCaAKEAhQ1IMHsCAQMwEQIEaTnV4QIDAP\/jBAEFAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIFawQKU0hBMU5PUFJJVgQM3Qt5vqgF1JoEA8dsBAAwLgQMgAAACQMAqrvMAAEABACgHAIEfXCDNgIBAAIBADAOMAwGCCsGAQIBAQQABQA="} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863597558,"flow_dst_last_pkt_time":1597326863776609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597327647026431,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838143720,"flow_dst_last_pkt_time":1597326838291092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597327647026431,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863597558,"flow_dst_last_pkt_time":1597326863776609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597327647026431,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838143720,"flow_dst_last_pkt_time":1597326838291092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597327647026431,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597326981183361,"flow_src_last_pkt_time":1597326981449947,"flow_dst_last_pkt_time":1597326981598419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":367,"midstream":0,"thread_ts_usec":1597327647026431,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":52435,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597326976979244,"flow_src_last_pkt_time":1597326977267779,"flow_dst_last_pkt_time":1597326977413722,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1597327647026431,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":56251,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326858008780,"flow_src_last_pkt_time":1597326858140036,"flow_dst_last_pkt_time":1597326858289894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597327647026431,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -82,16 +82,16 @@ 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1597327805613499,"flow_dst_last_pkt_time":1597327805611793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1597327805613499,"pkt":"AAAAV4hpAAwpsVpsCABFAACkmNVAAEAR69ODszGl\/p4BqYyCAKEAkN2JMIGFAgEDMBECBEyy1iECAwD\/4wQBBwIBAwQ7MDkEDIAAAAkDAKq7zAABAAIBDAICBgkEClNIQTFBRVMxMjgEDJtziJHxaodwRs3eIQQIgB4HBiglqmIEMAupq3l+cOYYEzoCHoY5O4X4TJUa2wXJNOK\/b37r1sMKQ+nPnY1s\/d1MAtxa8BQz+g=="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1597327805613499,"flow_dst_last_pkt_time":1597327805757822,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_usec":1597327805757822,"pkt":"AAwpsVpsAAAAV4hpCABFAACvAEAAAP8RBV7+ngGpg7MxpQChjIIAm\/QgMIGQAgEDMBACBEyy1iECAgXcBAEDAgEDBDswOQQMgAAACQMAqrvMAAEAAgEMAgIGCgQKU0hBMUFFUzEyOAQM81KwCkUAU+owXg9gBAixLczTKIeN+QQ8l7TfdR0zGiSy1SWcwb9yiEOmIdX39IXlxRQNUWSx42l9yaewWz9H5A19iFk6fVfIz5rL3pvdKm+WcXNE"} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1597327805759196,"flow_dst_last_pkt_time":1597327805757822,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1597327805759196,"pkt":"AAAAV4hpAAwpsVpsCABFAACkmVJAAEAR61aDszGl\/p4BqYyCAKEAkKIiMIGFAgEDMBECBEyy1iMCAwD\/4wQBBwIBAwQ7MDkEDIAAAAkDAKq7zAABAAIBDAICBgoEClNIQTFBRVMxMjgEDFMbh\/Dk3SvVz95WoQQIgB4HBiglqmMEMJE113Q0NWMVB7TdQewvRiEzAB5zFAsRqz8So0sJQUsIHeUhtQOMlyZFVbEp0CGVvA=="} -00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640653531,"flow_dst_last_pkt_time":1597327640799174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":381,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646881056,"flow_dst_last_pkt_time":1597327647026431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":388,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":7,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1597328385284231} +00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640653531,"flow_dst_last_pkt_time":1597327640799174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":381,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646881056,"flow_dst_last_pkt_time":1597327647026431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":388,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":7,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1597328385284231} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328385284231,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_usec":1597328385284231,"pkt":"AAwpOSzhAAAASwKNCABFAADJAAAAAP8RVsFchw\/wiTFuutQuAKIAtdeqMIGqAgEBBAhwdWJsaWMyY6eBmgIBFwIBAAIBADCBjjAPBggrBgECAQEDAEMDAz\/FMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFAzAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwJQYMKwYBBAEJAgIBARQCBBVhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} 00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328385284231,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":7,"error_status":0}}} -00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640653531,"flow_dst_last_pkt_time":1597327640799174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":381,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640653531,"flow_dst_last_pkt_time":1597327640799174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":381,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327800258125,"flow_src_last_pkt_time":1597327800526173,"flow_dst_last_pkt_time":1597327800683698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":401,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":60694,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327805470462,"flow_src_last_pkt_time":1597327805759196,"flow_dst_last_pkt_time":1597327805899852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":408,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":35970,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646881056,"flow_dst_last_pkt_time":1597327647026431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":388,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646881056,"flow_dst_last_pkt_time":1597327647026431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":388,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1597328420435096,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1597328420435096,"pkt":"AAwpOSzhAAAASwKNCABFAAC1AAEAAP8RVtRchw\/wiTFuutQuAKIAoQR+MIGWAgEBBAhwdWJsaWMyY6eBhgIBHAIBAAIBADB7MA8GCCsGAQIBAQMAQwMDTYAwFwYKKwYBBgMBAQQBAAYJKwYBBgMBAQUEMA8GCisGAQIBAgIBAQICAQIwGQYKKwYBAgECAgECAgQLRXRoZXJuZXQwLzEwDwYKKwYBAgECAgEDAgIBBjASBgwrBgEEAQkCAgEBFAIEAnVw"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328648399219,"flow_src_last_pkt_time":1597328648399219,"flow_dst_last_pkt_time":1597328648399219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":146,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":146,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328648399219,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1597328648399219,"flow_dst_last_pkt_time":1597328648399219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"thread_ts_usec":1597328648399219,"pkt":"AAwpl\/zFAAAAQogiCABFAACuAAIAAP8RsSDITISJvW\/\/1tQuAKIAmmoKMIGPAgEABAZwdWJsaWOkgYEGCCsGAQYDAQEFQAQKAR4BAgECAgEAQwMDpowwZDAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwJQYMKwYBBAEJAgIBARQCBBVhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} @@ -113,7 +113,7 @@ 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1597328765050571,"flow_dst_last_pkt_time":1597328757701238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1597328765050571,"pkt":"AAwpbM85AAAAgfGMCABFAAD4AAkAAP8R+958NcSwZ\/gWL9QuAKIA5B3\/MIHZAgEDMA0CASkCAgXcBAEAAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIJyQQMTk9BVVRITk9QUklWBAAEADCBmQQMgAAACQMAqrvMAAEABACngYYCATACAQACAQAwezAPBggrBgECAQEDAEMDA9QeMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFBDAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwEgYMKwYBBAEJAgIBARQCBAJ1cA=="} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328648399219,"flow_src_last_pkt_time":1597328660640336,"flow_dst_last_pkt_time":1597328648399219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328704045369,"flow_src_last_pkt_time":1597328710051817,"flow_dst_last_pkt_time":1597328704045369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":4,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1643702947966305} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":4,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1643702947966305} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":908,"flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702947966305,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1To\/AABAETBgCucChgpI9wQAoe6gAMF5TzCCALUCAQEEBGFkc2yiggCoAgJkLgIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":19}}} @@ -134,7 +134,7 @@ 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":908,"flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643703001963541,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1WA+AABAEQphCucChgpI9wQAoe6gAMEJTzCCALUCAQEEBGFkc2yiggCoAgJkngIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703001963541,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987784304,"flow_dst_last_pkt_time":1643702987801396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":565,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":671,"flow_src_tot_l4_payload_len":2229,"flow_dst_tot_l4_payload_len":1364,"midstream":0,"thread_ts_usec":1643703001963541,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":72,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":5,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1643703001963541} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":72,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":5,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1643703001963541} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 72/72 ~~ skipped flows.............: 0 @@ -143,9 +143,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8685737 bytes -~~ total memory freed........: 8685737 bytes -~~ total allocations/frees...: 140776/140776 +~~ total memory allocated....: 9450623 bytes +~~ total memory freed........: 9450623 bytes +~~ total allocations/frees...: 154742/154742 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 2002 chars diff --git a/test/results/default/soap.pcap.out b/test/results/default/soap.pcap.out index 9087c06b9..c57a35912 100644 --- a/test/results/default/soap.pcap.out +++ b/test/results/default/soap.pcap.out @@ -1,16 +1,16 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946731321416000} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946731321416000} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} 02461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946731323902000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731323902000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtJAAH8GH57AqAJkFwLVpcO0AFABqsQz6c\/N2FAYAQQJEwAAOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBWAEkARAAmAGEAbQBwADsAMAAwADAAMQAwADAANQA3AF8AUABJAEQAJgBhAG0AcAA7ADAAMAAyADMAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAFYASQBEACYAYQBtAHAAOwAwADAAMAAxADAAMAA1ADcAXwBQAEkARAAmAGEAbQBwADsAMAAwADIAMwA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGIALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADAAMQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADEAMABjAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGUALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADEAZQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwALwBoAHcAaQBkAHMAPgA8AC8AZwBkAG0AZABoAHcAaQBkAD4APAAvAEgAVwBJAEQAUgBlAHEAdQBlAHMAdABzAD4APAAvAEQAZQB2AGkAYwBlAE0AZQB0AGEAZABhAHQAYQBCAGEAdABjAGgAUgBlAHEAdQBlAHMAdAA+ADwALwBzADoAQgBvAGQAeQA+ADwALwBzADoARQBuAHYAZQBsAG8AcABlAD4A"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946731323902000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731323927000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0aS1AADwGJeMXAtWlwKgCZABQw7Tpz83YAaq6aYAQAfb+6gAAAQEFCgGqxDMBqsnf"} 02464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0AFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} -00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2904,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2904,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"go.microsoft.com","domainame":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054092487860} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"go.microsoft.com","domainame":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054092487860} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} 02188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} @@ -19,9 +19,9 @@ 02000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1132,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1132,"pkt_l4_len":1094,"thread_ts_usec":1639054092826381,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAEWqu1QADxBpiduSDAHlWacnEAUNrcPMekH5W6dgJQGD191s4AAIyNda9b\/4Wk\/q7kvzA0zlo0OCy+ohRx\/gWlD6cuZaKXDpcZnDmdSt\/gCNGopu6AS8JATRDB2sNkdvs0VYqXuo85LWLXgz\/GGa9Jc6MG6JYPBLtZ68AEkD4E7Ixgxj5VoD8X1vcUPgbavdxsBF6ml+drczg2gmaNkDFO7B933+q9zZKg+oG2pMj87ESLGu\/fp4BFA7hj0TH0xUqeBDvAR85kXVH5RLFVcwlzf5SkxaK76gkzu60llYNi5wv4hugteIIw1qnuuG0F2lOzsJeXnOmZr2YLWmTVeZYmw5JFWYaOW88oh3lE8wTOL6kkf6422YOL+vSBdTD+5GVjul+dz5efILQi0gJb9SDXms4KOszaLOz7oz\/eH9i5zXlpDJFf24wMnOC2K8IIqs8dhhBblctV5U7MCi6fbjwTNFDnkkrhAsQLfflwcnijU0wkUYZVsP2Mopqss2DfWxrrzjtvU\/3TnJzhxzjOfuyUKfTBG3L8dD4Gwoav79OfgC9+Idtf1PTDn9ex7v\/Fmyd30pyd1s0bbUnz4vg2h1D5DlfOPo7q5SkbGllQNKS2sypM2gujPrdAAhAO0MRmdruKPyfFmHldo0sI4qDDyoWYToWvYReNG4+MAkhnOTEs6LErtCWDATGKcwqKh6PqbM69SZXd5JlPmgt0LzAoUrLTLasxmrJeZtJFQ8MXa1ME4ZfLLSHL9nOyiq2E0UL\/rQPyurLaNNs0NvV7I0Bfi5FZAvQC2QwQhlY8Y7p2Bqy8Cdxd4LbTsK8IE9vImZYfFmbm\/RO6LBSYlfLawEeVfZKSXPyz7v29dbM2LCt3pR5f\/Jn2HtSd2bsC9XpH67WDfGJ5VKnDZGKU7pj7BvwgMeQEj+8L3eTOjjaReBB4MsrpfGwTE9aSt9aw0m1unF81+cY5x9BcRGq4bCtgkFz8DnHAsF0lI9XP52++JBk5mERUR2eEaHIcSiQzhvYPVXGzmTYBHdq6F\/nfwq0p+OjBjzHWUKpaQwrLVdKIyww95od0Sguqb1MCuKRpSrwOQvXZWV9jQNM03ynZj2wo3dQHbNZyEBxcA0jdj8EeZvvk0eVvzuEF6NayagghINncRhZZDA2muQ+gK3F8BvvNO\/9IlbBxiXKRdXubXKUyOTU2MAwix\/0nAhAyuwnq+Q88d7anWWPi3zwTnVBWrrC7vBJoJ1Z7g0f5E+\/HysBN7mVyq5MveGyL62bIoMLmpI1KNsCgMGwDITFykvlhjWDGYryDj+XT6t7Jvx\/xd9+NXSrdaHyxzR3sl\/V+aathuQMWxApeB5TtLieObBBINO6kN5U2O13qaE+PH1T8uNTDUsPwPEKqgRdQIY7ffwW36TMVsARN5+bm1DJ4iy1DNQ4LE8HbDySzNbnrVS7GRtQIF0zepOpR7thyhsgydrZzJ3XiE0fSTioqLAsNToYNCg=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} +00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654539 bytes -~~ total memory freed........: 8654539 bytes -~~ total allocations/frees...: 140584/140584 +~~ total memory allocated....: 9418977 bytes +~~ total memory freed........: 9418977 bytes +~~ total allocations/frees...: 154550/154550 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2469 chars diff --git a/test/results/default/socks.pcap.out b/test/results/default/socks.pcap.out index 6b3b576ad..7da4a61b2 100644 --- a/test/results/default/socks.pcap.out +++ b/test/results/default/socks.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1385474294492448} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1385474294492448} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1385474294492448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294492448,"pkt":"AABeAAEBAAtFtxbACABFAAAwisFAAH4GgV8KAAABCgAAAgZlU+Uyuw5yAAAAAHACQAC3ZAAAAgQFUAEBBAI="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294649364,"pkt":"AAtFtxbAACaI3xfHCABFAAAwbUxAAGcGtdQKAAACCgAAAVPlBmV6GpzgMrsOc3ASIADAvAAAAgQE7AEBBAI="} @@ -7,7 +7,7 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1385474294849170,"pkt":"AABeAAEBAAtFtxbACABFAAAritBAAH4GgVUKAAABCgAAAgZlU+Uyuw5zehqc4VAYROjCxAAABQEAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1385474295006242,"pkt":"AAtFtxbAACaI3xfHCABFAAAqbU9AAGcGtdcKAAACCgAAAVPlBmV6GpzhMrsOdlAY\/\/AHuwAABQAAAAAA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1385474295006242,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1386004309468752} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1386004309468752} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004309468752,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004309468752,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004309469255,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="} @@ -33,7 +33,7 @@ 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312384665,"flow_dst_last_pkt_time":1386004312384637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317989330,"flow_dst_last_pkt_time":1386004317989312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1603,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474412431090,"flow_dst_last_pkt_time":1385474412219725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":930,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":942,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1386004317989330} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1386004317989330} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662089 bytes -~~ total memory freed........: 8662089 bytes -~~ total allocations/frees...: 140631/140631 +~~ total memory allocated....: 9426559 bytes +~~ total memory freed........: 9426559 bytes +~~ total allocations/frees...: 154597/154597 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 1093 chars diff --git a/test/results/default/softether.pcap.out b/test/results/default/softether.pcap.out index 84e9aecc5..4cfd9068b 100644 --- a/test/results/default/softether.pcap.out +++ b/test/results/default/softether.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642694863816000} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642694863816000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694863816000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642694863816000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694863816000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1642694863816000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdZ4ZAAD8RiC7AqAJkgp4Gcci1E4wACUw2QQ=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694864079000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642694864079000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4FVwAAG8R6j2CngZxwKgCZBOMyLUAJKgsSVA9OTAuMTg2LjEzMi4xMzMsUE9SVD01MTM4MQ=="} @@ -11,7 +11,7 @@ 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694925531000,"flow_dst_last_pkt_time":1642694925794000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":412,"midstream":0,"thread_ts_usec":1642694925794000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694971183000,"flow_dst_last_pkt_time":1642694971445000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1642694971445000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642695022957000,"flow_dst_last_pkt_time":1642694997325000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1642695022957000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":983,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1642993710968000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":983,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1642993710968000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642993710968000,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993710968000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642993710968000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993710968000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642993710968000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GPRAAD8GkfDAqAJkgp5LLZKAAFAJq5FAAAAAAKAC+vCRBgAAAgQFtAQCCApgbIO7AAAAAAEDAwY="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642993711225000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8XxtAAHAGGsmCnkstwKgCZABQkoDyj0KZCauRQaASIAAzDwAAAgQFrAEDAwgEAggKBdAXMmBsg7s="} @@ -19,7 +19,7 @@ 02034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1642993711226000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_usec":1642993711226000,"pkt":"eJS0JASgYDjgxTWgCABFAASMGPZAAD8GjZ7AqAJkgp5LLZKAAFAJq5FB8o9CmoAYA+yVVgAAAQEICmBshL4F0BcyUE9TVCAvZGRucy9kZG5zLmFzcHg\/dj05MjkxMjU3Njg0ODI1Mzg5MDMwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IGphDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDcyNA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IHgwLngwLmRldi5vcGVuLnNlcnZlcnMuZGRucy5zb2Z0ZXRoZXItbmV0d29yay5uZXQNCktlZXAtQWxpdmU6IHRpbWVvdXQ9MTU7IG1heD0xOQ0KUHJhZ21hOiBuby1jYWNoZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4zOyBXT1c2NDsgcnY6MjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8yOS4wDQoNClBBQ0swMDAwMDAwNjY4QUFBQUR3QUFBQVppZFdsc1pBQUFBQUFBQUFBQkFBQWx5Z0FBQUFsa1pHNXpYMjl6Y3dBQUFBQUFBQUFCQUFBQUFRQUFBQlprWkc1elgzQnliM1J2WTI5c1gzWmxjbk5wYjI0QUFBQUFBQUFBQVFBQUFBRUFBQUFKYVhOZk5qUmlhWFFBQUFBQUFBQUFBUUFBQUFBQUFBQU1hWE5mY0dGamEyVjBhWGdBQUFBQUFBQUFBUUFBQUFBQUFBQU5hWE5mYzI5bWRHVjBhR1Z5QUFBQUFBQUFBQUVBQUFBQkFBQUFCR3RsZVFBQUFBSUFBQUFCQUFBQUtEUTFRemcwUlRjelJqTTVNMEl3TVVZeFFVSTROamc1UVVWQ1F6YzRRa1ZHTmpoRE1EWTRNRGtBQUFBUGJHRnpkR1Z5Y205eVgybHdkalFBQUFBQUFBQUFBUUFBQUFBQUFBQVBiR0Z6ZEdWeWNtOXlYMmx3ZGpZQUFBQUFBQUFBQVFBQUFBRUFBQUFNYldGamFHbHVaVjlyWlhrQUFBQUNBQUFBQVFBQUFDaENOVUZDUWpjMk1qazRNalZET0RJMU5UY3pOakZHTUVVM01UUTFRamcwTlVWQ1FqWTJOVVUwQUFBQURXMWhZMmhwYm1WZmJtRnRaUUFBQUFJQUFBQUJBQUFBQTNad2JnQUFBQWR2YzJsdVptOEFBQUFBQUFBQUFRQUFEQndBQUFBTWNISnZaSFZqZEY5emRISUFBQUFDQUFBQUFRQUFBQTFUYjJaMFJYUm9aWElnVDFOVEFBQUFDblZ6WlY5aGVuVnlaUUFBQUFBQUFBQUJBQUFBQUFBQUFBbG1kVzVqZEdsdmJnQUFBQUlBQUFBQkFBQUFDSEpsWjJsemRHVnlIQVNIMDAwMDAwMDAyOFpLVk82OGhlWUNPS2tuTSljaFlzVGxsa0daNCg="} 01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642993710968000,"flow_src_last_pkt_time":1642993711226000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642993711226000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Softether","proto_id":"7.290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"x0.x0.dev.open.servers.ddns.softether-network.net","domainame":"x0.x0.dev.open.servers.ddns.softether-network.net","http": {"url":"x0.x0.dev.open.servers.ddns.softether-network.net\/ddns\/ddns.aspx?v=9291257684825389030","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko\/20100101 Firefox\/29.0","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Windows 8.1"}}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642695022957000,"flow_dst_last_pkt_time":1642694997325000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1642993711226000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1646316453326000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1646316453326000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453326000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646316453326000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453326000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1646316453326000,"pkt":"eJS0JASgYDjgxTWgCABFAAAd9VFAAD8R+mLAqAJkgp4Gcci1E4wACUw2QQ=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453591000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1646316453591000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4EGoAAG4R8C+CngZxwKgCZBOMyLUAJKgsSVA9OTAuMTg2LjEzMi4xMzMsUE9SVD01MTM4MQ=="} @@ -32,7 +32,7 @@ 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316555615000,"flow_dst_last_pkt_time":1646316555881000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1646316555881000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01057{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316604619000,"flow_dst_last_pkt_time":1646316581404000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1646316604619000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"90.186.132.133","client_port":"51381","hostname":"vpn","fqdn":"moishele.softether.net"}}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316608076000,"flow_dst_last_pkt_time":1646316604885000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1646316608076000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":35,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":6,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1656980485529000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":35,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":6,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1656980485529000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656980486196000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1656980486196000,"pkt":"eJS0JASgYDjgxTWgCABFAAB\/butAAD8RgG\/AqAJkgp4Gaci1E4wAa0yQAAAAAwAAAAdvcGNvZGUAAAACAAAAAQAAAAlnZXRfdG9rZW4AAAAIdHJhbl9pZAAAAAQAAAABVcoU5Uu9F3oAAAAWbmF0X3RyYXZlcnNhbF92ZXJzaW9uAAAAAAAAAAEAAAAB"} 01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656980486196000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"","client_port":"","hostname":"","fqdn":""}}} @@ -47,13 +47,13 @@ 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980539784000,"flow_dst_last_pkt_time":1656980540028000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":986,"midstream":0,"thread_ts_usec":1656980540028000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1656980485778000,"flow_dst_last_pkt_time":1656980486029000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":1129,"midstream":0,"thread_ts_usec":1656980590747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980590502000,"flow_dst_last_pkt_time":1656980590747000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1656980590747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":56,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":11,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1657218777631000} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":56,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":11,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1657218777631000} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1656980485778000,"flow_dst_last_pkt_time":1656980486029000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":1129,"midstream":0,"thread_ts_usec":1657218777876000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218777631000,"flow_dst_last_pkt_time":1657218777876000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":1067,"midstream":0,"thread_ts_usec":1657218777876000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218830229000,"flow_dst_last_pkt_time":1657218830474000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":1447,"midstream":0,"thread_ts_usec":1657218830474000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218883169000,"flow_dst_last_pkt_time":1657218883415000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1527,"flow_dst_tot_l4_payload_len":1501,"midstream":0,"thread_ts_usec":1657218883415000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218934824000,"flow_dst_last_pkt_time":1657218910555000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1529,"flow_dst_tot_l4_payload_len":1528,"midstream":0,"thread_ts_usec":1657218934824000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":15,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1657249529677000} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":15,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1657249529677000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529677000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657249529677000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529677000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1657249529677000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdcmhAAD8RfU3AqAJkgp4GcMi1E4wACUw1QQ=="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529923000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1657249529923000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2VBgAAHMRp4SCngZwwKgCZBOMyLUAIuZdSVA9Mi4yMDcuNjAuMTYzLFBPUlQ9NTEzODE="} @@ -65,12 +65,12 @@ 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249582560000,"flow_dst_last_pkt_time":1657249582732000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1657249582732000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249631671000,"flow_dst_last_pkt_time":1657249631942000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1657249631942000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249681609000,"flow_dst_last_pkt_time":1657249681857000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1657249681857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":18,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":68,"global_ts_usec":1657366460559000} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":18,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":68,"global_ts_usec":1657366460559000} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366460559000,"flow_dst_last_pkt_time":1657366460805000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1657366460805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366513451000,"flow_dst_last_pkt_time":1657366513703000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":584,"midstream":0,"thread_ts_usec":1657366513703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366565530000,"flow_dst_last_pkt_time":1657366565776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1657366565776000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366617375000,"flow_dst_last_pkt_time":1657366591817000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1657366617375000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":101,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":22,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1657762868392000} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":101,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":22,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1657762868392000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868392000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657762868392000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868392000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1657762868392000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdnKhAAD8RUwzAqAJkgp4Gcci1E4wACUw2QQ=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868649000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1657762868649000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4BUMAAHMR9laCngZxwKgCZBOMyLUAJKUsSVA9OTAuMTg2LjE2MC4yMDcsUE9SVD01MTM4MQ=="} @@ -83,28 +83,28 @@ 01058{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762958721000,"flow_dst_last_pkt_time":1657762948678000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657762958721000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"90.186.160.207","client_port":"51381","hostname":"vpn","fqdn":"moishele.softether.net"}}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762973579000,"flow_dst_last_pkt_time":1657762973832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1657762973832000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657763027181000,"flow_dst_last_pkt_time":1657763001647000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1657763027181000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":25,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1657906301393000} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":25,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1657906301393000} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906301393000,"flow_dst_last_pkt_time":1657906301648000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":488,"flow_dst_tot_l4_payload_len":524,"midstream":0,"thread_ts_usec":1657906301648000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906353365000,"flow_dst_last_pkt_time":1657906353619000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":970,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1657906353619000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906405961000,"flow_dst_last_pkt_time":1657906406215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":972,"flow_dst_tot_l4_payload_len":964,"midstream":0,"thread_ts_usec":1657906406215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906456047000,"flow_dst_last_pkt_time":1657906431208000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":992,"midstream":0,"thread_ts_usec":1657906456047000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10412,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":29,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1657907318692000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10412,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":29,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1657907318692000} 02282{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907318692000,"flow_dst_last_pkt_time":1657907318946000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":1657907318946000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":257000,"avg":9319382016.0,"max":143300001000,"stddev":0.0,"var":0.0,"ent":1.1,"data": [257000,27676000,27674000,26195000,26194000,26159000,26161000,10299000,10301000,14858000,14853000,27814000,27815000,25788000,1540291232,1566080232,18689000,18689000,5427000,5426000,27856000,27856000,26072000,26072000,26524000,26524000,24993000,24993000,25093000,862645000,887738000]},"pktlen": {"min":29,"avg":90.3,"max":508,"stddev":132.5,"var":17556.2,"ent":4.1,"data": [29,56,29,56,29,56,29,56,508,356,29,56,29,56,29,29,56,508,356,29,56,29,56,29,56,29,56,29,56,29,29,56]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1],"entropies": [4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,4.988168716,4.582120895,5.059597492,5.016859055,4.526149750,4.582120895,5.059597492,4.513154984,5.010403156,4.582120895,4.582120895,5.001649380,5.023393631,4.521674156,4.582120895,5.001649380,4.582120895,5.059597492,4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,5.059597492,4.582120895,4.582120895,4.988168716]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907318692000,"flow_dst_last_pkt_time":1657907318946000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":1657907318946000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907371998000,"flow_dst_last_pkt_time":1657907372252000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":1076,"midstream":0,"thread_ts_usec":1657907372252000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":19,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907422129000,"flow_dst_last_pkt_time":1657907422383000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":1132,"midstream":0,"thread_ts_usec":1657907422383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":21,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907472044000,"flow_dst_last_pkt_time":1657907465166000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1461,"flow_dst_tot_l4_payload_len":1488,"midstream":0,"thread_ts_usec":1657907472044000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":33,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":97,"global_ts_usec":1657959489569000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":33,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":97,"global_ts_usec":1657959489569000} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":22,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959489569000,"flow_dst_last_pkt_time":1657959489824000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1462,"flow_dst_tot_l4_payload_len":1516,"midstream":0,"thread_ts_usec":1657959489824000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":23,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959673241000,"flow_dst_last_pkt_time":1657959673495000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1463,"flow_dst_tot_l4_payload_len":1544,"midstream":0,"thread_ts_usec":1657959673495000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":25,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959725835000,"flow_dst_last_pkt_time":1657959726090000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1465,"flow_dst_tot_l4_payload_len":1600,"midstream":0,"thread_ts_usec":1657959726090000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959784163000,"flow_dst_last_pkt_time":1657959784418000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1947,"flow_dst_tot_l4_payload_len":1984,"midstream":0,"thread_ts_usec":1657959784418000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":163,"packets-processed":162,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12407,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":37,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1657979228094000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":163,"packets-processed":162,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12407,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":37,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1657979228094000} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":30,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979228094000,"flow_dst_last_pkt_time":1657979228348000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1950,"flow_dst_tot_l4_payload_len":2040,"midstream":0,"thread_ts_usec":1657979228348000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":33,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979280591000,"flow_dst_last_pkt_time":1657979280846000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2051,"flow_dst_tot_l4_payload_len":2377,"midstream":0,"thread_ts_usec":1657979280846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":36,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979331035000,"flow_dst_last_pkt_time":1657979331290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":2761,"midstream":0,"thread_ts_usec":1657979331290000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":36,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979356494000,"flow_dst_last_pkt_time":1657979331290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2534,"flow_dst_tot_l4_payload_len":2761,"midstream":0,"thread_ts_usec":1657979356494000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":40,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1657979356494000} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":40,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1657979356494000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -113,9 +113,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662309 bytes -~~ total memory freed........: 8662309 bytes -~~ total allocations/frees...: 140767/140767 +~~ total memory allocated....: 9426843 bytes +~~ total memory freed........: 9426843 bytes +~~ total allocations/frees...: 154733/154733 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 2287 chars diff --git a/test/results/default/someip-tp.pcap.out b/test/results/default/someip-tp.pcap.out index ef00801a6..f455de784 100644 --- a/test/results/default/someip-tp.pcap.out +++ b/test/results/default/someip-tp.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1433332443506391} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1433332443506391} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1412,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443506391,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443506391,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUcAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAAAEAADAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpams="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1412,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443506391,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -8,7 +8,7 @@ 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1433332443538482,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443538482,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUoAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAEFFMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5urs="} 02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1433332443551109,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443551109,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUsAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAFcG8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKis="} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443605150,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1176,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443605150,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1433332443605150} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1433332443605150} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645138 bytes -~~ total memory freed........: 8645138 bytes -~~ total allocations/frees...: 140543/140543 +~~ total memory allocated....: 9409512 bytes +~~ total memory freed........: 9409512 bytes +~~ total allocations/frees...: 154509/154509 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 2436 chars diff --git a/test/results/default/someip-udp-method-call.pcapng.out b/test/results/default/someip-udp-method-call.pcapng.out index b8383f453..e2057df3d 100644 --- a/test/results/default/someip-udp-method-call.pcapng.out +++ b/test/results/default/someip-udp-method-call.pcapng.out @@ -1,5 +1,5 @@ -00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502789275686772} +00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502789275686772} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275686772,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00969{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_usec":1502789275686772,"pkt":"AQBeAAABdAAAAAC5CABFAAFkAHhAAAER12bAqAAB4AAAAcAmwCYBULPJ\/\/+BAAAAAUAAAAfdAQECAMAAAAAAAADAAQAAIBI0APwBAAADAAAAAAECABAAAAABAQAAAwAAAAIBAwAQAAAAAQEAAAMAAAAAAQQAIAAAAAEBAAADAAAAAAEGABAAAAABAQAAAwAAAAEBAQAQAAAAAQEAAAMAAAAAAQAAIAAAAAEBAAADAAAAAAEBABAAAAABAgAAAwAAAAABAQAQAAAAAQEAAAMAAAAAAQEAEAAAAAEBAAADAAAAAAEHABAAAAABAQAAAwAAAAEBCAAQAAAAAQEAAAMAAAAAAAAAbAAJBADAqAABAAbAMQAJBADAqAABABHAMQAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABABHAPwAJBADAqAABABHAPwAJBADAqAABAAbAPwAJBADAqAABABHAPw=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275686772,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -9,7 +9,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1502789275711113,"flow_dst_last_pkt_time":1502789275713141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1502789275713141,"pkt":"gAAAAAB1dAAAAAC5CABFAAA1do9AAAERgVrAqAABwKgAfcAxwCcAIWfYEjQACAAAABEAAAABAQGAAAAAAAWrq6urqw=="} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275713141,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1502789275711113,"flow_src_last_pkt_time":1502789275711113,"flow_dst_last_pkt_time":1502789275713141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":25,"midstream":0,"thread_ts_usec":1502789275713141,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1502789275713141} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1502789275713141} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647407 bytes -~~ total memory freed........: 8647407 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9411813 bytes +~~ total memory freed........: 9411813 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 565 chars ~~ json message max len.......: 1119 chars diff --git a/test/results/default/someip_sd_sample.pcap.out b/test/results/default/someip_sd_sample.pcap.out index 27ed35c81..b3e11551d 100644 --- a/test/results/default/someip_sd_sample.pcap.out +++ b/test/results/default/someip_sd_sample.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559741544964106} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559741544964106} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741544964106,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741544964106} 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAAEAXgIDBQBUr+cDQAgARQAAVAAAQAD\/EXSfwKhYSesCAwV3GncaAEDieP\/\/gQAAAAAwAAAAAwEBAgDAAAAAAAAAEAEAABAA6wAAAQAAHgAAAAAAAAAMAAkEAMCoWEkAEcNQ"} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545065160,"packet_id":2,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545065160} @@ -12,7 +12,7 @@ 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDQABUr+cDAAgARQAAVAAAQAD\/EUmxwKhYTcCoWEl3GncaAECLdP\/\/gQAAAAAwAAAABAEBAgDAAAAAAAAAEAYAABAA6wAAAQAAHgAAAAEAAAAMAAkEAMCoWE0AEepg"} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545865698,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545865698} 00436{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":102,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":102,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDAABUr+cDQAgARQAASAAAQAD\/EUm9wKhYScCoWE13GncaADSSJv\/\/gQAAAAAkAAAAAwEBAgDAAAAAAAAAEAcAAAAA6wAAAQAAHgAAAAEAAAAA"} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1559741545865698} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1559741545865698} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/0 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 318 chars ~~ json message max len.......: 822 chars diff --git a/test/results/default/sonos.pcapng.out b/test/results/default/sonos.pcapng.out index f62505037..8ea764461 100644 --- a/test/results/default/sonos.pcapng.out +++ b/test/results/default/sonos.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727166164053038} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727166164053038} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164053038,"flow_dst_last_pkt_time":1727166164053038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727166164053038,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1727166164053038,"flow_dst_last_pkt_time":1727166164053038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1727166164053038,"pkt":"NH5c\/6JunFg8p+7MCABFAABAAABAAEAGAADAqAEdwKgBRszJBaN82gZ6AAAAALAC\/\/+D5gAAAgQFtAEDAwYBAQgKwfr6SgAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1727166164053038,"flow_dst_last_pkt_time":1727166164053310,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1727166164053310,"pkt":"nFg8p+7MNH5c\/6JuCABFAAA8AABAAEAGtwjAqAFGwKgBHQWjzMn2ZQ7bfNoGe6AScSCSWAAAAgQFtAQCCAoAAql6wfr6SgEDAwU="} @@ -10,7 +10,7 @@ 01646{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164053500,"flow_dst_last_pkt_time":1727166164054256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":62,"midstream":0,"thread_ts_usec":1727166164054256,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.1.70","domainame":"192.168.1.70","tls": {"version":"TLSv1.2","ja3s":"2fbcb4e196d5bcba6896e593c6016e09","ja4":"t12i130700_88f5d26691c7_cdbdbcd6f742","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 01984{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164054938,"flow_dst_last_pkt_time":1727166164054943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":1880,"midstream":0,"thread_ts_usec":1727166164054943,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Sonos","proto_id":"91.430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"192.168.1.70","domainame":"192.168.1.70","tls": {"version":"TLSv1.2","server_names":"sonos-347e5cffa26e.local","ja3s":"2fbcb4e196d5bcba6896e593c6016e09","ja4":"t12i130700_88f5d26691c7_cdbdbcd6f742","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=Santa Barbara, O=Sonos, Inc, OU=Sonos Devices, CN=Sonos Device Authentication Root CA","subjectDN":"CN=347E5CFFA26E, OU=Sonos Devices, O=Sonos, Inc, L=Santa Barbara, ST=California, C=US","fingerprint":"48:71:C5:C1:80:17:50:20:E2:25:2E:E3:C3:F9:AE:76:62:1C:26:7E","blocks":0}}} 02590{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164138595,"flow_dst_last_pkt_time":1727166164138684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":267,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":697,"flow_dst_tot_l4_payload_len":10055,"midstream":0,"thread_ts_usec":1727166164138684,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":5522.7,"max":76697,"stddev":16070.0,"var":258244336.0,"ent":2.1,"data": [272,338,124,356,590,799,645,639,42,126,572,127,1,41072,36346,87,76697,101,123,120,417,5214,5537,110,53,129,4,219,221,72,50]},"pktlen": {"min":52,"avg":388.6,"max":1500,"stddev":553.2,"var":306044.5,"ent":3.8,"data": [64,60,52,199,52,114,52,1500,52,422,52,319,58,97,52,214,58,52,97,52,284,52,1500,52,1500,1500,52,52,1500,52,1500,774]},"bins": {"c_to_s": [12,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,1],"entropies": [4.115860939,5.002481937,4.600069523,5.375968933,5.017560482,5.533653736,4.676992416,6.990198135,4.676992416,7.453630447,4.585552692,7.180738926,4.594459534,5.301477909,4.940637112,6.869658470,4.928392887,4.676992893,5.552255630,4.676992416,7.104205132,5.017560482,7.839426041,4.638530731,7.870905399,7.893046856,4.638530731,4.569114685,7.863118172,4.600069046,7.854409218,7.733862877]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Sonos","proto_id":"91.430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1728503007672608} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1728503007672608} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1728503007672608,"flow_src_last_pkt_time":1728503007672608,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728503007672608,"l3_proto":"ip4","src_ip":"192.168.15.37","dst_ip":"192.168.15.36","src_port":44467,"dst_port":7080,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1728503007672608,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":51,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":51,"pkt_l4_len":17,"thread_ts_usec":1728503007672608,"pkt":"SKa47zYmXKr9ApIaCABFAAAlKNVAAAERsVnAqA8lwKgPJK2zG6gAEUE+ABNZhAAAAAD8"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1728503007672608,"flow_src_last_pkt_time":1728503007672608,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728503007672608,"l3_proto":"ip4","src_ip":"192.168.15.37","dst_ip":"192.168.15.36","src_port":44467,"dst_port":7080,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Sonos","proto_id":"430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -20,7 +20,7 @@ 01893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1728503008950594,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1074,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1074,"pkt_l4_len":1040,"thread_ts_usec":1728503008950594,"pkt":"SKa47zYmXKr9ApIaCABFAAQkKSpAAAERrQXAqA8lwKgPJK2zG6gEEB9JABNZjAAA\/\/\/HsSzPE0VRNE3LcSzL80RRFE2TZWma54miaaoqy9I0zxNF01RVpul5omiaquq6VNXzRNE0VdV1AQAAAAAAAAAAAAEA4AkOAEAFNqyOcFI0FlhoyEoAIAMAgDEGIWQMQsgYhBBCCCGEEBIAADDgAAAQYEIZKDRkJQCQCgBAGKMUY85JSakyRinnIJTSWmWQUs5BKKW1ZimlnIOSUmvNUko5JyWl1popGYNQSkqtNZUyBqGUlFprzokQQkqtxdicEyGElFqLsTknYykptRhjc07GUlJqMcbmnFOutRZjzUkppVxrLcZaCwBAaHAAADuwYXWEk6KxwEJDVgIAeQAAkFJKMcYYY0wppRhjjDGmlFKMMcaYU0opxhhjzDmnFGOMMeacY4wxxhhzzjHGGGOMOecYY4wxxpxzzjHGGGPOOecYY4wx55xzjDHGmAAAoAIHAIAAG0U2JxgJKjRkJQAQDgAAGMOUc85BKCWVCiHGIHRQSkqtVQgxBiGEUlJqLWrOOQghlJJSa9FzzkEIoZSUWouqhVBKKSWl1lp0LXRSSkmptRijlCKEkFJKrbUYnRMhhJJSai3G5pyMpaTUWowxNudkLCWl1mKMsTnnnGuttRZjrc0551xrKbYYa23OOad7bDHWWGtzzjmfW4utxloLADB5cACASrBxhpWks8LR4EJDVgIAuQEAjFKMMeacc84555xzzkmlGHPOOQghhBBCCCGUSjHmnHMQQgghhBBCKBlzzjkHIYQQQgghhFBK6ZxzEEIIIYQQQgihlNI55yCEEEIIIYQQQimlc85BCCGEEEIIIYRSSgghhBBCCCGEEEIIpZRSQgghhBBCCCGEEEoppYQQQgghhBBCCCGUUkoJIYQQQgghhBBCKKWUEkIIIYQQQgglhFBKKaWUEEIIoYQQQgihlFJKKSGEUkopIYQQQimllFJCKKGEEEIIIZRSSimllBJCKSGEEEIIpZRSSimllFJCCCGEEEoppZRSSimlhFBCCCGUUkoppZRSQiglhBJCKKWUUkoppYRQQgghhFBKKaWUUkoJIYQSQgihAACgAwcAgAAjKi3ETjOuPAJHFDJMQIWGrAQA0gIAAEOstdZaa6211lprDVLWWmuttdZaa621RilrrbXWWmuttdZaa6m11lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWksppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRS"} 01462{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":21,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164139982,"flow_dst_last_pkt_time":1727166164140787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":267,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":728,"flow_dst_tot_l4_payload_len":12413,"midstream":0,"thread_ts_usec":1728503014752819,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Sonos","proto_id":"91.430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"192.168.1.70"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1728503007672608,"flow_src_last_pkt_time":1728503020063220,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1032,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12559,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728503020063220,"l3_proto":"ip4","src_ip":"192.168.15.37","dst_ip":"192.168.15.36","src_port":44467,"dst_port":7080,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Sonos","proto_id":"430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":61,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1728503020063220} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":61,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1728503020063220} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 61/61 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673933 bytes -~~ total memory freed........: 8673933 bytes -~~ total allocations/frees...: 140618/140618 +~~ total memory allocated....: 9438372 bytes +~~ total memory freed........: 9438372 bytes +~~ total allocations/frees...: 154585/154585 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 525 chars ~~ json message max len.......: 2595 chars diff --git a/test/results/default/source_engine.pcap.out b/test/results/default/source_engine.pcap.out index 86a498c6f..de618f33d 100644 --- a/test/results/default/source_engine.pcap.out +++ b/test/results/default/source_engine.pcap.out @@ -1,24 +1,24 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268032673008} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268032673008} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268032673008,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680268032673008,"pkt":"suZ52dfuXu41QY3PCABFAAA1wr0AACoRioXezJ9Xzn3201BzaYcAIUOC\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268032673008,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1680268854178455} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1680268854178455} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680268854178455,"pkt":"lt5b\/81mXu41QY3PCABFAAA1amMAACcRFySuhp5Tzn322bloaYcAIQvR\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1680269897199187} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1680269897199187} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680269897199187,"pkt":"umfZn5dXAQBeQY3PCABFAAA12CcAACoRS8rtdbn3zn3226EjaYcAIcmA\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1680270565741530} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1680270565741530} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270565741530,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"252.187.173.26","dst_ip":"206.125.246.211","src_port":42155,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680270565741530,"pkt":"suZ52dfuXu41QY3PCABFAAA1dSgAACkRrWj8u60azn3206SraYcAIcOX\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270565741530,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"252.187.173.26","dst_ip":"206.125.246.211","src_port":42155,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1680271779776446} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1680271779776446} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271779776446,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271779776446,"l3_proto":"ip4","src_ip":"167.166.182.152","dst_ip":"206.125.246.212","src_port":53321,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680271779776446,"pkt":"tus5LcPaXu41QY3PCABFCAA1hEMAACQR7tunpraYzn321NBJaYcAIeOP\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271779776446,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271779776446,"l3_proto":"ip4","src_ip":"167.166.182.152","dst_ip":"206.125.246.212","src_port":53321,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -37,7 +37,7 @@ 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272337560282,"flow_src_last_pkt_time":1680272337560282,"flow_dst_last_pkt_time":1680272337560282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.222","src_port":38846,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271990901001,"flow_src_last_pkt_time":1680271990901001,"flow_dst_last_pkt_time":1680271990901001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.213","src_port":64888,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271905048618,"flow_src_last_pkt_time":1680271905048618,"flow_dst_last_pkt_time":1680271905048618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.217","src_port":52464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1680272423587299} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1680272423587299} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272423587299,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680272423587299,"pkt":"0i7fu7XLAQBeQY3PCABFAAA1GmkAACsRKNLtdZmyzn3212BHaYcAISqm\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272423587299,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -53,7 +53,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272493156815,"flow_src_last_pkt_time":1680272493156815,"flow_dst_last_pkt_time":1680272493156815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"252.141.177.26","dst_ip":"206.125.246.216","src_port":21572,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272337560282,"flow_src_last_pkt_time":1680272337560282,"flow_dst_last_pkt_time":1680272337560282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.222","src_port":38846,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1680275154446193} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1680275154446193} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275154446193,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680275154446193,"pkt":"8i53bZ3HXu41QY3PCABFAAA1YXkAAC4RB\/+Ml9FUzn321iCPaYcAIZOb\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275154446193,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -62,7 +62,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1680275513818590,"flow_dst_last_pkt_time":1680275513818590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680275513818590,"pkt":"8i53bZ3HXu41QY3PCABFAAA1YOgAACoR6hHFcrr3zn321qDqaYcAIfDB\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275513818590,"flow_src_last_pkt_time":1680275513818590,"flow_dst_last_pkt_time":1680275513818590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275513818590,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.214","src_port":41194,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275513818590,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1680276988600126} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1680276988600126} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276988600126,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680276988600126,"pkt":"suZ52dfuXu41QY3PCABFAAA1JwIAACkREMnenrXyzn323uN7aYcAIZoB\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276988600126,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -71,18 +71,18 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680277233172685,"pkt":"umfZn5dXAQBeQY3PCABFAAA12s0AACoRaZXti5lwzn322w6KaYcAIXyL\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277233172685,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277233172685,"l3_proto":"ip4","src_ip":"237.139.153.112","dst_ip":"206.125.246.219","src_port":3722,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277233172685,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1680278871503388} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1680278871503388} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680278871503388,"pkt":"8i53bZ3HXu41QY3PCABFAAA1stIAACkR6Gh2lbqTzn321lMlaYcAIY3I\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277233172685,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"237.139.153.112","dst_ip":"206.125.246.219","src_port":3722,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1680279669681327} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1680279669681327} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680279669681327,"pkt":"suZ52dfuXu41QY3PCABFAAA11kkAACkRaEuXtvYRzn323UXiaYcAIT5l\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1680279669681327} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1680279669681327} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -91,9 +91,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8684311 bytes -~~ total memory freed........: 8684311 bytes -~~ total allocations/frees...: 140726/140726 +~~ total memory allocated....: 9449197 bytes +~~ total memory freed........: 9449197 bytes +~~ total allocations/frees...: 154692/154692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 559 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/spotify_tcp.pcap.out b/test/results/default/spotify_tcp.pcap.out index e22de2c07..03aed917d 100644 --- a/test/results/default/spotify_tcp.pcap.out +++ b/test/results/default/spotify_tcp.pcap.out @@ -1,4 +1,4 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":53789009,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53789009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":53789009,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53789009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":53789009,"pkt":"UlQAEjUCCAAns+YuCABFAAA8YO9AAEAGtrcKAAIPI77zSL30D+Yfkn2LAAAAAKAC+vBeZAAAAgQFtAQCCAqdUcNLAAAAAAEDAwc="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53811806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":53811806,"pkt":"CAAns+YuUlQAEjUCCABFAAAsAhEAAEAGVaYjvvNICgACDw\/mvfQANrABH5J9jGAS\/\/9Z0AAAAgQFtA=="} @@ -7,7 +7,7 @@ 00892{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":53789009,"flow_src_last_pkt_time":53812035,"flow_dst_last_pkt_time":53811806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":53812035,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":53812035,"flow_dst_last_pkt_time":53812035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":53812035,"pkt":"CAAns+YuUlQAEjUCCABFAAAoAhIAAEAGVakjvvNICgACDw\/mvfQANrACH5J+1VAQ\/\/9wRAAA"} 00938{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":53789009,"flow_src_last_pkt_time":53908975,"flow_dst_last_pkt_time":53980552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":2002,"midstream":0,"thread_ts_usec":53980552,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":53980552} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":53980552} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647176 bytes -~~ total memory freed........: 8647176 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9411550 bytes +~~ total memory freed........: 9411550 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 512 chars ~~ json message max len.......: 960 chars diff --git a/test/results/default/sql_injection.pcap.out b/test/results/default/sql_injection.pcap.out index 32d28df91..009a72a3c 100644 --- a/test/results/default/sql_injection.pcap.out +++ b/test/results/default/sql_injection.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655243907401514} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655243907401514} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655243907401514,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":757,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":757,"pkt_l4_len":723,"thread_ts_usec":1655243907401514,"pkt":"FE+Kc3lP4CvpcxhCCABFAALnBMxAAEAGqxzAqANtwKgDa9EYAFBtgZhQ14snP4AYAfYjSgAAAQEICpBN+1KzuubyR0VUIC9EVldBLW1hc3Rlci92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9JTNGaWQlM0RhJTI3K1VOSU9OK1NFTEVDVCslMjJ0ZXh0MSUyMiUyQyUyMnRleHQyJTIyJTNCLS0rLSUyNlN1Ym1pdCUzRFN1Ym1pdCZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAxOTIuMTY4LjMuMTA3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDIuMC4wLjAgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClJlZmVyZXI6IGh0dHA6Ly8xOTIuMTY4LjMuMTA3L0RWV0EtbWFzdGVyL3Z1bG5lcmFiaWxpdGllcy9zcWxpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LUlULGl0O3E9MC45LGVuLVVTO3E9MC44LGVuO3E9MC43DQpDb29raWU6IFBIUFNFU1NJRD11YTdvdW1xY2g0aDJxZWx1YnB2bzIxZGVjNjsgc2VjdXJpdHk9bG93DQoNCg=="} 01567{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655243907401514,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.3.107","domainame":"192.168.3.107","http": {"url":"192.168.3.107\/DVWA-master\/vulnerabilities\/sqli\/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36","detected_os":"Linux x86_64"}}} @@ -8,7 +8,7 @@ 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655243907402945,"pkt":"4CvpcxhCFE+Kc3lPCABFAAFLVvxAAEAGWojAqANrwKgDbQBQ0RjXiyznbYGbA4AYAfhCywAAAQEICrO7eEeQTftS8nesfXSXKCDm16lh4L3R\/3eEe5NHG9q5YFT5OLsvveilNqwc26R5XzBmjTFWaW34feZsgc6YkLiDl7Vs5LhjA8TdGSy3hF1UUEMDSwkaJeLd+8vJHFDHlsmmShu3tld43vlGLOrFc8i2VLCYAeRLnKCNMqZ1A\/3nD6TUjuG2nJ62UVLP9qCsrYRWwVTwKWRNwSaQsiJWJjZDuhQSEZghWpS8aq0J867UoXP7aGx5AHHNce7U0K6w3lYodaNh2i4UXFtfKnrIH885NP3terkEoVtneMAtJnVtem8wmTzl1Stbx2ofmfYx1+p39ZyEAjaGPZUZCw4OCadoeFnu3npZ9iVdjSJiK6D9lcA97ZP\/AQkVDNI+EAAA"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655243907406272,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655243907406272,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA0BM1AAEAGrc7AqANtwKgDa9EYAFBtgZsD14st\/oAQAelVLQAAAQEICpBN+7Wzu3hH"} 01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907406272,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":1727,"midstream":1,"thread_ts_usec":1655243907406272,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.3.107"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655243907406272} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655243907406272} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645642 bytes -~~ total memory freed........: 8645642 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9410016 bytes +~~ total memory freed........: 9410016 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2508 chars diff --git a/test/results/default/srvloc-v1.pcapng.out b/test/results/default/srvloc-v1.pcapng.out index 16690adee..546cdb2e4 100644 --- a/test/results/default/srvloc-v1.pcapng.out +++ b/test/results/default/srvloc-v1.pcapng.out @@ -1,14 +1,14 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1610477174501058} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1610477174501058} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00998{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"thread_ts_usec":1610477174501058,"pkt":"AAAAAAAAAAYApNApCABFAAGG4R4AAD8RhM0X3HSvwKjHRwGr4bYBclCtAQcBagAAZW4AAx15AAABWih4LWhwLXZlcj0wMSkoeC1ocC1wcm9kX2lkPVN0ZWxsYTROV18wMSkoeC1ocC1tYWM9M0M1MjgyMjZGRDI4KSh4LWhwLWd1aWQ9M0M1MjgyMjZGRDI4KSh4LWhwLW51bV9wb3J0PTAxKSh4LWhwLWlwPTE5Mi4xNjguMTAwLjAyOSkoeC1ocC1obj1ERVYyNkZEMjgpKHgtaHAtcDE9TUZHOkhld2xldHQtUGFja2FyZDtNREw6SFAgQ29sb3IgTGFzZXJKZXQgUHJvIE1GUCBNMTc3Znc7Q01EOkFDTCxDTUQsWkpTLFVSRixQQ0xtLFBKTDtDTFM6UFJJTlRFUjtERVM6SFAgQ29sb3IgTGFzZXJKZXQgUHJvIE1GUCBNMTc3Znc7RldWRVI6MjAxNjA5MjY7TEVETURJUzpVU0IjZmYjMDQjMDE7Q0lEOkhQTEpQQ0xNU1YxOyk="} -00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1610477179484120,"pkt":"AAAAAAAAAAgAQ1JYCABFAABIcrMAAH8Rwr36U2lOrB72c8n8AasANMGIAQYALAAAZW4AAx73AAAAGHNlcnZpY2U6eC1ocG5wLWRpc2NvdmVyOgAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":406,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1610477179484120} +00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":406,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1610477179484120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647336 bytes -~~ total memory freed........: 8647336 bytes -~~ total allocations/frees...: 140546/140546 +~~ total memory allocated....: 9411742 bytes +~~ total memory freed........: 9411742 bytes +~~ total allocations/frees...: 154512/154512 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars ~~ json message max len.......: 1003 chars diff --git a/test/results/default/srvloc.pcap.out b/test/results/default/srvloc.pcap.out index b2cd88d42..a4cf4f29b 100644 --- a/test/results/default/srvloc.pcap.out +++ b/test/results/default/srvloc.pcap.out @@ -1,9 +1,9 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685617825174445} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685617825174445} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685617825174445,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685617825174445,"l3_proto":"ip4","src_ip":"37.40.101.196","dst_ip":"85.111.52.57","src_port":53106,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685617825174445,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbbAlKGXEVW80Oc9yAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685617825174445,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685617825174445,"l3_proto":"ip4","src_ip":"37.40.101.196","dst_ip":"85.111.52.57","src_port":53106,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1685630200886590} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1685630200886590} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630200886590,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685630200886590,"pkt":"3jHC4dyOPJTVQTiBCABFCABL5ywAACQR3TcbhqncWo0lOLBrAasAN20TAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630200886590,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -12,7 +12,7 @@ 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685630282860970,"flow_dst_last_pkt_time":1685630282860970,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1685630282860970,"pkt":"xmjqc4OdPJTVQTiBCABFCACH1DEAAOsRrCYsY3GWunDKNZ6vAasAcwAAAgIAAGtAAAAAAIgRAAJlbgAAAAMAEREAHmh0dHBzOi8vZXhhbXBsZS5jb20vaW5kZXguaHRtbAAAEREAGHNjaGVtZTovL2RvbWFpbi50bGQvcGF0aAAAEREAD3NscDovL2hvc3QvcGF0aAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630282860970,"flow_src_last_pkt_time":1685630282860970,"flow_dst_last_pkt_time":1685630282860970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630282860970,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"186.112.202.53","src_port":40623,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630282860970,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":183,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1685630932313616} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":183,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1685630932313616} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630932313616,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_usec":1685630932313616,"pkt":"bs1PogZtPJTVQTiBCABFCACL1DEAAOsRrCEsY3GWWpG0OoeJAasAdwAAAgIAAG9AAAAAAIgRAAJlbgAAAAIAEREAHmh0dHBzOi8vZXhhbXBsZS5jb20vaW5kZXguaHRtbAIAAAANAAAAAAADQUFBAAAAEQAAAAAAB0JCQkJCQkIAIiIAE3NscDovL3Rlc3Qub3JnL3Rlc3QA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630932313616,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -22,13 +22,13 @@ 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685631007788963,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRpSXQZLGIWo0lOIHeAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685631007788963,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685631007788963,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.141.37.56","src_port":33246,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685631007788963,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1685632512691057} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1685632512691057} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685632512691057,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":33510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685632512691057,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpTItfJOcVW80OYLmAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685632512691057,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":33510,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685631007788963,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.141.37.56","src_port":33246,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1685634172336790} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1685634172336790} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634172336790,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685634172336790,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpS0tfJOcpXLKPcXnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634172336790,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -42,22 +42,22 @@ 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634721622135,"flow_src_last_pkt_time":1685634721622135,"flow_dst_last_pkt_time":1685634721622135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.147.171.51","src_port":43154,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":41268,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1685636053299196} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1685636053299196} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685636053299196,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpTctfJOcSm\/LN981AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634721622135,"flow_src_last_pkt_time":1685634721622135,"flow_dst_last_pkt_time":1685634721622135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.147.171.51","src_port":43154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1685637797751103} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1685637797751103} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685637797751103,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMi4tKjwpZBUPpStAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1685638455443887} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1685638455443887} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685638455443887,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"69.109.187.54","src_port":38756,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685638455443887,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpTXsg6KdRW27NpdkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685638455443887,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"69.109.187.54","src_port":38756,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1685644247091385} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1685644247091385} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644247091385,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644247091385,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":39908,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685644247091385,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OZvkAasAJU6QAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644247091385,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644247091385,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":39908,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -70,13 +70,13 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685644782769825,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNZLgAasAJVeXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644782769825,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644782769825,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":37600,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644675913837,"flow_src_last_pkt_time":1685644675913837,"flow_dst_last_pkt_time":1685644675913837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644782769825,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":40656,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1263,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":15,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1685646379667471} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1263,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":15,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1685646379667471} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685646379667471,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.147.171.51","src_port":53651,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685646379667471,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbNVGHGX8WpOrM9GTAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685646379667471,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.147.171.51","src_port":53651,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644782769825,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":37600,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644675913837,"flow_src_last_pkt_time":1685644675913837,"flow_dst_last_pkt_time":1685644675913837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":40656,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1292,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1685647342398373} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1292,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1685647342398373} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647342398373,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647342398373,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN5gBAasAJVJ4AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647342398373,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -85,7 +85,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1685647407833070,"flow_dst_last_pkt_time":1685647407833070,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647407833070,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMoKtAasAJWfNAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647407833070,"flow_src_last_pkt_time":1685647407833070,"flow_dst_last_pkt_time":1685647407833070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647407833070,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":33453,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647407833070,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1685647960810732} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1685647960810732} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647960810732,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647960810732,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lOO4jAasAJfxRAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647960810732,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -95,13 +95,13 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685648124700322,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM6ErAasAJUlQAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648124700322,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648124700322,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":41259,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648124700322,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":20,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1685648698148233} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":20,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1685648698148233} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648698148233,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"62.230.4.248","dst_ip":"165.144.84.62","src_port":56007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685648698148233,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbM4+5gT4pZBUPtrHAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648698148233,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"62.230.4.248","dst_ip":"165.144.84.62","src_port":56007,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648124700322,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":41259,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1437,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":21,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1685650322996075} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1437,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":21,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1685650322996075} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650322996075,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650322996075,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":52741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650322996075,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPc4FAasAJRxqAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650322996075,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650322996075,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":52741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -114,18 +114,18 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650669220572,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPqhCAasAJUIuAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650669220572,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650669220572,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":43074,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650536282125,"flow_src_last_pkt_time":1685650536282125,"flow_dst_last_pkt_time":1685650536282125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650669220572,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":39516,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1524,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":24,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":117,"global_ts_usec":1685650926504967} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1524,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":24,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":117,"global_ts_usec":1685650926504967} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650926504967,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRbJPG5eBuWpG0OtxLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650536282125,"flow_src_last_pkt_time":1685650536282125,"flow_dst_last_pkt_time":1685650536282125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":39516,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650669220572,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":43074,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":25,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":123,"global_ts_usec":1685653377845672} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":25,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":123,"global_ts_usec":1685653377845672} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685653377845672,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":27095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685653377845672,"pkt":"AAwp30Y4PJTVQTiBCABFAABSlBMAAG4Rf4VDnxCWpZBUPmnXAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685653377845672,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":27095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1607,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":26,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":128,"global_ts_usec":1685656813046229} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1607,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":26,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":128,"global_ts_usec":1685656813046229} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685656813046229,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685656813046229,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWnZ2bonunDKNc23AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685656813046229,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -134,7 +134,7 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1685657160451708,"flow_dst_last_pkt_time":1685657160451708,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685657160451708,"pkt":"bpHurUgdPJTVQTiBCABFCABLsZ4AACIRGQ0j\/EVxRW27NmYwAasAN7uVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685657160451708,"flow_src_last_pkt_time":1685657160451708,"flow_dst_last_pkt_time":1685657160451708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685657160451708,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":26160,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685657160451708,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":28,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1685719505759316} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":28,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1685719505759316} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719505759316,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685719505759316,"pkt":"3jHC4dyOPJTVQTiBCABFAABL9UAAACcR3eciZn14Wo0lOLGBAasAN325AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719505759316,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -143,12 +143,12 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685719700086818,"pkt":"AAwp30Y4PJTVQTiBCABFCABLINwAACQRo44bhqncWpOrM+VDAasANzhBAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719700086818,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719700086818,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.147.171.51","src_port":58691,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719700086818,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":30,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1685722352249009} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":30,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1685722352249009} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685722352249009,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":33386,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685722352249009,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsREgyGtJCVunDKNYJqAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685722352249009,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":33386,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719700086818,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.147.171.51","src_port":58691,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":31,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":151,"global_ts_usec":1685724063085340} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":31,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":151,"global_ts_usec":1685724063085340} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724063085340,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724063085340,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.145.180.58","src_port":50939,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685724063085340,"pkt":"bs1PogZtPJTVQTiBCABFCABLVAkAACQRcFsk523ZWpG0Osb7AasAN1aDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724063085340,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724063085340,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.145.180.58","src_port":50939,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -161,7 +161,7 @@ 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1685724460743313,"flow_dst_last_pkt_time":1685724460743313,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685724460743313,"pkt":"moT+\/Ph8PJTVQTiBCABFCAB+1DEAAOsREgK2tHiLVW80OeZaAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724460743313,"flow_src_last_pkt_time":1685724460743313,"flow_dst_last_pkt_time":1685724460743313,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724460743313,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"85.111.52.57","src_port":58970,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724385340729,"flow_src_last_pkt_time":1685724385340729,"flow_dst_last_pkt_time":1685724385340729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724460743313,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":41334,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":7,"current-active-flows":2,"total-active-flows":34,"total-idle-flows":32,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1685725477275419} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":7,"current-active-flows":2,"total-active-flows":34,"total-idle-flows":32,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1685725477275419} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725477275419,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725477275419,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":55489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685725477275419,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZXItJByWm\/UMtjBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725477275419,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725477275419,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":55489,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -180,7 +180,7 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725970240675,"flow_src_last_pkt_time":1685725970240675,"flow_dst_last_pkt_time":1685725970240675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"47.123.189.155","dst_ip":"90.147.171.51","src_port":56038,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725705626703,"flow_src_last_pkt_time":1685725705626703,"flow_dst_last_pkt_time":1685725705626703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":60983,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725834402274,"flow_src_last_pkt_time":1685725834402274,"flow_dst_last_pkt_time":1685725834402274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.141.37.56","src_port":38679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2459,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":38,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":38,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":183,"global_ts_usec":1685726470530729} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2459,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":38,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":38,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":183,"global_ts_usec":1685726470530729} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726470530729,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685726470530729,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPARDNBGtG\/xSm\/LN7vgAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726470530729,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -190,43 +190,43 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685726834568415,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAOsREgC2tHiLWpG0OrXjAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726834568415,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726834568415,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":46563,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726834568415,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":42,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":40,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":40,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":193,"global_ts_usec":1685731799713540} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":42,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":40,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":40,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":193,"global_ts_usec":1685731799713540} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685731799713540,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbPbaEx26Wm\/UMtv7AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726834568415,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":46563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2684,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":41,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":198,"global_ts_usec":1685734492958804} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2684,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":41,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":198,"global_ts_usec":1685734492958804} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685734492958804,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbOC61Z7hRW27NsiVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2713,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":42,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":42,"total-idle-flows":41,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1685736988753451} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2713,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":42,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":42,"total-idle-flows":41,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1685736988753451} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685736988753451,"pkt":"3jHC4dyOPJTVQTiBCABFCABLe9YAACQRSJTn33nVWo0lOBuuAasANwHXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":43,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":208,"global_ts_usec":1685741033951129} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":43,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":208,"global_ts_usec":1685741033951129} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951129,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685741033951129,"pkt":"AAwp30Y4PJTVQTiBCABFCABSKPYAACgRnOcUhXAgpXLKPSz2AasAPogCAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951129,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1685741033951143,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685741033951143,"pkt":"AAwp30Y4PJTVQTiBCABFCABSKPYAACgRnOcUhXAgpXLKPSz2AasAPogCAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951143,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":47,"packets-processed":46,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1685749458942275} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":47,"packets-processed":46,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1685749458942275} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685749458942275,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRYABTMNjrunDKNcohAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951143,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":48,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":45,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1685750473996900} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":48,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":45,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1685750473996900} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685750473996900,"pkt":"AAwp30Y4PJTVQTiBCABFAABLscgAACcRIVOaYYR3pZBUPvsyAasANzP7AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":46,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":224,"global_ts_usec":1685754984415729} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":46,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":224,"global_ts_usec":1685754984415729} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685754984415729,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"90.145.180.58","src_port":56358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685754984415729,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRXvtTMNjrWpG0OtwmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685754984415729,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"90.145.180.58","src_port":56358,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1685757305453914} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1685757305453914} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757305453914,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685757305453914,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+GZhAADQR3IJIHggnWm\/UMqqqAasAKnQsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757305453914,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -235,7 +235,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1685757594807526,"flow_dst_last_pkt_time":1685757594807526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685757594807526,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+4kRAADQRE8lHJggvWo0lOKbBAasAKngIAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757594807526,"flow_src_last_pkt_time":1685757594807526,"flow_dst_last_pkt_time":1685757594807526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757594807526,"l3_proto":"ip4","src_ip":"71.38.8.47","dst_ip":"90.141.37.56","src_port":42689,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757594807526,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":52,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3041,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":49,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":49,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":238,"global_ts_usec":1685758217856293} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":52,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3041,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":49,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":49,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":238,"global_ts_usec":1685758217856293} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758217856293,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685758217856293,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+f25AADQRdoJ5avcUpZBUPjB5AasAKu4zAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758217856293,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -249,7 +249,7 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758497495915,"flow_src_last_pkt_time":1685758497495915,"flow_dst_last_pkt_time":1685758497495915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"185.225.247.8","dst_ip":"165.114.202.61","src_port":48375,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758396547203,"flow_src_last_pkt_time":1685758396547203,"flow_dst_last_pkt_time":1685758396547203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"55.94.8.63","dst_ip":"90.145.180.58","src_port":43995,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":55,"packets-processed":54,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":11,"current-active-flows":2,"total-active-flows":52,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1685758883587256} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":55,"packets-processed":54,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":11,"current-active-flows":2,"total-active-flows":52,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1685758883587256} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758883587256,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685758883587256,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+3xBAADQRFtB5UggHVW80OesKAasAKjOSAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758883587256,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -259,7 +259,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1685759315778010,"flow_dst_last_pkt_time":1685759315778010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759315778010,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+7TlAADQRCL55avcUunDKNdiyAasAKkYBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759315778010,"flow_src_last_pkt_time":1685759315778010,"flow_dst_last_pkt_time":1685759315778010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759315778010,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"186.112.202.53","src_port":55474,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759315778010,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":57,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":54,"total-detection-updates":0,"total-updates":11,"current-active-flows":1,"total-active-flows":54,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":262,"global_ts_usec":1685759582800435} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":57,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":54,"total-detection-updates":0,"total-updates":11,"current-active-flows":1,"total-active-flows":54,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":262,"global_ts_usec":1685759582800435} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759582800435,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759582800435,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+PaVAADQRuFZ5avcUWpOrM9iyAasAKkYFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759582800435,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -268,7 +268,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1685759668286856,"flow_dst_last_pkt_time":1685759668286856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759668286856,"pkt":"ipffLU2SPJTVQTiBCABFAAA+WVBAADQRnKXIYfcYSm\/LN1ZsAasAKshFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759668286856,"flow_src_last_pkt_time":1685759668286856,"flow_dst_last_pkt_time":1685759668286856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759668286856,"l3_proto":"ip4","src_ip":"200.97.247.24","dst_ip":"74.111.203.55","src_port":22124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759668286856,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":59,"packets-processed":58,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":56,"total-idle-flows":54,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":271,"global_ts_usec":1685761109424998} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":59,"packets-processed":58,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":56,"total-idle-flows":54,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":271,"global_ts_usec":1685761109424998} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761109424998,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685761109424998,"pkt":"bs1PogZtPJTVQTiBCABFBABS6itAACERQQR5I\/Q4WpG0Ond0AasAPtvSAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761109424998,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -283,74 +283,74 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761390202624,"flow_src_last_pkt_time":1685761390202624,"flow_dst_last_pkt_time":1685761390202624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"38.236.38.224","dst_ip":"165.114.202.61","src_port":52729,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761214200787,"flow_src_last_pkt_time":1685761214200787,"flow_dst_last_pkt_time":1685761214200787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"69.109.187.54","src_port":26060,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3409,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":59,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":286,"global_ts_usec":1685764555721287} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3409,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":59,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":286,"global_ts_usec":1685764555721287} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685764555721287,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbXpF5qROWo0lONfrAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761390202624,"flow_src_last_pkt_time":1685761390202624,"flow_dst_last_pkt_time":1685761390202624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"38.236.38.224","dst_ip":"165.114.202.61","src_port":52729,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761214200787,"flow_src_last_pkt_time":1685761214200787,"flow_dst_last_pkt_time":1685761214200787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"69.109.187.54","src_port":26060,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":60,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":292,"global_ts_usec":1685765514548491} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":60,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":292,"global_ts_usec":1685765514548491} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548491,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685765514548491,"pkt":"AAwp30Y4PJTVQTiBCABFBABSeCIAADQRBE3rYkGFpZBUPnwiAasAPvtjAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548491,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1685765514548505,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685765514548505,"pkt":"AAwp30Y4PJTVQTiBCABFBABSeCIAADQRBE3rYkGFpZBUPnwiAasAPvtjAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548505,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":65,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3546,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":298,"global_ts_usec":1685768356139839} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":65,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3546,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":298,"global_ts_usec":1685768356139839} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685768356139839,"pkt":"xmjqc4OdPJTVQTiBCABFCABLLsoAACQRlZ5YH27bunDKNcXkAasAN1eeAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548505,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":62,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":303,"global_ts_usec":1685771545738452} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":62,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":303,"global_ts_usec":1685771545738452} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685771545738452,"pkt":"AAwp30Y4PJTVQTiBCABFCABL4vwAACIR56cjAGRzpXLKPfWsAasANywSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":308,"global_ts_usec":1685783660893661} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":308,"global_ts_usec":1685783660893661} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685783660893661,"pkt":"AAwp30Y4PJTVQTiBCABFAABLeWAAACcRWcMiZn14pZBUPkQPAasAN+smAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3687,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":313,"global_ts_usec":1685786055859235} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3687,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":313,"global_ts_usec":1685786055859235} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685786055859235,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbd9G6OblVW80Ocf9AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":318,"global_ts_usec":1685786672936242} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":318,"global_ts_usec":1685786672936242} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685786672936242,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX96s7ZjRpZBUPsn8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} -00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":323,"global_ts_usec":1685787446315396} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":323,"global_ts_usec":1685787446315396} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685787446315396,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbFE6JJ09Sm\/LN8\/2AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3774,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":328,"global_ts_usec":1685789104454151} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3774,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":328,"global_ts_usec":1685789104454151} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685789104454151,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLkZcAACQRMtHjhlHUVW80OZFXAasAN4wrAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":72,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3821,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":68,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":333,"global_ts_usec":1685798769239701} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":72,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3821,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":68,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":333,"global_ts_usec":1685798769239701} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685798769239701,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL6mEAACIR4FInO4t5VW80OcfVAasAN1n5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":73,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":69,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":338,"global_ts_usec":1685802654160689} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":73,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":69,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":338,"global_ts_usec":1685802654160689} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685802654160689,"pkt":"AAwp30Y4PJTVQTiBCABFCABLGncAACQRqffjhlHUWm\/UMrB5AasAN20PAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":343,"global_ts_usec":1685803636118223} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":343,"global_ts_usec":1685803636118223} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685803636118223,"pkt":"AAwp30Y4PJTVQTiBCABFCABL\/N4AACQRx31nR5LepXLKPbqcAasAN2LaAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":75,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":348,"global_ts_usec":1685804974645010} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":75,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":348,"global_ts_usec":1685804974645010} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685804974645010,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"238.132.112.150","dst_ip":"90.147.171.51","src_port":44248,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685804974645010,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTLuhHCWWpOrM6zYAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685804974645010,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"238.132.112.150","dst_ip":"90.147.171.51","src_port":44248,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4060,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":72,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":72,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":353,"global_ts_usec":1685805765811289} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4060,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":72,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":72,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":353,"global_ts_usec":1685805765811289} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685805765811289,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685805765811289,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRCw+GtJCVWpG0Ore9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685805765811289,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -359,7 +359,7 @@ 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1685806301914300,"flow_dst_last_pkt_time":1685806301914300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685806301914300,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSvsm2CTWm\/UMq27AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685806301914300,"flow_src_last_pkt_time":1685806301914300,"flow_dst_last_pkt_time":1685806301914300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685806301914300,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.111.212.50","src_port":44475,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685806301914300,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":78,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":74,"total-idle-flows":73,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":362,"global_ts_usec":1685809385375373} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":78,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":74,"total-idle-flows":73,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":362,"global_ts_usec":1685809385375373} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809385375373,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685809385375373,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAOsREge2tHiLSm\/LN4GEAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809385375373,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -368,7 +368,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685809633823277,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAPARqCMTY5OUWo0lOL+cAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809633823277,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809633823277,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"90.141.37.56","src_port":49052,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809633823277,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":80,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4452,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":76,"total-idle-flows":75,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":371,"global_ts_usec":1685810288436552} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":80,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4452,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":76,"total-idle-flows":75,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":371,"global_ts_usec":1685810288436552} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"165.114.202.61","src_port":44018,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685810288436552,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSkve7GapXLKPavyAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"165.114.202.61","src_port":44018,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -376,7 +376,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685810288436552,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrBkuZGGTpZBUPpILAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.144.84.62","src_port":37387,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809633823277,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"90.141.37.56","src_port":49052,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":82,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":78,"total-idle-flows":76,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":379,"global_ts_usec":1685812438394439} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":82,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":78,"total-idle-flows":76,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":379,"global_ts_usec":1685812438394439} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812438394439,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685812438394439,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsREgyGtJCVunDKNb5hAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812438394439,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -391,7 +391,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812825868185,"flow_src_last_pkt_time":1685812825868185,"flow_dst_last_pkt_time":1685812825868185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"85.111.52.57","src_port":35950,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812605076027,"flow_src_last_pkt_time":1685812605076027,"flow_dst_last_pkt_time":1685812605076027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":57533,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":81,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":81,"total-idle-flows":80,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":394,"global_ts_usec":1685823608659744} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":81,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":81,"total-idle-flows":80,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":394,"global_ts_usec":1685823608659744} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685823608659744,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685823608659744,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXkwsMR8CWpOrM8f9AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685823608659744,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -400,7 +400,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1685824045529363,"flow_dst_last_pkt_time":1685824045529363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685824045529363,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRpTATY5KcWpG0OtRrAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685824045529363,"flow_src_last_pkt_time":1685824045529363,"flow_dst_last_pkt_time":1685824045529363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685824045529363,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":54379,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685824045529363,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":87,"packets-processed":86,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":83,"total-idle-flows":82,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":403,"global_ts_usec":1685833753925206} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":87,"packets-processed":86,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":83,"total-idle-flows":82,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":403,"global_ts_usec":1685833753925206} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833753925206,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685833753925206,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXlSuMgcLRW27NtiaAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833753925206,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -409,28 +409,28 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685833820099618,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbfk62rixWm\/UMtMrAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833820099618,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833820099618,"l3_proto":"ip4","src_ip":"58.218.184.177","dst_ip":"90.111.212.50","src_port":54059,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833820099618,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":89,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":16,"current-active-flows":2,"total-active-flows":85,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":412,"global_ts_usec":1685837260196335} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":89,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":16,"current-active-flows":2,"total-active-flows":85,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":412,"global_ts_usec":1685837260196335} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685837260196335,"pkt":"bs1PogZtPJTVQTiBCABFCABLWQ0AACIRcZkfAJpyWpG0Op2\/AasAN4QBAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833820099618,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"58.218.184.177","dst_ip":"90.111.212.50","src_port":54059,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5174,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":86,"total-idle-flows":85,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":418,"global_ts_usec":1685838786050204} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5174,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":86,"total-idle-flows":85,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":418,"global_ts_usec":1685838786050204} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685838786050204,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbcNC5MLbunDKNc9xAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":87,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":87,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":423,"global_ts_usec":1685845591689038} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":87,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":87,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":423,"global_ts_usec":1685845591689038} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685845591689038,"pkt":"ipffLU2SPJTVQTiBCABFAABSAK0AAG0RE\/VDnxCWSm\/LN6rvAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":92,"packets-processed":91,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5257,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":88,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":88,"total-idle-flows":87,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":428,"global_ts_usec":1685846371302206} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":92,"packets-processed":91,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5257,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":88,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":88,"total-idle-flows":87,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":428,"global_ts_usec":1685846371302206} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685846371302206,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":53596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685846371302206,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMtFcAasAJRkeAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685846371302206,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":53596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":93,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5286,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":89,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":89,"total-idle-flows":88,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":433,"global_ts_usec":1685847518566522} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":93,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5286,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":89,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":89,"total-idle-flows":88,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":433,"global_ts_usec":1685847518566522} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685847518566522,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685847518566522,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NrsHAasAJS9xAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685847518566522,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -439,7 +439,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1685848000557988,"flow_dst_last_pkt_time":1685848000557988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685848000557988,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM67xAasAJTuKAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685848000557988,"flow_src_last_pkt_time":1685848000557988,"flow_dst_last_pkt_time":1685848000557988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685848000557988,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685848000557988,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":95,"packets-processed":94,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":91,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":91,"total-idle-flows":90,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":442,"global_ts_usec":1685849540053899} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":95,"packets-processed":94,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":91,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":91,"total-idle-flows":90,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":442,"global_ts_usec":1685849540053899} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849540053899,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685849540053899,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPsikAasAJSHMAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849540053899,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -453,7 +453,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849733217189,"flow_src_last_pkt_time":1685849733217189,"flow_dst_last_pkt_time":1685849733217189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":51228,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849664860009,"flow_src_last_pkt_time":1685849664860009,"flow_dst_last_pkt_time":1685849664860009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":94,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":94,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":456,"global_ts_usec":1685851175046998} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":94,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":94,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":456,"global_ts_usec":1685851175046998} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851175046998,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685851175046998,"pkt":"3jHC4dyOPJTVQTiBCABFCABL904AACIR01kj\/EVxWo0lOOkiAasANzigAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851175046998,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -468,28 +468,28 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851372073022,"flow_src_last_pkt_time":1685851372073022,"flow_dst_last_pkt_time":1685851372073022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":40943,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851293085114,"flow_src_last_pkt_time":1685851293085114,"flow_dst_last_pkt_time":1685851293085114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"208.209.71.22","dst_ip":"85.111.52.57","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":101,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5536,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":97,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":97,"total-idle-flows":95,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":471,"global_ts_usec":1685852052162325} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":101,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5536,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":97,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":97,"total-idle-flows":95,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":471,"global_ts_usec":1685852052162325} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685852052162325,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPURKLTIH5CeWpG0OoEYAasAJWlaAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851293085114,"flow_src_last_pkt_time":1685851293085114,"flow_dst_last_pkt_time":1685851293085114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"208.209.71.22","dst_ip":"85.111.52.57","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851372073022,"flow_src_last_pkt_time":1685851372073022,"flow_dst_last_pkt_time":1685851372073022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":40943,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":102,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":98,"total-idle-flows":97,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":477,"global_ts_usec":1685860258822121} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":102,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":98,"total-idle-flows":97,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":477,"global_ts_usec":1685860258822121} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685860258822121,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAO0RqigTnLybunDKNbtcAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5663,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":99,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":99,"total-idle-flows":98,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":482,"global_ts_usec":1685863658998957} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5663,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":99,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":99,"total-idle-flows":98,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":482,"global_ts_usec":1685863658998957} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685863658998957,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRYDnSDNiXWpG0OtTNAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":104,"packets-processed":103,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":100,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":100,"total-idle-flows":99,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":487,"global_ts_usec":1685866496459415} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":104,"packets-processed":103,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":100,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":100,"total-idle-flows":99,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":487,"global_ts_usec":1685866496459415} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685866496459415,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.141.37.56","src_port":52969,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685866496459415,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRbM9GHGX8Wo0lOM7pAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685866496459415,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.141.37.56","src_port":52969,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":105,"packets-processed":104,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":101,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":101,"total-idle-flows":100,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":492,"global_ts_usec":1685868922612761} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":105,"packets-processed":104,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":101,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":101,"total-idle-flows":100,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":492,"global_ts_usec":1685868922612761} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685868922612761,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685868922612761,"pkt":"ipffLU2SPJTVQTiBCABFAAA+wDFAADQRPtU5AzHVSm\/LN2TcAasAKsLmAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685868922612761,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -498,20 +498,20 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685869117973932,"pkt":"bpHurUgdPJTVQTiBCABFAAA+ZfVAADQRmRxGwcb6RW27NnFTAasAKrZ6AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869117973932,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869117973932,"l3_proto":"ip4","src_ip":"70.193.198.250","dst_ip":"69.109.187.54","src_port":29011,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869117973932,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":103,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":103,"total-idle-flows":102,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":501,"global_ts_usec":1685869695331980} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":103,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":103,"total-idle-flows":102,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":501,"global_ts_usec":1685869695331980} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685869695331980,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+88RAADQRC1FXANnyVW80OdPMAasAKlQFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869117973932,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"70.193.198.250","dst_ip":"69.109.187.54","src_port":29011,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870241871015,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"54.251.198.222","dst_ip":"165.144.84.62","src_port":40998,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870241871015,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+NXBAADQRyYU2+8bepZBUPqAmAasAKoeLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870241871015,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"54.251.198.222","dst_ip":"165.144.84.62","src_port":40998,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870241871015,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"54.251.198.222","dst_ip":"165.144.84.62","src_port":40998,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":510,"global_ts_usec":1685870479493725} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":510,"global_ts_usec":1685870479493725} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870479493725,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"87.39.57.211","dst_ip":"90.141.37.56","src_port":42486,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870479493725,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+4zlAADQRG81XJznTWo0lOKX2AasAKoHMAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870479493725,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"87.39.57.211","dst_ip":"90.141.37.56","src_port":42486,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870241871015,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"54.251.198.222","dst_ip":"165.144.84.62","src_port":40998,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870241871015,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"54.251.198.222","dst_ip":"165.144.84.62","src_port":40998,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870701070559,"flow_src_last_pkt_time":1685870701070559,"flow_dst_last_pkt_time":1685870701070559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870701070559,"l3_proto":"ip4","src_ip":"88.219.46.235","dst_ip":"90.147.171.51","src_port":7636,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1685870701070559,"flow_dst_last_pkt_time":1685870701070559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870701070559,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+HQ1AADQR4htY2y7rWpOrMx3UAasAKgoRAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870701070559,"flow_src_last_pkt_time":1685870701070559,"flow_dst_last_pkt_time":1685870701070559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870701070559,"l3_proto":"ip4","src_ip":"88.219.46.235","dst_ip":"90.147.171.51","src_port":7636,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -530,7 +530,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871075034933,"flow_src_last_pkt_time":1685871075034933,"flow_dst_last_pkt_time":1685871075034933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"168.222.38.193","dst_ip":"186.112.202.53","src_port":38055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870800640514,"flow_src_last_pkt_time":1685870800640514,"flow_dst_last_pkt_time":1685870800640514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"74.111.203.55","src_port":56717,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870915573371,"flow_src_last_pkt_time":1685870915573371,"flow_dst_last_pkt_time":1685870915573371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"90.111.212.50","src_port":49798,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":110,"total-detection-updates":0,"total-updates":23,"current-active-flows":2,"total-active-flows":110,"total-idle-flows":108,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":533,"global_ts_usec":1685871093262888} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":110,"total-detection-updates":0,"total-updates":23,"current-active-flows":2,"total-active-flows":110,"total-idle-flows":108,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":533,"global_ts_usec":1685871093262888} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871093262888,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685871093262888,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXosuzP9LpZBUPtc6AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871093262888,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -540,7 +540,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870915573371,"flow_src_last_pkt_time":1685870915573371,"flow_dst_last_pkt_time":1685870915573371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"90.111.212.50","src_port":49798,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871075034933,"flow_src_last_pkt_time":1685871075034933,"flow_dst_last_pkt_time":1685871075034933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"168.222.38.193","dst_ip":"186.112.202.53","src_port":38055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":25,"current-active-flows":3,"total-active-flows":112,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":543,"global_ts_usec":1685872555023942} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":25,"current-active-flows":3,"total-active-flows":112,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":543,"global_ts_usec":1685872555023942} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872555023942,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685872555023942,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+aWdAADQRlZGnOTHbpXLKPfQPAasAKjOlAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872555023942,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -551,27 +551,27 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685872858284372,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXklTDuAOpXLKPdm1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872858284372,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872858284372,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"165.114.202.61","src_port":55733,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872858284372,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":118,"packets-processed":117,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":114,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":554,"global_ts_usec":1685882198118291} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":118,"packets-processed":117,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":114,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":554,"global_ts_usec":1685882198118291} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685882198118291,"pkt":"bpHurUgdPJTVQTiBCABFCABLT4kAACIReyefPLR2RW27NqqoAasAN3ciAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872858284372,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"165.114.202.61","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":119,"packets-processed":118,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":115,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":115,"total-idle-flows":114,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":559,"global_ts_usec":1685890136540249} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":119,"packets-processed":118,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":115,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":115,"total-idle-flows":114,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":559,"global_ts_usec":1685890136540249} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685890136540249,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsREhCGtJCVWpOrM5XnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":120,"packets-processed":119,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":116,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":116,"total-idle-flows":115,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":564,"global_ts_usec":1685893050953648} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":120,"packets-processed":119,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":116,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":116,"total-idle-flows":115,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":564,"global_ts_usec":1685893050953648} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685893050953648,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAOsREgqGtJCVWo0lOM51AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":117,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":117,"total-idle-flows":116,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":569,"global_ts_usec":1685894881323596} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":117,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":117,"total-idle-flows":116,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":569,"global_ts_usec":1685894881323596} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685894881323596,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"165.114.202.61","src_port":53222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685894881323596,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSrvZI2ZpXLKPc\/mAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685894881323596,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"165.114.202.61","src_port":53222,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":118,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":118,"total-idle-flows":117,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":574,"global_ts_usec":1685895935303589} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":118,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":118,"total-idle-flows":117,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":574,"global_ts_usec":1685895935303589} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685895935303589,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685895935303589,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiQtY5KSWm\/UMoW+AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685895935303589,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -580,13 +580,13 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685896082620616,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RD\/62tHiLpZBUPuqLAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685896082620616,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685896082620616,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":60043,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685896082620616,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":124,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":120,"total-detection-updates":0,"total-updates":26,"current-active-flows":2,"total-active-flows":120,"total-idle-flows":118,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1685898155508793} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":124,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":120,"total-detection-updates":0,"total-updates":26,"current-active-flows":2,"total-active-flows":120,"total-idle-flows":118,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1685898155508793} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685898155508793,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"74.111.203.55","src_port":55816,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685898155508793,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqiIuZGGTSm\/LN9oIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685898155508793,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"74.111.203.55","src_port":55816,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685896082620616,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":60043,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":125,"packets-processed":124,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6783,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":121,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":121,"total-idle-flows":120,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":589,"global_ts_usec":1685900239002858} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":125,"packets-processed":124,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6783,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":121,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":121,"total-idle-flows":120,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":589,"global_ts_usec":1685900239002858} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900239002858,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685900239002858,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpTIve7GaRW27Nrq9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900239002858,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -599,7 +599,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900456106642,"flow_src_last_pkt_time":1685900456106642,"flow_dst_last_pkt_time":1685900456106642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"186.112.202.53","src_port":39226,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900274127763,"flow_src_last_pkt_time":1685900274127763,"flow_dst_last_pkt_time":1685900274127763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":51113,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":128,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":124,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":124,"total-idle-flows":123,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":602,"global_ts_usec":1685915408138503} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":128,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":124,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":124,"total-idle-flows":123,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":602,"global_ts_usec":1685915408138503} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915408138503,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685915408138503,"pkt":"AAwp30Y4PJTVQTiBCABFCABLkhwAACIROIkjAGRzpZBUPiXRAasAN\/vuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915408138503,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -608,32 +608,32 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685915597923295,"pkt":"ipffLU2SPJTVQTiBCABFAABLM0cAACcRn97invx\/Sm\/LN2ATAasAN88kAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915597923295,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915597923295,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"74.111.203.55","src_port":24595,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915597923295,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":126,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":126,"total-idle-flows":125,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":611,"global_ts_usec":1685918860009356} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":126,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":126,"total-idle-flows":125,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":611,"global_ts_usec":1685918860009356} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685918860009356,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbX1CGOFNSm\/LN9sWAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915597923295,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"74.111.203.55","src_port":24595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":127,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":127,"total-idle-flows":126,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":616,"global_ts_usec":1685919707980290} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":127,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":127,"total-idle-flows":126,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":616,"global_ts_usec":1685919707980290} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685919707980290,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRX0xTDuAOWpG0OsCbAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":132,"packets-processed":131,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":128,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":128,"total-idle-flows":127,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":621,"global_ts_usec":1685923909350319} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":132,"packets-processed":131,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":128,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":128,"total-idle-flows":127,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":621,"global_ts_usec":1685923909350319} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685923909350319,"pkt":"3jHC4dyOPJTVQTiBCABFAABLfvwAACcRVCBiZ\/1zWo0lOKxDAasAN4LrAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":133,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7276,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":129,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":129,"total-idle-flows":128,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":626,"global_ts_usec":1685927801125774} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":133,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7276,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":129,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":129,"total-idle-flows":128,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":626,"global_ts_usec":1685927801125774} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685927801125774,"pkt":"AAwp30Y4PJTVQTiBCABFAABLN1kAACcRm8DigHp2pXLKPXT6AasAN7oxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":134,"packets-processed":133,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":130,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":130,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":631,"global_ts_usec":1685929607649688} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":134,"packets-processed":133,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":130,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":130,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":631,"global_ts_usec":1685929607649688} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929607649688,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.147.171.51","src_port":57092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685929607649688,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+dqxAADQRKhJAP9viWpOrM98EAasAKup1AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929607649688,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.147.171.51","src_port":57092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":135,"packets-processed":134,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7357,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":131,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":131,"total-idle-flows":130,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":636,"global_ts_usec":1685930408325419} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":135,"packets-processed":134,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7357,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":131,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":131,"total-idle-flows":130,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":636,"global_ts_usec":1685930408325419} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930408325419,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685930408325419,"pkt":"ipffLU2SPJTVQTiBCABFAAA+RodAADQRWiiguMv6Sm\/LN6NhAasAKiYKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930408325419,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -642,7 +642,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_src_last_pkt_time":1685930521950503,"flow_dst_last_pkt_time":1685930521950503,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685930521950503,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+FB1AADQRjJVAP9vipXLKPd8EAasAKuppAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930521950503,"flow_src_last_pkt_time":1685930521950503,"flow_dst_last_pkt_time":1685930521950503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930521950503,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"165.114.202.61","src_port":57092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930521950503,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":137,"packets-processed":136,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":133,"total-detection-updates":0,"total-updates":27,"current-active-flows":2,"total-active-flows":133,"total-idle-flows":131,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":645,"global_ts_usec":1685931213042208} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":137,"packets-processed":136,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":133,"total-detection-updates":0,"total-updates":27,"current-active-flows":2,"total-active-flows":133,"total-idle-flows":131,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":645,"global_ts_usec":1685931213042208} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931213042208,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685931213042208,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+edhAADQRJt1AR9rgVW80OU+OAasAKnnjAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931213042208,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -657,21 +657,21 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931339492549,"flow_src_last_pkt_time":1685931339492549,"flow_dst_last_pkt_time":1685931339492549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931339492549,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.141.37.56","src_port":10207,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931793309466,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"161.193.58.225","dst_ip":"186.112.202.53","src_port":64776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685931793309466,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+A11AADQRnVyhwTrhunDKNf0IAasAKsxsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} -00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931793309466,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"161.193.58.225","dst_ip":"186.112.202.53","src_port":64776,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931793309466,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"161.193.58.225","dst_ip":"186.112.202.53","src_port":64776,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931339492549,"flow_src_last_pkt_time":1685931339492549,"flow_dst_last_pkt_time":1685931339492549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.141.37.56","src_port":10207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931328327343,"flow_src_last_pkt_time":1685931328327343,"flow_dst_last_pkt_time":1685931328327343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.65.52.246","dst_ip":"165.144.84.62","src_port":10179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":137,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":137,"total-idle-flows":136,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":664,"global_ts_usec":1685932001528402} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":137,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":137,"total-idle-flows":136,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":664,"global_ts_usec":1685932001528402} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685932001528402,"pkt":"bpHurUgdPJTVQTiBCABFAAA++0RAADQRpWtBPsX4RW27NrJrAasAKhcBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931793309466,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"161.193.58.225","dst_ip":"186.112.202.53","src_port":64776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":138,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":138,"total-idle-flows":137,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":669,"global_ts_usec":1685932876135808} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931793309466,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"161.193.58.225","dst_ip":"186.112.202.53","src_port":64776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":138,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":138,"total-idle-flows":137,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":669,"global_ts_usec":1685932876135808} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932876135808,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"165.144.84.62","src_port":48728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685932876135808,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqBoQY5OSpZBUPr5YAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932876135808,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"165.144.84.62","src_port":48728,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":143,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":139,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":139,"total-idle-flows":138,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":674,"global_ts_usec":1685933841851094} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":143,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":139,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":139,"total-idle-flows":138,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":674,"global_ts_usec":1685933841851094} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685933841851094,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1685933841851094,"pkt":"bpHurUgdPJTVQTiBCABFAABU0ltAADQRvvtLmX7zRW27NtRqAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685933841851094,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -680,7 +680,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":1685934156732428,"flow_dst_last_pkt_time":1685934156732428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685934156732428,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbI5G2LpnpZBUPtpIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685934156732428,"flow_src_last_pkt_time":1685934156732428,"flow_dst_last_pkt_time":1685934156732428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685934156732428,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"165.144.84.62","src_port":55880,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685934156732428,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":145,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7778,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":141,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":141,"total-idle-flows":140,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":683,"global_ts_usec":1685949298361033} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":145,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7778,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":141,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":141,"total-idle-flows":140,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":683,"global_ts_usec":1685949298361033} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949298361033,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685949298361033,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRXw9SDr+xunDKNcn4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949298361033,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -694,48 +694,48 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949575864849,"flow_src_last_pkt_time":1685949575864849,"flow_dst_last_pkt_time":1685949575864849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"166.235.162.1","dst_ip":"165.114.202.61","src_port":50338,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949441960339,"flow_src_last_pkt_time":1685949441960339,"flow_dst_last_pkt_time":1685949441960339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"69.109.187.54","src_port":49306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":148,"packets-processed":147,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":144,"total-detection-updates":0,"total-updates":30,"current-active-flows":2,"total-active-flows":144,"total-idle-flows":142,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1685950065516616} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":148,"packets-processed":147,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":144,"total-detection-updates":0,"total-updates":30,"current-active-flows":2,"total-active-flows":144,"total-idle-flows":142,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1685950065516616} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685950065516616,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbUAm7qYJWpOrM9zRAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949575864849,"flow_src_last_pkt_time":1685949575864849,"flow_dst_last_pkt_time":1685949575864849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"166.235.162.1","dst_ip":"165.114.202.61","src_port":50338,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949441960339,"flow_src_last_pkt_time":1685949441960339,"flow_dst_last_pkt_time":1685949441960339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"69.109.187.54","src_port":49306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":149,"packets-processed":148,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":145,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":145,"total-idle-flows":144,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":703,"global_ts_usec":1685950716132805} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":149,"packets-processed":148,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":145,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":145,"total-idle-flows":144,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":703,"global_ts_usec":1685950716132805} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685950716132805,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRX57OzBhaWo0lOMknAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":146,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":146,"total-idle-flows":145,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":708,"global_ts_usec":1685952673673917} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":146,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":146,"total-idle-flows":145,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":708,"global_ts_usec":1685952673673917} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685952673673917,"pkt":"AAwp30Y4PJTVQTiBCABFAABLLRsAACcRpgilgP10WpOrMxPRAasANxtlAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":147,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":147,"total-idle-flows":146,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":713,"global_ts_usec":1685953474074395} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":147,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":147,"total-idle-flows":146,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":713,"global_ts_usec":1685953474074395} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685953474074395,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbdLZH+f\/Wm\/UMtsGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":152,"packets-processed":151,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":148,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":148,"total-idle-flows":147,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":718,"global_ts_usec":1685956234214319} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":152,"packets-processed":151,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":148,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":148,"total-idle-flows":147,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":718,"global_ts_usec":1685956234214319} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685956234214319,"pkt":"bpHurUgdPJTVQTiBCABFCABLd1MAACQRTR0cZobSRW27NrFGAasAN2xEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":153,"packets-processed":152,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":149,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":149,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":723,"global_ts_usec":1685959206891430} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":153,"packets-processed":152,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":149,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":149,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":723,"global_ts_usec":1685959206891430} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685959206891430,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRX32t8T8kVW80OccoAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":154,"packets-processed":153,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":150,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":150,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":728,"global_ts_usec":1685960845026064} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":154,"packets-processed":153,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":150,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":150,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":728,"global_ts_usec":1685960845026064} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685960845026064,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0yNRGCtqWm\/UMurxAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":155,"packets-processed":154,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":151,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":151,"total-idle-flows":150,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":733,"global_ts_usec":1685964244002056} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":155,"packets-processed":154,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":151,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":151,"total-idle-flows":150,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":733,"global_ts_usec":1685964244002056} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685964244002056,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"74.111.203.55","src_port":57096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685964244002056,"pkt":"ipffLU2SPJTVQTiBCABFAAA11DEAAPER0yJRGCtqSm\/LN98IAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685964244002056,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"74.111.203.55","src_port":57096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":156,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":152,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":152,"total-idle-flows":151,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":738,"global_ts_usec":1685969568367700} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":156,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":152,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":152,"total-idle-flows":151,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":738,"global_ts_usec":1685969568367700} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969568367700,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685969568367700,"pkt":"bpHurUgdPJTVQTiBCABFAAA11DEAAPER0yFRGCtqRW27NuQzAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969568367700,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -744,13 +744,13 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685969623534341,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA11DEAAPER0x1RGCtqVW80OcwTAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969623534341,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969623534341,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"85.111.52.57","src_port":52243,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969623534341,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":154,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":154,"total-idle-flows":152,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":747,"global_ts_usec":1685976878692319} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":154,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":154,"total-idle-flows":152,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":747,"global_ts_usec":1685976878692319} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685976878692319,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":39508,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685976878692319,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMdGtG\/xpZBUPppUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685976878692319,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":39508,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969623534341,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"85.111.52.57","src_port":52243,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":159,"packets-processed":158,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8273,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":155,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":155,"total-idle-flows":154,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":753,"global_ts_usec":1685980039598832} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":159,"packets-processed":158,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8273,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":155,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":155,"total-idle-flows":154,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":753,"global_ts_usec":1685980039598832} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980039598832,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685980039598832,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSrQZLGIWm\/UMrKIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980039598832,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -759,7 +759,7 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1685980256079266,"flow_dst_last_pkt_time":1685980256079266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685980256079266,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0xlRGCtqpZBUPrejAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980256079266,"flow_src_last_pkt_time":1685980256079266,"flow_dst_last_pkt_time":1685980256079266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980256079266,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.144.84.62","src_port":47011,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980256079266,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":157,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":157,"total-idle-flows":156,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":762,"global_ts_usec":1685980966068969} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":157,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":157,"total-idle-flows":156,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":762,"global_ts_usec":1685980966068969} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980966068969,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685980966068969,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPIRCw62tHiLRW27NoIkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980966068969,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -768,7 +768,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1685981433727126,"flow_dst_last_pkt_time":1685981433727126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685981433727126,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPIRCwu2tHiLWo0lOJWZAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685981433727126,"flow_src_last_pkt_time":1685981433727126,"flow_dst_last_pkt_time":1685981433727126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685981433727126,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38297,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685981433727126,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":163,"packets-processed":162,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":159,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":159,"total-idle-flows":158,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":771,"global_ts_usec":1685983024598099} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":163,"packets-processed":162,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":159,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":159,"total-idle-flows":158,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":771,"global_ts_usec":1685983024598099} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983024598099,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983024598099,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":49217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983024598099,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPMRCY72S2hzWpG0OsBBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983024598099,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983024598099,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":49217,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -776,7 +776,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983044584108,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983044584108,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983044584108,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZP2S2hzunDKNcYJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983044584108,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983044584108,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50697,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":161,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":161,"total-idle-flows":159,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":779,"global_ts_usec":1685983887017305} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":161,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":161,"total-idle-flows":159,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":779,"global_ts_usec":1685983887017305} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983887017305,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983887017305,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpTItfJOcVW80Od8FAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983887017305,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -786,7 +786,7 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1685984091734191,"flow_dst_last_pkt_time":1685984091734191,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685984091734191,"pkt":"3jHC4dyOPJTVQTiBCABFAAA11DEAAPER0x5RGCtqWo0lOO2PAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685984091734191,"flow_src_last_pkt_time":1685984091734191,"flow_dst_last_pkt_time":1685984091734191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685984091734191,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.141.37.56","src_port":60815,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685984091734191,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":167,"packets-processed":166,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":163,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":163,"total-idle-flows":162,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":789,"global_ts_usec":1685986621173581} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":167,"packets-processed":166,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":163,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":163,"total-idle-flows":162,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":789,"global_ts_usec":1685986621173581} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986621173581,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685986621173581,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRCZX2S2hzSm\/LN4iuAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986621173581,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -798,54 +798,54 @@ 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986755864865,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685986755864865,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMe4tKjwpXLKPZqWAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986755864865,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":166,"total-detection-updates":0,"total-updates":32,"current-active-flows":3,"total-active-flows":166,"total-idle-flows":163,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":801,"global_ts_usec":1685988729872897} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":166,"total-detection-updates":0,"total-updates":32,"current-active-flows":3,"total-active-flows":166,"total-idle-flows":163,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":801,"global_ts_usec":1685988729872897} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685988729872897,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0yRRGCtqWpOrM+XUAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986711741123,"flow_src_last_pkt_time":1685986711741123,"flow_dst_last_pkt_time":1685986711741123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"90.147.171.51","src_port":41989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":171,"packets-processed":170,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":167,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":167,"total-idle-flows":166,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":808,"global_ts_usec":1685993522728404} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":171,"packets-processed":170,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":167,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":167,"total-idle-flows":166,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":808,"global_ts_usec":1685993522728404} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685993522728404,"pkt":"AAwp30Y4PJTVQTiBCABFCABLWP8AACIRca5kOJtwWpOrMwa8AasANxsMAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} -00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":172,"packets-processed":171,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":168,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":168,"total-idle-flows":167,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":813,"global_ts_usec":1685998634406588} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":172,"packets-processed":171,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":168,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":168,"total-idle-flows":167,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":813,"global_ts_usec":1685998634406588} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685998634406588,"pkt":"ipffLU2SPJTVQTiBCABFCABLN5cAACQRjNbjhlHUSm\/LNyjZAasAN\/SuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":173,"packets-processed":172,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":169,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":169,"total-idle-flows":168,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":818,"global_ts_usec":1685999686351420} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":173,"packets-processed":172,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":169,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":169,"total-idle-flows":168,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":818,"global_ts_usec":1685999686351420} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1685999686351420,"pkt":"ipffLU2SPJTVQTiBCABFAABUtPJAADQR3GZLiYbySm\/LNxkwAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":174,"packets-processed":173,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":170,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":170,"total-idle-flows":169,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":823,"global_ts_usec":1686000601569343} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":174,"packets-processed":173,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":170,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":170,"total-idle-flows":169,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":823,"global_ts_usec":1686000601569343} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686000601569343,"pkt":"AAwp30Y4PJTVQTiBCABFCABLI3sAACQRoOVbIWrapZBUPgnmAasANxOVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":175,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":171,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":171,"total-idle-flows":170,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":828,"global_ts_usec":1686003718804460} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":175,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":171,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":171,"total-idle-flows":170,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":828,"global_ts_usec":1686003718804460} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686003718804460,"pkt":"moT+\/Ph8PJTVQTiBCABFAABLfOYAACcRVjsid3p+VW80ORhfAasANxbVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":176,"packets-processed":175,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":172,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":172,"total-idle-flows":171,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":833,"global_ts_usec":1686005514515876} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":176,"packets-processed":175,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":172,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":172,"total-idle-flows":171,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":833,"global_ts_usec":1686005514515876} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686005514515876,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqhguZGGTpXLKPc24AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":177,"packets-processed":176,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":173,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":173,"total-idle-flows":172,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":838,"global_ts_usec":1686006182252244} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":177,"packets-processed":176,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":173,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":173,"total-idle-flows":172,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":838,"global_ts_usec":1686006182252244} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686006182252244,"pkt":"bs1PogZtPJTVQTiBCABFAAA11DEAAPER0xtRGCtqWpG0OrviAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":178,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":174,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":174,"total-idle-flows":173,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":843,"global_ts_usec":1686006861718393} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":178,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":174,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":174,"total-idle-flows":173,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":843,"global_ts_usec":1686006861718393} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006861718393,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.114.202.61","src_port":43525,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686006861718393,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0xhRGCtqpXLKPaoFAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006861718393,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.114.202.61","src_port":43525,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":179,"packets-processed":178,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":175,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":175,"total-idle-flows":174,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":848,"global_ts_usec":1686010416557191} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":179,"packets-processed":178,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":175,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":175,"total-idle-flows":174,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":848,"global_ts_usec":1686010416557191} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010416557191,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686010416557191,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbFkh2Fo4WpOrM9BeAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010416557191,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -854,12 +854,12 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686010882769715,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWahL8clunDKNcNaAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010882769715,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010882769715,"l3_proto":"ip4","src_ip":"161.47.199.37","dst_ip":"186.112.202.53","src_port":50010,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010882769715,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":181,"packets-processed":180,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9680,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":177,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":177,"total-idle-flows":176,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":857,"global_ts_usec":1686014238036586} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":181,"packets-processed":180,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9680,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":177,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":177,"total-idle-flows":176,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":857,"global_ts_usec":1686014238036586} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686014238036586,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.111.212.50","src_port":41596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686014238036586,"pkt":"AAwp30Y4PJTVQTiBCABFAABLra8AACcRJW9dZnxwWm\/UMqJ8AasAN4y0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686014238036586,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.111.212.50","src_port":41596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010882769715,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"161.47.199.37","dst_ip":"186.112.202.53","src_port":50010,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":182,"packets-processed":181,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":178,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":178,"total-idle-flows":177,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":862,"global_ts_usec":1686016759751712} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":182,"packets-processed":181,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":178,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":178,"total-idle-flows":177,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":862,"global_ts_usec":1686016759751712} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016759751712,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686016759751712,"l3_proto":"ip4","src_ip":"119.34.147.222","dst_ip":"90.145.180.58","src_port":56878,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686016759751712,"pkt":"bs1PogZtPJTVQTiBCABFAAA+I89AADQRPpp3IpPeWpG0Ot4uAasAKqz2AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016759751712,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686016759751712,"l3_proto":"ip4","src_ip":"119.34.147.222","dst_ip":"90.145.180.58","src_port":56878,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -881,7 +881,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686017305054145,"flow_src_last_pkt_time":1686017305054145,"flow_dst_last_pkt_time":1686017305054145,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"185.97.76.211","dst_ip":"69.109.187.54","src_port":42268,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016985898059,"flow_src_last_pkt_time":1686016985898059,"flow_dst_last_pkt_time":1686016985898059,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"118.158.148.196","dst_ip":"165.114.202.61","src_port":44102,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686017148856498,"flow_src_last_pkt_time":1686017148856498,"flow_dst_last_pkt_time":1686017148856498,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"85.111.52.57","src_port":23876,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":187,"packets-processed":186,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":183,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":183,"total-idle-flows":181,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":884,"global_ts_usec":1686018209196915} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":187,"packets-processed":186,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":183,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":183,"total-idle-flows":181,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":884,"global_ts_usec":1686018209196915} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018209196915,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018209196915,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"74.111.203.55","src_port":44124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686018209196915,"pkt":"ipffLU2SPJTVQTiBCABFAAA+j29AADQR0xhHqnP1Sm\/LN6xcAasAKt7nAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018209196915,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018209196915,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"74.111.203.55","src_port":44124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -898,58 +898,58 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018707030417,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686018707030417,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+oClAADQRwmSG2bjyWpOrM6D\/AasAKupKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018707030417,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":191,"packets-processed":190,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":187,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":187,"total-idle-flows":185,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":901,"global_ts_usec":1686019249802467} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":191,"packets-processed":190,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":187,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":187,"total-idle-flows":185,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":901,"global_ts_usec":1686019249802467} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686019249802467,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+q7VAADQRtsw4UoD6unDKNdHJAasAKrl0AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018689761553,"flow_src_last_pkt_time":1686018689761553,"flow_dst_last_pkt_time":1686018689761553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"90.111.212.50","src_port":44124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":192,"packets-processed":191,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":188,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":188,"total-idle-flows":187,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":907,"global_ts_usec":1686021648125792} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":192,"packets-processed":191,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":188,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":188,"total-idle-flows":187,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":907,"global_ts_usec":1686021648125792} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686021648125792,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbU\/a08Q6VW80Ocu+AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":193,"packets-processed":192,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":189,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":189,"total-idle-flows":188,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":912,"global_ts_usec":1686031186113585} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":193,"packets-processed":192,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":189,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":189,"total-idle-flows":188,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":912,"global_ts_usec":1686031186113585} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686031186113585,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTjsg6KdWpOrM4UvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":194,"packets-processed":193,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":190,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":190,"total-idle-flows":189,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":917,"global_ts_usec":1686032769267683} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":194,"packets-processed":193,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":190,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":190,"total-idle-flows":189,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":917,"global_ts_usec":1686032769267683} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686032769267683,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXuqxMLj3pXLKPd1AAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10223,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":191,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":191,"total-idle-flows":190,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":922,"global_ts_usec":1686040872007912} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10223,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":191,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":191,"total-idle-flows":190,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":922,"global_ts_usec":1686040872007912} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686040872007912,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbedFJOfmWm\/UMtDxAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":196,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":192,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":192,"total-idle-flows":191,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":927,"global_ts_usec":1686043388705512} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":196,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":192,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":192,"total-idle-flows":191,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":927,"global_ts_usec":1686043388705512} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686043388705512,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRXlks718eSm\/LN9spAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} -00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":197,"packets-processed":196,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10281,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":193,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":193,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":932,"global_ts_usec":1686044168857770} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":197,"packets-processed":196,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10281,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":193,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":193,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":932,"global_ts_usec":1686044168857770} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686044168857770,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX+RQEAD7pZBUPsDtAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":198,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":194,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":194,"total-idle-flows":193,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":937,"global_ts_usec":1686046546512327} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":198,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":194,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":194,"total-idle-flows":193,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":937,"global_ts_usec":1686046546512327} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686046546512327,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRbY2lJSdeRW27NsAHAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":195,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":195,"total-idle-flows":194,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":942,"global_ts_usec":1686047674470156} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":195,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":195,"total-idle-flows":194,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":942,"global_ts_usec":1686047674470156} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686047674470156,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXv+yDkDpWo0lONkiAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":200,"packets-processed":199,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":196,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":196,"total-idle-flows":195,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":947,"global_ts_usec":1686052550759741} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":200,"packets-processed":199,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":196,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":196,"total-idle-flows":195,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":947,"global_ts_usec":1686052550759741} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686052550759741,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":47437,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686052550759741,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPblNAasAJTEiAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686052550759741,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":47437,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":201,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":197,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":197,"total-idle-flows":196,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":952,"global_ts_usec":1686054840592952} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":201,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":197,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":197,"total-idle-flows":196,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":952,"global_ts_usec":1686054840592952} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686054840592952,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686054840592952,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27Nq9dAasAJTsbAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686054840592952,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -958,12 +958,12 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686055302350311,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80ObceAasAJTNWAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686055302350311,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686055302350311,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":46878,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686055302350311,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":203,"packets-processed":202,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":199,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":199,"total-idle-flows":198,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":961,"global_ts_usec":1686056089625694} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":203,"packets-processed":202,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":199,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":199,"total-idle-flows":198,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":961,"global_ts_usec":1686056089625694} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686056089625694,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":39691,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686056089625694,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMpsLAasAJU9vAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686056089625694,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":39691,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686055302350311,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":46878,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":204,"packets-processed":203,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10484,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":200,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":200,"total-idle-flows":199,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":966,"global_ts_usec":1686057077798333} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":204,"packets-processed":203,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10484,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":200,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":200,"total-idle-flows":199,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":966,"global_ts_usec":1686057077798333} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057077798333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057077798333,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN+a9AasAJQO8AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057077798333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -972,7 +972,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057628692531,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM8jOAasAJSGtAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057628692531,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057628692531,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":51406,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057628692531,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10542,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":202,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":202,"total-idle-flows":201,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":975,"global_ts_usec":1686057720083465} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10542,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":202,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":202,"total-idle-flows":201,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":975,"global_ts_usec":1686057720083465} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057720083465,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057720083465,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lOIngAasAJWCVAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057720083465,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -982,13 +982,13 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057824020237,"flow_src_last_pkt_time":1686057824020237,"flow_dst_last_pkt_time":1686057824020237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":48172,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057628692531,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":51406,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":208,"packets-processed":207,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":204,"total-detection-updates":0,"total-updates":36,"current-active-flows":2,"total-active-flows":204,"total-idle-flows":202,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":985,"global_ts_usec":1686059089399919} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":208,"packets-processed":207,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":204,"total-detection-updates":0,"total-updates":36,"current-active-flows":2,"total-active-flows":204,"total-idle-flows":202,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":985,"global_ts_usec":1686059089399919} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686059089399919,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":53249,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686059089399919,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPtABAasAJRpvAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686059089399919,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":53249,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057824020237,"flow_src_last_pkt_time":1686057824020237,"flow_dst_last_pkt_time":1686057824020237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":48172,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":209,"packets-processed":208,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":205,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":205,"total-idle-flows":204,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":991,"global_ts_usec":1686063230217187} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":209,"packets-processed":208,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":205,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":205,"total-idle-flows":204,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":991,"global_ts_usec":1686063230217187} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063230217187,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686063230217187,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiYQZFORWpOrM+tIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063230217187,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1002,17 +1002,17 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063784551832,"flow_src_last_pkt_time":1686063784551832,"flow_dst_last_pkt_time":1686063784551832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.111.212.50","src_port":34236,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063367901199,"flow_src_last_pkt_time":1686063367901199,"flow_dst_last_pkt_time":1686063367901199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"186.112.202.53","src_port":36840,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":212,"packets-processed":211,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":208,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":208,"total-idle-flows":207,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1005,"global_ts_usec":1686065747925784} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":212,"packets-processed":211,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":208,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":208,"total-idle-flows":207,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1005,"global_ts_usec":1686065747925784} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686065747925784,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAO0REAC2tHiLWpG0Os\/uAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063784551832,"flow_src_last_pkt_time":1686063784551832,"flow_dst_last_pkt_time":1686063784551832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.111.212.50","src_port":34236,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":213,"packets-processed":212,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":209,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":209,"total-idle-flows":208,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1010,"global_ts_usec":1686066398914580} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":213,"packets-processed":212,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":209,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":209,"total-idle-flows":208,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1010,"global_ts_usec":1686066398914580} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686066398914580,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38609,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686066398914580,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAO0REAO2tHiLWo0lOJbRAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686066398914580,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38609,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":214,"packets-processed":213,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":210,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":210,"total-idle-flows":209,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1015,"global_ts_usec":1686067317662813} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":214,"packets-processed":213,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":210,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":210,"total-idle-flows":209,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1015,"global_ts_usec":1686067317662813} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067317662813,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686067317662813,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSUTY5OUpXLKPY+9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067317662813,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1021,72 +1021,72 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686067699688902,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiQtg6GYpZBUPo+PAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067699688902,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067699688902,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"165.144.84.62","src_port":36751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067699688902,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":216,"packets-processed":215,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":212,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":212,"total-idle-flows":211,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1024,"global_ts_usec":1686071042176869} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":216,"packets-processed":215,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":212,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":212,"total-idle-flows":211,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1024,"global_ts_usec":1686071042176869} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686071042176869,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqiwtZIyZSm\/LN9UKAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067699688902,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"165.144.84.62","src_port":36751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":213,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":213,"total-idle-flows":212,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1029,"global_ts_usec":1686075500413977} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":213,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":213,"total-idle-flows":212,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1029,"global_ts_usec":1686075500413977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686075500413977,"pkt":"3jHC4dyOPJTVQTiBCABFCABLp64AACQRHLRnR5LeWo0lOGbzAasAN7aJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":218,"packets-processed":217,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11460,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":214,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":214,"total-idle-flows":213,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1034,"global_ts_usec":1686081952749133} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":218,"packets-processed":217,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11460,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":214,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":214,"total-idle-flows":213,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1034,"global_ts_usec":1686081952749133} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686081952749133,"pkt":"AAwp30Y4PJTVQTiBCABFCABLEn4AACQRsepnR5LeWpOrM\/uDAasANyH\/AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082067713083,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.111.212.50","src_port":53130,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686082067713083,"pkt":"AAwp30Y4PJTVQTiBCABFCABLYc8AACIRaN1kOJtwWm\/UMs+KAasAN1I8AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082067713083,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.111.212.50","src_port":53130,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082067713083,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.111.212.50","src_port":53130,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":220,"packets-processed":219,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":216,"total-detection-updates":0,"total-updates":38,"current-active-flows":2,"total-active-flows":216,"total-idle-flows":214,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1043,"global_ts_usec":1686082597517294} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":220,"packets-processed":219,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":216,"total-detection-updates":0,"total-updates":38,"current-active-flows":2,"total-active-flows":216,"total-idle-flows":214,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1043,"global_ts_usec":1686082597517294} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686082597517294,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbe66GwXtWpOrM8hzAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082067713083,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.111.212.50","src_port":53130,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082067713083,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.111.212.50","src_port":53130,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686082771466382,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL6nUAACIR4DqnB5p9VW80OSAcAasANwGvAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":222,"packets-processed":221,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":218,"total-detection-updates":0,"total-updates":39,"current-active-flows":2,"total-active-flows":218,"total-idle-flows":216,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1053,"global_ts_usec":1686085137783742} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":222,"packets-processed":221,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":218,"total-detection-updates":0,"total-updates":39,"current-active-flows":2,"total-active-flows":218,"total-idle-flows":216,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1053,"global_ts_usec":1686085137783742} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686085137783742,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPIRpSUuZGGTVW80OeZ7AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":223,"packets-processed":222,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":219,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":219,"total-idle-flows":218,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1059,"global_ts_usec":1686086498336760} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":223,"packets-processed":222,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":219,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":219,"total-idle-flows":218,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1059,"global_ts_usec":1686086498336760} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686086498336760,"pkt":"3jHC4dyOPJTVQTiBCABFAABSWVwAAG0Ru0FDnxCWWo0lOIqlAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":224,"packets-processed":223,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11782,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":220,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":220,"total-idle-flows":219,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1064,"global_ts_usec":1686087364946144} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":224,"packets-processed":223,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11782,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":220,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":220,"total-idle-flows":219,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1064,"global_ts_usec":1686087364946144} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686087364946144,"pkt":"bpHurUgdPJTVQTiBCABFAABS0PQAAG4RQqxDnxCWRW27NowQAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":225,"packets-processed":224,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11836,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":221,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":221,"total-idle-flows":220,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1069,"global_ts_usec":1686088327419270} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":225,"packets-processed":224,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11836,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":221,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":221,"total-idle-flows":220,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1069,"global_ts_usec":1686088327419270} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686088327419270,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRbDEi3CYAunDKNdXAAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} -00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":226,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":222,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":222,"total-idle-flows":221,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1074,"global_ts_usec":1686095963626743} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":226,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":222,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":222,"total-idle-flows":221,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1074,"global_ts_usec":1686095963626743} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686095963626743,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRXnWtMZ8ySm\/LN9YyAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":227,"packets-processed":226,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":223,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":223,"total-idle-flows":222,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1079,"global_ts_usec":1686100690494262} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":227,"packets-processed":226,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":223,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":223,"total-idle-flows":222,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1079,"global_ts_usec":1686100690494262} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686100690494262,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRYB3OEdirRW27NtF5AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":228,"packets-processed":227,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":224,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":224,"total-idle-flows":223,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1084,"global_ts_usec":1686102050692991} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":228,"packets-processed":227,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":224,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":224,"total-idle-flows":223,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1084,"global_ts_usec":1686102050692991} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102050692991,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":42341,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686102050692991,"pkt":"ipffLU2SPJTVQTiBCABFAAA+KfdAADQRdt1AOMuySm\/LN6VlAasAKiQrAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102050692991,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":42341,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":229,"packets-processed":228,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":225,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":225,"total-idle-flows":224,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1089,"global_ts_usec":1686102672425183} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":229,"packets-processed":228,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":225,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":225,"total-idle-flows":224,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1089,"global_ts_usec":1686102672425183} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102672425183,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102672425183,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"90.111.212.50","src_port":46093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686102672425183,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+Lo9AADQRckmmRju1Wm\/UMrQNAasAKhWHAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102672425183,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102672425183,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"90.111.212.50","src_port":46093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1110,12 +1110,12 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103250321132,"flow_src_last_pkt_time":1686103250321132,"flow_dst_last_pkt_time":1686103250321132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"184.199.219.188","dst_ip":"90.141.37.56","src_port":30639,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103038730179,"flow_src_last_pkt_time":1686103038730179,"flow_dst_last_pkt_time":1686103038730179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.114.202.61","src_port":63574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102873592315,"flow_src_last_pkt_time":1686102873592315,"flow_dst_last_pkt_time":1686102873592315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"33.26.187.87","dst_ip":"90.141.37.56","src_port":52761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":234,"packets-processed":233,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":230,"total-detection-updates":0,"total-updates":42,"current-active-flows":1,"total-active-flows":230,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1113,"global_ts_usec":1686103373634504} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":234,"packets-processed":233,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":230,"total-detection-updates":0,"total-updates":42,"current-active-flows":1,"total-active-flows":230,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1113,"global_ts_usec":1686103373634504} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103373634504,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"166.199.219.182","dst_ip":"69.109.187.54","src_port":28881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686103373634504,"pkt":"bpHurUgdPJTVQTiBCABFAAA+HIVAADQRhFKmx9u2RW27NnDRAasAKljCAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103373634504,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"166.199.219.182","dst_ip":"69.109.187.54","src_port":28881,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103250321132,"flow_src_last_pkt_time":1686103250321132,"flow_dst_last_pkt_time":1686103250321132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"184.199.219.188","dst_ip":"90.141.37.56","src_port":30639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":235,"packets-processed":234,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":231,"total-detection-updates":0,"total-updates":43,"current-active-flows":2,"total-active-flows":231,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1118,"global_ts_usec":1686104038936046} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":235,"packets-processed":234,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":231,"total-detection-updates":0,"total-updates":43,"current-active-flows":2,"total-active-flows":231,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1118,"global_ts_usec":1686104038936046} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104038936046,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104038936046,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+0DtAADQR0JFfQMS6unDKNUmZAasAKn\/wAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104038936046,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1125,22 +1125,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104544084969,"pkt":"bs1PogZtPJTVQTiBCABFAAA+LfFAADQRctlYP9q4WpG0OsdTAasAKgIzAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104544084969,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104544084969,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"90.145.180.58","src_port":51027,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104544084969,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":237,"packets-processed":236,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":233,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":233,"total-idle-flows":232,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1128,"global_ts_usec":1686104819369835} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":237,"packets-processed":236,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":233,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":233,"total-idle-flows":232,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1128,"global_ts_usec":1686104819369835} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104819369835,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+9FFAADQRrIJHQCS3VW80OeAlAasAKulqAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104544084969,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"90.145.180.58","src_port":51027,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":238,"packets-processed":237,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":234,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":234,"total-idle-flows":233,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1133,"global_ts_usec":1686109686670972} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":238,"packets-processed":237,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":234,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":234,"total-idle-flows":233,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1133,"global_ts_usec":1686109686670972} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686109686670972,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbeWl07zvpXLKPcauAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":239,"packets-processed":238,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":235,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":235,"total-idle-flows":234,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1138,"global_ts_usec":1686115314323562} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":239,"packets-processed":238,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":235,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":235,"total-idle-flows":234,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1138,"global_ts_usec":1686115314323562} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686115314323562,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.141.37.56","src_port":31214,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686115314323562,"pkt":"3jHC4dyOPJTVQTiBCABFCABLy\/0AACIR\/qsfAJpyWo0lOHnuAasAN6fVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686115314323562,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.141.37.56","src_port":31214,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":240,"packets-processed":239,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":236,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":236,"total-idle-flows":235,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1143,"global_ts_usec":1686120842599135} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":240,"packets-processed":239,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":236,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":236,"total-idle-flows":235,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1143,"global_ts_usec":1686120842599135} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686120842599135,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686120842599135,"pkt":"AAwp30Y4PJTVQTiBCABFAABLInYAACcRsKcid3p+pZBUPkpvAasAN+TAAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686120842599135,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1149,38 +1149,38 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686121348877532,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRbQ1Z1jiBVW80OcXLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686121348877532,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686121348877532,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"85.111.52.57","src_port":50635,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686121348877532,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":242,"packets-processed":241,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12410,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":238,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":238,"total-idle-flows":237,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1152,"global_ts_usec":1686122375311586} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":242,"packets-processed":241,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12410,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":238,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":238,"total-idle-flows":237,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1152,"global_ts_usec":1686122375311586} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686122375311586,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbJLB0SZgWm\/UMt3PAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686121348877532,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"85.111.52.57","src_port":50635,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":243,"packets-processed":242,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":239,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":239,"total-idle-flows":238,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1157,"global_ts_usec":1686127609854442} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":243,"packets-processed":242,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":239,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":239,"total-idle-flows":238,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1157,"global_ts_usec":1686127609854442} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686127609854442,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbJQiEN9rpZBUPsFKAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":244,"packets-processed":243,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":240,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":240,"total-idle-flows":239,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1162,"global_ts_usec":1686147000405705} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":244,"packets-processed":243,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":240,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":240,"total-idle-flows":239,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1162,"global_ts_usec":1686147000405705} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405705,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686147000405705,"pkt":"AAwp30Y4PJTVQTiBCABFAABSc4QAADIRDzbrYH8epZBUPneEAasAPgRJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405705,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_src_last_pkt_time":1686147000405720,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686147000405720,"pkt":"AAwp30Y4PJTVQTiBCABFAABSc4QAADIRDzbrYH8epZBUPneEAasAPgRJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405720,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":241,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":241,"total-idle-flows":240,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1168,"global_ts_usec":1686148169982093} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":241,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":241,"total-idle-flows":240,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1168,"global_ts_usec":1686148169982093} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686148169982093,"pkt":"ipffLU2SPJTVQTiBCABFAABL+PEAACcR2jmaYAV5Sm\/LN3ifAasAN7aeAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405720,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":247,"packets-processed":246,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":242,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":242,"total-idle-flows":241,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1173,"global_ts_usec":1686150111716704} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":247,"packets-processed":246,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":242,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":242,"total-idle-flows":241,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1173,"global_ts_usec":1686150111716704} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686150111716704,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPIRpS\/Qe7CaWo0lONIPAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":248,"packets-processed":247,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":243,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":243,"total-idle-flows":242,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1178,"global_ts_usec":1686151018568427} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":248,"packets-processed":247,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":243,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":243,"total-idle-flows":242,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1178,"global_ts_usec":1686151018568427} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686151018568427,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"236.131.82.145","dst_ip":"69.109.187.54","src_port":40660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686151018568427,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpSvsg1KRRW27Np7UAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686151018568427,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"236.131.82.145","dst_ip":"69.109.187.54","src_port":40660,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":249,"packets-processed":248,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":244,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":244,"total-idle-flows":243,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1183,"global_ts_usec":1686152692161183} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":249,"packets-processed":248,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":244,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":244,"total-idle-flows":243,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1183,"global_ts_usec":1686152692161183} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152692161183,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686152692161183,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPIRpTITnLybSm\/LN7qFAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152692161183,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1189,48 +1189,48 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686152794742928,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRpSDthLCIpZBUPoZyAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152794742928,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152794742928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"165.144.84.62","src_port":34418,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152794742928,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":251,"packets-processed":250,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":246,"total-detection-updates":0,"total-updates":44,"current-active-flows":2,"total-active-flows":246,"total-idle-flows":244,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1192,"global_ts_usec":1686157605088607} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":251,"packets-processed":250,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":246,"total-detection-updates":0,"total-updates":44,"current-active-flows":2,"total-active-flows":246,"total-idle-flows":244,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1192,"global_ts_usec":1686157605088607} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686157605088607,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqCUtfJOcpXLKPdeVAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152794742928,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"165.144.84.62","src_port":34418,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":252,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":247,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":247,"total-idle-flows":246,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1198,"global_ts_usec":1686158302309017} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":252,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":247,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":247,"total-idle-flows":246,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1198,"global_ts_usec":1686158302309017} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686158302309017,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAO8RDclGtG\/xWpG0OpPxAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":253,"packets-processed":252,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":248,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":248,"total-idle-flows":247,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1203,"global_ts_usec":1686159210157364} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":253,"packets-processed":252,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":248,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":248,"total-idle-flows":247,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1203,"global_ts_usec":1686159210157364} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686159210157364,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqCwve7GaWm\/UMsVfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":254,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":249,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":249,"total-idle-flows":248,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1208,"global_ts_usec":1686164441587309} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":254,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":249,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":249,"total-idle-flows":248,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1208,"global_ts_usec":1686164441587309} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686164441587309,"pkt":"ipffLU2SPJTVQTiBCABFCABLFfMAACIRtMTjx1p6Sm\/LN1hEAasAN8mNAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":255,"packets-processed":254,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":250,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":250,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1213,"global_ts_usec":1686172962599222} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":255,"packets-processed":254,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":250,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":250,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1213,"global_ts_usec":1686172962599222} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686172962599222,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbgWhLQWsWpOrM9x7AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":256,"packets-processed":255,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":251,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":251,"total-idle-flows":250,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1218,"global_ts_usec":1686178920053120} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":256,"packets-processed":255,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":251,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":251,"total-idle-flows":250,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1218,"global_ts_usec":1686178920053120} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686178920053120,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbXhCGOFNVW80OdgXAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":257,"packets-processed":256,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":252,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":252,"total-idle-flows":251,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1223,"global_ts_usec":1686182909163488} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":257,"packets-processed":256,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":252,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":252,"total-idle-flows":251,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1223,"global_ts_usec":1686182909163488} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686182909163488,"pkt":"xmjqc4OdPJTVQTiBCABFCABLnDYAACIRLnxYOJt+unDKNTkvAasAN+idAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":258,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":253,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":253,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1228,"global_ts_usec":1686186373659453} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":258,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":253,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":253,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1228,"global_ts_usec":1686186373659453} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686186373659453,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":15055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686186373659453,"pkt":"bpHurUgdPJTVQTiBCABFCABLbu4AACIRW70j\/EVxRW27NjrPAasAN+b2AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686186373659453,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":15055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":259,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":254,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":254,"total-idle-flows":253,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1233,"global_ts_usec":1686188598232342} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":259,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":254,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":254,"total-idle-flows":253,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1233,"global_ts_usec":1686188598232342} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188598232342,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686188598232342,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbdZdFhnwpZBUPtE1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188598232342,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1244,33 +1244,33 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188964145763,"flow_src_last_pkt_time":1686188964145763,"flow_dst_last_pkt_time":1686188964145763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"211.49.103.57","dst_ip":"69.109.187.54","src_port":55377,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188644341439,"flow_src_last_pkt_time":1686188644341439,"flow_dst_last_pkt_time":1686188644341439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"94.46.221.227","dst_ip":"90.141.37.56","src_port":49978,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":262,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":257,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":257,"total-idle-flows":256,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1247,"global_ts_usec":1686189923950356} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":262,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":257,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":257,"total-idle-flows":256,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1247,"global_ts_usec":1686189923950356} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686189923950356,"pkt":"xmjqc4OdPJTVQTiBCABFCABS0+QAAGsRQrNDnxCWunDKNd+LAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188964145763,"flow_src_last_pkt_time":1686188964145763,"flow_dst_last_pkt_time":1686188964145763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"211.49.103.57","dst_ip":"69.109.187.54","src_port":55377,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":263,"packets-processed":262,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":258,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":258,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1252,"global_ts_usec":1686195826361567} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":263,"packets-processed":262,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":258,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":258,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1252,"global_ts_usec":1686195826361567} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686195826361567,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWRG0oIpunDKNcTLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":264,"packets-processed":263,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13678,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":259,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":259,"total-idle-flows":258,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1257,"global_ts_usec":1686197444990656} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":264,"packets-processed":263,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13678,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":259,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":259,"total-idle-flows":258,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1257,"global_ts_usec":1686197444990656} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686197444990656,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbbfZF5\/HSm\/LN9WmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":265,"packets-processed":264,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":260,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":260,"total-idle-flows":259,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1262,"global_ts_usec":1686200474358772} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":265,"packets-processed":264,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":260,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":260,"total-idle-flows":259,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1262,"global_ts_usec":1686200474358772} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686200474358772,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXtfQ8\/jUpXLKPdayAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":261,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":261,"total-idle-flows":260,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1267,"global_ts_usec":1686201624944069} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":261,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":261,"total-idle-flows":260,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1267,"global_ts_usec":1686201624944069} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686201624944069,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944069,"l3_proto":"ip4","src_ip":"42.224.153.12","dst_ip":"90.147.171.51","src_port":15346,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686201624944069,"pkt":"AAwp30Y4PJTVQTiBCABFAABSN\/IAADIRVuMq4JkMWpOrMzvyAasAPkv2AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686201624944069,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944069,"l3_proto":"ip4","src_ip":"42.224.153.12","dst_ip":"90.147.171.51","src_port":15346,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_src_last_pkt_time":1686201624944084,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686201624944084,"pkt":"AAwp30Y4PJTVQTiBCABFAABSN\/IAADIRVuMq4JkMWpOrMzvyAasAPkv2AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944084,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":268,"packets-processed":267,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":262,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":262,"total-idle-flows":261,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1273,"global_ts_usec":1686204308831707} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":268,"packets-processed":267,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":262,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":262,"total-idle-flows":261,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1273,"global_ts_usec":1686204308831707} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204308831707,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686204308831707,"pkt":"bs1PogZtPJTVQTiBCABFAAA+UJNAADQREf\/H3YvpWpG0OrNSAasAKtf7AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204308831707,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1279,7 +1279,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_src_last_pkt_time":1686204816985223,"flow_dst_last_pkt_time":1686204816985223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686204816985223,"pkt":"bpHurUgdPJTVQTiBCABFAAA++fVAADQRaIr27WP9RW27NjGRAasAKlmrAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204816985223,"flow_src_last_pkt_time":1686204816985223,"flow_dst_last_pkt_time":1686204816985223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204816985223,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"69.109.187.54","src_port":12689,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204816985223,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":270,"packets-processed":269,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":264,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":264,"total-idle-flows":263,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1282,"global_ts_usec":1686205296905334} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":270,"packets-processed":269,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":264,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":264,"total-idle-flows":263,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1282,"global_ts_usec":1686205296905334} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205296905334,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205296905334,"l3_proto":"ip4","src_ip":"247.45.112.206","dst_ip":"90.111.212.50","src_port":20029,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686205296905334,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+r0hAADQRsyX3LXDOWm\/UMk49AasAKjztAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205296905334,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205296905334,"l3_proto":"ip4","src_ip":"247.45.112.206","dst_ip":"90.111.212.50","src_port":20029,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1292,7 +1292,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_src_last_pkt_time":1686205768491443,"flow_dst_last_pkt_time":1686205768491443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686205768491443,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+3TBAADQRhVdGJmvxVW80OQ75AasAKnxLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205768491443,"flow_src_last_pkt_time":1686205768491443,"flow_dst_last_pkt_time":1686205768491443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205768491443,"l3_proto":"ip4","src_ip":"70.38.107.241","dst_ip":"85.111.52.57","src_port":3833,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205683745012,"flow_src_last_pkt_time":1686205683745012,"flow_dst_last_pkt_time":1686205683745012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205768491443,"l3_proto":"ip4","src_ip":"56.174.92.201","dst_ip":"165.114.202.61","src_port":12782,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":273,"packets-processed":272,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":267,"total-detection-updates":0,"total-updates":46,"current-active-flows":2,"total-active-flows":267,"total-idle-flows":265,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1295,"global_ts_usec":1686206099528813} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":273,"packets-processed":272,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":267,"total-detection-updates":0,"total-updates":46,"current-active-flows":2,"total-active-flows":267,"total-idle-flows":265,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1295,"global_ts_usec":1686206099528813} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206099528813,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206099528813,"pkt":"ipffLU2SPJTVQTiBCABFAAA+0FpAADQRkh5GamPWSm\/LNymJAasAKmGsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206099528813,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1302,22 +1302,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206507820187,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+f0tAADQR4yz27WP9pZBUPm5IAasAKhzsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206507820187,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206507820187,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"165.144.84.62","src_port":28232,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206507820187,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":275,"packets-processed":274,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14082,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":269,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":269,"total-idle-flows":268,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1305,"global_ts_usec":1686206929031157} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":275,"packets-processed":274,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14082,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":269,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":269,"total-idle-flows":268,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1305,"global_ts_usec":1686206929031157} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206929031157,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+TBRAADQRFl3IHWzZWo0lONeRAasAKrObAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206507820187,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"165.144.84.62","src_port":28232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":276,"packets-processed":275,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":270,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":270,"total-idle-flows":269,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1310,"global_ts_usec":1686207705291823} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":276,"packets-processed":275,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":270,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":270,"total-idle-flows":269,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1310,"global_ts_usec":1686207705291823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686207705291823,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSu9QAAG0RWMhDnxCWVW80ObxuAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":277,"packets-processed":276,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":271,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":271,"total-idle-flows":270,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1315,"global_ts_usec":1686209332165512} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":277,"packets-processed":276,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":271,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":271,"total-idle-flows":270,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1315,"global_ts_usec":1686209332165512} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686209332165512,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":24038,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686209332165512,"pkt":"AAwp30Y4PJTVQTiBCABFCABLNKwAACIRlfkjAGRzpZBUPl3mAasAN8PZAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686209332165512,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":24038,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":278,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":272,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":272,"total-idle-flows":271,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1320,"global_ts_usec":1686218743990736} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":278,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":272,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":272,"total-idle-flows":271,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1320,"global_ts_usec":1686218743990736} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218743990736,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686218743990736,"pkt":"AAwp30Y4PJTVQTiBCABFCABLunsAACIRECpb\/2t0pXLKPXMFAasAN666AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218743990736,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1326,32 +1326,32 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686218930278883,"pkt":"AAwp30Y4PJTVQTiBCABFAABLV70AACcRe1hiiQNypXLKPRTWAasANxpSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218930278883,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218930278883,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"165.114.202.61","src_port":5334,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218930278883,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":280,"packets-processed":279,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":274,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":274,"total-idle-flows":273,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1329,"global_ts_usec":1686227357942748} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":280,"packets-processed":279,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":274,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":274,"total-idle-flows":273,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1329,"global_ts_usec":1686227357942748} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686227357942748,"pkt":"AAwp30Y4PJTVQTiBCABFCABLNlUAACQRjhzgf2LWWpOrM0rjAasAN9KoAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218930278883,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"165.114.202.61","src_port":5334,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":281,"packets-processed":280,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":275,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":275,"total-idle-flows":274,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1334,"global_ts_usec":1686234455283740} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":281,"packets-processed":280,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":275,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":275,"total-idle-flows":274,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1334,"global_ts_usec":1686234455283740} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686234455283740,"pkt":"bs1PogZtPJTVQTiBCABFAABLt7IAACcRG3GdePx7WpG0OpHzAasAN51CAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":282,"packets-processed":281,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14405,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":276,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":276,"total-idle-flows":275,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1339,"global_ts_usec":1686236482989100} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":282,"packets-processed":281,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14405,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":276,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":276,"total-idle-flows":275,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1339,"global_ts_usec":1686236482989100} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686236482989100,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPMRCY72S2hzWpG0OpKPAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":283,"packets-processed":282,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":277,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":277,"total-idle-flows":276,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1344,"global_ts_usec":1686238266508865} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":283,"packets-processed":282,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":277,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":277,"total-idle-flows":276,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1344,"global_ts_usec":1686238266508865} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686238266508865,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpSrsm2CTSm\/LN7n2AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":284,"packets-processed":283,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14601,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":278,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":278,"total-idle-flows":277,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1349,"global_ts_usec":1686241261208452} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":284,"packets-processed":283,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14601,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":278,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":278,"total-idle-flows":277,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1349,"global_ts_usec":1686241261208452} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241261208452,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":32910,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686241261208452,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrCQtY5KSWm\/UMoCOAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241261208452,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":32910,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":285,"packets-processed":284,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":279,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":279,"total-idle-flows":278,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1354,"global_ts_usec":1686241917944669} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":285,"packets-processed":284,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":279,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":279,"total-idle-flows":278,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1354,"global_ts_usec":1686241917944669} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241917944669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686241917944669,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZLItJByunDKNc42AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241917944669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1365,7 +1365,7 @@ 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686242407915366,"flow_src_last_pkt_time":1686242407915366,"flow_dst_last_pkt_time":1686242407915366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":60621,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686242007697569,"flow_src_last_pkt_time":1686242007697569,"flow_dst_last_pkt_time":1686242007697569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":36409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":288,"packets-processed":287,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":282,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":282,"total-idle-flows":281,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1368,"global_ts_usec":1686243579374691} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":288,"packets-processed":287,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":282,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":282,"total-idle-flows":281,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1368,"global_ts_usec":1686243579374691} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686243579374691,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686243579374691,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrBotY5KSpZBUPuunAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686243579374691,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1374,17 +1374,17 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686244097863995,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZDItJByWo0lONuvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244097863995,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244097863995,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.141.37.56","src_port":56239,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244097863995,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":290,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15189,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":284,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":284,"total-idle-flows":283,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1377,"global_ts_usec":1686244966838652} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":290,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15189,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":284,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":284,"total-idle-flows":283,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1377,"global_ts_usec":1686244966838652} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686244966838652,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpSXsm2CTVW80OaHAAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244097863995,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.141.37.56","src_port":56239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":291,"packets-processed":290,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":285,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":285,"total-idle-flows":284,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1382,"global_ts_usec":1686256443473506} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":291,"packets-processed":290,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":285,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":285,"total-idle-flows":284,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1382,"global_ts_usec":1686256443473506} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686256443473506,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"162.219.248.180","dst_ip":"90.147.171.51","src_port":51156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686256443473506,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbP6i2\/i0WpOrM8fUAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686256443473506,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"162.219.248.180","dst_ip":"90.147.171.51","src_port":51156,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":292,"packets-processed":291,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":286,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":286,"total-idle-flows":285,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1387,"global_ts_usec":1686257607667798} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":292,"packets-processed":291,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":286,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":286,"total-idle-flows":285,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1387,"global_ts_usec":1686257607667798} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257607667798,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686257607667798,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OdifAasAJRHVAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257607667798,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1393,13 +1393,13 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686257765544403,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPcZcAasAJSQTAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257765544403,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257765544403,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":50780,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257765544403,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":294,"packets-processed":293,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":288,"total-detection-updates":0,"total-updates":48,"current-active-flows":2,"total-active-flows":288,"total-idle-flows":286,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1396,"global_ts_usec":1686258512561586} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":294,"packets-processed":293,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":288,"total-detection-updates":0,"total-updates":48,"current-active-flows":2,"total-active-flows":288,"total-idle-flows":286,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1396,"global_ts_usec":1686258512561586} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686258512561586,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":56478,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686258512561586,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNdyeAasAJQ3ZAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686258512561586,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":56478,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257765544403,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":50780,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":295,"packets-processed":294,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15403,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":289,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":289,"total-idle-flows":288,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1402,"global_ts_usec":1686261546684605} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":295,"packets-processed":294,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15403,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":289,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":289,"total-idle-flows":288,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1402,"global_ts_usec":1686261546684605} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261546684605,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686261546684605,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPr7\/AasAJStxAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261546684605,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1414,7 +1414,7 @@ 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_src_last_pkt_time":1686261885374256,"flow_dst_last_pkt_time":1686261885374242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686261885374256,"pkt":"3jHC4dyOPJTVQTiBCABFBABS1h8AADQRotfUmt9nWo0lONofAasAPpnuAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261656437832,"flow_src_last_pkt_time":1686261656437832,"flow_dst_last_pkt_time":1686261656437832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261885374256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":37856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261885374256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":299,"packets-processed":298,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":292,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":292,"total-idle-flows":291,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1417,"global_ts_usec":1686262180549880} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":299,"packets-processed":298,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":292,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":292,"total-idle-flows":291,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1417,"global_ts_usec":1686262180549880} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262180549880,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686262180549880,"pkt":"AAwp30Y4PJTVQTiBCABFAABUwx1AADQRzjFLiYbypXLKPeerAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262180549880,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1423,7 +1423,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_src_last_pkt_time":1686262531882256,"flow_dst_last_pkt_time":1686262531882256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686262531882256,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONHuAasAJRiHAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262531882256,"flow_src_last_pkt_time":1686262531882256,"flow_dst_last_pkt_time":1686262531882256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262531882256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":53742,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262531882256,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":301,"packets-processed":300,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15654,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":294,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":294,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1426,"global_ts_usec":1686262998390221} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":301,"packets-processed":300,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15654,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":294,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":294,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1426,"global_ts_usec":1686262998390221} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262998390221,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262998390221,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":33892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686262998390221,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM4RkAasAJWYXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262998390221,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262998390221,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":33892,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1449,22 +1449,22 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263142896966,"flow_src_last_pkt_time":1686263142896966,"flow_dst_last_pkt_time":1686263142896966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":50776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263094542703,"flow_src_last_pkt_time":1686263094542703,"flow_dst_last_pkt_time":1686263094542703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"197.23.155.213","dst_ip":"90.145.180.58","src_port":51534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263272401090,"flow_src_last_pkt_time":1686263272401090,"flow_dst_last_pkt_time":1686263272401090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":49681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":306,"packets-processed":305,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":299,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":299,"total-idle-flows":298,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1452,"global_ts_usec":1686264627972582} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":306,"packets-processed":305,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":299,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":299,"total-idle-flows":298,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1452,"global_ts_usec":1686264627972582} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686264627972582,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbfZC4OK3pZBUPsz8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263490143641,"flow_src_last_pkt_time":1686263490143641,"flow_dst_last_pkt_time":1686263490143641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":36077,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":307,"packets-processed":306,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":300,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":300,"total-idle-flows":299,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1457,"global_ts_usec":1686265884829767} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":307,"packets-processed":306,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":300,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":300,"total-idle-flows":299,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1457,"global_ts_usec":1686265884829767} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686265884829767,"pkt":"bpHurUgdPJTVQTiBCABFCABLZJsAACQRX81bIWraRW27Nun+AasANzOEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":308,"packets-processed":307,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":301,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":301,"total-idle-flows":300,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1462,"global_ts_usec":1686266868932026} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":308,"packets-processed":307,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":301,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":301,"total-idle-flows":300,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1462,"global_ts_usec":1686266868932026} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686266868932026,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"85.111.52.57","src_port":50356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686266868932026,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRX53OzBhaVW80OcS0AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686266868932026,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"85.111.52.57","src_port":50356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":309,"packets-processed":308,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15904,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":302,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":302,"total-idle-flows":301,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1467,"global_ts_usec":1686268741318193} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":309,"packets-processed":308,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15904,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":302,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":302,"total-idle-flows":301,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1467,"global_ts_usec":1686268741318193} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686268741318193,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686268741318193,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX\/9MLWfkWm\/UMtbfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686268741318193,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1473,17 +1473,17 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686269328666858,"pkt":"xmjqc4OdPJTVQTiBCABFAABLWZ4AACcReX7adoNxunDKNSGuAasANw2BAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686269328666858,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686269328666858,"l3_proto":"ip4","src_ip":"218.118.131.113","dst_ip":"186.112.202.53","src_port":8622,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686269328666858,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":311,"packets-processed":310,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":304,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":304,"total-idle-flows":303,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1476,"global_ts_usec":1686271029434310} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":311,"packets-processed":310,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":304,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":304,"total-idle-flows":303,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1476,"global_ts_usec":1686271029434310} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686271029434310,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbHG95fpLpXLKPcO\/AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686269328666858,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"218.118.131.113","dst_ip":"186.112.202.53","src_port":8622,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16009,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":305,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":305,"total-idle-flows":304,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1481,"global_ts_usec":1686272210557633} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16009,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":305,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":305,"total-idle-flows":304,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1481,"global_ts_usec":1686272210557633} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686272210557633,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"69.109.187.54","src_port":21256,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686272210557633,"pkt":"bpHurUgdPJTVQTiBCABFAABLiBsAACcRSwWlgP10RW27NlMIAasAN9wqAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686272210557633,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"69.109.187.54","src_port":21256,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":313,"packets-processed":312,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":306,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":306,"total-idle-flows":305,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1486,"global_ts_usec":1686276490401508} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":313,"packets-processed":312,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":306,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":306,"total-idle-flows":305,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1486,"global_ts_usec":1686276490401508} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686276490401508,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686276490401508,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbH9e5p5PSm\/LN9nGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686276490401508,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1492,32 +1492,32 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686277031596938,"pkt":"bs1PogZtPJTVQTiBCABFCABLQa4AACIRiPcj\/EVxWpG0OpLiAasAN47dAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686277031596938,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686277031596938,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.145.180.58","src_port":37602,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686277031596938,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":315,"packets-processed":314,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":308,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":308,"total-idle-flows":307,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1495,"global_ts_usec":1686279640620137} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":315,"packets-processed":314,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":308,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":308,"total-idle-flows":307,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1495,"global_ts_usec":1686279640620137} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686279640620137,"pkt":"AAwp30Y4PJTVQTiBCABFCABL5wQAACIR47OY\/6p8WpOrM7YOAasAN2vEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686277031596938,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.145.180.58","src_port":37602,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":316,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":309,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":309,"total-idle-flows":308,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1500,"global_ts_usec":1686282116013463} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":316,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":309,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":309,"total-idle-flows":308,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1500,"global_ts_usec":1686282116013463} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686282116013463,"pkt":"AAwp30Y4PJTVQTiBCABFCABSCtkAAGsRC7dDnxCWpXLKPdYiAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":317,"packets-processed":316,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16233,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":310,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":310,"total-idle-flows":309,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1505,"global_ts_usec":1686283230398748} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":317,"packets-processed":316,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16233,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":310,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":310,"total-idle-flows":309,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1505,"global_ts_usec":1686283230398748} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686283230398748,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbUxdGp8RunDKNd7pAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":318,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16262,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":311,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":311,"total-idle-flows":310,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1510,"global_ts_usec":1686284127841221} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":318,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16262,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":311,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":311,"total-idle-flows":310,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1510,"global_ts_usec":1686284127841221} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686284127841221,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRbM3ZH+f\/Wo0lOMLjAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":319,"packets-processed":318,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16291,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":312,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":312,"total-idle-flows":311,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1515,"global_ts_usec":1686290568082392} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":319,"packets-processed":318,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16291,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":312,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":312,"total-idle-flows":311,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1515,"global_ts_usec":1686290568082392} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686290568082392,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":12620,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686290568082392,"pkt":"AAwp30Y4PJTVQTiBCABFAABScHIAAG0RpCZDnxCWpZBUPjFMAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686290568082392,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":12620,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":320,"packets-processed":319,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":313,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":313,"total-idle-flows":312,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1520,"global_ts_usec":1686292143831347} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":320,"packets-processed":319,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":313,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":313,"total-idle-flows":312,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1520,"global_ts_usec":1686292143831347} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292143831347,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686292143831347,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL62sAACIR3z5b\/2t0VW80OTDAAasAN\/EEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292143831347,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1526,17 +1526,17 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686292431165594,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXt6v7\/\/ZRW27NtI8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292431165594,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292431165594,"l3_proto":"ip4","src_ip":"175.239.255.217","dst_ip":"69.109.187.54","src_port":53820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292431165594,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":322,"packets-processed":321,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":315,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":315,"total-idle-flows":314,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1529,"global_ts_usec":1686295204381615} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":322,"packets-processed":321,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":315,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":315,"total-idle-flows":314,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1529,"global_ts_usec":1686295204381615} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686295204381615,"pkt":"bs1PogZtPJTVQTiBCABFCABSvkIAAGsRWFBDnxCWWpG0OtGMAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292431165594,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"175.239.255.217","dst_ip":"69.109.187.54","src_port":53820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":323,"packets-processed":322,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16475,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":316,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":316,"total-idle-flows":315,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1534,"global_ts_usec":1686301765843785} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":323,"packets-processed":322,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16475,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":316,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":316,"total-idle-flows":315,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1534,"global_ts_usec":1686301765843785} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686301765843785,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"7.110.179.205","dst_ip":"165.144.84.62","src_port":58317,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686301765843785,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+ZMJAADQR\/Z8HbrPNpZBUPuPNAasAKqdQAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686301765843785,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"7.110.179.205","dst_ip":"165.144.84.62","src_port":58317,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":324,"packets-processed":323,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":317,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":317,"total-idle-flows":316,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1539,"global_ts_usec":1686303104961112} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":324,"packets-processed":323,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":317,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":317,"total-idle-flows":316,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1539,"global_ts_usec":1686303104961112} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303104961112,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303104961112,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+LXZAADQRNPvJ7YfSpXLKPZRXAasAKvbVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303104961112,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1545,13 +1545,13 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303160580622,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+Py1AADQRI2U5ooDqVW80OflAAasAKpINAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303160580622,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303160580622,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"85.111.52.57","src_port":63808,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303160580622,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":326,"packets-processed":325,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":319,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":319,"total-idle-flows":317,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1548,"global_ts_usec":1686303829470774} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":326,"packets-processed":325,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":319,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":319,"total-idle-flows":317,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1548,"global_ts_usec":1686303829470774} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303829470774,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"120.46.80.212","dst_ip":"74.111.203.55","src_port":60012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303829470774,"pkt":"ipffLU2SPJTVQTiBCABFAAA+mKZAADQRydB4LlDUSm\/LN+psAasAKqDGAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303829470774,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"120.46.80.212","dst_ip":"74.111.203.55","src_port":60012,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303160580622,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"85.111.52.57","src_port":63808,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":327,"packets-processed":326,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":320,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":320,"total-idle-flows":319,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1554,"global_ts_usec":1686304502775958} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":327,"packets-processed":326,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":320,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":320,"total-idle-flows":319,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1554,"global_ts_usec":1686304502775958} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304502775958,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686304502775958,"pkt":"bpHurUgdPJTVQTiBCABFAAA+ef9AADQR6JY5ooDqRW27Nrw8AasAKs8VAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304502775958,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1560,7 +1560,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_src_last_pkt_time":1686304868179785,"flow_dst_last_pkt_time":1686304868179785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686304868179785,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+RtxAADQRG7c5ooDqWo0lOEzRAasAKj5+AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304868179785,"flow_src_last_pkt_time":1686304868179785,"flow_dst_last_pkt_time":1686304868179785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304868179785,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"90.141.37.56","src_port":19665,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304868179785,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":329,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16679,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":322,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":322,"total-idle-flows":321,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1563,"global_ts_usec":1686305286126745} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":329,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16679,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":322,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":322,"total-idle-flows":321,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1563,"global_ts_usec":1686305286126745} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305286126745,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686305286126745,"pkt":"bs1PogZtPJTVQTiBCABFAAA+FfdAADQRTH3J7YfSWpG0OhmRAasAKnGfAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305286126745,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1572,23 +1572,23 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686305544554511,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+PF5AADQRJgP3XbfFunDKNSAVAasAKmsIAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305544554511,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305544554511,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"186.112.202.53","src_port":8213,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305544554511,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":332,"packets-processed":331,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16781,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":325,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":325,"total-idle-flows":323,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1575,"global_ts_usec":1686312624909971} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":332,"packets-processed":331,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16781,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":325,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":325,"total-idle-flows":323,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1575,"global_ts_usec":1686312624909971} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686312624909971,"pkt":"3jHC4dyOPJTVQTiBCABFAABLr5UAACcRI44lYQR9Wo0lOD7IAasAN\/BtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305534685025,"flow_src_last_pkt_time":1686305534685025,"flow_dst_last_pkt_time":1686305534685025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"90.147.171.51","src_port":10997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305544554511,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"186.112.202.53","src_port":8213,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":333,"packets-processed":332,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":326,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":326,"total-idle-flows":325,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1581,"global_ts_usec":1686321706660675} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":333,"packets-processed":332,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":326,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":326,"total-idle-flows":325,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1581,"global_ts_usec":1686321706660675} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686321706660675,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRCZD2S2hzVW80OYfJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":334,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":327,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":327,"total-idle-flows":326,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1586,"global_ts_usec":1686324009293668} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":334,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":327,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":327,"total-idle-flows":326,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1586,"global_ts_usec":1686324009293668} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324009293668,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":51620,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686324009293668,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAO0REAO2tHiLWo0lOMmkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324009293668,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":51620,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":335,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":328,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":328,"total-idle-flows":327,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1591,"global_ts_usec":1686324751894084} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":335,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":328,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":328,"total-idle-flows":327,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1591,"global_ts_usec":1686324751894084} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324751894084,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686324751894084,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAO0RqigTY5KcWpG0OqNzAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324751894084,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1596,28 +1596,28 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324780665773,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686324780665773,"pkt":"AAwp30Y4PJTVQTiBCABFAABL\/uwAACcR1DRiZ\/1zWm\/UMnJSAasAN7zhAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324780665773,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":330,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":330,"total-idle-flows":328,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1599,"global_ts_usec":1686325702442238} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":330,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":330,"total-idle-flows":328,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1599,"global_ts_usec":1686325702442238} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686325702442238,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZXItJByWm\/UMoi1AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":338,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":331,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":331,"total-idle-flows":330,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1605,"global_ts_usec":1686326962813579} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":338,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":331,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":331,"total-idle-flows":330,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1605,"global_ts_usec":1686326962813579} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686326962813579,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZbItJByWpOrM4BxAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":339,"packets-processed":338,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":332,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":332,"total-idle-flows":331,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1610,"global_ts_usec":1686329069716669} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":339,"packets-processed":338,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":332,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":332,"total-idle-flows":331,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1610,"global_ts_usec":1686329069716669} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686329069716669,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCYvItJBypZBUPo9HAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":340,"packets-processed":339,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":333,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":333,"total-idle-flows":332,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1615,"global_ts_usec":1686330200907102} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":340,"packets-processed":339,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":333,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":333,"total-idle-flows":332,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1615,"global_ts_usec":1686330200907102} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686330200907102,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":50741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686330200907102,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAO0RqigTnLybunDKNcY1AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686330200907102,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":50741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":341,"packets-processed":340,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":334,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":334,"total-idle-flows":333,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1620,"global_ts_usec":1686331103032820} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":341,"packets-processed":340,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":334,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":334,"total-idle-flows":333,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1620,"global_ts_usec":1686331103032820} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331103032820,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686331103032820,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAO0REA2GtJCVRW27NsxFAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331103032820,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1626,12 +1626,12 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686331598448412,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRCZTItJBySm\/LN99gAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331598448412,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331598448412,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"74.111.203.55","src_port":57184,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331598448412,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":343,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":336,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":336,"total-idle-flows":335,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1629,"global_ts_usec":1686332169029831} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":343,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":336,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":336,"total-idle-flows":335,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1629,"global_ts_usec":1686332169029831} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686332169029831,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":54751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686332169029831,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqhguZGGTpXLKPdXfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686332169029831,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":54751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331598448412,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"74.111.203.55","src_port":57184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":344,"packets-processed":343,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":337,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":337,"total-idle-flows":336,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1634,"global_ts_usec":1686334800212088} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":344,"packets-processed":343,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":337,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":337,"total-idle-flows":336,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1634,"global_ts_usec":1686334800212088} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334800212088,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686334800212088,"pkt":"AAwp30Y4PJTVQTiBCABFAABSPDMAAOoRJurHERCvWpOrM+YiAasAPi4OAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334800212088,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1650,7 +1650,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334859871850,"flow_src_last_pkt_time":1686334859871850,"flow_dst_last_pkt_time":1686334859871850,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.111.212.50","src_port":58914,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334813478068,"flow_src_last_pkt_time":1686334813478068,"flow_dst_last_pkt_time":1686334813478068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"165.114.202.61","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":349,"packets-processed":348,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":342,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":342,"total-idle-flows":337,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1653,"global_ts_usec":1686335939300740} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":349,"packets-processed":348,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":342,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":342,"total-idle-flows":337,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1653,"global_ts_usec":1686335939300740} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686335939300740,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686335939300740,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZXG1wJopXLKPdimAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686335939300740,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1663,37 +1663,37 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686336218624230,"pkt":"AAwp30Y4PJTVQTiBCABFCABLMOwAACQRk3IbhqncpXLKPdPLAasAN0mtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686336218624230,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686336218624230,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"165.114.202.61","src_port":54219,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686336218624230,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":351,"packets-processed":350,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":344,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":344,"total-idle-flows":343,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1666,"global_ts_usec":1686337417264371} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":351,"packets-processed":350,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":344,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":344,"total-idle-flows":343,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1666,"global_ts_usec":1686337417264371} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686337417264371,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRX4BQEDgoSm\/LN8LIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686336218624230,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"165.114.202.61","src_port":54219,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":352,"packets-processed":351,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":345,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":345,"total-idle-flows":344,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1671,"global_ts_usec":1686348943265542} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":352,"packets-processed":351,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":345,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":345,"total-idle-flows":344,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1671,"global_ts_usec":1686348943265542} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686348943265542,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRX\/PO8JjhWpG0Os7bAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":353,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":346,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":346,"total-idle-flows":345,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1676,"global_ts_usec":1686352403512683} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":353,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":346,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":346,"total-idle-flows":345,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1676,"global_ts_usec":1686352403512683} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686352403512683,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXnuszr8npZBUPtmEAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":354,"packets-processed":353,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":347,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":347,"total-idle-flows":346,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1681,"global_ts_usec":1686355642711445} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":354,"packets-processed":353,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":347,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":347,"total-idle-flows":346,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1681,"global_ts_usec":1686355642711445} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686355642711445,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRX5yvzh9URW27Ns1JAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":355,"packets-processed":354,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18317,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":348,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":348,"total-idle-flows":347,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1686,"global_ts_usec":1686356686492578} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":355,"packets-processed":354,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18317,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":348,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":348,"total-idle-flows":347,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1686,"global_ts_usec":1686356686492578} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686356686492578,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRXo5QM39KVW80OdPJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":356,"packets-processed":355,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":349,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":349,"total-idle-flows":348,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1691,"global_ts_usec":1686361225400035} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":356,"packets-processed":355,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":349,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":349,"total-idle-flows":348,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1691,"global_ts_usec":1686361225400035} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686361225400035,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"186.112.202.53","src_port":51231,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686361225400035,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbUHGF1kcunDKNcgfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686361225400035,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"186.112.202.53","src_port":51231,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":357,"packets-processed":356,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":350,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":350,"total-idle-flows":349,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1696,"global_ts_usec":1686376742132232} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":357,"packets-processed":356,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":350,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":350,"total-idle-flows":349,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1696,"global_ts_usec":1686376742132232} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686376742132232,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686376742132232,"pkt":"ipffLU2SPJTVQTiBCABFAABL5L0AACcR7mFiiQNySm\/LN2TdAasAN8pUAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686376742132232,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1702,12 +1702,12 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686377192208651,"pkt":"xmjqc4OdPJTVQTiBCABFCABLA5EAACQRwODboGXRunDKNShSAasAN\/U5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686377192208651,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686377192208651,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"186.112.202.53","src_port":10322,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686377192208651,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":359,"packets-processed":358,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18469,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":352,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":352,"total-idle-flows":351,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1705,"global_ts_usec":1686378731428268} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":359,"packets-processed":358,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18469,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":352,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":352,"total-idle-flows":351,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1705,"global_ts_usec":1686378731428268} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686378731428268,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbdWh54D1Wo0lOMaVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686377192208651,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"186.112.202.53","src_port":10322,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":360,"packets-processed":359,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":353,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":353,"total-idle-flows":352,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1710,"global_ts_usec":1686384968861051} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":360,"packets-processed":359,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":353,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":353,"total-idle-flows":352,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1710,"global_ts_usec":1686384968861051} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.114.202.61","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686384968861051,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+0ZZAADQRzpamvyUzpXLKPWv1AasAKlz0AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.114.202.61","src_port":27637,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1715,7 +1715,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686384968861051,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+SnBAADQRVctGP9UwWpOrM\/uJAasAKs1tAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"70.63.213.48","dst_ip":"90.147.171.51","src_port":64393,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":362,"packets-processed":361,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":355,"total-detection-updates":0,"total-updates":57,"current-active-flows":2,"total-active-flows":355,"total-idle-flows":353,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1718,"global_ts_usec":1686385671822712} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":362,"packets-processed":361,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":355,"total-detection-updates":0,"total-updates":57,"current-active-flows":2,"total-active-flows":355,"total-idle-flows":353,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1718,"global_ts_usec":1686385671822712} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686385671822712,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686385671822712,"l3_proto":"ip4","src_ip":"89.198.219.40","dst_ip":"69.109.187.54","src_port":13087,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686385671822712,"pkt":"bpHurUgdPJTVQTiBCABFAAA+U4xAADQRTLRZxtsoRW27NjMfAasAKpXdAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686385671822712,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686385671822712,"l3_proto":"ip4","src_ip":"89.198.219.40","dst_ip":"69.109.187.54","src_port":13087,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1732,7 +1732,7 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386117996493,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386117996493,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"186.112.202.53","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686386117996493,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+tYhAADQR6qymvyUzunDKNWv1AasAKlz8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386117996493,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386117996493,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"186.112.202.53","src_port":27637,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":366,"packets-processed":365,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":359,"total-detection-updates":0,"total-updates":58,"current-active-flows":3,"total-active-flows":359,"total-idle-flows":356,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1735,"global_ts_usec":1686386455119430} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":366,"packets-processed":365,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":359,"total-detection-updates":0,"total-updates":58,"current-active-flows":3,"total-active-flows":359,"total-idle-flows":356,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1735,"global_ts_usec":1686386455119430} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386455119430,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386455119430,"l3_proto":"ip4","src_ip":"94.70.203.49","dst_ip":"74.111.203.55","src_port":9065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686386455119430,"pkt":"ipffLU2SPJTVQTiBCABFAAA+wzhAADQR3P9eRssxSm\/LNyNpAasAKqWLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386455119430,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386455119430,"l3_proto":"ip4","src_ip":"94.70.203.49","dst_ip":"74.111.203.55","src_port":9065,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1751,39 +1751,39 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386835611315,"flow_src_last_pkt_time":1686386835611315,"flow_dst_last_pkt_time":1686386835611315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"185.211.4.13","dst_ip":"90.111.212.50","src_port":55127,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386733673439,"flow_src_last_pkt_time":1686386733673439,"flow_dst_last_pkt_time":1686386733673439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.144.84.62","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386734896340,"flow_src_last_pkt_time":1686386734896340,"flow_dst_last_pkt_time":1686386734896340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"166.65.42.37","dst_ip":"90.141.37.56","src_port":37412,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":370,"packets-processed":369,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":363,"total-detection-updates":0,"total-updates":60,"current-active-flows":3,"total-active-flows":363,"total-idle-flows":360,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1754,"global_ts_usec":1686401776042881} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":370,"packets-processed":369,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":363,"total-detection-updates":0,"total-updates":60,"current-active-flows":3,"total-active-flows":363,"total-idle-flows":360,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1754,"global_ts_usec":1686401776042881} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686401776042881,"pkt":"3jHC4dyOPJTVQTiBCABFCABLnL8AACIRLehkOJtwWo0lODHPAasAN+\/yAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} -00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386835611315,"flow_src_last_pkt_time":1686386835611315,"flow_dst_last_pkt_time":1686386835611315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"185.211.4.13","dst_ip":"90.111.212.50","src_port":55127,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386733673439,"flow_src_last_pkt_time":1686386733673439,"flow_dst_last_pkt_time":1686386733673439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.144.84.62","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386734896340,"flow_src_last_pkt_time":1686386734896340,"flow_dst_last_pkt_time":1686386734896340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"166.65.42.37","dst_ip":"90.141.37.56","src_port":37412,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":371,"packets-processed":370,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18880,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":364,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":364,"total-idle-flows":363,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1761,"global_ts_usec":1686404500406996} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":371,"packets-processed":370,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18880,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":364,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":364,"total-idle-flows":363,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1761,"global_ts_usec":1686404500406996} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686404500406996,"pkt":"AAwp30Y4PJTVQTiBCABFCABLxOMAACIRBdXjx1p6Wm\/UMqwOAasAN3XEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":372,"packets-processed":371,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":365,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":365,"total-idle-flows":364,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1766,"global_ts_usec":1686408138334214} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":372,"packets-processed":371,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":365,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":365,"total-idle-flows":364,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1766,"global_ts_usec":1686408138334214} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686408138334214,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZbItJByWpOrM7r3AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":373,"packets-processed":372,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":366,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":366,"total-idle-flows":365,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1771,"global_ts_usec":1686409062599010} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":373,"packets-processed":372,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":366,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":366,"total-idle-flows":365,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1771,"global_ts_usec":1686409062599010} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686409062599010,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAOsRrC8TY5KcSm\/LN4C4AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":374,"packets-processed":373,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19123,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":367,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":367,"total-idle-flows":366,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1776,"global_ts_usec":1686410047846257} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":374,"packets-processed":373,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19123,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":367,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":367,"total-idle-flows":366,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1776,"global_ts_usec":1686410047846257} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686410047846257,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAOsRrC3RfKOdRW27NtkvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":375,"packets-processed":374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19221,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":368,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":368,"total-idle-flows":367,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1781,"global_ts_usec":1686412803511471} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":375,"packets-processed":374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19221,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":368,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":368,"total-idle-flows":367,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1781,"global_ts_usec":1686412803511471} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686412803511471,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.145.180.58","src_port":54859,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686412803511471,"pkt":"bs1PogZtPJTVQTiBCABFCABLZYcAACQRXt\/jhlHUWpG0OtZLAasAN0c1AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686412803511471,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.145.180.58","src_port":54859,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":376,"packets-processed":375,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":369,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":369,"total-idle-flows":368,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1786,"global_ts_usec":1686413757609123} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":376,"packets-processed":375,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":369,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":369,"total-idle-flows":368,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1786,"global_ts_usec":1686413757609123} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686413757609123,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686413757609123,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsRrCstg6GYunDKNcK0AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686413757609123,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1792,7 +1792,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_src_last_pkt_time":1686414114295045,"flow_dst_last_pkt_time":1686414114295045,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686414114295045,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAOsREgeGtJCVWpG0OsMfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414114295045,"flow_src_last_pkt_time":1686414114295045,"flow_dst_last_pkt_time":1686414114295045,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414114295045,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":49951,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414114295045,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":378,"packets-processed":377,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":371,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":371,"total-idle-flows":370,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1795,"global_ts_usec":1686414638495400} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":378,"packets-processed":377,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":371,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":371,"total-idle-flows":370,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1795,"global_ts_usec":1686414638495400} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414638495400,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686414638495400,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAO8RDcy4tKjwVW80OaZBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414638495400,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1801,7 +1801,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_src_last_pkt_time":1686415196829472,"flow_dst_last_pkt_time":1686415196829472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686415196829472,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrB3SfJyVpZBUPqOnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686415196829472,"flow_src_last_pkt_time":1686415196829472,"flow_dst_last_pkt_time":1686415196829472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686415196829472,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"165.144.84.62","src_port":41895,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686415196829472,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":380,"packets-processed":379,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":373,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":373,"total-idle-flows":372,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1804,"global_ts_usec":1686418497785828} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":380,"packets-processed":379,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":373,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":373,"total-idle-flows":372,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1804,"global_ts_usec":1686418497785828} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418497785828,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686418497785828,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsREf22tHiLpXLKPbEBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418497785828,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1810,7 +1810,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_src_last_pkt_time":1686418806265572,"flow_dst_last_pkt_time":1686418806265572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686418806265572,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAOsRrCfQe7CaWo0lOORZAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418806265572,"flow_src_last_pkt_time":1686418806265572,"flow_dst_last_pkt_time":1686418806265572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418806265572,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":58457,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418806265572,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":382,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":375,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":375,"total-idle-flows":374,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1813,"global_ts_usec":1686419691124244} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":382,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":375,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":375,"total-idle-flows":374,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1813,"global_ts_usec":1686419691124244} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686419691124244,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686419691124244,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLEswAACQRsZcbhqncVW80OZYtAasAN4dQAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686419691124244,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1819,17 +1819,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686420033978573,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpTTvZI2ZSm\/LN7ntAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686420033978573,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686420033978573,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"74.111.203.55","src_port":47597,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686420033978573,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":384,"packets-processed":383,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20001,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":377,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":377,"total-idle-flows":376,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1822,"global_ts_usec":1686427429600756} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":384,"packets-processed":383,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20001,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":377,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":377,"total-idle-flows":376,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1822,"global_ts_usec":1686427429600756} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686427429600756,"pkt":"AAwp30Y4PJTVQTiBCABFAABLrRoAACYRJv+deYJ1pZBUPh0uAasANxH+AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686420033978573,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"74.111.203.55","src_port":47597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":385,"packets-processed":384,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":378,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":378,"total-idle-flows":377,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1827,"global_ts_usec":1686431866256173} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":385,"packets-processed":384,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":378,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":378,"total-idle-flows":377,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1827,"global_ts_usec":1686431866256173} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686431866256173,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.111.212.50","src_port":49319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686431866256173,"pkt":"AAwp30Y4PJTVQTiBCABFCABLx8kAACQR\/KIk523ZWm\/UMsCnAasAN1zfAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686431866256173,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.111.212.50","src_port":49319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":386,"packets-processed":385,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":379,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":379,"total-idle-flows":378,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1832,"global_ts_usec":1686435052414223} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":386,"packets-processed":385,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":379,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":379,"total-idle-flows":378,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1832,"global_ts_usec":1686435052414223} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435052414223,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686435052414223,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX1HRLKcHWm\/UMs9oAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435052414223,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1838,7 +1838,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_src_last_pkt_time":1686435200937981,"flow_dst_last_pkt_time":1686435200937981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686435200937981,"pkt":"AAwp30Y4PJTVQTiBCABFCABLhnIAACQRPfdjx03TpZBUPrMFAasAN2p+AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435200937981,"flow_src_last_pkt_time":1686435200937981,"flow_dst_last_pkt_time":1686435200937981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435200937981,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.144.84.62","src_port":45829,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435200937981,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":388,"packets-processed":387,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":381,"total-detection-updates":0,"total-updates":61,"current-active-flows":2,"total-active-flows":381,"total-idle-flows":379,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1841,"global_ts_usec":1686438148010499} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":388,"packets-processed":387,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":381,"total-detection-updates":0,"total-updates":61,"current-active-flows":2,"total-active-flows":381,"total-idle-flows":379,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1841,"global_ts_usec":1686438148010499} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438148010499,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438148010499,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"85.111.52.57","src_port":44733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686438148010499,"pkt":"moT+\/Ph8PJTVQTiBCABFCABSAABAAOsRy+HXMP3JVW80Oa69AasAPg9AAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438148010499,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438148010499,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"85.111.52.57","src_port":44733,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1887,10 +1887,10 @@ 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438260748204,"flow_src_last_pkt_time":1686438260748204,"flow_dst_last_pkt_time":1686438260748204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"165.144.84.62","src_port":44352,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438308618262,"flow_src_last_pkt_time":1686438308618262,"flow_dst_last_pkt_time":1686438308618262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"165.114.202.61","src_port":53506,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438242172290,"flow_src_last_pkt_time":1686438242172290,"flow_dst_last_pkt_time":1686438242172290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"90.145.180.58","src_port":46653,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":397,"packets-processed":396,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":390,"total-detection-updates":0,"total-updates":78,"current-active-flows":7,"total-active-flows":390,"total-idle-flows":383,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1890,"global_ts_usec":1686442660761538} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":397,"packets-processed":396,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":390,"total-detection-updates":0,"total-updates":78,"current-active-flows":7,"total-active-flows":390,"total-idle-flows":383,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1890,"global_ts_usec":1686442660761538} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686442660761538,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRXpQs8udNunDKNcRVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438209212158,"flow_src_last_pkt_time":1686438209212158,"flow_dst_last_pkt_time":1686438209212158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"90.141.37.56","src_port":50630,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438242164681,"flow_src_last_pkt_time":1686438242164681,"flow_dst_last_pkt_time":1686438242164681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"69.109.187.54","src_port":39194,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438369437015,"flow_src_last_pkt_time":1686438369437015,"flow_dst_last_pkt_time":1686438369437015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"186.112.202.53","src_port":49672,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1901,18 +1901,18 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686443032934623,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbWgl6mQgWpG0Ot3tAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":399,"packets-processed":398,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":392,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":392,"total-idle-flows":391,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1905,"global_ts_usec":1686443411193185} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":399,"packets-processed":398,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":392,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":392,"total-idle-flows":391,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1905,"global_ts_usec":1686443411193185} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686443411193185,"pkt":"3jHC4dyOPJTVQTiBCABFCABLjXwAACQRNugbhqncWo0lOKwWAasAN3FoAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":400,"packets-processed":399,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20762,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":393,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":393,"total-idle-flows":392,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1910,"global_ts_usec":1686448122797857} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":400,"packets-processed":399,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20762,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":393,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":393,"total-idle-flows":392,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1910,"global_ts_usec":1686448122797857} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686448122797857,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":46249,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686448122797857,"pkt":"ipffLU2SPJTVQTiBCABFCABSQJAAAGsR1glDnxCWSm\/LN7SpAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686448122797857,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":46249,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":401,"packets-processed":400,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":394,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":394,"total-idle-flows":393,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1915,"global_ts_usec":1686453545484404} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":401,"packets-processed":400,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":394,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":394,"total-idle-flows":393,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1915,"global_ts_usec":1686453545484404} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686453545484404,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686453545484404,"pkt":"ipffLU2SPJTVQTiBCABFCABLA5wAACQRwMwbhqncSm\/LN\/r7AasANyKHAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686453545484404,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1921,7 +1921,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_src_last_pkt_time":1686454040614924,"flow_dst_last_pkt_time":1686454040614924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686454040614924,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+VZxAADMRS4lYRyo6pZBUPjxoAasAKox5AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454040614924,"flow_src_last_pkt_time":1686454040614924,"flow_dst_last_pkt_time":1686454040614924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454040614924,"l3_proto":"ip4","src_ip":"88.71.42.58","dst_ip":"165.144.84.62","src_port":15464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454040614924,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":403,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":396,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":396,"total-idle-flows":395,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1924,"global_ts_usec":1686454835524989} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":403,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":396,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":396,"total-idle-flows":395,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1924,"global_ts_usec":1686454835524989} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454835524989,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686454835524989,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+jJRAADMRFJq\/Pts5unDKNXIrAasAKla\/AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454835524989,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1930,7 +1930,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_src_last_pkt_time":1686455045546385,"flow_dst_last_pkt_time":1686455045546385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686455045546385,"pkt":"bpHurUgdPJTVQTiBCABFAAA+lIxAADMRDKe+Ryo2RW27NrkEAasAKg\/rAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455045546385,"flow_src_last_pkt_time":1686455045546385,"flow_dst_last_pkt_time":1686455045546385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455045546385,"l3_proto":"ip4","src_ip":"190.71.42.54","dst_ip":"69.109.187.54","src_port":47364,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455045546385,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":405,"packets-processed":404,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20965,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":398,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":398,"total-idle-flows":397,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1933,"global_ts_usec":1686455864946730} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":405,"packets-processed":404,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20965,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":398,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":398,"total-idle-flows":397,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1933,"global_ts_usec":1686455864946730} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455864946730,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686455864946730,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+EMNAADMRkF2mPsU8pXLKPYsWAasAKj3GAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455864946730,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1939,7 +1939,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_src_last_pkt_time":1686456361937981,"flow_dst_last_pkt_time":1686456361937981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686456361937981,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+GgRAADMRhy2\/Pts5Wm\/UMkj9AasAKn\/wAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456361937981,"flow_src_last_pkt_time":1686456361937981,"flow_dst_last_pkt_time":1686456361937981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456361937981,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"90.111.212.50","src_port":18685,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456361937981,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":407,"packets-processed":406,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":400,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":400,"total-idle-flows":399,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1942,"global_ts_usec":1686456730972924} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":407,"packets-processed":406,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":400,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":400,"total-idle-flows":399,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1942,"global_ts_usec":1686456730972924} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456730972924,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686456730972924,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+jhRAADMRExhYRtQ4VW80Of31AasAKsryAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456730972924,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1953,27 +1953,27 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457196084311,"flow_src_last_pkt_time":1686457196084311,"flow_dst_last_pkt_time":1686457196084311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"161.199.58.19","dst_ip":"90.147.171.51","src_port":64864,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456819293547,"flow_src_last_pkt_time":1686456819293547,"flow_dst_last_pkt_time":1686456819293547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"184.199.42.59","dst_ip":"90.141.37.56","src_port":42047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":410,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":403,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":403,"total-idle-flows":402,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1956,"global_ts_usec":1686457611262806} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":410,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":403,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":403,"total-idle-flows":402,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1956,"global_ts_usec":1686457611262806} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686457611262806,"pkt":"ipffLU2SPJTVQTiBCABFAAA+elpAADMRJtihPto0Sm\/LN5DlAasAKjgJAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457196084311,"flow_src_last_pkt_time":1686457196084311,"flow_dst_last_pkt_time":1686457196084311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.199.58.19","dst_ip":"90.147.171.51","src_port":64864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":411,"packets-processed":410,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":404,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":404,"total-idle-flows":403,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1961,"global_ts_usec":1686459303680190} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":411,"packets-processed":410,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":404,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":404,"total-idle-flows":403,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1961,"global_ts_usec":1686459303680190} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686459303680190,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZLCK99qpXLKPddmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":412,"packets-processed":411,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21198,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":405,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":405,"total-idle-flows":404,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1966,"global_ts_usec":1686460297406877} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":412,"packets-processed":411,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21198,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":405,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":405,"total-idle-flows":404,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1966,"global_ts_usec":1686460297406877} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686460297406877,"pkt":"moT+\/Ph8PJTVQTiBCABFAABL8BcAACYR5Ajinvx\/VW80OYHnAasAN61LAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":413,"packets-processed":412,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":406,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":406,"total-idle-flows":405,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1971,"global_ts_usec":1686461245285022} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":413,"packets-processed":412,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":406,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":406,"total-idle-flows":405,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1971,"global_ts_usec":1686461245285022} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686461245285022,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":36149,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686461245285022,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNY01AasAJV1CAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686461245285022,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":36149,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":407,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":407,"total-idle-flows":406,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1976,"global_ts_usec":1686462756222356} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":407,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":407,"total-idle-flows":406,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1976,"global_ts_usec":1686462756222356} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686462756222356,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686462756222356,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":45294,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686462756222356,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPbDuAasAJTmBAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686462756222356,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686462756222356,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":45294,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1986,7 +1986,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_src_last_pkt_time":1686463232786177,"flow_dst_last_pkt_time":1686463232786177,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686463232786177,"pkt":"AAwp30Y4PJTVQTiBCABFAABLPb8AACYRlmBdZnxwWpOrMyrYAasANwRaAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463232786177,"flow_src_last_pkt_time":1686463232786177,"flow_dst_last_pkt_time":1686463232786177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463232786177,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.147.171.51","src_port":10968,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463066276572,"flow_src_last_pkt_time":1686463066276572,"flow_dst_last_pkt_time":1686463066276572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463232786177,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":45056,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":417,"packets-processed":416,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21379,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":410,"total-detection-updates":0,"total-updates":80,"current-active-flows":2,"total-active-flows":410,"total-idle-flows":408,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1989,"global_ts_usec":1686463744473624} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":417,"packets-processed":416,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21379,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":410,"total-detection-updates":0,"total-updates":80,"current-active-flows":2,"total-active-flows":410,"total-idle-flows":408,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1989,"global_ts_usec":1686463744473624} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463744473624,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463744473624,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54431,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686463744473624,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONSfAasAJRXWAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463744473624,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463744473624,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54431,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2000,7 +2000,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_src_last_pkt_time":1686464114985492,"flow_dst_last_pkt_time":1686464114985492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686464114985492,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NsnbAasAJSCdAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686464114985492,"flow_src_last_pkt_time":1686464114985492,"flow_dst_last_pkt_time":1686464114985492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686464114985492,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":51675,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463955005585,"flow_src_last_pkt_time":1686463955005585,"flow_dst_last_pkt_time":1686463955005585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686464114985492,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":59262,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":420,"packets-processed":419,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":413,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":413,"total-idle-flows":411,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2003,"global_ts_usec":1686465127922786} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":420,"packets-processed":419,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":413,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":413,"total-idle-flows":411,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2003,"global_ts_usec":1686465127922786} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465127922786,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465127922786,"l3_proto":"ip4","src_ip":"174.237.64.176","dst_ip":"90.141.37.56","src_port":49218,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686465127922786,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRYA6u7UCwWo0lOMBCAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465127922786,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465127922786,"l3_proto":"ip4","src_ip":"174.237.64.176","dst_ip":"90.141.37.56","src_port":49218,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2013,23 +2013,23 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465448467764,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686465448467764,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80Od+dAasAJQrXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465448467764,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":423,"packets-processed":422,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":416,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":416,"total-idle-flows":414,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2016,"global_ts_usec":1686466394503634} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":423,"packets-processed":422,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":416,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":416,"total-idle-flows":414,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2016,"global_ts_usec":1686466394503634} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686466394503634,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbcTB2\/zdWpOrM8nCAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465406790123,"flow_src_last_pkt_time":1686465406790123,"flow_dst_last_pkt_time":1686465406790123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":57345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":424,"packets-processed":423,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21582,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":417,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":417,"total-idle-flows":416,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2022,"global_ts_usec":1686467393700733} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":424,"packets-processed":423,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21582,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":417,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":417,"total-idle-flows":416,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2022,"global_ts_usec":1686467393700733} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686467393700733,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN6DcAasAJUmdAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":425,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":418,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":418,"total-idle-flows":417,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2027,"global_ts_usec":1686469130125468} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":425,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":418,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":418,"total-idle-flows":417,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2027,"global_ts_usec":1686469130125468} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686469130125468,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":40785,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686469130125468,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMp9RAasAJUspAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686469130125468,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":40785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":426,"packets-processed":425,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":419,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":419,"total-idle-flows":418,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2032,"global_ts_usec":1686473127013443} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":426,"packets-processed":425,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":419,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":419,"total-idle-flows":418,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2032,"global_ts_usec":1686473127013443} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473127013443,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686473127013443,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRX\/muEiDgSm\/LN9AYAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473127013443,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2038,22 +2038,22 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686473724125289,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAOsRrCDthLCIRW27NubXAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473724125289,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473724125289,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"69.109.187.54","src_port":59095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473724125289,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":428,"packets-processed":427,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":421,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":421,"total-idle-flows":420,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2041,"global_ts_usec":1686474011529942} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":428,"packets-processed":427,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":421,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":421,"total-idle-flows":420,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2041,"global_ts_usec":1686474011529942} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686474011529942,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbMMlJB\/SpZBUPtIfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473724125289,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"69.109.187.54","src_port":59095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":429,"packets-processed":428,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":422,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":422,"total-idle-flows":421,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2046,"global_ts_usec":1686475183417032} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":429,"packets-processed":428,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":422,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":422,"total-idle-flows":421,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2046,"global_ts_usec":1686475183417032} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686475183417032,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLWusAACIRb79b\/2t0VW80OYigAasAN5kkAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":430,"packets-processed":429,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21843,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":423,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":423,"total-idle-flows":422,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2051,"global_ts_usec":1686475826792753} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":430,"packets-processed":429,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21843,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":423,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":423,"total-idle-flows":422,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2051,"global_ts_usec":1686475826792753} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475826792753,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"47.51.0.222","dst_ip":"69.109.187.54","src_port":53190,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686475826792753,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXtkvMwDeRW27Ns\/GAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475826792753,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"47.51.0.222","dst_ip":"69.109.187.54","src_port":53190,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":431,"packets-processed":430,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":424,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":424,"total-idle-flows":423,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2056,"global_ts_usec":1686495926985957} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":431,"packets-processed":430,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":424,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":424,"total-idle-flows":423,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2056,"global_ts_usec":1686495926985957} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686495926985957,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686495926985957,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqinunGGXSm\/LN4u5AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686495926985957,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2062,17 +2062,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686496447196573,"pkt":"moT+\/Ph8PJTVQTiBCABFCAB+1DEAAO0REAmGtJCVVW80OYPRAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686496447196573,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686496447196573,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":33745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686496447196573,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":433,"packets-processed":432,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":426,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":426,"total-idle-flows":425,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2065,"global_ts_usec":1686497167515992} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":433,"packets-processed":432,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":426,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":426,"total-idle-flows":425,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2065,"global_ts_usec":1686497167515992} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686497167515992,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZf2S2hzWpOrM5CUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686496447196573,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":33745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":434,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":427,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":427,"total-idle-flows":426,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2070,"global_ts_usec":1686499664191010} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":434,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":427,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":427,"total-idle-flows":426,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2070,"global_ts_usec":1686499664191010} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686499664191010,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":54319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686499664191010,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAO8RDcZGtG\/xpXLKPdQvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686499664191010,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":54319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":435,"packets-processed":434,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22264,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":428,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":428,"total-idle-flows":427,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2075,"global_ts_usec":1686501344601870} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":435,"packets-processed":434,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22264,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":428,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":428,"total-idle-flows":427,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2075,"global_ts_usec":1686501344601870} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501344601870,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686501344601870,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqjATY5KcWm\/UMuhXAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501344601870,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2085,72 +2085,72 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501844780096,"flow_src_last_pkt_time":1686501844780096,"flow_dst_last_pkt_time":1686501844780096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"74.111.203.55","src_port":16085,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501359797956,"flow_src_last_pkt_time":1686501359797956,"flow_dst_last_pkt_time":1686501359797956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":46227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":438,"packets-processed":437,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":431,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":431,"total-idle-flows":430,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2088,"global_ts_usec":1686503041221893} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":438,"packets-processed":437,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":431,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":431,"total-idle-flows":430,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2088,"global_ts_usec":1686503041221893} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686503041221893,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZH2S2hzWo0lOJLDAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501844780096,"flow_src_last_pkt_time":1686501844780096,"flow_dst_last_pkt_time":1686501844780096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"74.111.203.55","src_port":16085,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":439,"packets-processed":438,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":432,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":432,"total-idle-flows":431,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2093,"global_ts_usec":1686503642111524} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":439,"packets-processed":438,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":432,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":432,"total-idle-flows":431,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2093,"global_ts_usec":1686503642111524} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686503642111524,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAO8RDc9GtG\/xRW27NsvYAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":440,"packets-processed":439,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22703,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":433,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":433,"total-idle-flows":432,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2098,"global_ts_usec":1686504303052084} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":440,"packets-processed":439,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22703,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":433,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":433,"total-idle-flows":432,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2098,"global_ts_usec":1686504303052084} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686504303052084,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCYz2S2hzpZBUPp26AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":441,"packets-processed":440,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":434,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":434,"total-idle-flows":433,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2103,"global_ts_usec":1686509878709062} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":441,"packets-processed":440,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":434,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":434,"total-idle-flows":433,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2103,"global_ts_usec":1686509878709062} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686509878709062,"pkt":"AAwp30Y4PJTVQTiBCABFBABSCXBAACIRPHOKEvx4pXLKPS0pAasAPkHRAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":442,"packets-processed":441,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":435,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":435,"total-idle-flows":434,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2108,"global_ts_usec":1686512676583485} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":442,"packets-processed":441,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":435,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":435,"total-idle-flows":434,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2108,"global_ts_usec":1686512676583485} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686512676583485,"pkt":"3jHC4dyOPJTVQTiBCABFCABLlmEAACQRLg7boGXRWo0lONbuAasAN0abAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":443,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":436,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":436,"total-idle-flows":435,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2113,"global_ts_usec":1686513474297518} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":443,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":436,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":436,"total-idle-flows":435,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2113,"global_ts_usec":1686513474297518} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686513474297518,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRbVpC5KY3RW27NskPAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":444,"packets-processed":443,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":437,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":437,"total-idle-flows":436,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2118,"global_ts_usec":1686525113247519} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":444,"packets-processed":443,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":437,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":437,"total-idle-flows":436,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2118,"global_ts_usec":1686525113247519} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686525113247519,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXums7ZjRWpOrM89lAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} -00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":445,"packets-processed":444,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":438,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":438,"total-idle-flows":437,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2123,"global_ts_usec":1686526077263977} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":445,"packets-processed":444,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":438,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":438,"total-idle-flows":437,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2123,"global_ts_usec":1686526077263977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686526077263977,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRX9pSE1jcunDKNcNGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":446,"packets-processed":445,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":439,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":439,"total-idle-flows":438,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2128,"global_ts_usec":1686529340012662} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":446,"packets-processed":445,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":439,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":439,"total-idle-flows":438,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2128,"global_ts_usec":1686529340012662} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686529340012662,"pkt":"3jHC4dyOPJTVQTiBCABFCABLCXUAACIRwTynB5p9Wo0lOAnqAasANxfiAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":447,"packets-processed":446,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23036,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":440,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":440,"total-idle-flows":439,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2133,"global_ts_usec":1686547842864988} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":447,"packets-processed":446,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23036,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":440,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":440,"total-idle-flows":439,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2133,"global_ts_usec":1686547842864988} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686547842864988,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXqPOzBhaWm\/UMtMpAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":448,"packets-processed":447,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23065,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":441,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":441,"total-idle-flows":440,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2138,"global_ts_usec":1686548676434879} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":448,"packets-processed":447,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23065,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":441,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":441,"total-idle-flows":440,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2138,"global_ts_usec":1686548676434879} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686548676434879,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbM+5IUHQSm\/LN85CAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":449,"packets-processed":448,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":442,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":442,"total-idle-flows":441,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2143,"global_ts_usec":1686549393930759} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":449,"packets-processed":448,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":442,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":442,"total-idle-flows":441,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2143,"global_ts_usec":1686549393930759} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686549393930759,"pkt":"xmjqc4OdPJTVQTiBCABFCABLQj4AACQRhmwj\/EVxunDKNW7WAasAN7LuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":443,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":443,"total-idle-flows":442,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2148,"global_ts_usec":1686554987062980} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":443,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":443,"total-idle-flows":442,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2148,"global_ts_usec":1686554987062980} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686554987062980,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"47.236.248.231","dst_ip":"90.141.37.56","src_port":52985,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686554987062980,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXvwv7PjnWo0lOM75AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686554987062980,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"47.236.248.231","dst_ip":"90.141.37.56","src_port":52985,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":444,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":444,"total-idle-flows":443,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2153,"global_ts_usec":1686556816084247} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":444,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":444,"total-idle-flows":443,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2153,"global_ts_usec":1686556816084247} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686556816084247,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686556816084247,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM4GtoQqtWm\/UMquUAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686556816084247,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2164,7 +2164,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557322938004,"flow_src_last_pkt_time":1686557322938004,"flow_dst_last_pkt_time":1686557322938004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"191.184.52.78","dst_ip":"90.111.212.50","src_port":64609,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556919146434,"flow_src_last_pkt_time":1686556919146434,"flow_dst_last_pkt_time":1686556919146434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"185.213.154.138","dst_ip":"165.114.202.61","src_port":52528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":454,"packets-processed":453,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":447,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":447,"total-idle-flows":446,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2167,"global_ts_usec":1686557572392407} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":454,"packets-processed":453,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":447,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":447,"total-idle-flows":446,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2167,"global_ts_usec":1686557572392407} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557572392407,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686557572392407,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+j2xAADMREeWnQdRQpZBUPg4NAasAKrsAAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557572392407,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2173,7 +2173,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_src_last_pkt_time":1686558124354447,"flow_dst_last_pkt_time":1686558124354447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686558124354447,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+H7dAADMRgZO5PsRKpXLKPcU1AasAKgPRAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558124354447,"flow_src_last_pkt_time":1686558124354447,"flow_dst_last_pkt_time":1686558124354447,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558124354447,"l3_proto":"ip4","src_ip":"185.62.196.74","dst_ip":"165.114.202.61","src_port":50485,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558124354447,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":456,"packets-processed":455,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23326,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":449,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":449,"total-idle-flows":448,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2176,"global_ts_usec":1686558422116551} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":456,"packets-processed":455,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23326,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":449,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":449,"total-idle-flows":448,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2176,"global_ts_usec":1686558422116551} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558422116551,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686558422116551,"pkt":"bs1PogZtPJTVQTiBCABFAAA+YlBAADMRPwOnQdRQWpG0OiKYAasAKqZ3AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558422116551,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2186,7 +2186,7 @@ 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558852064997,"flow_src_last_pkt_time":1686558852064997,"flow_dst_last_pkt_time":1686558852064997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"64.64.43.81","dst_ip":"90.141.37.56","src_port":58560,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558440675193,"flow_src_last_pkt_time":1686558440675193,"flow_dst_last_pkt_time":1686558440675193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"74.111.203.55","src_port":46615,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":459,"packets-processed":458,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":452,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":452,"total-idle-flows":451,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2189,"global_ts_usec":1686559367388486} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":459,"packets-processed":458,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":452,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":452,"total-idle-flows":451,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2189,"global_ts_usec":1686559367388486} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559367388486,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686559367388486,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+tTJAADMR7B1BRitLVW80OWEkAasAKmfoAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559367388486,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2195,7 +2195,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_src_last_pkt_time":1686559497105642,"flow_dst_last_pkt_time":1686559497105642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686559497105642,"pkt":"bpHurUgdPJTVQTiBCABFAAA+H+JAADMRgXenQdRQRW27Nj+eAasAKol3AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559497105642,"flow_src_last_pkt_time":1686559497105642,"flow_dst_last_pkt_time":1686559497105642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559497105642,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"69.109.187.54","src_port":16286,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559497105642,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":461,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":454,"total-detection-updates":0,"total-updates":83,"current-active-flows":2,"total-active-flows":454,"total-idle-flows":452,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2198,"global_ts_usec":1686559998830359} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":461,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":454,"total-detection-updates":0,"total-updates":83,"current-active-flows":2,"total-active-flows":454,"total-idle-flows":452,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2198,"global_ts_usec":1686559998830359} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559998830359,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686559998830359,"pkt":"ipffLU2SPJTVQTiBCABFAABLXmYAACYRdcAid3p+Sm\/LNwpHAasANyTyAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559998830359,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2205,7 +2205,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_src_last_pkt_time":1686560166108940,"flow_dst_last_pkt_time":1686560166108940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686560166108940,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXo\/TMphPpZBUPtg8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560166108940,"flow_src_last_pkt_time":1686560166108940,"flow_dst_last_pkt_time":1686560166108940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560166108940,"l3_proto":"ip4","src_ip":"211.50.152.79","dst_ip":"165.144.84.62","src_port":55356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560166108940,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":463,"packets-processed":462,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":456,"total-detection-updates":0,"total-updates":84,"current-active-flows":2,"total-active-flows":456,"total-idle-flows":454,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2208,"global_ts_usec":1686560793652859} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":463,"packets-processed":462,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":456,"total-detection-updates":0,"total-updates":84,"current-active-flows":2,"total-active-flows":456,"total-idle-flows":454,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2208,"global_ts_usec":1686560793652859} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560793652859,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560793652859,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"186.112.202.53","src_port":45539,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686560793652859,"pkt":"xmjqc4OdPJTVQTiBCABFCAA11DEAAPERM36toQqtunDKNbHjAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560793652859,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560793652859,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"186.112.202.53","src_port":45539,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2224,14 +2224,14 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561147477324,"flow_src_last_pkt_time":1686561147477324,"flow_dst_last_pkt_time":1686561147477324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"209.239.135.211","dst_ip":"85.111.52.57","src_port":55124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561012661463,"flow_src_last_pkt_time":1686561012661463,"flow_dst_last_pkt_time":1686561012661463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"88.185.36.86","dst_ip":"90.147.171.51","src_port":4763,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561057684079,"flow_src_last_pkt_time":1686561057684079,"flow_dst_last_pkt_time":1686561057684079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"94.64.218.76","dst_ip":"186.112.202.53","src_port":16452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":467,"packets-processed":466,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":460,"total-detection-updates":0,"total-updates":87,"current-active-flows":3,"total-active-flows":460,"total-idle-flows":457,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2227,"global_ts_usec":1686562035943293} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":467,"packets-processed":466,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":460,"total-detection-updates":0,"total-updates":87,"current-active-flows":3,"total-active-flows":460,"total-idle-flows":457,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2227,"global_ts_usec":1686562035943293} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686562035943293,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"90.145.180.58","src_port":58464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686562035943293,"pkt":"bs1PogZtPJTVQTiBCABFAABLyDkAACcRCuPigHp2WpG0OuRgAasAN0rOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686562035943293,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"90.145.180.58","src_port":58464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561147477324,"flow_src_last_pkt_time":1686561147477324,"flow_dst_last_pkt_time":1686561147477324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"209.239.135.211","dst_ip":"85.111.52.57","src_port":55124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561012661463,"flow_src_last_pkt_time":1686561012661463,"flow_dst_last_pkt_time":1686561012661463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"88.185.36.86","dst_ip":"90.147.171.51","src_port":4763,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561057684079,"flow_src_last_pkt_time":1686561057684079,"flow_dst_last_pkt_time":1686561057684079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"94.64.218.76","dst_ip":"186.112.202.53","src_port":16452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":468,"packets-processed":467,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":461,"total-detection-updates":0,"total-updates":87,"current-active-flows":1,"total-active-flows":461,"total-idle-flows":460,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2234,"global_ts_usec":1686565369552713} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":468,"packets-processed":467,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":461,"total-detection-updates":0,"total-updates":87,"current-active-flows":1,"total-active-flows":461,"total-idle-flows":460,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2234,"global_ts_usec":1686565369552713} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565369552713,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686565369552713,"pkt":"AAwp30Y4PJTVQTiBCABFAABL95AAACcR25EiZn14pXLKPch8AasAN2a4AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565369552713,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2240,13 +2240,13 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686565439403208,"pkt":"AAwp30Y4PJTVQTiBCABFBAA11DEAAOURP3utoQqtpZBUPqVAAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565439403208,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565439403208,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.144.84.62","src_port":42304,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565439403208,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":470,"packets-processed":469,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23813,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":463,"total-detection-updates":0,"total-updates":88,"current-active-flows":2,"total-active-flows":463,"total-idle-flows":461,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2243,"global_ts_usec":1686572533804714} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":470,"packets-processed":469,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23813,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":463,"total-detection-updates":0,"total-updates":88,"current-active-flows":2,"total-active-flows":463,"total-idle-flows":461,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2243,"global_ts_usec":1686572533804714} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686572533804714,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.145.180.58","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686572533804714,"pkt":"bs1PogZtPJTVQTiBCABFCAA11DEAAPERM3mtoQqtWpG0Os9oAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686572533804714,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.145.180.58","src_port":53096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565439403208,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.144.84.62","src_port":42304,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":471,"packets-processed":470,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":464,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":464,"total-idle-flows":463,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2249,"global_ts_usec":1686582591141391} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":471,"packets-processed":470,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":464,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":464,"total-idle-flows":463,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2249,"global_ts_usec":1686582591141391} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582591141391,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686582591141391,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":51824,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686582591141391,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPIRCxGGtJCVVW80OcpwAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582591141391,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686582591141391,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":51824,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2259,17 +2259,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686583068043463,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRpTYtg6GYWm\/UMuIEAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583068043463,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583068043463,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"90.111.212.50","src_port":57860,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582817928624,"flow_src_last_pkt_time":1686582817928624,"flow_dst_last_pkt_time":1686582817928624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583068043463,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":35531,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":474,"packets-processed":473,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":467,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":467,"total-idle-flows":466,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2262,"global_ts_usec":1686583896993524} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":474,"packets-processed":473,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":467,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":467,"total-idle-flows":466,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2262,"global_ts_usec":1686583896993524} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686583896993524,"pkt":"3jHC4dyOPJTVQTiBCABFBAA11DEAAOURP4CtoQqtWo0lOOu5AasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583068043463,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"90.111.212.50","src_port":57860,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":475,"packets-processed":474,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":468,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":468,"total-idle-flows":467,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2267,"global_ts_usec":1686585375283341} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":475,"packets-processed":474,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":468,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":468,"total-idle-flows":467,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2267,"global_ts_usec":1686585375283341} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686585375283341,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.141.37.56","src_port":60624,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686585375283341,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRpScQY5OSWo0lOOzQAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686585375283341,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.141.37.56","src_port":60624,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":476,"packets-processed":475,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":469,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":469,"total-idle-flows":468,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2272,"global_ts_usec":1686586012577392} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":476,"packets-processed":475,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":469,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":469,"total-idle-flows":468,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2272,"global_ts_usec":1686586012577392} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586012577392,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686586012577392,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRCwa2tHiLpZBUPsWjAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586012577392,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2278,22 +2278,22 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686586604126248,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSUTY5OUpXLKPeRUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586604126248,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586604126248,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":58452,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586604126248,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":478,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":471,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":471,"total-idle-flows":470,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2281,"global_ts_usec":1686588963792964} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":478,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":471,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":471,"total-idle-flows":470,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2281,"global_ts_usec":1686588963792964} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686588963792964,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPIRpS3SfJyVRW27Ns7DAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586604126248,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":58452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":479,"packets-processed":478,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24549,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":472,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":472,"total-idle-flows":471,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2286,"global_ts_usec":1686590370864320} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":479,"packets-processed":478,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24549,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":472,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":472,"total-idle-flows":471,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2286,"global_ts_usec":1686590370864320} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686590370864320,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPIRCxSGtJCVunDKNeIfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":480,"packets-processed":479,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":473,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":473,"total-idle-flows":472,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2291,"global_ts_usec":1686591026824273} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":480,"packets-processed":479,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":473,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":473,"total-idle-flows":472,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2291,"global_ts_usec":1686591026824273} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591026824273,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"74.111.203.55","src_port":56968,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686591026824273,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAO0RD9G4tKjwSm\/LN96IAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591026824273,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"74.111.203.55","src_port":56968,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":481,"packets-processed":480,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":474,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":474,"total-idle-flows":473,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2296,"global_ts_usec":1686591654230904} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":481,"packets-processed":480,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":474,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":474,"total-idle-flows":473,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2296,"global_ts_usec":1686591654230904} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591654230904,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686591654230904,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRpSYQg7+QWpG0OuDbAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591654230904,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2302,27 +2302,27 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686592164666841,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM3atoQqtpXLKPYGrAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592164666841,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592164666841,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.114.202.61","src_port":33195,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592164666841,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":483,"packets-processed":482,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":476,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":476,"total-idle-flows":475,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2305,"global_ts_usec":1686592363602889} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":483,"packets-processed":482,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":476,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":476,"total-idle-flows":475,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2305,"global_ts_usec":1686592363602889} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686592363602889,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM4KtoQqtWpOrM74wAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592164666841,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.114.202.61","src_port":33195,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":484,"packets-processed":483,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24893,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":477,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":477,"total-idle-flows":476,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2310,"global_ts_usec":1686596322335333} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":484,"packets-processed":483,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24893,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":477,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":477,"total-idle-flows":476,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2310,"global_ts_usec":1686596322335333} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686596322335333,"pkt":"AAwp30Y4PJTVQTiBCABFCABLns0AACQRJZHnJlLdpZBUPqE1AasAN3xDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":485,"packets-processed":484,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24940,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":478,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":478,"total-idle-flows":477,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2315,"global_ts_usec":1686602955779893} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":485,"packets-processed":484,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24940,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":478,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":478,"total-idle-flows":477,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2315,"global_ts_usec":1686602955779893} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686602955779893,"pkt":"bpHurUgdPJTVQTiBCABFCABLVG4AACIRdj0j\/EVxRW27NjddAasAN+poAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":486,"packets-processed":485,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24987,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":479,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":479,"total-idle-flows":478,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2320,"global_ts_usec":1686608660321945} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":486,"packets-processed":485,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24987,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":479,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":479,"total-idle-flows":478,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2320,"global_ts_usec":1686608660321945} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686608660321945,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"173.19.223.218","dst_ip":"85.111.52.57","src_port":54527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686608660321945,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRXtitE9\/aVW80OdT\/AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686608660321945,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"173.19.223.218","dst_ip":"85.111.52.57","src_port":54527,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":487,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25016,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":480,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":480,"total-idle-flows":479,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2325,"global_ts_usec":1686612659801075} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":487,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25016,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":480,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":480,"total-idle-flows":479,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2325,"global_ts_usec":1686612659801075} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686612659801075,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686612659801075,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRXtrQ8\/jUWpG0OsuIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686612659801075,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2331,12 +2331,12 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686613204876638,"pkt":"AAwp30Y4PJTVQTiBCABFCABL8UEAACIR2W0nO4t5pXLKPUanAasAN9siAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686613204876638,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686613204876638,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"165.114.202.61","src_port":18087,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686613204876638,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":482,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":482,"total-idle-flows":481,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2334,"global_ts_usec":1686615481954219} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":482,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":482,"total-idle-flows":481,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2334,"global_ts_usec":1686615481954219} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686615481954219,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"69.109.187.54","src_port":33095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686615481954219,"pkt":"bpHurUgdPJTVQTiBCABFCAA11DEAAPERM3+toQqtRW27NoFHAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686615481954219,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"69.109.187.54","src_port":33095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686613204876638,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"165.114.202.61","src_port":18087,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":490,"packets-processed":489,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":483,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":483,"total-idle-flows":482,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2339,"global_ts_usec":1686616634395567} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":490,"packets-processed":489,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":483,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":483,"total-idle-flows":482,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2339,"global_ts_usec":1686616634395567} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686616634395567,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686616634395567,"pkt":"moT+\/Ph8PJTVQTiBCABFBAA11DEAAOURP3+toQqtVW80OaXxAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686616634395567,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2345,12 +2345,12 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686617105964842,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbgVG0kSqWm\/UMsPJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686617105964842,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686617105964842,"l3_proto":"ip4","src_ip":"70.210.68.170","dst_ip":"90.111.212.50","src_port":50121,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686617105964842,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":492,"packets-processed":491,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":485,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":485,"total-idle-flows":484,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2348,"global_ts_usec":1686621073847677} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":492,"packets-processed":491,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":485,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":485,"total-idle-flows":484,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2348,"global_ts_usec":1686621073847677} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621073847677,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.145.180.58","src_port":51729,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686621073847677,"pkt":"bs1PogZtPJTVQTiBCABFCABLfhMAACIRTJ3jx1p6WpG0OsoRAasAN1e5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621073847677,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.145.180.58","src_port":51729,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686617105964842,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"70.210.68.170","dst_ip":"90.111.212.50","src_port":50121,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":493,"packets-processed":492,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":486,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":486,"total-idle-flows":485,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2353,"global_ts_usec":1686621999752750} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":493,"packets-processed":492,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":486,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":486,"total-idle-flows":485,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2353,"global_ts_usec":1686621999752750} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621999752750,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686621999752750,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbdmh54D1Sm\/LN930AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621999752750,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2359,22 +2359,22 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686622450094352,"pkt":"ipffLU2SPJTVQTiBCABFBAA11DEAAOURP4StoQqtSm\/LN9dbAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686622450094352,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686622450094352,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"74.111.203.55","src_port":55131,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686622450094352,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":495,"packets-processed":494,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":488,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":488,"total-idle-flows":487,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2362,"global_ts_usec":1686623052095688} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":495,"packets-processed":494,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":488,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":488,"total-idle-flows":487,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2362,"global_ts_usec":1686623052095688} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686623052095688,"pkt":"AAwp30Y4PJTVQTiBCABFCABLa\/IAACQRWHZjx03TpXLKPTeOAasAN+X0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686622450094352,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"74.111.203.55","src_port":55131,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":496,"packets-processed":495,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":489,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":489,"total-idle-flows":488,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2367,"global_ts_usec":1686623787230359} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":496,"packets-processed":495,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":489,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":489,"total-idle-flows":488,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2367,"global_ts_usec":1686623787230359} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686623787230359,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbcPeKQfeWpOrM9qiAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":490,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":490,"total-idle-flows":489,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2372,"global_ts_usec":1686625900350760} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":490,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":490,"total-idle-flows":489,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2372,"global_ts_usec":1686625900350760} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686625900350760,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"89.28.95.249","dst_ip":"165.144.84.62","src_port":56710,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686625900350760,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbc1ZHF\/5pZBUPt2GAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686625900350760,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"89.28.95.249","dst_ip":"165.144.84.62","src_port":56710,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":498,"packets-processed":497,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25377,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":491,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":491,"total-idle-flows":490,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2377,"global_ts_usec":1686628530442979} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":498,"packets-processed":497,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25377,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":491,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":491,"total-idle-flows":490,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2377,"global_ts_usec":1686628530442979} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628530442979,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686628530442979,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"74.111.203.55","src_port":16312,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686628530442979,"pkt":"ipffLU2SPJTVQTiBCABFAAA+QgFAADQR6spVL+CrSm\/LNz+4AasAKhXQAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628530442979,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686628530442979,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"74.111.203.55","src_port":16312,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2387,12 +2387,12 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629067407805,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+joxAADQRnjdKjiiuWo0lOCkgAasAKixgAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629067407805,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629067407805,"l3_proto":"ip4","src_ip":"74.142.40.174","dst_ip":"90.141.37.56","src_port":10528,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628814387687,"flow_src_last_pkt_time":1686628814387687,"flow_dst_last_pkt_time":1686628814387687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629067407805,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"165.144.84.62","src_port":46040,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":501,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":494,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":494,"total-idle-flows":493,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2390,"global_ts_usec":1686629318462692} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":501,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":494,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":494,"total-idle-flows":493,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2390,"global_ts_usec":1686629318462692} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629318462692,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"85.174.88.154","dst_ip":"69.109.187.54","src_port":20504,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629318462692,"pkt":"bpHurUgdPJTVQTiBCABFAAA+O+VAADQR8QlVrliaRW27NlAYAasAKgWTAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629318462692,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"85.174.88.154","dst_ip":"69.109.187.54","src_port":20504,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629067407805,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"74.142.40.174","dst_ip":"90.141.37.56","src_port":10528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":502,"packets-processed":501,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":495,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":495,"total-idle-flows":494,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2395,"global_ts_usec":1686629919351142} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":502,"packets-processed":501,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":495,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":495,"total-idle-flows":494,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2395,"global_ts_usec":1686629919351142} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629919351142,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629919351142,"l3_proto":"ip4","src_ip":"170.238.168.143","dst_ip":"85.111.52.57","src_port":62476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629919351142,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+qEdAADQRhJOq7qiPVW80OfQMAasAKmGKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629919351142,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629919351142,"l3_proto":"ip4","src_ip":"170.238.168.143","dst_ip":"85.111.52.57","src_port":62476,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2408,29 +2408,29 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686630458164673,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+D4ZAADQRHSyq8yi6pXLKPYrIAasAKsqlAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630458164673,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630458164673,"l3_proto":"ip4","src_ip":"170.243.40.186","dst_ip":"165.114.202.61","src_port":35528,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630406259808,"flow_src_last_pkt_time":1686630406259808,"flow_dst_last_pkt_time":1686630406259808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630458164673,"l3_proto":"ip4","src_ip":"170.18.87.162","dst_ip":"186.112.202.53","src_port":58469,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":506,"packets-processed":505,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":499,"total-detection-updates":0,"total-updates":89,"current-active-flows":3,"total-active-flows":499,"total-idle-flows":496,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2411,"global_ts_usec":1686630725136169} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":506,"packets-processed":505,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":499,"total-detection-updates":0,"total-updates":89,"current-active-flows":3,"total-active-flows":499,"total-idle-flows":496,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2411,"global_ts_usec":1686630725136169} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686630725136169,"pkt":"bs1PogZtPJTVQTiBCABFAAA+gpBAADQRqlxK7xCcWpG0OrWAAasAKqAoAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630430100534,"flow_src_last_pkt_time":1686630430100534,"flow_dst_last_pkt_time":1686630430100534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"90.111.212.50","src_port":16312,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630406259808,"flow_src_last_pkt_time":1686630406259808,"flow_dst_last_pkt_time":1686630406259808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"170.18.87.162","dst_ip":"186.112.202.53","src_port":58469,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630458164673,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"170.243.40.186","dst_ip":"165.114.202.61","src_port":35528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":507,"packets-processed":506,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":500,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":500,"total-idle-flows":499,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2418,"global_ts_usec":1686633699223089} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":507,"packets-processed":506,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":500,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":500,"total-idle-flows":499,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2418,"global_ts_usec":1686633699223089} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686633699223089,"pkt":"AAwp30Y4PJTVQTiBCABFCABL7LwAACIR3egjAGRzpZBUPrX8AasAN2vDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":508,"packets-processed":507,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25730,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":501,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":501,"total-idle-flows":500,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2423,"global_ts_usec":1686635615867515} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":508,"packets-processed":507,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25730,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":501,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":501,"total-idle-flows":500,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2423,"global_ts_usec":1686635615867515} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686635615867515,"pkt":"AAwp30Y4PJTVQTiBCABFCABLHKcAACQRp8jjhlHUWpOrM0SGAasAN9kDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":509,"packets-processed":508,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":502,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":502,"total-idle-flows":501,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2428,"global_ts_usec":1686645708313834} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":509,"packets-processed":508,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":502,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":502,"total-idle-flows":501,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2428,"global_ts_usec":1686645708313834} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686645708313834,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"93.36.35.136","dst_ip":"165.114.202.61","src_port":56600,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686645708313834,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbhVdJCOIpXLKPd0YAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686645708313834,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"93.36.35.136","dst_ip":"165.114.202.61","src_port":56600,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":510,"packets-processed":509,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":503,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":503,"total-idle-flows":502,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2433,"global_ts_usec":1686648509180305} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":510,"packets-processed":509,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":503,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":503,"total-idle-flows":502,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2433,"global_ts_usec":1686648509180305} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648509180305,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686648509180305,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXu5MMof1Wo0lOMp8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648509180305,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2439,17 +2439,17 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686648822385793,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbOVFJOfmRW27NthOAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648822385793,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648822385793,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"69.109.187.54","src_port":55374,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648822385793,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":512,"packets-processed":511,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":505,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":505,"total-idle-flows":504,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2442,"global_ts_usec":1686659729108378} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":512,"packets-processed":511,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":505,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":505,"total-idle-flows":504,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2442,"global_ts_usec":1686659729108378} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686659729108378,"pkt":"3jHC4dyOPJTVQTiBCABFCABSFQsAAO0Rd7F6eqcJWo0lOKp+AasAPpZZAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648822385793,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"69.109.187.54","src_port":55374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25918,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":506,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":506,"total-idle-flows":505,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2447,"global_ts_usec":1686665626336271} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25918,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":506,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":506,"total-idle-flows":505,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2447,"global_ts_usec":1686665626336271} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686665626336271,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":48498,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686665626336271,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPb1yAasAJSz9AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686665626336271,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":48498,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":514,"packets-processed":513,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":507,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":507,"total-idle-flows":506,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2452,"global_ts_usec":1686666893687687} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":514,"packets-processed":513,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":507,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":507,"total-idle-flows":506,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2452,"global_ts_usec":1686666893687687} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666893687687,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686666893687687,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPURKLTIH5CeWpG0OowIAasAJV5qAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666893687687,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2458,7 +2458,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_src_last_pkt_time":1686666997632966,"flow_dst_last_pkt_time":1686666997632966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686666997632966,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NpV4AasAJVUAAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666997632966,"flow_src_last_pkt_time":1686666997632966,"flow_dst_last_pkt_time":1686666997632966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666997632966,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":38264,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666997632966,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":516,"packets-processed":515,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":509,"total-detection-updates":0,"total-updates":90,"current-active-flows":2,"total-active-flows":509,"total-idle-flows":507,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2461,"global_ts_usec":1686668729813725} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":516,"packets-processed":515,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":509,"total-detection-updates":0,"total-updates":90,"current-active-flows":2,"total-active-flows":509,"total-idle-flows":507,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2461,"global_ts_usec":1686668729813725} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668729813725,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686668729813725,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OcD8AasAJSl4AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668729813725,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2468,7 +2468,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_src_last_pkt_time":1686668903038990,"flow_dst_last_pkt_time":1686668903038990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686668903038990,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTfvg6CYWpOrM57NAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668903038990,"flow_src_last_pkt_time":1686668903038990,"flow_dst_last_pkt_time":1686668903038990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668903038990,"l3_proto":"ip4","src_ip":"239.131.160.152","dst_ip":"90.147.171.51","src_port":40653,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668903038990,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":518,"packets-processed":517,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":511,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":511,"total-idle-flows":509,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2471,"global_ts_usec":1686669522645622} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":518,"packets-processed":517,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":511,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":511,"total-idle-flows":509,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2471,"global_ts_usec":1686669522645622} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669522645622,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669522645622,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":33216,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686669522645622,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPoHAAasAJWiwAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669522645622,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669522645622,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":33216,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2481,7 +2481,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669802055928,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669802055928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"74.111.203.55","src_port":51278,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686669802055928,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPIRpSnthLCISm\/LN8hOAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669802055928,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669802055928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"74.111.203.55","src_port":51278,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":521,"packets-processed":520,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":514,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":514,"total-idle-flows":512,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2484,"global_ts_usec":1686670236730839} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":521,"packets-processed":520,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":514,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":514,"total-idle-flows":512,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2484,"global_ts_usec":1686670236730839} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670236730839,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670236730839,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50377,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686670236730839,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZP2S2hzunDKNcTJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670236730839,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670236730839,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50377,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2495,7 +2495,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_src_last_pkt_time":1686670830957645,"flow_dst_last_pkt_time":1686670830957645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686670830957645,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNbxnAasAJS4QAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670830957645,"flow_src_last_pkt_time":1686670830957645,"flow_dst_last_pkt_time":1686670830957645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670830957645,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":48231,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670733471596,"flow_src_last_pkt_time":1686670733471596,"flow_dst_last_pkt_time":1686670733471596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670830957645,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":51457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":524,"packets-processed":523,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":517,"total-detection-updates":0,"total-updates":92,"current-active-flows":2,"total-active-flows":517,"total-idle-flows":515,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2498,"global_ts_usec":1686671088394461} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":524,"packets-processed":523,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":517,"total-detection-updates":0,"total-updates":92,"current-active-flows":2,"total-active-flows":517,"total-idle-flows":515,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2498,"global_ts_usec":1686671088394461} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671088394461,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686671088394461,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN9lqAasAJREPAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671088394461,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2505,12 +2505,12 @@ 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686671667122633,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDNFGtG\/xWm\/UMuPMAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671667122633,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671667122633,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.111.212.50","src_port":58316,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671667122633,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":526,"packets-processed":525,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":519,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":519,"total-idle-flows":518,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2508,"global_ts_usec":1686672644862134} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":526,"packets-processed":525,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":519,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":519,"total-idle-flows":518,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2508,"global_ts_usec":1686672644862134} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686672644862134,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":45270,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686672644862134,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMrDWAasAJTmkAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686672644862134,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":45270,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671667122633,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.111.212.50","src_port":58316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":527,"packets-processed":526,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26669,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":520,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":520,"total-idle-flows":519,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2513,"global_ts_usec":1686675995117787} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":527,"packets-processed":526,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26669,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":520,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":520,"total-idle-flows":519,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2513,"global_ts_usec":1686675995117787} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675995117787,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675995117787,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":54554,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686675995117787,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRCZPItJByRW27NtUaAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675995117787,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675995117787,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":54554,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2523,43 +2523,43 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686676562888350,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZH2S2hzWo0lOOAVAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676562888350,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686676562888350,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":57365,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676477972093,"flow_src_last_pkt_time":1686676477972093,"flow_dst_last_pkt_time":1686676477972093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686676562888350,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"85.111.52.57","src_port":56229,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":530,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":523,"total-detection-updates":0,"total-updates":93,"current-active-flows":2,"total-active-flows":523,"total-idle-flows":521,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2526,"global_ts_usec":1686680332589205} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":530,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":523,"total-detection-updates":0,"total-updates":93,"current-active-flows":2,"total-active-flows":523,"total-idle-flows":521,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2526,"global_ts_usec":1686680332589205} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686680332589205,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbdzCF\/nzSm\/LN9XVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676562888350,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":57365,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676477972093,"flow_src_last_pkt_time":1686676477972093,"flow_dst_last_pkt_time":1686676477972093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"85.111.52.57","src_port":56229,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":531,"packets-processed":530,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":524,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":524,"total-idle-flows":523,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2532,"global_ts_usec":1686682695732816} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":531,"packets-processed":530,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":524,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":524,"total-idle-flows":523,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2532,"global_ts_usec":1686682695732816} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686682695732816,"pkt":"AAwp30Y4PJTVQTiBCABFAABL3fsAACcR9RylgP10pZBUPtBuAasAN168AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":532,"packets-processed":531,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":525,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":525,"total-idle-flows":524,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2537,"global_ts_usec":1686684959984610} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":532,"packets-processed":531,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":525,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":525,"total-idle-flows":524,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2537,"global_ts_usec":1686684959984610} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686684959984610,"pkt":"xmjqc4OdPJTVQTiBCABFAABLbxIAACcRZBadePx7unDKNS7OAasANwBtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":533,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":526,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":526,"total-idle-flows":525,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2542,"global_ts_usec":1686700828543151} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":533,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":526,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":526,"total-idle-flows":525,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2542,"global_ts_usec":1686700828543151} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686700828543151,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRYDBP0l+SpXLKPdXIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":534,"packets-processed":533,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":527,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":527,"total-idle-flows":526,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2547,"global_ts_usec":1686703749016048} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":534,"packets-processed":533,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":527,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":527,"total-idle-flows":526,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2547,"global_ts_usec":1686703749016048} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686703749016048,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRbFq5H5kyunDKNcajAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":535,"packets-processed":534,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":528,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":528,"total-idle-flows":527,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2552,"global_ts_usec":1686704612212174} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":535,"packets-processed":534,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":528,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":528,"total-idle-flows":527,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2552,"global_ts_usec":1686704612212174} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686704612212174,"pkt":"3jHC4dyOPJTVQTiBCABFAABLT2YAACcRg7wid3p+Wo0lOIfrAasAN6dJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":536,"packets-processed":535,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27191,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":529,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":529,"total-idle-flows":528,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2557,"global_ts_usec":1686705292730193} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":536,"packets-processed":535,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27191,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":529,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":529,"total-idle-flows":528,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2557,"global_ts_usec":1686705292730193} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686705292730193,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"253.112.232.91","dst_ip":"69.109.187.54","src_port":40051,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686705292730193,"pkt":"bpHurUgdPJTVQTiBCABFAABSlN0AAPMR8Cz9cOhbRW27NpxzAasAPqKqAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686705292730193,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"253.112.232.91","dst_ip":"69.109.187.54","src_port":40051,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":537,"packets-processed":536,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":530,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":530,"total-idle-flows":529,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2562,"global_ts_usec":1686709262177735} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":537,"packets-processed":536,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":530,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":530,"total-idle-flows":529,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2562,"global_ts_usec":1686709262177735} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709262177735,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686709262177735,"pkt":"AAwp30Y4PJTVQTiBCABFAABLpjwAACcRLOViZ\/1zWm\/UMrpnAasAN3TMAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709262177735,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2568,7 +2568,7 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_src_last_pkt_time":1686709804807056,"flow_dst_last_pkt_time":1686709804807056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686709804807056,"pkt":"ipffLU2SPJTVQTiBCABFCABL1UgAACER9mnk\/1R3Sm\/LN\/BTAasANzF5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709804807056,"flow_src_last_pkt_time":1686709804807056,"flow_dst_last_pkt_time":1686709804807056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709804807056,"l3_proto":"ip4","src_ip":"228.255.84.119","dst_ip":"74.111.203.55","src_port":61523,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709804807056,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":539,"packets-processed":538,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":532,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":532,"total-idle-flows":531,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2571,"global_ts_usec":1686713625992470} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":539,"packets-processed":538,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":532,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":532,"total-idle-flows":531,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2571,"global_ts_usec":1686713625992470} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713625992470,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686713625992470,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXoSy8P8iRW27Nta0AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713625992470,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2577,12 +2577,12 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686713856291158,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbY1Z7HpkWpG0OsrWAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713856291158,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713856291158,"l3_proto":"ip4","src_ip":"89.236.122.100","dst_ip":"90.145.180.58","src_port":51926,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713856291158,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":541,"packets-processed":540,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":534,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":534,"total-idle-flows":533,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2580,"global_ts_usec":1686714599962630} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":541,"packets-processed":540,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":534,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":534,"total-idle-flows":533,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2580,"global_ts_usec":1686714599962630} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686714599962630,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"69.109.187.54","src_port":35057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686714599962630,"pkt":"bpHurUgdPJTVQTiBCABFAABLYvQAACcRcDOagXt8RW27NojxAasAN6ZIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686714599962630,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"69.109.187.54","src_port":35057,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713856291158,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"89.236.122.100","dst_ip":"90.145.180.58","src_port":51926,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":542,"packets-processed":541,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":535,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":535,"total-idle-flows":534,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2585,"global_ts_usec":1686715614560571} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":542,"packets-processed":541,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":535,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":535,"total-idle-flows":534,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2585,"global_ts_usec":1686715614560571} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686715614560571,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686715614560571,"pkt":"AAwp30Y4PJTVQTiBCABFCABLxe4AACIRBL8j\/EVxWm\/UMu5VAasANzNyAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686715614560571,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2591,7 +2591,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_src_last_pkt_time":1686716172395855,"flow_dst_last_pkt_time":1686716172395855,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686716172395855,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbTxe0sIfVW80OdC4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686716172395855,"flow_src_last_pkt_time":1686716172395855,"flow_dst_last_pkt_time":1686716172395855,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686716172395855,"l3_proto":"ip4","src_ip":"94.210.194.31","dst_ip":"85.111.52.57","src_port":53432,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686716172395855,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":544,"packets-processed":543,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":537,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":537,"total-idle-flows":536,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2594,"global_ts_usec":1686717273049688} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":544,"packets-processed":543,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":537,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":537,"total-idle-flows":536,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2594,"global_ts_usec":1686717273049688} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717273049688,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686717273049688,"pkt":"AAwp30Y4PJTVQTiBCABFCABLtG0AACQRD\/vnJlLdWm\/UMkI5AasAN9tJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717273049688,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2600,12 +2600,12 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686717773171081,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLaxoAACQRWUtYH27bVW80OZqoAasAN4LXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717773171081,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717773171081,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"85.111.52.57","src_port":39592,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717773171081,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":546,"packets-processed":545,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27614,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":539,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":539,"total-idle-flows":538,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2603,"global_ts_usec":1686720855584550} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":546,"packets-processed":545,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27614,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":539,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":539,"total-idle-flows":538,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2603,"global_ts_usec":1686720855584550} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686720855584550,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"69.109.187.54","src_port":4034,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686720855584550,"pkt":"bpHurUgdPJTVQTiBCABFCABLQSYAACQRg0fn33nVRW27Ng\/CAasANw3GAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686720855584550,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"69.109.187.54","src_port":4034,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717773171081,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"85.111.52.57","src_port":39592,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":547,"packets-processed":546,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27661,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":540,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":540,"total-idle-flows":539,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2608,"global_ts_usec":1686722365950548} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":547,"packets-processed":546,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27661,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":540,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":540,"total-idle-flows":539,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2608,"global_ts_usec":1686722365950548} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722365950548,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722365950548,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"165.114.202.61","src_port":49841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722365950548,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+bGJAADQRNItAPySLpXLKPcKxAasAKgb4AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722365950548,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722365950548,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"165.114.202.61","src_port":49841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2623,7 +2623,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_src_last_pkt_time":1686722933062511,"flow_dst_last_pkt_time":1686722933062511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722933062511,"pkt":"bpHurUgdPJTVQTiBCABFAAA+udZAADQR5x9APySLRW27NsKxAasAKgcBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722933062511,"flow_src_last_pkt_time":1686722933062511,"flow_dst_last_pkt_time":1686722933062511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722933062511,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"69.109.187.54","src_port":49841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722723892485,"flow_src_last_pkt_time":1686722723892485,"flow_dst_last_pkt_time":1686722723892485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722933062511,"l3_proto":"ip4","src_ip":"64.63.52.142","dst_ip":"90.147.171.51","src_port":14637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":551,"packets-processed":550,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":544,"total-detection-updates":0,"total-updates":94,"current-active-flows":1,"total-active-flows":544,"total-idle-flows":543,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2626,"global_ts_usec":1686722979135224} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":551,"packets-processed":550,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":544,"total-detection-updates":0,"total-updates":94,"current-active-flows":1,"total-active-flows":544,"total-idle-flows":543,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2626,"global_ts_usec":1686722979135224} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722979135224,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722979135224,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":30888,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722979135224,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+JuRAADQRegS\/OSSHpZBUPnioAasAKlD8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722979135224,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722979135224,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":30888,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2643,99 +2643,99 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723578690477,"flow_src_last_pkt_time":1686723578690477,"flow_dst_last_pkt_time":1686723578690477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.145.180.58","src_port":6016,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723156732545,"flow_src_last_pkt_time":1686723156732545,"flow_dst_last_pkt_time":1686723156732545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"74.111.203.55","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723218825916,"flow_src_last_pkt_time":1686723218825916,"flow_dst_last_pkt_time":1686723218825916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"64.63.52.142","dst_ip":"85.111.52.57","src_port":45266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":555,"packets-processed":554,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27933,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":548,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":548,"total-idle-flows":547,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2646,"global_ts_usec":1686723785197536} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":555,"packets-processed":554,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27933,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":548,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":548,"total-idle-flows":547,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2646,"global_ts_usec":1686723785197536} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686723785197536,"pkt":"3jHC4dyOPJTVQTiBCABFAAA++PJAADQRp\/m4wTqGWo0lOFNsAasAKnY8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723578690477,"flow_src_last_pkt_time":1686723578690477,"flow_dst_last_pkt_time":1686723578690477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.145.180.58","src_port":6016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":556,"packets-processed":555,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":549,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":549,"total-idle-flows":548,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2651,"global_ts_usec":1686725098326675} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":556,"packets-processed":555,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":549,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":549,"total-idle-flows":548,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2651,"global_ts_usec":1686725098326675} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686725098326675,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXmQz8sA6pZBUPssVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":557,"packets-processed":556,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":550,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":550,"total-idle-flows":549,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2656,"global_ts_usec":1686725813807299} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":557,"packets-processed":556,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":550,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":550,"total-idle-flows":549,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2656,"global_ts_usec":1686725813807299} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686725813807299,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+QzNAADQRXblAwcSFunDKNbLEAasAKhbkAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":558,"packets-processed":557,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28030,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":551,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":551,"total-idle-flows":550,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2661,"global_ts_usec":1686729365919386} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":558,"packets-processed":557,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28030,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":551,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":551,"total-idle-flows":550,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2661,"global_ts_usec":1686729365919386} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686729365919386,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbbu5Hf3PWo0lONgMAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":559,"packets-processed":558,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28059,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":552,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":552,"total-idle-flows":551,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2666,"global_ts_usec":1686732302782823} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":559,"packets-processed":558,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28059,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":552,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":552,"total-idle-flows":551,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2666,"global_ts_usec":1686732302782823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686732302782823,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXyExMUepWpOrM95sAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":560,"packets-processed":559,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":553,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":553,"total-idle-flows":552,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2671,"global_ts_usec":1686734552484911} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":560,"packets-processed":559,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":553,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":553,"total-idle-flows":552,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2671,"global_ts_usec":1686734552484911} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686734552484911,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbUTGF1kcWm\/UMteLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":561,"packets-processed":560,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":554,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":554,"total-idle-flows":553,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2676,"global_ts_usec":1686745116214925} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":561,"packets-processed":560,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":554,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":554,"total-idle-flows":553,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2676,"global_ts_usec":1686745116214925} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686745116214925,"pkt":"xmjqc4OdPJTVQTiBCABFCABLQo0AACQRgdjnJlLdunDKNYGCAasAN5v9AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":562,"packets-processed":561,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":555,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":555,"total-idle-flows":554,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2681,"global_ts_usec":1686766680148551} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":562,"packets-processed":561,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":555,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":555,"total-idle-flows":554,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2681,"global_ts_usec":1686766680148551} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148551,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686766680148551,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSwG8AAC0RJTYrX8MWVW80OcRvAasAPhVJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148551,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_src_last_pkt_time":1686766680148564,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686766680148564,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSwG8AAC0RJTYrX8MWVW80OcRvAasAPhVJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148564,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":564,"packets-processed":563,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":556,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":556,"total-idle-flows":555,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2687,"global_ts_usec":1686776388352182} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":564,"packets-processed":563,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":556,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":556,"total-idle-flows":555,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2687,"global_ts_usec":1686776388352182} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352182,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686776388352182,"pkt":"AAwp30Y4PJTVQTiBCABFBABSYuEAADQRGY3rYkGFpXLKPWbhAasAPhCkAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352182,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":2,"flow_src_last_pkt_time":1686776388352185,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686776388352185,"pkt":"AAwp30Y4PJTVQTiBCABFBABSYuEAADQRGY3rYkGFpXLKPWbhAasAPhCkAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148564,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352185,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":566,"packets-processed":565,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":557,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":557,"total-idle-flows":556,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2693,"global_ts_usec":1686782629632128} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":566,"packets-processed":565,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":557,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":557,"total-idle-flows":556,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2693,"global_ts_usec":1686782629632128} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686782629632128,"pkt":"AAwp30Y4PJTVQTiBCABFCABLh+kAACIRQr6fPLR2pXLKPZovAasAN4eSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352185,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":567,"packets-processed":566,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":558,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":558,"total-idle-flows":557,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2698,"global_ts_usec":1686783435918307} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":567,"packets-processed":566,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":558,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":558,"total-idle-flows":557,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2698,"global_ts_usec":1686783435918307} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686783435918307,"pkt":"AAwp30Y4PJTVQTiBCABFCABL9voAACIR06ykwFt1pZBUPqE7AasAN4CGAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":568,"packets-processed":567,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":559,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":559,"total-idle-flows":558,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2703,"global_ts_usec":1686785007737222} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":568,"packets-processed":567,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":559,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":559,"total-idle-flows":558,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2703,"global_ts_usec":1686785007737222} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686785007737222,"pkt":"bpHurUgdPJTVQTiBCABFCABLA0AAACQRwTOboKXQRW27Nse0AasAN1XZAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":569,"packets-processed":568,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28521,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":560,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":560,"total-idle-flows":559,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2708,"global_ts_usec":1686790507373750} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":569,"packets-processed":568,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28521,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":560,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":560,"total-idle-flows":559,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2708,"global_ts_usec":1686790507373750} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686790507373750,"pkt":"xmjqc4OdPJTVQTiBCABFCABLxbwAACIRBPAjAGRzunDKNf5EAasANyOCAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":570,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":561,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":561,"total-idle-flows":560,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2713,"global_ts_usec":1686794003013015} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":570,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":561,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":561,"total-idle-flows":560,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2713,"global_ts_usec":1686794003013015} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686794003013015,"pkt":"AAwp30Y4PJTVQTiBCABFCABLrMYAACQRF6rn33nVWpOrMztCAasAN+JIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":571,"packets-processed":570,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28615,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":562,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":562,"total-idle-flows":561,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2718,"global_ts_usec":1686799154433661} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":571,"packets-processed":570,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28615,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":562,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":562,"total-idle-flows":561,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2718,"global_ts_usec":1686799154433661} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686799154433661,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbQVB2gagpXLKPddqAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":572,"packets-processed":571,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28644,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":563,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":563,"total-idle-flows":562,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2723,"global_ts_usec":1686801707865988} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":572,"packets-processed":571,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28644,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":563,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":563,"total-idle-flows":562,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2723,"global_ts_usec":1686801707865988} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686801707865988,"pkt":"moT+\/Ph8PJTVQTiBCABFAABLmP8AACcROhldZnxwVW80OfvBAasANzNpAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":573,"packets-processed":572,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":564,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":564,"total-idle-flows":563,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2728,"global_ts_usec":1686809757231212} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":573,"packets-processed":572,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":564,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":564,"total-idle-flows":563,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2728,"global_ts_usec":1686809757231212} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686809757231212,"pkt":"3jHC4dyOPJTVQTiBCABFCABLKJcAACIRohgg+FR\/Wo0lOLDQAasAN3D5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":574,"packets-processed":573,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":565,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":565,"total-idle-flows":564,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2733,"global_ts_usec":1686815428144220} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":574,"packets-processed":573,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":565,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":565,"total-idle-flows":564,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2733,"global_ts_usec":1686815428144220} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686815428144220,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"69.24.27.60","dst_ip":"90.111.212.50","src_port":56117,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686815428144220,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbFFFGBs8Wm\/UMts1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686815428144220,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"69.24.27.60","dst_ip":"90.111.212.50","src_port":56117,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":575,"packets-processed":574,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":566,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":566,"total-idle-flows":565,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2738,"global_ts_usec":1686819439098098} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":575,"packets-processed":574,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":566,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":566,"total-idle-flows":565,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2738,"global_ts_usec":1686819439098098} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819439098098,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819439098098,"l3_proto":"ip4","src_ip":"64.62.219.130","dst_ip":"85.111.52.57","src_port":17454,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686819439098098,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+YmVAADQRPoBAPtuCVW80OUQuAasAKoVzAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819439098098,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819439098098,"l3_proto":"ip4","src_ip":"64.62.219.130","dst_ip":"85.111.52.57","src_port":17454,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2751,7 +2751,7 @@ 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819690034608,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819690034608,"l3_proto":"ip4","src_ip":"9.160.170.26","dst_ip":"69.109.187.54","src_port":53573,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686819690034608,"pkt":"bpHurUgdPJTVQTiBCABFCABS21FAAC4Ros0JoKoaRW27NtFFAasAPuH0AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819690034608,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819690034608,"l3_proto":"ip4","src_ip":"9.160.170.26","dst_ip":"69.109.187.54","src_port":53573,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":579,"packets-processed":578,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":570,"total-detection-updates":0,"total-updates":97,"current-active-flows":2,"total-active-flows":570,"total-idle-flows":568,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2754,"global_ts_usec":1686820137258813} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":579,"packets-processed":578,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":570,"total-detection-updates":0,"total-updates":97,"current-active-flows":2,"total-active-flows":570,"total-idle-flows":568,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2754,"global_ts_usec":1686820137258813} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820137258813,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686820137258813,"pkt":"bs1PogZtPJTVQTiBCABFAAA+CBNAADQRmNRAwcSFWpG0Osi0AasAKgDvAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820137258813,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2765,7 +2765,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820293978966,"flow_src_last_pkt_time":1686820293978966,"flow_dst_last_pkt_time":1686820293978966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"186.112.202.53","src_port":41896,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820163339870,"flow_src_last_pkt_time":1686820163339870,"flow_dst_last_pkt_time":1686820163339870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"90.141.37.56","src_port":51252,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":582,"packets-processed":581,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29020,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":573,"total-detection-updates":0,"total-updates":99,"current-active-flows":3,"total-active-flows":573,"total-idle-flows":570,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2768,"global_ts_usec":1686820910359963} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":582,"packets-processed":581,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29020,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":573,"total-detection-updates":0,"total-updates":99,"current-active-flows":3,"total-active-flows":573,"total-idle-flows":570,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2768,"global_ts_usec":1686820910359963} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820910359963,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686820910359963,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+iNFAADQRGBe\/OSSHpZBUPpZIAasAKjNcAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820910359963,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2776,22 +2776,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686821183061310,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+lolAADQRCl9BwcuBWo0lOPn2AasAKs+tAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821183061310,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821183061310,"l3_proto":"ip4","src_ip":"65.193.203.129","dst_ip":"90.141.37.56","src_port":63990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821183061310,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":584,"packets-processed":583,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":575,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":575,"total-idle-flows":574,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2779,"global_ts_usec":1686821576328540} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":584,"packets-processed":583,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":575,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":575,"total-idle-flows":574,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2779,"global_ts_usec":1686821576328540} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686821576328540,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+edNAADQRJxlHvzWKpXLKPei+AasAKuDpAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821183061310,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"65.193.203.129","dst_ip":"90.141.37.56","src_port":63990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":576,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":576,"total-idle-flows":575,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2784,"global_ts_usec":1686822857775383} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":576,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":576,"total-idle-flows":575,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2784,"global_ts_usec":1686822857775383} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686822857775383,"pkt":"ipffLU2SPJTVQTiBCABFAAA+b3NAADQRMYKgR9WMSm\/LN37iAasAKkrPAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":586,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":577,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":577,"total-idle-flows":576,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2789,"global_ts_usec":1686823539150971} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":586,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":577,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":577,"total-idle-flows":576,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2789,"global_ts_usec":1686823539150971} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686823539150971,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"74.111.203.55","src_port":41415,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686823539150971,"pkt":"ipffLU2SPJTVQTiBCABFAABLhjwAACcRTORiZ\/1zSm\/LN6HHAasAN41rAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686823539150971,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"74.111.203.55","src_port":41415,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":587,"packets-processed":586,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":578,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":578,"total-idle-flows":577,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2794,"global_ts_usec":1686825966772504} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":587,"packets-processed":586,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":578,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":578,"total-idle-flows":577,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2794,"global_ts_usec":1686825966772504} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686825966772504,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686825966772504,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"165.144.84.62","src_port":56415,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686825966772504,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbU4h2Fo4pZBUPtxfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686825966772504,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686825966772504,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"165.144.84.62","src_port":56415,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2804,18 +2804,18 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686826372484485,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRYDnSDNiXWpG0OtnBAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826372484485,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686826372484485,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":55745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826280078870,"flow_src_last_pkt_time":1686826280078870,"flow_dst_last_pkt_time":1686826280078870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686826372484485,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"186.112.202.53","src_port":6873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":590,"packets-processed":589,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":581,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":581,"total-idle-flows":579,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2807,"global_ts_usec":1686827895727367} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":590,"packets-processed":589,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":581,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":581,"total-idle-flows":579,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2807,"global_ts_usec":1686827895727367} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686827895727367,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbilBFN+XWpOrM8sJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826280078870,"flow_src_last_pkt_time":1686826280078870,"flow_dst_last_pkt_time":1686826280078870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"186.112.202.53","src_port":6873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826372484485,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":55745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":591,"packets-processed":590,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29337,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":582,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":582,"total-idle-flows":581,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2813,"global_ts_usec":1686831590603565} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":591,"packets-processed":590,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29337,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":582,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":582,"total-idle-flows":581,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2813,"global_ts_usec":1686831590603565} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686831590603565,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"165.114.202.61","src_port":54342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686831590603565,"pkt":"AAwp30Y4PJTVQTiBCABFCABL3soAACQR5ZVYH27bpXLKPdRGAasAN0k0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686831590603565,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"165.114.202.61","src_port":54342,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":592,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":583,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":583,"total-idle-flows":582,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2818,"global_ts_usec":1686834792524626} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":592,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":583,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":583,"total-idle-flows":582,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2818,"global_ts_usec":1686834792524626} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834792524626,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686834792524626,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRX\/bOzrjxRW27NsSuAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834792524626,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2823,33 +2823,33 @@ 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834822514899,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686834822514899,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbYW+I+FZVW80Oc6DAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834822514899,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":594,"packets-processed":593,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29442,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":585,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":585,"total-idle-flows":583,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2826,"global_ts_usec":1686835718979040} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":594,"packets-processed":593,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29442,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":585,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":585,"total-idle-flows":583,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2826,"global_ts_usec":1686835718979040} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686835718979040,"pkt":"AAwp30Y4PJTVQTiBCABFCABL0T8AACQR8xzjB7LfpZBUPvdFAasANyYxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":595,"packets-processed":594,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":586,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":586,"total-idle-flows":585,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2832,"global_ts_usec":1686837738680875} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":595,"packets-processed":594,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":586,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":586,"total-idle-flows":585,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2832,"global_ts_usec":1686837738680875} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686837738680875,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbc0i1oDTSm\/LN8YLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":596,"packets-processed":595,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29518,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":587,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":587,"total-idle-flows":586,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2837,"global_ts_usec":1686840095634071} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":596,"packets-processed":595,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29518,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":587,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":587,"total-idle-flows":586,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2837,"global_ts_usec":1686840095634071} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686840095634071,"pkt":"moT+\/Ph8PJTVQTiBCABFCABSMJwAAGsR5fhDnxCWVW80OawPAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":597,"packets-processed":596,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":588,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":588,"total-idle-flows":587,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2842,"global_ts_usec":1686840886120988} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":597,"packets-processed":596,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":588,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":588,"total-idle-flows":587,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2842,"global_ts_usec":1686840886120988} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686840886120988,"pkt":"ipffLU2SPJTVQTiBCABFCABL2jYAACQR6jfn33nVSm\/LN5SAAasAN4kIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":598,"packets-processed":597,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":589,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":589,"total-idle-flows":588,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2847,"global_ts_usec":1686854380719448} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":598,"packets-processed":597,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":589,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":589,"total-idle-flows":588,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2847,"global_ts_usec":1686854380719448} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686854380719448,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"218.225.124.29","dst_ip":"69.109.187.54","src_port":52381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686854380719448,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbEHa4XwdRW27NsydAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686854380719448,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"218.225.124.29","dst_ip":"69.109.187.54","src_port":52381,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":599,"packets-processed":598,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":590,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":590,"total-idle-flows":589,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2852,"global_ts_usec":1686869889080815} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":599,"packets-processed":598,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":590,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":590,"total-idle-flows":589,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2852,"global_ts_usec":1686869889080815} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686869889080815,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686869889080815,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN7ipAasAJTHQAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686869889080815,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2858,17 +2858,17 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686870203714333,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXtoxLaDXpXLKPcuOAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686870203714333,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686870203714333,"l3_proto":"ip4","src_ip":"49.45.160.215","dst_ip":"165.114.202.61","src_port":52110,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686870203714333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":601,"packets-processed":600,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":592,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":592,"total-idle-flows":591,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2861,"global_ts_usec":1686871454458967} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":601,"packets-processed":600,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":592,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":592,"total-idle-flows":591,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2861,"global_ts_usec":1686871454458967} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686871454458967,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27Ntr1AasAJQ+DAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686870203714333,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"49.45.160.215","dst_ip":"165.114.202.61","src_port":52110,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":602,"packets-processed":601,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":593,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":593,"total-idle-flows":592,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2866,"global_ts_usec":1686873049876707} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":602,"packets-processed":601,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":593,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":593,"total-idle-flows":592,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2866,"global_ts_usec":1686873049876707} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686873049876707,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686873049876707,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM67xAasAJTuKAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686873049876707,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":603,"packets-processed":602,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":594,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":594,"total-idle-flows":593,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2871,"global_ts_usec":1686874733087762} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":603,"packets-processed":602,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":594,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":594,"total-idle-flows":593,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2871,"global_ts_usec":1686874733087762} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686874733087762,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686874733087762,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONSDAasAJRXyAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686874733087762,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2877,47 +2877,47 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686875253404813,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLoTQAACIRKX2Y\/6p8VW80ORc1AasANwqXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875253404813,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875253404813,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"85.111.52.57","src_port":5941,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875253404813,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":605,"packets-processed":604,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29840,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":596,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":596,"total-idle-flows":595,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2880,"global_ts_usec":1686875903844766} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":605,"packets-processed":604,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29840,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":596,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":596,"total-idle-flows":595,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2880,"global_ts_usec":1686875903844766} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686875903844766,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMqN5AasAJUcBAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875253404813,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"85.111.52.57","src_port":5941,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":606,"packets-processed":605,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29869,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":597,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":597,"total-idle-flows":596,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2885,"global_ts_usec":1686876990016671} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":606,"packets-processed":605,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29869,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":597,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":597,"total-idle-flows":596,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2885,"global_ts_usec":1686876990016671} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686876990016671,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPdn5AasAJRB2AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":607,"packets-processed":606,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29898,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":598,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":598,"total-idle-flows":597,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2890,"global_ts_usec":1686878041820268} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":607,"packets-processed":606,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29898,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":598,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":598,"total-idle-flows":597,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2890,"global_ts_usec":1686878041820268} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686878041820268,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPuoiAasAJQBOAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":608,"packets-processed":607,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":599,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":599,"total-idle-flows":598,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2895,"global_ts_usec":1686879129948527} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":608,"packets-processed":607,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":599,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":599,"total-idle-flows":598,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2895,"global_ts_usec":1686879129948527} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686879129948527,"pkt":"AAwp30Y4PJTVQTiBCABFAABLl1IAACcRO9qdePx7WpOrM6cwAasAN4gOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":609,"packets-processed":608,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29974,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":600,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":600,"total-idle-flows":599,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2900,"global_ts_usec":1686883384416005} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":609,"packets-processed":608,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29974,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":600,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":600,"total-idle-flows":599,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2900,"global_ts_usec":1686883384416005} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686883384416005,"pkt":"AAwp30Y4PJTVQTiBCABFCABLS3QAACMRefObuV3XpZBUPj6fAasAN97iAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":610,"packets-processed":609,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":601,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":601,"total-idle-flows":600,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2905,"global_ts_usec":1686884068384734} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":610,"packets-processed":609,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":601,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":601,"total-idle-flows":600,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2905,"global_ts_usec":1686884068384734} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686884068384734,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRX1OuMgcLunDKNcCGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":611,"packets-processed":610,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":602,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":602,"total-idle-flows":601,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2910,"global_ts_usec":1686887976934834} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":611,"packets-processed":610,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":602,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":602,"total-idle-flows":601,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2910,"global_ts_usec":1686887976934834} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686887976934834,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbRJZ1jiBSm\/LN9NxAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":612,"packets-processed":611,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":603,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":603,"total-idle-flows":602,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2915,"global_ts_usec":1686889052799486} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":612,"packets-processed":611,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":603,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":603,"total-idle-flows":602,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2915,"global_ts_usec":1686889052799486} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686889052799486,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"166.209.36.168","dst_ip":"90.141.37.56","src_port":54765,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686889052799486,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbgOm0SSoWo0lONXtAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686889052799486,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"166.209.36.168","dst_ip":"90.141.37.56","src_port":54765,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":613,"packets-processed":612,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":604,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":604,"total-idle-flows":603,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2920,"global_ts_usec":1686891665856707} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":613,"packets-processed":612,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":604,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":604,"total-idle-flows":603,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2920,"global_ts_usec":1686891665856707} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891665856707,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686891665856707,"l3_proto":"ip4","src_ip":"70.191.37.189","dst_ip":"90.145.180.58","src_port":53867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686891665856707,"pkt":"bs1PogZtPJTVQTiBCABFAAA+4yBAADQRvaRGvyW9WpG0OtJrAasAKvcVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891665856707,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686891665856707,"l3_proto":"ip4","src_ip":"70.191.37.189","dst_ip":"90.145.180.58","src_port":53867,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2941,12 +2941,12 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891994836858,"flow_src_last_pkt_time":1686891994836858,"flow_dst_last_pkt_time":1686891994836858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.144.84.62","src_port":12807,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891861875895,"flow_src_last_pkt_time":1686891861875895,"flow_dst_last_pkt_time":1686891861875895,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"69.109.187.54","src_port":28945,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891930334421,"flow_src_last_pkt_time":1686891930334421,"flow_dst_last_pkt_time":1686891930334421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.114.202.61","src_port":12807,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":618,"packets-processed":617,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30278,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":609,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":609,"total-idle-flows":608,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2944,"global_ts_usec":1686893335451836} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":618,"packets-processed":617,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30278,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":609,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":609,"total-idle-flows":608,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2944,"global_ts_usec":1686893335451836} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686893335451836,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"186.112.202.53","src_port":57760,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686893335451836,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+KW1AADQRd2JYP9q4unDKNeGgAasAKufqAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686893335451836,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"186.112.202.53","src_port":57760,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686892196221763,"flow_src_last_pkt_time":1686892196221763,"flow_dst_last_pkt_time":1686892196221763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"95.185.37.180","dst_ip":"85.111.52.57","src_port":56601,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":619,"packets-processed":618,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":610,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":610,"total-idle-flows":609,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2949,"global_ts_usec":1686894095858225} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":619,"packets-processed":618,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":610,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":610,"total-idle-flows":609,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2949,"global_ts_usec":1686894095858225} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894095858225,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894095858225,"l3_proto":"ip4","src_ip":"95.190.219.185","dst_ip":"90.111.212.50","src_port":65399,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686894095858225,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+DzlAADQRkZhfvtu5Wm\/UMv93AasAKsoVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894095858225,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894095858225,"l3_proto":"ip4","src_ip":"95.190.219.185","dst_ip":"90.111.212.50","src_port":65399,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2958,28 +2958,28 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894627287214,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686894627287214,"pkt":"ipffLU2SPJTVQTiBCABFAAA+zylAADQR0apAOMuySm\/LN+POAasAKuXBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894627287214,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":622,"packets-processed":621,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":613,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":613,"total-idle-flows":611,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2961,"global_ts_usec":1686895136332318} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":622,"packets-processed":621,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":613,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":613,"total-idle-flows":611,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2961,"global_ts_usec":1686895136332318} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686895136332318,"pkt":"bpHurUgdPJTVQTiBCABFAABLZR8AACcRbf1dZnxwRW27NqqgAasAN4SOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894584993003,"flow_src_last_pkt_time":1686894584993003,"flow_dst_last_pkt_time":1686894584993003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"90.147.171.51","src_port":43664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":623,"packets-processed":622,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":614,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":614,"total-idle-flows":613,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2967,"global_ts_usec":1686900080044444} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":623,"packets-processed":622,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":614,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":614,"total-idle-flows":613,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2967,"global_ts_usec":1686900080044444} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686900080044444,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbia5GyWcWpG0OtW4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":624,"packets-processed":623,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":615,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":615,"total-idle-flows":614,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2972,"global_ts_usec":1686903641258422} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":624,"packets-processed":623,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":615,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":615,"total-idle-flows":614,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2972,"global_ts_usec":1686903641258422} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686903641258422,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbOK61Z7hWm\/UMtEvAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":625,"packets-processed":624,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":616,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":616,"total-idle-flows":615,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2977,"global_ts_usec":1686910566541526} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":625,"packets-processed":624,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":616,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":616,"total-idle-flows":615,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2977,"global_ts_usec":1686910566541526} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686910566541526,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":55642,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686910566541526,"pkt":"3jHC4dyOPJTVQTiBCABFCABL+kUAACIR0GunB5p9Wo0lONlaAasAN0hxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686910566541526,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":55642,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":626,"packets-processed":625,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":617,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":617,"total-idle-flows":616,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2982,"global_ts_usec":1686916643605858} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":626,"packets-processed":625,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":617,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":617,"total-idle-flows":616,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2982,"global_ts_usec":1686916643605858} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916643605858,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916643605858,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"90.147.171.51","src_port":52251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686916643605858,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZlG2LpnWpOrM8wbAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916643605858,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916643605858,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"90.147.171.51","src_port":52251,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2987,7 +2987,7 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916678686629,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916678686629,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":26319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686916678686629,"pkt":"AAwp30Y4PJTVQTiBCABFCABS3OcAAGsROahDnxCWpXLKPWbPAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916678686629,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916678686629,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":26319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":628,"packets-processed":627,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":619,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":619,"total-idle-flows":617,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2990,"global_ts_usec":1686918716711404} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":628,"packets-processed":627,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":619,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":619,"total-idle-flows":617,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2990,"global_ts_usec":1686918716711404} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686918716711404,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686918716711404,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRbEQ6FkMWVW80Oct8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686918716711404,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2998,7 +2998,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686919264737057,"flow_src_last_pkt_time":1686919264737057,"flow_dst_last_pkt_time":1686919264737057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"217.39.155.99","dst_ip":"165.144.84.62","src_port":51503,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686919264737057,"flow_src_last_pkt_time":1686919264737057,"flow_dst_last_pkt_time":1686919264737057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"217.39.155.99","dst_ip":"165.144.84.62","src_port":51503,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":629,"packets-processed":629,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":621,"total-detection-updates":0,"total-updates":103,"current-active-flows":0,"total-active-flows":621,"total-idle-flows":621,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":3001,"global_ts_usec":1686919264737057} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":629,"packets-processed":629,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":621,"total-detection-updates":0,"total-updates":103,"current-active-flows":0,"total-active-flows":621,"total-idle-flows":621,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":3001,"global_ts_usec":1686919264737057} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 629/629 ~~ skipped flows.............: 0 @@ -3007,9 +3007,9 @@ ~~ total active/idle flows...: 621/621 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10173403 bytes -~~ total memory freed........: 10173403 bytes -~~ total allocations/frees...: 147982/147982 +~~ total memory allocated....: 10957617 bytes +~~ total memory freed........: 10957617 bytes +~~ total allocations/frees...: 161948/161948 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 553 chars ~~ json message max len.......: 1000 chars diff --git a/test/results/default/ssdp-m-search-ua.pcap.out b/test/results/default/ssdp-m-search-ua.pcap.out index 6c35b5364..6b098b4b3 100644 --- a/test/results/default/ssdp-m-search-ua.pcap.out +++ b/test/results/default/ssdp-m-search-ua.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648315275444157} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648315275444157} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315275444157,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315275444157,"pkt":"AQBef\/\/68C9LCZO8CABFAADKnWgAAAEReOXAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315275444157,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250","domainame":"239.255.255.250","ssdp": {"METHOD":"M-SEARCH","MAN":"\"ssdp:discover\"","MX":"1","ST":": urn:dial-multiscreen-org:service:dial:1","USER_AGENT":"Google Chrome\/99.0.4844.74 Mac OS X"}}} @@ -7,7 +7,7 @@ 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648315277449906,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315277449906,"pkt":"AQBef\/\/68C9LCZO8CABFAADKWrMAAAERu5rAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648315278446168,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315278446168,"pkt":"AQBef\/\/68C9LCZO8CABFAADKE\/4AAAERAlDAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315278446168,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315278446168,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1648315278446168} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1648315278446168} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645082 bytes -~~ total memory freed........: 8645082 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9409456 bytes +~~ total memory freed........: 9409456 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 598 chars ~~ json message max len.......: 1170 chars diff --git a/test/results/default/ssdp-m-search.pcap.out b/test/results/default/ssdp-m-search.pcap.out index 9c21942fb..ad3566562 100644 --- a/test/results/default/ssdp-m-search.pcap.out +++ b/test/results/default/ssdp-m-search.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1532054645808785} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1532054645808785} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054645808785,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_usec":1532054645808785,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054645808785,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":"","ssdp": {"METHOD":"M-SEARCH"}}} @@ -9,7 +9,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1532054665808769,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_usec":1532054665808769,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxfl5AAEARVgTAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054700808779,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054700808779,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054735808753,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054735808753,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1532054735808753} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1532054735808753} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645385 bytes -~~ total memory freed........: 8645385 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9409759 bytes +~~ total memory freed........: 9409759 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 555 chars ~~ json message max len.......: 998 chars diff --git a/test/results/default/ssdp.pcapng.out b/test/results/default/ssdp.pcapng.out index 07d585291..45c8c1de9 100644 --- a/test/results/default/ssdp.pcapng.out +++ b/test/results/default/ssdp.pcapng.out @@ -1,10 +1,10 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1724146351723073} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1724146351723073} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1724146351723073,"flow_src_last_pkt_time":1724146351723073,"flow_dst_last_pkt_time":1724146351723073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":806,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":806,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":806,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1724146351723073,"l3_proto":"ip4","src_ip":"192.168.1.173","dst_ip":"239.255.255.250","src_port":58006,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1724146351723073,"flow_dst_last_pkt_time":1724146351723073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":848,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":848,"pkt_l4_len":814,"thread_ts_usec":1724146351723073,"pkt":"AQBef\/\/6NH5c\/6JuCABFAANC+J1AAAERy73AqAGt7\/\/\/+uKWB2wDLuxFTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlID0gMTgwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjEuMTczOjE0MDAveG1sL2RldmljZV9kZXNjcmlwdGlvbi54bWwNCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOlpvbmVHcm91cFRvcG9sb2d5OjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBMaW51eCBVUG5QLzEuMCBTb25vcy84MC4xLTU1MjQwIChaUFMyMSkNClVTTjogdXVpZDpSSU5DT05fMzQ3RTVDRkZBMjZFMDE0MDA6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Wm9uZUdyb3VwVG9wb2xvZ3k6MQ0KWC1SSU5DT04tSE9VU0VIT0xEOiBTb25vc19jb21jQVJkcUxwejJJWWIwREZRZkc0Z3o1cg0KWC1SSU5DT04tQk9PVFNFUTogMTk0Ng0KQk9PVElELlVQTlAuT1JHOiAxOTQ2DQpYLVJJTkNPTi1XSUZJTU9ERTogMA0KWC1SSU5DT04tVkFSSUFOVDogMA0KSE9VU0VIT0xELlNNQVJUU1BFQUtFUi5BVURJTzogU29ub3NfY29tY0FSZHFMcHoySVliMERGUWZHNGd6NXIudFF2SWdmOC1RaHpLUFFrUlFWYUkNCkxPQ0FUSU9OLlNNQVJUU1BFQUtFUi5BVURJTzogbGNfNjNhMzkwMGYwMDNmNDI4Zjk4YzIwOTFmNTIxNmRiODINClNFQ1VSRUxPQ0FUSU9OLlVQTlAuT1JHOiBodHRwczovLzE5Mi4xNjguMS4xNzM6MTQ0My94bWwvZGV2aWNlX2Rlc2NyaXB0aW9uLnhtbA0KWC1TT05PUy1ISFNFQ1VSRUxPQ0FUSU9OOiBodHRwczovLzE5Mi4xNjguMS4xNzM6MTg0My94bWwvZGV2aWNlX2Rlc2NyaXB0aW9uLnhtbA0KDQo="} 01817{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1724146351723073,"flow_src_last_pkt_time":1724146351723073,"flow_dst_last_pkt_time":1724146351723073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":806,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":806,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":806,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1724146351723073,"l3_proto":"ip4","src_ip":"192.168.1.173","dst_ip":"239.255.255.250","src_port":58006,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250","domainame":"239.255.255.250","ssdp": {"METHOD":"NOTIFY","CACHE-CONTROL":"max-age = 1800","LOCATION":"http:\/\/192.168.1.173:1400\/xml\/device_description.xml","NT":"urn:schemas-upnp-org:service:ZoneGroupTopology:1","NTS":"ssdp:alive","SERVER":"Linux UPnP\/1.0 Sonos\/80.1-55240 (ZPS21)","USN":"uuid:RINCON_347E5CFFA26E01400::urn:schemas-upnp-org:service:ZoneGroupTopology:1","X-RINCON-HOUSEHOLD":"Sonos_comcARdqLpz2IYb0DFQfG4gz5r","X-RINCON-BOOTSEQ":"1946","BOOTID.UPNP.ORG":"1946","X-RINCON-WIFIMODE":"0","X-RINCON-VARIANT":"0","HOUSEHOLD.SMARTSPEAKER.AUDIO":"Sonos_comcARdqLpz2IYb0DFQfG4gz5r.tQvIgf8-QhzKPQkRQVaI","LOCATION.SMARTSPEAKER.AUDIO":"lc_63a3900f003f428f98c2091f5216db82","SECURELOCATION.UPNP.ORG":"https:\/\/192.168.1.173:1443\/xml\/device_description.xml","X-SONOS-HHSECURELOCATION":"https:\/\/192.168.1.173:1843\/xml\/device_description.xml"}}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1724146351723073,"flow_src_last_pkt_time":1724146351723073,"flow_dst_last_pkt_time":1724146351723073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":806,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":806,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":806,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1724146351723073,"l3_proto":"ip4","src_ip":"192.168.1.173","dst_ip":"239.255.255.250","src_port":58006,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1724146351723073} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1724146351723073} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645354 bytes -~~ total memory freed........: 8645354 bytes -~~ total allocations/frees...: 140549/140549 +~~ total memory allocated....: 9409728 bytes +~~ total memory freed........: 9409728 bytes +~~ total allocations/frees...: 154515/154515 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 588 chars ~~ json message max len.......: 1822 chars diff --git a/test/results/default/ssh.pcap.out b/test/results/default/ssh.pcap.out index ea44fdc83..913e442b1 100644 --- a/test/results/default/ssh.pcap.out +++ b/test/results/default/ssh.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1320435464760244} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1320435464760244} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1320435464760244,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760244,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1320435464760244,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1320435464760270,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="} @@ -10,7 +10,7 @@ 01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464769196,"flow_dst_last_pkt_time":1320435464769170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1320435464769196,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_5.6","server_signature":"SSH-2.0-OpenSSH_5.3","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}}} 01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464769196,"flow_dst_last_pkt_time":1320435464770779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":784,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":805,"midstream":0,"thread_ts_usec":1320435464770779,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_5.6","server_signature":"SSH-2.0-OpenSSH_5.3","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}}} 02425{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435472330349,"flow_dst_last_pkt_time":1320435469423179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":784,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":1885,"midstream":0,"thread_ts_usec":1320435472330349,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":394614.2,"max":2907110,"stddev":888738.9,"var":789856780288.0,"ent":2.5,"data": [26,41,8112,8146,295,788,470,140,1469,1611,306,1791,1560,1614,14729,13069,1842,42337,40496,170,257,393,251,40593,51194,91555,2632288,2632557,1868772,1869058,2907110]},"pktlen": {"min":52,"avg":158.7,"max":956,"stddev":230.1,"var":52961.8,"ent":4.1,"data": [64,60,52,73,52,73,52,956,52,836,52,76,204,52,196,772,52,68,52,100,52,100,52,116,52,132,52,196,52,132,52,196]},"bins": {"c_to_s": [12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.495864868,5.031404495,4.947339535,5.395304680,4.870416641,5.379396915,4.940637589,5.147055149,4.940637589,5.183596134,4.923395157,4.404554367,6.511710644,4.985801220,6.696379662,7.508841991,4.884933472,4.511087418,4.815073490,5.981212139,4.902175903,6.028761387,4.894361019,6.251031399,4.940637589,6.350845814,4.932822704,6.810175419,4.853535175,6.303876877,4.902175426,6.814750671]},"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":259,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1363806642335940} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":259,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1363806642335940} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1363806642335940,"flow_src_last_pkt_time":1363806642335940,"flow_dst_last_pkt_time":1363806642335940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1363806642335940,"l3_proto":"ip4","src_ip":"177.225.151.243","dst_ip":"147.83.42.187","src_port":1240,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1363806642335940,"flow_dst_last_pkt_time":1363806642335940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1363806642335940,"pkt":"AFBWHABrABTxzEkACABFAAAw4btAAGkGKCmx4Zfzk1MquwTYABZ1ffEEAAAAAHAC\/\/8PzAAAAgQFtAEBBAI="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1363806642335940,"flow_dst_last_pkt_time":1363806642335969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1363806642335969,"pkt":"ABTxzEkAAFBWHABrCABFAAAwAABAAEAGMuWTUyq7seGX8wAWBNiNvG+rdX3xBXASOQgIBgAAAgQFtAEBBAI="} @@ -20,7 +20,7 @@ 01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1363806642335940,"flow_src_last_pkt_time":1363806646263610,"flow_dst_last_pkt_time":1363806643563028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":589,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":589,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1363806646263610,"l3_proto":"ip4","src_ip":"177.225.151.243","dst_ip":"147.83.42.187","src_port":1240,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-libssh2_1.0","server_signature":"SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1","hassh_client":"","hassh_server":""}}} 01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1363806642335940,"flow_src_last_pkt_time":1363806646263610,"flow_dst_last_pkt_time":1363806646264364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":589,"flow_dst_max_l4_payload_len":984,"flow_src_tot_l4_payload_len":589,"flow_dst_tot_l4_payload_len":1023,"midstream":0,"thread_ts_usec":1363806646264364,"l3_proto":"ip4","src_ip":"177.225.151.243","dst_ip":"147.83.42.187","src_port":1240,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-libssh2_1.0","server_signature":"SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1","hassh_client":"","hassh_server":"CE3C327F37EA2EC21F317FBC3FD1EA43"}}} 01230{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":99,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435713237065,"flow_dst_last_pkt_time":1320435713237024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":5109,"flow_dst_tot_l4_payload_len":13389,"midstream":0,"thread_ts_usec":1363806650353247,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1720684522536128} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1720684522536128} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1720684522536128,"flow_src_last_pkt_time":1720684522536128,"flow_dst_last_pkt_time":1720684522536128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1720684522536128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58496,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1720684522536128,"flow_dst_last_pkt_time":1720684522536128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1720684522536128,"pkt":"AAAAAAAAAAAAAAAACABFAAA8reZAAEAGjtN\/AAABfwAAAeSAH0BqHP8DAAAAAKAC\/9f+MAAAAgT\/1wQCCAoTnon7AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1720684522536128,"flow_dst_last_pkt_time":1720684522536143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1720684522536143,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAR9A5IBixvQVahz\/BKAS\/8v+MAAAAgT\/1wQCCAoTnon7E56J+wEDAwc="} @@ -34,7 +34,7 @@ 02424{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1720684522536128,"flow_src_last_pkt_time":1720684524652827,"flow_dst_last_pkt_time":1720684524669099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1536,"flow_dst_max_l4_payload_len":1032,"flow_src_tot_l4_payload_len":2942,"flow_dst_tot_l4_payload_len":2499,"midstream":0,"thread_ts_usec":1720684524669099,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58496,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":137086.1,"max":1760401,"stddev":429110.5,"var":184135827456.0,"ent":2.0,"data": [15,26,399,418,18239,18259,766,7333,7507,42057,159691,241121,40366,47,1760376,1760401,5242,5241,16452,16479,57,377,41818,41531,35,107,6908,16477,17486,7983,16456]},"pktlen": {"min":52,"avg":222.5,"max":1588,"stddev":339.5,"var":115254.5,"ent":4.0,"data": [60,60,52,94,52,79,52,1588,1084,132,52,700,52,68,52,68,52,120,52,136,52,136,136,52,152,52,440,408,712,120,120,136]},"bins": {"c_to_s": [9,1,4,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],"s_to_c": [7,0,4,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1],"entropies": [4.252536774,4.689003468,4.585552216,5.369926929,4.547090530,5.079363823,4.585552216,4.903249741,5.052254200,5.907934189,4.582383156,7.480095863,4.624013901,4.798997879,4.532573700,4.193390369,4.547090530,6.043831348,4.494111538,6.221045017,4.532573700,6.281461239,6.243819237,4.547090530,6.325264454,4.494112015,7.404932976,7.381281376,7.703675270,6.010097980,5.907892227,6.108596802]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":17,"flow_first_seen":1720684522536128,"flow_src_last_pkt_time":1720684524712342,"flow_dst_last_pkt_time":1720684524712327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1536,"flow_dst_max_l4_payload_len":1032,"flow_src_tot_l4_payload_len":4270,"flow_dst_tot_l4_payload_len":2703,"midstream":0,"thread_ts_usec":1720684524712342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58496,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01110{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1363806642335940,"flow_src_last_pkt_time":1363806653912750,"flow_dst_last_pkt_time":1363806653677714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":589,"flow_dst_max_l4_payload_len":984,"flow_src_tot_l4_payload_len":1065,"flow_dst_tot_l4_payload_len":1991,"midstream":0,"thread_ts_usec":1720684524712342,"l3_proto":"ip4","src_ip":"177.225.151.243","dst_ip":"147.83.42.187","src_port":1240,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":322,"packets-processed":322,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28527,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1720684524712342} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":322,"packets-processed":322,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28527,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1720684524712342} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 322/322 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8671234 bytes -~~ total memory freed........: 8671234 bytes -~~ total allocations/frees...: 140895/140895 +~~ total memory allocated....: 9435672 bytes +~~ total memory freed........: 9435672 bytes +~~ total allocations/frees...: 154861/154861 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2430 chars diff --git a/test/results/default/ssh_unidirectional.pcap.out b/test/results/default/ssh_unidirectional.pcap.out index b997588ae..cf3d3bd6e 100644 --- a/test/results/default/ssh_unidirectional.pcap.out +++ b/test/results/default/ssh_unidirectional.pcap.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1716390538276349} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1716390538276349} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1716390538276349,"flow_src_last_pkt_time":1716390538276349,"flow_dst_last_pkt_time":1716390538276349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1716390538276349,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50306,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1716390538276349,"flow_dst_last_pkt_time":1716390538276349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1716390538276349,"pkt":"BBjWBrNamAGnpQyTCABFEABAAABAAEAGtJDAqALGwKgCAcSCABblRTTMAAAAALAC\/\/+VtgAAAgQFtAEDAwYBAQgKAf06hgAAAAAEAgAA"} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1716390538276349,"flow_dst_last_pkt_time":1716390538278714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1716390538278714,"pkt":"mAGnpQyTBBjWBrNaCABFAAA8AABAAEAGtKTAqAIBwKgCxgAWxII6yHEV5UU0zaAScSCF9wAAAgQFtAQCCAp2FY2gAf06hgEDAwU="} @@ -8,7 +8,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1716390538500010,"flow_dst_last_pkt_time":1716390538499911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1716390538500010,"pkt":"BBjWBrNamAGnpQyTCABFEAA0AABAAEAGtJzAqALGwKgCAcSCABblRTTNOshxPYAQCAocRwAAAQEICgH9O2Z2FY4q"} 01074{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1716390538276349,"flow_src_last_pkt_time":1716390538825005,"flow_dst_last_pkt_time":1716390538826788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1716390538826788,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50306,"dst_port":22,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"","server_signature":"SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7","hassh_client":"","hassh_server":""}}} 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1716390538276349,"flow_src_last_pkt_time":1716390538825005,"flow_dst_last_pkt_time":1716390538826788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1716390538826788,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50306,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1716390538826788} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1716390538826788} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647263 bytes -~~ total memory freed........: 8647263 bytes -~~ total allocations/frees...: 140547/140547 +~~ total memory allocated....: 9411637 bytes +~~ total memory freed........: 9411637 bytes +~~ total allocations/frees...: 154513/154513 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 1079 chars diff --git a/test/results/default/ssl-cert-name-mismatch.pcap.out b/test/results/default/ssl-cert-name-mismatch.pcap.out index 946965404..3fd9445bc 100644 --- a/test/results/default/ssl-cert-name-mismatch.pcap.out +++ b/test/results/default/ssl-cert-name-mismatch.pcap.out @@ -1,5 +1,5 @@ -00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620643422034834} +00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620643422034834} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422034834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620643422034834,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422034834,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620643422034834,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422162607,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620643422162607,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="} @@ -10,7 +10,7 @@ 01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422325332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1408,"midstream":0,"thread_ts_usec":1620643422325332,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","domainame":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d3810h1_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422325356,"flow_dst_last_pkt_time":1620643422325538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":3334,"midstream":0,"thread_ts_usec":1620643422325538,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","domainame":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","server_names":"*.badssl.com,badssl.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d3810h1_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB","blocks":0}}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422749798,"flow_dst_last_pkt_time":1620643422754639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":3608,"midstream":0,"thread_ts_usec":1620643422754639,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1620643422754639} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1620643422754639} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655712 bytes -~~ total memory freed........: 8655712 bytes -~~ total allocations/frees...: 140564/140564 +~~ total memory allocated....: 9420086 bytes +~~ total memory freed........: 9420086 bytes +~~ total allocations/frees...: 154530/154530 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 560 chars ~~ json message max len.......: 1559 chars diff --git a/test/results/default/starcraft_battle.pcap.out b/test/results/default/starcraft_battle.pcap.out index d71ace92e..51bf0ba26 100644 --- a/test/results/default/starcraft_battle.pcap.out +++ b/test/results/default/starcraft_battle.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437389953643103} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437389953643103} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389953643103,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389953643103,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1437389953643103,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389953643103,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389953643103,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -377,7 +377,7 @@ 01038{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1437389964518743,"flow_src_last_pkt_time":1437389964635479,"flow_dst_last_pkt_time":1437389964635398,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":350,"flow_dst_max_l4_payload_len":427,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":427,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1437389968488066,"flow_src_last_pkt_time":1437389968521953,"flow_dst_last_pkt_time":1437389968521934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1437389968488066,"flow_src_last_pkt_time":1437389968521953,"flow_dst_last_pkt_time":1437389968521934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":800,"packets-processed":797,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":38,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":380,"global_ts_usec":1437389985996137} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":800,"packets-processed":797,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":38,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":380,"global_ts_usec":1437389985996137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 800/797 ~~ skipped flows.............: 0 @@ -386,9 +386,9 @@ ~~ total active/idle flows...: 52/52 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8823955 bytes -~~ total memory freed........: 8823955 bytes -~~ total allocations/frees...: 142024/142024 +~~ total memory allocated....: 9589697 bytes +~~ total memory freed........: 9589697 bytes +~~ total allocations/frees...: 155982/155982 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 2350 chars diff --git a/test/results/default/steam.pcapng.out b/test/results/default/steam.pcapng.out index 6f6f6f069..2cdade62e 100644 --- a/test/results/default/steam.pcapng.out +++ b/test/results/default/steam.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705442515175582} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705442515175582} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":184,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442515175582,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":1705442515175582,"pkt":"\/\/\/\/\/\/\/\/8C90rUP1CABFAADUuntAAEARTGbAqFjnwKhY\/2mcaZwAwDQJ\/\/\/\/\/yFMX6AWAAAACPzT8eO3vL\/PdhABGK\/Km6qggNnkApIAAAAICBAGGJzTASIJbG9jYWxob3N0MAI4yP7\/\/\/\/\/\/\/\/\/AUABSg4JNikQBgEAEAEQ3Z\/wMFgBYNL5m60GcAB6EUYwOjJGOjc0OkFEOjQzOkY1ogEOMTcyLjE3LjIyOS4xODSiAQ4xOTIuMTY4Ljg4LjIzMaoBDjE5NS4xOTEuMTU4Ljk0uAECwAEAyAHMxYetBtABAg=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":184,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442515175582,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -12,7 +12,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADcGKf8CFP4ZwKhY5wBQ6VuMxzqTxr7Mx6AS\/ogLTAAAAgQFoAQCCArwksb577g4nwEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAA0Tv9AAEAG0gfAqFjnAhT+GelbAFDGvszHjMc6lIAQgAAZ5AAAAQEICu+4OKLwksb5"} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAEVTwBAAEAG0SXAqFjnAhT+GelbAFDGvszHjMc6lIAYgAAaxQAAAQEICu+4OKPwksb5R0VUIC8yMDQgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiB0ZXN0LnN0ZWFtcG93ZXJlZC5jb20NCkFjY2VwdDogdGV4dC9odG1sLCovKjtxPTAuOQ0KYWNjZXB0LWVuY29kaW5nOiBnemlwLGlkZW50aXR5LCo7cT0wDQphY2NlcHQtY2hhcnNldDogSVNPLTg4NTktMSx1dGYtOCwqO3E9MC43DQp1c2VyLWFnZW50OiBWYWx2ZS9TdGVhbSBIVFRQIENsaWVudCAxLjANCg0K"} -01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"2.20.254.25","src_port":59739,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Steam","proto_id":"7.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"test.steampowered.com","domainame":"test.steampowered.com","http": {"url":"test.steampowered.com\/204","code":0,"content_type":"","user_agent":"Valve\/Steam HTTP Client 1.0"}}} +01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"2.20.254.25","src_port":59739,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Steam","proto_id":"7.74","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"test.steampowered.com","domainame":"test.steampowered.com","http": {"url":"test.steampowered.com\/204","code":0,"content_type":"","user_agent":"Valve\/Steam HTTP Client 1.0"}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFAAA0bpVAADcGu3ECFP4ZwKhY5wBQ6VuMxzqUxr7NqIAQAfw1qAAAAQEICvCSxv3vuDij"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"188.114.98.224","src_port":54243,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAA8jSpAAEAGdK\/AqFjnvHJi4NPjAburksNmAAAAAKAC\/\/85EQAAAgQFtAQCCAoeffITAAAAAAEDAwE="} @@ -31,9 +31,9 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFIAA8AABAADcG9WEXNB13wKhY5wG74ZWwAQA5dBrJWaAS\/ogsUwAAAgQFoAQCCAr+zbcy3KhrRAEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAA0njVAAEAGTlTAqFjnFzQdd+GVAbt0GslZsAEAOoAQgABOYQAAAQEICtyoa13+zbcy"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAI5njZAAEAGTE7AqFjnFzQdd+GVAbt0GslZsAEAOoAYgABQZgAAAQEICtyoa2b+zbcyFgMBAgABAAH8AwNikIRTmjjsm8Cq9\/8GCo7uY4ITpo38sRJUiYi1AhAFAyAbFF\/iTKaL17WIZBskDvgCRFLyMwGbGHosHcLs5aUfpgBAEwITAxMBwCvAL8AswDDArsCswCPAJ8AJwBPAr8CtwCTAKMAKwBQAnMCgwJwAPAAvAJ3AocCdAD0ANQBBAIQA\/wEAAXMAAAAZABcAABRhcGkuc3RlYW1wb3dlcmVkLmNvbQALAAQDAAECAAoACAAGABkAGAAXACMAADN0AAAAEAAOAAwCaDIIaHR0cC8xLjEAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAiwCJABkAhQQBUBRXwkJUfrqd0frrDbTWBkBfPIpWUehYTVz+5RL38IjfO9pkTMJe6Z7O0PwfBxAf4Wa1A9FT54r0kiY7511CtloAhHdj4J9gdoJmOC9ZPuKglSHYujeR\/GLWq0rUAKfjrWlMMK0it6G6vdYKJwS8vSYkMQRdimJIjwVFVZxl3lnUUqgAFQBGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"api.steampowered.com","domainame":"api.steampowered.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"api.steampowered.com","domainame":"api.steampowered.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFIAA0snNAADcGQvYXNB13wKhY5wG74ZWwAQA6dBrLXoAQAfpVUwAAAQEICv7Nt1LcqGtm"} -01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"api.steampowered.com","domainame":"api.steampowered.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"api.steampowered.com","domainame":"api.steampowered.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"162.254.198.46","dst_ip":"192.168.88.231","src_port":27038,"dst_port":50983,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFAAA0kf5AAHUG8Qii\/sYuwKhY52mexydh2OrIUE+V2oAS\/\/+IxgAAAgQFoAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAAoXKBAAEAGW3PAqFjnov7GLscnaZ5QT5XaYdjqyVAQgACC1wAA"} @@ -46,17 +46,17 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFIAA8AABAADcGPZlfZI0PwKhY5wG7pFaMrb\/Kq2e4eqAS\/oilkQAAAgQFoAQCCApfyulgC9rydAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAA0KYdAAEAGCzrAqFjnX2SND6RWAburZ7h6jK2\/y4AQAPsGKgAAAQEICgva8oxfyulg"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAI5KYhAAEAGCTTAqFjnX2SND6RWAburZ7h6jK2\/y4AYAPsILwAAAQEICgva8o1fyulgFgMBAgABAAH8AwOmMxZSIoy7mK6Lpz0XI4B02aMSJluKI9xF7DWnVTyw5SDDYS8ic+DWmmRumEuIgWHFwRn2rgZm6S92qAJJHx0QgAAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT+voAAAAAABsAGQAAFnN0b3JlLnN0ZWFtcG93ZXJlZC5jb20AFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIOdI8bOiWsDJyfAm1HbVRcNKTIDDWmibQWidLOrAjA0NAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAoqKAAEAABUAxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"store.steampowered.com","domainame":"store.steampowered.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"store.steampowered.com","domainame":"store.steampowered.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFIAA0lEBAADcGqWBfZI0PwKhY5wG7pFaMrb\/Lq2e6f4AQAfrOogAAAQEICl\/K6XgL2vKN"} -01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"store.steampowered.com","domainame":"store.steampowered.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"store.steampowered.com","domainame":"store.steampowered.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":287,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"2.20.254.25","src_port":59739,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Steam","proto_id":"7.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"test.steampowered.com"}} -00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":1527,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01001{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":287,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"2.20.254.25","src_port":59739,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Steam","proto_id":"7.74","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"test.steampowered.com"}} +00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":1527,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"155.133.252.86","src_port":46604,"dst_port":27045,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SteamDatagramRelay","proto_id":"235","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"162.254.198.46","dst_ip":"192.168.88.231","src_port":27038,"dst_port":50983,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":730,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":829,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"188.114.98.224","src_port":54243,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dota2","proto_id":"91.386","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9722,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1705442537191671} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9722,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1705442537191671} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8677459 bytes -~~ total memory freed........: 8677459 bytes -~~ total allocations/frees...: 140667/140667 +~~ total memory allocated....: 9442025 bytes +~~ total memory freed........: 9442025 bytes +~~ total allocations/frees...: 154633/154633 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 2486 chars diff --git a/test/results/default/stomp.pcapng.out b/test/results/default/stomp.pcapng.out index 86a534331..697d20972 100644 --- a/test/results/default/stomp.pcapng.out +++ b/test/results/default/stomp.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705991300787923} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705991300787923} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300787923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705991300787923,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300787923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705991300787923,"pkt":"CAAnV5yX8C90rUP1CABFAAA8BTdAAEAGAofAqFjnwKhYxoes8K2uTxbxAAAAAKACfXgzLQAAAgQFtAQCCAo\/vGWFAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300788027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705991300788027,"pkt":"8C90rUP1CAAnV5yXCABFAAA8AABAAEAGB77AqFjGwKhY5\/Cth6x7iEuQrk8W8qAS\/oiWyQAAAgQFtAQCCAq1pSADP7xlhQEDAwc="} @@ -8,7 +8,7 @@ 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991300788235,"flow_dst_last_pkt_time":1705991300788027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705991300788235,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STOMP","proto_id":"390","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1705991300788235,"flow_dst_last_pkt_time":1705991300788283,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705991300788283,"pkt":"8C90rUP1CAAnV5yXCABFAAA0r4NAAEAGWELAqFjGwKhY5\/Cth6x7iEuRrk8XDYAQAf3CBQAAAQEICrWlIAQ\/vGWF"} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991319806753,"flow_dst_last_pkt_time":1705991319806991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":291,"midstream":0,"thread_ts_usec":1705991319806991,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STOMP","proto_id":"390","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":486,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1705991319806991} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":486,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1705991319806991} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645389 bytes -~~ total memory freed........: 8645389 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9409763 bytes +~~ total memory freed........: 9409763 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/stun.pcap.out b/test/results/default/stun.pcap.out index 506beb960..3b09fe6d6 100644 --- a/test/results/default/stun.pcap.out +++ b/test/results/default/stun.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="} @@ -7,7 +7,7 @@ 01023{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1595356443140497,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwL+tAAEAR+4LAqAypSn33gKgIDZYAHBBnAAEAACESpEJTSGtoRjhvZHdneVY="} 01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -20,7 +20,7 @@ 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1595356444494918,"pkt":"CL6sCxdumt9Y+uvcCABFwABs98MAAEABcr7AqAypSn33gAMDDJoAAAAARQAAUAEJAABmEURFSn33gMCoDKkNlqgIADx61wEEACAhEqRCamF6aTYyTmZVRDV3AA0ABAAAAAAACAAUCDrQbj\/HZPzecgDWKnOqyyksqcs="} 01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.279952}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1614938022295727} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1614938022295727} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -34,7 +34,7 @@ 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938123200754,"flow_dst_last_pkt_time":1614938123207596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1614938123207596,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938163424247,"flow_dst_last_pkt_time":1614938163431063,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":704,"midstream":0,"thread_ts_usec":1614938163431063,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2867,"avg":9105286.0,"max":10358549,"stddev":2980037.5,"var":8880623976448.0,"ent":4.8,"data": [6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259]},"pktlen": {"min":68,"avg":80.0,"max":92,"stddev":12.0,"var":144.0,"ent":5.0,"data": [68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938173452831,"flow_dst_last_pkt_time":1614938173459694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1614938173459694,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1629291451242856} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1629291451242856} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1629291451242856,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} 01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -45,7 +45,7 @@ 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="} 02247{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1643626018009166} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1643626018009166} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} @@ -55,7 +55,7 @@ 01033{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","domainame":"apps-host.com","stun": {"multimedia_flow_types":"Unknown"}}} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1647958145472010} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1647958145472010} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"} 01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -67,7 +67,7 @@ 01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2i110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8"}}} 02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":70,"global_ts_usec":1661169535535091} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":70,"global_ts_usec":1661169535535091} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"} 01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -76,7 +76,7 @@ 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535657522,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZk0RAAEAR2S7AqCuphuBab77WImEAxZayFv7\/AAAAAAAAAAEAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} 01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc"}}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":6,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1697468908358667} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":6,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1697468908358667} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1697468908358667,"pkt":"eq+3+1HBILAB4IZiht1mBDreADwROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gA87sUBCQAgIRKkQktkZmJkWjJhZlo4bAAIABRFsDl4oh6bf+GLBENYf43S4VSdWIAoAASacRNB"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -84,7 +84,7 @@ 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468913582927,"pkt":"eq+3+1HBILAB4IZiht1mBDreAIQROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gCET3oBAQBoIRKkQjdxNnArS0o3QlNDMAAgABQAAprMAROvRT1M92Jj6lqjUHRrLgABABQAArveIAELBwo9wRJIoRCUEicoHoArABQAAg2WJgAZAEFgWZkAAAAZAAAAAIAsABQAAgBQJgAZAEFgWZkAAAAZAAAAAIAoAATOYQFM"} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":201,"packets-processed":201,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":6,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1697468913582927} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":201,"packets-processed":201,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":6,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1697468913582927} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 201/201 ~~ skipped flows.............: 0 @@ -93,9 +93,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8672109 bytes -~~ total memory freed........: 8672109 bytes -~~ total allocations/frees...: 140821/140821 +~~ total memory allocated....: 9436739 bytes +~~ total memory freed........: 9436739 bytes +~~ total allocations/frees...: 154787/154787 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2313 chars diff --git a/test/results/default/stun_classic.pcap.out b/test/results/default/stun_classic.pcap.out index 891f76463..d1eab5ab8 100644 --- a/test/results/default/stun_classic.pcap.out +++ b/test/results/default/stun_classic.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1343740773475497} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1343740773475497} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1343740773475497,"pkt":"AAwpNoBVAAQTMSCJCABFoAA4AABAAEARYv+sED\/grBA\/FdcKNoYAJLX1AAEACJQp74gpTdUmMscpMcuNu0wAAwAEAAAAAA=="} 01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -9,7 +9,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519014,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKIHYgBKuFgTp+jg6ptkixFMgl8ob0pereNKsssPr4lzFXNo="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519635,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKGlAgBKuFwTp+tg6ptki+Hq86nrAqyROkV67ctF76o6uaf8="} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":13,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773708889,"flow_dst_last_pkt_time":1343740773691032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1343740773708889,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1343740773708889} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1343740773708889} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645452 bytes -~~ total memory freed........: 8645452 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9409826 bytes +~~ total memory freed........: 9409826 bytes +~~ total allocations/frees...: 154520/154520 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 559 chars ~~ json message max len.......: 1085 chars diff --git a/test/results/default/stun_dtls_rtp.pcapng.out b/test/results/default/stun_dtls_rtp.pcapng.out index 873c40828..df680314e 100644 --- a/test/results/default/stun_dtls_rtp.pcapng.out +++ b/test/results/default/stun_dtls_rtp.pcapng.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1669989925164266,"pkt":"CL6sCxduJjb1W8R1CABFAACQVjZAAEARNZzAqAycjvpSTJRPS2kAfJZwAAEAYCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAkAARufx7\/AAgAFFXMCO6dEOYzzYk4Nclzw7fn\/+udgCgABEyaSoM="} 01025{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -10,7 +10,7 @@ 01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":1303,"midstream":0,"thread_ts_usec":1669989925246353,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2i110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"AF:DD:BF:F5:59:23:0C:D1:B0:9F:B1:04:2E:89:DF:4C:1B:AB:BE:CC"}}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1669989925331729,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1669989925331729,"pkt":"CL6sCxduJjb1W8R1CABFAACUVj1AAEARNZHAqAycjvpSTJRPS2kAgIetAAEAZCESpEJHeElSOVZ4WXVGUjkABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAlAAAAJAAEbn8e\/wAIABRPuZAhjSuP3zBrIerigzXVUm4nSYAoAAQ65t8C"} 02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925844909,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2558,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1669989925844909,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":43515.6,"max":258068,"stddev":58201.4,"var":3387401984.0,"ent":4.0,"data": [23454,57152,58633,110311,426,107899,55,29,31904,33185,42585,42763,84060,83239,24775,643,393,2519,24830,54,50,34247,28143,7940,22933,203231,6659,19573,19853,258068,19379]},"pktlen": {"min":68,"avg":221.2,"max":1231,"stddev":244.4,"var":59721.8,"ent":4.4,"data": [144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112]},"bins": {"c_to_s": [0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0],"entropies": [5.970281124,5.844405174,4.975852966,7.376402378,5.926150799,6.767900467,5.873587608,5.727212906,7.417241573,6.742666721,7.399977684,5.666547298,6.284676552,5.878243446,6.278099537,5.456246376,6.045804977,5.932724476,5.656750679,5.431894302,5.443003178,5.773984909,5.547308922,5.480338573,5.456245899,5.525803089,6.089138508,6.235580444,6.295892239,6.029528141,7.452062130,6.164150715]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657055887,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657055887,"pkt":"CL6sCxduSKRyNpegCABFAAA08+VAAIAGV4zAqAy2jvpS+cQtDZbxQLjKAAAAAIAC+vBI\/gAAAgQFtAEDAwgBAQQC"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657058869,"pkt":"SKRyNpegCL6sCxduCABFgAA0AABAAG8GW\/KO+lL5wKgMtg2WxC3d8CUA8UC4y4AS\/\/9BHQAAAgQFhAEBBAIBAwMI"} @@ -22,7 +22,7 @@ 02224{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657765266,"flow_dst_last_pkt_time":1710679657791909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":656,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":1924,"midstream":0,"thread_ts_usec":1710679657791909,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46625.8,"max":509459,"stddev":117745.2,"var":13863926784.0,"ent":2.8,"data": [2982,4724,277,207,4964,15,4148,4126,3916,466724,509459,1184,218,46646,1080,55404,53567,7433,0,8588,49659,55453,222,48997,10062,51393,4524,8018,5673,16613,19125]},"pktlen": {"min":40,"avg":142.1,"max":696,"stddev":150.7,"var":22704.0,"ent":4.4,"data": [52,52,40,40,68,40,120,192,116,40,180,196,148,172,84,40,40,140,204,236,40,172,40,696,40,172,140,648,40,160,40,160]},"bins": {"c_to_s": [8,0,0,2,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1],"entropies": [4.776611805,5.000318050,4.831686974,4.834183693,5.321198940,4.834183693,5.795867443,6.212464809,5.776382446,4.784183979,5.991631985,6.163437843,5.951478004,6.109816074,5.892313004,4.981687069,4.881687641,6.144776344,6.237818718,5.382826805,5.031687260,6.101328850,5.031687260,6.564705849,4.881687164,6.057666779,5.976850510,7.406529903,4.784183979,5.974988937,4.981687069,5.932507992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989926044388,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657948817,"flow_dst_last_pkt_time":1710679657936697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1108,"flow_src_tot_l4_payload_len":1968,"flow_dst_tot_l4_payload_len":12540,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650262 bytes -~~ total memory freed........: 8650262 bytes -~~ total allocations/frees...: 140648/140648 +~~ total memory allocated....: 9414668 bytes +~~ total memory freed........: 9414668 bytes +~~ total allocations/frees...: 154614/154614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2229 chars diff --git a/test/results/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/default/stun_dtls_rtp_unidir.pcapng.out index f6b0ade20..296781f7d 100644 --- a/test/results/default/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/default/stun_dtls_rtp_unidir.pcapng.out @@ -1,5 +1,5 @@ -00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} +00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497255265,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL58AAIAR9v8KCgABCgEAA\/7K4YIALFAqAAMAECESpELECsSOsFxxIrqIIMwAGQAEEQAAAIAoAATGrBhE"} 01006{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -18,7 +18,7 @@ 01244{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497496659,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497496659,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","peer_address":"10.0.0.147:60770","relayed_address":"10.1.0.3:60815","multimedia_flow_types":"Unknown"}}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812504427110,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812504413713,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3924,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 43/43 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648525 bytes -~~ total memory freed........: 8648525 bytes -~~ total allocations/frees...: 140587/140587 +~~ total memory allocated....: 9412931 bytes +~~ total memory freed........: 9412931 bytes +~~ total allocations/frees...: 154553/154553 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 577 chars ~~ json message max len.......: 1249 chars diff --git a/test/results/default/stun_dtls_unidirectional_client.pcap.out b/test/results/default/stun_dtls_unidirectional_client.pcap.out index e912deaf9..dbed74dc7 100644 --- a/test/results/default/stun_dtls_unidirectional_client.pcap.out +++ b/test/results/default/stun_dtls_unidirectional_client.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975037261} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975037261} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761975037261,"pkt":"AAAA1W9UrOh7zGISCABFuACMS9UAAD8RCqYaUwlRISPfZ+DfAhwAeBxIAAEAXCESpEKZUujby\/MKtb8jCDoAJAAEfv\/\/\/4AqAAgAAAAAAAAAAAAGACE0RDJ1Z1BuQnpFMFJ3ejEvOldacWs5TytnaWo4YXp0TVQgICAACAAUvs4hyEIUQeaHuhq3F0UydHxRy82AKAAEFxfLgw=="} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -9,7 +9,7 @@ 01664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761975908886,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":873,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":873,"pkt_l4_len":839,"thread_ts_usec":1441761975908886,"pkt":"AAAA1W9UrOh7zGISCABFuANb39wAAD8Rc88aUwlRISPfZ+DfAhwDR3CWFv7\/AAAAAAAAAAEA8wsAAbwAAQAAAAAA5wABuQABtjCCAbIwggEboAMCAQACCQD0VYORJLQQeTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBMaXZlRm91bmRyeSBJbmMuMB4XDTE1MDkwODAwNTYzOFoXDTE2MDkwODAwNTYzOFowGzEZMBcGA1UEAwwQTGl2ZUZvdW5kcnkgSW5jLjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuyhRVMs+Bz5qXqjQxGuyubanVpTs60WsXdygsd2nIf4kvClwVquI8p1OxMqlgF8HlLijUgedsnTkkRmXmvipQaKNlBb+\/wAAAAAAAAACAOELAAG8AAEAAOcAANUnAKw\/TDJBOJEtFXJH4pn5j+EVPXFJwG0ewl7Y3I+QBvhsLsEcisVV6boyWBxnFqgDuk46QV\/oUQago8jLAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAbmuxjO+DGgTv9Cpvf7qVf5kLHqHELP9rky2H1P4GJ2nkhu32wLxDpHbNkCNXubBcoeKjifYW\/p7enSVXgJbHkC6K6K4pvbE6MpZEZziaHK+me7jcyIPcDIetLLB8DCmNWqBB1nwLfbv5oHQ\/sW4Fk7kc2N\/BnYBZnooBLXGA+QIW\/v8AAAAAAAAAAwBOEAAAQgACAAAAAABCQQRmi6ltyNjABc7J9cmLPyxxoFJaQFZGAdA4a0tDfgl\/OKIfL84oddpzdf6Kayr7\/BgOAKI24ob\/PlWf\/svbnjLBFv7\/AAAAAAAAAAQAjg8AAIIAAwAAAAAAggCAsV3MYNlV6t3t7wUcqu8HNVVy6F6itfNXpKr+SPzgWi5H+pHWgBnNYHji0+tD\/BDAG5eMCMDzQTG8jsgJXK5BB6Hr9Fe4qk2975dPYTHajbw52dKgFiq3UWDX4uFUP\/pzlqsiwXx3Mu39P5qXb6EHVSIE0\/ju6iWmEKcUmF\/7MZcU\/v8AAAAAAAAABQABARb+\/wABAAAAAAAAAEAMbAJX5zrSBaDIrFais+q41JcBYbEnW\/coGYBOyFA2dIufD7sV4lF\/Cqc3FzuF4ZsErUUG3QtWv\/gI2EBqztZC"} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976197146,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1441761976197146,"pkt":"AAAA1W9UrOh7zGISCABFuACQk6QAAD8RwtIaUwlRISPfZ+DfAhwAfLweAAEAYCESpEJrTB4zaBoKl1i8ZbIAJQAAACQABH7\/\/\/+AKgAIAAAAAAAAAAAABgAhNEQydWdQbkJ6RTBSd3oxLzpXWnFrOU8rZ2lqOGF6dE1UICAgAAgAFOc58IHgzuDAt1G6OOMDB5sPTvG4gCgABJMut1k="} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761976198231,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":831,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1456,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976198231,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1441761976198231} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1441761976198231} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647036 bytes -~~ total memory freed........: 8647036 bytes -~~ total allocations/frees...: 140539/140539 +~~ total memory allocated....: 9411410 bytes +~~ total memory freed........: 9411410 bytes +~~ total allocations/frees...: 154505/154505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 613 chars ~~ json message max len.......: 1669 chars diff --git a/test/results/default/stun_dtls_unidirectional_server.pcap.out b/test/results/default/stun_dtls_unidirectional_server.pcap.out index 920b857a3..7b1a87520 100644 --- a/test/results/default/stun_dtls_unidirectional_server.pcap.out +++ b/test/results/default/stun_dtls_unidirectional_server.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975301582} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975301582} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1441761975301582,"pkt":"AAAA1W9UACWeBue\/CABFAABckk9AAC8RlRMhI99nGlMJUQIc4N8ASKsWAQEALCESpEKZUujby\/MKtb8jCDoAIAAIAAHBzSQ2G6oACAAUOG6\/PReCUq3JlsJgMEqY8IjJzYmAKAAEznYIbw=="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"5.36.191.232:57567","multimedia_flow_types":"Unknown"}}} @@ -9,7 +9,7 @@ 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761976174312,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1441761976174312,"pkt":"AAAA1W9UACWeBue\/CABFAAB3kwJAAC8RlEUhI99nGlMJUQIc4N8AY1hwFP7\/AAAAAAAAAAgAAQEW\/v8AAQAAAAAAAABAMEcyXPNODypMYT0Ssk4r7kdOXW+9U7+hCDxTj4d5TTNRdICHtbeHbXcfrCzPQpDaPm44sdeZ+qA0rw0R8k1fQA=="} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976174318,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761976174318,"pkt":"AAAA1W9UACWeBue\/CABFAACMkwNAAC8RlC8hI99nGlMJUQIc4N8AeKyrAAEAXCESpEKP0YtwXMNQlfFxwRMAJAAEfv\/\/\/4ApAAgAAAAAAAAAAAAGACFXWnFrOU8rZ2lqOGF6dE1UOjREMnVnUG5CekUwUnd6MS8gICAACAAUiKI62VDnyBUKfHf8mnzR1DIkRoWAKAAEF76wAg=="} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761976462611,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976462611,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1441761976462611} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1441761976462611} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649144 bytes -~~ total memory freed........: 8649144 bytes -~~ total allocations/frees...: 140543/140543 +~~ total memory allocated....: 9413518 bytes +~~ total memory freed........: 9413518 bytes +~~ total allocations/frees...: 154509/154509 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 613 chars ~~ json message max len.......: 1783 chars diff --git a/test/results/default/stun_google_meet.pcapng.out b/test/results/default/stun_google_meet.pcapng.out index da9e2a15f..7305e9fcb 100644 --- a/test/results/default/stun_google_meet.pcapng.out +++ b/test/results/default/stun_google_meet.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250009,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFppAAEARi+LAqAycSn2Af5UIS2YAHMbcAAEAACESpEJrQUdOTnp2SE5INTk="} 01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -54,7 +54,7 @@ 01008{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1697468935898948} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1697468935898948} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468935898948,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIQRQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCETH0AAQBoIRKkQmtPaTNJMjc0OHB2QQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACQABG5\/KP\/AWQACAAEAAAAIABSaw7PkfELbyrRWbnt+uUO3nio4h4AoAAQFm42R"} 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -72,7 +72,7 @@ 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":6,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1697468936608486} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":6,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1697468936608486} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 362/362 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8669907 bytes -~~ total memory freed........: 8669907 bytes -~~ total allocations/frees...: 140961/140961 +~~ total memory allocated....: 9434440 bytes +~~ total memory freed........: 9434440 bytes +~~ total allocations/frees...: 154926/154926 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2277 chars diff --git a/test/results/default/stun_msteams_unidir.pcapng.out b/test/results/default/stun_msteams_unidir.pcapng.out index 892057e98..14dcd0d69 100644 --- a/test/results/default/stun_msteams_unidir.pcapng.out +++ b/test/results/default/stun_msteams_unidir.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744005970632} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744005970632} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1618744005970632,"pkt":"AAAAAAAAAAUA5TB2CABFAABkOG0AAG4RTXE0c4g3CgAAAQ2Xw1YAUAESAQEANCESpEJWcAnCrgDmmNmPAZCAcAAEAAAABwAgAAgAAeJEc6CbOQAIABQIHBh8TPkDR23jBTje41VGgqHl0IAoAARRPQxU"} 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"mapped_address":"82.178.63.123:50006","multimedia_flow_types":"Audio"}}} @@ -9,7 +9,7 @@ 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618744006794573,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1618744006794573,"pkt":"AAAAAAAAAAUA5TB2CABFAACHOHQAAG4RTUc0c4g3CgAAAQ2Xw1YAc6HlgMgADgAAA+hZLCORUikt0lMMVuqc62jK8b9ObVoTSM\/lJgLtxS1nRRDaLJ4KDYgtyq2PsWx4ZAx8e0UeKef0\/\/qTc52IDGdgIZ3TuK4YxTFWM4fkMdciSGlScqeAAKFiAVZYWPTPO\/w0aQ0="} 01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744008391145,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744008391145,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"mapped_address":"82.178.63.123:50006","multimedia_flow_types":"Audio"}}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744010505540,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744010505540,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1618744010505540} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1618744010505540} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645190 bytes -~~ total memory freed........: 8645190 bytes -~~ total allocations/frees...: 140545/140545 +~~ total memory allocated....: 9409564 bytes +~~ total memory freed........: 9409564 bytes +~~ total allocations/frees...: 154511/154511 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2180 chars diff --git a/test/results/default/stun_signal.pcapng.out b/test/results/default/stun_signal.pcapng.out index 26e85548e..faa06c008 100644 --- a/test/results/default/stun_signal.pcapng.out +++ b/test/results/default/stun_signal.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040353,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} 01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -8,19 +8,19 @@ 01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936065479,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU1AAEAR9NjAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070153,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU5AAEAR9NfAqAypI563p7hkDZYAHPweAAEAACESpEJjaDExN25ZQXk2MTA="} -01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070262,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU9AAEAR9NbAqAypI563p5peDZYAHOX3AAEAACESpEJkOSt6R0JMc3JIbis="} -01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936083692,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} -01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} +01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087734,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLztAAOARwqojnrenwKgMqQ2WuGQAXLAaAQEAQCESpEJjaDExN25ZQXk2MTAAIAAIAAEPY3w9RVEAAQAIAAEucV0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAATCHshI"} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936087776,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936087776,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq4AAOABw2sjnrenwKgMqQMDpcEAAAAARQAAMJ1QQAAdERfWwKgMqSOet6eaXgG7AByKqgABAAAhEqRCWmZiNGRVd21Ycno1"} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087800,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"} @@ -28,23 +28,23 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135326,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135836,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936138159,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Lz5AAOMRv58jnrenwKgMqQ2Wml4AZJPmARMASCESpEI3Q1lCTmVMaEVzcmUACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjOGY3M2M5NzZiMDJiOWM4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABHmTjPc="} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11888","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11888","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936144242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} -01156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01154{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936144585,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936144585,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVZAAEAR9G\/AqAypI563p5peDZYAfGxHAAMAYCESpEJTREg5Z3IrK1V4dm0AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGM4ZjczYzk3NmIwMmI5YzgACAAUVADVyCcFlHpNR6\/JlEM11GK82Wc="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936150779,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150779,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936150821,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150821,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbroAAOABw1cjnrenwKgMqQMDpckAAAAARQAAOJ1UQAAdERfKwKgMqSOet6eaXgG7ACT1pAADAAghEqRCSktITllCRzRleVZKABkABBEAAAA="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936160415,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4L0JAAOARwpsjnrenwKgMqQ2WuGQAZP9bARMASCESpEIwWE1VcCtxUS9rUlMACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NTNlMjE2ZTYwMmRiMDdlABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBFo+J8="} -01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936160415,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936160415,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936185855,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936185855,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVhAAEAR9G3AqAypI563p7hkDZYAfGwXAAMAYCESpEJMbjdHYmN5WG5rbm4AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDk1M2UyMTZlNjAyZGIwN2UACAAUIW2HvRLiM2\/Mn2aCV9BfzE1X65g="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292139,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} 01039{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292790,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} 01039{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292790,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936316455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -01039{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01037{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936320168,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01039{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01037{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936331596,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936331596,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbuUAAOABwzQjnrenwKgMqQMDpcEAAAAARQAAMJ1iQAAgERTEwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936385688,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936385688,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWRAAEAR9LnAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936386031,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936386031,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWVAAEAR9LjAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} @@ -54,14 +54,14 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936667023,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TocAACURUtys\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936817391,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936817391,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWZAAEAR9L\/AqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936821517,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936821517,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWdAAEAR9L7AqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901937818802,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901937818802,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901937822688,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901937822688,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01163{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901937818802,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901937818802,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01163{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901937822688,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901937822688,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956886692,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} -01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956899977,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956900169,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} 01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -71,20 +71,20 @@ 01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956929987,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956930390,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} -01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956969064,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuhAAEAR8zXAqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956971552,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nulAAEAR8zTAqAypI563p6g8DZYAJNbdAAMACCESpEJQZE0rWTlGNXNyQ3EAGQAEEQAAAA=="} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956977270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7RAAOQRrikjnrenwKgMqQ2WnA4AZNRVARMASCESpEJuWjVNSmNUejZrc3YACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlM2Q3MGU4YTI4NzhlYWI4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABPdDwsE="} -01178{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956977270,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11911","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01176{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956977270,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11911","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956982713,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956982713,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnupAAEAR8tvAqAypI563p5wODZYAfID0AAMAYCESpEJoVnBuRlhEMWd5a3MAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGUzZDcwZThhMjg3OGVhYjgACAAUhea72wHPPgTdSOnBEkAPMzKPAD4="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956988183,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7VAAOARsigjnrenwKgMqQ2WqDwAZD47ARMASCESpEJQZE0rWTlGNXNyQ3EACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyYzViYWNlMTgyOWQyNjllABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBNbgMs="} -01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956988183,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11910","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956988183,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11910","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956989826,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956989826,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnutAAEAR8trAqAypI563p6g8DZYAfJbSAAMAYCESpEJELzRSL1I0ZVdVN0kAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDJjNWJhY2UxODI5ZDI2OWUACAAUvJldU9tsWUvBCpl53HMUEVhvq8k="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957149857,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957149857,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvtAAEAR8yrAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957151010,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevNAAEARy\/vAqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} @@ -100,24 +100,24 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957680781,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957680781,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxZAAEAR8w\/AqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958294242,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} -01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958378136,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958378173,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1636901958386718,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958386718,"pkt":"CL6sCxdumt9Y+uvcCABFAABcaztAAEARa7LAqAypEsODj6g87uQASCG+AQEALCESpEJ2dFg5dWZIQUdCakMAIAAIAAHP9jPRJ80ACAAUJmmebdkZZFSwkh7L8yz62k564LmAKAAEReD9tw=="} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1636901958394511,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636901958394511,"pkt":"CL6sCxdumt9Y+uvcCABFAACEazxAAEARa4nAqAypEsODj6g87uQAcJERAAEAVCESpEJwNFQrb1h3aGNEZzcABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UDAAQAEAAAAAQAkAARufx7\/AAgAFAU5PfclhugC7DGLkMWmAbOXS5FggCgABGgSKPI="} -01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901958650809,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958650809,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901958683157,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958683157,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -02213{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901960601813,"flow_dst_last_pkt_time":1636901960620966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1636901960620966,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":149493.4,"max":679364,"stddev":200828.1,"var":40331911168.0,"ent":3.9,"data": [83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177]},"pktlen": {"min":56,"avg":91.9,"max":132,"stddev":24.9,"var":621.5,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84]},"bins": {"c_to_s": [4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1],"entropies": [5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901964741654,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901966826937,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901958650809,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958650809,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901958683157,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958683157,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02211{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901960601813,"flow_dst_last_pkt_time":1636901960620966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1636901960620966,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":149493.4,"max":679364,"stddev":200828.1,"var":40331911168.0,"ent":3.9,"data": [83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177]},"pktlen": {"min":56,"avg":91.9,"max":132,"stddev":24.9,"var":621.5,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84]},"bins": {"c_to_s": [4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1],"entropies": [5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901964741654,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901966826937,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967279945,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967279945,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCFAAEARys3AqAyprP15f6g8S2YAHDMFAAEAACESpEI4KzdNdk9qTHloVm0="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967305260,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967305260,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCRAAEARysrAqAyprP15f5wOS2YAHCjCAAEAACESpEJCTndzakJKdHNsVHY="} -02287{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01127{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02285{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01125{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01030{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01028{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01127{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01022{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01125{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01020{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} 01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -126,32 +126,32 @@ 01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637207,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EhAAEAR8rHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} -01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998642149,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43ElAAEAR8qjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998644152,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43EpAAEAR8qfAqAypI55607qXDZYAJM8KAAMACCESpEJRck1mY3NySEUrbG4AGQAEEQAAAA=="} -01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998644452,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EtAAEAR8q7AqAypI55605RSDZYAHOlfAAEAACESpEJTRld4cWpibUxkeFo="} -01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998645824,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3ExAAEAR8q3AqAypI55607qXDZYAHAfgAAEAACESpEJsR1ZDTTdDN1dMVEo="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998654073,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654623,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} -01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} +01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} -01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} +01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660651,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9ktAAOMRNU4jnnrTwKgMqQ2WupcAXFiiAQEAQCESpEJsR1ZDTTdDN1dMVEoAIAAIAAEPinw9RVEAAQAIAAEumF0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAAR90ekp"} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998662264,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998662264,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3E5AAEAR8k\/AqAypI55607qXDZYAeBRYAAMAXCESpEJIUGFhU0tWSmtQRG4AGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNGE5ZjU5Y2ZmZTg5NDRhOQAIABRI+uTzM7nII\/sVpvC6uyZXC+3v6w=="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998669539,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49kxAAOQRNEUjnnrTwKgMqQ2WlFIAZMvXARMASCESpEJOTG9MWFNjWDdLU3cACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2MzExMjRhZWUxZDEzNDUwABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABOHlRAQ="} -01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901998669539,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80","multimedia_flow_types":"Unknown"}}} +01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901998669539,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80","multimedia_flow_types":"Unknown"}}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998676426,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998676426,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVYAAOMBFpAjnnrTwKgMqQMDaPUAAAAARQAAONxPQAAgERKjwKgMqSOeetOUUgG7ACS3UAADAAghEqRCcXF0MnJ1Mk16MmtvABkABBEAAAA="} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998684473,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998684473,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3FFAAEAR8kzAqAypI55605RSDZYAeCtfAAMAXCESpEJzQVJaQW1IdkdKV0kAGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNjMxMTI0YWVlMWQxMzQ1MAAIABSPAYmQd4zQiPDDbTAeeOez+Voceg=="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} @@ -169,10 +169,10 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386783,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386783,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3H1AAEAR8nzAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000024715,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000073738,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000102078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000102078,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000107063,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000114802,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000114802,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/RAAEARXvnAqAypEsODj7qX0yYASLB3AQEALCESpEJBbDNpSTF1eStSR1UAIAAIAAHyNDPRJ80ACAAUTu361RDreRFUJBDgnwLv4nPGjjiAKAAENi4ivw=="} @@ -181,43 +181,43 @@ 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000142270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8w7dAAAYRTRYSw4OPwKgMqfA6upcAaP5PAAEATCESpEIwbFM2UjdmdjFzOTMABgAJN2tzczoxRVpzAAAAwFcABAADA4SAKQAIiflXHs5q0dMAJAAEbn8g\/wAIABT+u0FmMYg2qxKb1bY78Qe06uM1KoAoAAQrkPMA"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000144041,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000144041,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/ZAAEARXvfAqAypEsODj7qX8DoASAMeAQEALCESpEIwbFM2UjdmdjFzOTMAIAAIAAHRKDPRJ80ACAAUI\/bFSLNMUitVQi8z7dVLO\/aQEHmAKAAEAVoedw=="} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1636902000173314,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636902000173314,"pkt":"CL6sCxdumt9Y+uvcCABFAACEd\/dAAEARXs7AqAypEsODj7qX8DoAcOfaAAEAVCESpEJYdGpHMEQ4MEppTE0ABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9DAAQAEAAAAAgAkAARufx7\/AAgAFM7+Ft2Y0101jZUj75NnkTl5UB7JgCgABNI9yPM="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902000387029,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000387029,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902000387320,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000387320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -02218{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902000387029,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000387029,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902000387320,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000387320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02216{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01128{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01033{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01127{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01035{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01126{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01031{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01125{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01033{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008969021,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008969021,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhaxAAEARwULAqAyprP15f5RSS2YAHHeOAAEAACESpEJORW10V0g4dmFhQnE="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008970187,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008970187,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwha1AAEARwUHAqAyprP15f7qXS2YAHGY1AAEAACESpEI5bGJNUnBSbytQbnU="} -01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":2,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636902014432732,"flow_dst_last_pkt_time":1636902021384737,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":460,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":17,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1636902021384737} +01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":2,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636902014432732,"flow_dst_last_pkt_time":1636902021384737,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":460,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":17,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1636902021384737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 ~~ skipped flows.............: 0 @@ -226,10 +226,10 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8711412 bytes -~~ total memory freed........: 8711412 bytes -~~ total allocations/frees...: 141222/141222 +~~ total memory allocated....: 9476490 bytes +~~ total memory freed........: 9476490 bytes +~~ total allocations/frees...: 155188/155188 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars -~~ json message max len.......: 2292 chars -~~ json message avg len.......: 1419 chars +~~ json message max len.......: 2290 chars +~~ json message avg len.......: 1418 chars diff --git a/test/results/default/stun_signal_tcp.pcapng.out b/test/results/default/stun_signal_tcp.pcapng.out index fbfc7a852..70f1c1864 100644 --- a/test/results/default/stun_signal_tcp.pcapng.out +++ b/test/results/default/stun_signal_tcp.pcapng.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247378288841} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247378288841} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247378288841,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378288841,"pkt":"ILAB4IZiSKRyNpegCABFAAA0B4lAAIAGELDAqAF1I9v8kshgAFBbKS1nAAAAAIAC+vBAUwAAAgQFtAEDAwgBAQQC"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378293937,"pkt":"SKRyNpegILAB4IZiCABFAAA0AABAADoGXjkj2\/ySwKgBdQBQyGCXmzc3WyktaIASf5Ts8QAAAgQFjAEBBAIBAwMK"} @@ -10,7 +10,7 @@ 01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378307859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1733247378307859,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} 02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378757373,"flow_dst_last_pkt_time":1733247378756881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":248,"flow_src_tot_l4_payload_len":1352,"flow_dst_tot_l4_payload_len":880,"midstream":0,"thread_ts_usec":1733247378757373,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":30212.0,"max":286751,"stddev":67983.4,"var":4621743104.0,"ent":3.1,"data": [5096,5226,1289,6488,7434,14695,6967,5300,207,220,218,169,5360,2561,0,6632,276631,286751,49627,44757,3676,9298,19816,40131,25233,48588,51212,0,2689,9892,409]},"pktlen": {"min":40,"avg":111.6,"max":288,"stddev":62.1,"var":3852.6,"ent":4.8,"data": [52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140]},"bins": {"c_to_s": [6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0],"entropies": [4.662476063,4.931210041,4.834183693,5.192451000,4.390829086,5.849559307,5.878578663,5.821106911,4.611769199,5.746960163,5.817604542,5.914802551,5.855510235,5.723954678,5.775637627,6.138474941,4.834183693,6.134611607,4.772925377,6.067693710,4.729446888,6.405649662,5.903401375,4.816403389,6.032229424,4.772924900,6.072082520,5.918906689,4.756514549,5.916465759,4.784183979,5.873402596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":274,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247395709690,"flow_dst_last_pkt_time":1733247395702394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":1420,"flow_src_tot_l4_payload_len":58588,"flow_dst_tot_l4_payload_len":27476,"midstream":0,"thread_ts_usec":1733247395709690,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":500,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733247395709690} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":500,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733247395709690} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/500 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661387 bytes -~~ total memory freed........: 8661387 bytes -~~ total allocations/frees...: 141034/141034 +~~ total memory allocated....: 9425761 bytes +~~ total memory freed........: 9425761 bytes +~~ total allocations/frees...: 155000/155000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2217 chars diff --git a/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out index 3c46379b8..ee688e7d8 100644 --- a/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out +++ b/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645514762350619} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645514762350619} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762350619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514762350619,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762350619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1645514762350619,"pkt":"AAAAAAAAAAoA2nGfCABFAAA8AABAAFcGEY6mrI6DF7fFRw2Xp2H0bFeT0HMflKAS\/\/+7nwAAAgQFtAQCCAr+HMRdGiKsgwEDAwg="} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762356326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514762356326,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxJAAD8GdmcXt8VHpqyOg6dhDZfQcx+U9GxXlIAYAU3vTgAAAQEIChoirLb+HMRdAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="} @@ -8,7 +8,7 @@ 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514763155219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514763155219,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxVAAD8GdmQXt8VHpqyOg6dhDZfQcx\/M9GxXlIAYAU3t4wAAAQEIChoirZj+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514773276175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1645514773276175,"pkt":"AAAAAAAAAA4AwKFPCABFAACIsxpAAD8GdicXt8VHpqyOg6dhDZfQcx\/o9GxXlIAZAU3usAAAAQEIChoiuYL+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAAADAAghEqRCcEtuRTlSWGdGWWxZABkABBEAAAAAAwAIIRKkQnBLbkU5UlhnRllsWQAZAAQRAAAA"} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514773276175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1645514773276175,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1645514773276175} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1645514773276175} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647007 bytes -~~ total memory freed........: 8647007 bytes -~~ total allocations/frees...: 140538/140538 +~~ total memory allocated....: 9411381 bytes +~~ total memory freed........: 9411381 bytes +~~ total allocations/frees...: 154504/154504 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 1030 chars diff --git a/test/results/default/stun_wa_call.pcapng.out b/test/results/default/stun_wa_call.pcapng.out index 7b0c2a3e0..4b90bc1bc 100644 --- a/test/results/default/stun_wa_call.pcapng.out +++ b/test/results/default/stun_wa_call.pcapng.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} 01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} @@ -109,7 +109,7 @@ 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":2,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":112,"global_ts_usec":1676660035303048} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":2,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":112,"global_ts_usec":1676660035303048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 591/591 ~~ skipped flows.............: 0 @@ -118,9 +118,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8690934 bytes -~~ total memory freed........: 8690934 bytes -~~ total allocations/frees...: 141246/141246 +~~ total memory allocated....: 9455692 bytes +~~ total memory freed........: 9455692 bytes +~~ total allocations/frees...: 155212/155212 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 2211 chars diff --git a/test/results/default/stun_zoom.pcapng.out b/test/results/default/stun_zoom.pcapng.out index f00c204af..44fcb28a7 100644 --- a/test/results/default/stun_zoom.pcapng.out +++ b/test/results/default/stun_zoom.pcapng.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"} 01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -21,7 +21,7 @@ 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1661169536805680} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1661169536805680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8660561 bytes -~~ total memory freed........: 8660561 bytes -~~ total allocations/frees...: 140623/140623 +~~ total memory allocated....: 9424967 bytes +~~ total memory freed........: 9424967 bytes +~~ total allocations/frees...: 154589/154589 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 593 chars ~~ json message max len.......: 2191 chars diff --git a/test/results/default/syncthing.pcap.out b/test/results/default/syncthing.pcap.out index c7d9c59e4..634395ae3 100644 --- a/test/results/default/syncthing.pcap.out +++ b/test/results/default/syncthing.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663058610822000} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663058610822000} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610822000,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610822000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":42370,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":267,"pkt_l4_len":213,"thread_ts_usec":1663058610822000,"pkt":"MzMAAIOEYDjgxTWght1gAesUANURAf6AAAAAAAAAYjjg\/\/7FNaD\/EgAAAAAAAAAAAAAAAIOEpYJSIwDV+Zwup9kLCiCSt2JimWKUgl\/GzObPNHlCiCgtc7Xs3y3LKb\/UhMQtbxIZdGNwOi8vMTkyLjE2OC4yLjEwMDoyMjAwMBIXdGNwOi8vMTkyLjE2OC4wLjE6MjIwMDASF3RjcDovLzE5Mi4xNjguMy4xOjIyMDAwEhpxdWljOi8vMTkyLjE2OC4yLjEwMDoyMjAwMBIYcXVpYzovLzE5Mi4xNjguMC4xOjIyMDAwEhhxdWljOi8vMTkyLjE2OC4zLjE6MjIwMDAYzqG5+MLl+b1h"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610822000,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610822000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":42370,"dst_port":21027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} @@ -37,7 +37,7 @@ 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663059067177000,"flow_dst_last_pkt_time":1663059067177000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":510,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":510,"pkt_l4_len":476,"thread_ts_usec":1663059067177000,"pkt":"\/\/\/\/\/\/\/\/YDjgxTWgCABFAAHwU\/5AALkR5UrAqAJkwKgC\/9bBUiMB3IihLqfZCwogkrdiYplilIJfxszmzzR5QogoLXO17N8tyym\/1ITELW8S6gFyZWxheTovLzE1MS44MC40My4xNjc6MjIwNjcvP2dsb2JhbExpbWl0QnBzPTAmaWQ9UVpKRllPUy1CSlBBNFVPLVlQQVhDTlUtUEVHT1BWNC1YNTZJSU9aLTNJR0pEMlAtSDVZNUFDSS00Rk1DTkFOJm5ldHdvcmtUaW1lb3V0PTJtMHMmcGluZ0ludGVydmFsPTFtMHMmcHJvdmlkZWRCeT1odHRwcyUzQSUyRiUyRmtleWJhc2UuaW8lMkZtb3ZpdXJvJnNlc3Npb25MaW1pdEJwcz0wJnN0YXR1c0FkZHI9JTNBMjIwNzASGnF1aWM6Ly8xOTIuMTY4LjIuMTAwOjIyMDAwEhhxdWljOi8vMTkyLjE2OC4wLjE6MjIwMDASGHF1aWM6Ly8xOTIuMTY4LjMuMToyMjAwMBIYcXVpYzovLzIuMjAzLjIzNC40OjIyMDAwEhl0Y3A6Ly8xOTIuMTY4LjIuMTAwOjIyMDAwEhd0Y3A6Ly8xOTIuMTY4LjAuMToyMjAwMBIXdGNwOi8vMTkyLjE2OC4zLjE6MjIwMDAYtbyZh9yrvO9z"} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1663058647185000,"flow_src_last_pkt_time":1663059067177000,"flow_dst_last_pkt_time":1663058647185000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663059067179000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":47077,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1663059067177000,"flow_src_last_pkt_time":1663059067179000,"flow_dst_last_pkt_time":1663059067177000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663059067179000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.255","src_port":54977,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":34,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":11,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1663059067179000} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":34,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":11,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1663059067179000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 34/34 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653024 bytes -~~ total memory freed........: 8653024 bytes -~~ total allocations/frees...: 140596/140596 +~~ total memory allocated....: 9417494 bytes +~~ total memory freed........: 9417494 bytes +~~ total allocations/frees...: 154562/154562 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 1177 chars diff --git a/test/results/default/synscan.pcap.out b/test/results/default/synscan.pcap.out index 4b452035c..6d644b1f1 100644 --- a/test/results/default/synscan.pcap.out +++ b/test/results/default/synscan.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278275056274870} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278275056274870} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056274870,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056274870,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1278275056274870,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056276409,"flow_src_last_pkt_time":1278275056276409,"flow_dst_last_pkt_time":1278275056276409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056276409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -7993,7 +7993,7 @@ 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060746505,"flow_src_last_pkt_time":1278275060746505,"flow_dst_last_pkt_time":1278275060746505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01032{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060850680,"flow_src_last_pkt_time":1278275060850680,"flow_dst_last_pkt_time":1278275060850680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060850680,"flow_src_last_pkt_time":1278275060850680,"flow_dst_last_pkt_time":1278275060850680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2011,"packets-processed":2011,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1850,"total-guessed-flows":144,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2011,"packets-processed":2011,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1850,"total-guessed-flows":144,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2011/2011 ~~ skipped flows.............: 0 @@ -8002,9 +8002,9 @@ ~~ total active/idle flows...: 1994/1994 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 13604007 bytes -~~ total memory freed........: 13604007 bytes -~~ total allocations/frees...: 166465/166465 +~~ total memory allocated....: 14432157 bytes +~~ total memory freed........: 14432157 bytes +~~ total allocations/frees...: 180431/180431 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1246 chars diff --git a/test/results/default/syslog.pcap.out b/test/results/default/syslog.pcap.out index c603f8ab4..0bb6f9004 100644 --- a/test/results/default/syslog.pcap.out +++ b/test/results/default/syslog.pcap.out @@ -1,9 +1,9 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00280{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":108743144,"packet_id":1,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":108743144} 01223{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":703,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":703,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AqsAIUW0AqkAAEAAQBEKT1+I8jZdFH5uAgICAgKVMFQ8MjY+SmFuIDAxIDAwOjAxOjQ3IG5iNiBuYmQ6IDAxPTc7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMDc7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7MDc9NDA7MDg9MTA7MEE9MTQwMTA7MEI9MTEyODswQz0xNjAwMDswRD0xMDY4OzBFPTMzLjA7MEY9MTguNDsxMj02LjI7MTM9Ni44OzE0PTE5Ljg7MTU9MTIuMTsxNj0wOzE3PTA7MTg9MDsxOT0wOzFCPTE7MUM9QURTTDIrOzFEPTA7MUU9YXV0bzsxRj0xOzIxPTA7MjI9Mzk7MjM9MDsyND0yNjs0Qj0zOzRDPTA7NEQ9MjQ3Mzg7NEU9MzEzNTE2OzRGPTA7NTA9MDs1MT0wOzUyPTA7MTA9MTsxMT00OzMwPTA7MzE9MDszMj0yOzMzPTI7MzQ9MDszNT0wOzM2PTA7NDE9MDs0Mj11bmtub3duOzdDPTA7N0Q9dW5rbm93bjsyRD11bmtub3duOzJGPXVua25vd247Mzk9MDszQT0wOzQ0PTQ5OzQ2PTQ5OzQ4PTQ5OzNCPTA7M0M9MDszRD0wOzNFPTA7M0Y9MDs0MD0wOzc3PTU7Nzg9MDs3OT0wOzkwPTA7OTE9MDs5Mj0wOzk4PTs5OT07OWE9dW5rbm93bjs5Yj1vbjs5Yz1kb3duOzlkPTA7QjA9MA=="} 00280{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":113756696,"packet_id":2,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":113756696} 00791{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":379,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":379,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AWcAIUW0AWUAAEAAQBEL0V+I8jZdFH4wAgICAgFRGxc8MjY+SmFuIDAxIDAwOjAxOjUzIG5iNiBuYmQ6IDAxPTg7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMTM7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7Mzc9NDszMD0wOzMxPTA7MzI9MjszMz0yOzM0PTA7MzU9MDszNj0wOzQxPTA7NDI9dW5rbm93bjs3Qz0wOzdEPXVua25vd247MkQ9dW5rbm93bjsyRj11bmtub3duOzM5PTA7M0E9MDs0ND01NTs0Nj01NTs0OD01NQ=="} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1377043331844398} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1377043331844398} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1377043331844398,"pkt":"vDBb56YVAASWJ4vKCABFAACoJ0cAADwRXWysFDM2rB9uKAICAgIAlCzbPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBEaXNjTG9vcElkIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDM1MTAKMCBMb2NhbCBQb3J0IENvbm5lY3Rpb24gVHlwZT0gTE9PUDogbG9vcElkPTB4N0QKCgA="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -11,14 +11,14 @@ 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1377043331893307,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043331893307,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ0kAADwRXTasFDM2rB9uKAICAgIAyJYPPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTIxOAowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIFVQICA6IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1377043337197703,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1377043337197703,"pkt":"vDBb56YVAASWJ4vKCABFAACIJ3YAADwRXV2sFDM2rB9uKAICAgIAdHXTPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyOCBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBJZGxlIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDYyNTQKMCBMSVAoRjgsRjcpIFJlY2VpdmVkCgoA"} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1377043337206117,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043337206117,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ3cAADwRXQisFDM2rB9uKAICAgIAyG\/hPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyOCBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTI0MQowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIERPV046IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1388653792914155} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1388653792914155} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653792914155,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYZ9AAEARc\/cK+xeLPicDjuc6AgIAVGhaPDE0Nz5KYW4gIDIgMTA6MDk6NTIgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEM6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043354299811,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653841215658,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYaBAAEARc\/YK+xeLPicDjuc6AgIAVHJZPDE0Nz5KYW4gIDIgMTA6MTA6NDEgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEQ6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653841215658,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1488571038380901} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1488571038380901} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_usec":1488571038380901,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -32,7 +32,7 @@ 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_usec":1488571330522327,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330522327,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":26,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1557406267494812} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":26,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1557406267494812} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267494812,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406267494812,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd60AAIAp7n3BGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510571,"flow_src_last_pkt_time":1557406267510571,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267510571,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} @@ -43,7 +43,7 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279481997,"pkt":"ABDb\/xAAACFZH\/EMCABFAAILd7sAAIAp7jbBGOMK2EJWcmAAAAABzxFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279497874,"pkt":"ABRpnhFAABDb\/xAACABFAAILsN5AAPspAGXYQlAewRjjDGAAAAABzxE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":32,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1600781689297122} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":32,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1600781689297122} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1600781689297122,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -63,7 +63,7 @@ 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1600781952293713,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1600781952293713,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":38,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1600782411853866} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":38,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1600782411853866} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_usec":1600782411853866,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -93,7 +93,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782438439705,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":52,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1618744015613076} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":52,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1618744015613076} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1618744015613076,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -118,7 +118,7 @@ 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1618744358191948,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":84,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":3,"total-active-flows":17,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1639052948178444} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":84,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":3,"total-active-flows":17,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1639052948178444} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":408,"flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_usec":1639052948178444,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -126,7 +126,7 @@ 01047{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744128983164,"flow_src_last_pkt_time":1618744128983164,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1906,"l3_proto":"ip4","src_ip":"169.46.82.162","dst_ip":"10.186.117.194","src_port":52173,"dst_port":49948,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744128983164,"flow_src_last_pkt_time":1618744128983164,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1906,"l3_proto":"ip4","src_ip":"169.46.82.162","dst_ip":"10.186.117.194","src_port":52173,"dst_port":49948,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01228{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1506,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":85,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1646228387732435} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":85,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1646228387732435} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228387732435,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228387732435} 00991{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388234384,"packet_id":86,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388234384} @@ -135,7 +135,7 @@ 00891{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":449,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":449,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAa0AIUUAAav9yAAAMxEhssN4pYZT66ndAgIq+AGXbaE8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjMzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjE5NzI2NS0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidHlwZSI6ICJxdWVyeSIsICJpZCI6IDM5MDc0LCAicnJuYW1lIjogIm9wZW52cG50ZWMuZXRyYS1pZC5jb20iLCAicnJ0eXBlIjogIkEiLCAidHhfaWQiOiAwfX0="} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388765633,"packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765633} 00999{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":530,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":530,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAf4AIUUAAfwa3gAAMxEETMN4pYZT66ndAgIq+AHo0Bs8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjQzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjIxNTI3Ny0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidmVyc2lvbiI6IDIsICJ0eXBlIjogImFuc3dlciIsICJpZCI6IDM5MDc0LCAiZmxhZ3MiOiAiODE4MCIsICJxciI6IHRydWUsICJyZCI6IHRydWUsICJyYSI6IHRydWUsICJycm5hbWUiOiAib3BlbnZwbnRlYy5ldHJhLWlkLmNvbSIsICJycnR5cGUiOiAiQSIsICJyY29kZSI6ICJOT0VSUk9SIiwgImFuc3c="} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":89,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1646781267422628} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":89,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1646781267422628} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":2005,"flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_usec":1646781267422628,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -149,7 +149,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":94,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1646781268509996} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":94,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1646781268509996} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/88 ~~ skipped flows.............: 0 @@ -158,9 +158,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8695390 bytes -~~ total memory freed........: 8695390 bytes -~~ total allocations/frees...: 140819/140819 +~~ total memory allocated....: 9460372 bytes +~~ total memory freed........: 9460372 bytes +~~ total allocations/frees...: 154785/154785 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 285 chars ~~ json message max len.......: 2234 chars diff --git a/test/results/default/tailscale.pcap.out b/test/results/default/tailscale.pcap.out index 4bd5cb6ac..2351256f2 100644 --- a/test/results/default/tailscale.pcap.out +++ b/test/results/default/tailscale.pcap.out @@ -1,15 +1,15 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623328901893092} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623328901893092} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1623328901893092,"pkt":"poPnuslkAAwplE+vCABFAAB4d9xAAEART3bAqFgDEsRHs6KpoqkAZHYFVFPwn5KstoR90hKud3v64hSzbQ2XEVLwx+BSTgwosKAQW1+mFhcDIU7pTkASV+cPow8CosaxW7erOd5Ypqum39pp9XjnyWeXa9gOouLKbhi2mYRqmqG3HWqWW+4="} -00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328903724659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1623328903724659,"pkt":"AAwplE+vpoPnuslkCABFAAB4wDYAADARAAASxEezwKhYA6KpoqkAZDq5VFPwn5Ksb2ojdtrFDu7j3RTsCp6OKZwqLwVAiNNpFboDB5G60HZ4lApGjOTUBTwFtPP3LPGfdb4isPMjIrKVha5fddu3BGQyNhRYANwnpxkj4aMlcjOb1E9EVaw="} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623328903725945,"flow_dst_last_pkt_time":1623328903724659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_usec":1623328903725945,"pkt":"poPnuslkAAwplE+vCABFAACKeStAAEARThXAqFgDEsRHs6KpoqkAdpoZVFPwn5KstoR90hKud3v64hSzbQ2XEVLwx+BSTgwosKAQW1+mFhfnGtMZ9e044JOd6BssrkqFEvN3a1uZOiu32bqdvRMzkLfOaDh5e\/gxrdWndNyd8uHlplZBguZvG8GaHTjVSHkyioR1dMwpFZQ="} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623328903725945,"flow_dst_last_pkt_time":1623328904183996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1623328904183996,"pkt":"AAwplE+vpoPnuslkCABFAACcwF8AADARAAASxEezwKhYA6KpoqkAiNQsBAAAAJjIPnoAAAAAAAAAAM53fuAEZPdT5Fdm4DS\/UyjvTLjPe7QnPiQ2CXt+mB7Y8WrT0Li\/aXkjhOBO2nZ+wnNXLRMwN+1X2A2pLC+\/QdJ8BsjlD4LG3Fm4cAmsrR\/UdUrmKYOZs6hRz4SUA4cQhw57wUILLnKTp478mQ9SP58="} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623328903725945,"flow_dst_last_pkt_time":1623328904184015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1623328904184015,"pkt":"AAwplE+vpoPnuslkCABFAACcwGAAADARAAASxEezwKhYA6KpoqkAiNUeBAAAAJjIPnoBAAAAAAAAAIDRhelXasbgL\/+zYa0dujImbboZHw5LtTzrMLrAnJiErjX4Q\/gpsHyUZ2phBiZAcnlAJHPknh+UjOJs8w8oU91sAPPQbskYRx3J+rH+DeFVFEtkDOzsDsjpsegoPlzrb\/fiUGSsuyCgJy+T4mnA9xA="} -02239{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328910935194,"flow_dst_last_pkt_time":1623328911751937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":1430,"flow_dst_tot_l4_payload_len":2162,"midstream":0,"thread_ts_usec":1623328911751937,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":609708.0,"max":1999684,"stddev":605237.1,"var":366311899136.0,"ent":4.2,"data": [1831567,1832853,459337,19,7,851239,689283,1999684,305038,1197527,993302,17713,10,118067,686079,686069,167240,28515,268363,28631,1001510,1709853,809387,161594,38729,229122,33650,39336,1000927,1009891,706405]},"pktlen": {"min":120,"avg":140.2,"max":156,"stddev":15.4,"var":237.9,"ent":5.0,"data": [120,120,138,156,156,156,156,120,138,156,120,138,156,120,138,120,138,120,156,138,156,156,120,138,120,156,156,138,156,156,156,120]},"bins": {"c_to_s": [0,0,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,6,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1],"entropies": [6.258774757,6.327646255,6.564895153,6.334487915,6.307401657,6.374646664,6.326507568,6.403507233,6.611924648,6.410363674,6.506895065,6.510478020,6.402382374,6.340927124,6.480768204,6.334637165,6.568448067,6.498397350,6.475291729,6.619921207,6.387466908,6.409846783,6.390228748,6.538738251,6.500603676,6.552214622,6.461646080,6.474994183,6.375043869,6.467308998,6.309903622,6.317968845]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":56,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328931902798,"flow_dst_last_pkt_time":1623328933775730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":5700,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1623328933775730,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":107,"packets-processed":107,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1623328933775730} +02237{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328910935194,"flow_dst_last_pkt_time":1623328911751937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":1430,"flow_dst_tot_l4_payload_len":2162,"midstream":0,"thread_ts_usec":1623328911751937,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":609708.0,"max":1999684,"stddev":605237.1,"var":366311899136.0,"ent":4.2,"data": [1831567,1832853,459337,19,7,851239,689283,1999684,305038,1197527,993302,17713,10,118067,686079,686069,167240,28515,268363,28631,1001510,1709853,809387,161594,38729,229122,33650,39336,1000927,1009891,706405]},"pktlen": {"min":120,"avg":140.2,"max":156,"stddev":15.4,"var":237.9,"ent":5.0,"data": [120,120,138,156,156,156,156,120,138,156,120,138,156,120,138,120,138,120,156,138,156,156,120,138,120,156,156,138,156,156,156,120]},"bins": {"c_to_s": [0,0,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,6,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1],"entropies": [6.258774757,6.327646255,6.564895153,6.334487915,6.307401657,6.374646664,6.326507568,6.403507233,6.611924648,6.410363674,6.506895065,6.510478020,6.402382374,6.340927124,6.480768204,6.334637165,6.568448067,6.498397350,6.475291729,6.619921207,6.387466908,6.409846783,6.390228748,6.538738251,6.500603676,6.552214622,6.461646080,6.474994183,6.375043869,6.467308998,6.309903622,6.317968845]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":56,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328931902798,"flow_dst_last_pkt_time":1623328933775730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":5700,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1623328933775730,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":107,"packets-processed":107,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1623328933775730} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 107/107 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647945 bytes -~~ total memory freed........: 8647945 bytes -~~ total allocations/frees...: 140640/140640 +~~ total memory allocated....: 9412319 bytes +~~ total memory freed........: 9412319 bytes +~~ total allocations/frees...: 154606/154606 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars -~~ json message max len.......: 2244 chars -~~ json message avg len.......: 1334 chars +~~ json message max len.......: 2242 chars +~~ json message avg len.......: 1333 chars diff --git a/test/results/default/targusdataspeed_false_positives.pcap.out b/test/results/default/targusdataspeed_false_positives.pcap.out index f4665cb3e..2d56bb975 100644 --- a/test/results/default/targusdataspeed_false_positives.pcap.out +++ b/test/results/default/targusdataspeed_false_positives.pcap.out @@ -1,4 +1,4 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":35569737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":35569737,"pkt":"UlQAEjUCCAAn5uVZCABFAAB+ehEAAIARLTAKAAIPT6Q3e126E4kAahVHZDE6YWQyOmlkMjA69gJ3AZhiwRyVvvTzAO9QVrdoSnA2OnRhcmdldDIwOvYCdwGYYsEclb708wDvUFa3aEpxZTE6cTk6ZmluZF9ub2RlMTp0ODqI0o3DoQnQUDE6eTE6cWU="} 01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":35569737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} @@ -9,7 +9,7 @@ 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":46627016,"flow_dst_last_pkt_time":47351725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":47351725,"pkt":"CAAn5uVZUlQAEjUCCABFAAFLPoUAAEARp+tZQC3jCgACDxRRXboBN3DOZDI6aXA2Ol0v4fi2NTE6cmQyOmlkMjA6Cixkc\/ArsXcJ7U3wslfTpV0++Qo1Om5vZGVzMjA4OgnoTWcn5Dz1WsC7MJGi19W6kHfXwIMsWf7sCMB+iYC28R+pvpNIPRWUbo8TACBttiU\/eIoJTCvSXHm7E6mVIW1xdJVtFGBxj71Fdbbh6Qi0O4aQ71PNaDpVSFMJBfrOkxEjUPl1HgURCYdIr0PZ+eaVADua7fVMXBTcQ4EChJrSdkcJ4hLhbiau6yJI+VuOfD+bIhmzz7V5SbNlNQhV3fqFlrrzSnPbqxOCr29KlotYDsDTJxC1CNuf8fG76euzpts8hww+mSReDZCIHta8ty8xOnBpNDY2NDVlZTE6dDg6yqEY3ZzscnUxOnY0OkxUAQIxOnkxOnJl"} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35636027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":47351725,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":46627016,"flow_src_last_pkt_time":46627016,"flow_dst_last_pkt_time":47351725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":47351725,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.64.45.227","src_port":23994,"dst_port":5201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":47351725} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":47351725} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647414 bytes -~~ total memory freed........: 8647414 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9411820 bytes +~~ total memory freed........: 9411820 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 613 chars ~~ json message max len.......: 1096 chars diff --git a/test/results/default/tcp_scan.pcapng.out b/test/results/default/tcp_scan.pcapng.out index 93049c015..aa569539a 100644 --- a/test/results/default/tcp_scan.pcapng.out +++ b/test/results/default/tcp_scan.pcapng.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1674583448287506} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1674583448287506} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583461865595,"flow_src_last_pkt_time":1674583461865595,"flow_dst_last_pkt_time":1674583461865595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583461865595,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1674583461865595,"flow_dst_last_pkt_time":1674583461865595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1674583461865595,"pkt":"AICPmq69KDc3AG3ICABFAABAAABAAP8G97LAqAGywKgBAtvQAFAaMXySAAAAALAC\/\/+gxwAAAgQFtAEDAwUBAQgKBzOYGQAAAAAEAgAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461865599,"flow_dst_last_pkt_time":1674583461865599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583461865599,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -39,7 +39,7 @@ 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583488939833,"flow_src_last_pkt_time":1674583488939833,"flow_dst_last_pkt_time":1674583488940443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":62971,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01141{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583501982691,"flow_src_last_pkt_time":1674583501982691,"flow_dst_last_pkt_time":1674583501983146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":63243,"dst_port":3392,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583501982691,"flow_src_last_pkt_time":1674583501982691,"flow_dst_last_pkt_time":1674583501983146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":63243,"dst_port":3392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":3,"total-guessed-flows":4,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1674583501983146} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":3,"total-guessed-flows":4,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1674583501983146} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/18 ~~ skipped flows.............: 0 @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8660185 bytes -~~ total memory freed........: 8660185 bytes -~~ total allocations/frees...: 140629/140629 +~~ total memory allocated....: 9424751 bytes +~~ total memory freed........: 9424751 bytes +~~ total allocations/frees...: 154595/154595 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 1289 chars diff --git a/test/results/default/teams.pcap.out b/test/results/default/teams.pcap.out index 68371ba4b..3b94a07f0 100644 --- a/test/results/default/teams.pcap.out +++ b/test/results/default/teams.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01025{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -658,7 +658,7 @@ 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -667,9 +667,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10085540 bytes -~~ total memory freed........: 10085540 bytes -~~ total allocations/frees...: 143355/143355 +~~ total memory allocated....: 10852868 bytes +~~ total memory freed........: 10852868 bytes +~~ total allocations/frees...: 157331/157331 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 295 chars ~~ json message max len.......: 2501 chars diff --git a/test/results/default/teamspeak3.pcap.out b/test/results/default/teamspeak3.pcap.out index 4af733261..7980a659e 100644 --- a/test/results/default/teamspeak3.pcap.out +++ b/test/results/default/teamspeak3.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946745680740311} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946745680740311} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745680740311,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745680740311,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="} 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745680740311,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} @@ -7,7 +7,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946745681306941,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745681306941,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946745681306983,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":946745681306983,"pkt":"REREREREZmZmZmZmCABFAADYyX5AAHgRnXQKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946745682007760,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745682007760,"pkt":"REREREREZmZmZmZmCABFAAA+yf1AAHgRnY8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2MAAAAAAAAAAA=="} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1667856551682719} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1667856551682719} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551682719,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667856551682719,"pkt":"AABeAAEK6qmpVXFVCABFAAAg6GhAAD8RkF7BHxlGM0S1XAfbB9oADMMjAYCEAQ=="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551687540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1667856551687540,"pkt":"6qmpVXFVEA5+JvHACABFAAAkwyxAADQRwJYzRLVcwR8ZRgfaB9sAEFGEAYCEAXxl2acAAAAAAAA="} @@ -17,247 +17,247 @@ 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745717746131,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551693001,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1667857151661156,"flow_dst_last_pkt_time":1667856551693001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667857151661156,"pkt":"AABeAAEK6qmpVXFVCABFAAAgFyVAAD8RYaLBHxlGM0S1XAfbB9oADMMjAYKEAQ=="} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857151666127,"flow_dst_last_pkt_time":1667857151670963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1667857151670963,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1667857751746605} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1667857751746605} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857751751776,"flow_dst_last_pkt_time":1667857751756665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1667857751756665,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1667858351841483} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1667858351841483} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858351846489,"flow_dst_last_pkt_time":1667858351851342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1667858351851342,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858951749360,"flow_dst_last_pkt_time":1667858951754177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":65,"midstream":0,"thread_ts_usec":1667858951754177,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1667859551930352} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1667859551930352} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667859551935305,"flow_dst_last_pkt_time":1667859551940122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1667859551940122,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860151925248,"flow_dst_last_pkt_time":1667860151930037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":1667860151930037,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":42,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1667860752077584} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":42,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1667860752077584} 02222{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4821,"avg":270993696.0,"max":600180997,"stddev":298614912.0,"var":89170865459036160.0,"ent":3.8,"data": [4821,5374,5461,599973063,599972971,4971,4991,600080478,600080533,5171,5169,600089707,600089636,5006,5041,599897642,599897696,5229,5139,600180992,600180997,4953,4948,599984779,599984795,5164,5120,600152336,600152365,4975,4963]},"pktlen": {"min":32,"avg":40.0,"max":44,"stddev":4.7,"var":22.0,"ent":5.0,"data": [32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.625000000,4.458523273,4.765583038,4.075578690,4.625000000,4.506142139,4.765583038,4.075578690,4.500000000,4.345311642,4.674674511,4.009986401,4.625000000,4.458523273,4.720128536,4.075578690,4.562500000,4.458523273,4.720128536,3.980340719,4.625000000,4.315666676,4.720128536,3.980340719,4.562500000,4.458523273,4.629220009,4.075578690,4.562500000,4.506142139,4.720128536,4.027959824]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861351993175,"flow_dst_last_pkt_time":1667861351998031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1667861351998031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1667861952155552} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1667861952155552} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861952160606,"flow_dst_last_pkt_time":1667861952165473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1667861952165473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667862552075384,"flow_dst_last_pkt_time":1667862552080210,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1667862552080210,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1667863152145991} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1667863152145991} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863152150938,"flow_dst_last_pkt_time":1667863152155777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1667863152155777,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863752105541,"flow_dst_last_pkt_time":1667863752110395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":169,"midstream":0,"thread_ts_usec":1667863752110395,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1667864352264298} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1667864352264298} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864352269395,"flow_dst_last_pkt_time":1667864352274267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1667864352274267,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1667864952277211} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1667864952277211} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":30,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864952282201,"flow_dst_last_pkt_time":1667864952287024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":195,"midstream":0,"thread_ts_usec":1667864952287024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1667865552502273} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1667865552502273} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":32,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667865552507391,"flow_dst_last_pkt_time":1667865552512264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1667865552512264,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":34,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866152387758,"flow_dst_last_pkt_time":1667866152392764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":221,"midstream":0,"thread_ts_usec":1667866152392764,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":82,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1667866752540859} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":82,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1667866752540859} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":36,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866752545981,"flow_dst_last_pkt_time":1667866752550878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":234,"midstream":0,"thread_ts_usec":1667866752550878,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":38,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867352498846,"flow_dst_last_pkt_time":1667867352503806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1667867352503806,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1667867952564843} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1667867952564843} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":40,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867952571449,"flow_dst_last_pkt_time":1667867952576449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1667867952576449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1667868552626724} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1667868552626724} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":42,"flow_dst_packets_processed":42,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667868552631982,"flow_dst_last_pkt_time":1667868552644435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1667868552644435,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1667869152831749} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1667869152831749} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":44,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869152836944,"flow_dst_last_pkt_time":1667869152841890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":286,"midstream":0,"thread_ts_usec":1667869152841890,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":46,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869752718957,"flow_dst_last_pkt_time":1667869752723999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":299,"midstream":0,"thread_ts_usec":1667869752723999,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1667870352860295} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1667870352860295} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":48,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870352865541,"flow_dst_last_pkt_time":1667870352870527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":312,"midstream":0,"thread_ts_usec":1667870352870527,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":113,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1667870952861879} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":113,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1667870952861879} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":50,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870952856962,"flow_dst_last_pkt_time":1667870952861879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":500,"flow_dst_tot_l4_payload_len":325,"midstream":0,"thread_ts_usec":1667870952861879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1667871552965002} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1667871552965002} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":52,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667871552970090,"flow_dst_last_pkt_time":1667871552974984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":338,"midstream":0,"thread_ts_usec":1667871552974984,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1667872152967383} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1667872152967383} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872152962414,"flow_dst_last_pkt_time":1667872152967383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":351,"midstream":0,"thread_ts_usec":1667872152967383,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1667872753004113} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1667872753004113} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":56,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872753009396,"flow_dst_last_pkt_time":1667872753014340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":364,"midstream":0,"thread_ts_usec":1667872753014340,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":126,"packets-processed":125,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1667873353144571} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":126,"packets-processed":125,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1667873353144571} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":58,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873353149829,"flow_dst_last_pkt_time":1667873353154817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":377,"midstream":0,"thread_ts_usec":1667873353154817,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":133,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1667873953146815} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":133,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1667873953146815} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":60,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873953141847,"flow_dst_last_pkt_time":1667873953146815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":390,"midstream":0,"thread_ts_usec":1667873953146815,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":134,"packets-processed":133,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1667874553276670} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":134,"packets-processed":133,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1667874553276670} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":62,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667874553281783,"flow_dst_last_pkt_time":1667874553286698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":403,"midstream":0,"thread_ts_usec":1667874553286698,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":64,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875153244452,"flow_dst_last_pkt_time":1667875153249351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1667875153249351,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1667875753342484} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1667875753342484} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":66,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875753347778,"flow_dst_last_pkt_time":1667875753352702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":429,"midstream":0,"thread_ts_usec":1667875753352702,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1667876353408264} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1667876353408264} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":68,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876353413449,"flow_dst_last_pkt_time":1667876353418444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":442,"midstream":0,"thread_ts_usec":1667876353418444,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1667876953587033} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1667876953587033} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":70,"flow_dst_packets_processed":70,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876953592257,"flow_dst_last_pkt_time":1667876953597228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":455,"midstream":0,"thread_ts_usec":1667876953597228,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":72,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667877553543097,"flow_dst_last_pkt_time":1667877553548159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1667877553548159,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1667878153569226} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1667878153569226} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":74,"flow_dst_packets_processed":74,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878153574404,"flow_dst_last_pkt_time":1667878153579443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":481,"midstream":0,"thread_ts_usec":1667878153579443,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1667878753632528} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1667878753632528} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":76,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878753638134,"flow_dst_last_pkt_time":1667878753643091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":494,"midstream":0,"thread_ts_usec":1667878753643091,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1667879353636120} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1667879353636120} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":78,"flow_dst_packets_processed":78,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879353641506,"flow_dst_last_pkt_time":1667879353646439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1667879353646439,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1667879953703352} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1667879953703352} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":80,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879953708739,"flow_dst_last_pkt_time":1667879953713725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":520,"midstream":0,"thread_ts_usec":1667879953713725,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":174,"packets-processed":173,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1667880553876737} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":174,"packets-processed":173,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1667880553876737} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":82,"flow_dst_packets_processed":82,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667880553881895,"flow_dst_last_pkt_time":1667880553886879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":533,"midstream":0,"thread_ts_usec":1667880553886879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":84,"flow_dst_packets_processed":84,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881153859790,"flow_dst_last_pkt_time":1667881153864831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1667881153864831,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":182,"packets-processed":181,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1667881753952134} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":182,"packets-processed":181,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1667881753952134} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":86,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881753957333,"flow_dst_last_pkt_time":1667881753962303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":860,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1667881753962303,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":88,"flow_dst_packets_processed":88,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882353935191,"flow_dst_last_pkt_time":1667882353940184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1667882353940184,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":190,"packets-processed":189,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":93,"global_ts_usec":1667882954166449} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":190,"packets-processed":189,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":93,"global_ts_usec":1667882954166449} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":90,"flow_dst_packets_processed":90,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882954171570,"flow_dst_last_pkt_time":1667882954176520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":585,"midstream":0,"thread_ts_usec":1667882954176520,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":92,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667883554074126,"flow_dst_last_pkt_time":1667883554079112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":920,"flow_dst_tot_l4_payload_len":598,"midstream":0,"thread_ts_usec":1667883554079112,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":198,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1667884154200917} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":198,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1667884154200917} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":94,"flow_dst_packets_processed":94,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884154206101,"flow_dst_last_pkt_time":1667884154211101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":611,"midstream":0,"thread_ts_usec":1667884154211101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":96,"flow_dst_packets_processed":96,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884754157900,"flow_dst_last_pkt_time":1667884754162909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":960,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1667884754162909,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":99,"global_ts_usec":1667885354328064} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":99,"global_ts_usec":1667885354328064} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":98,"flow_dst_packets_processed":98,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885354333244,"flow_dst_last_pkt_time":1667885354338234,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":980,"flow_dst_tot_l4_payload_len":637,"midstream":0,"thread_ts_usec":1667885354338234,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":101,"global_ts_usec":1667885954340552} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":101,"global_ts_usec":1667885954340552} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885954345790,"flow_dst_last_pkt_time":1667885954350789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":650,"midstream":0,"thread_ts_usec":1667885954350789,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":214,"packets-processed":213,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":103,"global_ts_usec":1667886554547380} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":214,"packets-processed":213,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":103,"global_ts_usec":1667886554547380} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":102,"flow_dst_packets_processed":102,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667886554552478,"flow_dst_last_pkt_time":1667886554557490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":663,"midstream":0,"thread_ts_usec":1667886554557490,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":104,"flow_dst_packets_processed":104,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887154419061,"flow_dst_last_pkt_time":1667887154424032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1667887154424032,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":222,"packets-processed":221,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":106,"global_ts_usec":1667887754581847} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":222,"packets-processed":221,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":106,"global_ts_usec":1667887754581847} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":106,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887754587099,"flow_dst_last_pkt_time":1667887754592084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":689,"midstream":0,"thread_ts_usec":1667887754592084,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":108,"flow_dst_packets_processed":108,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888354542054,"flow_dst_last_pkt_time":1667888354546973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":702,"midstream":0,"thread_ts_usec":1667888354546973,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":230,"packets-processed":229,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":109,"global_ts_usec":1667888954680644} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":230,"packets-processed":229,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":109,"global_ts_usec":1667888954680644} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":110,"flow_dst_packets_processed":110,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888954685885,"flow_dst_last_pkt_time":1667888954690939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":715,"midstream":0,"thread_ts_usec":1667888954690939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":234,"packets-processed":233,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1667889554755560} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":234,"packets-processed":233,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1667889554755560} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":112,"flow_dst_packets_processed":112,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667889554760836,"flow_dst_last_pkt_time":1667889554765828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1120,"flow_dst_tot_l4_payload_len":728,"midstream":0,"thread_ts_usec":1667889554765828,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":238,"packets-processed":237,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":113,"global_ts_usec":1667890154914103} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":238,"packets-processed":237,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":113,"global_ts_usec":1667890154914103} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":114,"flow_dst_packets_processed":114,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890154919389,"flow_dst_last_pkt_time":1667890154924380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1140,"flow_dst_tot_l4_payload_len":741,"midstream":0,"thread_ts_usec":1667890154924380,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":116,"flow_dst_packets_processed":116,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890754878493,"flow_dst_last_pkt_time":1667890754883473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1160,"flow_dst_tot_l4_payload_len":754,"midstream":0,"thread_ts_usec":1667890754883473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1667891355001091} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1667891355001091} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":118,"flow_dst_packets_processed":118,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891355006788,"flow_dst_last_pkt_time":1667891355011838,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":767,"midstream":0,"thread_ts_usec":1667891355011838,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":120,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891954956914,"flow_dst_last_pkt_time":1667891954961842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":780,"midstream":0,"thread_ts_usec":1667891954961842,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":254,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":119,"global_ts_usec":1667892555167346} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":254,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":119,"global_ts_usec":1667892555167346} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":122,"flow_dst_packets_processed":122,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667892555172533,"flow_dst_last_pkt_time":1667892555177496,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1220,"flow_dst_tot_l4_payload_len":793,"midstream":0,"thread_ts_usec":1667892555177496,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":124,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893155127871,"flow_dst_last_pkt_time":1667893155132919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":1667893155132919,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":262,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":122,"global_ts_usec":1667893755260179} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":262,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":122,"global_ts_usec":1667893755260179} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":126,"flow_dst_packets_processed":126,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893755265342,"flow_dst_last_pkt_time":1667893755270276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":819,"midstream":0,"thread_ts_usec":1667893755270276,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":124,"global_ts_usec":1667894355302105} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":124,"global_ts_usec":1667894355302105} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":128,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894355307414,"flow_dst_last_pkt_time":1667894355312359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":832,"midstream":0,"thread_ts_usec":1667894355312359,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":270,"packets-processed":269,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1667894955409230} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":270,"packets-processed":269,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1667894955409230} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":130,"flow_dst_packets_processed":130,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894955414396,"flow_dst_last_pkt_time":1667894955419371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1667894955419371,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":132,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667895555356769,"flow_dst_last_pkt_time":1667895555361872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":858,"midstream":0,"thread_ts_usec":1667895555361872,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":278,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1667896155512008} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":278,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1667896155512008} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":134,"flow_dst_packets_processed":134,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896155517256,"flow_dst_last_pkt_time":1667896155522215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1340,"flow_dst_tot_l4_payload_len":871,"midstream":0,"thread_ts_usec":1667896155522215,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":136,"flow_dst_packets_processed":136,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896755496441,"flow_dst_last_pkt_time":1667896755501407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":884,"midstream":0,"thread_ts_usec":1667896755501407,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1667897355721055} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1667897355721055} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":138,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897355726163,"flow_dst_last_pkt_time":1667897355731141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1380,"flow_dst_tot_l4_payload_len":897,"midstream":0,"thread_ts_usec":1667897355731141,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":140,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897955693161,"flow_dst_last_pkt_time":1667897955698197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":910,"midstream":0,"thread_ts_usec":1667897955698197,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":294,"packets-processed":293,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1667898555812144} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":294,"packets-processed":293,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1667898555812144} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":142,"flow_dst_packets_processed":142,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667898555817351,"flow_dst_last_pkt_time":1667898555822315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":923,"midstream":0,"thread_ts_usec":1667898555822315,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":144,"flow_dst_packets_processed":144,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899155761861,"flow_dst_last_pkt_time":1667899155766839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":936,"midstream":0,"thread_ts_usec":1667899155766839,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":302,"packets-processed":301,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1667899755907084} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":302,"packets-processed":301,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1667899755907084} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":146,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899755912613,"flow_dst_last_pkt_time":1667899755917554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":949,"midstream":0,"thread_ts_usec":1667899755917554,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":148,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900355876128,"flow_dst_last_pkt_time":1667900355881101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1667900355881101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":310,"packets-processed":309,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":141,"global_ts_usec":1667900956028384} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":310,"packets-processed":309,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":141,"global_ts_usec":1667900956028384} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900956033514,"flow_dst_last_pkt_time":1667900956038487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1500,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1667900956038487,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":152,"flow_dst_packets_processed":152,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667901555988133,"flow_dst_last_pkt_time":1667901555993121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1520,"flow_dst_tot_l4_payload_len":988,"midstream":0,"thread_ts_usec":1667901555993121,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":318,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":144,"global_ts_usec":1667902156041748} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":318,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":144,"global_ts_usec":1667902156041748} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":154,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902156047066,"flow_dst_last_pkt_time":1667902156052018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1540,"flow_dst_tot_l4_payload_len":1001,"midstream":0,"thread_ts_usec":1667902156052018,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":322,"packets-processed":321,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1667902756106952} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":322,"packets-processed":321,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1667902756106952} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":156,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902756112485,"flow_dst_last_pkt_time":1667902756117482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1014,"midstream":0,"thread_ts_usec":1667902756117482,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":326,"packets-processed":325,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":148,"global_ts_usec":1667903356166082} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":326,"packets-processed":325,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":148,"global_ts_usec":1667903356166082} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":158,"flow_dst_packets_processed":158,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903356171219,"flow_dst_last_pkt_time":1667903356176150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1580,"flow_dst_tot_l4_payload_len":1027,"midstream":0,"thread_ts_usec":1667903356176150,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":330,"packets-processed":329,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":150,"global_ts_usec":1667903956205391} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":330,"packets-processed":329,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":150,"global_ts_usec":1667903956205391} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":160,"flow_dst_packets_processed":160,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903956210625,"flow_dst_last_pkt_time":1667903956215536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1667903956215536,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":334,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1667904556255353} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":334,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1667904556255353} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":162,"flow_dst_packets_processed":162,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667904556260623,"flow_dst_last_pkt_time":1667904556265561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1620,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1667904556265561,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":338,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":154,"global_ts_usec":1667905156369162} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":338,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":154,"global_ts_usec":1667905156369162} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":164,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905156374273,"flow_dst_last_pkt_time":1667905156379254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":1066,"midstream":0,"thread_ts_usec":1667905156379254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":166,"flow_dst_packets_processed":166,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905756313488,"flow_dst_last_pkt_time":1667905756318378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1660,"flow_dst_tot_l4_payload_len":1079,"midstream":0,"thread_ts_usec":1667905756318378,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":346,"packets-processed":345,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":157,"global_ts_usec":1667906356457980} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":346,"packets-processed":345,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":157,"global_ts_usec":1667906356457980} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":168,"flow_dst_packets_processed":168,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906356463124,"flow_dst_last_pkt_time":1667906356468031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1680,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1667906356468031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":170,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906956410643,"flow_dst_last_pkt_time":1667906956415568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1700,"flow_dst_tot_l4_payload_len":1105,"midstream":0,"thread_ts_usec":1667906956415568,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":354,"packets-processed":353,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":160,"global_ts_usec":1667907556513484} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":354,"packets-processed":353,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":160,"global_ts_usec":1667907556513484} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":172,"flow_dst_packets_processed":172,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667907556518677,"flow_dst_last_pkt_time":1667907556523620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1720,"flow_dst_tot_l4_payload_len":1118,"midstream":0,"thread_ts_usec":1667907556523620,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":361,"packets-processed":360,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":162,"global_ts_usec":1667908156515424} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":361,"packets-processed":360,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":162,"global_ts_usec":1667908156515424} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":174,"flow_dst_packets_processed":174,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908156510528,"flow_dst_last_pkt_time":1667908156515424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":1131,"midstream":0,"thread_ts_usec":1667908156515424,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":362,"packets-processed":361,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1667908756689314} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":362,"packets-processed":361,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1667908756689314} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":176,"flow_dst_packets_processed":176,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908756694403,"flow_dst_last_pkt_time":1667908756699292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":1144,"midstream":0,"thread_ts_usec":1667908756699292,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":178,"flow_dst_packets_processed":178,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909356671590,"flow_dst_last_pkt_time":1667909356676397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1780,"flow_dst_tot_l4_payload_len":1157,"midstream":0,"thread_ts_usec":1667909356676397,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":370,"packets-processed":369,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":167,"global_ts_usec":1667909956810650} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":370,"packets-processed":369,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":167,"global_ts_usec":1667909956810650} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":180,"flow_dst_packets_processed":180,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909956815838,"flow_dst_last_pkt_time":1667909956820716,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1800,"flow_dst_tot_l4_payload_len":1170,"midstream":0,"thread_ts_usec":1667909956820716,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":182,"flow_dst_packets_processed":182,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667910556765092,"flow_dst_last_pkt_time":1667910556769939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1820,"flow_dst_tot_l4_payload_len":1183,"midstream":0,"thread_ts_usec":1667910556769939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":378,"packets-processed":377,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":170,"global_ts_usec":1667911156952838} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":378,"packets-processed":377,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":170,"global_ts_usec":1667911156952838} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":184,"flow_dst_packets_processed":184,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911156957940,"flow_dst_last_pkt_time":1667911156962766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1840,"flow_dst_tot_l4_payload_len":1196,"midstream":0,"thread_ts_usec":1667911156962766,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":186,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911756928410,"flow_dst_last_pkt_time":1667911756933311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1860,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1667911756933311,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":386,"packets-processed":385,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":173,"global_ts_usec":1667912357066553} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":386,"packets-processed":385,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":173,"global_ts_usec":1667912357066553} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":188,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912357071592,"flow_dst_last_pkt_time":1667912357076394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1880,"flow_dst_tot_l4_payload_len":1222,"midstream":0,"thread_ts_usec":1667912357076394,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":390,"packets-processed":389,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":175,"global_ts_usec":1667912957180917} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":390,"packets-processed":389,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":175,"global_ts_usec":1667912957180917} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":190,"flow_dst_packets_processed":190,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912957187835,"flow_dst_last_pkt_time":1667912957193306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1900,"flow_dst_tot_l4_payload_len":1235,"midstream":0,"thread_ts_usec":1667912957193306,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":192,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667913557149355,"flow_dst_last_pkt_time":1667913557154138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1920,"flow_dst_tot_l4_payload_len":1248,"midstream":0,"thread_ts_usec":1667913557154138,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":398,"packets-processed":397,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":178,"global_ts_usec":1667914157284622} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":398,"packets-processed":397,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":178,"global_ts_usec":1667914157284622} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":194,"flow_dst_packets_processed":194,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914157289594,"flow_dst_last_pkt_time":1667914157294449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":1261,"midstream":0,"thread_ts_usec":1667914157294449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":402,"packets-processed":401,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":180,"global_ts_usec":1667914757354818} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":402,"packets-processed":401,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":180,"global_ts_usec":1667914757354818} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":196,"flow_dst_packets_processed":196,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914757360081,"flow_dst_last_pkt_time":1667914757364918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":1274,"midstream":0,"thread_ts_usec":1667914757364918,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":406,"packets-processed":405,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":182,"global_ts_usec":1667915357412080} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":406,"packets-processed":405,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":182,"global_ts_usec":1667915357412080} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":198,"flow_dst_packets_processed":198,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915357417116,"flow_dst_last_pkt_time":1667915357421996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1287,"midstream":0,"thread_ts_usec":1667915357421996,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":410,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":184,"global_ts_usec":1667915957427289} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":410,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":184,"global_ts_usec":1667915957427289} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":200,"flow_dst_packets_processed":200,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915957432416,"flow_dst_last_pkt_time":1667915957437254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2000,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1667915957437254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":186,"global_ts_usec":1667916557456657} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":186,"global_ts_usec":1667916557456657} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":202,"flow_dst_packets_processed":202,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667916557461709,"flow_dst_last_pkt_time":1667916557466499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":1313,"midstream":0,"thread_ts_usec":1667916557466499,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":204,"flow_dst_packets_processed":204,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917157423210,"flow_dst_last_pkt_time":1667917157428021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2040,"flow_dst_tot_l4_payload_len":1326,"midstream":0,"thread_ts_usec":1667917157428021,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":422,"packets-processed":421,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":189,"global_ts_usec":1667917757547203} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":422,"packets-processed":421,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":189,"global_ts_usec":1667917757547203} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":206,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917757552293,"flow_dst_last_pkt_time":1667917757557136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2060,"flow_dst_tot_l4_payload_len":1339,"midstream":0,"thread_ts_usec":1667917757557136,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":426,"packets-processed":425,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":191,"global_ts_usec":1667918357617085} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":426,"packets-processed":425,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":191,"global_ts_usec":1667918357617085} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":208,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918357622166,"flow_dst_last_pkt_time":1667918357626995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2080,"flow_dst_tot_l4_payload_len":1352,"midstream":0,"thread_ts_usec":1667918357626995,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":430,"packets-processed":429,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":193,"global_ts_usec":1667918957773708} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":430,"packets-processed":429,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":193,"global_ts_usec":1667918957773708} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":210,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918957778810,"flow_dst_last_pkt_time":1667918957783659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":1365,"midstream":0,"thread_ts_usec":1667918957783659,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":212,"flow_dst_packets_processed":212,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667919557747659,"flow_dst_last_pkt_time":1667919557752579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2120,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1667919557752579,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":438,"packets-processed":437,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1667920157885500} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":438,"packets-processed":437,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1667920157885500} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":214,"flow_dst_packets_processed":214,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920157890541,"flow_dst_last_pkt_time":1667920157895403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2140,"flow_dst_tot_l4_payload_len":1391,"midstream":0,"thread_ts_usec":1667920157895403,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":216,"flow_dst_packets_processed":216,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920757821189,"flow_dst_last_pkt_time":1667920757826024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2160,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1667920757826024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":446,"packets-processed":445,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":199,"global_ts_usec":1667921357934789} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":446,"packets-processed":445,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":199,"global_ts_usec":1667921357934789} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":218,"flow_dst_packets_processed":218,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921357939819,"flow_dst_last_pkt_time":1667921357944657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2180,"flow_dst_tot_l4_payload_len":1417,"midstream":0,"thread_ts_usec":1667921357944657,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1667921957936046} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1667921957936046} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":220,"flow_dst_packets_processed":220,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921957941247,"flow_dst_last_pkt_time":1667921957946139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2200,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1667921957946139,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":454,"packets-processed":453,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1667922558027247} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":454,"packets-processed":453,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1667922558027247} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":222,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667922558032278,"flow_dst_last_pkt_time":1667922558037152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2220,"flow_dst_tot_l4_payload_len":1443,"midstream":0,"thread_ts_usec":1667922558037152,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":224,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923157994247,"flow_dst_last_pkt_time":1667923157999099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2240,"flow_dst_tot_l4_payload_len":1456,"midstream":0,"thread_ts_usec":1667923157999099,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":462,"packets-processed":461,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1667923758140912} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":462,"packets-processed":461,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1667923758140912} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":226,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923758145987,"flow_dst_last_pkt_time":1667923758150812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2260,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1667923758150812,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":466,"packets-processed":465,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":208,"global_ts_usec":1667924358195146} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":466,"packets-processed":465,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":208,"global_ts_usec":1667924358195146} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":228,"flow_dst_packets_processed":228,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924358200510,"flow_dst_last_pkt_time":1667924358205436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2280,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1667924358205436,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":470,"packets-processed":469,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":210,"global_ts_usec":1667924958336024} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":470,"packets-processed":469,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":210,"global_ts_usec":1667924958336024} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":230,"flow_dst_packets_processed":230,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924958341359,"flow_dst_last_pkt_time":1667924958346268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2300,"flow_dst_tot_l4_payload_len":1495,"midstream":0,"thread_ts_usec":1667924958346268,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":232,"flow_dst_packets_processed":232,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667925558331107,"flow_dst_last_pkt_time":1667925558336001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2320,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1667925558336001,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":478,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1667926158477541} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":478,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1667926158477541} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":234,"flow_dst_packets_processed":234,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926158482640,"flow_dst_last_pkt_time":1667926158487504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":1521,"midstream":0,"thread_ts_usec":1667926158487504,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":236,"flow_dst_packets_processed":236,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926758424196,"flow_dst_last_pkt_time":1667926758429128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2360,"flow_dst_tot_l4_payload_len":1534,"midstream":0,"thread_ts_usec":1667926758429128,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":486,"packets-processed":485,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1667927358576852} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":486,"packets-processed":485,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1667927358576852} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":238,"flow_dst_packets_processed":238,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927358582077,"flow_dst_last_pkt_time":1667927358587005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2380,"flow_dst_tot_l4_payload_len":1547,"midstream":0,"thread_ts_usec":1667927358587005,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":240,"flow_dst_packets_processed":240,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927958536913,"flow_dst_last_pkt_time":1667927958541805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":1667927958541805,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":494,"packets-processed":493,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1667928558676547} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":494,"packets-processed":493,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1667928558676547} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":242,"flow_dst_packets_processed":242,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667928558681642,"flow_dst_last_pkt_time":1667928558686523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2420,"flow_dst_tot_l4_payload_len":1573,"midstream":0,"thread_ts_usec":1667928558686523,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":244,"flow_dst_packets_processed":244,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929158637190,"flow_dst_last_pkt_time":1667929158642079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2440,"flow_dst_tot_l4_payload_len":1586,"midstream":0,"thread_ts_usec":1667929158642079,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":502,"packets-processed":501,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":222,"global_ts_usec":1667929758769940} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":502,"packets-processed":501,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":222,"global_ts_usec":1667929758769940} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":246,"flow_dst_packets_processed":246,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929758775023,"flow_dst_last_pkt_time":1667929758779865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2460,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1667929758779865,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":248,"flow_dst_packets_processed":248,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930358755038,"flow_dst_last_pkt_time":1667930358759853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":1612,"midstream":0,"thread_ts_usec":1667930358759853,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":510,"packets-processed":509,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":225,"global_ts_usec":1667930958886671} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":510,"packets-processed":509,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":225,"global_ts_usec":1667930958886671} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":250,"flow_dst_packets_processed":250,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930958891808,"flow_dst_last_pkt_time":1667930958896692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1625,"midstream":0,"thread_ts_usec":1667930958896692,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":252,"flow_dst_packets_processed":252,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667931558871110,"flow_dst_last_pkt_time":1667931558875920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2520,"flow_dst_tot_l4_payload_len":1638,"midstream":0,"thread_ts_usec":1667931558875920,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":518,"packets-processed":517,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":228,"global_ts_usec":1667932159023314} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":518,"packets-processed":517,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":228,"global_ts_usec":1667932159023314} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":254,"flow_dst_packets_processed":254,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932159028303,"flow_dst_last_pkt_time":1667932159033132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2540,"flow_dst_tot_l4_payload_len":1651,"midstream":0,"thread_ts_usec":1667932159033132,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":522,"packets-processed":521,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":230,"global_ts_usec":1667932759077722} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":522,"packets-processed":521,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":230,"global_ts_usec":1667932759077722} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":256,"flow_dst_packets_processed":256,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932759082733,"flow_dst_last_pkt_time":1667932759087559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2560,"flow_dst_tot_l4_payload_len":1664,"midstream":0,"thread_ts_usec":1667932759087559,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":258,"flow_dst_packets_processed":258,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933358966393,"flow_dst_last_pkt_time":1667933358971321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2580,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1667933358971321,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":530,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":233,"global_ts_usec":1667933959089706} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":530,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":233,"global_ts_usec":1667933959089706} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":260,"flow_dst_packets_processed":260,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933959094917,"flow_dst_last_pkt_time":1667933959099748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":1690,"midstream":0,"thread_ts_usec":1667933959099748,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":534,"packets-processed":533,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":235,"global_ts_usec":1667934559114048} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":534,"packets-processed":533,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":235,"global_ts_usec":1667934559114048} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":262,"flow_dst_packets_processed":262,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667934559119423,"flow_dst_last_pkt_time":1667934559124245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2620,"flow_dst_tot_l4_payload_len":1703,"midstream":0,"thread_ts_usec":1667934559124245,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":538,"packets-processed":537,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":237,"global_ts_usec":1667935159188577} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":538,"packets-processed":537,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":237,"global_ts_usec":1667935159188577} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":264,"flow_dst_packets_processed":264,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935159193608,"flow_dst_last_pkt_time":1667935159198401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2640,"flow_dst_tot_l4_payload_len":1716,"midstream":0,"thread_ts_usec":1667935159198401,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":266,"flow_dst_packets_processed":266,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935759106386,"flow_dst_last_pkt_time":1667935759111237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2660,"flow_dst_tot_l4_payload_len":1729,"midstream":0,"thread_ts_usec":1667935759111237,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":546,"packets-processed":545,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":240,"global_ts_usec":1667936359250805} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":546,"packets-processed":545,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":240,"global_ts_usec":1667936359250805} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":268,"flow_dst_packets_processed":268,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936359255952,"flow_dst_last_pkt_time":1667936359260802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2680,"flow_dst_tot_l4_payload_len":1742,"midstream":0,"thread_ts_usec":1667936359260802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":550,"packets-processed":549,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":242,"global_ts_usec":1667936959271744} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":550,"packets-processed":549,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":242,"global_ts_usec":1667936959271744} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":270,"flow_dst_packets_processed":270,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936959276903,"flow_dst_last_pkt_time":1667936959281745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":1667936959281745,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":554,"packets-processed":553,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":244,"global_ts_usec":1667937559422166} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":554,"packets-processed":553,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":244,"global_ts_usec":1667937559422166} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":272,"flow_dst_packets_processed":272,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667937559427332,"flow_dst_last_pkt_time":1667937559432171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":1768,"midstream":0,"thread_ts_usec":1667937559432171,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":274,"flow_dst_packets_processed":274,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938159333625,"flow_dst_last_pkt_time":1667938159338503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2740,"flow_dst_tot_l4_payload_len":1781,"midstream":0,"thread_ts_usec":1667938159338503,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":562,"packets-processed":561,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":247,"global_ts_usec":1667938759434538} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":562,"packets-processed":561,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":247,"global_ts_usec":1667938759434538} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":276,"flow_dst_packets_processed":276,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938759439542,"flow_dst_last_pkt_time":1667938759444375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2760,"flow_dst_tot_l4_payload_len":1794,"midstream":0,"thread_ts_usec":1667938759444375,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":278,"flow_dst_packets_processed":278,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939359421713,"flow_dst_last_pkt_time":1667939359426519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2780,"flow_dst_tot_l4_payload_len":1807,"midstream":0,"thread_ts_usec":1667939359426519,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":570,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":250,"global_ts_usec":1667939959475875} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":570,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":250,"global_ts_usec":1667939959475875} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":280,"flow_dst_packets_processed":280,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939959480953,"flow_dst_last_pkt_time":1667939959485802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2800,"flow_dst_tot_l4_payload_len":1820,"midstream":0,"thread_ts_usec":1667939959485802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":574,"packets-processed":573,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1667940559505023} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":574,"packets-processed":573,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1667940559505023} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":282,"flow_dst_packets_processed":282,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667940559510206,"flow_dst_last_pkt_time":1667940559515036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2820,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1667940559515036,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":578,"packets-processed":577,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":254,"global_ts_usec":1667941159559112} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":578,"packets-processed":577,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":254,"global_ts_usec":1667941159559112} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":284,"flow_dst_packets_processed":284,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941159564239,"flow_dst_last_pkt_time":1667941159569033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2840,"flow_dst_tot_l4_payload_len":1846,"midstream":0,"thread_ts_usec":1667941159569033,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":582,"packets-processed":581,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":256,"global_ts_usec":1667941759635973} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":582,"packets-processed":581,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":256,"global_ts_usec":1667941759635973} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":286,"flow_dst_packets_processed":286,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941759641101,"flow_dst_last_pkt_time":1667941759645959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2860,"flow_dst_tot_l4_payload_len":1859,"midstream":0,"thread_ts_usec":1667941759645959,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":586,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1667942359803826} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":586,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1667942359803826} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":288,"flow_dst_packets_processed":288,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667942359808855,"flow_dst_last_pkt_time":1667942359813747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2880,"flow_dst_tot_l4_payload_len":1872,"midstream":0,"thread_ts_usec":1667942359813747,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":589,"packets-processed":589,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":260,"global_ts_usec":1667942359813747} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":589,"packets-processed":589,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":260,"global_ts_usec":1667942359813747} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 589/589 ~~ skipped flows.............: 0 @@ -266,9 +266,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8664331 bytes -~~ total memory freed........: 8664331 bytes -~~ total allocations/frees...: 141132/141132 +~~ total memory allocated....: 9428737 bytes +~~ total memory freed........: 9428737 bytes +~~ total allocations/frees...: 155098/155098 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 524 chars ~~ json message max len.......: 2227 chars diff --git a/test/results/default/teamviewer.pcap.out b/test/results/default/teamviewer.pcap.out index 09fa72f40..4790dfc77 100644 --- a/test/results/default/teamviewer.pcap.out +++ b/test/results/default/teamviewer.pcap.out @@ -1,4 +1,4 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":330297046,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":330297046,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":330297046,"pkt":"UlQAEjUCCAAns+YuCABFAAA8OlxAAEAGTq0KAAIPovoCqouUFzIpaMgpAAAAAKAC+vCAjgAAAgQFtAQCCAosLVpIAAAAAAEDAwc="} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330433319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":330433319,"pkt":"CAAns+YuUlQAEjUCCABFAAAsCdUAAEAGv0Si+gKqCgACDxcyi5QCaioBKWjIKmAS\/\/8lnwAAAgQFtA=="} @@ -16,11 +16,11 @@ 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":520201475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":520201475,"pkt":"CAAns+YuUlQAEjUCCABFAAAwFQEAAEARG41dL+DxCgACD4zFhnEAHDKfAAAAAAAAAABEJgMXJHMEAAAAAAA="} 02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":31,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521274313,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":13050,"midstream":0,"thread_ts_usec":521274313,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":36716.1,"max":442863,"stddev":96766.6,"var":9363771392.0,"ent":2.6,"data": [12327,12251,57,40726,3898,3159,6600,81845,9028,72,7415,9247,442863,41858,345075,64,9,8,11,9,7,2034,57,13,9567,57,8,51028,58831,63,12]},"pktlen": {"min":44,"avg":438.8,"max":1052,"stddev":450.4,"var":202865.5,"ent":4.2,"data": [124,124,492,1052,48,84,76,76,76,177,104,52,52,76,76,1052,1052,1052,1052,1052,1052,1052,1052,1052,1052,168,104,104,44,225,117,71]},"bins": {"c_to_s": [0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [2.665547609,2.681676626,0.777366042,0.400940508,3.903489351,2.792044401,3.098856926,2.998324156,3.315334082,4.078965187,4.029050350,3.961237431,3.922775745,3.062608480,3.152767181,0.385090381,0.379928052,0.378026903,0.379928052,0.378026903,0.379928052,0.379928052,0.379928052,0.378026903,0.390793800,4.132575512,3.859765768,5.537042618,4.036628723,3.928550959,4.210556507,4.727299213]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":579147460,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":152049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":633881700} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":152049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":633881700} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":639022187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":129,"flow_dst_packets_processed":160,"flow_first_seen":330297046,"flow_src_last_pkt_time":729854393,"flow_dst_last_pkt_time":729854070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":60753,"flow_dst_tot_l4_payload_len":64705,"midstream":0,"thread_ts_usec":729854393,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":729854393,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":352,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":154456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":729854393} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":352,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":154456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":729854393} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 352/352 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657493 bytes -~~ total memory freed........: 8657493 bytes -~~ total allocations/frees...: 140897/140897 +~~ total memory allocated....: 9421899 bytes +~~ total memory freed........: 9421899 bytes +~~ total allocations/frees...: 154863/154863 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 513 chars ~~ json message max len.......: 2389 chars diff --git a/test/results/default/telegram.pcap.out b/test/results/default/telegram.pcap.out index add4ca54c..da61b6561 100644 --- a/test/results/default/telegram.pcap.out +++ b/test/results/default/telegram.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1588779596451825} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1588779596451825} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779596451825,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1588779596451825,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779596451825,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -336,7 +336,7 @@ 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1588779637830278,"flow_src_last_pkt_time":1588779640832531,"flow_dst_last_pkt_time":1588779637830278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01137{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1588779617174225,"flow_src_last_pkt_time":1588779618677198,"flow_dst_last_pkt_time":1588779617174225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1588779617174225,"flow_src_last_pkt_time":1588779618677198,"flow_dst_last_pkt_time":1588779617174225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1566,"packets-processed":1566,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":13,"total-updates":10,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":339,"global_ts_usec":1588779655298782} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1566,"packets-processed":1566,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":13,"total-updates":10,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":339,"global_ts_usec":1588779655298782} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1566/1566 ~~ skipped flows.............: 0 @@ -345,9 +345,9 @@ ~~ total active/idle flows...: 48/48 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8804265 bytes -~~ total memory freed........: 8804265 bytes -~~ total allocations/frees...: 142604/142604 +~~ total memory allocated....: 9570077 bytes +~~ total memory freed........: 9570077 bytes +~~ total allocations/frees...: 156568/156568 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 2354 chars diff --git a/test/results/default/telegram_videocall.pcapng.out b/test/results/default/telegram_videocall.pcapng.out index abd8a6488..2b371521c 100644 --- a/test/results/default/telegram_videocall.pcapng.out +++ b/test/results/default/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -215,15 +215,15 @@ 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367885663,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8pokAAEABmXjAqAypW2wRAgMDNxoAAAAARQAAYGk1QAAwEaeYW2wRAsCoDKkFeJJEAEylPgEEADAhEqRCS0hPaXJyRlRDcUV6AA0ABAAAAACAIgAETm9uZQAIABTZOmmRI5FcQW+rAa8g\/fpFll3GzoAoAASHsPRA"} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1648032373241368,"pkt":"mt9Y+uvcCL6sCxduCABFAABT6ldAAOsGItsSw6JdwKgMqQG7mCy7WPtHxPlC24AYAHtr3AAAAQEICnkLeDpCTgbkFQMDABr+u10WYqqjSVLzlRa1hyPjBkG+M0x+dgZKjg=="} -00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032373315177,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tt9AAEAGAXPAqAypEsOiXZgsAbvE+ULbu1j7ZoAQAMhy4gAAAQEICkJO9JB5C3g6"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378245645,"pkt":"mt9Y+uvcCL6sCxduCABFAAA06lhAAOsGIvkSw6JdwKgMqQG7mCy7WPtmxPlC24ARAHtfogAAAQEICnkLi8ZCTvSQ"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378336597,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tuBAAEAGAXLAqAypEsOiXZgsAbvE+ULbu1j7Z4AQAMhLuAAAAQEICkJPCC15C4vG"} -00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367764744,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00958{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032367501855,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032367002740,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -255,7 +255,7 @@ 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 889/887 ~~ skipped flows.............: 0 @@ -264,9 +264,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8769230 bytes -~~ total memory freed........: 8769230 bytes -~~ total allocations/frees...: 141785/141785 +~~ total memory allocated....: 9534627 bytes +~~ total memory freed........: 9534627 bytes +~~ total allocations/frees...: 155750/155750 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2327 chars diff --git a/test/results/default/telegram_videocall_2.pcapng.out b/test/results/default/telegram_videocall_2.pcapng.out index 5c7af1062..a32d78556 100644 --- a/test/results/default/telegram_videocall_2.pcapng.out +++ b/test/results/default/telegram_videocall_2.pcapng.out @@ -1,5 +1,5 @@ -00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731946730424347} +00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731946730424347} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731946730424347,"pkt":"AQBeAAD7dNo47VMyCABFAABJz2FAAP8R\/pzAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} 01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} @@ -60,7 +60,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946742234615,"flow_dst_last_pkt_time":1731946742577561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":118015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1731946743383191} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":118015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1731946743383191} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 315/315 ~~ skipped flows.............: 0 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8670805 bytes -~~ total memory freed........: 8670805 bytes -~~ total allocations/frees...: 140917/140917 +~~ total memory allocated....: 9435403 bytes +~~ total memory freed........: 9435403 bytes +~~ total allocations/frees...: 154883/154883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 567 chars ~~ json message max len.......: 2257 chars diff --git a/test/results/default/telegram_voice.pcapng.out b/test/results/default/telegram_voice.pcapng.out index 9c79cbf62..8e6a2ea8d 100644 --- a/test/results/default/telegram_voice.pcapng.out +++ b/test/results/default/telegram_voice.pcapng.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731945706423652} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731945706423652} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731945706423652,"pkt":"AQBeAAD7dNo47VMyCABFAABJO\/ZAAP8RkgjAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} 01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} @@ -77,7 +77,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945738970403,"flow_dst_last_pkt_time":1731945739117008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":870,"packets-processed":868,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1731945742490274} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":870,"packets-processed":868,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1731945742490274} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 870/868 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8691726 bytes -~~ total memory freed........: 8691726 bytes -~~ total allocations/frees...: 141492/141492 +~~ total memory allocated....: 9456388 bytes +~~ total memory freed........: 9456388 bytes +~~ total allocations/frees...: 155458/155458 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 2249 chars diff --git a/test/results/default/telnet.pcap.out b/test/results/default/telnet.pcap.out index 44a5152f6..99013f2a6 100644 --- a/test/results/default/telnet.pcap.out +++ b/test/results/default/telnet.pcap.out @@ -1,29 +1,58 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":943755158387203} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":943755158387203} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158387203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":943755158387203,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158387203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":943755158387203,"pkt":"AADAn6CXAKDMO7\/6CABFEAA8RjxAAEAGcxzAqAACwKgAAQYOABeZxaDsAAAAAKACfXjgowAAAgQFtAQCCAoAnCckAAAAAAEDAwA="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158389728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":943755158389728,"pkt":"AKDMO7\/6AADAn6CXCABFAAA8UeMAAEAGp4XAqAABwKgAAgAXBg4X8WM9mcWg7aASQ+D7twAAAgQFqAEDAwABAQgKACWmLACcJyQ="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":943755158389775,"flow_dst_last_pkt_time":943755158389728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":943755158389775,"pkt":"AADAn6CXAKDMO7\/6CABFEAA0Rj1AAEAGcyPAqAACwKgAAQYOABeZxaDtF\/FjPoAQfXjt1wAAAQEICgCcJyQAJaYs"} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":943755158391363,"flow_dst_last_pkt_time":943755158389728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":943755158391363,"pkt":"AADAn6CXAKDMO7\/6CABFEABPRj5AAEAGcwfAqAACwKgAAQYOABeZxaDtF\/FjPoAYfXhuZwAAAQEICgCcJyQAJaYs\/\/0D\/\/sY\/\/sf\/\/sg\/\/sh\/\/si\/\/sn\/\/0F\/\/sj"} +01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755158391363,"flow_dst_last_pkt_time":943755158389728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":943755158391363,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":""}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":943755158391363,"flow_dst_last_pkt_time":943755158537538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":943755158537538,"pkt":"AKDMO7\/6AADAn6CXCABFEAA3PY4AAEAGu8\/AqAABwKgAAgAXBg4X8WM+mcWhCIAYQ8UCZwAAAQEICgAlpiwAnCck\/\/0l"} -01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755158537777,"flow_dst_last_pkt_time":943755158537538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":3,"midstream":0,"thread_ts_usec":943755158537777,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":""}}} 01091{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755158616442,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755159705066,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":""}}} 01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755160949196,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755160949196,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"fake","password":""}}} 02271{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755160950568,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755160950568,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":172,"avg":125200.9,"max":1232764,"stddev":336743.6,"var":113396252672.0,"ent":2.2,"data": [2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372]},"pktlen": {"min":52,"avg":63.2,"max":137,"stddev":18.8,"var":354.0,"ent":4.9,"data": [60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52]},"bins": {"c_to_s": [15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0],"entropies": [4.315444469,4.777318954,4.791129112,5.044729233,4.800010681,4.791129112,4.871557236,4.662475586,5.051413059,5.269734383,4.647958755,5.011583805,5.044849873,4.777860641,4.820554256,4.791128635,5.556590080,4.868052006,4.850099087,4.862643719,4.777860641,4.944003105,4.924550533,4.739398956,4.948766708,4.791129112,5.493695259,4.829590797,5.035621166,4.686420441,5.042736053,4.829590321]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} -01083{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":44,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755197957149,"flow_dst_last_pkt_time":943755197958477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":488,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1371,"midstream":0,"thread_ts_usec":943755197958477,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":943755197958477} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":93,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1753563678000332} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1753563678000332,"pkt":"AhrFAgAAAhrFAQAACABFAAA4LA9AACAGtjAKEaeNFAGy4RTrABcirXodAAAAAJACFqBU0QAAAQEICpLINogAAAAAAgQFtA=="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1753563678000332,"pkt":"AhrFAQAAAhrFAgAACABFAAA4efhAACAGaEcUAbLhChGnjQAXFOuGq9AKIq16HpASFqA0WQAAAQEICpLINuiSyDaIAgQFtA=="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1753563678000332,"pkt":"AhrFAgAAAhrFAQAACABFAAA0LA5AACAGtjUKEaeNFAGy4RTrABcirXoehqvQC4AQFqBLSwAAAQEICpLIN1OSyDbo"} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1753563678000332,"pkt":"AhrFAQAAAhrFAgAACABFAABDeftAACAGaDkUAbLhChGnjQAXFOuGq9ALIq16HoAYFqAm4gAAAQEICpLIPCKSyDdT\/\/0B\/\/0f\/\/0h\/\/sB\/\/sD"} +01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":""}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1753563678000332,"pkt":"AhrFAQAAAhrFAgAACABFAAA6efpAACAGaEMUAbLhChGnjQAXFOuGq9AaIq16HoAYFqAksgAAAQEICpLIPD2SyDdTDQ0KDQoN"} +01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":""}}} +01207{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"u"}}} +01208{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"us"}}} +01209{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"use"}}} +01210{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"user"}}} +01211{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usern"}}} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":4,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"userna"}}} +01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernam"}}} +01215{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"username"}}} +01215{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"username"}}} +01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamep"}}} +01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamepa"}}} +01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamepas"}}} +01219{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamepass"}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamepassw"}}} +01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamepasswo"}}} +01222{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamepasswor"}}} +01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000332,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000332,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamepassword"}}} +01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":5,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000333,"flow_dst_last_pkt_time":1753563678000332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1753563678000333,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"","password":"usernamepassword"}}} +02260{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000333,"flow_dst_last_pkt_time":1753563678000333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":1375,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":1415,"midstream":0,"thread_ts_usec":1753563678000333,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":0.1,"max":1,"stddev":0.2,"var":0.1,"ent":1.0,"data": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0]},"pktlen": {"min":52,"avg":97.8,"max":1427,"stddev":238.8,"var":57014.5,"ent":3.7,"data": [56,56,52,67,58,59,73,53,53,53,53,53,53,53,53,53,62,53,53,53,53,53,53,53,53,53,54,53,53,53,1427,52]},"bins": {"c_to_s": [25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0],"entropies": [4.663463593,5.217718124,5.118428230,5.196853638,5.094797611,5.322986603,5.276523590,5.119154930,5.156890869,5.043683052,5.194626331,5.142647266,5.119154930,5.119154453,5.119154453,5.104911327,5.369284153,5.156890869,5.119154453,5.104911327,5.156890869,5.081418991,5.156890869,5.156890869,5.119154930,5.104911327,5.046283245,5.081418991,5.119154930,5.067175865,3.364444971,5.065449238]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} +01201{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":9,"flow_first_seen":1753563678000332,"flow_src_last_pkt_time":1753563678000333,"flow_dst_last_pkt_time":1753563678000333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":1375,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":1415,"midstream":0,"thread_ts_usec":1753563678000333,"l3_proto":"ip4","src_ip":"10.17.167.141","dst_ip":"20.1.178.225","src_port":5355,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} +01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":44,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755197957149,"flow_dst_last_pkt_time":943755197958477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":488,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1371,"midstream":0,"thread_ts_usec":1753563678000333,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":132,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1753563678000333} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 92/92 +~~ packets captured/processed: 132/132 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 1660 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 +~~ total layer4 data length..: 3122 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649554 bytes -~~ total memory freed........: 8649554 bytes -~~ total allocations/frees...: 140626/140626 +~~ total memory allocated....: 9415528 bytes +~~ total memory freed........: 9415528 bytes +~~ total allocations/frees...: 154643/154643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2276 chars -~~ json message avg len.......: 1332 chars +~~ json message avg len.......: 1408 chars diff --git a/test/results/default/tencent_games.pcap.out b/test/results/default/tencent_games.pcap.out index d6c247848..fec9434a8 100644 --- a/test/results/default/tencent_games.pcap.out +++ b/test/results/default/tencent_games.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707238628700988} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707238628700988} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707238628700988,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628700988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707238628700988,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.130.19.227","src_port":43300,"dst_port":65010,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628700988,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707238628700988,"pkt":"RQAAPBTXQABABi6oCtetASuCE+OpJP3ySA0izgAAAACgAv\/\/6UkAAAIEJugEAggKADg0GAAAAAABAwMJ"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707238628897041,"pkt":"RQAAMAAAQABABkOLK4IT4wrXrQH98qkkd+t360gNIs9wEgQAXdMAAAIEJugDAwkA"} @@ -7,7 +7,7 @@ 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":116,"pkt_l4_len":96,"thread_ts_usec":1707238628901586,"pkt":"RQAAdBTZQABABi5uCtetASuCE+OpJP3ySA0iz3frd+xQGACAkWEAADNmAAsACxABAAAAAAEAAABMAAAAAAIDAAAnEAAAAGUAAwMAAAAUOTA4OTQ5OTU2NTE0OTMyMDQzMAAAAAAAAAAAAAAAAwAAAAAAAAA="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1707238628700988,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707238628901586,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.130.19.227","src_port":43300,"dst_port":65010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628901869,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1707238628901869,"pkt":"RQAAKAAAQABABkOTK4IT4wrXrQH98qkkd+t37EgNIxtQEAP\/soAAAA=="} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":390,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1710911174720280} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":390,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1710911174720280} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710911174720280,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174720280,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911174720280,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.97.166","src_port":46658,"dst_port":8085,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174720280,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1710911174720280,"pkt":"RQAAPLrbQABABsQjCtetAaI+Yaa2Qh+VE6JEngAAAACgAv\/\/DDQAAAIEJugEAggKD4MhPgAAAAABAwMJ"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174815632,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1710911174815632,"pkt":"RQAAMAAAQABABn8Loj5hpgrXrQEflbZCd+t36xOiRJ9wEhAAcS4AAAIEJugDAwkA"} @@ -23,7 +23,7 @@ 00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201551469,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":378,"pkt_l4_len":358,"thread_ts_usec":1710911201676284,"pkt":"RQABej1+AABABm0gCtetAaI+dMmncFD7voEv1Xfrd+xQGACAbJAAAAAAAU54ATVRy2rDMBD8lz27Ru9HbjmUnAKl0JvByNY6mNiWK4uUEPLvle0E6aAd7WhnRg9Y8LfuPRxYAe3otyMlhBaQ7jPmcwFdDGPdz3AASsp1UWKggDmGFpdlZxQwhje5gBvGpQ9TZhzPp8+fj+PkY+j9hyxJJjbB3\/PVo4Iw45RJFRwq0FxIa4jWQlKihTGygqICN8\/vDsaN3bDFRXQbxBVlesfmwaVXI30hLqY+ZR0bSPbn2k1zClfcYdk1eSbhbYOcWC+NMygkc7xhhBNKrHK+EW33Zq+pbMTvr1N9CuEy5HKdFsOAr\/lWcmWU5YxZIYUSjFfwzMZ3L9n66iTXE6a\/EK\/1njScQ9MPmPEFJ1+nfsQluXHLXWchlDJClZZrgjHrj\/Vt\/xTFyrwpVWVuWOn9ZY3eIecd61rFrOw011IaL9AylNrYjih4\/gOOuZK9"} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1710911201480980,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201551469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911201676284,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.116.201","src_port":42864,"dst_port":20731,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201676455,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1710911201676455,"pkt":"RQAAKAAAQABABmvwoj50yQrXrQFQ+6dwd+t37L6BMSdQEA\/\/+QgAAA=="} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1710946393543759} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1710946393543759} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710946393543759,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393543759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946393543759,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"129.226.103.74","src_port":47046,"dst_port":31003,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393543759,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1710946393543759,"pkt":"RQAAPEo\/QABABk94CtetAYHiZ0q3xnkblxhB9QAAAACgAv\/\/rcQAAAIEJugEAggKMFSdvAAAAAABAwMJ"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393905382,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1710946393905382,"pkt":"RQAAMAAAQABABpnDgeJnSgrXrQF5G7fGd+t365cYQfZwEgQAvA4AAAIEJugDAwkA"} @@ -34,7 +34,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1710911201480980,"flow_src_last_pkt_time":1710911201708919,"flow_dst_last_pkt_time":1710911201676455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":433,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.116.201","src_port":42864,"dst_port":20731,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1710946393543759,"flow_src_last_pkt_time":1710946394270452,"flow_dst_last_pkt_time":1710946394629878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":2332,"flow_src_tot_l4_payload_len":458,"flow_dst_tot_l4_payload_len":2332,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"129.226.103.74","src_port":47046,"dst_port":31003,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1710911174720280,"flow_src_last_pkt_time":1710911174823773,"flow_dst_last_pkt_time":1710911174895319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":125,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":125,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.97.166","src_port":46658,"dst_port":8085,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4226,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1710946394629878} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4226,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1710946394629878} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661254 bytes -~~ total memory freed........: 8661254 bytes -~~ total allocations/frees...: 140602/140602 +~~ total memory allocated....: 9425724 bytes +~~ total memory freed........: 9425724 bytes +~~ total allocations/frees...: 154568/154568 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 519 chars ~~ json message max len.......: 1143 chars diff --git a/test/results/default/teredo.pcap.out b/test/results/default/teredo.pcap.out index 05f7a53af..976ad7246 100644 --- a/test/results/default/teredo.pcap.out +++ b/test/results/default/teredo.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1438853615305874} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1438853615305874} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853615305874,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853632713044,"flow_src_last_pkt_time":1438853632713044,"flow_dst_last_pkt_time":1438853632766780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853619792073,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619844656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853629357785,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629411015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1438853653403120} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1438853653403120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655282 bytes -~~ total memory freed........: 8655282 bytes -~~ total allocations/frees...: 140601/140601 +~~ total memory allocated....: 9419784 bytes +~~ total memory freed........: 9419784 bytes +~~ total allocations/frees...: 154567/154567 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/teso.pcapng.out b/test/results/default/teso.pcapng.out index f025cfc2b..c3e8c4c40 100644 --- a/test/results/default/teso.pcapng.out +++ b/test/results/default/teso.pcapng.out @@ -1,12 +1,12 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712418301084759} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712418301084759} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712418301084759,"flow_src_last_pkt_time":1712418301084759,"flow_dst_last_pkt_time":1712418301084759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712418301084759,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.124","src_port":56158,"dst_port":24120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712418301084759,"flow_dst_last_pkt_time":1712418301084759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712418301084759,"pkt":"SKmKCiNt8C90rUP1CABFAAA82gtAAEAGvz\/AqFjnn2TofNteXjgasIY1AAAAAKACfXihnwAAAgQFtAQCCAp+hX5eAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712418301084759,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712418301128154,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADAGqUufZOh8wKhY5144215\/Y1ZDGrCGNqASOJCd4wAAAgQFnAQCCAo\/Q+PVfoV+XgEDAwk="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1712418301128165,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712418301128165,"pkt":"SKmKCiNt8C90rUP1CABFAAA02gxAAEAGv0bAqFjnn2TofNteXjgasIY2f2NWRIAQAPuhlwAAAQEICn6Ffok\/Q+PV"} 01705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1712418301129917,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":924,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":924,"pkt_l4_len":890,"thread_ts_usec":1712418301129917,"pkt":"SKmKCiNt8C90rUP1CABFAAOO2g1AAEAGu+vAqFjnn2TofNteXjgasIY2f2NWRIAYAPuk8QAAAQEICn6Ffos\/Q+PVAAADVgABAAEAAANOARAAFGdhY2hpbXVjaGlsZWF0aGVybWFuAAACcnUAC0iEkgAAAIAAAACLeJwBgAB\/\/y4wRUeEdGjc5neH87hiJx9oyD3v96QHA5asa5HfLYmf3nqmKdbNvGzbLm7oNkPUbCFzjQ7j9UiWJUJjExrJfUy4iljWE3\/rc+fZtyTQeEJp+uULKiQqNsgNQ6IIgy2uTypl7qgCEpHqHD7B9UhYOLnRgbRG9Hll9Z8qMFXI7zzA1I0+pwQAAAAABrUK4AAAAIAAAACLeJwBgAB\/\/0mEA2Z9GhR6SYngu9R1xkz7ExgdBhJ8jUIilNUvNEAUV9NsJmaftH1\/5En0PPmrDu5V+hhv0hoEubEP77gCyfidH6XlJ\/sXc3gTiZD\/qmej73EIQSfV34stfr\/7I39Yzhg6VIyzPsiCjewOUL9gxNWvIzJBLkOVkFc5lU9532TYuxU8hwAAAIAAAACLeJwBgAB\/\/3DwUbbo8PDrE5GLBWXapmz9TMd9iV22KZOslNaOi3MSXvk03UvYZeJydbZOWJgkVUpPPj8CNzqDh+Vqj1yriGHviu0D48KBluBY0Qd+1VPLlP7OcVd3Bpx28Qon0pq9Z9Q4hegEQHI4wl6efZDYwAPdFlb298YHrndKgttYwtmEPExD4gAAAIAAAACLeJwBgAB\/\/1rN52\/9s5kHG34xzcF3bSQxOD9IDLs3Kxg2IvKfqcF5Ltzk1NkhJ0bsWo5I8SQggmQa0gzi+430PvGTruw+B4ccuFQmGsPlnpYTBLdAHaJURLWPx+Rk0C59QrMnLwUa66YElpND4UQmpmxe8ZhJ2VyhQr2GoqwimM\/Zpj1SZzNLOJI8nQAAAIAAAACLeJwBgAB\/\/zegm2yCFkJlFXSgwiL1njXdrIlYshdwN8AXA6IBzvAhVoQ3TpCLMzwNk6it7nB\/fPtDNt+yWRD6by5omXmylaLBrcQBEhm7cc33Igm1hTrNCL34XZvS7zMW4BRllLH7qCjBI6s6SiRCywevzEadyC6oARpmgBiXueRbQYg9wnU+ChE8FAscD7YAFmVzby5saXZlLjkuMy42LjI4NDk5MDMAACQ1ZDlmNDhjMS1hMWQxLTQ0ZTAtOWM1ZS0zMWJiZmMwNmQwMGQA"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712418301084759,"flow_src_last_pkt_time":1712418301129917,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":858,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":858,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712418301129917,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.124","src_port":56158,"dst_port":24120,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TES_Online","proto_id":"408","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":858,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1712439835982020} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":858,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1712439835982020} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712439835982020,"flow_src_last_pkt_time":1712439835982020,"flow_dst_last_pkt_time":1712439835982020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712439835982020,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.114","src_port":47860,"dst_port":24504,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1712439835982020,"flow_dst_last_pkt_time":1712439835982020,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712439835982020,"pkt":"SKmKCiNt8C90rUP1CABFAAA8OUlAAEAGYAzAqFjnn2Tocrr0X7h9O8qgAAAAAKACfXihlQAAAgQFtAQCCAqzbEgoAAAAAAEDAwc="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1712439835982020,"flow_dst_last_pkt_time":1712439836021952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712439836021952,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADEGqFWfZOhywKhY51+4uvQkJzqKfTvKoaASOJD4HQAAAgQFnAQCCApAjHiUs2xIKAEDAwk="} @@ -15,7 +15,7 @@ 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712439835982020,"flow_src_last_pkt_time":1712439836023732,"flow_dst_last_pkt_time":1712439836021952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":835,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712439836023732,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.114","src_port":47860,"dst_port":24504,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TES_Online","proto_id":"408","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712439835982020,"flow_src_last_pkt_time":1712439836023732,"flow_dst_last_pkt_time":1712439836021952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":835,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712439836023732,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.114","src_port":47860,"dst_port":24504,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TES_Online","proto_id":"408","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712418301084759,"flow_src_last_pkt_time":1712418301129917,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":858,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":858,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712439836023732,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.124","src_port":56158,"dst_port":24120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TES_Online","proto_id":"408","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1712439836023732} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1712439836023732} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8651598 bytes -~~ total memory freed........: 8651598 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9416004 bytes +~~ total memory freed........: 9416004 bytes +~~ total allocations/frees...: 154520/154520 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 1710 chars diff --git a/test/results/default/tftp.pcap.out b/test/results/default/tftp.pcap.out index 790af1b18..2de312d8f 100644 --- a/test/results/default/tftp.pcap.out +++ b/test/results/default/tftp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946730124846355} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946730124846355} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":946730124846355,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtViAEUAGx52AAEAAAAAAAAAAAAAAG9jdGV0AA=="} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -15,7 +15,7 @@ 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":516,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} 01194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_usec":946730124846355,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkygAAIARI03AqAAKwKgA\/Q11xboCDFT\/AAMAA3Byb3RvY29sIHdhcyBvcmlnaW5hbGx5IGRlc2lnbmVkIGJ5IE5vZWwgQ2hpYXBwYSwgYW5kIHdhcwogICByZWRlc2lnbmVkIGJ5IGhpbSwgQm9iIEJhbGR3aW4gYW5kIERhdmUgQ2xhcmssIHdpdGggY29tbWVudHMgZnJvbQogICBTdGV2ZSBTenltYW5za2kuICBUaGUgY3VycmVudCByZXZpc2lvbiBvZiB0aGUgZG9jdW1lbnQgaW5jbHVkZXMKICAgbW9kaWZpY2F0aW9ucyBzdGVtbWluZyBmcm9tIGRpc2N1c3Npb25zIHdpdGggYW5kIHN1Z2dlc3Rpb25zIGZyb20KICAgTGFycnkgQWxsZW4sIE5vZWwgQ2hpYXBwYSwgRGF2ZSBDbGFyaywgR2VvZmYgQ29vcGVyLCBNaWtlIEdyZWVud2FsZCwKICAgTGl6YSBNYXJ0aW4sIERhdmlkIFJlZWQsIENyYWlnIE1pbG8gUm9nZXJzIChvZiBVU0MtSVNJKSwgS2F0aHkKICAgWWVsbGljaywgYW5kIHRoZSBhdXRob3IuICBUaGUgYWNrbm93bGVkZ2VtZW50IGFuZCByZXRyYW5zbWlzc2lvbgogICBzY2hlbWUgd2FzIGluc3BpcmVkIGJ5IFRDUCwgYW5kIHRoZSBlcnJv"} 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":516,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":8256,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":0.0,"max":0,"stddev":0.0,"var":0.0,"ent":0.0,"data": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"pktlen": {"min":46,"avg":295.0,"max":544,"stddev":249.0,"var":62001.0,"ent":4.4,"data": [544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.265709877,3.000972986,4.623624802,3.000972986,4.859318733,3.000972986,4.935849667,2.941084146,4.381216049,2.957494497,4.600720406,3.000972986,4.634294987,3.000972986,4.567757130,3.000972986,4.459813595,3.000972986,4.388016701,2.941084146,4.358253002,3.000972986,4.537627220,2.941084146,4.658279419,2.941084146,4.567505836,3.000972986,4.506970406,3.000972986,4.253873825,3.000972986]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":102,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946733724846355} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":102,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946733724846355} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":946733724846355,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtVjAEUAGx52AAFzeXNtYW4ubGlzAG9jdGV0AA=="} 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"sysman.lis"}}} @@ -25,7 +25,7 @@ 00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":24795,"flow_dst_tot_l4_payload_len":196,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":946737844630728} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":946737844630728} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844630728,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":946737844630728,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"} 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844630728,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"zz.bin"}}} @@ -36,7 +36,7 @@ 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":946737844632198,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgquAAAEARbK+sHAWqrBwFW\/JqrkoADPvdAAQAAQ=="} 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946737844631726,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1032,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":108,"packets-processed":107,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":7,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1692571562010945} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":108,"packets-processed":107,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":7,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1692571562010945} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562010945,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1692571562010945,"pkt":"gB8CRSVHAADNOBNDCABFAABJmb1AAEARGqHAqAItwKgCyIwAAEUANb2WAAJlbXB0eTEwMEtCAG9jdGV0AGJsa3NpemUAMTQ2OAB0c2l6ZQAxMDAwMDAA"} 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562010945,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"empty100KB"}}} @@ -47,7 +47,7 @@ 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946737844631726,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1032,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":109,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26189,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1692571562013335} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":109,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26189,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1692571562013335} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 109/109 ~~ skipped flows.............: 0 @@ -56,9 +56,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667524 bytes -~~ total memory freed........: 8667524 bytes -~~ total allocations/frees...: 140732/140732 +~~ total memory allocated....: 9432154 bytes +~~ total memory freed........: 9432154 bytes +~~ total allocations/frees...: 154698/154698 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 2179 chars diff --git a/test/results/default/threema.pcap.out b/test/results/default/threema.pcap.out index ed364f5c7..1a662bec5 100644 --- a/test/results/default/threema.pcap.out +++ b/test/results/default/threema.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655301424082000} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655301424082000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655301424082000,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655301424082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424082000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sOJAAD8GIgbAqAJkuVjsbsR6FGaFcI59AAAAAKAC\/\/+zrwAAAgQFtAQCCAoADj6fAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424108000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxHpp4+23hXCOfqAS\/\/9\/CwAAAgQFrAEDAwYEAggK7ZTvbAAOPp8="} @@ -21,7 +21,7 @@ 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301676985000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655301676990000,"pkt":"eJS0JASgYDjgxTWgCABFAABkOh1AAD8GmKPAqAJkuVjsbsVEFGa+1hz2PrdC4oAYAVeW7QAAAQEICgAPJvYNuzbqEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k5Ez5IOu8sHTBCPJKxiuLUM"} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301677017000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655301677017000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxUQ+t0LivtYdJoAYBBT1kQAAAQEICg27NwgADyb2pST6cJDhur1ILq6UIEWtlnuQFkcU2\/xfWadEuFW78qsYg5wMjFnUvaWsfnK6Fp3dpRxs6\/7D1WxjM2X8\/Gu1wMcVtNcAnkhA9GW1gMlDC+8="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301678700000,"flow_dst_last_pkt_time":1655301677048000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655301678700000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1655304039977000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1655304039977000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655304039977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304039977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8D\/ZAAD8GwvLAqAJkuVjsbsW6FGZ91skoAAAAAKAC\/\/\/3HAAAAgQFtAQCCAoAEMbeAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304040001000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304040001000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxbp03BGqfdbJKaAS\/\/+2UQAAAgQFrAEDAwYEAggKO2t+0gAQxt4="} @@ -30,7 +30,7 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655304040005000,"flow_dst_last_pkt_time":1655304040029000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655304040029000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxbp03BGrfdbJWYAYBBS+bwAAAQEICjtrfvAAEMblDwmY0u1\/FJJlG8pGMzR4DHUA2SbDCPgL7VMIbmcQJS5Wyz7JHVONLuWdk575DHG9THznkpqJQgv38Qj\/f\/dhFRs1\/8YAkvYQ2sZA5fjM1T8="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304040312000,"flow_dst_last_pkt_time":1655304040064000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655304040312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301738438000,"flow_dst_last_pkt_time":1655301678762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655304045367000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1655306704436000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1655306704436000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655306704436000,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655306704436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8W4NAAD8Gd2XAqAJkuVjsbsYeFGbGZSToAAAAAKAC\/\/+Z2wAAAgQFtAQCCAoAEn9rAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704460000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxh4tYXzzxmUk6aAS\/\/9+tQAAAgQFrAEDAwYEAggKd2P5ZgASf2s="} @@ -38,7 +38,7 @@ 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655306704464000,"pkt":"eJS0JASgYDjgxTWgCABFAABkW4VAAD8GdzvAqAJkuVjsbsYeFGbGZSTpLWF89IAYAVetkAAAAQEICgASf3J3Y\/lmEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k4sbataBLDe6as2OUn4cnpB"} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704488000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655306704488000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxh4tYXz0xmUlGYAYBBTJUQAAAQEICndj+YQAEn9yeZWV+OdkU0mSnCGppCSAJbL9JS8rd+OXEO3cXQRLF+HwyR8sz+yuANi\/FNlAZNb3PrHf0YF9udqW3VvcrW+\/D2pjQJ1v\/TFBzsLCAdVVzZ8="} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304045367000,"flow_dst_last_pkt_time":1655304045364000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655306704559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1655307958972000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1655307958972000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655307958972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958972000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80XZAAD8GAXLAqAJkuVjsbsasFGYhOI\/mAAAAAKAC\/\/\/0UwAAAgQFtAQCCAoAFl6QAAAAAAEDAwg="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958996000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958996000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxqxr+FC1ITiP56AS\/\/\/D1gAAAgQFrAEDAwYEAggK\/JV3MgAWXpA="} @@ -51,7 +51,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655301591783000,"flow_src_last_pkt_time":1655301621987000,"flow_dst_last_pkt_time":1655301622013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":468,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":83,"packets-processed":83,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1655308018973000} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":83,"packets-processed":83,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1655308018973000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 83/83 ~~ skipped flows.............: 0 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8672107 bytes -~~ total memory freed........: 8672107 bytes -~~ total allocations/frees...: 140689/140689 +~~ total memory allocated....: 9436641 bytes +~~ total memory freed........: 9436641 bytes +~~ total allocations/frees...: 154655/154655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 974 chars diff --git a/test/results/default/thrift.pcap.out b/test/results/default/thrift.pcap.out index 64de87c8f..1af4f723f 100644 --- a/test/results/default/thrift.pcap.out +++ b/test/results/default/thrift.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618939325157360} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618939325157360} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157360,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157360,"pkt":"ZGV2aWNlZHJpdmVyCABFAAA0aulAAIAGAACp\/jv3qf4uBNCLKwLKdsytAAAAAIACIAB\/HQAAAgQFtAEDAwgBAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157427,"pkt":"ZHJpdmVyZGV2aWNlCABFAAA0AABAAD4Gvc2p\/i4Eqf479ysC0Iu7suEFynbMroASchBOjwAAAgQFtAEBBAIBAwMG"} @@ -8,14 +8,14 @@ 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157555,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1618939325157615,"pkt":"ZHJpdmVyZGV2aWNlCABFAAAoqt1AAD4GEvyp\/i4Eqf479ysC0Iu7suEGynbM1lAQAcn\/fwAAAAAAAAAA"} 02111{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325159246,"flow_dst_last_pkt_time":1618939325159187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2920,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3250,"flow_dst_tot_l4_payload_len":7422,"midstream":0,"thread_ts_usec":1618939325159246,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":119.8,"max":188,"stddev":47.3,"var":2241.9,"ent":4.8,"data": [67,135,60,188,60,179,118,60,178,118,59,178,119,60,178,118,59,178,123,123,119,60,187,132,60,183,118,69,188,120,119]},"pktlen": {"min":40,"avg":375.2,"max":2960,"stddev":637.8,"var":406764.6,"ent":3.6,"data": [52,52,40,80,46,88,80,46,80,82,46,106,121,46,311,90,46,104,78,89,79,1500,628,40,1500,628,40,1500,628,40,780,2960]},"bins": {"c_to_s": [5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],"s_to_c": [6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.382568836,4.855899811,4.571928978,4.561148643,4.565871716,5.056412220,4.614388943,4.549460888,4.772574902,4.961133480,4.462504387,4.880326271,3.973908663,4.549460888,5.147182465,4.755144119,4.565872192,4.847397804,4.628648281,4.771815300,4.955598831,6.128622055,6.129070759,4.621928692,6.089191914,6.081182480,4.621928692,6.083991051,6.070480347,4.621928692,6.112934589,6.078311443]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":171,"packets-processed":170,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1622206473205908} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":171,"packets-processed":170,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1622206473205908} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 07056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4936,"pkt_l4_len":4902,"thread_ts_usec":1622206473205908,"pkt":"AAAAAAAAAAAAAAAACABFABM6Zi5AAEARw4J\/AAABfwAAAcAMGq8TJhE6goGygQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBaGuaOvmYTOqQQWABbMtcCLqNbW4eoBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFprMtIHs2OEFFrAHGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3NzUxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWnNG0gezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWxJryxpeBoekEFgAWyPDeuea8r6YuFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFval54Hs2OEFFqwJGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3ODMxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW\/qvngezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAW8uWpt+qqgKsEFgAWqYLBtf270evxARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbonO2B7NjhBRbeBxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzgzOAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFoSh7YHs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFvqGnZy9+dfwAhYAFtO46sffyaa7GhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaOjdaC7NjhBRaqBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzk4NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtaQ1oLs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuzjrKCg6bX5ARYAFpqsg8CNmf7v3wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWxozeguzY4QUW1AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjc5OTQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBb4kN6C7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbgo7HM4sDc9gIWABat27nxrfeN4TsWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW5q\/Cg+zY4QUW+AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjgxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBawtMKD7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbcivTis8qLvAEWABbczvODu7Ks5pEBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrrbloTs2OEFFrQFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjQxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFuaWr8eDzPlFFgAW2IOOiNmRvvVRFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFqjTnoTs2OEFFsIFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjUyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWrtaehOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWqOOBz+7B0NMCFgAW5qywk4TRx6YBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs6wo4Ts2OEFFsoDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjU2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFozT1u+3sNX5AxYAFruLnr+svsXNXBYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhas7ryE7NjhBRbKCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODI5MwAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFqD2vITs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuTvlKK6tbniBBYAFt7TxoLztJ7ExgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqrLkhezY4QUW3g0ZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1NzMAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbMu+SF7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABaAqfv135ayxQEWABbxqpG05PnOr20WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW3PrvhezY4QUWgAIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1ODUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW7v+RypLGwoIFFgAWpa2JyqmV2qBHFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs7htobs2OEFFvoKGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4NzA2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW2Oi2huzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWvrSo25Lk6ZEBFgAW\/Mu25N3Uuy8WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWnKqph+zY4QUWygQZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg4MjcAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWqqCtwe+ZmegCFgAWrqHm7O\/56JRtFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrT9rYfs2OEFFrgMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4ODM3ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW6oSuh+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAWtIi99PnliOMDFgAWr4D1oIH+tqbMARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbIi9iH7NjhBRa4Cxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODg4NgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvyS2Ifs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpiG28yl9YTqAxYAFp6Khpqln4D\/vAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtIWniOzY4QUWwgcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkwMDUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa6iqeI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbU4KrL85XASBYAFtnRoOjBlpPt8wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW9tnkiOzY4QUW4AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBaI3uSI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABbyn72E39iHyQIWABb8lfCbktCR8\/QBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFo7D84js2OEFFtYGGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MTMyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWtMfziOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW1r+jys2k3sEBFgAWqbSn9uzasMAgFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFpDVs4ns2OEFFsYIGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MjM4ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWutqziezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAAAA=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":104,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325167655,"flow_dst_last_pkt_time":1618939325167596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6875,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":14450,"flow_dst_tot_l4_payload_len":71295,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 06247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4322,"pkt_l4_len":4288,"thread_ts_usec":1622206484939295,"pkt":"AAAAAAAAAAAAAAAACABFABDUa\/ZAAEARwCB\/AAABfwAAAcAMGq8QwA7UgoG0gQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBa0g7LzyrnngQEWABblrKGoxcOvpxwWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWhLSTiuzY4QUW8AIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjk0MDQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWtv6FuMfW8JgCFgAW3qHqkaHita3BARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbAwKqK7NjhBRbKAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTQ0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABbstN+sgbOr9wMWABbIn4yOmKP384MBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuSY7ovs2OEFFp4JGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5NjcxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWlp\/ui+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW0tWM2OiK4r0BFgAWo+eQwO2qkOjeARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAha414eM7NjhBRbmBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTcwNAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsDbh4zs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAFpryttmhxKdTFgAWseWtqrqlgq9cFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFtqLpI3s2OEFFtYFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5OTMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFtrmpq3dmcfxARYAFtjY6ratrM+VrgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqsnLjezY4QUWpAgZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAwMTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW3sK6\/MSryJHTARYAFqLGvoqEgZqcLBYAGAZ4eHgxMjMlBhaUjfCM7NjhBRbc+Z4BGRwYEXNhbXBsaW5nLnByaW9yaXR5FQZGAgAZDAAWyKqwjd6emYcEFgAW4qH\/nbeXkeoCFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuyjkY7s2OEFFtAMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMTM1ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW8KuRjuzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWpLug4Pyk6vkCFgAW3OjsypaSgdgeFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFryryo7s2OEFFsIDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMjMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFvzArf3L35zQBBYAFq2f5a3mhJWg9QEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW\/P7pjuzY4QUW+AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAyODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWkvOmk8WC2swCFgAWtI7dwaDc4Z2\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbqnOWP7NjhBRaWCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDQ3MAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvSj5Y\/s2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpTB1qCT2cqkBBYAFvSMwrWC39zRxQEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtOPrj+zY4QUWigYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA0ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbi5uuP7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABb+mOqot9nKqQQWABa2lJymztvVvjYWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWgpOxkOzY4QUWwgEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA1ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWjv\/Q15zA+P8DFgAW+\/2iuY3E3+P9ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaepeOQ7NjhBRaWBBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDY1OAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsyn45Ds2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFujnhs\/6qqS7AxYAFub224W23ojIPhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaGgYeS7NjhBRamAhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDk2NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABakkI\/xl8iqzQMWABaIpcHvzq\/79SoWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWzNuwkuzY4QUWwAoZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwMzQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa04rCS7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABa8+tv72OzRmAIWABbH5c6EkKG4hCIWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWloTAkuzY4QUW4gEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwNTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW\/N+I9eTZqIwDFgAWg7v+\/4PfgvG7ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbQ+fuS7NjhBRbcAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTE0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtz7+5Ls2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFsSeqPfrlcbzAhYAFqXK8qPO186QwAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWlNCJk+zY4QUW9AMZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzExNjgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWxPPB2pP1wZMBFgAW+KuAr+XO8fi\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaO\/8uU7NjhBRa6BBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTQzNgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFuyBzJTs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAAAA="} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206484939295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":172,"packets-processed":172,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1622206484939295} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":172,"packets-processed":172,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1622206484939295} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 172/172 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654310 bytes -~~ total memory freed........: 8654310 bytes -~~ total allocations/frees...: 140717/140717 +~~ total memory allocated....: 9418716 bytes +~~ total memory freed........: 9418716 bytes +~~ total allocations/frees...: 154683/154683 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 7061 chars diff --git a/test/results/default/tinc.pcap.out b/test/results/default/tinc.pcap.out index 9004451ab..e99a17403 100644 --- a/test/results/default/tinc.pcap.out +++ b/test/results/default/tinc.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495983427717971} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495983427717971} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427717971,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427717971,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427744301,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983475109122,"flow_dst_last_pkt_time":1495983475109062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":3036,"flow_dst_tot_l4_payload_len":2354,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":101,"flow_dst_packets_processed":29,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983470930418,"flow_dst_last_pkt_time":1495983470973187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1468,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":132724,"flow_dst_tot_l4_payload_len":31332,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":105,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983463866065,"flow_dst_last_pkt_time":1495983463817214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1468,"flow_src_tot_l4_payload_len":28820,"flow_dst_tot_l4_payload_len":135316,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":317,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1495983475109122} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":317,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1495983475109122} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 317/317 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8665743 bytes -~~ total memory freed........: 8665743 bytes -~~ total allocations/frees...: 140897/140897 +~~ total memory allocated....: 9430213 bytes +~~ total memory freed........: 9430213 bytes +~~ total allocations/frees...: 154863/154863 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2481 chars diff --git a/test/results/default/tk.pcap.out b/test/results/default/tk.pcap.out index 9f44a3621..33235ca2b 100644 --- a/test/results/default/tk.pcap.out +++ b/test/results/default/tk.pcap.out @@ -1,5 +1,5 @@ -00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00800{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613939315029133} +00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00800{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613939315029133} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613939315029133,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1613939315029133,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613939315029133,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk","domainame":"whois.dot.tk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -18,7 +18,7 @@ 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315127338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315184123,"flow_src_last_pkt_time":1613939315184123,"flow_dst_last_pkt_time":1613939315239614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315127815,"flow_src_last_pkt_time":1613939315127815,"flow_dst_last_pkt_time":1613939315183610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk"}} -00805{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1613939315239614} +00805{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1613939315239614} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649804 bytes -~~ total memory freed........: 8649804 bytes -~~ total allocations/frees...: 140558/140558 +~~ total memory allocated....: 9414242 bytes +~~ total memory freed........: 9414242 bytes +~~ total allocations/frees...: 154524/154524 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 1106 chars diff --git a/test/results/default/tls-appdata.pcap.out b/test/results/default/tls-appdata.pcap.out index d6e9f36a0..b71830179 100644 --- a/test/results/default/tls-appdata.pcap.out +++ b/test/results/default/tls-appdata.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642636825083000} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642636825083000} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825083000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1642636825083000,"pkt":"YDjgxTWgeJS0JASgCABFAADTdsZAAFQGdWizPMOtwKgCZAG77NyYT4Q6bz7CkoAYARcapAAAAQEICuA9efAA6xLnFwMDAJq6kl+L8CkANElxlxEecHMQmMQNkeaHxIp41zgnfTmHWl1kbYylGWBjaZG2NzJzlVXZWLztslEjbtyBdUs5oPdXaxkx+\/Qqz25LpRnvI2Oa6mejiJQ6cva3m1sq7WKg7Tr1kRyTeD3F3LCkV1iqkLWh7Tv+UIHyUeGMLTuUM2Ln4Jd+SMy0A0nofS3noQlT0jEHIJotqStJgnoJ"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825083000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -7,7 +7,7 @@ 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1642636825195000,"pkt":"YDjgxTWgeJS0JASgCABFAAC7dshAAFQGdX6zPMOtwKgCZAG77NyYT4TZbz7CkoAYARcjuQAAAQEICuA9el8A6xLnFwMDAIJ8qPBKps43VjN1CWNCU\/WQelHzsIBMbYPAQ\/uBSeCttdwQAVQSVQY\/KbbED1BcMIjBMrVVvujIJVS8087\/CMQGAwaAK+HgSw64pU81VCnjfYTfRMnDYpHQuxsdF63QBFPXffdndgc5510Oi0rcddoDPyb3I5kt\/aPyPwwpROArhlOP"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825302000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1642636825302000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoAABAAD8GAdrAqAJkszzDrezcAbtvPsKSAAAAAFAEAABVgQAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825303000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1642636825303000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoAABAAD8GAdrAqAJkszzDrezcAbtvPsKSAAAAAFAEAABVgQAA"} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643610288722000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643610288722000} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610288722000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643610288722000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643610288722000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1643610288722000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUr1ZAAG4GmdrAqAJkNN\/GB+ZgAbs5J4UhnRUwIFAQJz3DuQAAFwMDBbsPVRnTUZmGPBlnKdgK94iLfa1WzOumranE61s0xvAtVjrmnivoUriXENTZHZ6xJ+jtI02SpI1pRFy9oatnRAti+z3dflh9zDeImNOzWaaReV7pRcOrrq7tetZhYkU+J8nisBJ42M5+CPOJz2x9RWtShEja6uVC5aX31AdfQo20rLfO\/h359IB7fzanuauTs\/HdR9kryxM8fpmunMnX8WXp67VFyeXC9tn4sMVL2L1iFuAZ2WReqtOFPjc27OdH3FdONsJrS3rdK2QVlml0LGbtHI9L05So1IHq5iGWqnYrZQ589c78wmLTg0z6Ka0yN+W3FGjoIGV3+LcQLvz6QRgjR\/kIHAJohOAQCxTc9V8F6Gv4p79TOjrL8QYreKxwrcyV7t0\/ffxHqa6wsgnwahqHz5mGSmBc+NEk20kRh8LU5Ux04uV1MrApZkpFkwVelAuPdI3nbz4UYiSP08RLjt7FwNdonwA2wk0UsATBQ2iYBLpKcWy8MNYJXPH2+OoHv7AYz4ifKDgWz1xsViG63GdMyM6QWXC1knvXeFbsFV0zb686r04l1qD5DGVWted1hpWErKnl1mFLjhp7NBh19Fu92aw6Pp1LmbPygTeDVvX2BkgA980SLqucCK1QQ\/87Y2y1rEMBDJI337XRO9fLLom3N1GZGcfdjcOmFx23h3Xsl+JOKuIRqUHcNjsuWmsI93vxv7AiXhfl3ON6PBpCzXsWfQd5CnOow3DrBISIOf0QBKNxmFchEodhvvam7eYuYBOrQVQbZqwqAEmXVvmKkPfxg11O7945k9bJbHrHGnTHIJFPF8Wi5iInrrMIczLCm1Ty3X1uvh+KSzqOKu23gp0oy8tw8FSTiaFy88XbiN7NdhsKDDqcgzhRWXEyoPsqv8ZLHWmNQtFHEc1otdBhKSXxBo4sSfSRCFeFjnRiWuoJkIwrZr\/BJCPDk0kJntgUkKLVBB9u32VxY3auwEwW8zwog0Kk3+GGDIkvqFTJNbiOxAZx3Bh00tLdNxMKdSO2fUGW4NL+WwwvLg+eGNlmxqkHecoyIHU6SnMN0ibGz7t0FimXl9FSI77SBAp8XGca7+fLewD9OHIgZzvqQJhSicTTl9ZflYmqdns0hrrJmkNCykZ4VHxI+domV7DRJABw2KvQ0HwDx5SMRpKeA2sueP598Raa+9F37mFZha6n1dhCKRSIkHPBCXwqEfhybcdOppz7dducg\/rDRmksOfTm7RdRFeBiYRjuqqdrpfrvqj4+n50RtPuOEamaACLRJe6TZ7AW60wNgZ4dbP5mBUOsUL+tGIvS3nrV+yuTsPHrJLA6h95nQQJJp1gPln6Nqwtu9dkRRA6KEKJsdtHc3JqWZjaSLJzaseg\/8y7N52Wwn6qAh47XHIlR\/ujrZyknuYN7irKa4apesgI2eDCnzFOHgd17m7AHq7vKvKmnQgplT+sFJcUwVu3nfqOhQjoDv02P5GlZXrAskO+6m+j9jtZMWk5ljB89fKaXNeLo2zjdBvluIThOvbDD4qSD+Jyi+\/ACr297jxF4hgS34EXR2bPMBCWBQ7weITTmdrwxEGtvfRK6RrUaKt0mA7Mmh2K3xkeJIyTQWAWBfCDfp+4+jtl\/HFNZ3X72EWk2uH6pI3SkOAUM71ZFkDV0zGFae0Xl1Uvj44SLDq0NxVlzOiFLtUYYjE6EZp45LPVhL8l6xcclI4RpJZwSBG5E9xwp658S+bV\/0zFdLWUxoCdi1hOVc+KmQMRQFDNgNxnLdxBG\/I6e1KPzAP3ozk4qy5VXGqPMtnuKoWBMuYqKTJjEAlG62upJHVz1g7aZjkN7ewqhTZXT4U3\/nLD+KKBpRA+6aGJQ3Wk\/Yc7YyxkVi+HCxxNdytkZcR22mmETB+o4WMzW60Iu0eFVoPREMdUcI4HUkA0F\/UGykYOAX3kyJbTw"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643610288724000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643610288724000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8r1dAAG4Gn3HAqAJkNN\/GB+ZgAbs5J4rNnRUwIFAYJz2+IQAAaUBxB\/Gc\/nglm3L+T6FaB1y1dAs="} @@ -17,11 +17,11 @@ 04463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643610288724000,"flow_dst_last_pkt_time":1643610288740000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":1643610288740000,"pkt":"YDjgxTWgeJS0JASgCABFAAuAJktAADkGUjo038YHwKgCZAG75mCdFTXMOSeK4VAQCRbJZQAAojBMnRDZFuM5IayC7DxZg14hGjptzpz7JyYn\/VlCW5HvsHG0Mf4\/S4so+0jRr7AUxe\/99FVXASYAy6+CnvN+L3wtaase6XcKwXPlMdIoSbRjhWoksZG1BLBjH5CzFnJVtvvwB4EQoSLCePdVBagaQtfWaLJfD9KQjJfE3+tjeuNO1zSZMQ3b3SV\/CSdUT8nZm6O5PfBzi9sFGCnyTeNgfHUexbr2KlFVjtjvSJtGOZY9oQaXPXGon+WPWFia+cJl+PLMl30C6oEUkTrH1lnP6uYZAtt02PaZK3cUjSU38gWQl0mmp1p4JVBUFUunkphM0+4YGawKHKXk+vQiFjN3ioqCBpN2z5nUccWMpzdzKOH6igknO7RExCKwvouXPpQ1blUE60W7wlRxBK7a0fhB\/hEFnGm0piRzqfUyfkXfj8Aof2hNjFMEOEym2LmXZpn326GR6rL8krrzqq3jihuk9\/AJbQW14B0xtzidDDna0EDhooCbiph5alqpOttnFPxdRRlN4M3rm\/reacV6TXT7cW1KkHfh4S8amolRozdjsBvB+KXa1i0gO\/5vi2yk8+fmbTfysVYk0Mvot7TD7\/Q1OwHq8ukhZ98JRoSBH0A8ZugikuD+4fy8dDXQgmV9\/YjKxYS6suqEHKksJ6+eZnU0mOC1DFDZX8lJCGWr8U4GyEY2CucVAkVGOktZvjRxG+3KNum5rBmsjeKJKSXGphUlupzVu0f4VVY7wiV4ctynrgVcw6ux9CX0IeEQl5wqxPMtwt7BaO89NjsCNj6gBqvFnAiEPTlZMERaymXlqNjw6veeiP13MVewTF0Rlrxjs8XDcqVMweVVmiCGwNbAjrc9sbh5GiU+faYg0AZTYafaQ36A7UsGPL3XlJxu951A5GXa6I2hlFIfAm7t0yxrQzKkAFb92IMk0IgoUmNFBTaMIniGjbcg\/z72wygn0RTxN8KnivzxYQacLE1FbOM0XK4dmV2rWgp+Woc+M1naNVKjCed5+RuQ+PBJD2sGM593KdXRlSF0I\/SAHo+T0+jf2U3PXlt2QrPuQpndaIkizrlweYwaGhzlzfAThT79ndRbdgGdHcTIIJL+MXNsCiks6XeMcyRuHaOEvM1XIHYKmvKFAJZlleY\/Md9YkNu8Lc1FVg28\/P\/YP9PE+FE0wUPrHKDT90ahjqHx43fmVvDRFl0eyLX3VrDZHsVxgJz2NN\/6cFvSemOcMT6B5\/SaiFcsESeYNjEqMLLc\/tV3eHld9iBH+VKKSpOWuT31emkQm6WixpHzFLID7PdiPOPeJv\/Z++fRf7ZLiyjHCozFlx4mqF7XfW9kA9UjpiMSECP+TidaPkx1HpdntfbzbR7fbmt6D993D4P6R0yffuLWnvUMv4qc+9exQOApudzlzhy8NkoTfBeulTXY5\/ULZFEW04bMOmxUV5Ne4bJTPM85nWvxLwxrGbnCTGn1gZMhUBctWzKdsQtAZQBwJqg\/qxXYLpiyHVwsiuv7ogoiDRR6QB6CsGgfBJOngbM\/aB5tsN1FXLYI2gLNzpo+xIqeYAtt1NTdzgJBvWrxj6Duk0z6E4qZpjDk\/svivOFJiM8KoSRX02zLN5x++UZ25zaMeFAwNEEL35xQQ4+Romt98\/A8tPyC4dL3gsmm7tYWUXOSd8QR\/+NkCUj\/dcif73fs+3ibQHbzNwa6kSb32Hx6C5Y+4xJeMGX92ODFuVRrt83\/1jnoAmrYSyiFAHhIOa1xKvUU8AH\/LXNtfqCN74U9hr+Wn8eg8quEgaeugyd7xLnbDYEQqYYnIcDbxSZ6XYYn9DMkM0ySze2bJmgpY9ix3kvkhVIIHhheuMqAS9jeqpodL+prASW5286G5rJV1w6ZaHEbL9tyhpXhdjHxkKivgLhvlkGYbWuGY2gK4BqKCsUf0afYcwpk59fZcpXaa\/X1cUuThVmEFyCzCKV90qwcQbbh3NV94v59hKYCqRRVRhczTJbB3O24laSakXKqPpoCepQA4PYv0unbtAjaTLi7fnhCTbkJUeBKwZDldC5PTtweRlnf8strRAZKsIR8IQXhz+ZULlotXXCRgmVXaJT6ntsyREGK4i2UG6IiNPExNFOuYp7ngey+fOEo37VnteRim5SBGHCmpjlaIEO6il7e14KczR2ul0BjjZg1LVP4XtQzVGx50jB2l8EZPGZrIiDab6th1u3sffiYMboSZlVYcGeeeQAQYcxYkSJ5ikCOo2r71WNGtMobC1nRrpkIkH60qawk3IFODuL3ip6EVMR0gUK4uJLQ451UAiCycCyM3CKstjMDA3+H2kNBwIk3K3ualeSa0ojhqP9TMdZ2Upmf7xvtPxNOj3h7Vepw41umUU94JF4B56rNQVjbppIuFIvFcX0R4mYCImIYYsreCnItiEnzaz8qLLKy0DfMK0uYjezNlowQAxgmeGeM7rACrWUV8MTm\/FksrPSXAAjmkFYlv0\/ha6Hgb5hC7dwHoszxFNONQhLvB+l1oMZE3OczPqJkj2NcafixDE7zVK+ICgGbXwYGzzVjpgU3jKIBPryo+Mtqmz9ww8OES90G77kCoTiJrGSIbwPF9xf6g56VF9GoPrRNwWpdiu3KuJYw98xjWhVX2xnNbhSb4CONR1K1stR3uCOKxPYE1Y0WCpQ5aDNUSlleK5PTy4H51wRPNViq9PWUz72OoK2qNv7Cm2bFrTIY\/uCDzd4QSh9OHwBLCqlInnnwzjZ3hk9I6v7OyEGeqjryjZ8Xdy8iIoPkYNQJBlq5UbqDVkawPgYeELv3Xp+4mLSAz3VjZsPByIvGEuV5erP1UlRyVhmB+g64ztQZglHJAUxLbmhoCe43waLX218\/mXhae1gmHPSpKzBfGlu32McJYULZY32m+WjPTruIMvwjvc6SKGFSR0vSBsOkqlUtZV3yp9sqkwkU+LeNfQVrRZzzRFN6DGJ24PJfxgvI1RYt8dN2Nri4x7+3pAfT5WWt+O6qbHbvfM8h+hBty\/3VRCemu+NcbzhUmRNuS9yHf0pm5rCKEl5F2kggRV\/GrvmICg3rJCbvLZjITqdjJmYudk5RyaSyiJTaYphXdTPMcl4YG8cyyAH6s\/1wgixKpV3xb\/SfMo4qWJoIVuhR7WvPzNE\/MI0ALUEw63Pc3e8E4+F3F2bjw8BGgwKoQfW2Lyfo24WttMks8v8TOzcFnwSxtAPEjoZ8zUo\/uvMNI917Cfo2O2azHoB26EdQTS73RiPZo1210flS1H9TiWVMOwalb\/LRkw8knpierR0b3sF9t1vudCPcllN\/5soJ1f2xf\/Nh\/YJcFGdtYLxK3I0j9\/V6D6fmziCR08\/WOtbeL4EQKrGverdZekDGA7LmHuyhMOxDNE06L4PcioMQclaxuQyq38gf5nWqDn6RoVu3Z41rAgmRlLOnF18QFLOBDph08txavJqEvdWoTP+qDUKSDfYW+QFthsg+Qo+JgOoHCWonB8FWzYEgWi8\/atdiP5WDsg2rwQrr\/NUT1vgk5ZclxAx1\/e54AU9jBsWrS4sUBQQb3bLz2P7PqgURGuoIecGXEI\/hnw109WGsaESCD9fllzvGhKzmyWbTPb1KCFfmfAQpkuHkBytT5BBiBauRp5IEiTD4bjWwk9lHcRP6F3bisGHc+igeU9j62Qa9LX3HabNwo1841nlNNKWPQ+zsvGMqE3e2viT4h\/3LDoe4E1i1FBbi4OzpDPLSJ\/dxPvQ\/+1eGqycUBPOm4aqeSJh4OgXPDJpRHNr7MWnZ\/WfBGq4GZHKyKD4IcFcLwVibRcMQQ7pkbbzEla\/I4\/EdC1pemyTZynZWPszPz4NWCy22jypV\/MHL0PpLsWrMnnU7TRwpsljMYp00akEln5hv5cNWNhrdre4SI+py"} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825303000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643610288741000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 02139{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610304703000,"flow_dst_last_pkt_time":1643610304703000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":4416,"flow_dst_tot_l4_payload_len":30419,"midstream":1,"thread_ts_usec":1643610304703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1031032.2,"max":15956000,"stddev":3917522.5,"var":15346982453248.0,"ent":1.0,"data": [2000,15000,3000,0,16000,0,0,0,0,1000,1000,0,0,0,0,0,0,0,0,0,0,0,0,15941000,1000,15956000,5000,0,19000,1000,1000]},"pktlen": {"min":40,"avg":1129.2,"max":2944,"stddev":1252.1,"var":1567845.6,"ent":4.0,"data": [1492,60,46,1492,2944,40,2944,40,40,2944,2871,40,40,40,40,1492,60,46,1492,2944,40,2944,40,2944,1492,60,46,1492,2944,40,2944,40]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9]},"directions": [0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0],"entropies": [7.874306679,5.500818253,4.652828693,7.888679028,7.939795017,4.981687069,7.939328194,4.931686878,4.931686878,7.934259415,7.938295841,4.981687069,4.931687355,4.931687355,4.981687069,7.885500431,5.513399124,4.565871716,7.865909100,7.927158833,4.881687164,7.936643124,4.881687164,7.934941769,7.882087708,5.613399506,4.522394180,7.860544682,7.936390877,4.881687641,7.928893089,4.912815094]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Twitch","proto_by_ip_id":195,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1643611942615000} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1643612754900000} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1643614758865000} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1643611942615000} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1643612754900000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1643614758865000} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":49,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643614758886000,"flow_dst_last_pkt_time":1643614758885000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":11776,"flow_dst_tot_l4_payload_len":101176,"midstream":1,"thread_ts_usec":1643614758886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Twitch","proto_by_ip_id":195,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1643614758886000} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1643614758886000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8691663 bytes -~~ total memory freed........: 8691663 bytes -~~ total allocations/frees...: 140670/140670 +~~ total memory allocated....: 9456069 bytes +~~ total memory freed........: 9456069 bytes +~~ total allocations/frees...: 154636/154636 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 4468 chars diff --git a/test/results/default/tls-esni-fuzzed.pcap.out b/test/results/default/tls-esni-fuzzed.pcap.out index 92321383e..ae26732a8 100644 --- a/test/results/default/tls-esni-fuzzed.pcap.out +++ b/test/results/default/tls-esni-fuzzed.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680386576239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} 01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13i1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} @@ -12,7 +12,7 @@ 01300{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01300{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01301{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8656125 bytes -~~ total memory freed........: 8656125 bytes -~~ total allocations/frees...: 140573/140573 +~~ total memory allocated....: 9420563 bytes +~~ total memory freed........: 9420563 bytes +~~ total allocations/frees...: 154539/154539 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 1539 chars diff --git a/test/results/default/tls-rdn-extract.pcap.out b/test/results/default/tls-rdn-extract.pcap.out index dedacf5dd..7d9fe6f00 100644 --- a/test/results/default/tls-rdn-extract.pcap.out +++ b/test/results/default/tls-rdn-extract.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="} 01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","domainame":"ads1.msads.net","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} @@ -10,7 +10,7 @@ 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAAXc5UxAADUGLQDVx5X7CgAAAQG7emnv2MeHZGeGnVAQGJhPMQAAiAWJbWaSMKuviDnX1C0Llpx4JK8Aq88JPhOua8Pg4c9gf4tT3ALQ87CGEd69AgMBAAGjggHaMIIB1jASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBQIQuPbThFm87UIxUDbVXwzRhGDODALBgNVHQ8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwgACDAjBgkrBgEEAYI3FQIEFgQUforCnFoyjMJxotlPdXD3qRv2lAUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwHwYDVR0jBBgwFoAUMyHwy\/6ioESS3vY7M9hfAUuXeF0wgaMGA1UdHwSBmzCBmDCBlaCBkqCBj4Y2aHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3JshjRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3Jshh9odHRwOi8vY29ycHBraS9jcmwvbXN3d3coNSkuY3JsMHkGCCsGAQUFBwEBBG0wazA8BggrBgEFBQcwAoYwaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvbXN3d3coNSkuY3J0MCsGCCsGAQUFBzAChh9odHRwOi8vY29ycHBraS9haWEvbXN3d3coNSkuY3J0MA0GCSqGSIb3DQEBBQUAA4ICAQCPwtFc7xQRdxdjBzxMfGja\/oZK4iDMP7AnPdHirMiLSKbkWfc6Bq19UvH2ZWGWISKuaL4vet6zDPXpxd34ZYJdy2w+DDcRdBUJeFW9JhK71pV007z1dgkqat82xI5W1R8g33+CMNdDq2gii2paxZvQnY0LDFCFfsxagAeLA06\/vV9sVg8FqeJUw6XTUlxfTQvdBfhREgMhb5xsl5gqwcERvL0brvvjV19PHwCe4qRR0\/esCTdYpQkh0XLQssGL203cE9FUWE0rwK36Uxk1sRWoQmS37ccfpXmoDTjUUL\/0Wv8v6b8\/fTjl+yAM1E7gLx1FevsoLzFIb8xuXGhC+urICwEw7BAmQjgjqcMZuNlwGmgsksufc+bM\/zMj7ttetX8FWD9QxRwIGPTrL2KqU\/ehzd7j64IcGmdroUynaHFA0WU7QRicSeNx++tNg5PTR+ZkQsu2NRz7NA6hKPuMoacfAShR5XGUN5zcQVt8fuksI2eUnXPfX0B5o42VMMxTFwi8UIbz\/BAZgfz0Wm7z3KKadXvDrKBR7TK2WN9PjpFTatKqG13mU7iJo56JoeMp4LNs6xrMb1qqwuL2HkUp79bCQ7E7rT4m\/IGXXEj9Ylk0ksn7uaHXQgX7GfZ+MvspNNWHZuUEHcg+EPqmePUefd4aOnh83CpxBqMtbwVVI4uQ7wAFFjCCBRIwggR7oAMCAQICBAcnYgIwDQYJKoZIhvcNAQEFBQAwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw0xMDA0MTQxODEyMjZaFw0xODA0MTQxODEyMTRaMCcxJTAjBgNVBAMTHE1pY3Jvc29mdCBJbnRlcm5ldCBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC99M0npUrYkBnbsgp7YKROjw6Yo5x8UHbrs0qMnxiw55rFK4KGCSisERIyJvUZ6vC4Z2jFBv30Ga7ZE6DQgScIpnmcBPVIMi42H6trJuyhQ7SdgLBJA+qCSV8FE8Wgg1\/hKvQEGUt+yNqIvLVdA7x4VqHpf8Vq77b\/HQFZtx9TWl\/G+JFtxX1Dkxg="} 03643{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Azure","proto_id":"91.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"ads1.msads.net","domainame":"ads1.msads.net","tls": {"version":"TLSv1","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B","blocks":0}}} 01316{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Azure","proto_id":"91.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":946681200000000} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8688789 bytes -~~ total memory freed........: 8688789 bytes -~~ total allocations/frees...: 140591/140591 +~~ total memory allocated....: 9453163 bytes +~~ total memory freed........: 9453163 bytes +~~ total allocations/frees...: 154557/154557 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 3648 chars diff --git a/test/results/default/tls_1.2_unidirectional_client.pcapng.out b/test/results/default/tls_1.2_unidirectional_client.pcapng.out index bbd838c04..db2aa34f6 100644 --- a/test/results/default/tls_1.2_unidirectional_client.pcapng.out +++ b/test/results/default/tls_1.2_unidirectional_client.pcapng.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469263977} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469263977} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949469263977,"flow_src_last_pkt_time":1656949469263977,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469263977,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"216.58.209.42","src_port":43854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949469263977,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949469263977,"pkt":"CL6sCxduJjb1W8R1CABFAAA8kXxAAEAGMpbAqAyc2DrRKqtOAbtVk\/1OAAAAAKAC\/\/87hgAAAgQFtAQCCApl0zAPAAAAAAEDAwk="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949469272227,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469272227,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kX1AAEAGMp3AqAyc2DrRKqtOAbtVk\/1PP1MFxIAQAKxU8AAAAQEICmXTMBhcKnNd"} @@ -8,7 +8,7 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949469307583,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469307583,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kX9AAEAGMpvAqAyc2DrRKqtOAbtVk\/4DP1MLToAQALFOZwAAAQEICmXTMDtcKnOA"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949469307896,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469307896,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kYBAAEAGMprAqAyc2DrRKqtOAbtVk\/4DP1MQ2IAQALdI1wAAAQEICmXTMDtcKnOA"} 01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1656949469263977,"flow_src_last_pkt_time":1656949480565802,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1862,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949480565802,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"216.58.209.42","src_port":43854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1862,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949480565802} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1862,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949480565802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647391 bytes -~~ total memory freed........: 8647391 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9411765 bytes +~~ total memory freed........: 9411765 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 570 chars ~~ json message max len.......: 1244 chars diff --git a/test/results/default/tls_1.2_unidirectional_client_no_cert.pcapng.out b/test/results/default/tls_1.2_unidirectional_client_no_cert.pcapng.out index 7ca153108..39cfc0de9 100644 --- a/test/results/default/tls_1.2_unidirectional_client_no_cert.pcapng.out +++ b/test/results/default/tls_1.2_unidirectional_client_no_cert.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592153034} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592153034} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655389592153034,"flow_src_last_pkt_time":1655389592153034,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592153034,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"172.67.21.133","src_port":39958,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655389592153034,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655389592153034,"pkt":"CL6sCxduJjb1W8R1CABFAAA8LQBAAEAGfq\/AqAycrEMVhZwWAbuIMgssAAAAAKAC\/\/9bCQAAAgQFtAQCCAoQnRwbAAAAAAEDAwk="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655389592207546,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592207546,"pkt":"CL6sCxduJjb1W8R1CABFAAAoLQFAAEAGfsLAqAycrEMVhZwWAbuIMgstwx6+DVAQAKxtvgAA"} @@ -8,7 +8,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655389592250074,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592250074,"pkt":"CL6sCxduJjb1W8R1CABFAAAoLQNAAEAGfsDAqAycrEMVhZwWAbuIMg0ywx6+r1AQAKxrFwAA"} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655389592255139,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1655389592255139,"pkt":"CL6sCxduJjb1W8R1CABFAABbLQRAAEAGfozAqAycrEMVhZwWAbuIMg0ywx6+r1AYAKxWUQAAFAMDAAEBFgMDACgAAAAAAAAAAAHqNiA\/AZp+DK3ZaLmgyUaCAFQqANlaQ7IRek9VkVX6"} 00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655389592153034,"flow_src_last_pkt_time":1655389592454103,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592454103,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"172.67.21.133","src_port":39958,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592454103} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592454103} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647215 bytes -~~ total memory freed........: 8647215 bytes -~~ total allocations/frees...: 140546/140546 +~~ total memory allocated....: 9411589 bytes +~~ total memory freed........: 9411589 bytes +~~ total allocations/frees...: 154512/154512 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 1263 chars diff --git a/test/results/default/tls_1.2_unidirectional_server.pcapng.out b/test/results/default/tls_1.2_unidirectional_server.pcapng.out index d0a789738..92171d9f1 100644 --- a/test/results/default/tls_1.2_unidirectional_server.pcapng.out +++ b/test/results/default/tls_1.2_unidirectional_server.pcapng.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469270147} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469270147} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469270147,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469270147,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949469270147,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949469270147,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8RzAAAHgGhGLYOtEqwKgMnAG7q04\/UwXDVZP9T6AS\/\/8m9gAAAgQFlgQCCApcKnNdZdMwDwEDAwg="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949469289435,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469289435,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0RzYAAHgGhGTYOtEqwKgMnAG7q04\/UwXEVZP+A4AQAQVTxAAAAQEIClwqc3Fl0zAj"} @@ -9,7 +9,7 @@ 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949469305704,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1656949469305704,"pkt":"Jjb1W8R1CL6sCxduCABFgAW+R0AAAHgGftDYOtEqwKgMnAG7q04\/UxDYVZP+A4AYAQVR6AAAAQEIClwqc4Bl0zAjEDu9Ka7ixzpiO2xj2YC\/WXGsYye5TBeg2vZzFb8q3o\/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjOz23HFtz30dZGm6fKa+l3D\/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJGAJ2xDx8hcFH1mt0G\/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz\/OAipmsHMdMqUybDKwjuDEI\/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl1IXNDw9bg1kWRxYtnCQ6yICmJhSFm\/Y3m6xv+cXDBlHz4n\/FsRC6UfTdAAVmMIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ\/E8FjTDTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYxOTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y\/lD63ladAPKH9gvl9MgaCcfb2jH\/76Nu8ai6Xl6OMS\/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs\/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI\/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK\/GP5Afl4\/Xtcd\/p2h\/rs37EOeZVXtL0m79YB0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6TKX\/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy\/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ\/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO\/wiRNxPjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo\/\/z9SzBgBggrBgEFBQcBAQRUMFIwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUHMAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAyMAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIFAwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9NR3t5P+T4Vxfq7s="} 01727{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469305720,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469305720,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","tls": {"version":"TLSv1.2","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.youtube-3rd-party.com,upload.google.com,*.upload.google.com,upload.youtube.com,*.upload.youtube.com,uploads.stage.gdata.youtube.com,bg-call-donation.goog,bg-call-donation-alpha.goog,bg-call-donation-canary.goog,bg-call-donation-dev.goog","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1C3","subjectDN":"CN=upload.video.google.com","negotiated_alpn":"h2","fingerprint":"A9:8F:37:B3:54:4F:D0:01:B7:8D:0F:88:21:37:4A:EB:F7:E3:D3:F2","blocks":0}}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469704772,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6022,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469704772,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1656949469704772} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1656949469704772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8662127 bytes -~~ total memory freed........: 8662127 bytes -~~ total allocations/frees...: 140574/140574 +~~ total memory allocated....: 9426501 bytes +~~ total memory freed........: 9426501 bytes +~~ total allocations/frees...: 154540/154540 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 570 chars ~~ json message max len.......: 2494 chars diff --git a/test/results/default/tls_1.2_unidirectional_server_no_cert.pcapng.out b/test/results/default/tls_1.2_unidirectional_server_no_cert.pcapng.out index 69178bd53..c7c8071a9 100644 --- a/test/results/default/tls_1.2_unidirectional_server_no_cert.pcapng.out +++ b/test/results/default/tls_1.2_unidirectional_server_no_cert.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592192414} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592192414} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655389592192414,"flow_src_last_pkt_time":1655389592192414,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592192414,"l3_proto":"ip4","src_ip":"172.67.21.133","dst_ip":"192.168.12.156","src_port":443,"dst_port":39958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655389592192414,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655389592192414,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0AABAADMGuLesQxWFwKgMnAG7nBbDHr4MiDILLYAS+vAy3AAAAgQFeAEBBAIBAwMO"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655389592248391,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592248391,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJuVAADMGkd6sQxWFwKgMnAG7nBbDHr4NiDINMlAQAARsYQAA"} @@ -8,7 +8,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655389592294804,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592294804,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJudAADMGkdysQxWFwKgMnAG7nBbDHr6viDINZVAQAARrjAAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655389592336100,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592336100,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJuhAADMGkdusQxWFwKgMnAG7nBbDHr6viDIO61AQAARqBgAA"} 00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655389592192414,"flow_src_last_pkt_time":1655389592493255,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592493255,"l3_proto":"ip4","src_ip":"172.67.21.133","dst_ip":"192.168.12.156","src_port":443,"dst_port":39958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1426,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592493255} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1426,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592493255} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647161 bytes -~~ total memory freed........: 8647161 bytes -~~ total allocations/frees...: 140544/140544 +~~ total memory allocated....: 9411535 bytes +~~ total memory freed........: 9411535 bytes +~~ total allocations/frees...: 154510/154510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 1148 chars diff --git a/test/results/default/tls_1.3_unidirectional_client.pcapng.out b/test/results/default/tls_1.3_unidirectional_client.pcapng.out index fdda6f95e..d764336e4 100644 --- a/test/results/default/tls_1.3_unidirectional_client.pcapng.out +++ b/test/results/default/tls_1.3_unidirectional_client.pcapng.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481728614} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481728614} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949481728614,"flow_src_last_pkt_time":1656949481728614,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481728614,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.184.68","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949481728614,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949481728614,"pkt":"CL6sCxduJjb1W8R1CABFAAA8eAdAAEAGrjHAqAycjvq4RJtGAbtwW5KhAAAAAKAC\/\/9eLgAAAgQFtAQCCAr+HzcuAAAAAAEDAwk="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949481737014,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481737014,"pkt":"CL6sCxduJjb1W8R1CABFAAA0eAhAAEAGrjjAqAycjvq4RJtGAbtwW5Ki80vO8YAQAKwcfgAAAQEICv4fN0H6OrM2"} @@ -8,7 +8,7 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949481767911,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481767911,"pkt":"CL6sCxduJjb1W8R1CABFAAA0eApAAEAGrjbAqAycjvq4RJtGAbtwW5TW80vPy4AQAK4ZMQAAAQEICv4fN2D6OrNU"} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949481771419,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1656949481771419,"pkt":"CL6sCxduJjb1W8R1CABFAAB0eAtAAEAGrfXAqAycjvq4RJtGAbtwW5TW80vPy4AYAK7\/zQAAAQEICv4fN2T6OrNUFAMDAAEBFwMDADU2T0t2AElxo\/Anpd0+OP0c8HeptmhgzRsgsC93f4R0i9hqd0JFuQkCXfoK7TiZ0rbPid+YdQ=="} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1656949481728614,"flow_src_last_pkt_time":1656949481798742,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":564,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":886,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481798742,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.184.68","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481798742} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481798742} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647186 bytes -~~ total memory freed........: 8647186 bytes -~~ total allocations/frees...: 140545/140545 +~~ total memory allocated....: 9411560 bytes +~~ total memory freed........: 9411560 bytes +~~ total allocations/frees...: 154511/154511 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 1329 chars diff --git a/test/results/default/tls_1.3_unidirectional_server.pcapng.out b/test/results/default/tls_1.3_unidirectional_server.pcapng.out index 7d9caebdf..ba4822d99 100644 --- a/test/results/default/tls_1.3_unidirectional_server.pcapng.out +++ b/test/results/default/tls_1.3_unidirectional_server.pcapng.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481735174} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481735174} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949481735174,"flow_src_last_pkt_time":1656949481735174,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481735174,"l3_proto":"ip4","src_ip":"142.250.184.68","dst_ip":"192.168.12.156","src_port":443,"dst_port":39750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949481735174,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949481735174,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8KqgAAHgGAxGO+rhEwKgMnAG7m0bzS87wcFuSoqAS\/\/\/ujQAAAgQFlgQCCAr6OrM2\/h83LgEDAwg="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949481748657,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481748657,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0Kq0AAHgGAxSO+rhEwKgMnAG7m0bzS87xcFuU1oAQAQUZ3wAAAQEICvo6s0P+HzdG"} @@ -8,7 +8,7 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949481783540,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481783540,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0KrYAAHgGAwuO+rhEwKgMnAG7m0bzS8\/LcFuVFoAQAQUYhAAAAQEICvo6s2b+Hzdk"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949481792511,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481792511,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0KroAAHgGAweO+rhEwKgMnAG7m0bzS8\/LcFuWAIAQAQkXgAAAAQEICvo6s2\/+Hzdx"} 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1656949481735174,"flow_src_last_pkt_time":1656949481804763,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":855,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1073,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481804763,"l3_proto":"ip4","src_ip":"142.250.184.68","dst_ip":"192.168.12.156","src_port":443,"dst_port":39750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481804763} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481804763} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647123 bytes -~~ total memory freed........: 8647123 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9411497 bytes +~~ total memory freed........: 9411497 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 1090 chars diff --git a/test/results/default/tls_2_reasms.pcapng.out b/test/results/default/tls_2_reasms.pcapng.out index d038b2c42..dc6c8ef21 100644 --- a/test/results/default/tls_2_reasms.pcapng.out +++ b/test/results/default/tls_2_reasms.pcapng.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052958270296} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052958270296} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958270296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052958270296,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958270296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052958270296,"pkt":"AAAAAAAAAAgAHsfjCABFAAA8AABAAFkGPQnAW7quGYlQIAG7lPYStl7aMwcmoaAS\/\/+mFwAAAgQFcAQCCAqXmyQsjJgTHgEDAwg="} 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958421275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"thread_ts_usec":1639052958421275,"pkt":"AAAAAAAAAAQAaxhhCABFAAHI7AFAAD8GaXsZiVAgwFu6rpT2AbszByahErZe24AYAVd0fQAAAQEICoyYE\/2XmyQsFgMBAY8BAAGLAwMAlXJSyLbTWNrF02NSj28hHamky0L5wCYQnHUCL\/6z3iD5LhfBzVNFGwCCqzHgNKOymBfZ7K0vIQElpPRSPY852QAGEwETAhMDAQABPAArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgECxpEscXa0pzp0dwcj2NsRSDz0wt8A5bNiy0soe+2RYADQAKAAgEAwUDBgMIBAAAABQAEgAAD2kuaW5zdGFncmFtLmNvbQAQABQAEgJoMgVoMi1mYghodHRwLzEuMQAtAAMCAQAAKgAAACkAsgCNAIeEDo4Sq5aYEoWVI9gb5X7lsbxoLQQbqHnFpnF8aI1WLwAAAADufwuTcgHc7lYZ8SVlha1U3Zkr0Vd9xmvbgpohpkFSNMLDIZ8FmR2pTMB4b2CxLJGFEpspmoijBCvKQSfpFOQOBLhObW1gKrl6AV8Y7rEcYgAxc577AZrXxt9LdTNXMRicjW5cSz1JACEgle78vT7B+RG\/cD3MjAcV8pXx7rRg8Vriehdr1EpDdxs="} @@ -9,7 +9,7 @@ 01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958440022,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1752,"midstream":0,"thread_ts_usec":1639052958440022,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"i.instagram.com","domainame":"i.instagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h2_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052958440086,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1639052958440086,"pkt":"AAAAAAAAAAgAHsfjCABFAACEnctAAFkGnvXAW7quGYlQIAG7lPYStl+zMwcoNYAYAQVfGQAAAQEICpebJNaMmBP9FwMDAEsVFAAoT9R4PGUK6JrmQv\/2lo7Dahbke\/2rvVxk1LkuGDP3Y8z\/sO7TJHJKOoOMuj6Phx3KHeI4aO8E3Ijyz4MTDLUa8BC7ydQgDY8="} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":3,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052959221756,"flow_dst_last_pkt_time":1639052958885962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":3685,"flow_dst_tot_l4_payload_len":2290,"midstream":0,"thread_ts_usec":1639052959221756,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5975,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639052959221756} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5975,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639052959221756} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661948 bytes -~~ total memory freed........: 8661948 bytes -~~ total allocations/frees...: 140554/140554 +~~ total memory allocated....: 9426322 bytes +~~ total memory freed........: 9426322 bytes +~~ total allocations/frees...: 154520/154520 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars ~~ json message max len.......: 2386 chars diff --git a/test/results/default/tls_2_reasms_b.pcapng.out b/test/results/default/tls_2_reasms_b.pcapng.out index 071ee4df9..69f682309 100644 --- a/test/results/default/tls_2_reasms_b.pcapng.out +++ b/test/results/default/tls_2_reasms_b.pcapng.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052962482663} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052962482663} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052962482663,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052962482663,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052962482663,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052962482663,"pkt":"AAAAAAAAAAEAEgm4CABFAAA8AABAAFgG1idYDonDxOql2AG7kxooFUS4SyLHNqASe\/zceQAAAgQFcAQCCAq\/P97mAJHwdAEDAwg="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052963485255,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052963485255,"pkt":"AAAAAAAAAAEAEgm4CABFAAA8AABAAFgG1idYDonDxOql2AG7kxooFUS4SyLHNqASe\/zYjwAAAgQFcAQCCAq\/P+LQAJHwdAEDAwg="} @@ -9,7 +9,7 @@ 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1639052963520379,"pkt":"AAAAAAAAAAEAEgm4CABFAAESFlNAAFgGvv5YDonDxOql2AG7kxooFUS5SyLI2YAYAHvAaQAAAQEICr8\/4vQAkfDbFgMDAIACAAB8AwO6kuss6bcDSmq8e3GmR05l1RLxmI+dIDHmj2MZ7KgmySCbv0ACoTPxsYE+8Du\/oovylIsJjYgk88YoxhddfiCfjBMBAAA0ACsAAvsaADMAJAAdACAT3wI3T1d\/roP16TYt+DuVSSDCoKmbANYTUw0nFkrHCgApAAIAABQDAwABARcDAwBOZM1cpMqCvWSFHnQFxWqH2pxndfCRMiA\/Np\/+gM72QwNKEfL75BOGgEEdzjYI+CBE83znTyMCWcL06Crm+s3ylM3y+iehn1hG+hQOkfn2"} 01318{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1639052963520379,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","domainame":"video.fmct2-3.fna.fbcdn.net","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h1_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963537951,"flow_dst_last_pkt_time":1639052963523453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":10270,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1639052963537951,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639052963537951} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639052963537951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8692035 bytes -~~ total memory freed........: 8692035 bytes -~~ total allocations/frees...: 140558/140558 +~~ total memory allocated....: 9456409 bytes +~~ total memory freed........: 9456409 bytes +~~ total allocations/frees...: 154524/154524 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 568 chars ~~ json message max len.......: 2393 chars diff --git a/test/results/default/tls_alert.pcap.out b/test/results/default/tls_alert.pcap.out index 6006e01fa..0a24e9391 100644 --- a/test/results/default/tls_alert.pcap.out +++ b/test/results/default/tls_alert.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1628259176203392} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1628259176203392} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176203392,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1628259176203392,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1628259176203813,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="} @@ -8,7 +8,7 @@ 01370{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176204397,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176204809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1628259176204809,"pkt":"oM7IELEuAICPmq69CABFAAA0KOtAAEAGjbTAqAEUwKgBwAG79rbEoc1G7SBJ1oAQAOsSLwAAAQEICgCx5a0T0iP8"} 01481{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176204934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1628259176204934,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"34": {"risk":"TLS Fatal Alert","severity":"Low","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1642662403350000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1642662403350000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662403350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1642662403350000,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2VAAD8GBknAqAJkoCzKypOUAbvHogbZRxwevVAYAY\/SKwAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662403350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -18,7 +18,7 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642662404144000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1642662404144000,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2lAAD8GBkXAqAJkoCzKypOUAbvHogbZRxwevVAZAY\/SKgAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="} 01215{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176205826,"flow_dst_last_pkt_time":1628259176206182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1642662407022000,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"34": {"risk":"TLS Fatal Alert","severity":"Low","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement"}} 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662407022000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662407022000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1642662407022000} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1642662407022000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654047 bytes -~~ total memory freed........: 8654047 bytes -~~ total allocations/frees...: 140569/140569 +~~ total memory allocated....: 9418420 bytes +~~ total memory freed........: 9418420 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 1486 chars diff --git a/test/results/default/tls_certificate_too_long.pcap.out b/test/results/default/tls_certificate_too_long.pcap.out index 67396d1ef..4dfd880cb 100644 --- a/test/results/default/tls_certificate_too_long.pcap.out +++ b/test/results/default/tls_certificate_too_long.pcap.out @@ -1,5 +1,5 @@ -00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626168074745096} +00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626168074745096} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074745096,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168074745096,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168074926313,"flow_dst_last_pkt_time":1626168074926313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":394,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":394,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074926313,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -91,19 +91,19 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077620854,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626168077632344,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pgVbXIGxxGts6AS\/oilegAAAgQFtAQCCAqgBBfWPdH4\/AEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077632420,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077632420,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KYAFDHEa2zFW1yB4AQCArKugAAAQEICj3R+QegBBfW"} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1626168077632855,"pkt":"WNVuaKQA8BiYFWV8CABFAAEHAABAAEAGU8\/AqAF5AhYh69KYAFDHEa2zFW1yB4AYCAp9hQAAAQEICj3R+QegBBfWR0VUIC9wa2kvY2VydHMvTWljUm9vQ2VyQXV0MjAxMV8yMDExXzAzXzIyLmNydCBIVFRQLzEuMQ0KSG9zdDogd3d3Lm1pY3Jvc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LWl0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IGNvbS5hcHBsZS50cnVzdGQvMi4wDQoNCg=="} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077632855,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}} +01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077632855,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1626168077633946,"pkt":"8BiYFWV8WNVuaKQACABFAABYGXsAAHgRVukICAgIwKgBeQA11SEAREvAQG+BgAABAAEAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAHADAABAAEAAAATAAQCFiHr"} 01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1626168077633946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["2.22.33.235,ttl=19"]}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077643688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077643688,"pkt":"8BiYFWV8WNVuaKQACABFAAA0bRxAADkG7oUCFiHrwKgBeQBQ0pgVbXIHxxGuhoAQAfzP6QAAAQEICqAEF+I90fkH"} -01453{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077654666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077654666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}} +01454{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077654666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077654666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077660456,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077660456,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077660456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077660456,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626168077670653,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077670728,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077670728,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KZAFBWi1SlxUZcNoAQCAqOZAAAAQEICj3R+SqAXqM6"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_usec":1626168077671150,"pkt":"WNVuaKQA8BiYFWV8CABFAAEJAABAAEAGU83AqAF5AhYh69KZAFBWi1SlxUZcNoAYCAqtegAAAQEICj3R+SqAXqM6R0VUIC9wa2lvcHMvY2VydHMvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3J0IEhUVFAvMS4xDQpIb3N0OiB3d3cubWljcm9zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogaXQtaXQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogY29tLmFwcGxlLnRydXN0ZC8yLjANCg0K"} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077671150,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}} +01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077671150,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077680554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077680554,"pkt":"8BiYFWV8WNVuaKQACABFAAA0kqtAADkGyPYCFiHrwKgBeQBQ0pnFRlw2VotVeoAQAfyTkwAAAQEICoBeo0Q90fkq"} -01455{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077691567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077691567,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077691567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077691567,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077734028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168077734028,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077734028,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077734028,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077735142,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -141,8 +141,8 @@ 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1626168078654016,"flow_dst_last_pkt_time":1626168078677309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1626168078677309,"pkt":"8BiYFWV8WNVuaKQACABFAAB1fEAAAHgR9AYICAgIwKgBeQA1yx4AYfqwlN+BgAABAAEAAAAAAjI2AzExMwI4MgMxNDAHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAA20ACEUbGItMTQwLTgyLTExMy0yNi1pYWQGZ2l0aHViA2NvbQA="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1626168078674936,"flow_dst_last_pkt_time":1626168078697090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168078697090,"pkt":"8BiYFWV8WNVuaKQACABFAAAopbxAAPEGSn00YqMSwKgBeQG70LTKjnLJ5wZl7FAQCAWxfgAA"} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1626168078722553,"flow_dst_last_pkt_time":1626168078697090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1626168078722553,"pkt":"WNVuaKQA8BiYFWV8CABFAAT+AABAAEAGnGTAqAF5NGKjEtC0AbvnBmXsyo5yyVAYEACH9AAAFwMDBNEAAAAAAAAA3P9mE\/WxzRlzhJVvrME7arSt4cc4b80\/fLZ45lg2jTLN+h8OznVOp0v0YJHlvGb6zo1R0y0127nCMLhWICtDPy2FtY028GLgaBdr\/YLaP88jpPC2wcimHwfty2x4WKI+LPeYoEPRAYicmmTAxPlFzZuaf1iKs+Yu1pMdI4311+rTrqclcjjttiygU+MPtoh4rbcQQi4hllQZ9bpYWoVqJ+iSt2BigYH05vsyHmu879GAhVkohrBF89b4NLKyNAMo0\/QxqgG1rqZTGisx7FjNs8y8uxtw5iKWrSpnhwqsK8HdkzdODGF90yeLdn3CCNJgdm3aNHt1MWZ4JOUy5GzAb47y2cy051il96yYxnPjPoqHZ+sb8GqydD+Wdtw8hwTtkDW7xa7mACJTwuWOIU79l2oDnl63ylL8+JOFMkvCyqpvRSJQTp84k5efBKX3KzQjur4Xu79lO0LFF2NRDD6HkdNIzdZ6GrjQ6cfeKSx84X\/NzyeoBGfExOO\/4zYWpKYV5emN2qK2WwFz9V6yUT4FYCEpMENn4zKRUt2gX3+QJ3UggRDfQ8Atlul6XoqofW\/JfCf+PszhgtXLpc9QxVs3UVfeC+BCBsI\/evJsy+X2zvUBACJp1Cao7EAa\/un53A8cu1w+QQ\/3\/qpgFcwuebDk+bTd2XwEmQcRY5ntXb11cm+t6EgiuWMc8LtkZLW4g6Qk7C3exETENqr8qaKtA57iz69EbEaWfUTp590Cm1yhdVWnzQVccpyZRGULka\/D5PTiR6o3UCqpNAg8I43q9sRPGdaOzmk6LqC8kGMMj1N8P2DVYvcwJb3HB14BO5Blfb4kQNaSZCX81P5eekubMcrCkaYeLnnSigA4c2KBCJI0\/apWCuj0F93qKZChgzKT77EQe9PNeEwH9qa2yEnfxe42M9M\/dR+ZqezhwWXFtPpr0H\/z1rdkNoyBVAssfrasWrQx8flrDgnBIYD1460XCzVYLXxrhZgLoJb3EnAJ7vXCxsY0pXppBEZDDdim91oHmoHdPCYl0He7JYRSbPjtQSoUoTzcJp7PxKyOdGVLYBgNJz7zY+ZgHgZgGwjl0V0nqegEjC35a9y8SnKE63ljmDCyN8pWus5ViXGLvQ2Q\/1YgRAjjfufkIFVVjlXa01yHVzB76HDZ1tJk9CCm9ap34gzfAiHToNIXmogCeGqn2CdKyBeaiMSGkpYWcPn2x5217jPoRlFNQrlxxA+bM2VQvFdzsWSjAthvEYT8M0NKxSkvF5fH3eNJZYaUGLIiBrgIGbm4pAM\/x0xPOGKmtUmoLltnDzmkCbUcHYiWy3Y7nJHL865N2SK80a9Zp+7VINzLRf\/Ervx7NR7ytI7hPsERS2gR+t5ngZO4VMBVWlnWrW+Q0k4Q1KqCHh7RRwRxv5sH62zb+RmG6I1XbjkIiH\/fDv5F+LoUplAhBWHtQdc4gcY6R330O9wWahGV3oVm2bRxt8RZJJruLD1DYhwwT99J89GgAfYqHkYbcpYCi6LHqYqrQ6UmOTNERlSpwcXx4Ujj\/ftQuU3MAdSrHpDwvlJG8V3434OyaQQ78dblNHDOqOcIm3UL5vFVeeu11Ar10lwqpNk+NFgn+2DriZe1BIfTkQZAL4Pitnn2QjlLKFQ="} -02111{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1626168078673569,"flow_src_last_pkt_time":1626168078741395,"flow_dst_last_pkt_time":1626168078741532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1318,"flow_src_tot_l4_payload_len":6192,"flow_dst_tot_l4_payload_len":5635,"midstream":1,"thread_ts_usec":1626168078741532,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":4380.3,"max":66556,"stddev":14076.5,"var":198149200.0,"ent":1.7,"data": [0,1268,0,1,22712,2791,42219,7,1,1,2,1,1,3,1,2,0,1,1,1,1,2,1,1,1,66556,1,207,4,1,1]},"pktlen": {"min":40,"avg":409.6,"max":1488,"stddev":443.8,"var":196953.1,"ent":4.3,"data": [1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82]},"bins": {"c_to_s": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0],"s_to_c": [2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]},"directions": [0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1],"entropies": [7.844867706,7.768162727,7.838919640,7.877963066,7.801912785,4.931687355,4.931687355,7.872855663,6.611027718,5.917587280,7.063786030,7.077864647,7.070313454,7.063032150,7.077404976,7.132514954,7.133229256,7.145859718,7.155868053,7.036940575,7.138390064,7.124177456,7.128092766,7.045049191,6.969915390,5.878566742,4.680641174,4.680641174,7.009124756,7.071732044,7.305675030,5.664766788]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -02138{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1626168078673880,"flow_src_last_pkt_time":1626168078802752,"flow_dst_last_pkt_time":1626168078815501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1312,"flow_src_tot_l4_payload_len":8443,"flow_dst_tot_l4_payload_len":4308,"midstream":1,"thread_ts_usec":1626168078815501,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8725.6,"max":48024,"stddev":14356.9,"var":206121952.0,"ent":3.3,"data": [1,1055,23210,47617,37039,8,1,2,1,1,11720,448,454,9939,10211,1,619,25332,48024,32224,8,8662,433,9,3,3,2,1,2,508,12955]},"pktlen": {"min":40,"avg":439.2,"max":1488,"stddev":490.6,"var":240677.5,"ent":4.2,"data": [1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52]},"bins": {"c_to_s": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0],"s_to_c": [4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]},"directions": [0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1],"entropies": [7.851675034,7.762215614,7.854618549,4.931687355,7.853376865,7.847486019,6.592478275,7.073016644,7.479730606,5.652988434,5.603165150,4.680641174,5.374660492,4.680641174,4.887658596,7.882281303,7.798806667,7.618238926,4.862814903,7.611861229,7.774961472,7.463752747,4.630641460,6.593664169,7.007197857,7.177185059,6.230616570,5.640376568,5.764585972,5.533047199,4.680641174,4.962661743]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02107{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1626168078673569,"flow_src_last_pkt_time":1626168078741395,"flow_dst_last_pkt_time":1626168078741532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1318,"flow_src_tot_l4_payload_len":6192,"flow_dst_tot_l4_payload_len":5635,"midstream":1,"thread_ts_usec":1626168078741532,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":4380.3,"max":66556,"stddev":14076.5,"var":198149200.0,"ent":1.7,"data": [0,1268,0,1,22712,2791,42219,7,1,1,2,1,1,3,1,2,0,1,1,1,1,2,1,1,1,66556,1,207,4,1,1]},"pktlen": {"min":40,"avg":409.6,"max":1488,"stddev":443.8,"var":196953.1,"ent":4.3,"data": [1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82]},"bins": {"c_to_s": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0],"s_to_c": [2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]},"directions": [0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1],"entropies": [7.844867706,7.768162727,7.838919640,7.877963066,7.801912785,4.931687355,4.931687355,7.872855663,6.611027718,5.917587280,7.063786030,7.077864647,7.070313454,7.063032150,7.077404976,7.132514954,7.133229256,7.145859718,7.155868053,7.036940575,7.138390064,7.124177456,7.128092766,7.045049191,6.969915390,5.878566742,4.680641174,4.680641174,7.009124756,7.071732044,7.305675030,5.664766788]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02134{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1626168078673880,"flow_src_last_pkt_time":1626168078802752,"flow_dst_last_pkt_time":1626168078815501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1312,"flow_src_tot_l4_payload_len":8443,"flow_dst_tot_l4_payload_len":4308,"midstream":1,"thread_ts_usec":1626168078815501,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8725.6,"max":48024,"stddev":14356.9,"var":206121952.0,"ent":3.3,"data": [1,1055,23210,47617,37039,8,1,2,1,1,11720,448,454,9939,10211,1,619,25332,48024,32224,8,8662,433,9,3,3,2,1,2,508,12955]},"pktlen": {"min":40,"avg":439.2,"max":1488,"stddev":490.6,"var":240677.5,"ent":4.2,"data": [1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52]},"bins": {"c_to_s": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0],"s_to_c": [4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]},"directions": [0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1],"entropies": [7.851675034,7.762215614,7.854618549,4.931687355,7.853376865,7.847486019,6.592478275,7.073016644,7.479730606,5.652988434,5.603165150,4.680641174,5.374660492,4.680641174,4.887658596,7.882281303,7.798806667,7.618238926,4.862814903,7.611861229,7.774961472,7.463752747,4.630641460,6.593664169,7.007197857,7.177185059,6.230616570,5.640376568,5.764585972,5.533047199,4.680641174,4.962661743]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079158693,"flow_dst_last_pkt_time":1626168079158693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079158693,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1626168079158693,"flow_dst_last_pkt_time":1626168079158693,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168079158693,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KaAbvsuitsAAAAALAC\/\/8ZDgAAAgQFtAEDAwYBAQgKPdH+3gAAAAAEAgAA"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079191811,"flow_dst_last_pkt_time":1626168079191811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079191811,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -218,8 +218,8 @@ 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":108,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":108,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net"}} 00938{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074928929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074928929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01280{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077673300,"flow_dst_last_pkt_time":1626168077673225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1944,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com"}} -01280{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077704270,"flow_dst_last_pkt_time":1626168077704176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com"}} +01281{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077673300,"flow_dst_last_pkt_time":1626168077673225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1944,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com"}} +01281{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077704270,"flow_dst_last_pkt_time":1626168077704176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080122102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607953,"flow_src_last_pkt_time":1626168076607953,"flow_dst_last_pkt_time":1626168076607953,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -247,7 +247,7 @@ 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076015959,"flow_src_last_pkt_time":1626168076015959,"flow_dst_last_pkt_time":1626168076015959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_companion-link._tcp.local"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168078653044,"flow_src_last_pkt_time":1626168079653752,"flow_dst_last_pkt_time":1626168079674037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":323,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"235.33.22.2.in-addr.arpa"}} 01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168076655532,"flow_dst_last_pkt_time":1626168076674265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":90,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":431,"flow_dst_tot_l4_payload_len":749,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"60.21.149.52.in-addr.arpa"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":250,"global_ts_usec":1626168081946770} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":250,"global_ts_usec":1626168081946770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 315/315 ~~ skipped flows.............: 0 @@ -256,9 +256,9 @@ ~~ total active/idle flows...: 35/35 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8856196 bytes -~~ total memory freed........: 8856196 bytes -~~ total allocations/frees...: 141353/141353 +~~ total memory allocated....: 9621559 bytes +~~ total memory freed........: 9621559 bytes +~~ total allocations/frees...: 155316/155316 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2529 chars diff --git a/test/results/default/tls_change_cipher.pcap.out b/test/results/default/tls_change_cipher.pcap.out index 1bcc9fe86..1d0a93c3a 100644 --- a/test/results/default/tls_change_cipher.pcap.out +++ b/test/results/default/tls_change_cipher.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784524708924} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784524708924} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784524708924,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784524708924} 00483{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":134,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":134,"pkt_l4_len":0,"thread_ts_usec":1705784524708924,"pkt":"AAAAAAAAAAEAAAACgQANQoEAAHEIAEVoAHCULAAAOxGs0QqED7AKhhleCGgIaABcAAAw\/wBMkkgABkUAAEwAAEAA7wYHXhKLBwisHb6dAbv1TcvywT+rt1Qx4BL0J8GNAAACBAVQBAIICgxXutK5JPKSAQMDBx4QEAAIeIpV\/fie+Nc5ojE="} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784524879194,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784524879194} @@ -28,7 +28,7 @@ 02279{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":1458,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1458,"pkt_l4_len":0,"thread_ts_usec":1705784524708924,"pkt":"AAAAAAAAAAEAAAABgQCNQoEAgHEIAEVoBZwyewAA\/xFFVgqGGV4KhA+wCGgIaAWIP0Uw\/wV4BES1rkUABXgAAEAAQAaxMqwdvp0SiwcI9U0Bu6u3eGrL8sFA0BAQBlXnAAABAQgKuSUGPgxXvFYeEiAFIwPhxbmOfz8AAApKPikAADgqY+MAQU98TYSNKdSEnsx74PNTfX7gd5k+yBDbLmllQwhxUbwG1HJMootoStVKOnnK3k2XSIoip818wahl+woOOj+NhDulJ\/Ni\/PWzy0s1Oaxt2K4acg2HdaVloTHS0rnrtnLI1G+lrkgpcvUxCt54Cg+4x2kQPrN67G6aJ2hfUSesPXeTjzJPv62jNHC325Nv7cHKI0fHHBzpMeuYGEbFbJQgYL0Qo8yqCF3GdKv9tKtmS+vsbn3cdu80pt2kq7QZ44QnsQSF9kxZCv0PP4\/Em+2WIEoj25IjHt2E+F8d6wmVs8JPd4RQK3BZyVRaI7UFZzICc7wOi5dVk+eAC0CBAFX\/8VNLJnVKVNjNzPzZhIT0rNYa+bYpzaWxnHJeTAsqX\/HfiwMPWgJPneUa\/m1nXT1hLqOW+1rNy6\/1ginGrbh6hvtJYMLPjf1tr9LcsPOusDjw6v+3PyZcFZMtdkABcOPKZV7NplsTjgIsqXLpzmKsC+1xNB6s1zxCQtyY4UJ4FnEv48d2IIz+8x6VYrDxnG5QPcYrzNYAGrf\/VK0ELnX576V1FEdca5DKl\/K\/yjVL0qu1IFzBAOBma6Ox9ZcumC2KbwhHE\/LN82fSnIysJtyFqczTF1k9SJMH6xYpbVO232R7vCyFgji8B6mUEXWDbcsOilF92xaweoVEmiwGx\/jYbyEwO6ZaORbOkd4wcZjthfmFu7j3NE083Y5JpHs6SImulEYw1KxgBPpT9t2R6EgWWf5BNeXBpJ54BCNOxHm1qldCT3D5+Cg92q50tiDUNq0L3b7yKGIaoThNLvVH5JMJxDMcUeYhFnfXMvFSGqmtBXwiNGSmL5CT4bcNEkVsp2VZQ85MBaKTprPxq85p16dKPngLWNqKYMi3nImRgGSfZKQG2531JtRrxvT0LUfZiMkgXG9D0cU8ynP5FWTdiC0b56XA\/VyR\/pCrm\/cXvy8s69lfLnn3RvMa8zqVM3TUpP4y7DibdCyg6JWwvZHqrr7QKf6mDRG\/1aY3PsVCiNO0RXSr16wYa7ghO1btDLjAyNLPEPQnfzSfpXL+QZU\/Laf6\/Dm6my03F2qvJmsruJBGQjzipiZphzVqaWlJ\/9mVRWiPj6N3GIIZMEgeT7ZTSO0XsC3cXzaBPa5cXYQFsOoftqZb6CN6KvqIKZwbLpz+stlxkkJlZW286zIpxFOkCVKGl3f2rIf6E6\/sz0f7l8Gd5eTlgcaRr0McAbJiQi86f2MEWIg5D2A2poEwujwcW61WCn6Vq6cQdcqQYi6dzu+bIxBr0FmJKX4mUJDHQTUqINOBjdmqy\/aJezeoJ6rDfoNURtDzdDPc1BIARMhg8\/Ctt2ehN5RAACUlOiRRouSgsyNYwuwVMmiMMbc94u8TwonRAM76veZoD\/PJqHWUE8FnISuyBmdsRzf9JK7QQ3EodbY36iUo2TxlUb8MPJ9id7kvzW41ZSVGtyl0WVciEf1CbYZivAO+aL82adaKw3J9lCdu9Rho5bzEh85Eg3RMyBaMyJw+a97fq\/QZBEew4Agp7shoq2\/KtGPCeQP4H\/vBe5KyyVbCtUoN8CnJYiHMTs4Nwu3y6eGMPfv8N\/IYLe3D6rkHl6dkpzeAOFEMG4mHfRQ6GGxy2bFl3cl9RIPFxQiCoUi2uJBx7AlrnDA\/kjg0R8gQG81yXKLeAMA3A1Dy4HoiEz7DJy9jfw7DurRReCtiN2JwCQpR7xGTe1KQb3LZ39qeVH0n9\/hmsYyElLa1DMAIHIyfmZTeRj6eEAnJ"} 00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784529694103,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784529694103} 02281{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":1458,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1458,"pkt_l4_len":0,"thread_ts_usec":1705784524708924,"pkt":"AAAAAAAAAAEAAAABgQCNQoEAgHEIAEVoBZwyfAAA\/xFFVQqGGV4KhA+wCGgIaAWIP0Uw\/wV4BES1rkUABXgAAEAAQAaxMqwdvp0SiwcI9U0Bu6u3fZrL8sFA0BAQBmLeAAABAQgKuSUGPgxXvFYeEiAFIwPhxbmOfz8AAApKPikAALkLPIqoV8bueYFSu2MlIeN77Pg8FRuXg+UHwu8cAyOc6iZso+4ZMZ91Kc7txxkHV5viAMMJtlb66zwZbnHlzgatfdx5eC1iSoNL5CS136gBJbF8wJPrDm4mbSWJjtf4uAywrMHfheCzBFdgU1SonzjvCiLxHmaMjhQhmzlZCxxVtilrJgLyHrsrAIC+3nF+6hbUtqDAOX7N2rpGgH05SATgLsLbqitLcsK72Hfsx\/Hlcb5ifdEKJvxAlpGoNH9Em5RXrJuOX4cUKo\/BXiNQqsjn0U95zpxXR2doESt1vLuqOAzdytpBfVFJi+ZK6LSMsFYYK5bdARgEzeQZOg4YH3mkpVhTgVHJoaotClp3DncwJGHrcLgL5Tu5PMeQRpPnDrA68fGbJ5sxybPaPP4xMtVAg05EFDxOtUiKc5hNSCXSD8YgFk096si+j9Syat8G5aoGX\/e4BO9YU7945A7xBA0\/b7Xg3h7V\/Qlfh4trqesM0HegrBL\/SZ8AybXwg7mvJy0N9AkIs\/qVM3RkgnsX4g6\/hDy2jV9w8pXGx96JganSsQGgKenWC4V03FVXndRhVqtbaTUgtJ790qDYaWaM1bOIlXahnSznp8bVKf1972ckM1wrNr1RLkwUhQ3yWWcXvGerJRTHGQQD7exdtl4ONRHP6TL9+ZvUGbINg6IU+ApY6arEXsnREerTusN55qlcv8yHTZECw6o\/sRyLeuX0i6dMyOoeTVLwxCKxkjyhnJG8v59maC54sgv2jK\/guw479v1ccxxbk+OnwULONWCUY5v0laCUuLiFkuD\/9jwcV7xr7dAa5q8CK+Crh\/Q8kkk9Cw4iILzosmybqvda5KFCtmhK4txjOn2qSgzv\/dj7kUDXQmopN7UP0zBLNQ8A1mi9asPilPPVyb9a\/dC5ontWFUJCjn7EXWWP3Tn9zj86GQzSu0P1ikYQ5eQW\/ChXcJ1\/idBSe87lUAlx8eDWIwE4xLdKA3yrd447J1XqIsitSjv9WpoPb9JqiuA9ueUkLYhFwjYLWZbuBiEztwIKXyYyBWUcuhG5pINIKt1pLOPaN9nDcsvnG7HG8Xn0kCa7irNSjI4nCI3mgP5ydYuvmk0SNSx1+SnNBaoFMJeypjDS98wmwXG93gISEdiPNv0d5bVJQWiLdzmjpHRPA2hDSpBHczcSHSgpDetnQLs7jg9N5I8\/8hUtUbaRZ66M\/aK+ifklpE8WHf4f5xYfiITYnPRW4cMGcSEObTo8VcI7\/oIqAmK7\/cnxMI4MjsbBOZg6s4jmbB6URC6QwjiF1ijFnWKpuP2syv8\/DNuccNTzuvW+jhahVNPFSZnlbl\/DOCi9z4r67nZxcj1d6\/a7kTDCtR\/Yj2BBL6M71gQOyXCKP34xhAMZzJamQT48Q5vLSWtOx7\/WiC+Z47umbvzUMqlm4CeEOczNn2YavCHkoRd314TqGqVofG+oEgUXPZLYOFmPPxaiMLeSU3gTzzXmVIifg02MxtRvQ3BJLlA3PlS46kEr2mEXI72oI3UJUCUDaWPvPQdZILxcHabjrg3jUHS7e4dXBaAxt51y8r9G9+1wJ9bCuYL61tEXC41JA83\/ufCUjizoIrGvYJvA1rRXKpoikxY49vomwPDe6qYfZ4PrXZCHJ7fOxuslJNGcAwbmfOAEUkV8\/q6A8AuOB9oGRmvZa7IPpaSoPx2jKv2ySImrUj1LcnxZTMuZMQQwhkIiXUfOguoikn3EVtbjBW8HlpT\/k1\/AZks6\/5eP6\/4r1tf09BQHh0xW"} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1705784529694103} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1705784529694103} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/0 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8642406 bytes -~~ total memory freed........: 8642406 bytes -~~ total allocations/frees...: 140522/140522 +~~ total memory allocated....: 9406748 bytes +~~ total memory freed........: 9406748 bytes +~~ total allocations/frees...: 154488/154488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 2286 chars diff --git a/test/results/default/tls_cipher_lens.pcap.out b/test/results/default/tls_cipher_lens.pcap.out index 9a5bab518..ae4694a3f 100644 --- a/test/results/default/tls_cipher_lens.pcap.out +++ b/test/results/default/tls_cipher_lens.pcap.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1391444859282829} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1391444859282829} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1391444859282829,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} 01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","domainame":"www.google.it","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360600_77f462745360_6072aad2e91d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} @@ -20,7 +20,7 @@ 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1391444859282829} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1391444859282829} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8664861 bytes -~~ total memory freed........: 8664861 bytes -~~ total allocations/frees...: 140587/140587 +~~ total memory allocated....: 9429363 bytes +~~ total memory freed........: 9429363 bytes +~~ total allocations/frees...: 154553/154553 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 1281 chars diff --git a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out index 86d8f58d5..713edd922 100644 --- a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out @@ -1,5 +1,5 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663090549179486} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663090549179486} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549179486,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"} @@ -17,7 +17,7 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549535303,"flow_dst_last_pkt_time":1663090549540818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549540818,"pkt":"PKn0qB\/seq+3+1HBCABFAAA02g9AAEAG3C7AqAG1wKgBgBue6WrMegHJm3t+OIAQAKzwSQAAAQEICp2aQ2XJG2ol"} 01375{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549200737,"flow_dst_last_pkt_time":1663090549222749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1094,"flow_src_tot_l4_payload_len":1448,"flow_dst_tot_l4_payload_len":1383,"midstream":0,"thread_ts_usec":1663090549603905,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01359{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":2,"flow_first_seen":1663090549527373,"flow_src_last_pkt_time":1663090549603905,"flow_dst_last_pkt_time":1663090549540818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549603905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.181","src_port":59754,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1663090549603905} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1663090549603905} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654023 bytes -~~ total memory freed........: 8654023 bytes -~~ total allocations/frees...: 140570/140570 +~~ total memory allocated....: 9418429 bytes +~~ total memory freed........: 9418429 bytes +~~ total allocations/frees...: 154536/154536 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 588 chars ~~ json message max len.......: 2545 chars diff --git a/test/results/default/tls_ech.pcapng.out b/test/results/default/tls_ech.pcapng.out index 39a7c8e1b..7a84f4786 100644 --- a/test/results/default/tls_ech.pcapng.out +++ b/test/results/default/tls_ech.pcapng.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412679858,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412679858,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqoAAAAAoAL\/KDqPAAACBAWMBAIICnfjZxIAAAAAAQMDBw=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412684172,"pkt":"NObXAhsnILAB4IZiht1gBxYjACgGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJksyaT6roBL8wPi1AAACBATEBAIICk7TX8p342cSAQMDDQ=="} @@ -9,7 +9,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412688931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412688931,"pkt":"NObXAhsnILAB4IZiht1gBxYjACAGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJkwyaUDzgBAAByECAAABAQgKTtNfznfjZxY="} 01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412746874,"flow_dst_last_pkt_time":1688191412700618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":2702,"midstream":0,"thread_ts_usec":1688191412746874,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654010 bytes -~~ total memory freed........: 8654010 bytes -~~ total allocations/frees...: 140549/140549 +~~ total memory allocated....: 9418384 bytes +~~ total memory freed........: 9418384 bytes +~~ total allocations/frees...: 154515/154515 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars ~~ json message max len.......: 1368 chars diff --git a/test/results/default/tls_esni_sni_both.pcap.out b/test/results/default/tls_esni_sni_both.pcap.out index 84490ea63..cbda4fc4d 100644 --- a/test/results/default/tls_esni_sni_both.pcap.out +++ b/test/results/default/tls_esni_sni_both.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595697574192522} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595697574192522} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574192522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697574192522,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574192522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1595697574192522,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574222665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1595697574222665,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"} @@ -18,7 +18,7 @@ 01531{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597802693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":639,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1595697597802693,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"you-think-thats-normal-tls-traffic-youre-seeing.com","domainame":"you-think-thats-normal-tls-traffic-youre-seeing.com","tls": {"version":"TLSv1.3","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3","blocks":0}}} 01207{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574326162,"flow_dst_last_pkt_time":1595697574326417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":634,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":6772,"midstream":0,"thread_ts_usec":1595697597855622,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01207{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597855622,"flow_dst_last_pkt_time":1595697597855003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":5312,"midstream":0,"thread_ts_usec":1595697597855622,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1595697597855622} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1595697597855622} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8686932 bytes -~~ total memory freed........: 8686932 bytes -~~ total allocations/frees...: 140599/140599 +~~ total memory allocated....: 9451338 bytes +~~ total memory freed........: 9451338 bytes +~~ total allocations/frees...: 154565/154565 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 1536 chars diff --git a/test/results/default/tls_false_positives.pcapng.out b/test/results/default/tls_false_positives.pcapng.out index b07558cda..8fda954e6 100644 --- a/test/results/default/tls_false_positives.pcapng.out +++ b/test/results/default/tls_false_positives.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1641232761063506} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1641232761063506} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761063506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641232761063506,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761063506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1641232761063506,"pkt":"AAAAAAAAAAcAi3YBCABFAAA0AABAADcGbxAKCgoBwKgAAQWlUfMZL\/oS1g972YASchBrdgAAAgQFtAEBBAIBAwMK"} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761612243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1641232761612243,"pkt":"AAAAAAAAAAcAi3YBCABFAACs+xRAAD4GbIPAqAABCgoKAVHzBaXWD3vZGS\/6E1AYBVnujAAAhAAAAAKIJwDIAAUJDggAAAAEAFNDuAsEAAEAAAAEAFND8wMEAGAAAAAFAGFidmVyBAAxMDA3CwBjb3VudHJ5Y29kZQIAT00DAGlzcAcAT29yZWRvbwIAb3MHAGFuZHJvaWQHAHNka3R5cGUEAG5lcnYLAHZlcnNpb25jb2RlBAA0ODIz"} @@ -8,7 +8,7 @@ 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1641232761626007,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_usec":1641232767278395,"pkt":"AAAAAAAAAAcAi3YBCABFAAF\/+xdAAD4Ga63AqAABCgoKAVHzBaXWD4HVGS\/6IFAYBVm3VgAAb2RlBAAAABQAcXVpY19kb3dubG9hZF9wYXJhbTEAAAAAEgBxdWljX3VwbG9hZF9wYXJhbTIAAAAAFABxdWljX2Rvd25sb2FkX3BhcmFtMgAAAAAJAGV3bWFfc2xvdwMAAAASAHF1aWNfdXBsb2FkX3BhcmFtMQAAAAAOAGxpbWl0X3Jlc2xldmVsAQAAABEAc19waWNrX2xldmVsX21vZGUNAAAAEgBxdWljX3VwbG9hZF9wYXJhbTACAAAACgBzcGVlZF9tb2RlBAAAAAkAZXdtYV9mYXN0CQAAABgAcXVpY19kb3dubG9hZF9wYXJhbXNfbnVtAwAAAAgAcGxheV9vd24DAAAAFgBwaWNrX2xldmVsX2luZGVwZW5kZW50AAAAAAcAYndlX2RlZgEAAAAUAHF1aWNfZG93bmxvYWRfcGFyYW0wAgAAAP\/\/\/\/8BAAAAgAAAAA=="} 00928{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":3,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232767465459,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":33806,"flow_dst_tot_l4_payload_len":1875,"midstream":0,"thread_ts_usec":1641232767465459,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":3,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232767465459,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":33806,"flow_dst_tot_l4_payload_len":1875,"midstream":0,"thread_ts_usec":1641232767465459,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1641232767465459} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1641232767465459} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647732 bytes -~~ total memory freed........: 8647732 bytes -~~ total allocations/frees...: 140563/140563 +~~ total memory allocated....: 9412106 bytes +~~ total memory freed........: 9412106 bytes +~~ total allocations/frees...: 154529/154529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 560 chars ~~ json message max len.......: 2419 chars diff --git a/test/results/default/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/default/tls_heur__shadowsocks-tcp.pcapng.out index 5dc6b9372..4bd85f844 100644 --- a/test/results/default/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/default/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,5 +1,5 @@ -00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624} +00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298253624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253624,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADypskAAQAaTB38AAAF\/AAABrYgEOPrjCTkAAAAAoAL\/1\/4wAAACBP\/XBAIICoJ3H6YAAAAAAQMDBw=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253646,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253646,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDitiFpVj4z64wk6oBL\/y\/4wAAACBP\/XBAIICoJ3H6aCdx+mAQMDBw=="} @@ -35,7 +35,7 @@ 00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298432715,"flow_dst_last_pkt_time":1725100298432675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":636,"flow_dst_max_l4_payload_len":7428,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":20131,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298407018,"flow_dst_last_pkt_time":1725100298407002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":9887,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18427,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298432922,"flow_dst_last_pkt_time":1725100298432653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":31703,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8811869 bytes -~~ total memory freed........: 8811869 bytes -~~ total allocations/frees...: 140688/140688 +~~ total memory allocated....: 9576372 bytes +~~ total memory freed........: 9576372 bytes +~~ total allocations/frees...: 154655/154655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 2208 chars diff --git a/test/results/default/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/default/tls_heur__trojan-tcp-tls.pcapng.out index 4dc20c6c7..8046e4605 100644 --- a/test/results/default/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/default/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ -00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087} +00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999181087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181087,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADzyHEAAQAZKnX8AAAF\/AAAB7O4EOOE3LPkAAAAAoAL\/1\/4wAAACBP\/XBAIICrEoZggAAAAAAQMDBw=="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181104,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181104,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDjs7jONTa3hNyz6oBL\/y\/4wAAACBP\/XBAIICrEoZgixKGYIAQMDBw=="} @@ -72,7 +72,7 @@ 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999228105,"flow_src_last_pkt_time":1725367999228105,"flow_dst_last_pkt_time":1725367999228906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":38613,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999227989,"flow_src_last_pkt_time":1725367999227989,"flow_dst_last_pkt_time":1725367999228682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":39434,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999367164,"flow_dst_last_pkt_time":1725367999322863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7292,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8806301 bytes -~~ total memory freed........: 8806301 bytes -~~ total allocations/frees...: 140755/140755 +~~ total memory allocated....: 9570996 bytes +~~ total memory freed........: 9570996 bytes +~~ total allocations/frees...: 154722/154722 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 2169 chars diff --git a/test/results/default/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/default/tls_heur__vmess-tcp-tls.pcapng.out index 153f3b643..d8fecdef3 100644 --- a/test/results/default/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/default/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ -00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636} +00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050807636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807636,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwowkAAQAYT+H8AAAF\/AAABnMgEOHy9vSYAAAAAoAL68P4wAAACBAW0BAIICoRbnDUAAAAAAQMDBw=="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807653,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807653,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDicyAJPxIx8vb0noBL+iP4wAAACBAW0BAIICoRbnDWEW5w1AQMDBw=="} @@ -71,7 +71,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050978467,"flow_dst_last_pkt_time":1725132050978462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2070,"flow_src_tot_l4_payload_len":1405,"flow_dst_tot_l4_payload_len":10691,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050814218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -80,9 +80,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8878447 bytes -~~ total memory freed........: 8878447 bytes -~~ total allocations/frees...: 140758/140758 +~~ total memory allocated....: 9643109 bytes +~~ total memory freed........: 9643109 bytes +~~ total allocations/frees...: 154724/154724 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 1379 chars diff --git a/test/results/default/tls_heur__vmess-tcp.pcapng.out b/test/results/default/tls_heur__vmess-tcp.pcapng.out index f785eb3b6..016919237 100644 --- a/test/results/default/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/default/tls_heur__vmess-tcp.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604542518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542518,"pkt":"AAADBAAGAAAAAAAAClUIAEUAADwueUAAQAYOQX8AAAF\/AAABkWIEOC0ia0MAAAAAoAL\/1\/4wAAACBP\/XBAIICoL13hcAAAAAAQMDBw=="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542542,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542542,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDiRYncsq\/stImtEoBL\/y\/4wAAACBP\/XBAIICoL13heC9d4XAQMDBw=="} @@ -35,7 +35,7 @@ 00926{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606831814,"flow_dst_last_pkt_time":1725108606831771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":20846,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8765423 bytes -~~ total memory freed........: 8765423 bytes -~~ total allocations/frees...: 140687/140687 +~~ total memory allocated....: 9529926 bytes +~~ total memory freed........: 9529926 bytes +~~ total allocations/frees...: 154654/154654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars ~~ json message max len.......: 2221 chars diff --git a/test/results/default/tls_heur__vmess-websocket.pcapng.out b/test/results/default/tls_heur__vmess-websocket.pcapng.out index a793e8322..748bd60e4 100644 --- a/test/results/default/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/default/tls_heur__vmess-websocket.pcapng.out @@ -1,5 +1,5 @@ -00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335} +00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711295335,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295335,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwSqkAAQAYqEH8AAAF\/AAABrfQEOJ96Es4AAAAAoAL\/1\/4wAAACBP\/XBAIICtChiqgAAAAAAQMDBw=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295427,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295427,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDit9LL9yaKfehLPoBL\/y\/4wAAACBP\/XBAIICtChiqjQoYqoAQMDBw=="} @@ -35,7 +35,7 @@ 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469639,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":17,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711492259,"flow_dst_last_pkt_time":1725278711492259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":21168,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8839074 bytes -~~ total memory freed........: 8839074 bytes -~~ total allocations/frees...: 140689/140689 +~~ total memory allocated....: 9603544 bytes +~~ total memory freed........: 9603544 bytes +~~ total allocations/frees...: 154655/154655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 2451 chars diff --git a/test/results/default/tls_invalid_reads.pcap.out b/test/results/default/tls_invalid_reads.pcap.out index c573a63d1..4d5bf0233 100644 --- a/test/results/default/tls_invalid_reads.pcap.out +++ b/test/results/default/tls_invalid_reads.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1252380859868541} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1252380859868541} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859868541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1252380859868541,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859868541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1252380859868541,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1252380859884558,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"} @@ -8,11 +8,11 @@ 01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1252380859885010,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859903858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1252380859903858,"pkt":"ABy\/OaVxABTRQblQCABFIAAoZLsAADcGSFXOIT1xwKgKZQG7D3++yAIwc1S12FAQAC7dpgAAAAAAAAAA"} 01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859904145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":851,"midstream":0,"thread_ts_usec":1252380859904145,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"53611273a714cb4789c8222932efd5a7","ja4":"","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1421985541772794} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1421985541772794} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1421985541772794,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="} 01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859943054,"flow_dst_last_pkt_time":1252380859942787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":1329,"midstream":0,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1544035479538596} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1544035479538596} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479538596,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479538596} 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479721867,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479721867} @@ -21,7 +21,7 @@ 00743{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"} 01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1544035479768404} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1544035479768404} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/9 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8653751 bytes -~~ total memory freed........: 8653751 bytes -~~ total allocations/frees...: 140559/140559 +~~ total memory allocated....: 9418157 bytes +~~ total memory freed........: 9418157 bytes +~~ total allocations/frees...: 154525/154525 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 311 chars ~~ json message max len.......: 1348 chars diff --git a/test/results/default/tls_long_cert.pcap.out b/test/results/default/tls_long_cert.pcap.out index 7679c1ba8..36cf5e3f4 100644 --- a/test/results/default/tls_long_cert.pcap.out +++ b/test/results/default/tls_long_cert.pcap.out @@ -1,17 +1,17 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1553619078033240} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1553619078033240} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078033240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1553619078033240,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078033240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1553619078033240,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1553619078058439,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1553619078058524,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1553619078058524,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+yCMZpGX4AQCAq0dAAAAQEICiSv2Y7Qt2rg"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1553619078058827,"pkt":"BBjWMe9aeDHBvV4kCABFAAI5AABAAEAGNczAqAJ+aG\/XXesOAbssL+yCMZpGX4AYCAq5aAAAAQEICiSv2Y7Qt2rgFgMBAgABAAH8AwNIXs7ENgjZTiNTE9f7O6LZiEI6uIc1pNyGFGqcdf\/LQyBdW5a1Bj3nkJn1H8mNAZlpujswEx54IJ8raTCHYls3FgAi+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZGKigAAAAAAFgAUAAARd3d3LnJlcHViYmxpY2EuaXQAFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAEgAAADMAKwApSkoAAQAAHQAgHx3Qgw74Ok9EJ4ixjMksToTJ1f0PfjMmJ83bCaqtyGQALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1553619078058827,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1553619078058827,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078088544,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1553619078088544,"pkt":"eDHBvV4kBBjWMe9aCABFAAA0ITlAADYGIJhob9ddwKgCfgG76w4xmkZfLC\/uh4AQAOu5bwAAAQEICtC3av8kr9mO"} -01314{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078091883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1553619078091883,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -02780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078093048,"flow_dst_last_pkt_time":1553619078093749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1553619078093749,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1","blocks":0}}} -02146{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078157096,"flow_dst_last_pkt_time":1553619078157742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1610,"flow_dst_tot_l4_payload_len":13760,"midstream":0,"thread_ts_usec":1553619078157742,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8011.5,"max":34221,"stddev":11402.3,"var":130012760.0,"ent":3.6,"data": [25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1]},"pktlen": {"min":52,"avg":532.9,"max":1500,"stddev":584.9,"var":342142.3,"ent":4.1,"data": [64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1],"entropies": [4.464972496,5.400120735,5.115703106,4.441882610,5.233812809,6.523200512,6.789650440,5.070538998,7.259748936,5.109000683,7.672616482,5.192625999,6.387032032,6.158265114,7.732074261,7.074759483,5.192625999,5.272274494,6.411020756,5.192625999,5.541742325,7.789433956,7.819917679,7.870871544,5.154164314,5.154164314,5.032077789,7.695037842,5.154164314,7.862812519,7.871836662,7.867298126]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":96,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619149347313,"flow_dst_last_pkt_time":1553619149372363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":102711,"midstream":0,"thread_ts_usec":1553619149372363,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":182,"packets-processed":182,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1553619149372363} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078091883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1553619078091883,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +02781{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078093048,"flow_dst_last_pkt_time":1553619078093749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1553619078093749,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1","blocks":0}}} +02147{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078157096,"flow_dst_last_pkt_time":1553619078157742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1610,"flow_dst_tot_l4_payload_len":13760,"midstream":0,"thread_ts_usec":1553619078157742,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8011.5,"max":34221,"stddev":11402.3,"var":130012760.0,"ent":3.6,"data": [25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1]},"pktlen": {"min":52,"avg":532.9,"max":1500,"stddev":584.9,"var":342142.3,"ent":4.1,"data": [64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1],"entropies": [4.464972496,5.400120735,5.115703106,4.441882610,5.233812809,6.523200512,6.789650440,5.070538998,7.259748936,5.109000683,7.672616482,5.192625999,6.387032032,6.158265114,7.732074261,7.074759483,5.192625999,5.272274494,6.411020756,5.192625999,5.541742325,7.789433956,7.819917679,7.870871544,5.154164314,5.154164314,5.032077789,7.695037842,5.154164314,7.862812519,7.871836662,7.867298126]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":96,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619149347313,"flow_dst_last_pkt_time":1553619149372363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":102711,"midstream":0,"thread_ts_usec":1553619149372363,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it"}} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":182,"packets-processed":182,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1553619149372363} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 182/182 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8710372 bytes -~~ total memory freed........: 8710372 bytes -~~ total allocations/frees...: 140782/140782 +~~ total memory allocated....: 9474779 bytes +~~ total memory freed........: 9474779 bytes +~~ total allocations/frees...: 154749/154749 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars -~~ json message max len.......: 2785 chars -~~ json message avg len.......: 1620 chars +~~ json message max len.......: 2786 chars +~~ json message avg len.......: 1621 chars diff --git a/test/results/default/tls_malicious_sha1.pcapng.out b/test/results/default/tls_malicious_sha1.pcapng.out index f9ed3b93e..2c2ddef28 100644 --- a/test/results/default/tls_malicious_sha1.pcapng.out +++ b/test/results/default/tls_malicious_sha1.pcapng.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702228308364885} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702228308364885} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308364885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702228308364885,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308364885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1702228308364885,"pkt":"ILAB4IZiNObXAhsnht1gBp8UACgGQCABCwcKPcESlyb2Q6g4sMQqABRQQAIEFAAAAAAAACATnWYBu84tckQAAAAAoAL\/KH9nAAACBAWMBAIICukUG0AAAAAAAQMDBw=="} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308367897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1702228308367897,"pkt":"NObXAhsnILAB4IZiht1gDMV9ACgGeioAFFBAAgQUAAAAAAAAIBMgAQsHCj3BEpcm9kOoOLDEAbudZrVQLe3OLXJFoBL\/\/4e2AAACBATEBAIICnEgCajpFBtAAQMDCA=="} @@ -10,7 +10,7 @@ 01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308398326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1702228308398326,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 01498{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308398348,"flow_dst_last_pkt_time":1702228308398561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":4628,"midstream":0,"thread_ts_usec":1702228308398561,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","server_names":"www.prbtest.dev","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1D4","subjectDN":"CN=www.prbtest.dev","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:DB:34:F8:75:63:2C:7E:1E:C0:9D:75:82:7F:82:D2:33:6D:FE:B6","blocks":0}}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308484038,"flow_dst_last_pkt_time":1702228308437375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":4762,"midstream":0,"thread_ts_usec":1702228308484038,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1702228308484038} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1702228308484038} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8656612 bytes -~~ total memory freed........: 8656612 bytes -~~ total allocations/frees...: 140564/140564 +~~ total memory allocated....: 9420986 bytes +~~ total memory freed........: 9420986 bytes +~~ total allocations/frees...: 154530/154530 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1503 chars diff --git a/test/results/default/tls_missing_ch_frag.pcap.out b/test/results/default/tls_missing_ch_frag.pcap.out index 669c6ccaa..ab7cc9fd5 100644 --- a/test/results/default/tls_missing_ch_frag.pcap.out +++ b/test/results/default/tls_missing_ch_frag.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626252471399786} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626252471399786} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471399786,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626252471399786,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471399786,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626252471399786,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAA8hHQAAH0G5JMKCgoBwKgAAQG7gScvWJhthsBAKqAS\/\/9QwwAAAgQFtAQCCApDaqR2wYhnewEDAwg="} 01943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1090,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1090,"pkt_l4_len":1056,"thread_ts_usec":1626252471549953,"pkt":"WPmHGpl1ZIeIEyz\/CABFAAQ0\/b1AADMGcVLAqAABCgoKAYEnAbuGwEAqL1iYboAYAKxR2gAAAQEICsGIaBBDaqR2FgMBBdwBAAXYAwNEa2hVTZJgASBSwfkI66LYxvlq75ZhdUSD3hgV+1QPOSD\/YaaV0OXvSK6c4cW3cThct7voag1kyNOqp2BHGtTdrgAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAVviooAAAAAACwAKgAAJ3IxLS0tc24tNWY1bnhndmg1by1oanVsLmdvb2dsZXZpZGVvLmNvbQAXAAD\/AQABAAAKAAwACvr6QTgAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwTBBL\/6+gABAEE4BJJN2na6uqPHrTPCb\/ILC4h5b3iKIpiqhO312LpjPLgWI86KCmdcCFKYTA3q3tYncymKC7UeIblB55L9t0UFbXqgEn\/fqdxSz6ckZsrtMqwRqfX2cel2WxfY\/aCfW\/vDYB9cWgIbMVWFo2botYfIlYMs0+p+iPkUjoVrNGSCC2VFWOOl1kkUQlsLOGuuFrivum9yxjiZNtHxmAMLLE0umqwruzOY3v9MhI11X9Rs2e4pdwrusuWg+crjjLJLuNx2PDVhjGTRlSvKZIDkgs584qrnA4lK+6TMLkjjfdVqz8YlHU\/ukhF\/OkMR4STHU0TtP9j6fb5+IBTm4M3T7+aKBDgbO5Hlh5+C8KkuBZGMPCbCyyKyiMwmwYV6w4Z7FsEw4szZms4D1vNzCTtzmDX1iFlrRZ39HnHTOWGlFhOSpWxQ1alyFepq0amj5qrD5lEvsid4WL9YWPA6iEH+lS2HeVFxxX6+jjMoxiIobXnjSbihlEeJcjau9qW1HFM5Cf5OK6fgE+qsckMrRD+YBi7IR3FZyn50e4A3B8EUBjnUVb1WOvGXtljlHpAsp7E+9dpaG79UnFS1oz42rTBAf+hfswwdjp6OUNAy3mW\/mKgdG2DJUB1G6xGuCdDkvCiNAMuiSu0sn+24wJf35y13AA5Q3yi6BouVJ3zsl70B8HaknCCcr6p2NTZO9CpEW2h85dbOzpy6RvfWJDYrSXlz7xTgBc3xb9NFXoe92VswvO\/t9Y\/euwUjjOCHegKSVZeTWzbyQet6U0oOGhLjzN1lccJPGSSiHgjhQeZsHB4JeDMe8JqFXFLLBAU5aZJ7DOpRoMquil1EUV0AwlN2ufTfLnLEVoThaC8bUobosvXMg7TyMFtHlSBIAfIvnjqMWiuXTg416E50S3\/9\/mUZYnOfu30kw0DWTkH7rVL7FRcnryKmnk26KijDapfaBn3tczZ6CkMEklqww1oSSqMFwGKANYj9ia0u9A467OwvDTGpp9NQuw4Dpr2\/LPsZcQ=="} @@ -8,7 +8,7 @@ 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1626252471561460,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561460,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoEAAH0G3SIKCgoBwKgAAQG7gScvWJ3ahsBGC4AQARQdlwAAAQEICkNqpRfBiGgQLjUyE6mzLz+vWovIaoDU7c1aSmNZ7ckkGpcjHq+Zs6kWfD0Do8FrM4cLVV8PUqsQI0Gn956PKHQW3yAdxqD9JQczlAn8Q3x9QAEJNGr6flpe6S5CaTqM6FoDp\/dLFlwLBTeiibV6ZJvrJtn5X9\/fewzJTdwBjRiQ9PuN69skL1uu7AWFSGSpHWPd3wTy7jq83fttcU15jnhv1jWjYbX0myHuvDb9jMe6+t4tjxxTHB7fn14x5ShHvXoHCPL3b9ekqDP9txy0NMOzkk1iGhLGy0TMLhDepafRYgXDNUQA0jq+FeMFM1mI9qRuolZcxYCl6magHjI6Yzk8NbBzxvlq2i\/l01oDXmOyETOneNxaDpMEA5ULsGYeHjbnoH6+WNaIwrChoggZmXW998QtH2VnhTbpB+a+vTVY347dyVc+wBODPa\/qj7KH3Igi0b9PKWOWrCUGUEz25BBGlbeFm5e2jQG2FBbXSf4sGvR\/7Em2tVplLwJdfED3AJRds7xxCFa1aE2FFjVkpRR3deYTSedcPAHD8Ot1pKHb+2OtoxaLpzEd2LvaWfH+APj9rXPwnppF+rxzzG+FbFSONBmzqeyJjdMUXkkDq8iSkg4SWVPPCj4UX8A69WGYd1LAnTyax6GQQy5D142NsvpAhAid2vKYgBgSl5KIgvEaWfqHzqOfVn7XxiT+luD3e5TsozVOb09kvcfIjgXRaRc7J8R4VWrtwQw3S0UmJgfJ7voaPb1bk8PjJyTvaOsyR4460u3IgpLvelLz4J7gDf0ouy\/+rWmbVihg6yzCS0nXHITykyGI1I1+GMpZRgBl5Kf5vC8qfgfEqfJ8E62nCkXp4iszrdKiXiGGejfE6CkCBduKfTFyV5t35wYVxGNJF3OIC6o+pVn+jgGZelAqlQcIyAmBD9pYpaKBGo2W\/a9XbKJuBNLxvghTm0KLJQjHmHYcT0r5wtryOVlb8d4ygj9G88V6orvZcTrzxu3uo53ZrzFCTQK1Tbma70xIH9gTOoxU4rfphwXW7DPcMYC2wVEPRxQZicL8pZxw8rEuNcNLP\/jcOxWreWsaMcExdlsgoIwQJjlqIeO2yw5MerYsKb+koSWLz32E9iubBIvzdnqCcj4yUD2+NSwphRb\/j8FJXJ6Yjli4wusIoQQKVEpY3WpyUbmUUOlXYgSirH6oFhCApF1KZ4ZjoISl7g7j\/QF\/\/eNL7F9EsM92sCop2padW0b\/CxdNSBHjgQT9rqU\/5Wrv4s194NQQA6XLN8E5BjUUbhwT8XZRFqaFTlUPVdEvjpMyPB2fX3HY0XlTfpBjHYjJ7N9ypazmAf3\/2SltbgI9AL2J+QyCGUmM7btpWTPvRIU77ZXPeHuwdVJ66YN4q3JH7DYkCupd5rzFWDNCpYcp+7hLBtJxBC7ixKVCwCb5A3JDWy3kFXKvmU+PufQMPBY64EwXmheRdAeMiDBoTyT5NB0rzH36BPawUCiBp6ngUgeVwF4wp5NYWCTxvSu1n9xn6dNScFch3F9270gfEVIyPT8PLMXJHqedWWabErPWAiqpWUVODVDKK8td5QsQxTuRDDeiXDHxFSbkqSbZwzXfJRW+XNgLCizmMLLRgyxq1mTlPgy11\/vV6sU\/uuh\/OQT2S3xjKJrV+BUAnbSb18NrNROH64cnLN+D\/DT5QPWo6DPRmKiRLvay1Q78D3C6kP4y+NAdpTYaJm8ae5zHb8sa0+1Fq7AFDmxBGSuNEUM7gY0yPQEtz2NCtO+iJ7nVT5lTYudViuJaeAPp4iUOCpzTa8y7pYq7Mw7IM+rqKtWFbBHy5RlgnUEqDvAjcF3j\/FYtWQlRS\/7c50Vh8UE2DTYqu7OeV7w="} 02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1626252471561481,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561481,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoIAAH0G3SEKCgoBwKgAAQG7gScvWKNGhsBGC4AQARRbywAAAQEICkNqpRfBiGgQRaOfchYHfhkEuC+plydgQpXSK9I6ZkSYOkCsdCiCnDmK0WwRx57RrGKWw2KHjtIVlQ\/4zQUTZ5jfEvt97SYQbBDdcLHULbKkEbNedv3iYxXxjT+nCb4IXSchmmTSGQECdaqDj5h79oc4CjRX\/4cATKK\/qcxeRESDvN6tq3yxkZYFG8+N+Arf0e\/wdmZBZBZybFhkJwA\/1YpmFd320ieTDe92z9NUz1culXvp8lPlRhI3RMm\/xmjaed+arMpZO7rY+Q\/e3rg3FOXdr0T5xYxZnEHs2LSXEcqagca0DH5kvLPZ7UYRtU0SHlh2LFXa470iU8qQ+AIYwMcgNxkz9RLy8QUDp1NeYj6a7DuAONGUN6TjhdSeskZ51YNna8nHRAfWO\/mNpfS+fo7ECjkbzuxyraKe99lMQV9SDZQSRzHb9McaufyEQmf4owwlZ5ixKuhXkdZEsOJBs9rjtcIQ56qOizQeKcMkHVPYGK2r0GnHeE5VJcCycgsuOezT+QCvbrZLaPU5crNcY0vQ5LTY4UrKbLbJQiAI2W+HrDdtGMGfnXdDxWf2dNLWxoosntoLuYzhD0zo4\/89xh2MaQv8ukMhBYzyGHApxJK2zPP28UJk59XiR5t5cNI6wE1ypz+3zeT6VMImVsQKr8mX5UwbJV5NR1wGD9YJUZTKzP3mKVx4NYSn04DAkTg5GS8G6RwmfYpFfwy52S8UIekf8KlDMFGZY\/hsNIvYUzjlrg5eHINAovTJIoprQsDi2Zcb8itOX2ZlAx0U7VQjske86xyrNL29NGkEJGvaiSdOkC1fN\/0hC5xMVZdqWGs1ctl8immhsx\/5pvHB1w+TN4i5\/vIkBleKBuZR1yTfNVS7eKSVoFSOjabkOQSmnxPkGnedUoV5zGaqP2gSNB5XulklcOGO\/6dgcaY7lb1vaWcc2wk5nKOrUEhEkZDUD43AqlncBiSPTOEERBRHqSY79rkfpxoOtKjTAkJoq2Ln2Ne9eKQ+lgHk4Kkz8hSc\/G20klTxnYyyxuJcukthpO\/CGQJiVi9C1tgng0rG7jx8jRFW07oxmOa7ceSS6N\/asgsYbGLaItsqhe4b94MNOvL8INUmpNWpBrSe447hATYea4nYdlWcB17QV+yS3NrVygWvyUUSh+uO0U3cR9+yvO\/AP\/1lnnNllCAViXXp4NFqVL2r+R7nkQ25+zCvkBM\/OIed8bOoGQ6f70gTGCmk2W5mej\/dFwnjNrqC43Iv18QXnnBKqoyRosrvYj4PSraBWlHocnugHlhdlsCR7LikvWPQtGVjayQshq8l2Ez2JGK\/xOjNB28ZMqaOlWlhodgcZVXFvmABgrO6QGSsRcJ9OIpjO\/u0qn519WG6O2bkfZkMKq6GnDN\/eUUkQx6w2ESTIaKLjMwYBri89DYsubD9cmBW4cZVwnbUl4ECYN9pQbGDnoPvLHOOPbvTNVEtQuGH\/CbBqBzlwqwdtGEQHMRPb2c8UHaiESvtSCQeA\/NjnUZYIT5BJfO9rFiZoBXosTLyObfmZK1gLb4qd7fClq1zNt1vxijHgbjY3hncITIKuBNHa+HW0FK07V5bn6lqfG75pOsFo84vaWxlDkuQ4yF+svLcRACkRbeKse+1R63Y9mPfiCvBMUWZBxLBIX3lb8u3WScx0AmC99+EgId8\/QNZydqfBAiFrq5dMWyyfZgXuqhgEziEwhi926d1FttgIxGE1D34kr1iqzPxKFcIi55Zmeq6q8zEfMhrDhRVIRwO6P+QhYDuvXKAjfjWVnB66R\/zLie\/R4yV74PcgieI+Jd0B3DlvlUEEFOrmVJxi6RGdSpjig66uZCI+Ahxx0JlkB8j1V3DaaR1rXc="} 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471614928,"flow_dst_last_pkt_time":1626252471774171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1957,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":6121,"flow_dst_tot_l4_payload_len":3029,"midstream":0,"thread_ts_usec":1626252471774171,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1626252471774171} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1626252471774171} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657111 bytes -~~ total memory freed........: 8657111 bytes -~~ total allocations/frees...: 140551/140551 +~~ total memory allocated....: 9421485 bytes +~~ total memory freed........: 9421485 bytes +~~ total allocations/frees...: 154517/154517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 2446 chars diff --git a/test/results/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/default/tls_multiple_synack_different_seq.pcapng.out index ea522d33a..08d16b910 100644 --- a/test/results/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,16 +1,16 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054241336766} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054241336766} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054241336766,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054241336766,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054241336766,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054241336766,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76hcOOx8Ly+TVr4AS\/\/\/YwQAAAgQFmAMDCAEEAgEB"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639054243383123,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054243383123,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76hcOOx8Ly+TVr4AS\/\/\/YwQAAAgQFmAMDCAEEAgEB"} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639054255176225,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054255176225,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76heqdkwFy+TVr4AS\/\/8PjAAAAgQFmAMDCAEEAgEB"} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639054270239927,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054270239927,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76heoqQ0Ay+TVr4AS\/\/9QXgAAAgQFmAMDCAEEAgEB"} 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639054270239927,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1639054270551210,"pkt":"AAAAAAAAAAEATp6rCABFAAItAABAAD8GZRfAqAABCgoKAeoXAbvL5NWvqKkNAVAYIAAOjQAAFgMBAgABAAH8AwPRpuiJzKi\/CAC9rIZI8bugSVncK9HzssrvnThR\/kPMNiCHaXgUnhifcS1Ra\/QTiS0f79cIbjnryt5pZhcz7wWBcgAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT+voAAAAAADYANAAAMWJvbHQtcHJvZC1zMy1ldS13ZXN0LTEuczMuZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20AFwAA\/wEAAQAACgAKAAj6+gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKfr6AAEAAB0AIAXls2oN4bu+PcQ0RivslzO6RVx9Richvv37GLgQ8oFxAC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAgoKAAEAABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270239927,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270551210,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01390{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712706,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712706,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -02087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.s3-eu-west-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76","blocks":0}}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054270712778} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270239927,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270551210,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AWS_S3","proto_id":"91.463","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01387{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712706,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712706,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AWS_S3","proto_id":"91.463","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +02084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AWS_S3","proto_id":"91.463","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.s3-eu-west-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76","blocks":0}}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AWS_S3","proto_id":"91.463","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054270712778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8664872 bytes -~~ total memory freed........: 8664872 bytes -~~ total allocations/frees...: 140565/140565 +~~ total memory allocated....: 9429246 bytes +~~ total memory freed........: 9429246 bytes +~~ total allocations/frees...: 154531/154531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 575 chars -~~ json message max len.......: 2092 chars -~~ json message avg len.......: 1283 chars +~~ json message max len.......: 2089 chars +~~ json message avg len.......: 1282 chars diff --git a/test/results/default/tls_port_80.pcapng.out b/test/results/default/tls_port_80.pcapng.out index bf1c770fd..b34092eea 100644 --- a/test/results/default/tls_port_80.pcapng.out +++ b/test/results/default/tls_port_80.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744619257945} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744619257945} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619257945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744619257945,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619257945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744619257945,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619383792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744619383792,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744630475192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744633780253,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12i550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1618744633908597} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1618744633908597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649370 bytes -~~ total memory freed........: 8649370 bytes -~~ total allocations/frees...: 140551/140551 +~~ total memory allocated....: 9413744 bytes +~~ total memory freed........: 9413744 bytes +~~ total allocations/frees...: 154517/154517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 1529 chars diff --git a/test/results/default/tls_torrent.pcapng.out b/test/results/default/tls_torrent.pcapng.out index 506a1c793..061e9ec21 100644 --- a/test/results/default/tls_torrent.pcapng.out +++ b/test/results/default/tls_torrent.pcapng.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054407415018} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054407415018} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407415018,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054407415018,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054407415018,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054407415018,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639054407427808,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054407427808,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} @@ -10,7 +10,7 @@ 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639054407574962,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1639054407574962,"pkt":"AAAAAAAAAAcAAh9nCABFAAWguhUAAOMGQ44KCgoBwKgAAQG75dqEHFNtEe7pu1AQAAUYcAAATOdWegB3AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfCYcl7YAAAQDAEgwRgIhAK4QNflwf2+HmIqhCL9XiHr\/3hZ4rrGkhnfWeFejDXyxAiEAkt4xpF+LNjEYvkL7B3tjWsbNVXyTtKH9fOJGtd3NG3swDQYJKoZIhvcNAQELBQADggEBAIFf2lmzR3Mwx1K7jh2VeoyiVGSWAcezryvzzvuJkFttEXNY9uQ6fzVJ1GQwHY8Sgk4RebBUmLhxeHVBfbL4oklNJVitp3p0rJlVE66ss2RvgGq+BLxu8QkuSBvws6zi5r1mCJHh6DlGGb\/l8FXxnxlRL9iztFjmEDreL\/juCdzrKe4yoFY9OwFK0hDfG6NY5eXFxMDAvqJ3aHoK2c+0FO1kROazovg3o3Sb0vhbjlT\/Mvxcygcek7IjdtKQTqXGaT3UdrQTZZmrCaHWPIvNhYuEuIcPApBXT31DgdD5bjzjBMZ76wnMcGd1Wcajuonylorrq+jtjuunrrK1xqwO5vMABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08="} 01656{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","domainame":"web.utorrent.com","tls": {"version":"TLSv1.2","server_names":"*.utorrent.com,utorrent.com","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","ja4":"t12d860600_e18388e7f3a3_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8","blocks":0}}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054407576647} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054407576647} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661599 bytes -~~ total memory freed........: 8661599 bytes -~~ total allocations/frees...: 140549/140549 +~~ total memory allocated....: 9425973 bytes +~~ total memory freed........: 9425973 bytes +~~ total allocations/frees...: 154515/154515 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2426 chars diff --git a/test/results/default/tls_unidirectional.pcap.out b/test/results/default/tls_unidirectional.pcap.out index 6097ecbc1..a430d18bb 100644 --- a/test/results/default/tls_unidirectional.pcap.out +++ b/test/results/default/tls_unidirectional.pcap.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1716391295141432} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1716391295141432} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1716391295141432,"flow_src_last_pkt_time":1716391295141432,"flow_dst_last_pkt_time":1716391295141432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1716391295141432,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1716391295141432,"flow_dst_last_pkt_time":1716391295141432,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1716391295141432,"pkt":"BBjWBrNamAGnpQyTCABFEABAAABAAEAGtJDAqALGwKgCAcV0AbvJdNGHAAAAALAC\/\/9WmgAAAgQFtAEDAwYBAQgKU2WkuAAAAAAEAgAA"} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1716391295141432,"flow_dst_last_pkt_time":1716391295144129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1716391295144129,"pkt":"mAGnpQyTBBjWBrNaCABFAAA8AABAAEAGtKTAqAIBwKgCxgG7xXQXDCaiyXTRiKAScSAokwAAAgQFtAQCCAp2IRoMU2WkuAEDAwU="} @@ -8,7 +8,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1716391298433365,"flow_dst_last_pkt_time":1716391298435643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1716391298435643,"pkt":"mAGnpQyTBBjWBrNaCABFAAA0SwlAAEAGaaPAqAIBwKgCxgG7xXQXDCajyXTRioAQA4mrOwAAAQEICnYhJudTZbGU"} 00929{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1716391295141432,"flow_src_last_pkt_time":1716391299826932,"flow_dst_last_pkt_time":1716391299826821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1716391299826932,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1716391295141432,"flow_src_last_pkt_time":1716391299826932,"flow_dst_last_pkt_time":1716391299826821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1716391299826932,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1716391299826932} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1716391299826932} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647118 bytes -~~ total memory freed........: 8647118 bytes -~~ total allocations/frees...: 140542/140542 +~~ total memory allocated....: 9411492 bytes +~~ total memory freed........: 9411492 bytes +~~ total allocations/frees...: 154508/154508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 934 chars diff --git a/test/results/default/tls_verylong_certificate.pcap.out b/test/results/default/tls_verylong_certificate.pcap.out index 466d557d7..9cb5c78a3 100644 --- a/test/results/default/tls_verylong_certificate.pcap.out +++ b/test/results/default/tls_verylong_certificate.pcap.out @@ -1,5 +1,5 @@ -00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} +00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} @@ -11,7 +11,7 @@ 03982{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h1_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} 01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8847130 bytes -~~ total memory freed........: 8847130 bytes -~~ total allocations/frees...: 140724/140724 +~~ total memory allocated....: 9611537 bytes +~~ total memory freed........: 9611537 bytes +~~ total allocations/frees...: 154691/154691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 3987 chars diff --git a/test/results/default/tls_with_huge_ch.pcapng.out b/test/results/default/tls_with_huge_ch.pcapng.out index 8605e5ead..38bf282bc 100644 --- a/test/results/default/tls_with_huge_ch.pcapng.out +++ b/test/results/default/tls_with_huge_ch.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722705809121409} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722705809121409} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705809121409,"flow_dst_last_pkt_time":1722705809121409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705809121409,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722705809121409,"flow_dst_last_pkt_time":1722705809121409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705809121409,"pkt":"CL6sL1vgJjb1q0oRCABFAAA8\/K5AAEAGkqGsHlTB0P3Zjp7AAbtJBsIzAAAAAKAC\/\/9ilAAAAgQFtAQCCAq83NFrAAAAAAEDAwk="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722705810148119,"flow_dst_last_pkt_time":1722705809121409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705810148119,"pkt":"CL6sL1vgJjb1q0oRCABFAAA8\/K9AAEAGkqCsHlTB0P3Zjp7AAbtJBsIzAAAAAKAC\/\/9ekQAAAgQFtAQCCAq83NVuAAAAAAEDAwk="} @@ -9,7 +9,7 @@ 01546{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705812759372,"flow_dst_last_pkt_time":1722705812695734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11423,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705812759372,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13i1811h2_f71e3e15ae0d_5c3a8cf9b2bc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02530{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705812759372,"flow_dst_last_pkt_time":1722705812898719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11423,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705812898719,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":239202.4,"max":2012351,"stddev":473245.9,"var":223961677824.0,"ent":3.0,"data": [1026710,1168280,1014023,2012351,2192,420,20309,996657,23024,142064,364,141901,250,227258,1480,197,261,228178,1493,260,259,202424,192,1415,182,144,201161,608,1037,164,15]},"pktlen": {"min":52,"avg":410.5,"max":1076,"stddev":482.4,"var":232750.2,"ent":4.0,"data": [60,60,60,60,60,52,52,1076,60,52,1076,1076,52,52,1076,1076,1076,1076,52,52,52,52,1076,1076,1076,1076,211,52,52,52,52,52]},"bins": {"c_to_s": [5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,1],"entropies": [4.825882912,4.792549610,5.346035480,5.379368782,4.792549610,5.118428230,5.118428230,2.408794641,5.379368782,5.195351601,0.482256204,0.482256204,5.079966545,5.195351124,0.481554657,0.481554657,0.485973686,0.484114915,5.195351601,5.156889915,5.156889915,5.065449238,0.481554657,0.481554627,0.478994340,0.480853081,1.871818542,5.118428230,5.079966545,5.118428230,5.118428230,5.156889915]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01327{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":194,"flow_dst_packets_processed":234,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705840605309,"flow_dst_last_pkt_time":1722705840791503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":38922,"flow_dst_tot_l4_payload_len":51750,"midstream":0,"thread_ts_usec":1722705840791503,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":428,"packets-processed":428,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1722705840791503} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":428,"packets-processed":428,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1722705840791503} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 428/428 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8735354 bytes -~~ total memory freed........: 8735354 bytes -~~ total allocations/frees...: 140977/140977 +~~ total memory allocated....: 9499761 bytes +~~ total memory freed........: 9499761 bytes +~~ total allocations/frees...: 154944/154944 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 2535 chars diff --git a/test/results/default/toca-boca.pcap.out b/test/results/default/toca-boca.pcap.out index 3895ab864..ab216ff50 100644 --- a/test/results/default/toca-boca.pcap.out +++ b/test/results/default/toca-boca.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648999646082000} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648999646082000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648999646082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1648999646082000,"pkt":"eJS0JASgYDjgxTWgCABFAABUT6gAAD8RuzzAqAJkW8dR4cP9E78AQBEY\/\/8AAQAAAAQitua6Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648999646082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,12 +7,12 @@ 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648999646128000,"flow_dst_last_pkt_time":1648999646116000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1648999646128000,"pkt":"eJS0JASgYDjgxTWgCABFAABxT6sAAD8RuxzAqAJkW8dR4cP9E78AXV\/iu8gAAgAAADIitua6Af8ABAAAABQAAAAAAAAAAH370YUGAAEEAAAANQAAAAHzAAEIHkEGAwBmMzYxNWExNy02MDg0LTQwYzUtYmZkNS0yZmZiYTRkMQ=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648999646128000,"flow_dst_last_pkt_time":1648999646161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1648999646161000,"pkt":"YDjgxTWgeJS0JASgCABFAABLMqoAADsR3ENbx1HhwKgCZBO\/w\/0AN2KSAAAAAn370bQitua6AQAAAAAAABQAAAAAAAAAAQAAADIGAAEAAAAADwAAAAHzAQA="} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648999646194000,"flow_dst_last_pkt_time":1648999646161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1648999646194000,"pkt":"eJS0JASgYDjgxTWgCABFAAC7T7gAAD8RusXAqAJkW8dR4cP9E78Ap6eQu8gAAwAAAHQitua6AQAABAAAABQAAAAAAAAAAX370bQGAAEEAAAAcwAAAALzBgABAUNgHwPphFRWEeG7K1su8dh7ceJAIgMbYEW8\/IlaIVUMHV0pUYGkvKEUCp0YWnRyweSVzbsPVZeP3OdC\/CCq\/oATU+qSsKMyrHnO8SqUZVPoXQLHChtZdlXOpTLON959iRFoDP8BBAAAAAwAAAAC"} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1649338791869000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1649338791869000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649338791869000,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1649338791869000,"pkt":"eJS0JASgYDjgxTWgCABFAABUquwAAD8RF0nAqAJkXCaaMaQmE78AQOkN\/\/8AAQAAAA0lI+N2Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649338791869000,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999647452000,"flow_dst_last_pkt_time":1648999648493000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":386,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":991,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1649339413371000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1649339413371000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339413371000,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339413371000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1649339413371000,"pkt":"eJS0JASgYDjgxTWgCABFAABUVGwAAD8RbcnAqAJkXCaaMdj4E78AQKGB\/\/8AAQAAAA8HHhQ0Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339413371000,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339413371000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -24,7 +24,7 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339424328000,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339424328000,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1649339424328000,"pkt":"YDjgxTWgeJS0JASgCABFAABojnsAAHkR+aVcJpoxwKgCZBO\/gGMAVCBGAAAAAhCV6uVoVFlOAf8AAAAAABQAAAAAAAAAAQAAABAD\/wEAAAAALAAAAAA0zASwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339424328000,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339424328000,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1649357329801000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1649357329801000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357329801000,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357329801000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1649357329801000,"pkt":"eJS0JASgYDjgxTWgCABFAABxId0AAD8R6VDAqAJkW8dRe9bHE78AXZvqAZ0AAgAAADR76ExLAf8AAAAAABQAAAAAAAAAAIrS+jcGAAEEAAAANQAAAAHzAAEIHkEEAQA4MjYyMDUzMS04NzM3LTQ4MjQtOGZkMi1hNGQyOWUyNA=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357329801000,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357329801000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -52,13 +52,13 @@ 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1649357796478000,"pkt":"eJS0JASgYDjgxTWgCABFAAC76dUAAD8RIQ7AqAJkW8dRe5FiE78Ap9\/gQYIAAwAAEKFwWW0qAQAAAAAAABQAAAAAAAAAAYraGScGAAEEAAAAcwAAAALzBgABAUNgqO2TCWkNPwQmb\/To5eafmHwk2M3jcXw+syR8\/2ZkLpAnxsjBo9NJIRg3niLIEBe1BKRcjcw9VsSC9Wp8xiV3ZwLnTCAQMR7QxRv8JFOFvJff26sic0VghOwZl+0g5UdBDP8BBAAAAAwAAAAC"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357796478000,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357796478000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357623776000,"flow_src_last_pkt_time":1649357623776000,"flow_dst_last_pkt_time":1649357623776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357796478000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":52,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1649358122834000} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":52,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1649358122834000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649358122834000,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1649358122834000,"pkt":"YDjgxTWgeJS0JASgCABFAACyLPAAADsR4fxbx1F7wKgCZBO\/gh8AnmVJAAAAAorfFD0zMIisAQAAAAAAABQAAAAAAAAAAgAAAG4GAAEAAAAAdgAAAALzBwAAAAgBAUNg8vSS5O+J\/XjOQQuCE\/Kz82hilWidCgaS8LTWICvsbjJnfEWbmMIZg+HqoUshflWYbYRWr5V8d81p2Yo8Hq57m1zea2a8m\/5YufPz7tt8hhSQ3WPzZMeBz21Wv8GmKuYQ"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649358122834000,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357796478000,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357623776000,"flow_src_last_pkt_time":1649357623776000,"flow_dst_last_pkt_time":1649357623776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1649360879587000} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1649360879587000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649360879587000,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649360879587000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1649360879587000,"pkt":"YDjgxTWgeJS0JASgCABFAACykLMAADsRfjlbx1F7wKgCZBO\/nWIAnpDwAAAAAosJJVgh87CXAQAAAAAAABQAAAAAAAAAAgAAAn4GAAEAAAAAdgAAAALzBwAAAAgBAUNgLNWb5SaCJAocJvmSqainbl+Oa4DJn3IT4qVSI8qFj6X5DLzbYJpCJ8LrRJdeJ7QpAQUlDLFkzmCIsWSJViCx2U\/siT702DkXpm6dZLrYzkK0dSx2ekQBCbW\/YHJC1uBB"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649360879587000,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649360879587000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -70,7 +70,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649361166006000,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649361166006000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649361166006000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8JwkAAD8R5FnAqAJkW8dRe94gE78AKB4+Pk0AAQAADyI7JuZnAQAAAAAAABQAAAAAAAAAA4sNhA4="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649361166006000,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649361166006000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":56,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1649411629031000} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":56,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1649411629031000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411629031000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649411629031000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d50AAD8Rk8XAqAJkW8dRe8WoE78AKHeQB0IAAQAAAiMEvRHkAQAAAAAAABQAAAAAAAAAA44Pjyk="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411629031000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -88,18 +88,18 @@ 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"thread_ts_usec":1649411857970000,"pkt":"YDjgxTWgeJS0JASgCABFAAHhCAgAADsRBbZbx1F7wKgCZBO\/kS8Bza5qAAAAAo4TDaEsoxytBwAAAAAAACAAAAACAAAAAfME4gPjDRYC5Q03COQN3wMGAAEAAAABmQAAAAPzA+YAAAgC3x7dB4ADNjVOQzAyZGNzN0NUenlXakNnbnRIZGQ4Uzc2NXZZeXdsTy9qM3pYcW9OdGpvRkozdTlGZHFjeUVpeksvdktmMy9IdldhSkwySW9EdW9Ia0VPSE1sYkQ2aHlPVlBGZkpSaEtxUnRuZUVYNUdGZ0NMRkF1WGl1ai9FdHd2RWFRdURVM3dUZXY3WTFCZ0pqL0tHaHhVdnBDWHpLWkFIb3ZVdkVZNDk0dmFMQSswNlJrUHBXNnVJNU9JYzZSaU5ZODhuK0RtYTRtdm11bGZQakZzQWxCNlE2WlZWZGpoWnJOV1NQcjlaL0ROR2VaUlRFNEc4aEFJZDRrRVl4ZWExZE1UU2Y0cHhmL3RibndmcVdvQ2JWNmhsbE5nSkt3akF0REkxQUV3cmZVeUdxLytxaUc3S2RWVXpDRndMSDVUdWRCRU1vak5XTjlNM0RsV0FHZnBtaW14T1g1S2pmWWw2WkhLV3RKRmhuNUM4dmN6dXZWTTdJZENXeXZzWWl3Umhuam9O"} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411857970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649411716027000,"flow_src_last_pkt_time":1649411718310000,"flow_dst_last_pkt_time":1649411718292000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":473,"flow_src_tot_l4_payload_len":836,"flow_dst_tot_l4_payload_len":834,"midstream":0,"thread_ts_usec":1649411857970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":73,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1649756653649000} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":73,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1649756653649000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649756653649000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8JawAADsR6bdbx1F6wKgCZBO\/hscAKBKXAAAAAa\/cVZosVa4ZAQAAAAAAABQAAAAAAAAABAAAATQ="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649411716027000,"flow_src_last_pkt_time":1649411718310000,"flow_dst_last_pkt_time":1649411718292000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":473,"flow_src_tot_l4_payload_len":836,"flow_dst_tot_l4_payload_len":834,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01161{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411857970000,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":453,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":453,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411857970000,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":453,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":453,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1649949002676000} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1649949002676000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649949002676000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1649949002676000,"pkt":"YDjgxTWgeJS0JASgCABFAATMcx8AADsRl01bx1HhwKgCZBO\/xKEEuJV9AAAAAbaSYs0pd\/HxCAABAAAABKQAAAAFAAAABQAAAAsAAAAAAAAtKgAAAADzBOYB3hXbAQcgYnVzY28gYW1pZ29zIHNveSBwb2xpY2lhIGZyYW5jZXMVBwcCc3QG8KfG20BqSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBwU0OTExMhUHBwJzdAYOLbLdRgoyQQP9HAP8AwoHAm1kAwEHAm1wAxkHAnN2IgP\/AwoHB1NoZXJsb24VBwcCc3QGcT0Kp+h8QkED\/RwD\/AMKBwJtZAMBBwJtcAMFBwJzdiID\/wMKBxNnYXRvcyBnYW1lXzEwOjUzOjMyFQcHAnN0BjeJQaB7OklBA\/0cA\/wDCgcCbWQDAQcCbXADDwcCc3YDAQP\/AwoHCTEwMDAwNDAwMBUHBwJzdAbjpZt0D0BJQQP9HAP8AwoHAm1kAwEHAm1wAwcHAnN2IgP\/AwoHCeaIkeeahOWPkRUHBwJzdAaWQ4v8vMVJQQP9HAP8AwYHAm1kAwEHAm1wAxQHAnN2IgP\/AwYHEHB2cCBoYXJkZWNvcvCfkoAVBwcCc3QG\/tR42XVFSUED\/RwD\/AMJBwJtZAMBBwJtcAMPBwJzdiID\/wMKBwU0MzY4MhUHBwJzdAbn+6nx3kJJQQP9HAP8AwoHAm1kAwEHAm1wAxwHAnN2IgP\/AwoHBGJvdDMVBwcCc3QGAAAAkNDkSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBw4gZ2FtZV8wMjozNTo0MxUHBwJzdAYzMzNDUqhJQQP9HAP8AwoHAm1kAwEHAm1wIgcCc3YDAQP\/AwoHCkdUQSBWIGxpZmUVBwcCc3QGqvHS3eg1SUED\/RwD\/AMKBwJtZAMBBwJtcAMBBwJzdiID\/wMKBxPRg9GDMSBnYW1lXzA2OjE0OjIwFQcHAnN0BrByaKHFz0ZBA\/0cA\/wDCgcCbWQDAQcCbXADCwcCc3YDAQP\/AwoHBTY1MjIwFQcHAnN0BolBYKUCYEdBA\/0cA\/wDCgcCbWQDAQcCbXAiBwJzdiID\/wMKBwU4MTU0OBUHBwJzdAbfT433oXoxQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHDiBnYW1lXzA0OjMwOjQxFQcHAnN0BqabxBDRRUlBA\/0cA\/wDCgcCbWQDAQcCbXADHQcCc3YDAQP\/AwoHBTI4NjQ1FQcHAnN0Bi2ynf8p6kpBA\/0cA\/wDCgcCbWQDAQcCbXADFQcCc3YiA\/8DCgcFMTMxNjUVBwcCc3QGvHSTeDIhQ0ED\/RwD\/AMKBwJtZAMBBwJtcAMVBwJzdiID\/wMKBwU0NDg2OBUHBwJzdAYZBFbuLowxQQP9HAP8AwoHAm1kAwEHAm1wAw0HAnN2IgP\/AwoHCWphamFqYWphahUHBwJzdAYbL90E6kNDQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHBDcxNjAVBwcCc3QGj8L16LZhMkED\/RwD\/AMKBwJtZCIHAm1wAxsHAnN2IgP\/AwoHBuWSjOW5sxUHBwJzdAacxCBQ\/Po0QQP9HAP8AwoHAm1kAwIHAm1wAwMHAnN2"} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649949002676000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":75,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1649959918209000} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":75,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1649959918209000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1649959918209000,"pkt":"YDjgxTWgeJS0JASgCABFAATMlmcAADsRdGxbx1F6wKgCZBO\/3lgEuGJXAAAAAbv54rwVf+7RCAABAAAABKQAAAAFAAAABQAAAB4AAAAAAACDaAAAAADzBOYAAd5oAfRzAAkyNTY1ODIyODNoAAhi\/W8BcwACTFZzAARNYWxscwACQ0x5AARpAAAAAgAAAAMAAAAEAAAABXMAAkNUcwABQWL8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTM2MDA2OTEyNWgABGL\/YgpzAAJMVnMABlNjaG9vbGL9bwFi\/GIHcwAKMjExMDU4MjkwNGgACGL9bwFzAAJMVnMABlNjaG9vbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAGRGlncmVmYvxiB3MAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5OTY4MzY0MmgACGL9bwFzAAJMVnMABE1hbGxzAAJDTHkAAWkAAAAFcwACQ1RzAAFRYvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAkxNTUyMTI1OTdoAAhi\/W8BcwACTFZzAAdGYWN0b3J5cwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAjZgdin2LHYs2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTc2NjI2NTIyN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAARCYW5pYvxiCXMAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5MTc3MDA5N2gACGL9bwFzAAJMVnMABk9mZmljZXMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAEWmFza2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzU4NjQ3NzY4aAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwADY2F0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzMzNTE4NjcyaAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAFVmlyZ2li\/GIKcwACQ1BzAABzAAJDR28BYv9iCnMACTg0ODM1MzYzN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAdnaXltZXJ0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzQ5OTgwOTQ2aAAIYv1vAXMAAkxWcwAGU2Nob29scwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAZ2dnZ2dnZi\/GIJcwACQ1BzAABzAAJDR28BYv9iCnMACjE1ODg5MTA3NDVoAAhi\/W8BcwACTFZzAAZTY2hvb2xzAAJDTHkABmkAAAAAAAAAAQAAAAIAAAADAAAABAAAAAVzAAJDVHMABjExMjIzM2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzY2Njk2NjY0aAAE"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -107,7 +107,7 @@ 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01164{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":77,"packets-processed":76,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1650009948783000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":77,"packets-processed":76,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1650009948783000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1650009948783000,"pkt":"YDjgxTWgeJS0JASgCABFAATMx5YAADsRQtZbx1HhwKgCZBO\/qI8EuNNNAAAAAbo0YlQBhGKwCAABAAAABKQAAAAIAAAABQAAAAgAAAADAAAj7AAADYwDAgcCbXAiBwJzdiID\/wMKBwU1NDI1ORUHBwJzdAb0\/dQYS1k2QQP9HAP8AwEHAm1kIgcCbXADDQcCc3YiA\/8DAgdI0LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtSBnYW1lXzEwOjI3OjAxFQcHAnN0BnsUrmeuBTZBA\/0cA\/wDAQcCbWQDAQcCbXADHgcCc3YDAQP\/AwoHCEdhbWU4NjgzFQcHAnN0BvLSTULOBjZBA\/0cA\/wDAQcCbWQDAgcCbXADIAcCc3YiA\/8DAQcIR2FtZTIxMjkVBwcCc3QG8tJNsnClS0ED\/RwD\/AMBBwJtZAMCBwJtcAMWBwJzdiID\/wMBBwNvcmEVBwcCc3QG+n5qXFaeS0ED\/RwD\/AMHBwJtZAMCBwJtcAMgBwJzdiID\/wMKBwhHYW1lNTA4NBUHBwJzdAakcD2aTKZLQQP9HAP8AwEHAm1kAwIHAm1wAxUHAnN2IgP\/AwEHCEdhbWU2ODM3FQcHAnN0BlpkO2+BpEtBA\/0cA\/wDAQcCbWQDAgcCbXADGwcCc3YiA\/8DAQcIR2FtZTc1MDIVBwcCc3QGxSCwkiDnREED\/RwD\/AMBBwJtZAMCBwJtcAMZBwJzdiID\/wMBBwhHYW1lODMzNRUHBwJzdAamm8TQnahLQQP9HAP8AwEHAm1kAwIHAm1wIgcCc3YiA\/8DAQcIR2FtZTg5MjYVBwcCc3QGtvP9xMypS0ED\/RwD\/AMBBwJtZAMCBwJtcAMeBwJzdiID\/wMBBwRtZW1lFQcHAnN0Bq5H4YrzN0lBA\/0cA\/wDAgcCbWQDAgcCbXADHgcCc3YiA\/8DAgcIR2FtZTMxMjUVBwcCc3QGHVpkG0xbNkED\/RwD\/AMBBwJtZAMCBwJtcAMdBwJzdiID\/wMBBwhHYW1lNDQxMxUHBwJzdAYzMzMT7lo2QQP9HAP8AwEHAm1kAwIHAm1wAw4HAnN2IgP\/AwEHAzAwMBUHBwJzdAb+1Hi5oeZEQQP9HAP8AwIHAm1kAwIHAm1wAx4HAnN2IgP\/AwIHCEdhbWUyMDU4FQcHAnN0Bilcj7LI5kRBA\/0cA\/wDAQcCbWQDAgcCbXADBwcCc3YiA\/8DAQcIR2FtZTQ2OTYVBwcCc3QGoBovvVRbNkED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMBBwUyMzQzMBUHBwJzdAZWDi2CBeZEQQP9HAP8AwEHAm1kAwIHAm1wAxsHAnN2IgP\/AwoHCEdhbWU3NDUzFQcHAnN0BhkEVo6EOUlBA\/0cA\/wDAQcCbWQDAgcCbXADDQcCc3YiA\/8DAQcFNjA4NDIVBwcCc3QGuB6Fq9mpS0ED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMKBwRPa3VsFQcHAnN0BkSLbMc\/WzZBA\/0cA\/wDAwcCbWQDAQcCbXADFAcCc3YiA\/8DCgcIR2FtZTQzODYVBwcCc3QGYhBYacWlS0ED\/RwD\/AMBBwJtZAMCBwJtcAMV"} 01164{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -115,7 +115,7 @@ 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1650009948783000} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1650009948783000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -124,9 +124,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8695882 bytes -~~ total memory freed........: 8695882 bytes -~~ total allocations/frees...: 140833/140833 +~~ total memory allocated....: 9460896 bytes +~~ total memory freed........: 9460896 bytes +~~ total allocations/frees...: 154799/154799 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2176 chars diff --git a/test/results/default/tor-browser.pcap.out b/test/results/default/tor-browser.pcap.out index a37a5a49d..217158222 100644 --- a/test/results/default/tor-browser.pcap.out +++ b/test/results/default/tor-browser.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740414101931034} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740414101931034} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414101931034,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101931034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414101931034,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"192.168.0.16","src_port":55566,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101931034,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1740414101931034,"pkt":"vCQRCcFhvCQRHuR3CABFAABIeAIAAIARAADAqAB7wKgAENkOADUANIIhZ9QBAAABAAAAAAAADGNoZWNrYXBwZXhlYwltaWNyb3NvZnQDY29tAAABAAE="} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414101931034,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101931034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414101931034,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"192.168.0.16","src_port":55566,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"checkappexec.microsoft.com","domainame":"checkappexec.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -73,7 +73,7 @@ 01329{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1740414129565167,"flow_src_last_pkt_time":1740414130749676,"flow_dst_last_pkt_time":1740414129594610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2068,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"194.164.197.45","src_port":64625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially_Dangerous","category_id":2,"category":"VPN"}} 01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1740414107462120,"flow_src_last_pkt_time":1740414130749966,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.16","dst_ip":"192.168.0.123","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1740414101935457,"flow_src_last_pkt_time":1740414102081279,"flow_dst_last_pkt_time":1740414102081245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1499,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":2231,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"172.211.159.152","src_port":64613,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":169,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":70255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1740414131166428} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":169,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":70255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1740414131166428} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 169/165 ~~ skipped flows.............: 0 @@ -82,9 +82,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8924278 bytes -~~ total memory freed........: 8924278 bytes -~~ total allocations/frees...: 140893/140893 +~~ total memory allocated....: 9688986 bytes +~~ total memory freed........: 9688986 bytes +~~ total allocations/frees...: 154861/154861 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2782 chars diff --git a/test/results/default/tor.pcap.out b/test/results/default/tor.pcap.out index 11d8dac29..b86615aa1 100644 --- a/test/results/default/tor.pcap.out +++ b/test/results/default/tor.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1383821660212806} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1383821660212806} 00288{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821660212806,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821660212806} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821660212806,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00288{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821662212866,"packet_id":2,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821662212866} @@ -153,7 +153,7 @@ 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1383822224935668,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822224935668,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhCWMBZjPcAAgAAgMgAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1383822232938483,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822232938483,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhBkMBZjPcAAgAAgZAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822214039100,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822232938483,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":495,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":117122,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":156,"global_ts_usec":1383822262211943} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":495,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":117122,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":156,"global_ts_usec":1383822262211943} 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822265160118,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":319,"avg":8727092.0,"max":72890007,"stddev":22568808.0,"var":509351076823040.0,"ent":2.1,"data": [59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034]},"pktlen": {"min":40,"avg":312.0,"max":1500,"stddev":345.9,"var":119666.8,"ent":4.2,"data": [52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]},"bins": {"c_to_s": [9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822265221448,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01360{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":21,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822265221448,"flow_dst_last_pkt_time":1383822265220844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5885,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially_Dangerous","category_id":2,"category":"VPN","hostname":"www.gfu7hbxpfp.com"}} @@ -163,7 +163,7 @@ 01371{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":23,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821726553851,"flow_dst_last_pkt_time":1383821727479587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5770,"flow_dst_tot_l4_payload_len":8096,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially_Dangerous","category_id":2,"category":"VPN","hostname":"www.q4cyamnc6mtokjurvdclt.com"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131785827,"flow_dst_last_pkt_time":1383822131929382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1654,"flow_dst_tot_l4_payload_len":2534,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822274144364,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":514,"packets-processed":349,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":117266,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1383822276211998} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":514,"packets-processed":349,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":117266,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1383822276211998} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 514/349 ~~ skipped flows.............: 0 @@ -172,9 +172,9 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8867401 bytes -~~ total memory freed........: 8867401 bytes -~~ total allocations/frees...: 141074/141074 +~~ total memory allocated....: 9632272 bytes +~~ total memory freed........: 9632272 bytes +~~ total allocations/frees...: 155045/155045 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 293 chars ~~ json message max len.......: 2583 chars diff --git a/test/results/default/tplink_shp.pcap.out b/test/results/default/tplink_shp.pcap.out index 0b1f72540..25fb8d22f 100644 --- a/test/results/default/tplink_shp.pcap.out +++ b/test/results/default/tplink_shp.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671480246580620} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671480246580620} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480246580620,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -129,7 +129,7 @@ 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480773884477,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480820817294,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480829271720,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":81,"packets-processed":80,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1671480846725682} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":81,"packets-processed":80,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1671480846725682} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480852858303,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480798218993,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480855668852,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -210,7 +210,7 @@ 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481373980200,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481420854606,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481429280552,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1671481446878800} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1671481446878800} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481452994794,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481398291656,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481455655666,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -291,7 +291,7 @@ 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481974156304,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671482020847120,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671482029297368,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":294,"global_ts_usec":1671482047021959} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":294,"global_ts_usec":1671482047021959} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482053161546,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481998330813,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671482055666013,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -311,7 +311,7 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671482058418105,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482113211224,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671482107022461,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":251,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1671482115665844} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":251,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1671482115665844} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 251/251 ~~ skipped flows.............: 0 @@ -320,9 +320,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668949 bytes -~~ total memory freed........: 8668949 bytes -~~ total allocations/frees...: 140853/140853 +~~ total memory allocated....: 9433547 bytes +~~ total memory freed........: 9433547 bytes +~~ total allocations/frees...: 154819/154819 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 2290 chars diff --git a/test/results/default/trdp.pcapng.out b/test/results/default/trdp.pcapng.out index 867a23262..ef4e3200a 100644 --- a/test/results/default/trdp.pcapng.out +++ b/test/results/default/trdp.pcapng.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723810608335977} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723810608335977} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1723810608335977,"flow_src_last_pkt_time":1723810608335977,"flow_dst_last_pkt_time":1723810608335977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723810608335977,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.138","src_port":45482,"dst_port":17225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1723810608335977,"flow_dst_last_pkt_time":1723810608335977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1723810608335977,"pkt":"CAAn3fxv8C90rUP1CABFYAA8+LxAAEAGDt3AqFjnwKhYirGqQ0nzfO+VAAAAAKAC+vAy8QAAAgQFtAQCCAoRbapHAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1723810608335977,"flow_dst_last_pkt_time":1723810608336075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1723810608336075,"pkt":"8C90rUP1CAAn3fxvCABFYAA8AABAAEAGB5rAqFiKwKhY50NJsapWPA2X83zvlqAS\/ogD\/QAAAgQFtAQCCAqWroRpEW2qRwEDAwc="} @@ -18,7 +18,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1723810608348266,"flow_src_last_pkt_time":1723810608348266,"flow_dst_last_pkt_time":1723810608348266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1723810608348266,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.138","src_port":45318,"dst_port":17225,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TRDP","proto_id":"424","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1723810608335977,"flow_src_last_pkt_time":1723810608348266,"flow_dst_last_pkt_time":1723810608348259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1723810608348266,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.138","src_port":45482,"dst_port":17225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TRDP","proto_id":"424","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1723810608348266,"flow_src_last_pkt_time":1723810608348266,"flow_dst_last_pkt_time":1723810608348266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723810608348266,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.138","src_port":47228,"dst_port":17224,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TRDP","proto_id":"424","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1723810608348266} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1723810608348266} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650116 bytes -~~ total memory freed........: 8650116 bytes -~~ total allocations/frees...: 140569/140569 +~~ total memory allocated....: 9414554 bytes +~~ total memory freed........: 9414554 bytes +~~ total allocations/frees...: 154535/154535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/trickbot.pcap.out b/test/results/default/trickbot.pcap.out index c6830d4f7..7134c4ed2 100644 --- a/test/results/default/trickbot.pcap.out +++ b/test/results/default/trickbot.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1609266107551500} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1609266107551500} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107551500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609266107551500,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107551500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1609266107551500,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107797175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1609266107797175,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="} @@ -10,7 +10,7 @@ 01652{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266107797702,"flow_dst_last_pkt_time":1609266108728827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1358,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1358,"midstream":0,"thread_ts_usec":1609266108728827,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"82.118.225.196","domainame":"82.118.225.196","http": {"url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Windows 10"}}} 02558{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266109737227,"flow_dst_last_pkt_time":1609266110219915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":27187,"midstream":0,"thread_ts_usec":1609266110219915,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":156585.2,"max":931328,"stddev":258444.3,"var":66793451520.0,"ent":3.3,"data": [245675,245918,203,81,530,37,931085,931328,2339,2280,480234,19,480300,297566,15,8,7,8,7,8,8,7,7,6,9,297680,227938,227937,482874,14,14]},"pktlen": {"min":40,"avg":930.0,"max":1500,"stddev":662.5,"var":438885.5,"ent":4.5,"data": [52,44,40,389,968,40,40,1398,40,1398,40,1500,1323,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,276,40,1398,40,1500,1500,1194]},"bins": {"c_to_s": [7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1],"entropies": [4.776611805,4.925117970,4.762815475,5.824206829,6.033888340,4.784183979,4.834183693,7.786707878,4.931687355,7.831421852,4.931687355,7.870709896,7.856476307,4.931687355,7.869441509,7.864507675,7.865448475,7.873723507,7.871662140,7.892165661,7.878643513,7.860257149,7.887190342,7.870031357,7.873756886,7.255901337,4.931687355,7.870108604,4.931687355,7.875472546,7.873021603,7.864452362]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"82.118.225.196"}} 01363{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266115947454,"flow_dst_last_pkt_time":1609266115947521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":56713,"midstream":0,"thread_ts_usec":1609266115947521,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"82.118.225.196"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":74,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1609266115947521} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":74,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1609266115947521} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 74/74 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649596 bytes -~~ total memory freed........: 8649596 bytes -~~ total allocations/frees...: 140620/140620 +~~ total memory allocated....: 9413970 bytes +~~ total memory freed........: 9413970 bytes +~~ total allocations/frees...: 154586/154586 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2563 chars diff --git a/test/results/default/tristation.pcap.out b/test/results/default/tristation.pcap.out index dbe331fc7..97e553792 100644 --- a/test/results/default/tristation.pcap.out +++ b/test/results/default/tristation.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1521551151071836} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1521551151071836} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1521551151071836,"flow_src_last_pkt_time":1521551151071836,"flow_dst_last_pkt_time":1521551151071836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1521551151071836,"l3_proto":"ip4","src_ip":"192.168.1.88","dst_ip":"192.168.1.2","src_port":33279,"dst_port":1502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1521551151071836,"flow_dst_last_pkt_time":1521551151071836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":48,"pkt_l4_len":14,"thread_ts_usec":1521551151071836,"pkt":"AFnwmSGFZCm27lwjCABFAAAiVXhAAEARYajAqAFYwKgBAoH\/Bd4ADvFNAQAAAAH8"} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1521551151071836,"flow_src_last_pkt_time":1521551151071836,"flow_dst_last_pkt_time":1521551151071836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1521551151071836,"l3_proto":"ip4","src_ip":"192.168.1.88","dst_ip":"192.168.1.2","src_port":33279,"dst_port":1502,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TriStation","proto_id":"455","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -87,7 +87,7 @@ 00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":140,"flow_first_seen":1521551151071836,"flow_src_last_pkt_time":1521551510624942,"flow_dst_last_pkt_time":1521551510843359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":1050,"flow_src_tot_l4_payload_len":2910,"flow_dst_tot_l4_payload_len":30948,"midstream":0,"thread_ts_usec":1521551510843359,"l3_proto":"ip4","src_ip":"192.168.1.88","dst_ip":"192.168.1.2","src_port":33279,"dst_port":1502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TriStation","proto_id":"455","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":295,"flow_dst_packets_processed":294,"flow_first_seen":1521551151071836,"flow_src_last_pkt_time":1521551556618769,"flow_dst_last_pkt_time":1521551556617833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":1050,"flow_src_tot_l4_payload_len":5390,"flow_dst_tot_l4_payload_len":62056,"midstream":0,"thread_ts_usec":1521551556618769,"l3_proto":"ip4","src_ip":"192.168.1.88","dst_ip":"192.168.1.2","src_port":33279,"dst_port":1502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TriStation","proto_id":"455","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":443,"flow_dst_packets_processed":443,"flow_first_seen":1521551151071836,"flow_src_last_pkt_time":1521551586451840,"flow_dst_last_pkt_time":1521551586462161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":1050,"flow_src_tot_l4_payload_len":8092,"flow_dst_tot_l4_payload_len":96628,"midstream":0,"thread_ts_usec":1521551586462161,"l3_proto":"ip4","src_ip":"192.168.1.88","dst_ip":"192.168.1.2","src_port":33279,"dst_port":1502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TriStation","proto_id":"455","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":896,"packets-processed":896,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":106554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":38,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1521551586462161} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/tristation.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":896,"packets-processed":896,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":106554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":38,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1521551586462161} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 896/896 ~~ skipped flows.............: 0 @@ -96,9 +96,9 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8695186 bytes -~~ total memory freed........: 8695186 bytes -~~ total allocations/frees...: 141539/141539 +~~ total memory allocated....: 9459880 bytes +~~ total memory freed........: 9459880 bytes +~~ total allocations/frees...: 155505/155505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 524 chars ~~ json message max len.......: 2244 chars diff --git a/test/results/default/tumblr.pcap.out b/test/results/default/tumblr.pcap.out index 617987544..ed88807ee 100644 --- a/test/results/default/tumblr.pcap.out +++ b/test/results/default/tumblr.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605292102219041} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605292102219041} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292102219041,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102219041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292102219041,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292102219041,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292102602965,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292102602965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -32,7 +32,7 @@ 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292104650967,"flow_src_last_pkt_time":1605292104650967,"flow_dst_last_pkt_time":1605292104650967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292104650967,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1605292104650967,"flow_dst_last_pkt_time":1605292104650967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292104650967,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoWdXXNVgBAB9YSyAAABAQgKTYTpp8Lc6wE="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1605292104650967,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292104716333,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jEKGgBAMSBTRAAABAQgKwt2b\/U1+nj4="} -02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292103810303,"flow_src_last_pkt_time":1605292105112205,"flow_dst_last_pkt_time":1605292105112063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":382,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":607,"flow_dst_tot_l4_payload_len":11474,"midstream":1,"thread_ts_usec":1605292105112205,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":83989.1,"max":700859,"stddev":188930.8,"var":35694845952.0,"ent":2.6,"data": [870,91738,194148,2,1,2772,104383,700859,700827,1324,5830,44963,352,357119,395282,1534,2,2,1,1,1,1,2,1529,39,13,18,11,13,13,12]},"pktlen": {"min":72,"avg":449.5,"max":1472,"stddev":576.4,"var":332266.9,"ent":4.0,"data": [454,111,111,72,72,72,111,72,944,72,107,184,72,72,1460,72,84,1472,1472,1472,1472,835,1472,1472,72,72,72,72,72,72,72,72]},"bins": {"c_to_s": [11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]},"directions": [0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0],"entropies": [7.475968361,5.973469734,5.991487980,5.083631992,5.055854321,5.055854321,5.836178780,5.218127251,7.768151760,5.245904922,5.915576458,6.683409691,5.034884930,5.073147297,7.871325970,5.162571907,5.437397003,7.868166924,7.884456158,7.861326694,7.846504688,7.733069897,7.846429825,7.853037357,5.218127251,5.218127251,5.218127251,5.218127251,5.218127251,5.190349579,5.245904922,5.190349579]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02158{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292103810303,"flow_src_last_pkt_time":1605292105112205,"flow_dst_last_pkt_time":1605292105112063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":382,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":607,"flow_dst_tot_l4_payload_len":11474,"midstream":1,"thread_ts_usec":1605292105112205,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":83989.1,"max":700859,"stddev":188930.8,"var":35694845952.0,"ent":2.6,"data": [870,91738,194148,2,1,2772,104383,700859,700827,1324,5830,44963,352,357119,395282,1534,2,2,1,1,1,1,2,1529,39,13,18,11,13,13,12]},"pktlen": {"min":72,"avg":449.5,"max":1472,"stddev":576.4,"var":332266.9,"ent":4.0,"data": [454,111,111,72,72,72,111,72,944,72,107,184,72,72,1460,72,84,1472,1472,1472,1472,835,1472,1472,72,72,72,72,72,72,72,72]},"bins": {"c_to_s": [11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]},"directions": [0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0],"entropies": [7.475968361,5.973469734,5.991487980,5.083631992,5.055854321,5.055854321,5.836178780,5.218127251,7.768151760,5.245904922,5.915576458,6.683409691,5.034884930,5.073147297,7.871325970,5.162571907,5.437397003,7.868166924,7.884456158,7.861326694,7.846504688,7.733069897,7.846429825,7.853037357,5.218127251,5.218127251,5.218127251,5.218127251,5.218127251,5.190349579,5.245904922,5.190349579]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105170049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":246,"pkt_l4_len":192,"thread_ts_usec":1605292105170049,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHAMAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/HZTRuvUgBgSELhfAAABAQgKdG+lysLdLW8XAwMAm7+VUv5v3n1cEKhvA7Obmk7hW69laavu9OZNOdP5v2aiE9LYEKQeHffn7vm6VstuW5LB+GPd1bdCCYxPrQ8cpXXvSrRBde7Ubgvulsw\/eGF6vJKgoYXL5h04lY18ojPm\/cV9tUPretg64t\/hG52\/jXKkQ9+5e1GR1KuJgn1MWQ\/97vN82J\/Jt388ivkqQMfP0T\/jvMqs33Elwytq"} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105170049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -270,7 +270,7 @@ 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292122804785,"flow_dst_last_pkt_time":1605292122804743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":767,"flow_dst_tot_l4_payload_len":604,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292122804785,"flow_dst_last_pkt_time":1605292122804743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":767,"flow_dst_tot_l4_payload_len":604,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1605292103804319,"flow_src_last_pkt_time":1605292104013801,"flow_dst_last_pkt_time":1605292104013772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":400,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":446,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -311,7 +311,7 @@ 00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122484196,"flow_dst_last_pkt_time":1605292122517767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":212,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":755,"packets-processed":755,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":294634,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1605292122899206} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":755,"packets-processed":755,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":294634,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1605292122899206} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 755/755 ~~ skipped flows.............: 0 @@ -320,9 +320,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9414028 bytes -~~ total memory freed........: 9414028 bytes -~~ total allocations/frees...: 141909/141909 +~~ total memory allocated....: 10179973 bytes +~~ total memory freed........: 10179973 bytes +~~ total allocations/frees...: 155878/155878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 573 chars ~~ json message max len.......: 2241 chars diff --git a/test/results/default/tunnelbear.pcap.out b/test/results/default/tunnelbear.pcap.out index 4e5efd95b..f5db9eb07 100644 --- a/test/results/default/tunnelbear.pcap.out +++ b/test/results/default/tunnelbear.pcap.out @@ -1,4 +1,4 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":180833453,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180833453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":204,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":180833453,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180833453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":180833453,"pkt":"UlQAEjUCCAAns+YuCABFAADok9pAAEARvW8KAAIPjl1OT+EkymwA1AI7AQAAADFmGKwJrQ4czaGW2fivZifDA9bZgR+goGC1L1XT5Tb4ffONTEiIno7ADCXgv6ivhjOazMjC\/t3fNY+F6sUlmLsJKJDCgyGPUnt\/\/rJPAiu0ANf8FF8A7J313jnyFJAtRq6DvVU3WC8bIK2TvwFn3bJURdR7JOOW8a4igqigeFA5ckhI5+F1XHPSmY8AS0K+sKuVxh08pxhxLPsdtwiOTkCR0xbrNfYg21AogaRMjbfQPsSLDYOaMYAAAAAAAAAAAAAAAAAAAAAA"} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":180920999,"pkt":"CAAns+YuUlQAEjUCCABFAACABmkAAEARi0mOXU5PCgACD8ps4SQAbB8QAgAAAALKGgAxZhisCgAFM6wRAwETE2VWnB7YZghBjVnpNQ3KTJTOED2SjFWO8s1dICoQdyfV8AE0uBoG0OSiaX+P0MRGTYfAATJAL6RBGx5gpd\/iAAAAAAAAAAAAAAAAAAAAAA=="} @@ -6,7 +6,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":180921737,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":180921737,"pkt":"UlQAEjUCCAAns+YuCABFAAA8lA5AAEARvecKAAIPjl1OT+EkymwAKBGZBAAAAALKGgAAAAAAAAAAANEgI73FyY4eHUJx9U1UE5w="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":180952857,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":180952857,"pkt":"UlQAEjUCCAAns+YuCABFAABslChAAEARvZ0KAAIPjl1OT+EkymwAWDU4BAAAAALKGgABAAAAAAAAAFC28F6vCsoDQl1BKDztz8bTxV\/i8iNoB8iJi5BnnIjKt8JoCFNvi2krNfZLHpmfDClTm9SLapiAtgmos93886Q="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":180952885,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":180952885,"pkt":"UlQAEjUCCAAns+YuCABFAABslClAAEARvZwKAAIPjl1OT+EkymwAWGIoBAAAAALKGgACAAAAAAAAAN+OZseZLG64qqjwhSSP6cXIgA4mV8Kre\/iZWIHFbWaRmSmw1+rPHtcU3wDw6AmdNtXHewk7LByBQZPbfZbxTAc="} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1655734524312623} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1655734524312623} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524312623,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524312623,"pkt":"ABoRAAACABoRAAABCABFAAA8wQ5AAEAGbKcKCAABaBGa7MQCAbs6\/WaPAAAAAKAC\/\/8qygAAAgQFtAQCCAoBY6eBAAAAAAEDAwg="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524319931,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGXXZoEZrsCggAAQG7xALFAplwOv1mkFAS\/\/\/dDQAA"} @@ -198,7 +198,7 @@ 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734756001569,"flow_dst_last_pkt_time":1655734755950969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":2760,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01058{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":433,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94189,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":21,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":22,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1655734778245353} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":433,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94189,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":21,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":22,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1655734778245353} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 433/433 ~~ skipped flows.............: 0 @@ -207,9 +207,9 @@ ~~ total active/idle flows...: 22/22 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8853631 bytes -~~ total memory freed........: 8853631 bytes -~~ total allocations/frees...: 141326/141326 +~~ total memory allocated....: 9618776 bytes +~~ total memory freed........: 9618776 bytes +~~ total allocations/frees...: 155295/155295 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2181 chars diff --git a/test/results/default/tuya_lp.pcap.out b/test/results/default/tuya_lp.pcap.out index ddcc5c676..05083b350 100644 --- a/test/results/default/tuya_lp.pcap.out +++ b/test/results/default/tuya_lp.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671220121927386} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671220121927386} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220121927386,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtTsAAP8RUnvAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -104,7 +104,7 @@ 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220125048168,"flow_src_last_pkt_time":1671220155060818,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.234","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220124943616,"flow_src_last_pkt_time":1671220154967079,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.240","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220122307161,"flow_src_last_pkt_time":1671220157322347,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.202","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":98,"packets-processed":98,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1671220158572989} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":98,"packets-processed":98,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1671220158572989} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 ~~ skipped flows.............: 0 @@ -113,9 +113,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8676552 bytes -~~ total memory freed........: 8676552 bytes -~~ total allocations/frees...: 140750/140750 +~~ total memory allocated....: 9441310 bytes +~~ total memory freed........: 9441310 bytes +~~ total allocations/frees...: 154716/154716 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/ubntac2.pcap.out b/test/results/default/ubntac2.pcap.out index e23f8cd92..66d1c5528 100644 --- a/test/results/default/ubntac2.pcap.out +++ b/test/results/default/ubntac2.pcap.out @@ -1,4 +1,4 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":270431719,"flow_src_last_pkt_time":270431719,"flow_dst_last_pkt_time":270431719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":254,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":254,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":270431719,"l3_proto":"ip4","src_ip":"192.168.1.138","dst_ip":"255.255.255.255","src_port":60790,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":270431719,"flow_dst_last_pkt_time":270431719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":270431719,"pkt":"\/\/\/\/\/\/\/\/dKy5bMEkCABFAAEaIrFAAEARVPDAqAGK\/\/\/\/\/+12JxEBBgVRAgYA+jUABP8AAAA1AAQAAAAANQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAAAIACnSsuWzBJMCoAYo1AAT\/\/\/8AAQAGdKy5bMEkCgAEAEsf5gsABUFDUHJvDAAFVTdQRzIDACNCWi5xY2E5NTZ4XzYuNi43NysxNTQwMi4yNDA4MTMuMDkzNBYADDYuNi43Ny4xNTQwMhUABVU3UEcyFwABABgAAQAZAAEBGgABARMABnSsuWzBJBIABAAAAAEbAAUzLjQuMScACGzPYx5MclIbKgAQoL0SJJZDS0aMz2MeTHJSGzgAAQA="} 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":270431719,"flow_src_last_pkt_time":270431719,"flow_dst_last_pkt_time":270431719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":254,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":254,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":270431719,"l3_proto":"ip4","src_ip":"192.168.1.138","dst_ip":"255.255.255.255","src_port":60790,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","ubntac2": {"version":"BZ.qca956x_6.6.77+15402.240813.0934"}}} @@ -10,7 +10,7 @@ 01374{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":324203041,"flow_src_last_pkt_time":324206078,"flow_dst_last_pkt_time":324203788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1223,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1223,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":324206078,"l3_proto":"ip4","src_ip":"192.168.1.138","dst_ip":"192.168.1.204","src_port":35726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.UBNTAC2","proto_id":"7.31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"192.168.1.204","domainame":"192.168.1.204","http": {"url":"192.168.1.204:8080\/inform","code":0,"content_type":"","user_agent":"AirControl Agent v1.0","request_content_type":"application\/x-binary"}}} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":324206078,"flow_dst_last_pkt_time":324217088,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":324217088,"pkt":"dKy5bMEkCAAnOk7TCABFAAEEo8JAAIAG0YrAqAHMwKgBih+Qi45vHg0PuyPHK1AYAPstwAAASFRUUC8xLjEgMjAwIA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWJpbmFyeQ0KQ29udGVudC1MZW5ndGg6IDEwOQ0KRGF0ZTogVGh1LCAxMCBBcHIgMjAyNSAwODo1MjozMyBHTVQNCg0KVE5CVQAAAAB0rLlswSQACaVQrTeO6H5+yL\/lOmTcemoAAAABAAAARQyUch0bb5RH+RCj53kxmJ5Zch3L1UvgTAzOzGsvFQXutjdAl3pJxuqo4ZTS3JhWRyBRCspVhr4s38w6MvnS44jby297fA=="} 00943{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":270431719,"flow_src_last_pkt_time":270431719,"flow_dst_last_pkt_time":270431719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":254,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":254,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":324221953,"l3_proto":"ip4","src_ip":"192.168.1.138","dst_ip":"255.255.255.255","src_port":60790,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1486943433175002} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1486943433175002} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943433175002,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1486943433175002,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="} 01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943433175002,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031"}}} @@ -40,7 +40,7 @@ 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1486943504301123,"flow_dst_last_pkt_time":1486943504301123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1486943504301123,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4hAAEARuPDAqAEB\/\/\/\/\/6dWJxEAt\/Q2AgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADepwsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdYbAAU0LjAuMA=="} 01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943504301123,"flow_src_last_pkt_time":1486943504301123,"flow_dst_last_pkt_time":1486943504301123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031"}}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943453510239,"flow_src_last_pkt_time":1486943453510239,"flow_dst_last_pkt_time":1486943453510239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":4,"current-active-flows":8,"total-active-flows":10,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1746958838603392} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":4,"current-active-flows":8,"total-active-flows":10,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1746958838603392} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1746958838603392,"flow_src_last_pkt_time":1746958838603392,"flow_dst_last_pkt_time":1746958838603392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746958838603392,"l3_proto":"ip4","src_ip":"192.168.178.176","dst_ip":"255.255.255.255","src_port":10001,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1746958838603392,"flow_dst_last_pkt_time":1746958838603392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1746958838603392,"pkt":"\/\/\/\/\/\/\/\/+OTjyhVrCABFAAAgl1xAAEARMBjAqLKw\/\/\/\/\/ycRJxEADHN2AQAAAA=="} 00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1746958838603392,"flow_src_last_pkt_time":1746958838603392,"flow_dst_last_pkt_time":1746958838603392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746958838603392,"l3_proto":"ip4","src_ip":"192.168.178.176","dst_ip":"255.255.255.255","src_port":10001,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","ubntac2": {"version":""}}} @@ -61,7 +61,7 @@ 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1746958838603392,"flow_src_last_pkt_time":1746958838603392,"flow_dst_last_pkt_time":1746958838603392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746958838641096,"l3_proto":"ip4","src_ip":"192.168.178.176","dst_ip":"255.255.255.255","src_port":10001,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943504301123,"flow_src_last_pkt_time":1486943504301123,"flow_dst_last_pkt_time":1486943504301123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746958838641096,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943443357445,"flow_src_last_pkt_time":1486943443357445,"flow_dst_last_pkt_time":1486943443357445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1746958838641096,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1746958838641096} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1746958838641096} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -70,9 +70,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8674582 bytes -~~ total memory freed........: 8674582 bytes -~~ total allocations/frees...: 140684/140684 +~~ total memory allocated....: 9439340 bytes +~~ total memory freed........: 9439340 bytes +~~ total allocations/frees...: 154650/154650 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 510 chars ~~ json message max len.......: 2173 chars diff --git a/test/results/default/uftp_v4_v5.pcap.out b/test/results/default/uftp_v4_v5.pcap.out index b41c1c703..3f9c27d43 100644 --- a/test/results/default/uftp_v4_v5.pcap.out +++ b/test/results/default/uftp_v4_v5.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470520349359079} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470520349359079} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520349359079,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470520349359079,"pkt":"AQBeBAQB4uTeDjcKCABFAABEKQoAAAERnJkKAAAB5gQEAZE1BBQAMPRHQAEAAAoAAAGW9MMEAJ0AAAEGABQAAAUUV6ZcHQAFelHmBAQB5gUFOA=="} 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520349359079,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} @@ -15,7 +15,7 @@ 02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1470520360296546,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1470520360296546,"pkt":"AQBeBQU44uTeDjcKCABFAAVItJ0AAAERCsoKAAAB5gUFOJE1BBQFNPqDQAkAFwoAAAGW9MMEAGwYAAkCAAEAAAABdXwNPP7MjoQG3As8\/JQ6fO4EAWTHhAs8AAD+NPJE\/8j6ZAPcyYQCzP0U+6QofP7s6wTRhAWc3YQCrP+I7AT+FAHsBpz8JAdc9USmhAAIfXz\/TP6MFPzyxBz8+eT+vPvkAOTlBP10voQBBDp83YSChDB8toRJfAm8LnwDnJaE6gT\/8AIM\/4jpBP2UEvxZfP6cvoTjBA\/8BhxdfAJMAewR\/PAEroS2hAOcYXwCzAIsvoS6hEl8ANTtBADEAswBBI6EKnz5pP2024T\/PPlkBdzxRPsk+ySahCZ8\/wwACJKEAOQCzPREAMRdfADkHPz65P00CDz9VBv8\/5DrBNuEBVzbhP+QnoQACAB4Nnw8fDJ8WXzThAPcAez0RPy0BBwW\/KKEAwzNhNmE80T6ZPPEACi+hAHM4QT89P9s\/4j55ACU6gQCLPFE\/6j\/qL6EpoQsfP508cTjBP\/wAIT+VP98+uT81Fl8YXwAeP\/IAwzzRAk8Acz9tMuE\/8BxfP10BhzDhP1UdXz6JAScHvwCzOkEAmz8ZAAw\/CQCjNmEADD\/0E18AcwAcP3UvoT3RDh88cRtfN2E\/owLvAGM\/4gACBf8AEDdhA\/8+iTPhAk8JHwCzKaEAEj+nBj8\/4j1RBH8\/yzsBN+EAKT\/LPzUFfz\/+ABARXwQ\/A\/84gQAAA28C7z+7P\/o0YQACNeEz4QJPDx8hoT4RBT8AywC7A68\/wwCrAIMG\/zlBP4Uz4QAlBH8+6T0xIaE\/lQBZL6E8kRFfI6EPHz8lAUcdXwAQAcc+EQCjAA4w4QsfOkECjzFhCJ8\/qzHhP+4\/8jsBOkE\/uz5ZABwVXzZhOkE\/6j99AAwAiwB7P+gZXwBROYEyYTmBMeEAFhVfGV8AMTyxAB4AQQ2fOYEBxwU\/HV8bXyehP88Auwa\/P9sAiwAxE18+2TxRAEU\/8ge\/ABo90RtfP+gw4QFnAMMQXwJvAAo+qT89G18A0zwxALMzYQBrPZE\/9gLPP6MGvzxRP\/4y4S6hP+g\/lQB7OgEA2z+3Ch8\/TQufOUEAcwwfAIsAUT3xPvk\/6gX\/DB8noR5fOIE\/0z+jH18A5ymhAVcAMQCrOUEBxz\/2P+wdXzxxKaEBdwC7P30bXxZfP\/gF\/yKhIaEEfz65JqEBtwDnP7MaXz91KqEAFDsBN+E98TxRP10ALT\/qP+g\/xzoBGV8xYQOPANMAGABdAAo8cRpfPlkxYTZhBv8Hfz\/TAs834T0xMeE4QT75A886wT\/HAF0JnwG3Dh8\/uwEXA08AAgS\/PNEAqwPPAEk6gT\/qP\/o\/xzdhPok\/9gACPik\/9gA9LKEkoQAILqE\/PQG3Pok5gQwfOUEFPz9NJaE9UQFnP\/YOnwAeACUADgLvDR8BlwBBANscXz\/DEF8\/LQA5PwkAEgyfP+QDzz91P00AAgT\/PzU9cT7ZBT87AQCbABg\/xwLPOME04TDhP+4\/PQW\/AQcqoQZ\/AHMHPz2xDJ8CbwBBFl8AJSuhL6E90QAGN+Ey4QDLAAABBzuBPfEyYT9dDp8+2S2hPwkCDwFnOEE6gT\/fADkFPwBrBT8y4SehAIMCTz9NAAo34QufBf8\/8DDhF18AFCChAEE7wQX\/A48Cbz+NP+4\/XSOhP30moTwBAA4Acz+zAEk\/ywyfBT8\/dSKhH18AAD75Ag8\/nRFfA88A2yahP0UABjnBPskCbxNfAXc3YQAYG18IHz65A88InwJvP5UKnz+3AUcAHD\/2P+wLnzLhA=="} 02361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1470520360306726,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1470520360306726,"pkt":"AQBeBQU44uTeDjcKCABFAAVItJ4AAAERCskKAAAB5gUFOJE1BBQFNPqDQAkAGAoAAAGW9MMEAGwYAAkCAAEAAAACWXwkfAAogoQIPP+YwYT8JLKEAFj+dP8s2YT9NB789kS6hACk\/TQE3DJ8ADDwBPok\/vwG3P+YANT4RAFE\/vwLvOME++SChNmE0YTzxAFk9ETyROkE2YTrBEl86gQC7Br8AGC2hPwkACAW\/AOcqoT\/6AB4CDwKvPHEvoQ6fAFE\/bQX\/P+o\/rz1RH188MTnBAZcNHwufPTE7wQFnKKEeXxJfAAA+KQBVOgEFvxxfAe8\/2wG3PDENHz\/yAGM++QW\/OMEG\/wAGAAwAORZfJqEBRzZhP+Q2YRpfP+Y\/4htfP\/Y\/6D99LKEAAgAAMWE9UQmfBP8ADCmhE180YTyRPtkACD\/XDZ8AFDDhABoAMQCbP88BBz\/TP789kQGHEF814QApOkExYT\/qAEEuoT+VEV8GfwF3OIE\/7gBZNGE9MSKhAFkZXz\/XP40DLx9fFF8+SS2hPFEACABjAAo6QTzRA\/8AmwA5P0UPnz9FAE0AAD\/+Bv8ADgBJPzUB7wAeIaEdXzyxIKE\/8iihP6cWXwLvP50w4TzRAA4Asz2xBz8w4TqBP3U\/yz+VCB8+eT91P7MDDyehARcFfz+nDB80YQufAdcALQR\/IKE++QAQPxkAmz\/qNuEE\/yOhPmk8URZfHF8KnzFhC58roQa\/P9c\/qzBhPkk\/VQAcP\/w\/6gMvPJEAww0fPjkKnwBFKKEE\/z\/PJ6EBlz8JP4U\/owCbAF0\/fTFhAB4FfwCLL6ECjz91PRENnwAYBH8AAABJN+ECbz+VAAoYXyOhAHsACgufE1880R1fG18CTz3RPbEPHwGXDp8F\/z8tAIs04T+nCZ8BZwC7AVctoT91MOEAXT\/qAFUPHwEHDJ8AFBZfDZ8\/lQd\/Ch8A0wBVAAQGPzvBAg85QQAIAZcCjxJfPdE\/owBBAAIA9wFXOYE5gQBrMuE\/dT\/bP00\/VQLvABw9ESKhAEE88QP\/BD8EPyyhA28+OT6JAEkCrwAEPHEkoRZfABQ14QAlFV8ASQFnPfEAgz+jPbEDbz\/DP7MALQBjP40ADD\/sAMs\/6j9VAGsHPwC7OQEloQOPNOE\/8D9VIKE8cT4pBX8moSqhPlkGvx5fAe8dXzHhPjk\/swIvAPcE\/z+dP3Uz4TFhPmk\/jQLvP8888TBhP\/IADj3xDp8BBy6hMWEAHADLP509MT\/sP3UE\/wCLAAA24QMPMeEWXzqBP\/QFPwAAK6EBpzxRAB4HPwFXP7sA5wmfMGEDzwGXAFk+WTPhAE0UXxpfP40wYQP\/P\/ow4RtfAA4\/nTmBBn8\/fQAABT8ADgAxABQkoQc\/NGEANQGHDJ8\/1z2RIqE80QAaAIs14T\/8BL8\/jTRhHF8BNzFhF18RXwIvPfEAFACjAu8cXwBdEl8BdwE3KqENnyuhPyU04T\/iMOE6QRNfCJ85ATFhIKEABjnBAYcAYxlfAWcfXwE3P0U6ATyRAi8AwzmBAFUASQufARcAiwAQPzUASRVfACUkoQEXPzUioR1fDx8+eQA9PskAAgAtP\/gJHyuhMOE8AQBRP9MAVT+zAScAqyChBP84QQBzCh8AAj3xLaE\/7AQ\/CJ8\/+D\/PAs85gQW\/OUEdXzkBASc+qT+zAHM9MQC7MWEAEgufIKE+ER9fAHsaXz\/qMeE\/uwAxJaEBlwCLMWEw4T7ZAAA3YT+nA88Jnz+vJaEAHj3xAC0\/nQOPCB8TXz8lDJ8OHyOhMmEVXz91P\/4BhzkBBv8wYT4pA88+EQAYJ6E\/6h1fA=="} 02230{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1470520360229659,"flow_src_last_pkt_time":1470520360591846,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39804,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520360591846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.5.5.56","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2611,"avg":11683.5,"max":34161,"stddev":5575.8,"var":31089772.0,"ent":4.8,"data": [30115,34161,2611,10180,10550,10594,10828,10246,10558,10557,10556,10583,10563,10535,10559,10563,10563,10560,10561,10563,10560,10566,10563,10559,10562,10561,10562,10568,10569,10551,10560]},"pktlen": {"min":52,"avg":1271.9,"max":1352,"stddev":310.4,"var":96320.5,"ent":4.9,"data": [52,88,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352]},"bins": {"c_to_s": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.032077789,4.387442589,6.264836311,6.324838638,6.289998055,6.323163033,6.229429245,6.406879425,6.267192841,6.205362320,6.298496723,6.241475582,6.138225555,6.329536438,6.287923336,6.323319435,6.333083630,6.235994816,6.309918404,6.324777603,6.341393471,6.331569195,6.304657459,6.334339142,6.321240425,6.300824165,6.315955162,6.324560642,6.260947227,6.319898605,6.235000610,6.290291309]},"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":284620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1587654931600405} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":284620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1587654931600405} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654931600405,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1587654931600405,"pkt":"AQBeBAQBAAwp5FM7CABFAgBEsg8AAAERWzDAqAG65gQEAZJRBBQAMIVjUAEAAMCoAboCEajFAJ0AAAEGABQCAAUUAAWj9rg5P77mBAQB5gUFWA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654931600405,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} @@ -26,7 +26,7 @@ 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520360229659,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":220,"flow_dst_packets_processed":0,"flow_first_seen":1470520360229659,"flow_src_last_pkt_time":1470520362577967,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283820,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.5.5.56","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654933667144,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1587654933667144} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1587654933667144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 260/260 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8657170 bytes -~~ total memory freed........: 8657170 bytes -~~ total allocations/frees...: 140812/140812 +~~ total memory allocated....: 9421608 bytes +~~ total memory freed........: 9421608 bytes +~~ total allocations/frees...: 154778/154778 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2386 chars diff --git a/test/results/default/ultrasurf.pcap.out b/test/results/default/ultrasurf.pcap.out index dcedc23e2..c94c5130d 100644 --- a/test/results/default/ultrasurf.pcap.out +++ b/test/results/default/ultrasurf.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656652731609846} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656652731609846} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 04058{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731609846,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7tQAA3BtrhQTFEGQqEABfDhZQKC2KlCkpUkTKAEAFmmhsAAAEBCAom3sf8A1a0+8wcMEFbpDhmmW\/ro\/\/D3SORouvGcLJVns8eaTu23\/042aUVj61nN6Xm0ijnaUg+Npmao+ahS5YFWlU5gxCt1Bv2Dd8X34iKweQUI1pV18JFIZQX4tZ8BgqPMHrM3xcO0sUVX\/OJ2pP8yGrJvNpjXCDZ3sKsZ8ObIJNR5C9HtP8VqqX5BjlcTX8CqWIvl0ZBgk5WvH2JDhc248aWcjJLqPpHeFkT7LlN9WbJOIcs7fIr7w\/l\/4QosbfyzysqE5\/jPdpXVbudJyd5Co9YEs4l8Q\/6o70Ffd9ZnAxSFwa0dpQq9l84dMMc++LU4g\/5uQo7ByYovlcOyQGaJMbvwFaomPtCm2gWgqlbGVYuy1fssTPKvOwtvuxi+uQSp0x90L4yICcjWy7QquRyX6vF4Kj7bnDBXk4Yuwhy\/eBFma8pYGq3nFybEXkBIoJM5PIx+daLngl8AMAATYZytmx8fvkxAn9nAl1vSL8DDtuJzW4bIpWNuUkrrQEo1qDNWTbFKTev+4WI2s2Dq0ECsJXkOzrv7ys8hbU9zt92MomzoOYqefTDPaVuUCZTdCEQ9uujt8du7o\/jXx78zGYtv58gGSActDbLr2l16bg\/8Uk3qmgnE4b9MmARdZqn4TXakOrfI7oMcpdzvXVxR02+JkOD2SzX0V6zyWGabGkpaHNUvZKhT9p9qT+xCygM23AxUgBVWRhbJOtoeCCmB9GtvrbByAuiFwMDCxpSuPxAzaqU1CDJRf0ARgMOGGitml366m2q80qwL6szhusBMTOpH\/+lZ+4L1ssuGJ7LmGwmTwj7CD7eU0QlRuuYEYdh\/W6inXP9pJwRRn5uXzjK2UGyXSKJQgFhgjKV\/gTtslaG1kJ9wEH3bRwjXGp+ck2NQY4p+Bw8hIGicivItS9FcKEUt6XedxsZehCTx0hYNbo5lDpgelreL+du2TIrCAGAHDGERkejYlaJXbPaNGkoCdPiWIM\/wKUpngDY6o\/X+oS4sqzbyHIJrWfx\/DNsKnakfj\/2CY9hTzppyXRIIMYoyhCThF4ViWWG951XQxJX59hIiJ0P800Ff7a\/5G5VD7ycCukCJw8TO+sLeaHNh0quy2GVip7vE7h6qblNGu0Gk9cK51FTnAHXCv6Q3d4ELba6G4KCOUY3W0JffhWzAOEmTJXAEn\/AlMO2rWx\/k5N9xej0nT\/nkreUz1f1WDVQX6TVNBY\/eRFDtb+TFH+sKdpkHf7qxhfQFxyqkO3FqpeLRYLb2aGXgnvyumtFIbL1yK2alLZq7VfOIertUcgFGWCflf2oGAQMP494aoiJeNdkUmDGGagS7Z55kvWOGnhHAq7vsPk2kKAjsA1WiALpxOUCeufBXfydppP5eHVnoy28uj69BNxwot9pZUkBBYCeXDj3oFR7Gc9bpRrdMTyafPDB90bcnb3nOWmeh6KPFWxajHcXo0ahl0atfQ0xcfDpv70YkPiVHvN5anji\/jwqd+wJMI02C2CHQYt0A0sb9htNsGJTYmz+qMEhhQgck9uTTyfTQQdK6\/Wo8Rw4c2ys8Ejy8JuJwmtCvHILWdrH8t+XzmYUjHgSjqsA2HLkDPFRZ\/NnGE1jWIEHA1mz46FdQt2Rz4VpbzOBlhqXfDAGkgWEXCyxg9Xt27URhieFz2k6YtWj1FBxrzsegVYDqhgLu95Xv61CBvesoUlZ9xj6Kl4Yl3DHrSrHkP69714VHd12KjEfy7I6PDUSEKGOgsDz2k3gWEz1Vc+5H98dopHMlCP13Yfv0lgLia4AI9tg03z8EoOpAEtDjYmJC8jyZR7z8MFAqjVJ+KlRi7Va6lXMgiTy48noI4EJnp+d3YCu\/TvYdatO\/n8f0FwyP3cI7Bw1wJQYGLb8BE+1FxjfVZo1\/FCFmY5z5t2vZ1fLUc8VgQCCrdPI9Reqj0rAEBhJQzYhyyrI5sO+d0uUiZm1ZjMrsAuR1R+D8ViDPDKJgNTF+lFzmzRvVhWOwiVB62wQx0H1nuzBWVrJnVTyu3Td+HivoL56Fmw46FaLO5cqZKJ4kdrfcT7dOr5SBNdiyjnF7hS41D6qjd1GwoYClOmY65UzGvO\/LpJXnZXNNzcmlebgMFy797BQ5WUmd7VC5FdTGCC8DMqElgFA+rp3WoHjwFyoua2tPfKAEOcMjf\/DXXePwU3Ik4UHmQADTzoJAa9I3MJkafNrUiyVVonoJubGqfmrjkZSA4gDie37sGxEUI86ocE60tLrdZB+SyKA8DHTfOJ4ywPWXCzMMHVfSQPr7V\/TcVQus\/74nuldXt48tcQWezCEyjrk4wEup0Xxil5tfRt81R5SKnXiLTQKHEZIf0HqSXIESqul3tuehmW4c9Q1wxJPZqqhjadeeubZ0gIjhZ9hs9B\/6aDfWtslbETpt0Jbd\/Ri0xqEdLzsqFyIafwtncy88mYnLcalIh0rBtSJuU\/LhKGCkVIE+gUPPF1DbTYZY4YKEaeb+2qo\/\/JDj6zwXltjrJPllzgJKQNGUCykc5KZO1hlo311el8xzVEOheb4BzRB9rrUaDmjaCVi8CyuEyMO5b2YxxWHzBzuZCfmdbLRqSQLyu+LSzVRqFA+T79T7kHNu3xGMSCuKVSsG2pREebnblNVGkCfubEdGKnPL686GbKWglEv7v2CfHncHfVZct\/s0hHAbjxQUdnfLXoTISdI7+bsxXb+ra8Q\/1RtrRBVzu+48UJKnUfoIM1auofVab2EM52OgI1cJXu8rWam94puZzFKEWGHN5jrPhx\/1njYeBqUbgiSNKRjjW+fz8xMBFQ5gSSCk0oalrdEbE7BnRoIdN\/vRg9D\/N51B7MdkbJ2Gmv55poGFAMgIExvo2B\/JlYaCIHgXg41f0\/LPeqrMcFhe2j5UYCpb3n2IzOKezh\/TS0GI0iMwrY1GP7aVptjhYXhhys7MA9TMX9mjk30oA5Li3Yeg25blNJqeDxKu+vxwlNbxqOKs86fBSxzrYDDpnNu5QdAQ7sboEki75xxiMB7G2qxumkThEE3WMNP1TP2cyPa+KzTwAEUydo7dmB7r1BYVlH445Zqui\/gQ9B7FCwh5ykQiRlEVepOqNbbaYU6jrc3JQmu9yNVQ516c7KEY3PmTJGfIomYYQCg0xQ64qJbX+Ng2D40mseTOcV\/nfh\/lZ1gI1tQQr6VxcSHohyQ0owuuvE7GS\/s9KhqIZNKrqD7fH3CftARHmTYUxtD5t+c+oO0QyPgfXcmsUaQ277fzvTac55sC8LTxTlb6qQ6lTQ9Jxj5AhKLanf25vF3ivpTZoHcf\/UbFC7yAm1PT5k8IxbUybglXXWOr+hDrIncmBDz99Gq0DNEyl2Sk\/khhOFsvG2taZ4rfI\/Iq+r72y5uXdniCSx0ABH9OlSRvpo\/6aASUseGq305nqAhb9HZEY9zmIB4WBYmNdv2m2FQvjwfqskoI3NcL8wSS92+WJiP"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -29,7 +29,7 @@ 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":40,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652734111599,"flow_dst_last_pkt_time":1656652734111609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":112048,"flow_dst_tot_l4_payload_len":455,"midstream":1,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":76,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652780054386,"flow_dst_last_pkt_time":1656652780064014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1424,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":14019,"flow_dst_tot_l4_payload_len":30413,"midstream":0,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":53,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832855529,"flow_dst_last_pkt_time":1656652832876498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":13653,"flow_dst_tot_l4_payload_len":31617,"midstream":0,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":333,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1656652832876498} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":333,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1656652832876498} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 333/333 ~~ skipped flows.............: 0 @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8791986 bytes -~~ total memory freed........: 8791986 bytes -~~ total allocations/frees...: 140936/140936 +~~ total memory allocated....: 9556490 bytes +~~ total memory freed........: 9556490 bytes +~~ total allocations/frees...: 154904/154904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 4063 chars diff --git a/test/results/default/umas.pcap.out b/test/results/default/umas.pcap.out index 409d33bda..aa22449a3 100644 --- a/test/results/default/umas.pcap.out +++ b/test/results/default/umas.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1427906557268207} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1427906557268207} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557268207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1427906557268207,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557268207,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1427906557268207,"pkt":"AABUFPJPPJcOkVSrCABFAAA0BEhAAIAGAADAqD9kwKg\/\/R4mAfZGhPwKAAAAAIAC+vAA2QAAAgQFtAEDAwABAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557269147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":28,"thread_ts_usec":1427906557269147,"pkt":"PJcOkVSrAABUFPJPCABFAAAwA8UAAEAGdlHAqD\/9wKg\/ZAH2HiaDEM+9RoT8C3ASEAC94gAAAgQFtAEDAwABAQ=="} @@ -9,7 +9,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1427906557270030,"flow_dst_last_pkt_time":1427906557270934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1427906557270934,"pkt":"PJcOkVSrAABUFPJPCABFAAAoA8YAAEAGdljAqD\/9wKg\/ZAH2HiaDEM++RoT8FVAQD\/3pnwAAAAAAAAAAr4V9rA=="} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906557351115,"flow_dst_last_pkt_time":1427906557356975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":681,"flow_dst_tot_l4_payload_len":1681,"midstream":0,"thread_ts_usec":1427906557356975,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":804,"avg":5537.9,"max":7349,"stddev":1780.8,"var":3171216.5,"ent":4.9,"data": [940,1019,804,1787,4681,6040,6956,6823,7337,7349,5705,5982,6152,6208,5897,5633,6112,6363,7173,6903,5759,5817,5975,5922,6032,6032,6059,6067,5931,5946,6272]},"pktlen": {"min":40,"avg":114.8,"max":301,"stddev":89.3,"var":7972.7,"ent":4.6,"data": [52,50,40,50,50,96,51,63,300,300,51,97,51,159,50,116,51,63,301,301,50,116,50,116,59,153,59,209,59,153,59,299]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,2,3,3,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.246296406,4.708757401,4.521928310,4.311788559,4.583464622,4.516215324,4.273243427,4.058829784,1.425814629,1.414997816,4.327260494,4.809130192,4.337956429,2.794489384,4.322699070,3.938342094,4.248828888,4.110339642,7.800658226,7.811439037,4.362698555,3.921101093,4.362698555,3.944849730,4.149783134,3.941774607,4.248089790,3.106703520,4.183681011,2.442554474,4.214191437,2.672472954]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus.UMAS","proto_id":"44.364","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":94,"flow_dst_packets_processed":97,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906558034821,"flow_dst_last_pkt_time":1427906558034788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":1788,"flow_dst_tot_l4_payload_len":16862,"midstream":0,"thread_ts_usec":1427906558034821,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus.UMAS","proto_id":"44.364","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":191,"packets-processed":191,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1427906558034821} +00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":191,"packets-processed":191,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1427906558034821} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 191/191 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650378 bytes -~~ total memory freed........: 8650378 bytes -~~ total allocations/frees...: 140724/140724 +~~ total memory allocated....: 9414752 bytes +~~ total memory freed........: 9414752 bytes +~~ total allocations/frees...: 154690/154690 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 2164 chars diff --git a/test/results/default/upnp.pcap.out b/test/results/default/upnp.pcap.out index 1f385bf9b..c4803c5e7 100644 --- a/test/results/default/upnp.pcap.out +++ b/test/results/default/upnp.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1541515314826314} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1541515314826314} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515314826314,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"thread_ts_usec":1541515314826314,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515314826314,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 01389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1541515317470215,"flow_dst_last_pkt_time":1541515314827161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1541515317470215,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtoAAAERvoLAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1541515314827161,"flow_src_last_pkt_time":1541515321472909,"flow_dst_last_pkt_time":1541515314827161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515321472909,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515320458778,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515321472909,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1541515321472909} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1541515321472909} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647628 bytes -~~ total memory freed........: 8647628 bytes -~~ total allocations/frees...: 140556/140556 +~~ total memory allocated....: 9412034 bytes +~~ total memory freed........: 9412034 bytes +~~ total allocations/frees...: 154522/154522 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 1419 chars diff --git a/test/results/default/viber.pcap.out b/test/results/default/viber.pcap.out index db0b61172..62fa0b7c5 100644 --- a/test/results/default/viber.pcap.out +++ b/test/results/default/viber.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1527155638428936} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1527155638428936} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1527155638428936,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1527155638428936,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155638474128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -26,16 +26,16 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639414725,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1527155639417273,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639417273,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155639419114,"pkt":"AA6OMNv9MAdNo1+nCABFAADoC6NAAEAGkIzAqAARNkWm4pB6Abv8W2qvTzEkCoAYAq3FAQAAAQEICgAhYTtMsKWZFgMBAK8BAACrAwOf\/2TjK8r1kWpdan2TJekyDzujbi8jagHQAHL6QuSe+wAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639419114,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639419114,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639592888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639592888,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0gc9AAOYGdRM2RabiwKgAEQG7kHpPMSQK\/FtrY4AQAG4XbAAAAQEICkywpcUAIWE7"} -01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155639594657,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155639594933,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5","blocks":0}}} +01249{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155639594657,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01606{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155639594933,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640085923,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640085923,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640261254,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1527155640264334,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640264334,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155640275168,"pkt":"AA6OMNv9MAdNo1+nCABFAADosZRAAEAG6prAqAARNkWm4pB8Abt0c9Bx9BYx5YAYAq1TTQAAAQEICgAhYhBMsKZsFgMBAK8BAACrAwPxHao\/Q96Yxv6ptzoREqGRwhus41t797c9sc55oDAI4gAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640275168,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640275168,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640450457,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640450457,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0l3xAAOYGX2Y2RabiwKgAEQG7kHz0FjHldHPRJYAQAG6FIwAAAQEICkywppwAIWIQ"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641574870,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1527155641574870,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="} @@ -47,10 +47,10 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641714003,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641716061,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641716061,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155641717778,"pkt":"AA6OMNv9MAdNo1+nCABFAADs25NAAEAGCXnAqAARNuZdYOCwAbu7GrjlFg8sv4AYAq3PXQAAAQEICgAhY3p+anA4FgMBALMBAACvAwM9xUi6e2VHcfR2Et1lmWRy3PNn2wAw6MtgIjCKmCwNtgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAYABYAABNtZWRpYS5jZG4udmliZXIuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} -01175{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641717778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641717778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641733771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641733771,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0XIVAAPQG1T425l1gwKgAEQG74LAWDyy\/uxq5nYAQAHY1FQAAAQEICn5qcDoAIWN6"} -01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641736492,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01526{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641736812,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","server_names":"*.cdn.viber.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39","blocks":0}}} +01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641736492,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01531{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641736812,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","server_names":"*.cdn.viber.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641813689,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155641813689,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"} 01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641813689,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -61,11 +61,11 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641865014,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641867207,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641867207,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1527155641868230,"pkt":"AA6OMNv9MAdNo1+nCABFAADrnX5AAEAGR7rAqAARNuZdNdKuAbvV1v7ndwuRKoAYAq2cvgAAAQEICgAhY6B+anCqFgMBALIBAACuAwM1qr437x53guPHYx6idTGnRu91RvVMpGhSbboCtiTLxAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABp\/wEAAQAAAAAXABUAABJkbC1tZWRpYS52aWJlci5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641868230,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641868230,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641887306,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641887306,"pkt":"MAdNo1+nAA6OMNv9CABFAAA04YZAAPQGUGg25l01wKgAEQG70q53C5Eq1db\/noAQAHYchQAAAQEICn5qcKwAIWOg"} -01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641890520,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01527{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641890790,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","server_names":"*.viber.com,viber.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A","blocks":0}}} -02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641984215,"flow_dst_last_pkt_time":1527155641981830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":20153,"midstream":0,"thread_ts_usec":1527155641984215,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":8869.6,"max":47784,"stddev":14735.4,"var":217133360.0,"ent":3.3,"data": [19470,21663,1023,22292,3214,249,21,217,39369,88,574,349,10837,47784,22339,40800,258,54,169,260,19,213,268,217,249,532,41188,70,47,44,1080]},"pktlen": {"min":52,"avg":714.1,"max":1500,"stddev":673.4,"var":453425.2,"ent":4.3,"data": [60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52]},"bins": {"c_to_s": [11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.571673393,5.231404781,5.154164791,5.626152039,5.147462368,7.170236111,7.463209152,7.511432171,7.329006195,5.115703106,5.154164791,5.192625999,5.154164791,6.447020531,7.153199196,7.703028202,7.855375767,7.870701790,7.853311062,7.869762897,7.858384132,7.891494274,7.876748085,7.889567852,7.884804249,7.876610279,7.713707447,5.154164791,5.154164314,5.115703106,5.154164314,5.109001160]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641890520,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01532{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641890790,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","server_names":"*.viber.com,viber.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A","blocks":0}}} +02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641984215,"flow_dst_last_pkt_time":1527155641981830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":20153,"midstream":0,"thread_ts_usec":1527155641984215,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":8869.6,"max":47784,"stddev":14735.4,"var":217133360.0,"ent":3.3,"data": [19470,21663,1023,22292,3214,249,21,217,39369,88,574,349,10837,47784,22339,40800,258,54,169,260,19,213,268,217,249,532,41188,70,47,44,1080]},"pktlen": {"min":52,"avg":714.1,"max":1500,"stddev":673.4,"var":453425.2,"ent":4.3,"data": [60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52]},"bins": {"c_to_s": [11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.571673393,5.231404781,5.154164791,5.626152039,5.147462368,7.170236111,7.463209152,7.511432171,7.329006195,5.115703106,5.154164791,5.192625999,5.154164791,6.447020531,7.153199196,7.703028202,7.855375767,7.870701790,7.853311062,7.869762897,7.858384132,7.891494274,7.876748085,7.889567852,7.884804249,7.876610279,7.713707447,5.154164791,5.154164314,5.115703106,5.154164314,5.109001160]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155644240774,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644240774,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644243647,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0pAAEARXnPAqAARrNkXaqQJAbsAH4RqDO5PoOHayJNEEDIopLF1oa8UykhAnf8="} @@ -112,10 +112,10 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670632131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155670632131,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155670640484,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfMxAAEAR5NnAqAAREskEILhDHzEBCRHz7fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABABAK45kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6f1EwNZ4BrIBNZIXKB4sgy96MQL790EZYw7fY9vCydMCFozrGypXQPtcVrV5xCrsYqA8zuDlnCD1lV04sfnGYMAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} -00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640566,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155670640566,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+fM1AAEAR5bfAqAAREskEILhDHzMAKi7T7fYZAKwZNYyPZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} -00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640566,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640566,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670640613,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155670640613,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwfM5AAEAR5cTAqAAREskEILhDHzEAHFuJ7fYJALM5kpFjAQAArBk1jI9k5Ec="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155670663972,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155670672314,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwfVFAACsR+skSyQQgwKgAER8zuEMAHAAy7fYaAKwZNYyPZORHMkN8XkO4AMg="} @@ -128,21 +128,21 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155671237849,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1527155671240677,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671240677,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":247,"pkt_l4_len":213,"thread_ts_usec":1527155671250450,"pkt":"AA6OMNv9MAdNo1+nCABFAADpFZFAAEAG0VPAqAARNrtbtr+YAbtog5WtghP4IoAYAq2yzwAAAQEICgAhgFEsBh44FgMBALABAACsAwNpu8fyH0bmBuIhI45OMI2QAejACKsvR53r1YItFVUgZgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABn\/wEAAQAAAAAYABYAABNicmFoZS5hcHB0aW1pemUuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155671250450,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155671250450,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671421054,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671421054,"pkt":"MAdNo1+nAA6OMNv9CABFAAA05kFAAOYGW1c2u1u2wKgAEQG7v5iCE\/giaIOWYoAQAG4d1gAAAQEICiwGHmYAIYBR"} -01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155671423359,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01612{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155671423665,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5","blocks":0}}} -02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155675775126,"flow_dst_last_pkt_time":1527155675692683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2947,"flow_dst_tot_l4_payload_len":930,"midstream":0,"thread_ts_usec":1527155675775126,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":129,"avg":328607.8,"max":525007,"stddev":210300.8,"var":44226416640.0,"ent":4.6,"data": [129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810]},"pktlen": {"min":48,"avg":149.2,"max":285,"stddev":100.4,"var":10086.1,"ent":4.7,"data": [285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [6.429836750,5.092222691,3.431529284,6.457198620,3.469990969,5.092222691,6.466431141,4.018082619,3.469990969,6.511886120,3.469990969,5.092222691,3.985824585,6.440430164,3.469990969,6.468061447,3.419557333,4.967222214,3.953566313,6.441361427,3.450760365,6.449966431,3.469991207,5.050555706,4.018082619,6.492553234,3.489221811,6.449169159,3.469991207,5.050556183,4.018082619,6.452616215]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +01253{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155671423359,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01610{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155671423665,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409h1_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5","blocks":0}}} +02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155675775126,"flow_dst_last_pkt_time":1527155675692683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2947,"flow_dst_tot_l4_payload_len":930,"midstream":0,"thread_ts_usec":1527155675775126,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":129,"avg":328607.8,"max":525007,"stddev":210300.8,"var":44226416640.0,"ent":4.6,"data": [129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810]},"pktlen": {"min":48,"avg":149.2,"max":285,"stddev":100.4,"var":10086.1,"ent":4.7,"data": [285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [6.429836750,5.092222691,3.431529284,6.457198620,3.469990969,5.092222691,6.466431141,4.018082619,3.469990969,6.511886120,3.469990969,5.092222691,3.985824585,6.440430164,3.469990969,6.468061447,3.419557333,4.967222214,3.953566313,6.441361427,3.450760365,6.449966431,3.469991207,5.050555706,4.018082619,6.492553234,3.489221811,6.449169159,3.469991207,5.050556183,4.018082619,6.452616215]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677865795,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoJAAEAGCKDAqAAREskEILFwAbuQXSU4zKxZYoARAq21qAAAAQEICgAhhscAWtCx"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677897422,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0iblAACsG7mgSyQQgwKgAEQG7sXDMrFlikF0lOYARANKbQAAAAQEICgBa7PMAIYbH"} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679410348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679410348,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679410348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155679410348,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411371,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155679411371,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdf+NAAEAR4d\/AqAAREskEA5UuHzEBCY\/LBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABABAPdbkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6SNCb6pEPHTLEjikG3nU2iKPCm3mBiaaSkNyyVaokw3bFWKZLztddqHjISoa\/0AQVn24h8Bz7MKBuS1UkASdYsAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} -00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411371,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411371,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411435,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155679411435,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+f+RAAEAR4r3AqAAREskEA5UuHzMAKui4BbgZADUY9RiYZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} -00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411435,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411435,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679413920,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1527155679413920,"pkt":"AA6OMNv9MAdNo1+nCABFiAAuf+VAAEAR4szAqAAREskEA5UuHzEAGscOBbgRAAEAAAAuCDgEAAAHridU"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155679413995,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwf+ZAAEAR4snAqAAREskEA5UuHzEAHM1MBbgJAPtbkpFjAQAANRj1GJhk5Ec="} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679443071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155679443071,"pkt":"MAdNo1+nAA6OMNv9CABFAABopnVAACsR0YoSyQQDwKgAER8xlS4AVO7dBbgMAAEANRj1GJhk5EcyQ3xeLpX3W5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="} @@ -151,7 +151,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1527155679444692,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155679444692,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2dAAEAGC9jAqAAREskEA4PQAbvgGt8wdKSu+oAQAq1ZEAAAAQEICgAhiFIA5FGt"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679445375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155679445375,"pkt":"MAdNo1+nAA6OMNv9CABFAAA+pnhAACsR0bESyQQDwKgAER8xlS4AKrsaBbgLAPtbkpFjAQAAwWCSkWMBAAAAAAAAAAAAAAAAAAAAAA=="} 00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500402,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155680456436,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155683480847,"flow_dst_last_pkt_time":1527155683453495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2479,"flow_dst_tot_l4_payload_len":778,"midstream":0,"thread_ts_usec":1527155683480847,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":261664.5,"max":531417,"stddev":244884.4,"var":59968385024.0,"ent":4.1,"data": [2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424]},"pktlen": {"min":40,"avg":129.8,"max":285,"stddev":99.7,"var":9932.1,"ent":4.6,"data": [285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0],"entropies": [6.294480801,4.507713318,5.008889198,3.477249622,4.018082619,6.362309933,3.496480465,5.050556183,4.408695221,6.358519077,3.985824585,3.458018780,6.336889267,3.458018780,4.967222214,4.408695221,6.270152092,3.909132719,3.438787937,6.396345615,3.496480465,5.008889198,4.408695221,6.346873283,3.855867863,3.496480465,6.368536949,3.477249622,5.008889198,4.408695221,3.985824585,6.367835045]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155683480847,"flow_dst_last_pkt_time":1527155683453495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2479,"flow_dst_tot_l4_payload_len":778,"midstream":0,"thread_ts_usec":1527155683480847,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":261664.5,"max":531417,"stddev":244884.4,"var":59968385024.0,"ent":4.1,"data": [2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424]},"pktlen": {"min":40,"avg":129.8,"max":285,"stddev":99.7,"var":9932.1,"ent":4.6,"data": [285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0],"entropies": [6.294480801,4.507713318,5.008889198,3.477249622,4.018082619,6.362309933,3.496480465,5.050556183,4.408695221,6.358519077,3.985824585,3.458018780,6.336889267,3.458018780,4.967222214,4.408695221,6.270152092,3.909132719,3.438787937,6.396345615,3.496480465,5.008889198,4.408695221,6.346873283,3.855867863,3.496480465,6.368536949,3.477249622,5.008889198,4.408695221,3.985824585,6.367835045]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1527155685097548,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155685097548,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2hAAEAGC9fAqAAREskEA4PQAbvgGt8wdKSu+oARAq1TiwAAAQEICgAhjdYA5FGt"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1527155685097548,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155685130784,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0\/ypAACsGeRQSyQQDwKgAEQG7g9B0pK764BrfMYARANI\/LQAAAQEICgDkZ+UAIY3W"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685529875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685529875,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -166,7 +166,7 @@ 00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"graph.facebook.com"}} 00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mapi.apptimize.com"}} 00993{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app.adjust.com"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":425,"packets-processed":420,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":18,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":169,"global_ts_usec":1648952182644000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":425,"packets-processed":420,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":18,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":169,"global_ts_usec":1648952182644000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952182644000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182644000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QZ1AAD8GBoHAqAJkNAD8kb4yEJT33RMVAAAAAKAC\/\/+7mwAAAgQFtAQCCApvD0\/7AAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182749000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOcGoB00APyRwKgCZBCUvjJ96pBe990TFqASaN8gOAAAAgQFrAQCCArnVjzbbw9P+wEDAwk="} @@ -174,36 +174,36 @@ 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648952183458000,"pkt":"eJS0JASgYDjgxTWgCABFAACUQZ9AAD8GBifAqAJkNAD8kb4yEJT33RMWfeqQX4AYAKw98gAAAQEICm8PUWHnVjzbYACt1NwX\/P8DgFkACgAAAAAAAACt1NwXqfy95n8dmIxsOcPbEcApVCIa7TQDCAAAAHxwKcmDlptZSFIqb2LFpylXQd33SzJWC9HYL+qoRBViMwBU+bGR6kn7TggAAcQJ"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183458000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952183563000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183563000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fqdAAOcGIX40APyRwKgCZBCUvjJ96pBf990TdoAQADWytAAAAQEICudWQAlvD1Fh"} -00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155640080793,"flow_dst_last_pkt_time":1527155640252435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":366,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":5690,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640836078,"flow_dst_last_pkt_time":1527155641008759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":367,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":5441,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com"}} +00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155640080793,"flow_dst_last_pkt_time":1527155640252435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":366,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":5690,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640836078,"flow_dst_last_pkt_time":1527155641008759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":367,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":5441,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"graph.facebook.com"}} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500402,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685530485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} -00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155670632131,"flow_src_last_pkt_time":1527155677899869,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00920{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155670632131,"flow_src_last_pkt_time":1527155677899869,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00772{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155670632131,"flow_src_last_pkt_time":1527155677899869,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671891651,"flow_dst_last_pkt_time":1527155672061967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1957,"flow_dst_tot_l4_payload_len":5620,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":18,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155685088302,"flow_dst_last_pkt_time":1527155685041978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":3294,"flow_dst_tot_l4_payload_len":1116,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679443387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671891651,"flow_dst_last_pkt_time":1527155672061967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1957,"flow_dst_tot_l4_payload_len":5620,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":18,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155685088302,"flow_dst_last_pkt_time":1527155685041978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":3294,"flow_dst_tot_l4_payload_len":1116,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679443387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155680789409,"flow_dst_last_pkt_time":1527155680788117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":972,"flow_dst_max_l4_payload_len":818,"flow_src_tot_l4_payload_len":4341,"flow_dst_tot_l4_payload_len":2636,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":26,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155685200876,"flow_dst_last_pkt_time":1527155685199809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":591,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":4451,"flow_dst_tot_l4_payload_len":1066,"midstream":1,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mapi.apptimize.com"}} -00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155677861045,"flow_dst_last_pkt_time":1527155677861880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":4027,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155677861045,"flow_dst_last_pkt_time":1527155677861880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":4027,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155685757293,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757669,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1480,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1480,"flow_dst_max_l4_payload_len":1480,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1527155646968117,"flow_src_last_pkt_time":1527155666982983,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app.adjust.com"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155646819778,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646840307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com"}} -01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":46,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155647484603,"flow_dst_last_pkt_time":1527155647480622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1725,"flow_dst_tot_l4_payload_len":57043,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com"}} +01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":46,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155647484603,"flow_dst_last_pkt_time":1527155647480622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1725,"flow_dst_tot_l4_payload_len":57043,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641691221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"media.cdn.viber.com"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648748347,"flow_dst_last_pkt_time":1527155648703720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":565,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":842,"flow_dst_tot_l4_payload_len":5637,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"venetia.iad.appboy.com"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-media.viber.com"}} -00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155647390408,"flow_dst_last_pkt_time":1527155647386682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":8517,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00921{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155647390408,"flow_dst_last_pkt_time":1527155647386682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":8517,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00919{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648506661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"venetia.iad.appboy.com"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":440,"packets-processed":435,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":18,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1648954023554000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":440,"packets-processed":435,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":18,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1648954023554000} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023554000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023554000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023662000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="} @@ -211,13 +211,13 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1648954023697000,"pkt":"eJS0JASgYDjgxTWgCABFAABM6GxAAD8GYDDAqAJkNAD8AqDgFHo59lPNNas2PoAYAKwkewAAAQEICtdSBfpiDhmEGAAAAAAA\/P8FgAkAAAAAAAAAAAAzAAAA"} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023697000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023803000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023803000,"pkt":"YDjgxTWgeJS0JASgCABFAAA07m1AAOwGrUY0APwCwKgCZBR6oOA1qzY+OfZT5YAQADV67AAAAQEICmIOGhLXUgX6"} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":451,"packets-processed":446,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":18,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1648968035683000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":451,"packets-processed":446,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":18,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1648968035683000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648968035683000,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"} -00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954024001000,"flow_dst_last_pkt_time":1648954024107000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183650000,"flow_dst_last_pkt_time":1648952183755000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":3321,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":452,"packets-processed":447,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":18,"total-updates":4,"current-active-flows":1,"total-active-flows":29,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1715331685398311} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":452,"packets-processed":447,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":18,"total-updates":4,"current-active-flows":1,"total-active-flows":29,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1715331685398311} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331685398311,"flow_dst_last_pkt_time":1715331685398311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715331685398311,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1715331685398311,"flow_dst_last_pkt_time":1715331685398311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1715331685398311,"pkt":"CL6sCxduJjb1W8R1CABFAAAwLv5AAEARJz\/AqAycEsMEeZ4iAbsAHH8nAAEAACESpEJpS3RkcjBHQk5VUWM="} 00999{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331685398311,"flow_dst_last_pkt_time":1715331685398311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715331685398311,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -227,8 +227,8 @@ 01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331685438872,"flow_dst_last_pkt_time":1715331685450305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1715331685450305,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.ViberVoip","proto_id":"78.414","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"viber.com","domainame":"viber.com","stun": {"mapped_address":"93.35.169.150:33171","multimedia_flow_types":"Unknown"}}} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1715331685451739,"flow_dst_last_pkt_time":1715331685450305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1715331685451739,"pkt":"CL6sCxduJjb1W8R1CABFAACYLwJAAEARJtPAqAycEsMEeZ4iAbsAhK\/tAAMAaCESpEJUb0g2cXg2UTZ4ZDYAGQAEEQAAAAAGAB4xNzE1Mzc0ODg1OjU5Njk2NDM0NDk3MDE2NTgwNzIAAAAUAAl2aWJlci5jb20AAAAAFQAQNjlmNGVhMTA0MjQ5YmQxZQAIABR9bzPIbOVJLPCcAYDacCMg8OpbgA=="} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331688662030,"flow_dst_last_pkt_time":1715331688673643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":560,"midstream":0,"thread_ts_usec":1715331688673643,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.ViberVoip","proto_id":"78.414","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"viber.com"}} -00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1715331688673643,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":466,"packets-processed":462,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127821,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":26,"total-detection-updates":19,"total-updates":4,"current-active-flows":0,"total-active-flows":30,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":231,"global_ts_usec":1715331688673643} +00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1715331688673643,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":466,"packets-processed":462,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127821,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":26,"total-detection-updates":19,"total-updates":4,"current-active-flows":0,"total-active-flows":30,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":231,"global_ts_usec":1715331688673643} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 466/462 ~~ skipped flows.............: 0 @@ -237,9 +237,9 @@ ~~ total active/idle flows...: 30/30 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8902839 bytes -~~ total memory freed........: 8902839 bytes -~~ total allocations/frees...: 141373/141373 +~~ total memory allocated....: 9668174 bytes +~~ total memory freed........: 9668174 bytes +~~ total allocations/frees...: 155340/155340 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2483 chars diff --git a/test/results/default/vivox.pcapng.out b/test/results/default/vivox.pcapng.out index 648e54e43..4a14f079c 100644 --- a/test/results/default/vivox.pcapng.out +++ b/test/results/default/vivox.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1736098551173084} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1736098551173084} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736098551173084,"flow_src_last_pkt_time":1736098551173084,"flow_dst_last_pkt_time":1736098551173084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098551173084,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.98.21","src_port":40434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1736098551173084,"flow_dst_last_pkt_time":1736098551173084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736098551173084,"pkt":"WJz8EDlx8C90rUP1CABFAAA8QL1AAEAGgEjAqAENVexiFZ3yAbsgSJ2NAAAAAKAC+vB55QAAAgQFtAQCCArWFxEgAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1736098551173084,"flow_dst_last_pkt_time":1736098551287255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736098551287255,"pkt":"8C90rUP1WJz8EDlxCABFAAA89EdAAPIGGr1V7GIVwKgBDQG7nfKx4iqwIEidjqASEODR3gAAAgQFoAEBCAo3iZW\/1hcRIAQCAAA="} @@ -13,7 +13,7 @@ 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1736098603422280,"flow_src_last_pkt_time":1736098603480145,"flow_dst_last_pkt_time":1736098603422280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098603480145,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.96.158","src_port":55921,"dst_port":40354,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Vivox","proto_by_ip_id":441,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1736098603422280,"flow_src_last_pkt_time":1736098603480145,"flow_dst_last_pkt_time":1736098603422280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098603480145,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.96.158","src_port":55921,"dst_port":40354,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Vivox","proto_by_ip_id":441,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736098551173084,"flow_src_last_pkt_time":1736098551288314,"flow_dst_last_pkt_time":1736098551287255,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098603480145,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.98.21","src_port":40434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Vivox","proto_id":"91.441","proto_by_ip":"Vivox","proto_by_ip_id":441,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1736098603480145} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1736098603480145} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8649534 bytes -~~ total memory freed........: 8649534 bytes -~~ total allocations/frees...: 140553/140553 +~~ total memory allocated....: 9413940 bytes +~~ total memory freed........: 9413940 bytes +~~ total allocations/frees...: 154519/154519 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 1277 chars diff --git a/test/results/default/vk.pcapng.out b/test/results/default/vk.pcapng.out index 854fff667..54ae3861c 100644 --- a/test/results/default/vk.pcapng.out +++ b/test/results/default/vk.pcapng.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675334160555793} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675334160555793} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1675334160555793,"pkt":"dNqIE5X\/CI6QkAulCABFAABYkT1AAEAGDU7AqAH5V\/CBg4RwAbulKVT5c9gL4IAYAfUCFQAAAQEIColQoiPg\/q3hFwMDAB8CiHoHbb46sk3wEVp76KY8pTJ63EhTj6jLGV9BFA03"} 00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -77,7 +77,7 @@ 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334172164388,"flow_src_last_pkt_time":1675334172224141,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":43938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171488140,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334164019208,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":922,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":909,"packets-processed":909,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1675334178414776} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":909,"packets-processed":909,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1675334178414776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 909/909 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8713591 bytes -~~ total memory freed........: 8713591 bytes -~~ total allocations/frees...: 141555/141555 +~~ total memory allocated....: 9478253 bytes +~~ total memory freed........: 9478253 bytes +~~ total allocations/frees...: 155521/155521 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2146 chars diff --git a/test/results/default/vnc.pcap.out b/test/results/default/vnc.pcap.out index 949403b94..c7b1c4904 100644 --- a/test/results/default/vnc.pcap.out +++ b/test/results/default/vnc.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1476111264364066} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1476111264364066} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1476111264364066,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364066,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364590,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"} @@ -18,7 +18,7 @@ 02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3575,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111287358990,"flow_dst_last_pkt_time":1476111287224950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1476111287358990,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":53542.1,"max":538844,"stddev":125065.9,"var":15641482240.0,"ent":3.0,"data": [107,37501,48667,49552,38334,36850,46381,48516,45667,1708,45497,182,37420,547,413,36764,2984,39898,772,181,762,824,181,2,1005,501772,46,703,538844,2,97724]},"pktlen": {"min":40,"avg":56.8,"max":75,"stddev":12.6,"var":158.0,"ent":5.0,"data": [52,52,46,52,52,48,46,40,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,63,40,70,68,72,46,46,67]},"bins": {"c_to_s": [13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.518056870,4.878231525,4.652828693,5.022342682,5.176993847,4.993162155,4.698037148,4.711769104,4.609350204,4.730641365,5.204673767,4.652828693,5.591832638,5.651554108,5.655132294,5.470327854,4.565871716,5.718621254,4.680641174,5.781727314,5.694025517,4.621928692,5.533761978,5.648954391,5.381884575,4.621928692,5.550290108,5.491440296,5.523682594,4.505982876,4.565872192,5.593677998]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2485,"flow_dst_packets_processed":1058,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111280884547,"flow_dst_last_pkt_time":1476111280846496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":64000,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":684,"flow_dst_packets_processed":324,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111290613528,"flow_dst_last_pkt_time":1476111290394024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":17754,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4551,"packets-processed":4551,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1476111290613528} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4551,"packets-processed":4551,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1476111290613528} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4551/4551 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8783429 bytes -~~ total memory freed........: 8783429 bytes -~~ total allocations/frees...: 145101/145101 +~~ total memory allocated....: 9547835 bytes +~~ total memory freed........: 9547835 bytes +~~ total allocations/frees...: 159067/159067 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2389 chars diff --git a/test/results/default/vrrp3.pcapng.out b/test/results/default/vrrp3.pcapng.out index 74504297a..27e50124b 100644 --- a/test/results/default/vrrp3.pcapng.out +++ b/test/results/default/vrrp3.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589370606456815} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589370606456815} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370606456815,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAEjEkZAED6DQb\/oAAAAAAAAAAAAAAAAA2Ng=="} 00893{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -12,7 +12,7 @@ 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1589370643139440,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370643139440,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} 00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370680701452,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1589370680701452} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1589370680701452} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647512 bytes -~~ total memory freed........: 8647512 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9411918 bytes +~~ total memory freed........: 9411918 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 939 chars diff --git a/test/results/default/vxlan.pcap.out b/test/results/default/vxlan.pcap.out index a109257e5..4f18aebef 100644 --- a/test/results/default/vxlan.pcap.out +++ b/test/results/default/vxlan.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639650442645225} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639650442645225} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1639650442645225,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -60,7 +60,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442864784,"flow_src_last_pkt_time":1639650442864881,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645316,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650443276182,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68647,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1639650443276366} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1639650443276366} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668013 bytes -~~ total memory freed........: 8668013 bytes -~~ total allocations/frees...: 140748/140748 +~~ total memory allocated....: 9432643 bytes +~~ total memory freed........: 9432643 bytes +~~ total allocations/frees...: 154714/154714 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 2512 chars diff --git a/test/results/default/wa_video.pcap.out b/test/results/default/wa_video.pcap.out index dd4f8b611..022efc693 100644 --- a/test/results/default/wa_video.pcap.out +++ b/test/results/default/wa_video.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455764448302} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455764448302} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455764448302,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -96,7 +96,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455792270823,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455792270570,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455795276739,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":781,"packets-processed":781,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":99,"global_ts_usec":1561455795283003} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":781,"packets-processed":781,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":99,"global_ts_usec":1561455795283003} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 781/781 ~~ skipped flows.............: 0 @@ -105,9 +105,9 @@ ~~ total active/idle flows...: 14/14 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8701195 bytes -~~ total memory freed........: 8701195 bytes -~~ total allocations/frees...: 141459/141459 +~~ total memory allocated....: 9465985 bytes +~~ total memory freed........: 9465985 bytes +~~ total allocations/frees...: 155425/155425 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2441 chars diff --git a/test/results/default/wa_voice.pcap.out b/test/results/default/wa_voice.pcap.out index 335f54235..3c694638b 100644 --- a/test/results/default/wa_voice.pcap.out +++ b/test/results/default/wa_voice.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687942546,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","domainame":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -206,7 +206,7 @@ 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741430274,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455704557041,"flow_src_last_pkt_time":1561455704557041,"flow_dst_last_pkt_time":1561455704557041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690240149,"flow_dst_last_pkt_time":1561455690302153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":20101,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":736,"packets-processed":734,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":10,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":209,"global_ts_usec":1561455743434771} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":736,"packets-processed":734,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":10,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":209,"global_ts_usec":1561455743434771} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 736/734 ~~ skipped flows.............: 0 @@ -215,9 +215,9 @@ ~~ total active/idle flows...: 28/28 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8829082 bytes -~~ total memory freed........: 8829082 bytes -~~ total allocations/frees...: 141595/141595 +~~ total memory allocated....: 9594353 bytes +~~ total memory freed........: 9594353 bytes +~~ total allocations/frees...: 155562/155562 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 524 chars ~~ json message max len.......: 2501 chars diff --git a/test/results/default/waze.pcap.out b/test/results/default/waze.pcap.out index 8e11819a6..b07193371 100644 --- a/test/results/default/waze.pcap.out +++ b/test/results/default/waze.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435587866603221} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435587866603221} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587866603221,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587866603221,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1435587867103902,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587867103902,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} @@ -28,20 +28,20 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1435587868645018,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868645018,"pkt":"ABoRAAACABoRAAABCABFAAAojYdAAEAGx1YKCAABLjOtto0EAbvOcuGGMY0ee1AQ\/\/87IQAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1435587868645125,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868645125,"pkt":"ABoRAAACABoRAAABCABFAAAoH6pAAEAGNTQKCAABLjOtto0GAbtbbHOupJOMU1AQ\/\/87HwAA"} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1435587868906825,"flow_dst_last_pkt_time":1435587868633828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1435587868906825,"pkt":"ABoRAAACABoRAAABCABFAAB7145AAEAGPlMKCAABNubjrLHZAFCatruQZUlEcVAY\/\/9jcwAAR0VUIC9pbWFnZXMvSEQvQ0gyLnBuZyBIVFRQLzEuMA0KSG9zdDogcm9hZHNoaWVsZHMud2F6ZS5jb20NClVzZXItQWdlbnQ6IC8zLjkuNC4wDQo="} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587868906825,"flow_dst_last_pkt_time":1435587868633828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587868906825,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com","domainame":"roadshields.waze.com","http": {"url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587868906825,"flow_dst_last_pkt_time":1435587868633828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587868906825,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com","domainame":"roadshields.waze.com","http": {"url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1435587868906825,"flow_dst_last_pkt_time":1435587868908213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868908213,"pkt":"ABoRAAACABoRAAABCABFAAAodHZAABAG0b425uOsCggAAQBQsdllSURxmra741AQ\/\/\/YugAA"} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587868996463,"flow_dst_last_pkt_time":1435587868996463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587868996463,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1435587868996463,"flow_dst_last_pkt_time":1435587868996463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587868996463,"pkt":"ABoRAAACABoRAAABCABFAAA8cVdAAEAGm2kKCAABrcJ2MI7pAburox1\/AAAAAKAC\/\/9UDAAAAgQFtAQCCAoACGwoAAAAAAEDAwg="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1435587868996463,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868998782,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1435587869002019,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869002019,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587869002239,"pkt":"ABoRAAACABoRAAABCABFAADejYhAAEAGxp8KCAABLjOtto0EAbvOcuGGMY0ee1AY\/\/+QzQAAFgMBALEBAACtAwFksj7uK\/R43HfLeC3YagY+KKYMl8Gp\/0RLJxa1HLl7kwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869002239,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869002239,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869002486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869002486,"pkt":"ABoRAAACABoRAAABCABFAAAodHlAABAGEGUuM622CggAAQG7jQQxjR57znLiPFAQ\/\/86awAA"} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1435587869054724,"pkt":"ABoRAAACABoRAAABCABFAADWcVlAAEAGms0KCAABrcJ2MI7pAburox2AVFzigVAY\/\/9mQwAAFgMBAKkBAAClAwGlXtzD4CYR60HmpO3Epp6iuyOtJr59nHMXn8J60vKduCBvCKEM0sorljArU6qw4dCFWjF23JNAwYV6Z6lEcvF3aQAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} 01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869054724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587869054928,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869054928,"pkt":"ABoRAAACABoRAAABCABFAAAodHxAABAGyFitwnYwCggAAQG7julUXOKBq6MeLlAQ\/\/\/whAAA"} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587869106324,"pkt":"ABoRAAACABoRAAABCABFAADeH6tAAEAGNH0KCAABLjOtto0GAbtbbHOupJOMU1AY\/\/9DnQAAFgMBALEBAACtAwGHsWGgHOt8dG+f+uI0AkWsU3L2DLrIYI7d\/JEa4+8W9QAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869106324,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869106324,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869106781,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869106781,"pkt":"ABoRAAACABoRAAABCABFAAAodH5AABAGEGAuM622CggAAQG7jQakk4xTW2x0ZFAQ\/\/86aQAA"} 01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587869107169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1435587869107169,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"23f1f6e2f0015c166df49fdab4280370","ja4":"t10i140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","blocks":0}}} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869162594,"flow_dst_last_pkt_time":1435587869162594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869162594,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -49,11 +49,11 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1435587869162594,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869163745,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1435587869163885,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869163885,"pkt":"ABoRAAACABoRAAABCABFAAAoXmlAAEAGt8sKCAABNubjrLHgAFDjpDJRHFvNsFAQ\/\/\/ZBgAA"} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1435587869165386,"pkt":"ABoRAAACABoRAAABCABFAAC0XmpAAEAGtz4KCAABNubjrLHgAFDjpDJRHFvNsFAY\/\/8QEAAAR0VUIC9sYW5nX2Fzci9sYW5nLnBvcnR1Z3Vlc2VfYnJfYXNyIEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFR1ZSwgMjggQXByIDIwMTUgMTQ6NTA6MjUgR01UDQo="} -01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869165386,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869165386,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869165848,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869165848,"pkt":"ABoRAAACABoRAAABCABFAAAodIVAABAG0a825uOsCggAAQBQseAcW82w46Qy3VAQ\/\/\/YegAA"} -01372{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869425938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587869425938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01648{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869476878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869476878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} -01648{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869477117,"flow_dst_last_pkt_time":1435587869477401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869477401,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869425938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587869425938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01646{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869476878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869476878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01646{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869477117,"flow_dst_last_pkt_time":1435587869477401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869477401,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1435587870163940,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587870163940,"pkt":"ABoRAAACABoRAAABCABFAABNMsRAAEAGQsMKECWdriXnUaUQFGaA18okWhY9doAYAVcm3gAAAQEICgAIbJ1BJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587867781306,"flow_dst_last_pkt_time":1435587871459664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587871459664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net","domainame":"xtra1.gpsonextra.net","http": {"url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871656080,"flow_dst_last_pkt_time":1435587871656080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871656080,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -65,10 +65,10 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1435587871658817,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871659994,"pkt":"ABoRAAACABoRAAABCABFAAAodJ5AABAG0ZY25uOsCggAAQBQseQ+dKXVwYtaK1AS\/\/\/ZAQAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1435587871660158,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871660158,"pkt":"ABoRAAACABoRAAABCABFAAAoNxlAAEAG3xsKCAABNubjrLHkAFDBi1orPnSl1lAQ\/\/\/ZAgAA"} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1435587871689811,"flow_dst_last_pkt_time":1435587871657385,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1435587871689811,"pkt":"ABoRAAACABoRAAABCABFAADD\/jZAAEAGF2MKCAABNubjrLHiAFBcJZMHo9ps+lAY\/\/+63QAAR0VUIC9sYW5nX3R0cy9sYW5nLnBvcnR1Z3Vlc2VfYnJfdHRzP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMDggQXByIDIwMTUgMTI6MTI6MjcgR01UDQo="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871689811,"flow_dst_last_pkt_time":1435587871657385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871689811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871689811,"flow_dst_last_pkt_time":1435587871657385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871689811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1435587871689811,"flow_dst_last_pkt_time":1435587871690083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871690083,"pkt":"ABoRAAACABoRAAABCABFAAAodJ9AABAG0ZU25uOsCggAAQBQseKj2mz6XCWTolAQ\/\/\/YaQAA"} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1435587871690486,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1435587871690486,"pkt":"ABoRAAACABoRAAABCABFAADBNxpAAEAG3oEKCAABNubjrLHkAFDBi1orPnSl1lAY\/\/8BLAAAR0VUIC9zaGllbGRzX2NvbmZfbmV3X2xhdGFtP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiByb2Fkc2hpZWxkcy53YXplLmNvbQ0KVXNlci1BZ2VudDogLzMuOS40LjANCklmLU1vZGlmaWVkLVNpbmNlOiBTdW4sIDI5IE1hciAyMDE1IDExOjI5OjUxIEdNVA0K"} -01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871658817,"flow_src_last_pkt_time":1435587871690486,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871690486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com","domainame":"roadshields.waze.com","http": {"url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871658817,"flow_src_last_pkt_time":1435587871690486,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871690486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com","domainame":"roadshields.waze.com","http": {"url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1435587871690486,"flow_dst_last_pkt_time":1435587871690659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871690659,"pkt":"ABoRAAACABoRAAABCABFAAAodKFAABAG0ZM25uOsCggAAQBQseQ+dKXWwYtaxFAQ\/\/\/YaQAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587871918621,"flow_dst_last_pkt_time":1435587871918621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871918621,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1435587871918621,"flow_dst_last_pkt_time":1435587871918621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587871918621,"pkt":"ABoRAAACABoRAAABCABFAAA8cIlAAEAGqJ4KCAABsCJnacdpAbv69x3BAAAAAKAC\/\/\/XPAAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} @@ -91,79 +91,79 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1435587871945754,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871945754,"pkt":"ABoRAAACABoRAAABCABFAAAoxDVAAEAGxaUKCAABNBFy25hiAbudWal9YqZWhFAQ\/\/9kwAAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1435587871945866,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871945866,"pkt":"ABoRAAACABoRAAABCABFAAAoRGhAAEAG0cwKCAABNubjrLHqAFALhykw9HjW0VAQ\/\/\/Y\/AAA"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872045758,"pkt":"ABoRAAACABoRAAABCABFAADecItAAEAGp\/oKCAABsCJnacdpAbv69x3CBQjiP1AY\/\/86cAAAFgMBALEBAACtAwGmC6YG6dpggqRoocPCS6GRSW3HALPFXrzPaO9ENu8EQgAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872045758,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872045758,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872051153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872051153,"pkt":"ABoRAAACABoRAAABCABFAAAodLFAABAG1IqwImdpCggAAQG7x2kFCOI\/+vceeFAQ\/\/\/EYwAA"} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872139946,"pkt":"ABoRAAACABoRAAABCABFAADeKgJAAEAG7oMKCAABsCJnacdqAbskTkdJ27G4uFAY\/\/\/bawAAFgMBALEBAACtAwGNvLHuc12\/pFbnkT4Pum8D8uFdGv9vMlW4Y0hHfiKGhwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872139946,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872139946,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587872140238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872140238,"pkt":"ABoRAAACABoRAAABCABFAAAodLNAABAG1IiwImdpCggAAQG7x2rbsbi4JE5H\/1AQ\/\/\/EYgAA"} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872205500,"pkt":"ABoRAAACABoRAAABCABFAADe\/W5AAEAGGxcKCAABsCJnacdrAbsTBZAl7Ppv3FAY\/\/9RtAAAFgMBALEBAACtAwGE\/segDJyCTDDrsx\/XYj7jlyYez\/MCm2qOXqnc1anvDwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872205500,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872205500,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872206080,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872206080,"pkt":"ABoRAAACABoRAAABCABFAAAodLRAABAG1IewImdpCggAAQG7x2vs+m\/cEwWQ21AQ\/\/\/EYQAA"} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872289316,"pkt":"ABoRAAACABoRAAABCABFAADexDZAAEAGxO4KCAABNBFy25hiAbudWal9YqZWhFAY\/\/8vsgAAFgMBALEBAACtAwF2lB5vq2mfN7X6ktw+ENS1yvGFdgW5h3\/A\/IpZBJlZIAAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872289316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872289316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872289966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872289966,"pkt":"ABoRAAACABoRAAABCABFAAAodLVAABAGRSY0EXLbCggAAQG7mGJiplaEnVmqM1AQ\/\/9kCgAA"} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_usec":1435587872340645,"pkt":"ABoRAAACABoRAAABCABFAADFRGlAAEAG0S4KCAABNubjrLHqAFALhykw9HjW0VAY\/\/\/+LwAAR0VUIC9uZXdWY29uZmlnLzEuMC8zL3Byb21wdHNfY29uZi5idWY\/cnRzZXJ2ZXItaWQ9MTUgSFRUUC8xLjANCkhvc3Q6IGNyZXMud2F6ZS5jb20NClVzZXItQWdlbnQ6IC8zLjkuNC4wDQpJZi1Nb2RpZmllZC1TaW5jZTogVHVlLCAyMyBKdW4gMjAxNSAyMTo0MToxMyBHTVQNCg=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872340645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872340645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587872341312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872341312,"pkt":"ABoRAAACABoRAAABCABFAAAodLZAABAG0X425uOsCggAAQBQser0eNbRC4cpzVAQ\/\/\/YXwAA"} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872476294,"flow_dst_last_pkt_time":1435587872476294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872476294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1435587872476294,"flow_dst_last_pkt_time":1435587872476294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587872476294,"pkt":"ABoRAAACABoRAAABCABFAAA8WSJAAEAGvP4KCAABNubjrLHwAFDxQTSmAAAAAKAC\/\/\/drgAAAgQFtAQCCAoACG2EAAAAAAEDAwg="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1435587872476294,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872477714,"pkt":"ABoRAAACABoRAAABCABFAAAodLxAABAG0Xg25uOsCggAAQBQsfAOvstZ8UE0p1AS\/\/\/Y9QAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1435587872478810,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872478810,"pkt":"ABoRAAACABoRAAABCABFAAAoWSNAAEAGvREKCAABNubjrLHwAFDxQTSnDr7LWlAQ\/\/\/Y9gAA"} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1435587872479232,"pkt":"ABoRAAACABoRAAABCABFAADAWSRAAEAGvHgKCAABNubjrLHwAFDxQTSnDr7LWlAY\/\/9RbQAAR0VUIC9sYW5ncy8xLjAvbGFuZy5wb3J0dWd1ZXNlX2JyP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMTcgSnVuIDIwMTUgMTQ6MDk6MzggR01UDQo="} -01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872479232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872479232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872479402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872479402,"pkt":"ABoRAAACABoRAAABCABFAAAodL9AABAG0XU25uOsCggAAQBQsfAOvsta8UE1P1AQ\/\/\/YXgAA"} -01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872515481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872515481,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872568660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872568660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872569585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587872569585,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872515481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872515481,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872568660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872568660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01551{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872569585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587872569585,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872702798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872702798,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872702798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587872702798,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872704043,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1435587872705148,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872705148,"pkt":"ABoRAAACABoRAAABCABFAAAoY6pAAEAGsooKCAABNubjrLHyAFAC8Q5A\/Q7xwVAQ\/\/\/Y9AAA"} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1435587872706282,"pkt":"ABoRAAACABoRAAABCABFAAC+Y6tAAEAGsfMKCAABNubjrLHyAFAC8Q5A\/Q7xwVAY\/\/8YIAAAR0VUIC9uZXdWY29uZmlnLzEuMC8zL2xhbmcuY29uZj9ydHNlcnZlci1pZD0xNSBIVFRQLzEuMA0KSG9zdDogY3Jlcy53YXplLmNvbQ0KVXNlci1BZ2VudDogLzMuOS40LjANCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDE4IEp1biAyMDE1IDEyOjA2OjEyIEdNVA0K"} -01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872706282,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872706282,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872706630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872706630,"pkt":"ABoRAAACABoRAAABCABFAAAodM1AABAG0Wc25uOsCggAAQBQsfL9DvHBAvEO1lAQ\/\/\/YXgAA"} 02398{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873023451,"flow_dst_last_pkt_time":1435587873023894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587873023894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2041,"avg":339878.5,"max":3680611,"stddev":884676.9,"var":782653259776.0,"ent":2.8,"data": [3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477]},"pktlen": {"min":40,"avg":1952.7,"max":11819,"stddev":3090.5,"var":9551440.0,"ent":3.5,"data": [60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.427644730,4.730641365,4.680641174,5.499622345,4.630641460,7.039453506,4.630641460,6.947220325,4.630641460,5.584113598,4.680641174,6.835184574,4.680641174,6.998500347,4.580641747,3.024588346,4.630641460,6.950185776,4.730640888,6.195324898,4.680641651,6.552656651,4.680641174,1.660765886,4.730641365,1.651001215,4.730640888,1.384768248,4.611768723,1.660717368,4.680640697,4.680641174]},"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net"}} -02430{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587873119875,"flow_dst_last_pkt_time":1435587873120117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5461,"flow_src_tot_l4_payload_len":3221,"flow_dst_tot_l4_payload_len":13199,"midstream":0,"thread_ts_usec":1435587873120117,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":169,"avg":289408.8,"max":1658841,"stddev":505049.6,"var":255075106816.0,"ent":3.3,"data": [1230,10859,357221,367097,474392,475318,8069,9038,265872,317654,51992,865,554,304,254,1430075,1483289,119461,172808,51439,51948,1420,901,467,433,340,381,1601922,1658841,169,57061]},"pktlen": {"min":40,"avg":553.8,"max":5501,"stddev":1270.8,"var":1615041.0,"ent":3.0,"data": [60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40]},"bins": {"c_to_s": [5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.346510887,4.684184074,4.665311813,5.227974892,4.665312290,7.402610779,4.615312099,7.299519062,4.665312290,7.035841465,6.858353615,4.615312099,7.612000942,4.665312290,6.077723026,4.615312099,7.960921764,4.665311813,6.823141098,4.596440315,7.582696438,4.615312099,7.667782307,4.615312099,7.607909679,4.665312290,6.192669392,4.665312290,7.950992584,4.615312099,6.755126476,4.615312099]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587873486827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587873486827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872566264,"flow_dst_last_pkt_time":1435587873688799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873688799,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} -01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587873537747,"flow_dst_last_pkt_time":1435587873741385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873741385,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} -01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587873745477,"flow_dst_last_pkt_time":1435587874033211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587874033211,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} +02428{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587873119875,"flow_dst_last_pkt_time":1435587873120117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5461,"flow_src_tot_l4_payload_len":3221,"flow_dst_tot_l4_payload_len":13199,"midstream":0,"thread_ts_usec":1435587873120117,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":169,"avg":289408.8,"max":1658841,"stddev":505049.6,"var":255075106816.0,"ent":3.3,"data": [1230,10859,357221,367097,474392,475318,8069,9038,265872,317654,51992,865,554,304,254,1430075,1483289,119461,172808,51439,51948,1420,901,467,433,340,381,1601922,1658841,169,57061]},"pktlen": {"min":40,"avg":553.8,"max":5501,"stddev":1270.8,"var":1615041.0,"ent":3.0,"data": [60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40]},"bins": {"c_to_s": [5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.346510887,4.684184074,4.665311813,5.227974892,4.665312290,7.402610779,4.615312099,7.299519062,4.665312290,7.035841465,6.858353615,4.615312099,7.612000942,4.665312290,6.077723026,4.615312099,7.960921764,4.665311813,6.823141098,4.596440315,7.582696438,4.615312099,7.667782307,4.615312099,7.607909679,4.665312290,6.192669392,4.665312290,7.950992584,4.615312099,6.755126476,4.615312099]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587873486827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587873486827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01540{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872566264,"flow_dst_last_pkt_time":1435587873688799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873688799,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} +01540{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587873537747,"flow_dst_last_pkt_time":1435587873741385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873741385,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} +01540{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587873745477,"flow_dst_last_pkt_time":1435587874033211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587874033211,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1435587874253893,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587874253893,"pkt":"ABoRAAACABoRAAABCABFAABNMsVAAEAGQsIKECWdriXnUaUQFGaA18okWhY9doAYAVclRQAAAQEICgAIbjZBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878215938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878215938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878215938,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587878215938,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878217263,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1435587878217523,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878217523,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587878444441,"pkt":"ABoRAAACABoRAAABCABFAADeEZlAAEAGd4wKCAABNBFy25htAbtopH5Wl1uBq1AY\/\/\/QKAAAFgMBALEBAACtAwGuYbGMU0Nfp5xq\/npkGkka24sX9VU\/rk18edcLN8FjCgAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878444441,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878444441,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878444758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878444758,"pkt":"ABoRAAACABoRAAABCABFAAAodRtAABAGRMA0EXLbCggAAQG7mG2XW4GraKR\/DFAQ\/\/9j\/wAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878606407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878606407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878606407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587878606407,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878608820,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1435587878609194,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878609194,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"} -01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878781291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587878781291,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878831646,"flow_dst_last_pkt_time":1435587878832590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2123,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587878832590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878781291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587878781291,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01551{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878831646,"flow_dst_last_pkt_time":1435587878832590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2123,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587878832590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587878901005,"pkt":"ABoRAAACABoRAAABCABFAADeDkNAAEAGtvcKCAABsCK6tI3YAbvsnGGpE2OeWFAY\/\/8ZoQAAFgMBALEBAACtAwFWCBNoAIHi9OlNrmTTyx\/umOS8ZNI54fs0MYN5hNdT+wAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878901005,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878901005,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878901314,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878901314,"pkt":"ABoRAAACABoRAAABCABFAAAodSJAABAGgM6wIrq0CggAAQG7jdgTY55Y7JxiX1AQ\/\/+qqQAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879018798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879018798,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879018798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587879018798,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879020661,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1435587879020846,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879020846,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"} -01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587879181153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879181153,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587879233437,"flow_dst_last_pkt_time":1435587879233895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879233895,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587879181153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879181153,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587879233437,"flow_dst_last_pkt_time":1435587879233895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879233895,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587879574527,"pkt":"ABoRAAACABoRAAABCABFAADeCj5AAEAGuvwKCAABsCK6tI3aAbtwD3ovj\/CF0lAY\/\/\/+sgAAFgMBALEBAACtAwGSsw\/fktSmaBgooXXKSQQjKTgV1PXtiav8sr65RpY55wAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879574527,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879574527,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879574890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879574890,"pkt":"ABoRAAACABoRAAABCABFAAAodSlAABAGgMewIrq0CggAAQG7jdqP8IXScA965VAQ\/\/+qpwAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879850574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879850574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879850574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587879850574,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879852814,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1435587879853039,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879853039,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"} -01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879855334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879855334,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879907076,"flow_dst_last_pkt_time":1435587879907785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879907785,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879855334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879855334,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879907076,"flow_dst_last_pkt_time":1435587879907785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879907785,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587879958583,"pkt":"ABoRAAACABoRAAABCABFAADeFxFAAEAGrikKCAABsCK6tI3cAbueIGdsYd+YlVAY\/\/+8qQAAFgMBALEBAACtAwFRXWw4ffzcoR+ELSkdRag9IC5DFcRvWYz6Kh3Hk0YO0AAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879958583,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879958583,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879958805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879958805,"pkt":"ABoRAAACABoRAAABCABFAAAodTFAABAGgL+wIrq0CggAAQG7jdxh35iVniBoIlAQ\/\/+qpQAA"} -01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587880568184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587880568184,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587880568184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587880568184,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587880576575,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880576575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587880576575,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880576575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1435587880576575,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880577294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587880577294,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"} @@ -209,17 +209,17 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1435587880590039,"flow_dst_last_pkt_time":1435587880587342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587880590039,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGY\/YKCAAByKAEMeyeAFAiBCaXAAAAAFAEAACjfAAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1435587880590285,"flow_dst_last_pkt_time":1435587880588513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587880590285,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGY2EKCAAByKAExqhRAbtmrsLdAAAAAFAEAAAE2QAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1435587880590669,"flow_dst_last_pkt_time":1435587880589665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587880590669,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGY\/YKCAAByKAEMew\/Abump6BrAAAAAFAEAACj+AAA"} -02347{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587880855977,"flow_dst_last_pkt_time":1435587880856912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":21888,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":56070,"midstream":0,"thread_ts_usec":1435587880856912,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":475,"avg":170355.3,"max":415925,"stddev":135089.4,"var":18249146368.0,"ent":4.4,"data": [1325,1585,226918,227495,336533,387205,51299,1169,297221,297772,252519,309444,358705,415925,755,475,490,567,254342,305451,51846,52474,211304,161331,247956,249119,81326,79510,208662,209727,563]},"pktlen": {"min":40,"avg":1824.8,"max":21928,"stddev":4660.8,"var":21723256.0,"ent":2.6,"data": [60,40,40,222,40,1408,40,2163,40,174,40,274,40,189,40,576,40,63,40,1408,40,12352,40,5512,40,21928,40,11345,40,40,40,40]},"bins": {"c_to_s": [12,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,1],"entropies": [4.438340664,4.834184170,4.684184074,5.259868145,4.715312481,7.222858906,4.734184265,7.563067913,4.665312290,6.516509533,4.784184456,7.076688766,4.734184265,6.928961754,4.784184456,7.607337475,4.734184265,5.572360516,4.734184265,7.872128963,4.734184265,7.984007359,4.734184265,7.969620705,4.634184361,7.992324829,4.734184265,7.982760429,4.734183788,4.665311813,4.684184074,4.734184265]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587882306533,"flow_dst_last_pkt_time":1435587880854651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":11132,"flow_src_tot_l4_payload_len":1238,"flow_dst_tot_l4_payload_len":41633,"midstream":0,"thread_ts_usec":1435587882306533,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":330,"avg":191882.9,"max":1449192,"stddev":279549.5,"var":78147936256.0,"ent":3.8,"data": [2413,2787,291811,292494,279839,332432,52742,50748,425063,475681,259886,310653,731,51371,620,734,450,330,293909,545953,252820,1543,20204,21185,56923,56823,156171,205918,52727,4217,1449192]},"pktlen": {"min":40,"avg":1380.3,"max":11172,"stddev":2994.0,"var":8963944.0,"ent":2.9,"data": [60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40]},"bins": {"c_to_s": [12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0],"entropies": [4.438340187,4.834184170,4.784184456,5.232826710,4.734184265,7.011441231,4.784184456,7.575597763,4.634184361,6.629845142,4.684184074,7.007690430,4.734184742,7.624808311,4.784184456,7.415266037,4.734184742,5.664109230,4.734184265,7.981531620,4.784184456,7.979642391,4.734184265,7.801960945,4.715312004,7.982071400,4.834183693,7.818040848,4.834183693,7.971698284,4.715311527,4.765311718]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -02452{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587884544120,"flow_dst_last_pkt_time":1435587884544651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":501,"flow_dst_max_l4_payload_len":3606,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":8366,"midstream":0,"thread_ts_usec":1435587884544651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":413,"avg":1026369.1,"max":5890947,"stddev":1778823.2,"var":3164212035584.0,"ent":3.4,"data": [9060,9459,461199,462055,319157,370793,51463,554,58722,59273,267346,318521,5838678,5890947,1921,3057,232692,285896,1892628,1892382,50926,52168,293028,345106,632,413,1258587,1309974,5014758,5014527,51517]},"pktlen": {"min":40,"avg":352.1,"max":3646,"stddev":731.9,"var":535720.0,"ent":3.4,"data": [60,40,40,222,40,1052,40,2175,40,366,40,274,40,221,40,541,40,93,40,1052,40,3646,40,189,40,301,40,317,40,77,40,40]},"bins": {"c_to_s": [10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1],"entropies": [4.325758457,4.734184265,4.684184074,5.244800568,4.615312099,7.020944595,4.734184265,7.476994514,4.634184361,7.276714802,4.665312290,7.041373253,4.734184265,6.961156845,4.734184265,7.528326035,4.684184551,6.083172798,4.734184265,7.792463779,4.734184265,7.940383911,4.734184265,6.823890686,4.734184265,7.240302563,4.734184265,7.320995331,4.734184265,5.654304981,4.615312099,4.665312290]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587880855977,"flow_dst_last_pkt_time":1435587880856912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":21888,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":56070,"midstream":0,"thread_ts_usec":1435587880856912,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":475,"avg":170355.3,"max":415925,"stddev":135089.4,"var":18249146368.0,"ent":4.4,"data": [1325,1585,226918,227495,336533,387205,51299,1169,297221,297772,252519,309444,358705,415925,755,475,490,567,254342,305451,51846,52474,211304,161331,247956,249119,81326,79510,208662,209727,563]},"pktlen": {"min":40,"avg":1824.8,"max":21928,"stddev":4660.8,"var":21723256.0,"ent":2.6,"data": [60,40,40,222,40,1408,40,2163,40,174,40,274,40,189,40,576,40,63,40,1408,40,12352,40,5512,40,21928,40,11345,40,40,40,40]},"bins": {"c_to_s": [12,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,1],"entropies": [4.438340664,4.834184170,4.684184074,5.259868145,4.715312481,7.222858906,4.734184265,7.563067913,4.665312290,6.516509533,4.784184456,7.076688766,4.734184265,6.928961754,4.784184456,7.607337475,4.734184265,5.572360516,4.734184265,7.872128963,4.734184265,7.984007359,4.734184265,7.969620705,4.634184361,7.992324829,4.734184265,7.982760429,4.734183788,4.665311813,4.684184074,4.734184265]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587882306533,"flow_dst_last_pkt_time":1435587880854651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":11132,"flow_src_tot_l4_payload_len":1238,"flow_dst_tot_l4_payload_len":41633,"midstream":0,"thread_ts_usec":1435587882306533,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":330,"avg":191882.9,"max":1449192,"stddev":279549.5,"var":78147936256.0,"ent":3.8,"data": [2413,2787,291811,292494,279839,332432,52742,50748,425063,475681,259886,310653,731,51371,620,734,450,330,293909,545953,252820,1543,20204,21185,56923,56823,156171,205918,52727,4217,1449192]},"pktlen": {"min":40,"avg":1380.3,"max":11172,"stddev":2994.0,"var":8963944.0,"ent":2.9,"data": [60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40]},"bins": {"c_to_s": [12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0],"entropies": [4.438340187,4.834184170,4.784184456,5.232826710,4.734184265,7.011441231,4.784184456,7.575597763,4.634184361,6.629845142,4.684184074,7.007690430,4.734184742,7.624808311,4.784184456,7.415266037,4.734184742,5.664109230,4.734184265,7.981531620,4.784184456,7.979642391,4.734184265,7.801960945,4.715312004,7.982071400,4.834183693,7.818040848,4.834183693,7.971698284,4.715311527,4.765311718]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02450{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587884544120,"flow_dst_last_pkt_time":1435587884544651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":501,"flow_dst_max_l4_payload_len":3606,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":8366,"midstream":0,"thread_ts_usec":1435587884544651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":413,"avg":1026369.1,"max":5890947,"stddev":1778823.2,"var":3164212035584.0,"ent":3.4,"data": [9060,9459,461199,462055,319157,370793,51463,554,58722,59273,267346,318521,5838678,5890947,1921,3057,232692,285896,1892628,1892382,50926,52168,293028,345106,632,413,1258587,1309974,5014758,5014527,51517]},"pktlen": {"min":40,"avg":352.1,"max":3646,"stddev":731.9,"var":535720.0,"ent":3.4,"data": [60,40,40,222,40,1052,40,2175,40,366,40,274,40,221,40,541,40,93,40,1052,40,3646,40,189,40,301,40,317,40,77,40,40]},"bins": {"c_to_s": [10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1],"entropies": [4.325758457,4.734184265,4.684184074,5.244800568,4.615312099,7.020944595,4.734184265,7.476994514,4.634184361,7.276714802,4.665312290,7.041373253,4.734184265,6.961156845,4.734184265,7.528326035,4.684184551,6.083172798,4.734184265,7.792463779,4.734184265,7.940383911,4.734184265,6.823890686,4.734184265,7.240302563,4.734184265,7.320995331,4.734184265,5.654304981,4.615312099,4.665312290]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894241434,"flow_dst_last_pkt_time":1435587894241434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587894241434,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1435587894241434,"flow_dst_last_pkt_time":1435587894241434,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587894241434,"pkt":"ABoRAAACABoRAAABCABFAAA87+5AAEAGZNsKCAABLjOtto0mAbvDfJnqAAAAAKAC\/\/\/\/twAAAgQFtAQCCAoACHYEAAAAAAEDAwg="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1435587894241434,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894244164,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1435587894244582,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894244582,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587894323314,"pkt":"ABoRAAACABoRAAABCABFAADe7\/BAAEAGZDcKCAABLjOtto0mAbvDfJnrPINmFlAY\/\/+u+wAAFgMBALEBAACtAwFHEcC8WvO2sF2kYiE8YWqxi\/TdpMl6\/BrnTeWud37DVAAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587894323314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587894323314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894323591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894323591,"pkt":"ABoRAAACABoRAAABCABFAAAodXJAABAGD2wuM622CggAAQG7jSY8g2YWw3yaoVAQ\/\/86SQAA"} -01650{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894759207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587894759207,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01648{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894759207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587894759207,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587898822469,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898822469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587898822469,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898822469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587898822469,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898824110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587898824110,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"} @@ -232,10 +232,10 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1435587905035020,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905038374,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1435587905039092,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905039092,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587905111264,"pkt":"ABoRAAACABoRAAABCABFAADe2iVAAEAGegIKCAABLjOtto0pAbvwXaAgD6Jf4VAY\/\/\/tNgAAFgMBALEBAACtAwGvtEh7ZPeUuZEpuZqGf1gkt94wLOoQqmQjq2yZ1wt58QAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587905111264,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587905111264,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905111789,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905111789,"pkt":"ABoRAAACABoRAAABCABFAAAodYdAABAGD1cuM622CggAAQG7jSkPol\/h8F2g1lAQ\/\/86RgAA"} -01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905510433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587905510433,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01650{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905561592,"flow_dst_last_pkt_time":1435587905565256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587905565256,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01372{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905510433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587905510433,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01648{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905561592,"flow_dst_last_pkt_time":1435587905565256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587905565256,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880580707,"flow_src_last_pkt_time":1435587880589785,"flow_dst_last_pkt_time":1435587880581398,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880580707,"flow_src_last_pkt_time":1435587880589785,"flow_dst_last_pkt_time":1435587880581398,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01144{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873026877,"flow_dst_last_pkt_time":1435587873026338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net"}} @@ -244,22 +244,22 @@ 00914{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880589106,"flow_src_last_pkt_time":1435587880590669,"flow_dst_last_pkt_time":1435587880589665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880589106,"flow_src_last_pkt_time":1435587880590669,"flow_dst_last_pkt_time":1435587880589665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1435587867443555,"flow_src_last_pkt_time":1435587867443555,"flow_dst_last_pkt_time":1435587867753906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587869162291,"flow_dst_last_pkt_time":1435587869162022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":1624,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com"}} -00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869302269,"flow_dst_last_pkt_time":1435587869302057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871946086,"flow_dst_last_pkt_time":1435587871945236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871658817,"flow_src_last_pkt_time":1435587871945981,"flow_dst_last_pkt_time":1435587871944650,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":355,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":355,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com"}} -00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872478908,"flow_dst_last_pkt_time":1435587872478463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872705357,"flow_dst_last_pkt_time":1435587872704733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872838050,"flow_dst_last_pkt_time":1435587872837958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587873226090,"flow_dst_last_pkt_time":1435587873171594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":3994,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":7719,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01109{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587880857470,"flow_dst_last_pkt_time":1435587880856912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":21888,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":56070,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01110{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587882306533,"flow_dst_last_pkt_time":1435587880854651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":11132,"flow_src_tot_l4_payload_len":1238,"flow_dst_tot_l4_payload_len":41633,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01102{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587882336369,"flow_dst_last_pkt_time":1435587880964491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":3927,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587883075280,"flow_dst_last_pkt_time":1435587882902014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":8096,"flow_src_tot_l4_payload_len":710,"flow_dst_tot_l4_payload_len":25644,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01211{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":55,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587888318936,"flow_dst_last_pkt_time":1435587888318258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17204,"flow_src_tot_l4_payload_len":8032,"flow_dst_tot_l4_payload_len":71882,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01209{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587884546148,"flow_dst_last_pkt_time":1435587884545701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":501,"flow_dst_max_l4_payload_len":3606,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":8366,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01205{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587901093260,"flow_dst_last_pkt_time":1435587901092928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":982,"flow_dst_tot_l4_payload_len":4287,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01205{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587907392933,"flow_dst_last_pkt_time":1435587907392317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":854,"flow_dst_tot_l4_payload_len":3626,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01009{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587869162291,"flow_dst_last_pkt_time":1435587869162022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":1624,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com"}} +01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869302269,"flow_dst_last_pkt_time":1435587869302057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871946086,"flow_dst_last_pkt_time":1435587871945236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +01010{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871658817,"flow_src_last_pkt_time":1435587871945981,"flow_dst_last_pkt_time":1435587871944650,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":355,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":355,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com"}} +01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872478908,"flow_dst_last_pkt_time":1435587872478463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872705357,"flow_dst_last_pkt_time":1435587872704733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872838050,"flow_dst_last_pkt_time":1435587872837958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587873226090,"flow_dst_last_pkt_time":1435587873171594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":3994,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":7719,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587880857470,"flow_dst_last_pkt_time":1435587880856912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":21888,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":56070,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01108{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587882306533,"flow_dst_last_pkt_time":1435587880854651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":11132,"flow_src_tot_l4_payload_len":1238,"flow_dst_tot_l4_payload_len":41633,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587882336369,"flow_dst_last_pkt_time":1435587880964491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":3927,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01102{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587883075280,"flow_dst_last_pkt_time":1435587882902014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":8096,"flow_src_tot_l4_payload_len":710,"flow_dst_tot_l4_payload_len":25644,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01209{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":55,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587888318936,"flow_dst_last_pkt_time":1435587888318258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17204,"flow_src_tot_l4_payload_len":8032,"flow_dst_tot_l4_payload_len":71882,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01207{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587884546148,"flow_dst_last_pkt_time":1435587884545701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":501,"flow_dst_max_l4_payload_len":3606,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":8366,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587901093260,"flow_dst_last_pkt_time":1435587901092928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":982,"flow_dst_tot_l4_payload_len":4287,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587907392933,"flow_dst_last_pkt_time":1435587907392317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":854,"flow_dst_tot_l4_payload_len":3626,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00915{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880587670,"flow_src_last_pkt_time":1435587880590285,"flow_dst_last_pkt_time":1435587880588513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00769{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880587670,"flow_src_last_pkt_time":1435587880590285,"flow_dst_last_pkt_time":1435587880588513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880578787,"flow_src_last_pkt_time":1435587880583260,"flow_dst_last_pkt_time":1435587880579481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} @@ -273,13 +273,13 @@ 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880577937,"flow_src_last_pkt_time":1435587880583141,"flow_dst_last_pkt_time":1435587880578520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00905{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":2,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587898628291,"flow_dst_last_pkt_time":1435587898628143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":2,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587898628291,"flow_dst_last_pkt_time":1435587898628143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587874945968,"flow_dst_last_pkt_time":1435587874894896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":614,"flow_dst_tot_l4_payload_len":5947,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01101{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587874378804,"flow_dst_last_pkt_time":1435587874344111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":3883,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587874495451,"flow_dst_last_pkt_time":1435587874444700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":614,"flow_dst_tot_l4_payload_len":5947,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01101{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587874945968,"flow_dst_last_pkt_time":1435587874894896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":614,"flow_dst_tot_l4_payload_len":5947,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01099{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587874378804,"flow_dst_last_pkt_time":1435587874344111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":3883,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01101{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587874495451,"flow_dst_last_pkt_time":1435587874444700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":614,"flow_dst_tot_l4_payload_len":5947,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1435587898822469,"flow_src_last_pkt_time":1435587899372457,"flow_dst_last_pkt_time":1435587899318080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":290,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880581548,"flow_src_last_pkt_time":1435587880589942,"flow_dst_last_pkt_time":1435587880582653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880581548,"flow_src_last_pkt_time":1435587880589942,"flow_dst_last_pkt_time":1435587880582653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":597,"packets-processed":597,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":282,"global_ts_usec":1435587907392933} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":597,"packets-processed":597,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":282,"global_ts_usec":1435587907392933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 597/597 ~~ skipped flows.............: 0 @@ -288,10 +288,10 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9227484 bytes -~~ total memory freed........: 9227484 bytes -~~ total allocations/frees...: 141636/141636 +~~ total memory allocated....: 9993014 bytes +~~ total memory freed........: 9993014 bytes +~~ total allocations/frees...: 155606/155606 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars -~~ json message max len.......: 2457 chars -~~ json message avg len.......: 1492 chars +~~ json message max len.......: 2455 chars +~~ json message avg len.......: 1491 chars diff --git a/test/results/default/webdav.pcap.out b/test/results/default/webdav.pcap.out index 73d673c73..b0b9a6199 100644 --- a/test/results/default/webdav.pcap.out +++ b/test/results/default/webdav.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1677169246853624} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1677169246853624} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1677169246853624,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246853624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1677169246853624,"l3_proto":"ip4","src_ip":"10.24.8.189","dst_ip":"104.156.149.6","src_port":50652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246853624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1677169246853624,"pkt":"AAHH9haIEACQor51CABFAAA0mWtAAIAGUOEKGAi9aJyVBsXcAFDgPQjbAAAAAIAC+vC0YgAAAgQFtAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246873589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1677169246873589,"pkt":"EACQor51AAHH9haICABFAAAs0NgAAIAGWXxonJUGChgIvQBQxdy+mZKp4D0I3GAS+vCMJAAAAgQFtA=="} @@ -7,7 +7,7 @@ 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1677169246874184,"flow_dst_last_pkt_time":1677169246873589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1677169246874184,"pkt":"AAHH9haIEACQor51CABFAADQmW1AAIAGUEMKGAi9aJyVBsXcAFDgPQjcvpmSqlAY+vDPfQAAUFJPUEZJTkQgL3dlYmRhdiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTWljcm9zb2Z0LVdlYkRBVi1NaW5pUmVkaXIvMTAuMC4xOTA0NQ0KRGVwdGg6IDANCnRyYW5zbGF0ZTogZg0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IDEwNC4xNTYuMTQ5LjYNCg0K"} 01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1677169246853624,"flow_src_last_pkt_time":1677169246874184,"flow_dst_last_pkt_time":1677169246873589,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1677169246874184,"l3_proto":"ip4","src_ip":"10.24.8.189","dst_ip":"104.156.149.6","src_port":50652,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"104.156.149.6","domainame":"104.156.149.6","http": {"url":"104.156.149.6\/webdav","code":0,"content_type":"","user_agent":"Microsoft-WebDAV-MiniRedir\/10.0.19045"}}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1677169246874184,"flow_dst_last_pkt_time":1677169246874364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1677169246874364,"pkt":"EACQor51AAHH9haICABFAAAo0NkAAIAGWX9onJUGChgIvQBQxdy+mZKq4D0JhFAQ+vCjOQAA"} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1720686494824645} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1720686494824645} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1720686494824645,"flow_src_last_pkt_time":1720686494824645,"flow_dst_last_pkt_time":1720686494824645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1720686494824645,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"198.244.151.63","src_port":35612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1720686494824645,"flow_dst_last_pkt_time":1720686494824645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1720686494824645,"pkt":"pJGxF+92NObXAhsnCABFAAA86f9AAEAGITPAqBCtxvSXP4scAFBI7gRxAAAAAKAC+vAvuAAAAgQFtAQCCApVKw89AAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1720686494824645,"flow_dst_last_pkt_time":1720686494850786,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1720686494850786,"pkt":"NObXAhsnpJGxF+92CABFAAA8iSNAAGwGVg\/G9Jc\/wKgQrQBQixwLdXs7SO4EcqAS\/\/+T5QAAAgQFrAEDAwgEAggK1tnpyFUrDz0="} @@ -72,7 +72,7 @@ 01131{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1720686569180748,"flow_src_last_pkt_time":1720686569288568,"flow_dst_last_pkt_time":1720686569288532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":1417,"flow_src_tot_l4_payload_len":666,"flow_dst_tot_l4_payload_len":2196,"midstream":0,"thread_ts_usec":1720686579520364,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"198.244.151.63","src_port":47726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"www.dlp-test.com"}} 01129{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1720686545193315,"flow_src_last_pkt_time":1720686545300881,"flow_dst_last_pkt_time":1720686545300854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":505,"flow_dst_max_l4_payload_len":779,"flow_src_tot_l4_payload_len":658,"flow_dst_tot_l4_payload_len":974,"midstream":0,"thread_ts_usec":1720686579520364,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"198.244.151.63","src_port":55974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"www.dlp-test.com"}} 01129{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1720686579411325,"flow_src_last_pkt_time":1720686579520364,"flow_dst_last_pkt_time":1720686579520335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":779,"flow_src_tot_l4_payload_len":668,"flow_dst_tot_l4_payload_len":974,"midstream":0,"thread_ts_usec":1720686579520364,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"198.244.151.63","src_port":57432,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"www.dlp-test.com"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1720686579520364} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1720686579520364} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/92 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8665397 bytes -~~ total memory freed........: 8665397 bytes -~~ total allocations/frees...: 140750/140750 +~~ total memory allocated....: 9429995 bytes +~~ total memory freed........: 9429995 bytes +~~ total allocations/frees...: 154716/154716 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 1590 chars diff --git a/test/results/default/webex.pcap.out b/test/results/default/webex.pcap.out index 0b7ea8396..5d125f771 100644 --- a/test/results/default/webex.pcap.out +++ b/test/results/default/webex.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624853841,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570624853841,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860347,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} @@ -55,9 +55,9 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1444570632436109,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632439585,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1444570632470387,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632470387,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570632470550,"pkt":"ABoRAAACABoRAAABCABFAABnE6NAAEAGB8YKCAABFyz987+YAbs3etLYyIUtKVAYOQiFHgAAFgMBADoBAAA2AwGEmq+NZP+kc3ErHq1IRgxSv+RZnIPy+ZyIImU+XVBptwAABAA1AP8BAAAJACMAAAAPAAEB"} -01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632470550,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632470550,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632470778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632470778,"pkt":"ABoRAAACABoRAAABCABFAAAoAWxAABAGSjwXLP3zCggAAQG7v5jIhS0pN3rTF1AQ\/\/\/PFwAA"} -02156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632591660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":2903,"midstream":0,"thread_ts_usec":1444570632591660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD","blocks":0}}} +02157{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632591660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":2903,"midstream":0,"thread_ts_usec":1444570632591660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633357298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570633357298,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633357298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570633357298,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570633360351,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"} @@ -334,7 +334,7 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1444570699074033,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699077509,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1444570699077833,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699077833,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"} 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570699079240,"pkt":"ABoRAAACABoRAAABCABFAAEAOjxAAEAGnrQKCAABNvEgDrSDAbvRQeFILr4euVAYOQhpTwAAFgMBANMBAADPAwFWGmZLJysQyU55el0fA2qHtq46\/QtJIPLxFEGaenjG8gAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABgAAAAGAAWAAATYXBpLmNyaXR0ZXJjaXNtLmNvbQALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699079240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699079240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699079481,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699079481,"pkt":"ABoRAAACABoRAAABCABFAAAoA2ZAABAGBmM28SAOCggAAQG7tIMuvh650UHiIFAQ\/\/+XtAAA"} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699096723,"flow_src_last_pkt_time":1444570699096723,"flow_dst_last_pkt_time":1444570699096723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699096723,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699096723,"flow_dst_last_pkt_time":1444570699096723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699096723,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} @@ -352,8 +352,8 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699212081,"flow_dst_last_pkt_time":1444570699212387,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699212387,"pkt":"ABoRAAACABoRAAABCABFAAAoA2tAABAGIdNOLu1bCggAAQBQ6W3tNUJ0Esq+21AQ\/\/9\/NAAA"} 01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":832,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570699096723,"flow_src_last_pkt_time":1444570699202178,"flow_dst_last_pkt_time":1444570699445643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1444570699445643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cp.pushwoosh.com","domainame":"cp.pushwoosh.com","http": {"url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":200,"content_type":"application\/json","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)","request_content_type":"application\/json"}}} 01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699101872,"flow_src_last_pkt_time":1444570699212081,"flow_dst_last_pkt_time":1444570699469003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1444570699469003,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cp.pushwoosh.com","domainame":"cp.pushwoosh.com","http": {"url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":200,"content_type":"application\/json","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)","request_content_type":"application\/json"}}} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":836,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699636393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1382,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1382,"midstream":0,"thread_ts_usec":1444570699636393,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":844,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699643521,"flow_dst_last_pkt_time":1444570699643969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":5496,"midstream":0,"thread_ts_usec":1444570699643969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","server_names":"*.crittercism.com,crittercism.com","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18","blocks":0}}} +01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":836,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699636393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1382,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1382,"midstream":0,"thread_ts_usec":1444570699636393,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01745{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":844,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699643521,"flow_dst_last_pkt_time":1444570699643969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":5496,"midstream":0,"thread_ts_usec":1444570699643969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","server_names":"*.crittercism.com,crittercism.com","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699916083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699916083,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699916083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699916083,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699917636,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"} @@ -436,7 +436,7 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738426631,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738426631,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/JAABAGPfA+beB4CggAAQG7x\/s\/nm3LwGGSdVAQ\/\/+87gAA"} 01699{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1092,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570740300724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570740300724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1109,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570733113725,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570741466310,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00923{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01206{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570639259000,"flow_dst_last_pkt_time":1444570638211110,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6157,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570639256495,"flow_dst_last_pkt_time":1444570638203525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":5352,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -449,7 +449,7 @@ 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570640345761,"flow_dst_last_pkt_time":1444570639251010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636961710,"flow_dst_last_pkt_time":1444570636898687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6221,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570639257331,"flow_dst_last_pkt_time":1444570638211737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6157,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01192{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570740247303,"flow_dst_last_pkt_time":1444570705689183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":6828,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01190{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570740247303,"flow_dst_last_pkt_time":1444570705689183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":6828,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640330424,"flow_src_last_pkt_time":1444570670369848,"flow_dst_last_pkt_time":1444570670371970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640338595,"flow_src_last_pkt_time":1444570670373481,"flow_dst_last_pkt_time":1444570670373944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":50,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570738301094,"flow_dst_last_pkt_time":1444570704270773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":9593,"flow_dst_tot_l4_payload_len":4003,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -495,9 +495,9 @@ 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570673280105,"flow_dst_last_pkt_time":1444570673246494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570639261747,"flow_dst_last_pkt_time":1444570638236049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":3966,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01075{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640298584,"flow_src_last_pkt_time":1444570645703037,"flow_dst_last_pkt_time":1444570645704812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570633205058,"flow_dst_last_pkt_time":1444570633137443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":3643,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570633205058,"flow_dst_last_pkt_time":1444570633137443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":3643,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570639255598,"flow_dst_last_pkt_time":1444570638202080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6168,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1110,"packets-processed":1110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":500,"global_ts_usec":1444570742172121} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1110,"packets-processed":1110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":500,"global_ts_usec":1444570742172121} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1110/1110 ~~ skipped flows.............: 0 @@ -506,9 +506,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9712274 bytes -~~ total memory freed........: 9712274 bytes -~~ total allocations/frees...: 142639/142639 +~~ total memory allocated....: 10478605 bytes +~~ total memory freed........: 10478605 bytes +~~ total allocations/frees...: 156610/156610 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 2458 chars diff --git a/test/results/default/websocket-chisel-ssh.pcap.out b/test/results/default/websocket-chisel-ssh.pcap.out index c9871fc14..6521b0b36 100644 --- a/test/results/default/websocket-chisel-ssh.pcap.out +++ b/test/results/default/websocket-chisel-ssh.pcap.out @@ -1,5 +1,5 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1736499612067222} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1736499612067222} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736499612067222,"flow_src_last_pkt_time":1736499612067222,"flow_dst_last_pkt_time":1736499612067222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736499612067222,"l3_proto":"ip4","src_ip":"172.18.82.242","dst_ip":"172.18.82.243","src_port":41986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1736499612067222,"flow_dst_last_pkt_time":1736499612067222,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736499612067222,"pkt":"+A6OkVFv+OTjyhVrCABFAAA81hRAAEAGZp2sElLyrBJS86QCAFCGekYjAAAAAKAC\/9zZCQAAAgQFHgQCCAqQcnBCAAAAAAEDAwc="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1736499612067222,"flow_dst_last_pkt_time":1736499612280156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736499612280156,"pkt":"AOTjyhVrAA6OkVFvCABFAAA8AABAADMGSbKsElLzrBJS8gBQpAKDtgcNhnpGJKAS\/ohS8AAAAgQFHgQCCAq9BT+TkHJwQgEDAwc="} @@ -13,7 +13,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1736499612280719,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1736499612587861,"pkt":"+OTjyhVrAA6OkVFvCABFAAA08ntAADMGVz6sElLzrBJS8gBQpAKDtgcOhnpHA4AQAfx68wAAAQEICr0FQJ+QcnEX"} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1736499612067222,"flow_src_last_pkt_time":1736499612280719,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":181,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":205,"midstream":0,"thread_ts_usec":1736499612587861,"l3_proto":"ip4","src_ip":"172.18.82.242","dst_ip":"172.18.82.243","src_port":41986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"something1.tld"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1736499612587861,"flow_src_last_pkt_time":1736499612587861,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1736499612587861,"l3_proto":"ip4","src_ip":"172.18.82.243","dst_ip":"172.18.82.242","src_port":80,"dst_port":51634,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1736499612587861} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1736499612587861} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647625 bytes -~~ total memory freed........: 8647625 bytes -~~ total allocations/frees...: 140558/140558 +~~ total memory allocated....: 9412031 bytes +~~ total memory freed........: 9412031 bytes +~~ total allocations/frees...: 154524/154524 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 558 chars ~~ json message max len.......: 1146 chars diff --git a/test/results/default/websocket.pcap.out b/test/results/default/websocket.pcap.out index cd50dc7df..e0ead91b0 100644 --- a/test/results/default/websocket.pcap.out +++ b/test/results/default/websocket.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1475155931028697} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1475155931028697} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1475155931028697,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1475155931028697,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1475155931028697,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WebSocket","proto_id":"251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -8,7 +8,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1475155946903705,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1475156008638608,"pkt":"AAwpij2nAFBWwAAICABFAAA9BeZAAEAGXPzAqCsBwKgrh8c3MDnJ1LFpPIpUtFAYP+K7sAAAgY+3zv1X36uRO9juijLVvZI03KuJ"} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1475156008657690,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1475156008657690,"pkt":"AFBWwAAIAAwpij2nCABFAABf27ZAAEAGhwnAqCuHwKgrATA5xzc8ilS0ydSxflAYAO0H8wAAgTUyMTozNDo1MyAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IGhlbGxvIHdlYnNvY2tldA=="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475156008657690,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":39,"midstream":1,"thread_ts_usec":1475156008657690,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WebSocket","proto_id":"251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1475156008657690} +00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1475156008657690} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647035 bytes -~~ total memory freed........: 8647035 bytes -~~ total allocations/frees...: 140539/140539 +~~ total memory allocated....: 9411409 bytes +~~ total memory freed........: 9411409 bytes +~~ total allocations/frees...: 154505/154505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/wechat.pcap.out b/test/results/default/wechat.pcap.out index db2a942cc..47c09e0a3 100644 --- a/test/results/default/wechat.pcap.out +++ b/test/results/default/wechat.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492167337792745} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492167337792745} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167337792745,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":604,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167337792745,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_usec":1492167337792745,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167337792797,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"} @@ -169,7 +169,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1492167382020263,"flow_dst_last_pkt_time":1492167382374842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1492167382374842,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL8xAAC4G9rPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAQAIMTdgAAAADZK2u8"} 02220{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1492167378674770,"flow_src_last_pkt_time":1492167386718697,"flow_dst_last_pkt_time":1492167385566065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":8227,"flow_dst_tot_l4_payload_len":6835,"midstream":0,"thread_ts_usec":1492167386718697,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":435,"avg":481781.3,"max":4544256,"stddev":1044110.9,"var":1090167570432.0,"ent":3.2,"data": [359228,359315,435,360585,1948,362066,491,468,3580,359717,357128,3318,369214,32832,2766,400529,15038,3260,381959,38044,403106,2395,369120,36996,438834,4139732,3287,4544256,34139,398836,1152600]},"pktlen": {"min":52,"avg":523.2,"max":1740,"stddev":556.0,"var":309130.7,"ent":4.2,"data": [60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,221,52,1225,429,52,250,1292,527,52,988,52,1292,527,52,989,52,1220]},"bins": {"c_to_s": [7,0,0,1,0,0,0,1,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0],"entropies": [4.605928421,5.108290672,5.014834881,5.876290798,5.094483376,6.803863049,5.053297043,7.616803169,4.972088814,6.308379173,5.995617867,7.811126232,7.530417919,5.171407223,7.866411686,7.065956593,5.063529015,7.814155579,7.416600704,5.171407223,7.067113400,7.817794323,7.516748905,5.171407223,7.779650211,5.025067329,7.859876633,7.574586868,5.176993370,7.802303791,5.025067806,7.850266933]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 02221{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1492167378926091,"flow_src_last_pkt_time":1492167387133549,"flow_dst_last_pkt_time":1492167385164247,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":8225,"flow_src_tot_l4_payload_len":6431,"flow_dst_tot_l4_payload_len":15757,"midstream":0,"thread_ts_usec":1492167387133549,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":438,"avg":465987.6,"max":3383945,"stddev":827194.4,"var":684250497024.0,"ent":3.4,"data": [353750,353837,953113,1178147,225005,127739,4445,132165,453,438,626,638,1531,362180,361114,370977,4561,375090,3297,3310,3017858,3341,3383945,31235,408978,7414,382158,34643,434308,1925965,3353]},"pktlen": {"min":52,"avg":746.1,"max":8277,"stddev":1463.3,"var":2141136.5,"ent":3.6,"data": [60,60,52,290,60,52,52,1480,52,1480,52,312,52,178,103,1139,1480,1480,52,8277,52,1292,527,52,1363,1225,429,52,250,52,1292,527]},"bins": {"c_to_s": [9,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,1]},"directions": [0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,0,0,0],"entropies": [4.726680756,5.187539101,5.014835358,5.881073475,5.174957275,4.976373672,5.171406746,6.805123806,4.976373672,7.508996010,5.025067806,7.162304878,5.025067806,6.445491314,5.965487480,7.807569027,7.879969597,7.864712715,4.986606121,7.977176189,5.025067806,7.830005169,7.567298412,5.094483376,7.875021458,7.841088295,7.461124897,5.132945061,7.021474361,5.025067806,7.846213341,7.502761364]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -02241{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1492167353674975,"flow_src_last_pkt_time":1492167387855952,"flow_dst_last_pkt_time":1492167387536614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":1188,"flow_src_tot_l4_payload_len":1584,"flow_dst_tot_l4_payload_len":9504,"midstream":1,"thread_ts_usec":1492167387855952,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":2194923.0,"max":11774429,"stddev":3337575.2,"var":11139408723968.0,"ent":3.8,"data": [67,1713342,2033838,5903,326356,805535,1165376,11414547,11774429,393649,716591,9325022,9647966,1906296,2225757,6412,325847,425651,784494,2983400,3342263,487827,806732,9168,328050,421461,782117,1181667,1542348,420552,739953]},"pktlen": {"min":52,"avg":398.5,"max":1240,"stddev":492.5,"var":242574.8,"ent":4.0,"data": [250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52]},"bins": {"c_to_s": [8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [7.178055763,5.101991177,7.840975285,5.162476063,7.144028187,5.025067806,7.842404366,5.138531685,7.054569721,5.063529491,7.824712276,5.138531685,7.172506809,5.171406746,7.844462872,5.138531685,7.113152027,5.041504860,7.832453728,5.100070000,7.041498184,5.094483852,7.836290359,5.138531685,7.090556145,5.132945538,7.813812256,5.138531685,6.974005222,5.118428230,7.850635529,5.124014854]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02237{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1492167353674975,"flow_src_last_pkt_time":1492167387855952,"flow_dst_last_pkt_time":1492167387536614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":1188,"flow_src_tot_l4_payload_len":1584,"flow_dst_tot_l4_payload_len":9504,"midstream":1,"thread_ts_usec":1492167387855952,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":2194923.0,"max":11774429,"stddev":3337575.2,"var":11139408723968.0,"ent":3.8,"data": [67,1713342,2033838,5903,326356,805535,1165376,11414547,11774429,393649,716591,9325022,9647966,1906296,2225757,6412,325847,425651,784494,2983400,3342263,487827,806732,9168,328050,421461,782117,1181667,1542348,420552,739953]},"pktlen": {"min":52,"avg":398.5,"max":1240,"stddev":492.5,"var":242574.8,"ent":4.0,"data": [250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52]},"bins": {"c_to_s": [8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [7.178055763,5.101991177,7.840975285,5.162476063,7.144028187,5.025067806,7.842404366,5.138531685,7.054569721,5.063529491,7.824712276,5.138531685,7.172506809,5.171406746,7.844462872,5.138531685,7.113152027,5.041504860,7.832453728,5.100070000,7.041498184,5.094483852,7.836290359,5.138531685,7.090556145,5.132945538,7.813812256,5.138531685,6.974005222,5.118428230,7.850635529,5.124014854]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426352,"flow_src_last_pkt_time":1492167383949103,"flow_dst_last_pkt_time":1492167338426352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167387855952,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426301,"flow_src_last_pkt_time":1492167383949003,"flow_dst_last_pkt_time":1492167338426301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167387855952,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1492167397120263,"flow_dst_last_pkt_time":1492167352122932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167397120263,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePJAAEAGFx3AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO0gQAAAAQEICgAw5QaFnXDI"} @@ -646,7 +646,7 @@ 00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167851203580,"flow_src_last_pkt_time":1492167851203580,"flow_dst_last_pkt_time":1492167851203580,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167765155968,"flow_src_last_pkt_time":1492167765155968,"flow_dst_last_pkt_time":1492167765432548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":349,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"web.wechat.com"}} 00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167849769805,"flow_src_last_pkt_time":1492167851204799,"flow_dst_last_pkt_time":1492167849769805,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1553,"packets-processed":1552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":61,"total-updates":72,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":649,"global_ts_usec":1492171154216266} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1553,"packets-processed":1552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":61,"total-updates":72,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":649,"global_ts_usec":1492171154216266} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171154216266,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_usec":1492171154216266,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171154216266,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -830,21 +830,21 @@ 01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171291761740,"flow_src_last_pkt_time":1492171291761740,"flow_dst_last_pkt_time":1492171291761740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"webpush.web.wechat.com.lan","domainame":"webpush.web.wechat.com.lan","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492171267294534,"flow_src_last_pkt_time":1492171269750011,"flow_dst_last_pkt_time":1492171267294534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171169377549,"flow_src_last_pkt_time":1492171169377549,"flow_dst_last_pkt_time":1492171169377549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01092{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171168104293,"flow_src_last_pkt_time":1492171268472274,"flow_dst_last_pkt_time":1492171168104293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01093{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171168104293,"flow_src_last_pkt_time":1492171268472274,"flow_dst_last_pkt_time":1492171168104293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171168104293,"flow_src_last_pkt_time":1492171268472274,"flow_dst_last_pkt_time":1492171168104293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01092{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166312260,"flow_src_last_pkt_time":1492171267294567,"flow_dst_last_pkt_time":1492171166312260,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01093{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166312260,"flow_src_last_pkt_time":1492171267294567,"flow_dst_last_pkt_time":1492171166312260,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166312260,"flow_src_last_pkt_time":1492171267294567,"flow_dst_last_pkt_time":1492171166312260,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01092{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166440257,"flow_src_last_pkt_time":1492171271288269,"flow_dst_last_pkt_time":1492171166440257,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01093{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166440257,"flow_src_last_pkt_time":1492171271288269,"flow_dst_last_pkt_time":1492171166440257,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166440257,"flow_src_last_pkt_time":1492171271288269,"flow_dst_last_pkt_time":1492171166440257,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01092{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166696233,"flow_src_last_pkt_time":1492171267294545,"flow_dst_last_pkt_time":1492171166696233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01093{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166696233,"flow_src_last_pkt_time":1492171267294545,"flow_dst_last_pkt_time":1492171166696233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171166696233,"flow_src_last_pkt_time":1492171267294545,"flow_dst_last_pkt_time":1492171166696233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1492167342893680,"flow_src_last_pkt_time":1492167478248211,"flow_dst_last_pkt_time":1492167478295735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":829,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1283,"flow_dst_tot_l4_payload_len":5138,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleusercontent.com"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171291761740,"flow_src_last_pkt_time":1492171291761740,"flow_dst_last_pkt_time":1492171291761740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01092{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1492171176772041,"flow_src_last_pkt_time":1492171267576264,"flow_dst_last_pkt_time":1492171176772041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01093{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1492171176772041,"flow_src_last_pkt_time":1492171267576264,"flow_dst_last_pkt_time":1492171176772041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1492171176772041,"flow_src_last_pkt_time":1492171267576264,"flow_dst_last_pkt_time":1492171176772041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01092{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171164904228,"flow_src_last_pkt_time":1492171269128269,"flow_dst_last_pkt_time":1492171164904228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01093{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171164904228,"flow_src_last_pkt_time":1492171269128269,"flow_dst_last_pkt_time":1492171164904228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171164904228,"flow_src_last_pkt_time":1492171269128269,"flow_dst_last_pkt_time":1492171164904228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01092{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171168104237,"flow_src_last_pkt_time":1492171267294579,"flow_dst_last_pkt_time":1492171168104237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01093{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171168104237,"flow_src_last_pkt_time":1492171267294579,"flow_dst_last_pkt_time":1492171168104237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171168104237,"flow_src_last_pkt_time":1492171267294579,"flow_dst_last_pkt_time":1492171168104237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167377896227,"flow_src_last_pkt_time":1492167468008215,"flow_dst_last_pkt_time":1492167468048114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167377896227,"flow_src_last_pkt_time":1492167468008215,"flow_dst_last_pkt_time":1492167468048114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -864,7 +864,7 @@ 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171269548804,"flow_src_last_pkt_time":1492171269548804,"flow_dst_last_pkt_time":1492171269548804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1492171250302344,"flow_src_last_pkt_time":1492171253304834,"flow_dst_last_pkt_time":1492171250302344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171184747647,"flow_src_last_pkt_time":1492171184747647,"flow_dst_last_pkt_time":1492171184747647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01094{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1492171176772333,"flow_src_last_pkt_time":1492171271288336,"flow_dst_last_pkt_time":1492171176772333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01095{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1492171176772333,"flow_src_last_pkt_time":1492171271288336,"flow_dst_last_pkt_time":1492171176772333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1492171176772333,"flow_src_last_pkt_time":1492171271288336,"flow_dst_last_pkt_time":1492171176772333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00927{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1492167905561959,"flow_src_last_pkt_time":1492167907207433,"flow_dst_last_pkt_time":1492167907207381,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1492167905561959,"flow_src_last_pkt_time":1492167907207433,"flow_dst_last_pkt_time":1492167907207381,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -880,7 +880,7 @@ 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492171268754627,"flow_src_last_pkt_time":1492171273759735,"flow_dst_last_pkt_time":1492171268754627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492171269383166,"flow_src_last_pkt_time":1492171269383221,"flow_dst_last_pkt_time":1492171269383166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171274755195,"flow_src_last_pkt_time":1492171274755195,"flow_dst_last_pkt_time":1492171274755195,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1672,"packets-processed":1672,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":64,"total-updates":77,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":883,"global_ts_usec":1492171291761740} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1672,"packets-processed":1672,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":64,"total-updates":77,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":883,"global_ts_usec":1492171291761740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1672/1672 ~~ skipped flows.............: 0 @@ -889,9 +889,9 @@ ~~ total active/idle flows...: 109/109 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9924874 bytes -~~ total memory freed........: 9924874 bytes -~~ total allocations/frees...: 144077/144077 +~~ total memory allocated....: 10693001 bytes +~~ total memory freed........: 10693001 bytes +~~ total allocations/frees...: 158052/158052 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 2392 chars diff --git a/test/results/default/weibo.pcap.out b/test/results/default/weibo.pcap.out index 7acc0e8c8..fe78ace3d 100644 --- a/test/results/default/weibo.pcap.out +++ b/test/results/default/weibo.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1463089067804779} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1463089067804779} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089067804779,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089067804779,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1463089067804779,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1463089067804779,"pkt":"eJKcD6iOkDVu60UQCABFAAClAABAADMR2u3YOtIOwKgBaQG7wNEAkSEpAAl3y2T5ujTCSSEU5zJMPfXh7u\/a3oWq2yhhK1m4ny+qR4W2lfILr6Ils4h\/iqKUCkI0zipqePuQ8qDP3gfa2UEwOgxjQY6zEBJhdLLCAKezbAF+wpbNcZnrqI9Vp3iRS5CpzEuDxhuTRv5J009cEtkCA6nVS0D6WXhVs+S9\/EHIHeXl6YD1cbA="} 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1463089067804822,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_usec":1463089067804822,"pkt":"eJKcD6iOkDVu60UQCABFAAFTAABAADMR2j\/YOtIOwKgBaQG7wNEBPzHaAAoUu93Ovdfsj+VZ99cgMeSVKfCKokSNRuOMv1PGF2DIkukcXrUmGkv\/ArCiq\/KK23NXKqXH3z8FxKfa8OQtN5x73GaADweitAmqYsU072yu9KsRUtnFIEIB5Y5LqWVX6vqXepSvfYCEhodq+tUiz0aSzdffkeHhLztt20iOOpChbjrtXhyjh2xOYPCWGl\/75gN\/zEEb2R9h09zfr5IUCExPcV8JWIdoh2fXU4mq9qytwCU0GOdjsWy12v2HhTBnSYnXaFz8kW\/ToyswW6z6hT26xiqWB5RJW9cvGUU8G6jKCXTHHR5WczEJ7NLt9QErBQKutf8Nh4rVBXW1avPgj1A0tNYSKXAcYt1eYGsw4tjOzS7DHafUDgikSZ+H9BNuGGXb1gwh45909vW3665ubMpNt9lmWoI="} @@ -223,7 +223,7 @@ 01094{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089070757761,"flow_src_last_pkt_time":1463089070757761,"flow_dst_last_pkt_time":1463089070841770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weibo.com"}} -00926{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071994093,"flow_src_last_pkt_time":1463089071994093,"flow_dst_last_pkt_time":1463089072138578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00924{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071994093,"flow_src_last_pkt_time":1463089071994093,"flow_dst_last_pkt_time":1463089072138578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071994093,"flow_src_last_pkt_time":1463089071994093,"flow_dst_last_pkt_time":1463089072138578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":39,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089072438109,"flow_dst_last_pkt_time":1463089072438075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":31448,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.SinaWeibo","proto_id":"7.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.weibo.com"}} 01049{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073764453,"flow_src_last_pkt_time":1463089073764453,"flow_dst_last_pkt_time":1463089073764453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -264,7 +264,7 @@ 00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071730101,"flow_src_last_pkt_time":1463089071730101,"flow_dst_last_pkt_time":1463089071755114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071730101,"flow_src_last_pkt_time":1463089071730101,"flow_dst_last_pkt_time":1463089071755114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394448,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":498,"packets-processed":498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":267,"global_ts_usec":1463089073893914} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":498,"packets-processed":498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":267,"global_ts_usec":1463089073893914} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 498/498 ~~ skipped flows.............: 0 @@ -273,9 +273,9 @@ ~~ total active/idle flows...: 44/44 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8768739 bytes -~~ total memory freed........: 8768739 bytes -~~ total allocations/frees...: 141580/141580 +~~ total memory allocated....: 9534489 bytes +~~ total memory freed........: 9534489 bytes +~~ total allocations/frees...: 155546/155546 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 2244 chars diff --git a/test/results/default/whatsapp.pcap.out b/test/results/default/whatsapp.pcap.out index 408929978..4a4aa4161 100644 --- a/test/results/default/whatsapp.pcap.out +++ b/test/results/default/whatsapp.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655030801747000} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655030801747000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030801747000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655030801747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655030801747000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655030801747000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ABpAAD8GAijAqAJkszzDMa8EFGbkDT9OAAAAAKAC\/\/\/IawAAAgQFtAQCCArFapnmAAAAAAEDAwk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655030801776000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655030801776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ABtAAD8GAi\/AqAJkszzDMa8EFGbkDT9PTyfQe4AQAKy6dAAAAQEICsVqmgM2ROYE"} @@ -7,7 +7,7 @@ 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655030801890000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":350,"pkt_l4_len":316,"thread_ts_usec":1655030801890000,"pkt":"eJS0JASgYDjgxTWgCABFAAFQAB1AAD8GARHAqAJkszzDMa8EFGbkDT9TTyfQe4AYAKyJ+wAAAQEICsVqmnU2ROZ3AAAECAkIAldBBQIAAQ4SiwIKIDj7+pXlvAgmViwpUlFGYvO7\/yYma2eom\/G2OTNSuB9CEjDDX+ArZolS0PQnuB247fnbmCRsbrfgMrMGVJKMEE0t2\/JRP8Web3dbO7XmVIhSAMUatAGDAKIxOIhCtS95+1nqKJyrSC2PmyXih4qhdJJJio4iS3y2E7TtcgDKuHyZ\/UvYMWM1fN9zY73yjAQyazTEx2GF7o2qsRZh+ii4dJBC1jpfEIfBRkuogNaLxnCXPsblfV1VotCn1Pe51mjYXnk7cnPMyVrGE9EczxjQfevJacaaYgo8HcbO\/l9KLqGgkMzIQe5860q0eu8zygvB+CnrGia9AmXhxwG9DXMaMKJhPVwRBswrmz0="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030801890000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655030801890000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655030802021000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655030802021000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AB5AAD8GAizAqAJkszzDMa8EFGbkDUBvTyfQtIAQAKy3MAAAAQEICsVqmvg2ROb6"} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1655031983762000} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1655031983762000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655031983762000,"flow_src_last_pkt_time":1655031983762000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655031983762000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655031983762000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655031983762000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wNRAAD8GQW3AqAJkszzDMZyUFGb3fC5VAAAAAKAC\/\/8sUAAAAgQFtAQCCAo3N9QvAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655031983792000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655031983792000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wNVAAD8GQXTAqAJkszzDMZyUFGb3fC5W\/Bdho4AQAIAA5AAAAQEICjc31GXWXSVb"} @@ -22,7 +22,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655032257115000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1655032257115000,"pkt":"eJS0JASgYDjgxTWgCABFAAA\/\/WVAAD8GBNnAqAJkszzDMaUgFGax9BltNUwtP4AYAVcS1AAAAQEICkZl\/WKo3wJ9AAAECAkIAldBBQI="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655032256845000,"flow_src_last_pkt_time":1655032257115000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032257115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655032257144000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1655032257144000,"pkt":"eJS0JASgYDjgxTWgCABFAAE6\/WZAAD8GA93AqAJkszzDMaUgFGax9Bl4NUwtP4AYAVeyGgAAAQEICkZl\/X+o3wKaAAEDEoACCiAZZWNRxkRzymWLkvWv1TnfFzp\/HkwlWZjEklDe99VAfhIwme3J57adounR96qJXaoGJ9\/P\/qwfwkKChs9JuHY8Xv1MEqhXwWeQFybfIOgJQA\/aGqkBC5bxG\/SW8DPfHniUt1jbZ2dRLdxurPEJvB\/Or4kxrapciCjPoSjKvgXme6PN\/oOHzq0gKZq9SGSx6FhHIihHWnH8eK0VSUc53EWTGnhN\/30gQHZh9un0MZ0+ia7xXgMk385gTrfAQvxkkWPB7B4ett3W7NEuQnJkmSj1NTGse5fecHmRPAfc6h2TEgsk+0mvyE6X9Ilvw4d9UKzTB5jTpCZ3DqZZbwdPng=="} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1655032857220000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1655032857220000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032857220000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032857220000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655032857220000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655032857220000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wH9AAD8GQcLAqAJkszzDMaXEFGbLQu4oAAAAAKAC\/\/8vAgAAAgQFtAQCCApGbyV9AAAAAAEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655032857250000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655032857250000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wIBAAD8GQcnAqAJkszzDMaXEFGbLQu4pkG\/w9oAQAVfp3wAAAQEICkZvJafXThmp"} @@ -30,7 +30,7 @@ 00913{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1655032857857000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655032857857000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFwIJAAD8GQLbAqAJkszzDMaXEFGbLQu4tkG\/w9oAYAVdjHAAAAQEICkZvKAfXThwIAAAECAkIAldBBQIAAQMSgAIKIK1KJx1PnKk1pL6t1MbgR11TASauAEZZazQ8SNc\/svphEjD1vsMAWwdxY7rp\/NBRE9fSJSDyQi2+YPf8MDFZb9yUAo8hEfqWNj2VoAZlwbyUx7UaqQG3zFrlHQDyS4ZUUK3HVSlPbCD0Wgk3Ie2BeEz\/OeAu15sD6W1uI3uFpQv1KsNJoxw5uFL0w0Bf3eU0e0j49oXwcNam2mnkVU9nxM8q4z6rlcyPmMv7rJ1Ofv1AYGAKVUn75C3mXm3ER4vAezfKAKZaBPXqtk9FYf8ZZEhUBMSwluTw1l4fXnb52oHkYSgIZir3UMauZ9RA5GDs1Tvk37bRwa3Xi+YrHTKb"} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032857857000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032857857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655032858009000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655032858009000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wINAAD8GQcbAqAJkszzDMaXEFGbLQu8+kG\/xL4AQAVfioQAAAQEICkZvKJ\/XThyh"} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1655033482376000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1655033482376000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655033482376000,"flow_src_last_pkt_time":1655033482376000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655033482376000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655033482376000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655033482376000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gelAAD8GgFjAqAJkszzDMZzyFGaeLx0YAAAAAKAC\/\/83kgAAAgQFtAQCCAo3PDMVAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655033482414000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655033482414000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gepAAD8GgF\/AqAJkszzDMZzyFGaeLx0Zpn\/BEoAQAIBtAgAAAQEICjc8MzXDJ83z"} @@ -52,7 +52,7 @@ 00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1655033850680000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655033850680000,"pkt":"eJS0JASgYDjgxTWgCABFAAFW8OZAAD8GEEHAqAJkszzDMZ0MFGa\/1NfHoiLOPYAYAIDqqQAAAQEICjc9xrppw+BLAAAECAsICVdBBQIAARQSkQIKIIWiVZcpSaSpS0wa6A1pLwk8Zk1\/z9qJ1T6f4Z\/2lZVXEjDQa\/Mzv1Xbe6yEXg1RMK7xAVWS5\/gg0yRaYkQ\/jmAXm8ZLLIy2AJqWxAZXLpRaD1QaugF+sjMVYJRs7OSYVpKL05qk8NYHnUetCeAnd6JfcTDEz+ZetSOCyq08mxgiwl8Af\/7SbFLFgX2H8i8LiJr0ImpshHYvlAL+KzUXxI7jj2H41W4vlUGdwN6mhJKreWveUBLOkSgxvVZcNAq4rxdBzulcV262lISooGtBZtHXy9rzLxZq0hu6\/gqiUgRR1zMURpouCFSl2EsY6RluLOlw2t8mrRqh8qCUrKg6h4K23MHuam9NZfZMLtWpZOw="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655033850395000,"flow_src_last_pkt_time":1655033850680000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655033850680000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1655033850885000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655033850885000,"pkt":"eJS0JASgYDjgxTWgCABFAAA08OdAAD8GEWLAqAJkszzDMZ0MFGa\/1NjpoiLOdoAQAIA39AAAAQEICjc9x41pw+F1"} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1655034332550000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1655034332550000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332550000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655034332550000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655034332550000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655034332550000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8s3tAAD8GTsbAqAJkszzDMbNsFGaY2PgHAAAAAKAC\/\/+CVAAAAgQFtAQCCArFiW3yAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655034332580000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655034332580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s3xAAD8GTs3AqAJkszzDMbNsFGaY2PgILoO694AQAKylowAAAQEICsWJbhFxU6\/V"} @@ -60,7 +60,7 @@ 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1655034332681000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":350,"pkt_l4_len":316,"thread_ts_usec":1655034332681000,"pkt":"eJS0JASgYDjgxTWgCABFAAFQs35AAD8GTa\/AqAJkszzDMbNsFGaY2PgMLoO694AYAKyIQwAAAQEICsWJbnVxU7A5AAAECAkIAldBBQIAAQ4SiwIKIKHufl5sXussMAhh0p2\/ov1K8qbgZUmwKi9OWg6ykiwzEjA0l5XOlCDi1Vokb77mNfeOWPrLzKrl4cBvJSnz6b6OpllKXqNELvV9TjDMNg9m2NsatAGEAtqJL0uvfBOEv9jC9l6jTRNc\/NKsEOvisYVSReExtAE04Pzl+dAtiLjrZ6MqtBqeDLLi4SlEeeSkOLjMHl\/ISCl0Dm\/xeIkCziwQn25As52c8XcuNRHVxMJak4sKuuCm4KKx09ssdIeVR2SXPMdDxTXZpZZTV92cShnAxFetZFuoG2g6Jlthv1eik9as3VMscANTNS4dKc0FH1iioHEVa9f2dyF04y5o88Mw6CjlmL7HByE="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332681000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655034332681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655034332808000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655034332808000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s39AAD8GTsrAqAJkszzDMbNsFGaY2PkoLoO7MIAQAKyihAAAAQEICsWJbvRxU7C4"} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1655036863658000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1655036863658000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036863658000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655036863658000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1655036863658000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655036863658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VU1AAD8GrPTAqAJkszzDMZ\/6FGZJAAaOAAAAAKAC\/\/\/gngAAAgQFtAQCCAo3avKLAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1655036863694000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655036863694000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VU5AAD8GrPvAqAJkszzDMZ\/6FGZJAAaPQBkrQIAQAIAuZAAAAQEICjdq8tim3M31"} @@ -68,7 +68,7 @@ 00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655036863823000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655036863823000,"pkt":"eJS0JASgYDjgxTWgCABFAAFWVVBAAD8Gq9fAqAJkszzDMZ\/6FGZJAAaTQBkrQIAYAIAw3wAAAQEICjdq81mm3M5rAAAECAsICVdBBQIAARQSkQIKIAI3u8Y0o0ZFT\/OtJzcX3UaQ\/IWQGdbv0wEMHTK1l6woEjDMb3ve3Vlqa1zLSyWsq7HX19F5FqxgNDPVPZovnbkaWWTiEYUfyj9dhIYbLUbhjpoaugEYt5e54yUK0Dz2mXgmLjkLbqfw43funUzgI06KJeAdOTz48asdCtBqKsa57JzlcA8hKYLsAYAMXhENhJAMeKh+7iZsKK6QLl2OW+eCsVwf0sdlSSfzN0BeoIQW9Wt0qe8vcVYbW8VUzvTywUdhc5Eibzu+tOU31RbI\/1Q822GOha0izKT6E5UicKg7VroJrRkc6v4BGSSjH+7x5dR4DHzXhQPdVB2E0D9ObRCPXt2S8u\/UAiy1f3hsiJw="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036863823000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655036863823000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655036863976000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655036863976000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VVFAAD8GrPjAqAJkszzDMZ\/6FGZJAAe1QBkreYAQAIAq0wAAAQEICjdq8\/Km3M8N"} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1655037784969000} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1655037784969000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655037784969000,"flow_src_last_pkt_time":1655037784969000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655037784969000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1655037784969000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655037784969000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eZJAAD8GiK\/AqAJkszzDMaD+FGaPGwMEAAAAAKAC\/\/\/PkAAAAgQFtAQCCAo3eL\/2AAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1655037785024000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655037785024000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eZNAAD8GiLbAqAJkszzDMaD+FGaPGwMFTC+Ch4AQAIA0RwAAAQEICjd4wGKeH1xF"} @@ -83,7 +83,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1655037943383000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655037943383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7ZINAAD8Gnc\/AqAJkszzDIb+CFGZJeEXBlbThyYAYAKzl3AAAAQEIClkJjtmTiu6cAAAECAkIBQ=="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655037943346000,"flow_src_last_pkt_time":1655037943383000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655037943383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1655037943384000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655037943384000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ZIRAAD8GndHAqAJkszzDIb+CFGZJeEXIlbThyYAYAKybpQAAAQEIClkJjtmTiu6cV0EFAg=="} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1655038737650000} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1655038737650000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038737650000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038737650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655038737650000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655038737650000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+jpAAD8GCAfAqAJkszzDMaFIFGaFGhCGAAAAAKAC\/\/9PGwAAAgQFtAQCCAo3gTyYAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655038737824000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655038737824000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+jtAAD8GCA7AqAJkszzDMaFIFGaFGhCH4E9fBoAQAIAQ0gAAAQEICjeBPUjxtjrK"} @@ -92,7 +92,7 @@ 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038738036000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038738036000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1655038738226000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655038738226000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+j5AAD8GCAvAqAJkszzDMaFIFGaFGhGt4E9fP4AQAIAL\/wAAAQEICjeBPsPxtjzD"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030802079000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038738381000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":1655041569928000} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":1655041569928000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655041569928000,"flow_src_last_pkt_time":1655041569928000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041569928000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1655041569928000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655041569928000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8yNhAAD8GOWnAqAJkszzDMaKKFGb8FC6CAAAAAKAC\/\/\/RUwAAAgQFtAQCCAo3qCQAAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1655041569964000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655041569964000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0yNlAAD8GOXDAqAJkszzDMaKKFGb8FC6DekSzAYAQAIDQKAAAAQEICjeoJCQj994H"} @@ -106,7 +106,7 @@ 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655032256845000,"flow_src_last_pkt_time":1655032257332000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032858052000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655033797377000,"flow_src_last_pkt_time":1655033797657000,"flow_dst_last_pkt_time":1655033797377000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":109,"global_ts_usec":1655042688447000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":109,"global_ts_usec":1655042688447000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655042688447000,"flow_src_last_pkt_time":1655042688447000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042688447000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1655042688447000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655042688447000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8k4BAAD8GbsHAqAJkszzDMaNQFGac145xAAAAAKAC\/\/+5KwAAAgQFtAQCCAo3tzqhAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1655042688525000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655042688525000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0k4FAAD8GbsjAqAJkszzDMaNQFGac145yikooJoAQAIAprAAAAQEICje3OwWKYYCH"} @@ -115,7 +115,7 @@ 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655042688447000,"flow_src_last_pkt_time":1655042689683000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042689683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1655042689901000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1655042689901000,"pkt":"eJS0JASgYDjgxTWgCABFAAA3k4RAAD8GbsLAqAJkszzDMaNQFGac146BikooJoAYAIALawAAAQEICje3QFiKYYVaAAEU"} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332854000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042690163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1655043596112000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1655043596112000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596112000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043596112000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1655043596112000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655043596112000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sPxAAD8GUVXAqAJkszzDIZJqFGboXByKAAAAAKAC\/\/9iMwAAAgQFtAQCCAoEt\/vxAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1655043596145000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043596145000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sP1AAD8GUVzAqAJkszzDIZJqFGboXByLxoplnYAQAKyC0AAAAQEICgS3\/BKyfC6v"} @@ -123,7 +123,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1655043596146000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655043596146000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7sP9AAD8GUVPAqAJkszzDIZJqFGboXByPxoplnYAYAKxwrAAAAQEICgS3\/BOyfC6vAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596146000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043596146000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1655043596147000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655043596147000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sQBAAD8GUVXAqAJkszzDIZJqFGboXByWxoplnYAYAKwmdAAAAQEICgS3\/BSyfC6vV0EFAg=="} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1655044288744000} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1655044288744000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288744000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044288744000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1655044288744000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655044288744000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Rj1AAD8GvBTAqAJkszzDIZLOFGbS4v0+AAAAAKAC\/\/8FAwAAAgQFtAQCCAoEwo14AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1655044288776000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044288776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Rj5AAD8GvBvAqAJkszzDIZLOFGbS4v0\/XwbxEoAQAKw+pwAAAQEICgTCjaZrpjiA"} @@ -131,7 +131,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1655044288777000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655044288777000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7RkBAAD8GvBLAqAJkszzDIZLOFGbS4v1DXwbxEoAYAKwsgwAAAQEICgTCjadrpjiAAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288777000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044288777000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1655044288780000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655044288780000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4RkFAAD8GvBTAqAJkszzDIZLOFGbS4v1KXwbxEoAYAKziSgAAAQEICgTCjahrpjiAV0EFAg=="} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1655044965142000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1655044965142000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965142000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965142000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1655044965142000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655044965142000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8At1AAD8G\/2TAqAJkszzDMbK6FGZec+QxAAAAAKAC\/\/+2PgAAAgQFtAQCCApG+geGAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1655044965172000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044965172000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0At5AAD8G\/2vAqAJkszzDMbK6FGZec+QyZebbNIAQAVdZxAAAAQEICkb6B6qVR7NZ"} @@ -140,7 +140,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965221000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965221000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1655044965369000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044965369000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AuFAAD8G\/2jAqAJkszzDMbK6FGZec+VHZebbbYAQAVdW7QAAAQEICkb6CG+VR7Qd"} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036864020000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965409000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":138,"packets-processed":137,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":143,"global_ts_usec":1655045751925000} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":138,"packets-processed":137,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":143,"global_ts_usec":1655045751925000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655045751925000,"flow_src_last_pkt_time":1655045751925000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045751925000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1655045751925000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655045751925000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tn9AAD8GS8LAqAJkszzDMbMAFGajVEhsAAAAAKAC\/\/+wTwAAAgQFtAQCCApG\/mQPAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1655045751957000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655045751957000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toBAAD8GS8nAqAJkszzDMbMAFGajVEhtoOKxA4AQAVeXTwAAAQEICkb+ZC\/0vP+i"} @@ -150,7 +150,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1655045752137000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655045752137000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toNAAD8GS8bAqAJkszzDMbMAFGajVEmCoOKxPIAQAVeUmAAAAQEICkb+ZOP0vQBX"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655037784969000,"flow_src_last_pkt_time":1655037785423000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045752178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655037943346000,"flow_src_last_pkt_time":1655037943539000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2513,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045752178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1655049443230000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1655049443230000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655049443230000,"flow_src_last_pkt_time":1655049443230000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443230000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1655049443230000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655049443230000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8KCVAAD8G2hzAqAJkszzDMbVGFGZeo\/3WAAAAAKAC\/\/\/eUwAAAgQFtAQCCApHIcLoAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1655049443263000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655049443263000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KCZAAD8G2iPAqAJkszzDMbVGFGZeo\/3XmmmBIoAQAVfWlwAAAQEICkchwwlHYNIU"} @@ -160,7 +160,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1655049443533000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655049443533000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KClAAD8G2iDAqAJkszzDMbVGFGZeo\/7smmmBW4AQAVfTLgAAAQEICkchxBdHYNMh"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038738381000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443593000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655041569928000,"flow_src_last_pkt_time":1655041570363000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443593000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":154,"packets-processed":153,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":163,"global_ts_usec":1655050704430000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":154,"packets-processed":153,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":163,"global_ts_usec":1655050704430000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655050704430000,"flow_src_last_pkt_time":1655050704430000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655050704430000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1655050704430000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655050704430000,"pkt":"eJS0JASgYDjgxTWgCABFAAA84MFAAD8GJbDAqAJkHw1TMZ0gFGZ02VSkAAAAAKAC\/\/8otQAAAgQFtAQCCAoO3mAcAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1655050704485000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655050704485000,"pkt":"eJS0JASgYDjgxTWgCABFAAA04MJAAD8GJbfAqAJkHw1TMZ0gFGZ02VSlljrOS4AQAKxhJgAAAQEICg7eYFQ9kVNR"} @@ -177,7 +177,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655051220512000,"flow_src_last_pkt_time":1655051220578000,"flow_dst_last_pkt_time":1655051220512000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051220578000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1655051220580000,"flow_dst_last_pkt_time":1655051220512000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655051220580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rVRAAD8GVQHAqAJkszzDIbGeFGYTOuP28T6CsoAYAKzQiQAAAQEICgUsUt67e8sgV0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596381000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051220729000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":180,"global_ts_usec":1655051492307000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":180,"global_ts_usec":1655051492307000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655051492307000,"flow_src_last_pkt_time":1655051492307000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051492307000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1655051492307000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655051492307000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gfhAAD8GgEnAqAJkszzDMahMFGbuqHaiAAAAAKAC\/\/+qzgAAAgQFtAQCCAo39wnAAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1655051492339000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655051492339000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gflAAD8GgFDAqAJkszzDMahMFGbuqHajLwsyzYAQAIACagAAAQEICjf3Cd8Kl2oU"} @@ -193,7 +193,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655051794002000,"flow_src_last_pkt_time":1655051794037000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051794037000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1655051794039000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655051794039000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4OxFAAD8Gx0TAqAJkszzDIbIiFGatOxW\/\/J8dd4AYAKy6IgAAAQEICgU1Eu0r+T5\/V0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288931000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051794206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":185,"packets-processed":184,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1655052148615000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":185,"packets-processed":184,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1655052148615000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655052148615000,"flow_src_last_pkt_time":1655052148615000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052148615000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1655052148615000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655052148615000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kfpAAD8GcEfAqAJkszzDMaiQFGZmurw1AAAAAKAC\/\/+h\/wAAAgQFtAQCCAo3+VSkAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1655052148658000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052148658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kftAAD8GcE7AqAJkszzDMaiQFGZmurw2KlSpWIAQAIA0yQAAAQEICjf5VPJAoYbY"} @@ -209,7 +209,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655052438619000,"flow_src_last_pkt_time":1655052438654000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052438654000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1655052438655000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655052438655000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kq9AAD8Gb6bAqAJkszzDIbPaFGZdYrgzyEw0oYAYAKzY6QAAAQEICgU+6PTmsVfEV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965409000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052438807000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":201,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":212,"global_ts_usec":1655052853504000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":201,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":212,"global_ts_usec":1655052853504000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853504000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052853504000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1655052853504000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655052853504000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8WWJAAD8GqN\/AqAJkszzDMajGFGY2dfJkAAAAAKAC\/\/87qwAAAgQFtAQCCAo3+7TWAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1655052853586000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052853586000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWNAAD8GqObAqAJkszzDMajGFGY2dfJl9PmkqoAQAICs4QAAAQEICjf7tS9HlNt1"} @@ -217,7 +217,7 @@ 00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1655052853647000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655052853647000,"pkt":"eJS0JASgYDjgxTWgCABFAAFWWWVAAD8Gp8LAqAJkszzDMajGFGY2dfJp9PmkqoAYAIC\/dgAAAQEICjf7tWxHlNveAAAECAsICVdBBQIAARQSkQIKIA3YWjJeBPhhoYOLdXhImll2N3KB40xe5nXzVGKqi8lQEjB05YuN1sXT57G3SBCHnJEdXNBkV371\/xsNWC+B2W2c9R3PBaYxYkKqi91RPjTM0AAaugEXP+3uWGvoVm871kn2wjtmhgKuIJkNizNK\/9coL6rphC9vh6dV2jEyqfOFbZgWf8o\/EQFKWMBHIh7wJxYJvwjapQxRD1filQ5M12e0QPKj6ordybKIELcsCt7hErPy6sAkIPGcz3XyhYz\/Lb7ROlM7yct5Zfi3MPdNu9Wu4\/cE+HnYCNJgp1xz6RWgg5HS126k8knfuWBZUdlK+HGAXOiiBP94NYsZKb1yA+Td5aUETEJNN76KzEDIwLE="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853647000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052853647000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1655052853815000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052853815000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWZAAD8GqOPAqAJkszzDMajGFGY2dfOL9Pmk44AQAICplQAAAQEICjf7thRHlNx9"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":209,"packets-processed":208,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1655053633670000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":209,"packets-processed":208,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1655053633670000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655053633670000,"flow_src_last_pkt_time":1655053633670000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633670000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1655053633670000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655053633670000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8mVhAAD8GaOnAqAJkszzDMajeFGZP5tJgAAAAAKAC\/\/\/ryAAAAgQFtAQCCAo3\/AszAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1655053633701000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053633701000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVlAAD8GaPDAqAJkszzDMajeFGZP5tJhk8uMoIAQAIDJOAAAAQEICjf8C1OqRoX7"} @@ -226,7 +226,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655053633670000,"flow_src_last_pkt_time":1655053633738000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633738000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1655053633894000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053633894000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVxAAD8GaO3AqAJkszzDMajeFGZP5tOHk8uM2YAQAIDGYQAAAQEICjf8DBOqRoaz"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655045751925000,"flow_src_last_pkt_time":1655045752178000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1655054457330000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1655054457330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457330000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655054457330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1655054457330000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655054457330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VnBAAD8Gq+HAqAJkszzDIbWEFGa\/BmevAAAAAKAC\/\/\/mlQAAAgQFtAQCCAoFUzIKAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1655054457362000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655054457362000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VnFAAD8Gq+jAqAJkszzDIbWEFGa\/Bmewdx424oAQAKySKwAAAQEICgVTMiqQiUPS"} @@ -234,7 +234,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655054457365000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7VnNAAD8Gq9\/AqAJkszzDIbWEFGa\/Bme0dx424oAYAKyABgAAAQEICgVTMiyQiUPSAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655054457365000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655054457365000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4VnRAAD8Gq+HAqAJkszzDIbWEFGa\/Bme7dx424oAYAKw1zgAAAQEICgVTMi2QiUPSV0EFAg=="} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":225,"packets-processed":224,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":237,"global_ts_usec":1655056441533000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":225,"packets-processed":224,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":237,"global_ts_usec":1655056441533000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441533000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655056441533000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1655056441533000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655056441533000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8SQJAAD8GuU\/AqAJkszzDIbkAFGYVt3HxAAAAAKAC\/\/87QgAAAgQFtAQCCAoFcXjRAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1655056441563000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655056441563000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SQNAAD8GuVbAqAJkszzDIbkAFGYVt3Hym+tfO4AQAKzuQwAAAQEICgVxePCucNFZ"} @@ -242,7 +242,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655056441565000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7SQVAAD8GuU3AqAJkszzDIbkAFGYVt3H2m+tfO4AYAKzcHwAAAQEICgVxePGucNFZAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655056441565000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655056441565000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4SQZAAD8GuU\/AqAJkszzDIbkAFGYVt3H9m+tfO4AYAKyR5wAAAQEICgVxePKucNFZV0EFAg=="} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":233,"packets-processed":232,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":245,"global_ts_usec":1655059510580000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":233,"packets-processed":232,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":245,"global_ts_usec":1655059510580000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655059510580000,"flow_src_last_pkt_time":1655059510580000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510580000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1655059510580000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655059510580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GcJAAD8G6I\/AqAJkszzDIZuUFGY95P\/EAAAAAKAC\/\/\/fxAAAAgQFtAQCCAoFoDuLAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1655059510610000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655059510610000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GcNAAD8G6JbAqAJkszzDIZuUFGY95P\/FCFqhLIAQAKyMSwAAAQEICgWgO6lMbYt5"} @@ -255,7 +255,7 @@ 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655051794002000,"flow_src_last_pkt_time":1655051794206000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655049443230000,"flow_src_last_pkt_time":1655049443593000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655050704430000,"flow_src_last_pkt_time":1655050704962000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":427,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":713,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1655060495977000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1655060495977000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655060495977000,"flow_src_last_pkt_time":1655060495977000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060495977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1655060495977000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655060495977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YJ5AAD8GobPAqAJkszzDIZysFGYCJGGJAAAAAKAC\/\/+p9wAAAgQFtAQCCAoFq0oxAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1655060496008000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655060496008000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YJ9AAD8GobrAqAJkszzDIZysFGYCJGGK2sw1x4AQAKwONAAAAQEICgWrSlDEovR\/"} @@ -266,7 +266,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052148615000,"flow_src_last_pkt_time":1655052148966000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853872000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052438619000,"flow_src_last_pkt_time":1655052438807000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":250,"packets-processed":249,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1655061657436000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":250,"packets-processed":249,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1655061657436000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655061657436000,"flow_src_last_pkt_time":1655061657436000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655061657436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1655061657436000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655061657436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA88nlAAD8GD8jAqAJkszzDMauyFGbsqzKiAAAAAKAC\/\/9iSAAAAgQFtAQCCAo4IpSyAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1655061657568000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655061657568000,"pkt":"eJS0JASgYDjgxTWgCABFAAA08npAAD8GD8\/AqAJkszzDMauyFGbsqzKjnK08DIAQAIBE+AAAAQEICjgilXAR0WBF"} @@ -282,7 +282,7 @@ 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1655061873368000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655061873368000,"pkt":"eJS0JASgYDjgxTWgCABFAAFKrKVAAD8GTrnAqAJkHw1dNr\/IFGZDXSW7fPQug4AYAIAPIwAAAQEICiQe2Mk8ThxmAAAECAsIDFdBBQIAAQgShQIKIOtKWvwh5\/ppyWV2\/78chw3eIBPlsh8jrfmHIruLZFUBEjC8WKWRQo+Toueq8YzobY4B8yj8PYgyc5mZhB9VKcjqzcB8IoQ1aRkf5QNWNURnuAcargE6xFUNq2D4uR+PXdAcvbjNXFB5HDx1ZVwyvCTiNXVhCL6BhskFeQ\/B2Nx6pN9cBoWD9XwKx9sQ\/HDlQBa7N83O5tyYcWmNAZ9ncVm1XLv2ZOlh1AA4iL2jTKOdgiv3hRlObMCcpNmk43fS1h8PPV9yFeoFc+Gfn40oM54oUWEVIUaJmiVnzB0xDdMDFSfDPeextxbIqFwAo0oeVBPt\/dZa4kxfLjr6sam3BkXtoCE="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655061873005000,"flow_src_last_pkt_time":1655061873368000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655061873368000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1655061873760000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655061873760000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rKZAAD8GT87AqAJkHw1dNr\/IFGZDXSbRfPQuvIAQAID0DgAAAQEICiQe2lA8Th4U"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":285,"global_ts_usec":1655062569330000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":285,"global_ts_usec":1655062569330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655062569330000,"flow_src_last_pkt_time":1655062569330000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1655062569330000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655062569330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MZZAAD8G0KvAqAJkszzDMavKFGbYH58HAAAAAKAC\/\/9yPQAAAgQFtAQCCAo4IyzLAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1655062569374000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655062569374000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZdAAD8G0LLAqAJkszzDMavKFGbYH58IMQLbuIAQAIC6CgAAAQEICjgjLRYTN8Yz"} @@ -291,7 +291,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655062569330000,"flow_src_last_pkt_time":1655062569427000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569427000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1655062569631000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655062569631000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZpAAD8G0K\/AqAJkszzDMavKFGbYH6AuMQLb8YAQAIC23AAAAQEICjgjLgwTN8cM"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457533000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569674000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":274,"packets-processed":273,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":294,"global_ts_usec":1655063661893000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":274,"packets-processed":273,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":294,"global_ts_usec":1655063661893000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655063661893000,"flow_src_last_pkt_time":1655063661893000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655063661893000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1655063661893000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655063661893000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86plAAD8GF7jAqAJkszzDIaAeFGY4VRBmAAAAAKAC\/\/\/+RwAAAgQFtAQCCAoF0w05AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1655063661925000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655063661925000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06ppAAD8GF7\/AqAJkszzDIaAeFGY4VRBnHmH5pIAQAKyJNgAAAQEICgXTDVr1t5VE"} @@ -299,7 +299,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1655063661927000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655063661927000,"pkt":"eJS0JASgYDjgxTWgCABFAAA76pxAAD8GF7bAqAJkszzDIaAeFGY4VRBrHmH5pIAYAKx3EgAAAQEICgXTDVv1t5VEAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655063661893000,"flow_src_last_pkt_time":1655063661927000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655063661927000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1655063661932000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655063661932000,"pkt":"eJS0JASgYDjgxTWgCABFAAA46p1AAD8GF7jAqAJkszzDIaAeFGY4VRByHmH5pIAYAKws1wAAAQEICgXTDV\/1t5VEV0EFAg=="} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":282,"packets-processed":281,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":302,"global_ts_usec":1655064434682000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":282,"packets-processed":281,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":302,"global_ts_usec":1655064434682000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655064434682000,"flow_src_last_pkt_time":1655064434682000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064434682000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1655064434682000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655064434682000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z49AAD8GmrLAqAJkszzDMbDqFGZ3oUxiAAAAAKAC\/\/\/KHwAAAgQFtAQCCArGt\/RXAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1655064434714000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655064434714000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5BAAD8GmrnAqAJkszzDMbDqFGZ3oUxjZjrG2IAQAKzrtwAAAQEICsa39HeqpjSg"} @@ -308,7 +308,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655064434682000,"flow_src_last_pkt_time":1655064434792000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064434792000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1655064434967000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655064434967000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5NAAD8GmrbAqAJkszzDMbDqFGZ3oU1+ZjrHEYAQAKzoaQAAAQEICsa39XSqpjWd"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441715000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064435041000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":290,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":311,"global_ts_usec":1655065264797000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":290,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":311,"global_ts_usec":1655065264797000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065264797000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065264797000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1655065264797000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655065264797000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ttVAAD8GS2zAqAJkszzDMclYFGbchY4CAAAAAKAC\/\/8wGwAAAgQFtAQCCApH\/04jAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1655065264828000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065264828000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ttZAAD8GS3PAqAJkszzDMclYFGbchY4DukzwuYAQAVeNLQAAAQEICkf\/TkbK+lov"} @@ -316,7 +316,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1655065265128000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1655065265128000,"pkt":"eJS0JASgYDjgxTWgCABFAAA\/tthAAD8GS2bAqAJkszzDMclYFGbchY4HukzwuYAYAVc4UgAAAQEICkf\/T3LK+ltbAAAECAkIAldBBQI="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065265128000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065265128000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1655065265158000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1655065265158000,"pkt":"eJS0JASgYDjgxTWgCABFAAE6ttlAAD8GSmrAqAJkszzDMclYFGbchY4SukzwuYAYAVdbewAAAQEICkf\/T5DK+lt5AAEDEoACCiDyxnqELyO9DiOmj4gPsgZm81Sa79ftPFhljmr6qd1oQRIwPThdAFhj1B8I6QIvLX+j77uZklWR949rKuYWFBAMzbAuiseHDvS\/rZsok+lxvjUTGqkBsBREb\/7qCModtRpyj2H2YRH1M5ApgLzF7ttqBftUW3wdYyrLJuoEonja\/7H4LpxRuY+gcYnHQGtxrAaPdQEncGi6Fk6waqXV3d2Zg4ZB5+6FPI97xoGCuvCea81xyBWQqQijjE9PkudLXzutMO28tR6YGthlDu\/\/9D0TWhgA6hCecNjNt2dwbiW\/Kz1bV72uX\/ixxRHupAn2SMzdRJZRySzwM0s4RUGpjA=="} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":298,"packets-processed":297,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":319,"global_ts_usec":1655065885451000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":298,"packets-processed":297,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":319,"global_ts_usec":1655065885451000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655065885451000,"flow_src_last_pkt_time":1655065885451000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065885451000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1655065885451000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655065885451000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8arBAAD8Gl5HAqAJkszzDMbtMFGZqrJ7gAAAAAKAC\/\/9fsQAAAgQFtAQCCApxKmRoAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1655065885484000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065885484000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0arFAAD8Gl5jAqAJkszzDMbtMFGZqrJ7h+p4p8oAQAIDu2wAAAQEICnEqZIk6KEA5"} @@ -331,7 +331,7 @@ 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655065885823000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFghRAAD8GfyTAqAJkszzDMcoMFGZjsgDNIofjooAYAVe7cwAAAQEICkgIdo+T2De6AAAECAkIAldBBQIAAQMSgAIKIGY3KWvn5J6GZpS11PnywxLfIHHXDvcK7V62IsunAMEDEjADq3ZZlzgjaZEqlCz6O08aSPjXHdQ0IuiHcCaxzQveaZZMxvOrsWM5F7XCzC96RfsaqQGd81nmQhfDXeVMMDOoaD0Mgro6ELu5D0o9ieeCZCxmbzoxR3\/0Ndq1VZ0SdnBJJzqydQm98nXNDwEK0L2+hugBWxHMNDGEHMZjb2pDknP978ZhmTmGaO1i6twTH1OWKZNtvyC6EvqH52quDrZGzGV4HfLpNGMi9QWTbCtOzGI9sDclk3GlCbjtQiwuR\/6h2b9ZEypfpXelvdwljtC7gAj9v8XNTwoIW\/R7"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655065885823000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065885823000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065885823000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ghVAAD8GgDTAqAJkszzDMcoMFGZjsgHeIofj24AQAVdmEgAAAQEICkgIdzST2Dhe"} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":313,"packets-processed":312,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":334,"global_ts_usec":1655067574156000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":313,"packets-processed":312,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":334,"global_ts_usec":1655067574156000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655067574156000,"flow_src_last_pkt_time":1655067574156000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655067574156000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1655067574156000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655067574156000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ZktAAD8Gm\/bAqAJkszzDMbEWFGZP\/CSfAAAAAKAC\/\/80aAAAAgQFtAQCCArGuNlKAAAAAAEDAwk="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1655067574187000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655067574187000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ZkxAAD8Gm\/3AqAJkszzDMbEWFGZP\/CSg\/FJ4JoAQAKwGCgAAAQEICsa42a+DX2Qy"} @@ -348,7 +348,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655068071917000,"flow_src_last_pkt_time":1655068072120000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068072120000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1655068072276000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068072276000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f0tAAD8Ggv7AqAJkszzDMcu4FGbUWpKBCrZXSYAQAVd6sgAAAQEICkgqJNyouQJ\/"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1655060495977000,"flow_src_last_pkt_time":1655060496256000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068072357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":329,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":351,"global_ts_usec":1655068204945000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":329,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":351,"global_ts_usec":1655068204945000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655068204945000,"flow_src_last_pkt_time":1655068204945000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068204945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1655068204945000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655068204945000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eR1AAD8GiTTAqAJkszzDIaLAFGY48OrHAAAAAKAC\/\/8oAgAAAgQFtAQCCAoF9wW8AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1655068204976000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068204976000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eR5AAD8GiTvAqAJkszzDIaLAFGY48OrIWCi8FIAQAKyAowAAAQEICgX3Bdt\/K0Hp"} @@ -363,7 +363,7 @@ 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1655068672682000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655068672682000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFf7ZAAD8GgYLAqAJkszzDMcxGFGbT7keADNw8XIAYAVehngAAAQEICkgzTjPXLOIKAAAECAkIAldBBQIAAQMSgAIKIDTcgksnXRnebbwmEuP9yUM\/1VSf4uQ1RouMKF0wgxIMEjDa551egy9lP6Mucm2Ek37zsxPaQNIuZdlwglvM7Ytx\/e\/0R7Hg0Cxszw\/udO9P+ywaqQFAJTfp0KeYzwP5Pp2S\/FItGxL0ldUZvokSzO91CpfFFmo1bQGwmlLrmfIQd0nrsAxpua75td5KHth\/zvTo8QNnFP2+4zM8kAPUilZu6WgbaJyBs002FLq+y9i+ZBrz8i1XeheToEo3s5FsZkg+ZXnMqQdYF3uhDmsLzyoSu1QZNNflxKN+d2Q9g5a8QiVKOvvBqrmJnIWY8dUBesFIclYgR9PjxVB8M+Dh"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655068672605000,"flow_src_last_pkt_time":1655068672682000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068672682000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1655068672825000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068672825000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f7dAAD8GgpLAqAJkszzDMcxGFGbT7kiRDNw8lYAQAVekkQAAAQEICkgzTsLXLOKZ"} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":345,"packets-processed":344,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":366,"global_ts_usec":1655069476999000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":345,"packets-processed":344,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":366,"global_ts_usec":1655069476999000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655069476999000,"flow_src_last_pkt_time":1655069476999000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069476999000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1655069476999000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655069476999000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8v0dAAD8GQwrAqAJkszzDIaL6FGZl3G3iAAAAAKAC\/\/\/JXwAAAgQFtAQCCAoF+bQbAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1655069477033000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655069477033000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0hAAD8GQxHAqAJkszzDIaL6FGZl3G3jvQquJIAQAKzBYgAAAQEICgX5tE0ysJf9"} @@ -373,7 +373,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1655069477208000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655069477208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0tAAD8GQw7AqAJkszzDIaL6FGZl3HLcvQquXYAQAKy60QAAAQEICgX5tP4ysJir"} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655061873005000,"flow_src_last_pkt_time":1655061873914000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":340,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069477452000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655061657436000,"flow_src_last_pkt_time":1655061657966000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069477452000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":353,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":376,"global_ts_usec":1655071168997000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":353,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":376,"global_ts_usec":1655071168997000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655071168997000,"flow_src_last_pkt_time":1655071168997000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655071168997000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1655071168997000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655071168997000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/oFAAD8GA8DAqAJkszzDMbxqFGaCVc7FAAAAAKAC\/\/8bsQAAAgQFtAQCCApxNV+xAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1655071169028000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655071169028000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/oJAAD8GA8fAqAJkszzDMbxqFGaCVc7GXkxmWYAQAIBN7gAAAQEICnE1X+Ud8hk1"} @@ -397,7 +397,7 @@ 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1655071204870000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655071204870000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFpTFAAD8GbTbAqAJkHw1GMti0FGbC7URUktIbLIAYAVehCAAAAQEICpXhmHfVew4yAAAECAkIAldBBQIAAQMSgAIKIMbXMYxfoYkD5uM34AbTFmSF9c2ZsAJyUzuaseKfJmIFEjAXEG2A5EfAZg6UlPBuMtMJJKAJT8gydNa5jpvKH90uzjr5LMC\/040NXR\/W3njCrMsaqQFSGe3aY2dBEaAQ3stGpVcWbKKtk4lzLmY8GArNOt\/RBEztMz\/hQ3kJcymnjCbJHmMnazpuUL7GvLdfvpsygQKvMSNl0py\/U+76puYv1+op3fPZuCmPiO+ruxnr4GlVsYBr2TgzB7BDaidsEhkz2D0D6dVePn1xxMVdny6QIrYH1yF\/ZIWkgNBfOJda5dxU1rZB\/veq5rmWOQmOyg95qD1XFbzv0fbSPCRt"} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655071204543000,"flow_src_last_pkt_time":1655071204870000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655071204870000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1655071205707000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655071205707000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0pTJAAD8GbkbAqAJkHw1GMti0FGbC7UVlktIbZYAQAVeSqQAAAQEICpXhm7zVew+y"} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":374,"packets-processed":373,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":400,"global_ts_usec":1655073402411000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":374,"packets-processed":373,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":400,"global_ts_usec":1655073402411000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655073402411000,"flow_src_last_pkt_time":1655073402411000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402411000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1655073402411000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655073402411000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dBJAAD8Gji\/AqAJkszzDMb2aFGahzCxlAAAAAKAC\/\/+a8AAAAgQFtAQCCApxUGIQAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1655073402445000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655073402445000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dBNAAD8GjjbAqAJkszzDMb2aFGahzCxmjLLTN4AQAICpvAAAAQEICnFQYjPQSe8a"} @@ -409,7 +409,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655065885451000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065265368000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655065885823000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":382,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":412,"global_ts_usec":1655074111508000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":382,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":412,"global_ts_usec":1655074111508000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655074111508000,"flow_src_last_pkt_time":1655074111508000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655074111508000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1655074111508000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655074111508000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DYdAAD8G9LrAqAJkszzDMbMaFGYrB92KAAAAAKAC\/\/+Y9QAAAgQFtAQCCAo4NG1HAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1655074111556000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655074111556000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DYhAAD8G9MHAqAJkszzDMbMaFGYrB92LuiGK2IAQAIABZwAAAQEICjg0bW5hoB8L"} @@ -431,7 +431,7 @@ 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1655074681541000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655074681541000,"pkt":"eJS0JASgYDjgxTWgCABFAAFF1rlAAD8GKn\/AqAJkszzDMeNWFGYDhPIY+mPdyoAYAVc8EAAAAQEICkiO\/lDslGphAAAECAkIAldBBQIAAQMSgAIKIONURYOzj5yFvitPyR1HlvZLz09wP1MKDXCGkntEHmUvEjCKWDm8Di8PELTWn1odPuYtpyyU06Gop72zRsjsSLbPffjhK\/lnsN1jYnZu6Oxd\/ysaqQH2fWZCzpkathuNxNe2o891SYzt+fHmwNCOOayFx52MuNgH\/6lBAtCikLFZnJ+Q7b2fxit4hePoiVFtWTOWcwOPkLzeesGAWy5rmf9nmAlD1SUcWLqPTfL7n3Dlp34MQEWG3E1vWJy3jDC63Wq1LUdyerPkcja3pXFI72YGGR1xdH\/biDZZ3k3eGIz8i6CDkPQiKXU9alyM0\/qxxUtX\/hQqzil2ObNwVoEU"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655074681295000,"flow_src_last_pkt_time":1655074681541000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655074681541000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1655074681699000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655074681699000,"pkt":"eJS0JASgYDjgxTWgCABFAAA01rpAAD8GK4\/AqAJkszzDMeNWFGYDhPMp+mPeA4AQAVfWCAAAAQEICkiO\/u3slGr\/"} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":406,"packets-processed":405,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":434,"global_ts_usec":1655075014427000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":406,"packets-processed":405,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":434,"global_ts_usec":1655075014427000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655075014427000,"flow_src_last_pkt_time":1655075014427000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014427000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1655075014427000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655075014427000,"pkt":"eJS0JASgYDjgxTWgCABFAAA84Y1AAD8GIMTAqAJkszzDIacsFGb7al66AAAAAKAC\/\/87hQAAAgQFtAQCCAoGKrcsAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1655075014457000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655075014457000,"pkt":"eJS0JASgYDjgxTWgCABFAAA04Y5AAD8GIMvAqAJkszzDIacsFGb7al674\/2+D4AQAKzv2QAAAQEICgYqt1ks76qT"} @@ -440,7 +440,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655075014427000,"flow_src_last_pkt_time":1655075014459000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014459000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1655075014461000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655075014461000,"pkt":"eJS0JASgYDjgxTWgCABFAAA44ZFAAD8GIMTAqAJkszzDIacsFGb7al7G4\/2+D4AYAKyTegAAAQEICgYqt14s76qTV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655067574156000,"flow_src_last_pkt_time":1655067574418000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014609000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":443,"global_ts_usec":1655075686356000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":443,"global_ts_usec":1655075686356000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655075686356000,"flow_src_last_pkt_time":1655075686356000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686356000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1655075686356000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655075686356000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QvtAAD8Gv1bAqAJkszzDIaiQFGbxmYdKAAAAAKAC\/\/\/ajwAAAgQFtAQCCAoGNPf0AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1655075686389000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655075686389000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QvxAAD8Gv13AqAJkszzDIaiQFGbxmYdLWdXXDoAQAKw7swAAAQEICgY0+BVuVC2V"} @@ -450,7 +450,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1655075686392000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655075686392000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Qv9AAD8Gv1bAqAJkszzDIaiQFGbxmYdWWdXXDoAYAKzfVAAAAQEICgY0+BluVC2VV0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068204945000,"flow_src_last_pkt_time":1655068205140000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686549000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068071917000,"flow_src_last_pkt_time":1655068072357000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686549000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":422,"packets-processed":421,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":453,"global_ts_usec":1655078415178000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":422,"packets-processed":421,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":453,"global_ts_usec":1655078415178000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655078415178000,"flow_src_last_pkt_time":1655078415178000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078415178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1655078415178000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655078415178000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CblAAD8G+IjAqAJkszzDMbaMFGYZMLRzAAAAAKAC\/\/8IFAAAAgQFtAQCCArHDabLAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1655078415208000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655078415208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbpAAD8G+I\/AqAJkszzDMbaMFGYZMLR0Md5NzYAQAKysVQAAAQEICscNpurDrEZZ"} @@ -474,7 +474,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078418150000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655078418150000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06u5AAD8GF1vAqAJkszzDMbYGFGbAe09aKCJ2ZYAQAIBysQAAAQEICjg3\/F+LqpEF"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655069476999000,"flow_src_last_pkt_time":1655069477452000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078418150000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068672605000,"flow_src_last_pkt_time":1655068672866000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078418150000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":442,"packets-processed":441,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":477,"global_ts_usec":1655079015860000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":442,"packets-processed":441,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":477,"global_ts_usec":1655079015860000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655079015860000,"flow_src_last_pkt_time":1655079015860000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655079015860000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1655079015860000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655079015860000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+71AAD8GBoTAqAJkszzDMbawFGbU0lPTAAAAAKAC\/\/+CegAAAgQFtAQCCArHFtE1AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1655079015890000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655079015890000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+75AAD8GBovAqAJkszzDMbawFGbU0lPU4I1M54AQAKyMuwAAAQEICscW0VNPFaco"} @@ -492,7 +492,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1655079242760000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655079242760000,"pkt":"eJS0JASgYDjgxTWgCABFAAA71X5AAD8GLNTAqAJkszzDIbBKFGYSKeei9mtN3YAYAKy21AAAAQEICgZrPCN7C7NTAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655079242727000,"flow_src_last_pkt_time":1655079242760000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655079242760000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1655079242764000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655079242764000,"pkt":"eJS0JASgYDjgxTWgCABFAAA41X9AAD8GLNbAqAJkszzDIbBKFGYSKeep9mtN3YAYAKxsmQAAAQEICgZrPCd7C7NTV0EFAg=="} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":458,"packets-processed":457,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":495,"global_ts_usec":1655085444940000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":458,"packets-processed":457,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":495,"global_ts_usec":1655085444940000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655085444940000,"flow_src_last_pkt_time":1655085444940000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085444940000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1655085444940000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655085444940000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8OS9AAD8GyRLAqAJkszzDMeuoFGZwsQ0oAAAAAKAC\/\/8MiAAAAgQFtAQCCApJMzrhAAAAAAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1655085444971000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655085444971000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0OTBAAD8GyRnAqAJkszzDMeuoFGZwsQ0pZQWH8YAQAVeTjwAAAQEICkkzOwA0eITQ"} @@ -506,7 +506,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655074111508000,"flow_src_last_pkt_time":1655074111844000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655073402411000,"flow_src_last_pkt_time":1655073402833000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655074681295000,"flow_src_last_pkt_time":1655074681757000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":466,"packets-processed":465,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":509,"global_ts_usec":1655089030478000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":466,"packets-processed":465,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":509,"global_ts_usec":1655089030478000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655089030478000,"flow_src_last_pkt_time":1655089030478000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030478000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1655089030478000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655089030478000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8PU5AAD8GxPPAqAJkszzDMYAeFGbXqdzGAAAAAKAC\/\/+LPgAAAgQFtAQCCApJafDnAAAAAAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1655089030510000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655089030510000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0PU9AAD8GxPrAqAJkszzDMYAeFGbXqdzHU7KHPoAQAVeFmQAAAQEICklp8QcyIyXX"} @@ -519,7 +519,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655078415178000,"flow_src_last_pkt_time":1655078415507000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655079015860000,"flow_src_last_pkt_time":1655079016137000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655078417966000,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078417966000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":474,"packets-processed":473,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":522,"global_ts_usec":1655090233457000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":474,"packets-processed":473,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":522,"global_ts_usec":1655090233457000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233457000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655090233457000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1655090233457000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655090233457000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YMVAAD8GoXzAqAJkszzDMbfuFGYjjxw1AAAAAKAC\/\/8ccQAAAgQFtAQCCArHvx46AAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1655090233489000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655090233489000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMZAAD8GoYPAqAJkszzDMbfuFGYjjxw2tsj\/nIAQAKzs8QAAAQEICse\/HlqH9x8U"} @@ -527,7 +527,7 @@ 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1655090233603000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655090233603000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLYMhAAD8GoGrAqAJkszzDMbfuFGYjjxw6tsj\/nIAYAKz7xQAAAQEICse\/Hs2H9x+GAAAECAsICFdBBQIAAQkShgIKICL7PW3574TmjsxPc4PYUXbgLIRzLkSpjJUfuyP8EXoDEjA0da9FQiqfAjoDY1tgcac3k4SJDhZNONhNsG1AZJ\/17mrPMmmgD6MKyeBp3wpknAIarwGwqVXGYklD4UfBqBVJD9VnQBIilSLyYkgW3toqqTTHVSDoC6so2E3kEfo0wq++wjBSsFcLfr2IxsnMq4cQxzqBe++jQFco3BYlyDRDLgZUbb3v6DLKAs1w6wmVY6RASK1s5i8C5yY++EYNwiRIiZ3NII1bO2RyKk+UsW+nC04+8RSYt2Tz4DlvaaiYNIvCFVL8G7tCaAQcQ3YI55VUM58sZvBsx4nTgWfg94upnXSA"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233603000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655090233603000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1655090233759000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655090233759000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMlAAD8GoYDAqAJkszzDMbfuFGYjjx1Rtsj\/1YAQAKzpgAAAAQEICse\/H2mH9yAi"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":482,"packets-processed":481,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":530,"global_ts_usec":1655091294583000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":482,"packets-processed":481,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":530,"global_ts_usec":1655091294583000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091294583000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655091294583000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1655091294583000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655091294583000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/r9AAD8GA4LAqAJkszzDMcAeFGacobJEAAAAAKAC\/\/\/yvwAAAgQFtAQCCApxiYbPAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1655091294836000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655091294836000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sBAAD8GA4nAqAJkszzDMcAeFGacobJFhNtvm4AQAIBe2QAAAQEICnGJh9AM9r+2"} @@ -535,7 +535,7 @@ 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1655091294939000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655091294939000,"pkt":"eJS0JASgYDjgxTWgCABFAAFK\/sJAAD8GAnHAqAJkszzDMcAeFGacobJJhNtvm4AYAIDmTwAAAQEICnGJiDYM9sCzAAAECAsIDFdBBQIAAQgShQIKIA4Pg8SPfXudDGrgRbkYSf\/nv1vxylfpNaOYoMHWS2kZEjDPRReg0qr7n7oGXz7TcUJSphq9mywRyfMmZmWOBNOCY3vXOosliHPK2OoOP1MV0WQargFIBGi0484zpCr8IUSfMcE7LQgkmNYpS1HBR2jdlWgnSdJAxUWfuDQ9UoK+rLfd7DCXAOKIs7E4dlxpvP3Yty0Mf\/tNV6cW1LRpBjZL0gpc6cRIhq8uF2fmp\/3AuGRGjfheB9M3vEdgAqxiyaevcQzvCXQCbY9Xm9Q7CjXiF8fXBRLkbx4OZpsRSIyEI14JpKzhHJegbZVz8XMCb9ubAsE7B9+xWOY56isNa4CLSt0="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091294939000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655091294939000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1655091295131000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655091295131000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sNAAD8GA4bAqAJkszzDMcAeFGacobNfhNtwDYAQAIBaGAAAAQEICnGJiQoM9sGx"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":538,"global_ts_usec":1655096063383000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":538,"global_ts_usec":1655096063383000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063383000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1655096063383000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655096063383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80GdAAD8GMdrAqAJkszzDMcBQFGYzpQPcAAAAAKAC\/\/+30QAAAgQFtAQCCApxjNjtAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1655096063418000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655096063418000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GhAAD8GMeHAqAJkszzDMcBQFGYzpQPdMmkwzoAQAIAjpQAAAQEICnGM2RDAwp5N"} @@ -544,7 +544,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063459000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063459000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1655096063826000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655096063826000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GtAAD8GMd7AqAJkszzDMcBQFGYzpQT3MmkxB4AQAIAf4AAAAQEICnGM2qjAwp8n"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655085444940000,"flow_src_last_pkt_time":1655085445318000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063826000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":547,"global_ts_usec":1655097851208000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":547,"global_ts_usec":1655097851208000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655097851208000,"flow_src_last_pkt_time":1655097851208000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851208000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1655097851208000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655097851208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hVJAAD8GfO\/AqAJkszzDMbj2FGbdMghiAAAAAKAC\/\/9ZggAAAgQFtAQCCAo4P8nQAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1655097851243000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655097851243000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVNAAD8GfPbAqAJkszzDMbj2FGbdMghj2gcbf4AQAIDKFgAAAQEICjg\/yfKnyyA1"} @@ -554,7 +554,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1655097851776000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655097851776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVZAAD8GfPPAqAJkszzDMbj2FGbdMgmJ2gcbuIAQAIDFJwAAAQEICjg\/zAinyyGv"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233805000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655089030478000,"flow_src_last_pkt_time":1655089030857000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":505,"packets-processed":504,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1655099328045000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":505,"packets-processed":504,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1655099328045000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655099328045000,"flow_src_last_pkt_time":1655099328045000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328045000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1655099328045000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655099328045000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8L\/pAAD8G0kfAqAJkszzDMcBWFGYVxjf+AAAAAKAC\/\/\/UVQAAAgQFtAQCCApxjaYfAAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1655099328158000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655099328158000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/tAAD8G0k7AqAJkszzDMcBWFGYVxjf\/2SNcwIAQAIBe7wAAAQEICnGNpo+IgeTO"} @@ -563,7 +563,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655099328045000,"flow_src_last_pkt_time":1655099328197000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328197000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":5,"flow_src_last_pkt_time":1655099328567000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655099328567000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/5AAD8G0kvAqAJkszzDMcBWFGYVxjkZ2SNc+YAQAIBa0gAAAQEICnGNqCqIgeX9"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091295192000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":322,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328610000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":566,"global_ts_usec":1655100445438000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":566,"global_ts_usec":1655100445438000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655100445438000,"flow_src_last_pkt_time":1655100445438000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655100445438000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1655100445438000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655100445438000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dbNAAD8GjI7AqAJkszzDMcBiFGbUEWBGAAAAAKAC\/\/9\/mgAAAgQFtAQCCApxjhQ6AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1655100445526000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655100445526000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbRAAD8GjJXAqAJkszzDMcBiFGbUEWBH1mTBCIAQAIABwwAAAQEICnGOFJasjGe\/"} @@ -571,7 +571,7 @@ 00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1655100445594000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655100445594000,"pkt":"eJS0JASgYDjgxTWgCABFAAFKdbZAAD8Gi33AqAJkszzDMcBiFGbUEWBL1mTBCIAYAIBMJAAAAQEICnGOFNmsjGg5AAAECAsIDFdBBQIAAQgShQIKIHj+X\/9Fl\/4t1nk3tiDKlT2kCmgsMRIwrZqTx6jmPT0wEjAbPfaNCrf9+apgcMO2IjeLYErAu\/\/B7qzkdN2M0urQtQq0nmg6ZWW8ONDvTa1W1bMargFs2lWSZuN3XOx4hK\/+JMknJ2b6UgVpwGRlgoGot2ojnzKHp4LvYYPcs4PZgwJlxhuVjwSQwxt3iTkBD9JnQY\/M0ilvugt0xw03w1z4Nvbd31IUUKOp8DEX6CtyXzHRASFRFA432Munimlz+4XjTslMU2Q9ILfOt6D\/pcSRIR4pgWhoyM7Z1C26lg3TOGQfeuCXYRmGERlEAdurxaMet+fwCPKGh6ZkxYGCHtLcVkA="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655100445438000,"flow_src_last_pkt_time":1655100445594000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655100445594000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":5,"flow_src_last_pkt_time":1655100445964000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655100445964000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbdAAD8GjJLAqAJkszzDMcBiFGbUEWFh1mTBQYAQAID9iwAAAQEICnGOFkqsjGjv"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":521,"packets-processed":520,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":574,"global_ts_usec":1655101503188000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":521,"packets-processed":520,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":574,"global_ts_usec":1655101503188000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503188000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655101503188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1655101503188000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655101503188000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8uEdAAD8GSfrAqAJkszzDMbjAFGZ59kNkAAAAAKAC\/\/+x6gAAAgQFtAQCCArH7AorAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1655101503221000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655101503221000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEhAAD8GSgHAqAJkszzDMbjAFGZ59kNlF+8VdoAQAKz2ngAAAQEICsfsCkuDiThP"} @@ -579,7 +579,7 @@ 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1655101503267000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655101503267000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLuEpAAD8GSOjAqAJkszzDMbjAFGZ59kNpF+8VdoAYAKxbNQAAAQEICsfsCnmDiTh8AAAECAsICFdBBQIAAQkShgIKIAZUmmLyHPfKQnosmA\/ZcvDvtXLg5S93ZMd+AgnOfFhzEjC20yIdEGkkBO6fPumrM10uER2PxE\/aLgIDquC87Lo\/vd\/Ly30Pa4DV2T+sKc37c64arwF\/a\/pIAVsGbEtZMyNoRQ++yeOpqeyHKF7CDAXlxe4CgrVxOuIUu7w4afuQCnv8BdE\/4MwTakO9saxnL9D93QKRObRQuca3Pma3Nz6bE4LY9nL0IgPDFWsUg+ZoBKQEPYz3g9rPhkchNH38VUtSBcZ05C2RJnlzczoSyCQaiV76W1aC2\/vQ87D4Ir2wOBQ7pwJNFzn9+GHYSnHJugHvlZFLss3jeHakn0n3aw9hXuXN"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503267000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655101503267000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1655101503428000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655101503428000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEtAAD8GSf7AqAJkszzDMbjAFGZ59kSAF+8V6IAQAKzzcAAAAQEICsfsCxuDiTkg"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":529,"packets-processed":528,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":582,"global_ts_usec":1655104186658000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":529,"packets-processed":528,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":582,"global_ts_usec":1655104186658000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655104186658000,"flow_src_last_pkt_time":1655104186658000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104186658000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1655104186658000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655104186658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8z9lAAD8GMmjAqAJkszzDMbscFGbxjY\/TAAAAAKAC\/\/\/9wgAAAgQFtAQCCAo4WoeCAAAAAAEDAwk="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1655104186714000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655104186714000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z9pAAD8GMm\/AqAJkszzDMbscFGbxjY\/UkjD8dIAQAIBW5gAAAQEICjhah\/LAS4W5"} @@ -588,7 +588,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655104186658000,"flow_src_last_pkt_time":1655104186938000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104186938000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1655104187147000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655104187147000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z91AAD8GMmzAqAJkszzDMbscFGbxjZD6kjD8rYAQAIBSSAAAAQEICjhaiabAS4dE"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063826000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104187274000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":537,"packets-processed":536,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":591,"global_ts_usec":1655105188559000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":537,"packets-processed":536,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":591,"global_ts_usec":1655105188559000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655105188559000,"flow_src_last_pkt_time":1655105188559000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105188559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1655105188559000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655105188559000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8S7JAAD8Gto\/AqAJkszzDMbnmFGYb9oTUAAAAAKAC\/\/+DSwAAAgQFtAQCCArH\/lQiAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1655105188592000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105188592000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0S7NAAD8GtpbAqAJkszzDMbnmFGYb9oTVXDwEToAQAKxqDAAAAQEICsf+VEPB4STE"} @@ -604,7 +604,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655105755895000,"flow_src_last_pkt_time":1655105756007000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105756007000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1655105756193000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105756193000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kA1AAD8GcjzAqAJkszzDMcEUFGaXC5ee7mWk64AQAIBipAAAAQEICjhyeqEzIlxy"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655097851208000,"flow_src_last_pkt_time":1655097851805000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105756270000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":553,"packets-processed":552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":607,"global_ts_usec":1655105790019000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":553,"packets-processed":552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":607,"global_ts_usec":1655105790019000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790019000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105790019000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1655105790019000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655105790019000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DWBAAD8G9OHAqAJkszzDMboSFGb46AYSAAAAAKAC\/\/\/MkwAAAgQFtAQCCArIAKx7AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1655105790049000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105790049000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWFAAD8G9OjAqAJkszzDMboSFGb46AYTXUqYTIAQAKwfkAAAAQEICsgArJpsf3jg"} @@ -612,7 +612,7 @@ 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1655105790086000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655105790086000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLDWNAAD8G88\/AqAJkszzDMboSFGb46AYXXUqYTIAYAKwCvAAAAQEICsgArL9sf3kEAAAECAsICFdBBQIAAQkShgIKIKhBdjc2VPy8DR5rvHtno\/OCv0FzCxecldwoE0c0L4JHEjAk9D\/ZsxpIppNjRmSJJg3UjEzOPx84Wd7QQQQPBFbbHeahXxiBBwcGREcwaPBMXpIarwHexXT4AoY347kTk+5GKG\/TMtP1A3stxDLHBOYWDncAtU3x4qMUkZrLR7K+dUgdVZlOsTgRWO2CUaAluzf0j2Fzb7R+5hlR39l1\/ZaRg7f8jzTNBB7KEyhhlyVGvUUb9D2IbA+kci9HDk1Awcp6+eNy41CccaN6zt8m2Upix9rgC1aKZXJtjWqo6o8qfwZgqjycUVKJgFBByrw2KpKm9Ui19xk9NXKRclBEEjkbd5Nb"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790086000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105790086000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1655105790243000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105790243000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWRAAD8G9OXAqAJkszzDMboSFGb46AcuXUqYhYAQAKwcvAAAAQEICsgArVtsf3mf"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":561,"packets-processed":560,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":615,"global_ts_usec":1655108001441000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":561,"packets-processed":560,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":615,"global_ts_usec":1655108001441000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655108001441000,"flow_src_last_pkt_time":1655108001441000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108001441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1655108001441000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655108001441000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CbZAAD8G+IvAqAJkszzDMcHKFGbmPQGiAAAAAKAC\/\/9GsQAAAgQFtAQCCApxlpgrAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1655108001604000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108001604000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbdAAD8G+JLAqAJkszzDMcHKFGbmPQGj6JAdY4AQAICr2gAAAQEICnGWmOHkUd4Y"} @@ -636,7 +636,7 @@ 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1655108453728000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655108453728000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLGEFAAD8G6PHAqAJkszzDMbp6FGaSP+CHCev7oYAYAKw4MQAAAQEICsgJ8ShJX8CRAAAECAsICFdBBQIAAQkShgIKIL4GNcYClGlnFtJLkAUkKwU0YIGOT1ari6I5ZZVmYZwEEjBM3cfaRk3NmpoqvEvIf\/plMcusmIxjZe+WNB5b3H9ZpAhyJr2ElSPTLvDTfBGDNXoarwFChKWOq45ClrR\/bKwxPt5WVALJ3p7gHJ3PeE5+4BSmqLvkqcXJSeBPukO\/3KeOa2xctKFPg8UQqu5430KrKc2rc8yz2wDaJbuHmUsqifuZOrOa9d7do8CB3NpqbcaBbwJO6IF+is8R53KmqzFzfirW+0az\/B2tEXxK9xumCMYP0Ea1nVt3bNSdFMCLUA3jls00aVfrTWWQ76aWPps6NeLEiNQre2sG18sdjW5i+Svf"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655108453657000,"flow_src_last_pkt_time":1655108453728000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108453728000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1655108453883000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108453883000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GEJAAD8G6gfAqAJkszzDMbp6FGaSP+GeCev72oAQAKwvuQAAAQEICsgJ8cJJX8Es"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":639,"global_ts_usec":1655108977493000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":639,"global_ts_usec":1655108977493000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655108977493000,"flow_src_last_pkt_time":1655108977493000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108977493000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1655108977493000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655108977493000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8FDpAAD8G7gfAqAJkszzDMZIcFGYxkZdqAAAAAKAC\/\/+qXQAAAgQFtAQCCAo4hrwhAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1655108977535000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108977535000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FDtAAD8G7g7AqAJkszzDMZIcFGYxkZdrFO3l4YAQAIAhNgAAAQEICjiGvEzZk+LX"} @@ -645,7 +645,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655108977493000,"flow_src_last_pkt_time":1655108977793000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108977793000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1655108978003000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108978003000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FD5AAD8G7gvAqAJkszzDMZIcFGYxkZiRFO3mGoAQAIAcXwAAAQEICjiGvh\/Zk+R8"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503710000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108978075000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":593,"packets-processed":592,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":648,"global_ts_usec":1655109656108000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":593,"packets-processed":592,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":648,"global_ts_usec":1655109656108000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656108000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655109656108000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1655109656108000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655109656108000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kRFAAD8GcTDAqAJkszzDMbqgFGZw+MTeAAAAAKAC\/\/+uLgAAAgQFtAQCCArIDZNpAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1655109656138000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655109656138000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRJAAD8GcTfAqAJkszzDMbqgFGZw+MTfqcWd3IAQAKwWxQAAAQEICsgNk4cgPV1+"} @@ -653,7 +653,7 @@ 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1655109656174000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655109656174000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLkRRAAD8GcB7AqAJkszzDMbqgFGZw+MTjqcWd3IAYAKyltAAAAQEICsgNk6wgPV2jAAAECAsICFdBBQIAAQkShgIKIEJnBc1C4LBUWYfVbR0MBs9Vedh2qDkdgnthFMah69sKEjBbeqUlhFEGlyZlGLbvtxNl\/jG22mlNm7QBJQkWKNjzIn\/01On7w2ne\/8HGawLaqpkarwEicy2ftvBeqkkjE79mspVBiH7RCSjPWzB6FmmUK5adnY4tSCupr4L8zEulLShlb42L2ygwAJWPT\/rKs0UFx7KndVJpDEadUP6eTjbAebv+s3CAz8N0PgdAKd4fdxZKDAmXjLytK+7C\/GlCD7+MjsRV\/YR1nCCWemBWD39Ghixh3pdU1PeBRsTMgwSjnxYX6cAr\/SyebNkgj3aPLvg9zeigfUqchhJ5kTR0D9TdtI\/M"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656174000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655109656174000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":5,"flow_src_last_pkt_time":1655109656661000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655109656661000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRVAAD8GcTTAqAJkszzDMbqgFGZw+MX6qcWeFYAQAKwTEAAAAQEICsgNlMggPV6e"} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":601,"packets-processed":600,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":656,"global_ts_usec":1655110961423000} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":601,"packets-processed":600,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":656,"global_ts_usec":1655110961423000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655110961423000,"flow_src_last_pkt_time":1655110961423000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655110961423000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1655110961423000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655110961423000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8fpBAAD8Gg7HAqAJkszzDMZOGFGbaRgeTAAAAAKAC\/\/9KQgAAAgQFtAQCCAo4pQHWAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1655110961452000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655110961452000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0fpFAAD8Gg7jAqAJkszzDMZOGFGbaRgeUJF2xy4AQAIA9NgAAAQEICjilAfPDMqHR"} @@ -668,7 +668,7 @@ 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1655111269298000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655111269298000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFEa5AAD8G74rAqAJkszzDMZMqFGZD+lK+LP1J\/oAYAVfosgAAAQEICkpzeEH1Cal8AAAECAkIAldBBQIAAQMSgAIKIP05yfQLJ1k4YN75b0bGs4Ylgfmfi\/IFvLiPro6jlGQtEjCmbiVahf1VncWlfaTW+\/WbaSRS6QjS2Nsx9o5oyyNwCpGWS5inFdgz\/63J5F44t2MaqQE4ehodUlmNxZZkAWB\/iaJy2eF3safRoUpltQuob\/02ypH9\/ICdJd2p2TWDHcxzcX66mvMqGSN7Wb7mMYyTgz4r47n2GtS2axys7Ye7ZeiVO3xW7+KyiB\/rYsIxQGuPcE4aCqDM4RDuTwrDeCdFnZSRZRWwcY+eNMdvHg+NXYk3ucRHAxE2dnxF6LET0mzlPVCJrUd+kcZ1qwDG6+QiSEpHfASwoatuph7m"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655111268965000,"flow_src_last_pkt_time":1655111269298000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111269298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_src_last_pkt_time":1655111269446000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655111269446000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Ea9AAD8G8JrAqAJkszzDMZMqFGZD+lPPLP1KN4AQAVci+gAAAQEICkpzeNX1CaoQ"} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":617,"packets-processed":616,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":671,"global_ts_usec":1655111789393000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":617,"packets-processed":616,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":671,"global_ts_usec":1655111789393000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655111789393000,"flow_src_last_pkt_time":1655111789393000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111789393000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1655111789393000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655111789393000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zPVAAD8GNUzAqAJkszzDMbrCFGZ1lRVTAAAAAKAC\/\/8y6QAAAgQFtAQCCArIErl2AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1655111789426000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655111789426000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0zPZAAD8GNVPAqAJkszzDMbrCFGZ1lRVUyQX5N4AQAKyN9wAAAQEICsgSuZfNwELk"} @@ -698,7 +698,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655111980926000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7nT5AAD8GZRTAqAJkszzDIbXwFGY7fhdvAsizuoAYAKwsNgAAAQEICgaMpcv4l4WbAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655111980926000,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111980926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655111980926000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4nT9AAD8GZRbAqAJkszzDIbXwFGY7fhd2AsizuoAYAKzh\/QAAAQEICgaMpcz4l4WbV0EFAg=="} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":648,"packets-processed":647,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":701,"global_ts_usec":1655113084330000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":648,"packets-processed":647,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":701,"global_ts_usec":1655113084330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084330000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1655113084330000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655113084330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA81OlAAD8GLVjAqAJkszzDMZVaFGZIDGKXAAAAAKAC\/\/9f+wAAAgQFtAQCCAo4tSFvAAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1655113084383000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655113084383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA01OpAAD8GLV\/AqAJkszzDMZVaFGZIDGKYqtuzMYAQAID\/YQAAAQEICji1IaRj8syi"} @@ -707,7 +707,7 @@ 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084612000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084612000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1655113084695000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655113084695000,"pkt":"eJS0JASgYDjgxTWgCABFAAFL1O1AAD8GLEXAqAJkszzDMZVaFGZIDGKnqtuzMYAYAICmWQAAAQEICji1Ittj8s28AAEUEpECCiDQISpTuXT+fM1sVkgw9WSLhrRW\/MBiu5786BpIyh5jNBIwxj9Q9UJOznhSMHnK6hbgij+Wn2mU2B0vnbqpx84LX7F2R0vRlMyngyZbJGEpS6eJGroBDO+WJEaCNNBpJpkKqD5ipZMWusBkF0O4ja17SAtzM8tcqpQHA1Ryn4IXnff6jdyTgrVnQ9p0q0zO8Z2L7OrR\/VxGLNyah9h+Dts\/xWbiwFwGdkGxB86jTRrNuzzS5ZqpLR8z+aMqtTHgeMMHJ8NjzeY1grhJv2Jkud6\/sCK3wgpP8qkvIm\/N9uMKCMUrETtZtKz7NH9R2gQC5GKMOSMAzJLwfMCDS3Dqwe3W3A2iV7eapzM+FP+FTQbd"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105188559000,"flow_src_last_pkt_time":1655105188835000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":656,"packets-processed":655,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":710,"global_ts_usec":1655114622076000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":656,"packets-processed":655,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":710,"global_ts_usec":1655114622076000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655114622076000,"flow_src_last_pkt_time":1655114622076000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622076000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1655114622076000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655114622076000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8E3JAAD8G7t\/AqAJkszzDIbi0FGYRoZALAAAAAKAC\/\/83+QAAAgQFtAQCCAoGqmEpAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1655114622106000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655114622106000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0E3NAAD8G7ubAqAJkszzDIbi0FGYRoZAMgQqHroAQAKz9CwAAAQEICgaqYVZ8b+Op"} @@ -717,7 +717,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1655114622115000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655114622115000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4E3ZAAD8G7t\/AqAJkszzDIbi0FGYRoZAXgQqHroAYAKygqAAAAQEICgaqYV98b+OpV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790289000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622275000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105755895000,"flow_src_last_pkt_time":1655105756270000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622275000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":664,"packets-processed":663,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":720,"global_ts_usec":1655116217773000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":664,"packets-processed":663,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":720,"global_ts_usec":1655116217773000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655116217773000,"flow_src_last_pkt_time":1655116217773000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116217773000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1655116217773000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655116217773000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8AehAAD8GAFrAqAJkszzDMZmmFGbbOiylAAAAAKAC\/\/9QjQAAAgQFtAQCCApyEZX4AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":1655116217805000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655116217805000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AelAAD8GAGHAqAJkszzDMZmmFGbbOiymFXtouYAQAIBHtQAAAQEICnIRlijWRuJq"} @@ -728,7 +728,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108385462000,"flow_src_last_pkt_time":1655108385787000,"flow_dst_last_pkt_time":1655108385462000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108453657000,"flow_src_last_pkt_time":1655108453928000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":320,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108001441000,"flow_src_last_pkt_time":1655108001999000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":518,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":672,"packets-processed":671,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":731,"global_ts_usec":1655116940904000} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":672,"packets-processed":671,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":731,"global_ts_usec":1655116940904000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655116940904000,"flow_src_last_pkt_time":1655116940904000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116940904000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1655116940904000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655116940904000,"pkt":"eJS0JASgYDjgxTWgCABFAAA890NAAD8GCv7AqAJkszzDMZxGFGZlwIwQAAAAAKAC\/\/9j2AAAAgQFtAQCCApyHJYRAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_src_last_pkt_time":1655116940935000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655116940935000,"pkt":"eJS0JASgYDjgxTWgCABFAAA090RAAD8GCwXAqAJkszzDMZxGFGZlwIwR5J7sZYAQAIAZ6gAAAQEICnIclkN2QDC1"} @@ -748,7 +748,7 @@ 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655114622076000,"flow_src_last_pkt_time":1655114622275000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656661000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655111789393000,"flow_src_last_pkt_time":1655111789765000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":679,"packets-processed":679,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":751,"global_ts_usec":1655116941291000} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":679,"packets-processed":679,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":751,"global_ts_usec":1655116941291000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 679/679 ~~ skipped flows.............: 0 @@ -757,9 +757,9 @@ ~~ total active/idle flows...: 86/86 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9049785 bytes -~~ total memory freed........: 9049785 bytes -~~ total allocations/frees...: 142319/142319 +~~ total memory allocated....: 9816879 bytes +~~ total memory freed........: 9816879 bytes +~~ total allocations/frees...: 156285/156285 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2263 chars diff --git a/test/results/default/whatsapp_login_call.pcap.out b/test/results/default/whatsapp_login_call.pcap.out index d3d5f9c06..6b3d2335e 100644 --- a/test/results/default/whatsapp_login_call.pcap.out +++ b/test/results/default/whatsapp_login_call.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582222253233} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582222253233} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582222253233,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582222253233,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582222253233,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582222253233,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"} 00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432582222267722,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1432582222267722,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="} @@ -26,7 +26,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1432582224210874,"flow_dst_last_pkt_time":1432582224238952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582224238952,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0pWwAADkGNJ9duodSwKgCBABQwBXhXSkWroZu\/IARAeZAKgAAAQEIClj4+ywt+iJ3"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1432582224240462,"flow_dst_last_pkt_time":1432582224238952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582224240462,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA06DdAAEAGqtPAqAIEXbqHUsAVAFCuhm784V0pF4AQIEUhrwAAAQEICi36IpNY+Pss"} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1432582224230305,"flow_dst_last_pkt_time":1432582224258800,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_usec":1432582224258800,"pkt":"APS5Jrv0xiwDYGpkCABFAACJJDcAADkG7nUXMpTkwKgCBAG7wBTRmfKoS8+iLoAYAghwjQAAAQEIChFecist+iKKFQMDAFAv7dNuXnOpK1CdvNYEt52MdeH58dywqIMfN+GfFSQKoHdGcEPHPIYnDd6I8bRCtU0lSoikjPCdTCArNmgRywMWXqpqGQcfgITTy3erXmajWw=="} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582224230305,"flow_src_last_pkt_time":1432582224230305,"flow_dst_last_pkt_time":1432582224258800,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":85,"midstream":1,"thread_ts_usec":1432582224258800,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582224230305,"flow_src_last_pkt_time":1432582224230305,"flow_dst_last_pkt_time":1432582224258800,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":85,"midstream":1,"thread_ts_usec":1432582224258800,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1432582224230305,"flow_dst_last_pkt_time":1432582224259122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582224259122,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JDgAADkG7skXMpTkwKgCBAG7wBTRmfL9S8+iLoARAgi9fgAAAQEIChFecist+iKK"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1432582224260445,"flow_dst_last_pkt_time":1432582224259122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582224260445,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLH4AAEAG34\/AqAIEFzKU5MAUAbtLz6IuAAAAAFAEAACRUAAA"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1432582224260694,"flow_dst_last_pkt_time":1432582224259122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582224260694,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAob+UAAEAGnCjAqAIEFzKU5MAUAbtLz6IuAAAAAFAEAACRUAAA"} @@ -385,7 +385,7 @@ 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582224208142,"flow_src_last_pkt_time":1432582224417934,"flow_dst_last_pkt_time":1432582224347733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582224235628,"flow_src_last_pkt_time":1432582224264733,"flow_dst_last_pkt_time":1432582224263291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582224235628,"flow_src_last_pkt_time":1432582224264733,"flow_dst_last_pkt_time":1432582224263291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432582224230305,"flow_src_last_pkt_time":1432582224260694,"flow_dst_last_pkt_time":1432582224259122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":85,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432582224230305,"flow_src_last_pkt_time":1432582224260694,"flow_dst_last_pkt_time":1432582224259122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":85,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01169{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582227884677,"flow_src_last_pkt_time":1432582228167635,"flow_dst_last_pkt_time":1432582228152588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582227884677,"flow_src_last_pkt_time":1432582228167635,"flow_dst_last_pkt_time":1432582228152588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00978{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582224210874,"flow_src_last_pkt_time":1432582224240462,"flow_dst_last_pkt_time":1432582224238952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} @@ -444,7 +444,7 @@ 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582235998968,"flow_src_last_pkt_time":1432582236282078,"flow_dst_last_pkt_time":1432582236140915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01281{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":24,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582264928868,"flow_dst_last_pkt_time":1432582264924464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":10180,"flow_dst_tot_l4_payload_len":5304,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com"}} 01281{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582356195572,"flow_dst_last_pkt_time":1432582356100109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5224,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com"}} -00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582223191773,"flow_dst_last_pkt_time":1432582223190009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":340,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582223191773,"flow_dst_last_pkt_time":1432582223190009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":340,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":141,"flow_dst_packets_processed":57,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582310601384,"flow_dst_last_pkt_time":1432582311036474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":11608,"flow_dst_tot_l4_payload_len":10494,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582227526441,"flow_src_last_pkt_time":1432582227526441,"flow_dst_last_pkt_time":1432582227594651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"query.ess.apple.com"}} 01259{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582260448775,"flow_dst_last_pkt_time":1432582260403082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6486,"flow_dst_tot_l4_payload_len":8646,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"query.ess.apple.com"}} @@ -461,7 +461,7 @@ 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284806157,"flow_src_last_pkt_time":1432582285047789,"flow_dst_last_pkt_time":1432582284806157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac.local"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284805992,"flow_src_last_pkt_time":1432582285047820,"flow_dst_last_pkt_time":1432582284805992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac.local"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1432582228503997,"flow_src_last_pkt_time":1432582353694076,"flow_dst_last_pkt_time":1432582353955055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":234,"flow_src_tot_l4_payload_len":4006,"flow_dst_tot_l4_payload_len":468,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1253,"packets-processed":1251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":13,"total-updates":45,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":464,"global_ts_usec":1432582361929399} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1253,"packets-processed":1251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":13,"total-updates":45,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":464,"global_ts_usec":1432582361929399} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1253/1251 ~~ skipped flows.............: 0 @@ -470,9 +470,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8909435 bytes -~~ total memory freed........: 8909435 bytes -~~ total allocations/frees...: 142395/142395 +~~ total memory allocated....: 9675634 bytes +~~ total memory freed........: 9675634 bytes +~~ total allocations/frees...: 156362/156362 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2513 chars diff --git a/test/results/default/whatsapp_login_chat.pcap.out b/test/results/default/whatsapp_login_chat.pcap.out index aa69ba4a4..34149bfee 100644 --- a/test/results/default/whatsapp_login_chat.pcap.out +++ b/test/results/default/whatsapp_login_chat.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582377898864} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582377898864} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582377898864,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -22,7 +22,7 @@ 01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1432582381179774,"flow_dst_last_pkt_time":1432582381179399,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"thread_ts_usec":1432582381179774,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJULUhAAEAG9JzAqAIEEa1CZsA1Abt+cmEJpMYxPVAYQAAkaQAAFwMDAifRP6n1iN3uB\/Uhy6B3MN22nTeVXJRqDhAyLGWagzjVPV67eGMiWlDpxIYk9ZRXb8ENyJMklAVg5qQxAfredM796d1woE5CM\/dDlnC9hhfBLqlOMT0Sc23vnR6S0CtE+vcI2IEc50YYFIr8cCuBcLPUtehQ+6FiIBzPUNdC8gBpCK0l8ehCaB6UsJ+9Lz+rqI7LymD80O7JD9GQGlEzf0ROrOYPwKN9oloslBYMUuNcVtuTSnZlQf6clnYgiVqjkPEIWZnj1\/SzJxC0XzXDZTCazzjZUphrvHsUFVKI\/iQfQLn2Pm20z\/bY+umTrESbc\/Rb\/jTAxKkWPlTguW5QNPTgHe+8CLbu8GlNIUhp6XnzV0lotZMlMuaBJakvd6GmWA8qWeiSGeNI8Nxabsp54T+pQf+cFTWMVSzn894mO+DZZ3gtq32z87kDjYiMhE2jHBbOrnjFvxmtQtZu7lyboSLDYh55cOzJECLrbK8MSRuDtHOP5G6iepYtPwv3WMGLCV+hTD9hULIUKlQnW8NxmNPf6x7m2WXh+T5KFO1k2GNZTSM8sWZLLJiGPB3r5p1nS3ObF9UaRS1rU\/+0JK5FT6PVQl\/T6rcJ66cGodbOS0a03YtqhfdlphEfqQSNy4IBPyE7+TYhqlI5kH8vw+oFYBVtxUinzFEEO03Tz6ey1LN8P\/4vb9rv1pyNfFxaNarK\/6\/1noAhKaU7nGWU\/L6Er+GI\/BOXYTn7Ng=="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1432582381179774,"flow_dst_last_pkt_time":1432582381335456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582381335456,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo17YAAO8G3VkRrUJmwKgCBAG7wDWkxjE9fnJhCVAQDFgVTQAA"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1432582381179774,"flow_dst_last_pkt_time":1432582381341497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582381341497,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo17cAAO8G3VgRrUJmwKgCBAG7wDWkxjE9fnJjNVAQDZ0R3AAA"} -02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582384764367,"flow_dst_last_pkt_time":1432582384691063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":11339,"flow_dst_tot_l4_payload_len":3880,"midstream":1,"thread_ts_usec":1432582384764367,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":228923.6,"max":3030585,"stddev":711161.6,"var":505750847488.0,"ent":2.0,"data": [307,68,156057,6041,20562,3,205015,214,59650,355,76,237850,6388,13739,3,246436,156,2803227,690,58,155,163,149,3030585,5762,13968,11,3,10327,10365,268249]},"pktlen": {"min":40,"avg":515.6,"max":1480,"stddev":518.7,"var":269058.2,"ent":4.2,"data": [1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113]},"bins": {"c_to_s": [4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0],"s_to_c": [9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0],"entropies": [7.845222473,7.564460754,7.723596096,4.884183884,4.784184456,7.802291870,7.349081993,4.781687260,4.881687164,7.891665459,7.618573189,7.589188576,4.834184170,4.884183884,7.765514851,7.364068508,4.931687355,4.931687355,7.868970394,7.635158062,7.659084320,7.869641304,7.832291603,7.869807243,4.884183884,4.884183884,7.782162189,7.393073082,4.765311718,4.815311432,4.815311432,6.363091469]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582384764367,"flow_dst_last_pkt_time":1432582384691063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":11339,"flow_dst_tot_l4_payload_len":3880,"midstream":1,"thread_ts_usec":1432582384764367,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":228923.6,"max":3030585,"stddev":711161.6,"var":505750847488.0,"ent":2.0,"data": [307,68,156057,6041,20562,3,205015,214,59650,355,76,237850,6388,13739,3,246436,156,2803227,690,58,155,163,149,3030585,5762,13968,11,3,10327,10365,268249]},"pktlen": {"min":40,"avg":515.6,"max":1480,"stddev":518.7,"var":269058.2,"ent":4.2,"data": [1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113]},"bins": {"c_to_s": [4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0],"s_to_c": [9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0],"entropies": [7.845222473,7.564460754,7.723596096,4.884183884,4.784184456,7.802291870,7.349081993,4.781687260,4.881687164,7.891665459,7.618573189,7.589188576,4.834184170,4.884183884,7.765514851,7.364068508,4.931687355,4.931687355,7.868970394,7.635158062,7.659084320,7.869641304,7.832291603,7.869807243,4.884183884,4.884183884,7.782162189,7.393073082,4.765311718,4.815311432,4.815311432,6.363091469]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582396509617,"flow_src_last_pkt_time":1432582396509617,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582396509617,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01205{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1432582396509617,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_usec":1432582396509617,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQPEAAEARsZnAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582396509617,"flow_src_last_pkt_time":1432582396509617,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582396509617,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -57,7 +57,7 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402666171,"flow_src_last_pkt_time":1432582402666171,"flow_dst_last_pkt_time":1432582402666171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582396509617,"flow_src_last_pkt_time":1432582426553706,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01210{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1432582411561512,"flow_src_last_pkt_time":1432582431565397,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1699,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":93,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1432582431565397} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":93,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1432582431565397} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/93 ~~ skipped flows.............: 0 @@ -66,9 +66,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8675144 bytes -~~ total memory freed........: 8675144 bytes -~~ total allocations/frees...: 140715/140715 +~~ total memory allocated....: 9439708 bytes +~~ total memory freed........: 9439708 bytes +~~ total allocations/frees...: 154679/154679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2496 chars diff --git a/test/results/default/whatsapp_voice_and_message.pcap.out b/test/results/default/whatsapp_voice_and_message.pcap.out index 3f1162eeb..ae24b3622 100644 --- a/test/results/default/whatsapp_voice_and_message.pcap.out +++ b/test/results/default/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,5 @@ -00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820558921094} +00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820558921094} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820558921094,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820558921094,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820558921094,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558982129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820558982129,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"} @@ -123,7 +123,7 @@ 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820627171490,"flow_dst_last_pkt_time":1432820568946667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820626171765,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820625171734,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1432820695137128} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1432820695137128} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 261/261 ~~ skipped flows.............: 0 @@ -132,9 +132,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8691639 bytes -~~ total memory freed........: 8691639 bytes -~~ total allocations/frees...: 140923/140923 +~~ total memory allocated....: 9456397 bytes +~~ total memory freed........: 9456397 bytes +~~ total allocations/frees...: 154889/154889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2215 chars diff --git a/test/results/default/whatsappfiles.pcap.out b/test/results/default/whatsappfiles.pcap.out index 65cbcd585..2e0c1204e 100644 --- a/test/results/default/whatsappfiles.pcap.out +++ b/test/results/default/whatsappfiles.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1519924083411187} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1519924083411187} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083411187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924083411187,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083411187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1519924083411187,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083501147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1519924083501147,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="} @@ -21,7 +21,7 @@ 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240317078,"flow_dst_last_pkt_time":1519924240518900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":12875,"midstream":0,"thread_ts_usec":1519924240518900,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":19146.4,"max":107518,"stddev":30886.0,"var":953946176.0,"ent":3.3,"data": [56726,60954,999,65972,116,64953,998,4998,4,994,4,59896,50958,5,7285,18,4137,107,10987,4,86355,107518,6,1398,909,1355,1209,1240,1010,1222,1201]},"pktlen": {"min":52,"avg":485.4,"max":1450,"stddev":599.2,"var":359069.1,"ent":4.0,"data": [64,60,52,569,52,198,52,103,105,102,94,276,133,52,90,52,90,52,94,52,52,52,1450,220,1450,1268,1450,1450,1450,1450,1450,1450]},"bins": {"c_to_s": [6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.484427452,5.220872402,5.062724590,6.536932945,5.310736179,6.547456264,5.115703106,5.511427402,5.798887253,5.734943390,5.532109261,7.100424290,6.478804111,5.091758728,5.529591560,5.233812809,6.065113068,5.272274971,6.031597137,5.091758728,5.070539474,5.272274971,7.882384777,7.084619522,7.865714073,7.857034683,7.885036469,7.857791901,7.873408318,7.856501579,7.894844532,7.850902557]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":149,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924193366820,"flow_dst_last_pkt_time":1519924193429446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":178544,"flow_dst_tot_l4_payload_len":4980,"midstream":0,"thread_ts_usec":1519924247388841,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net"}} 01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":178,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924247388841,"flow_dst_last_pkt_time":1519924247384385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":225649,"midstream":0,"thread_ts_usec":1519924247388841,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":620,"packets-processed":620,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1519924247388841} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":620,"packets-processed":620,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1519924247388841} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 620/620 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8733843 bytes -~~ total memory freed........: 8733843 bytes -~~ total allocations/frees...: 141190/141190 +~~ total memory allocated....: 9498315 bytes +~~ total memory freed........: 9498315 bytes +~~ total allocations/frees...: 155158/155158 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2202 chars diff --git a/test/results/default/whois.pcapng.out b/test/results/default/whois.pcapng.out index d0828f890..6a28f5a06 100644 --- a/test/results/default/whois.pcapng.out +++ b/test/results/default/whois.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507397119066212} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507397119066212} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119066212,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1507397119066212,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1507397119183017,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"} @@ -7,7 +7,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1507397119183714,"pkt":"UlQAEjUCCAAnPqwxCABFAAA1fotAAEAGwO0KAAIPwAAvO6ycACuFe1kDAJdeAlAYchD7cQAAZXhhbXBsZS5jb20NCg=="} 00975{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119183714,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com","domainame":"example.com"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1507397119183935,"pkt":"CAAnPqwxUlQAEjUCCABFAAAoSF4AAEAGNyjAAC87CgACDwArrJwAl14ChXtZEFAQ\/\/\/KnQAAAAAAAAAA"} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1604305198454924} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1604305198454924} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198454924,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454980,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} @@ -17,7 +17,7 @@ 01492{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"649d6810e8392f63dc311eecb6b7098b","ja4":"t12i1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5","blocks":0}}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119368026,"flow_dst_last_pkt_time":1507397119369277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":233,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":233,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623517268690274} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623517268690274} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517268690274,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1623517268690274,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} @@ -27,7 +27,7 @@ 01112{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":""}} 00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01322{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1623517269021781} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1623517269021781} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8656655 bytes -~~ total memory freed........: 8656655 bytes -~~ total allocations/frees...: 140588/140588 +~~ total memory allocated....: 9421093 bytes +~~ total memory freed........: 9421093 bytes +~~ total allocations/frees...: 154554/154554 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2160 chars diff --git a/test/results/default/windowsupdate_over_http.pcap.out b/test/results/default/windowsupdate_over_http.pcap.out index 4177cfaff..e197f1771 100644 --- a/test/results/default/windowsupdate_over_http.pcap.out +++ b/test/results/default/windowsupdate_over_http.pcap.out @@ -1,4 +1,4 @@ -00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":94209879,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94209879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":94209879,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94209879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":94209879,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zkVAAIAGQI8KAAIPl2NIfcKXAFAVLcI9AAAAAIAC+vDt3QAAAgQFtAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94216419,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":94216419,"pkt":"CAAn5uVZUlQAEjUCCABFAAAs7dwAAEAGoQCXY0h9CgACDwBQwpcBAsoBFS3CPmAS\/\/9G0AAAAgQFtA=="} @@ -6,9 +6,8 @@ 01159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94216419,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":533,"pkt_l4_len":499,"thread_ts_usec":94216792,"pkt":"UlQAEjUCCAAn5uVZCABFAAIHzk1AAIAGPrQKAAIPl2NIfcKXAFAVLcI+AQLKAlAY+vDefgAAR0VUIC9kYXRhLzA3ODNkZWRmYjYyZmE3MDkvbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZDFkMDYwYzAtN2VjZS00Yjk2LTk1NTgtNGJkMGYyMzI2MDQwP1AxPTE2NTIwODQ2ODMmUDI9NDA0JlAzPTImUDQ9R3RYbkRNdnNzYVRWWkUlMmJsaUdSTlpQZFRDR1pjZEszbHNmUWhCeWNHSTVvbjJkeVFLN21SemclMmZBUCUyZk91VlRlYnRmV1UlMmJmTCUyYlZwa1E5YndoTndVRFBBJTNkJTNkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQ6ICovKg0KUmFuZ2U6IGJ5dGVzPTQ5MjgzMDcyLTUwMzMxNjQ3DQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtRGVsaXZlcnktT3B0aW1pemF0aW9uLzEwLjANCk1TLUNWOiBTdUpZRnJZcjhVS1NoQ2c0Y09OZEx3LjAuMi43LjEuMS41DQpDb250ZW50LUxlbmd0aDogMA0KSG9zdDogMTUxLjk5LjcyLjEyNQ0KDQo="} 01497{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":94209879,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94216419,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":94216792,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"151.99.72.125","domainame":"151.99.72.125","http": {"url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":0,"content_type":"","user_agent":"Microsoft-Delivery-Optimization\/10.0"}}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94216898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":94216898,"pkt":"CAAn5uVZUlQAEjUCCABFAAAo7d0AAEAGoQOXY0h9CgACDwBQwpcBAsoCFS3EHVAQ\/\/9crgAA"} -01659{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":94209879,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94225646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":94225646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"151.99.72.125","domainame":"151.99.72.125","http": {"url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":206,"content_type":"application\/octet-stream","user_agent":"Microsoft-Delivery-Optimization\/10.0"}}} -01260{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":94209879,"flow_src_last_pkt_time":94227136,"flow_dst_last_pkt_time":94226926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":14400,"midstream":0,"thread_ts_usec":94227136,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"151.99.72.125"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":94227136} +01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":94209879,"flow_src_last_pkt_time":94227136,"flow_dst_last_pkt_time":94226926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":14400,"midstream":0,"thread_ts_usec":94227136,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"151.99.72.125"}} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":94227136} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,10 +16,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8646083 bytes -~~ total memory freed........: 8646083 bytes -~~ total allocations/frees...: 140565/140565 +~~ total memory allocated....: 9410426 bytes +~~ total memory freed........: 9410426 bytes +~~ total allocations/frees...: 154530/154530 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 521 chars -~~ json message max len.......: 1664 chars -~~ json message avg len.......: 1073 chars +~~ json message max len.......: 1502 chars +~~ json message avg len.......: 993 chars diff --git a/test/results/default/windscribe.pcapng.out b/test/results/default/windscribe.pcapng.out index db41dd0d8..fdec0a472 100644 --- a/test/results/default/windscribe.pcapng.out +++ b/test/results/default/windscribe.pcapng.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721745032772331} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721745032772331} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745032772331,"flow_dst_last_pkt_time":1721745032772331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721745032772331,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1721745032772331,"flow_dst_last_pkt_time":1721745032772331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1721745032772331,"pkt":"CL6sCxduJjb1W8R1CABFAAA8Q\/1AAEAGZ1XAqAyca6FWhKTQAbu70yBCAAAAAKAC\/\/\/24AAAAgQFtAQCCApTM+veAAAAAAEDAwk="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1721745032772331,"flow_dst_last_pkt_time":1721745032911061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1721745032911061,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGulJroVaEwKgMnAG7pNBJaO1Iu9MgQ6ASqbAnGQAAAgQFtAQCCArOUiECUzPr3gEDAwk="} @@ -9,7 +9,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1721745033016839,"flow_dst_last_pkt_time":1721745033155514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1721745033155514,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0FEtAADEGpg9roVaEwKgMnAG7pNBJaO1Ju9Mg+YAQAFX8lgAAAQEICs5SIfZTM+zg"} 01902{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745033016839,"flow_dst_last_pkt_time":1721745033155535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1036,"midstream":0,"thread_ts_usec":1721745033155535,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Windscribe","proto_id":"91.429","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"00be073a5459cc054724f5808fd7ab67","ja4":"t12i1806h2_102b67c9f592_d0797edaf0d0","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230","subjectDN":"C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230","advertised_alpns":"h2,http\/1.1","fingerprint":"A5:6B:13:F0:68:BE:8C:0F:54:C9:15:A7:D6:68:75:F7:3F:49:92:DE","blocks":0}}} 01431{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745033946014,"flow_dst_last_pkt_time":1721745033764796,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":787,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2275,"flow_dst_tot_l4_payload_len":5707,"midstream":0,"thread_ts_usec":1721745033946014,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Windscribe","proto_id":"91.429","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1721745033946014} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1721745033946014} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661432 bytes -~~ total memory freed........: 8661432 bytes -~~ total allocations/frees...: 140569/140569 +~~ total memory allocated....: 9425806 bytes +~~ total memory freed........: 9425806 bytes +~~ total allocations/frees...: 154535/154535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 1907 chars diff --git a/test/results/default/wireguard.pcap.out b/test/results/default/wireguard.pcap.out index 237176038..5182e822a 100644 --- a/test/results/default/wireguard.pcap.out +++ b/test/results/default/wireguard.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1532126321356858} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00807{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1532126321356858} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1532126321356858,"pkt":"ouY0lLWDOjblv1r4CABFiACwAksAAEARY1YKCQABCgkAAqnGymwAnBTCAQAAANg30DBfzsfI5cji4\/eYnu9gwijYIynWArax4rudBo+Jz51NRTJ4D20nJk97mHAf3Cek7ACutr7NvvIzLxtAhMrbk4I5NcASriVeeyXv8TlAwyH6a9ZqKoewYdsUMBc+k39Wk0neKFbcXyYWdj7ur8BTOwHdll5+x2l24o9oPWcSAAAAAAAAAAAAAAAAAAAAAA=="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1532126321359376,"pkt":"Ojblv1r4ouY0lLWDCABFiAB4KjkAAEARO6AKCQACCgkAAcpsqcYAZBSKAgAAAAb0favYN9AwsY1VUL1AQqN6RoI6wI2x7GaDm8DKLWS8Fc2AIytmIy+uwkr4kY3hBg\/1yY6GXV818nIhTFJgEQ3Exh4yzdhUIQAAAAAAAAAAAAAAAAAAAAA="} @@ -8,7 +8,7 @@ 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1532126321359708,"flow_dst_last_pkt_time":1532126321359929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1532126321359929,"pkt":"Ojblv1r4ouY0lLWDCABFAACcKjoAAEARPAMKCQACCgkAAcpsqcYAiBSuBAAAANg30DAAAAAAAAAAAG9PCA6fUmkbvpSFNfecE+1o8JFF1SPu2whyZfloCC9wc1cpJj7aYnx2g83AuAozVtlTbJ8OKHJ5e1yBcguguOpyM8bev58PvujxDsGJhbgkvzUPi4GA0Ipk5r6YEAiaw9E2PtXhKcoeBCXPfpSWVlk="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1532126322363971,"flow_dst_last_pkt_time":1532126321359929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1532126322363971,"pkt":"ouY0lLWDOjblv1r4CABFAACcApAAAEARY60KCQABCgkAAqnGymwAiBSuBAAAAAb0fasBAAAAAAAAAHzNKCSiKfzNFoU7Hv+UasxWNazSNhCJwxaXBs4Pz2LNqySyHtibW+QDk8FpLPp6KYHljK6RU0il+fyDPap6kagbUeVbtzLq3DhtalfmJbCSy1upQ\/apOsaaBwHpnmAipi8Gbzy2IjKAkdrVnfE\/bjM="} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126461633953,"flow_dst_last_pkt_time":1532126461588236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":2596,"flow_dst_tot_l4_payload_len":1224,"midstream":0,"thread_ts_usec":1532126461633953,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1563973554628757} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1563973554628757} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973554628757,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":800,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1563973554628757,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1563973554628757,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_usec":1563973554628757,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1563973554628780,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1563973554628780,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"} @@ -18,7 +18,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1563973554711201,"flow_dst_last_pkt_time":1563973554642219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1563973554711201,"pkt":"OCxKuzMdABAY3q0FCABFAAB8FcIAADURYrmLosCdwKgADspsjRQAaAbHBAAAAL5AaY1tAAAAAAAAAPpGK9K5H5VHV22UlCuzckhifHXG0mCPbNY7tJ3Ehp5q9DbTenVPM\/dETy5WTx4iR6yiQjK\/qZpSgBD1KbJ+XOoBt2B9Juw3RjALxSawFkyQ"} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126461633953,"flow_dst_last_pkt_time":1532126461588236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":2596,"flow_dst_tot_l4_payload_len":1224,"midstream":0,"thread_ts_usec":1563973564026333,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973564026333,"flow_dst_last_pkt_time":1563973563910592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":4672,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1563973564026333,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":52,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1563973564026333} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":52,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1563973564026333} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 52/52 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648797 bytes -~~ total memory freed........: 8648797 bytes -~~ total allocations/frees...: 140596/140596 +~~ total memory allocated....: 9413203 bytes +~~ total memory freed........: 9413203 bytes +~~ total allocations/frees...: 154562/154562 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 1610 chars diff --git a/test/results/default/xdmcp.pcap.out b/test/results/default/xdmcp.pcap.out index 77873e19c..511bbe489 100644 --- a/test/results/default/xdmcp.pcap.out +++ b/test/results/default/xdmcp.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1538467333581076} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1538467333581076} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1538467333581076,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":15,"thread_ts_usec":1538467333581076,"pkt":"CAAngNsFUlQAEjUACABFAAAjIEIAAP8Rg4AKAQICCgECBO\/yALEAD\/cgAAEAAgABAAAAAAAAAAAAAAAA"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1538467333581076,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"XDMCP","proto_id":"15","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} @@ -8,7 +8,7 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1538467333586740,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1538467333731484,"pkt":"UlQAEjUACAAngNsFCABFAABQuVJAAEARaUMKAQIECgECAgCx7\/IAPBhVAAEACAAuDIAyAwAAAAAAEk1JVC1NQUdJQy1DT09LSUUtMQAQTPvoMVb5+UR+Qxed0+SWjg=="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1538467334608643,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1538467334608643,"pkt":"CAAngNsFUlQAEjUACABFAAA5IEQAAP8Rg2gKAQICCgECBO\/yALEAJZG\/AAEACgAXDIAyAwAAAA9NSVQtdW5zcGVjaWZpZWQ="} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467336601228,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1538467336601228,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"XDMCP","proto_id":"15","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1538467336601228} +00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1538467336601228} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645016 bytes -~~ total memory freed........: 8645016 bytes -~~ total allocations/frees...: 140539/140539 +~~ total memory allocated....: 9409390 bytes +~~ total memory freed........: 9409390 bytes +~~ total allocations/frees...: 154505/154505 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 966 chars diff --git a/test/results/default/xiaomi.pcap.out b/test/results/default/xiaomi.pcap.out index 9f0cd6d17..3967e8e3f 100644 --- a/test/results/default/xiaomi.pcap.out +++ b/test/results/default/xiaomi.pcap.out @@ -1,9 +1,9 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054136437359} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054136437359} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"vlan_id":208,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","vlan_id":208,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":136,"pkt_l4_len":98,"thread_ts_usec":1639054136437359,"pkt":"AAAAAAAAAAIAAAAIgQAA0AgARRQAdj14QAAuBjXZL\/EHWAo0l6AUZpkMYD5IiLldMd2AGAA1w4IAAAEBCAqKynYNev32UML+AAUAAAA2AAIAFgAAABgIABoKeGlhb21pLmNvbSoEQ09OTkgACgo1Mzg2MzcwNzY5EgQ3ZjA0GgIIACIAfagLdw=="} 00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"vlan_id":208,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":""}} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1643625846975752} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1643625846975752} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643625846975752,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643625846975752,"pkt":"AAAAAAAAAA0AYH2pCABFFAA8AABAAC4G2JdzpErowKj02xRms1CUmJB5c0FIJ6ASaVAVsQAAAgQFUAQCCAri0mMlEWpVrAEDAwk="} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625847008745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1643625847008745,"pkt":"AAAAAAAAAAoAtbdgCABFAADsPqBAAEAGh1vAqPTbc6RK6LNQFGZzQUgnlJiQeoAYAKxOqAAAAQEIChFqVg7i0mMlwv4ABQAAAKwAAgAWAAAAjggAGgp4aWFvbWkuY29tKgRDT05OSAAIahINUmVkbWkgTm90ZSA5UxoRVjEyLjUuMi4wLlJKV01JWE0iKmEtRDdBNUQ4QTlCNTM3NTI5Rjk2NkU0MjlEMDU4ODYyMDMyNEY2QzVFMigqMg9tb2JpbGUtbHRlLXRhaWY6ETQ3LjI0MS4zNS43Mzo1MjIyQhBhcl9FR18jdS1udS1sYXRuSgIYAFAebjssqA=="} @@ -26,36 +26,36 @@ 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1643625858251774,"flow_dst_last_pkt_time":1643625858163146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643625858251774,"pkt":"AAAAAAAAAAUARa2GCABFFAB2BwBAAC0GT7dhJ3eswKhdOxRmySBqbHLjb20PkIAYADWSLgAAAQEIChVvdCQWrKzjwv4ABQAAADYAAgAWAAAAGAgAGgp4aWFvbWkuY29tKgRDT05OSAAKCjkyODQzNjUzNzESBGQzOGMaAggAIgB+7gui"} 01830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1643625858251774,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1013,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1013,"pkt_l4_len":979,"thread_ts_usec":1643625858290111,"pkt":"AAAAAAAAAAUARa2GCABFAAPnXtVAAEAG4YTAqF07YSd3rMkgFGZvbQ+QamxzJYAYAVdAegAAAQEIChasrWIVb3Qkwv4ABQAAA6ePAlQXgwcDpjrqoyKdw4IwnSS1iwp7K8C\/a\/DO3BfsxHjpq97Q8+JQdr+1Sx7ZzediATucm0ln6n2ECEvLfwgzevfD1u\/CWmlaUPaZueHN8B9ew4RhxHiqHdSsBkyR3\/8cXiDijQq6T8Ek7smY\/RX\/5leFfWyTeoTllIzIUkB55Pa1o+qg3e53JuNFDNQfWiRPHBesCrCXsbija8s1EZqinSwpndgCEBFquauEl0+Ragp0lMAm7RxiyEIiOyxii5gY6FbeEsulHj5K+xrSQspZJtPdEOSpF1rz3Gyo9NjcCfsHV9R4Qi2\/9SJtd09CAVq8p243RiYrBSFNXlnTx1d+gDkjIIWEnSHiWm6wI3RKFPkfupRRU42022iQm6gc+ln75Gn85HTw+NXyOi7hiRF7DRS7G7djKIAszOszTFHRkkpjyJOeBTxqe0\/cP7iVPR4k8S8Yt2IIyGHi9Ev4Zlb4gChCAaSmqzYYUrN1LvdTCbvsqCb4+X\/nhcnmWWblseOpPYxDs0BNszHZKDXWo+ranx19e5G\/9xXDFrAxfcMfNuriGBbbVAXe7462XSH\/+tpcjQk24myuI7hOvnD750dNp\/HrqJWAHUQZ74X6JknAabe7d8J0L2HrM9CKftKHNEwNVBo2W7hYmWR4sIdVm9PC1yhLua4+FQb6gD7CfCitUins9w35O879aJ6hQ6ifA72fy1CW8kYwHTRt1PYIpZxMYXrmTgEWSWA9qM82PLbe5eiXV7BJfNYZoJLzdYqhwGnnsmohpFVuKyUorBJD7vvuQD3SNaJCkOcjkonUC7w1Aoq\/LEleMvZMCV5xjp40ct2wu2xQKSVdZolpUZwqutt8Gf9sRoGhgdIPb9EK542l8\/A7tHHzrmc8IOcyiGpNJ\/EuwyWs7gFpgVLTXSPqTbe1qzkw0S2Y2nPo+6Ky42BpsyBzk4qUs6ydaYyDy4szOeNYiIojVSTrTxAv81CONJ2+ehjOWR8xPviE1S1QIXaYB4Gqs\/lZigZFQG\/oXglQxrWoVdulOJx7hBr6CvDnOH8iaYOEAE+dhE0\/fUwSxsmmO3nkoBZimUpkdwux5rIZFUx9dApAbOxa7+aCnM4QzRm98LOIHsLSXbGeit3y2PpoHyZPuSe4WpTir5GONnCdFxFykyAYWy1Q4zL\/K\/oFI9aozHoou7\/tqoKcgsNRo43pfiO7Jzlwy0YGnBZXXeyDs7q5ihlPt6rz9zQzrxMSuy3zrUgN1tIfI5+V1VE="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643625858384595,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1643625858384595,"pkt":"AAAAAAAAAAUARa2GCABFFACdBwFAAC4GTo9hJ3eswKhdOxRmySBqbHMlb20TQ4AYADRRBgAAAQEIChVvdKgWrK1iwv4ABQAAAF2PAlQXgwcA7DrqoyKdw4IwnSS1iwp7K8C\/a\/DO3BfsxHjpq97Q8+JQdr+1Sx7ZzediATucm0ln4nmG0Vi+OwwzW+foz4TyXEsJXPSpg\/XoqwJuhd4u9kuYCJ6VJSia4DKX"} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1649839944752000} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1649839944752000} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944752000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649839944752000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944752000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649839944752000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MLBAAD8GlDbAqAJkA3+wSpNMFGaY8mRiAAAAAKAC\/\/+SoQAAAgQFtAQCCAodPXxCAAAAAAEDAwk="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944776000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649839944776000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPMGEOYDf7BKwKgCZBRmk0xMrReHmPJkY6ASaN+IpwAAAgQFrAQCCAr78kDrHT18QgEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1649839944780000,"flow_dst_last_pkt_time":1649839944776000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1649839944780000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MLFAAD8GlD3AqAJkA3+wSpNMFGaY8mRjTK0XiIAQAKwfgwAAAQEICh09fF\/78kDr"} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1649839944782000,"flow_dst_last_pkt_time":1649839944776000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1649839944782000,"pkt":"eJS0JASgYDjgxTWgCABFAAEVMLJAAD8Gk1vAqAJkA3+wSpNMFGaY8mRjTK0XiIAYAKxzLQAAAQEICh09fGD78kDrwv4ABQAAANUAAgAWAAAAtwgAGgp4aWFvbWkuY29tKgRDT05OSAAIahIQUmVkbWkgTm90ZSA5IFBybxoRVjEyLjAuMy4wLlFKWk1JWE0iKmEtMTQ1NkU3QTYwQUVGQzZENDA3MjdEMDNGNjBGQjBDRkFFNDBBMjE0QSgpMgR3aWZpOk1mci1hcHAtY2hhdC1nbG9iYWwteGlhb21pLW5ldDEtMTY2Nzk4MTkxMy5ldS1jZW50cmFsLTEuZWxiLmFtYXpvbmF3cy5jb206NTIyMkIFZW5fVVNKAhgAUB34UTyq"} -01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649839944782000,"flow_dst_last_pkt_time":1649839944776000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649839944782000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com","domainame":"fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com"}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649839944782000,"flow_dst_last_pkt_time":1649839944776000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649839944782000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com","domainame":"fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1649839944782000,"flow_dst_last_pkt_time":1649839944805000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1649839944805000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0mb1AAPMGdzADf7BKwKgCZBRmk0xMrReImPJlRIAQAG4ewgAAAQEICvvyQQgdPXxg"} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625847231770,"flow_dst_last_pkt_time":1643625847145760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":928,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":1112,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"47.241.35.73"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1643625858130651,"flow_src_last_pkt_time":1643625858384595,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":947,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1117,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"47.241.59.87"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1643625848421465,"flow_src_last_pkt_time":1643625997739244,"flow_dst_last_pkt_time":1643625997646742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":914,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1085,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"47.241.35.73"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1649853179269000} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1649853179269000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179269000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179269000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179269000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649853179269000,"pkt":"eJS0JASgYDjgxTWgCABFAAA82XxAAD8GovfAqAJkEsHperAyFGbKjahPAAAAAKAC\/\/8SCgAAAgQFtAQCCAp5z8VmAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649853179291000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPUGxnMSwel6wKgCZBRmsDIvdwKjyo2oUKASaN9j8wAAAgQFrAQCCAqcy3ZJec\/FZgEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1649853179293000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1649853179293000,"pkt":"eJS0JASgYDjgxTWgCABFAAA02X1AAD8Gov7AqAJkEsHperAyFGbKjahQL3cCpIAQAKz61AAAAQEICnnPxX2cy3ZJ"} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1649853179315000,"pkt":"eJS0JASgYDjgxTWgCABFAAEN2X5AAD8GoiTAqAJkEsHperAyFGbKjahQL3cCpIAYAKzBMAAAAQEICnnPxZScy3ZJwv4ABQAAAM0AAgAWAAAArwgAGgp4aWFvbWkuY29tKgRDT05OSAAIahINUmVkbWkgTm90ZSA4VBoRVjEyLjUuMS4wLlJDWFJVWE0iKmEtNTA1ODM0NTlDNzUwRTdFMUMwNTBDRUMyMDI2OUVEQkIxRjlFOTc4MiguMgR3aWZpOkhmci1hcHAtY2hhdC1nbG9iYWwteGlhb21pLW5ldDItMjExNzUxNzg3NC5ldS1jZW50cmFsLTEuZWxiLmFtYXpvbmF3cy5jb21CBXJ1X1JVSgIYAFAe62Q6kA=="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com","domainame":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com"}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com","domainame":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179337000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1649853179337000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Y2JAAPUGYxkSwel6wKgCZBRmsDIvdwKkyo2pKYAQAG758wAAAQEICpzLdnh5z8WU"} -01174{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649840399878000,"flow_dst_last_pkt_time":1649840399901000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":933,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":171,"midstream":0,"thread_ts_usec":1649853179854000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com"}} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":49,"global_ts_usec":1650283578710000} +01172{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649840399878000,"flow_dst_last_pkt_time":1649840399901000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":933,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":171,"midstream":0,"thread_ts_usec":1649853179854000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com"}} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":49,"global_ts_usec":1650283578710000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283578710000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283578710000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283578710000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650283578710000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DvVAAD8GnQ7AqAJky2sBQb46AFChwP+pAAAAAKAC\/\/8meQAAAgQFtAQCCArLcGZmAAAAAAEDAwk="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650283579013000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAACkGwgvLawFBwKgCZABQvjrJa8kHocD\/qoASchB61gAAAgQFrAEBBAIBAwMH"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1650283579202000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoDvZAAD8GnSHAqAJky2sBQb46AFChwP+qyWvJCFAQAKwtBQAA"} 00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_usec":1650283579202000,"pkt":"eJS0JASgYDjgxTWgCABFAAGEDvdAAD8Gm8TAqAJky2sBQb46AFChwP+qyWvJCFAYAKx3MgAAR0VUIC8xNjQ1NjYvc2lnbl9kP2hvc3Q9YXBwbWFya2V0Lm1pY2xvdWQueGlhb21pLm5ldCZzZGs9YW5kcm9pZF8xLjMuMyZ0PTE2NTAyODQxNzkmcz03NjJmMmMwN2NmOTI2MmM2MTc1M2Y0NWI0MTE3YzIzMiZzaWQ9amNjTTdQRjRYWTBUJm5ldD13aWZpJmJzc2lkPTAyJTNBMDAlM0EwMCUzQTAwJTNBMDAlM0EwMCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMDsgUmVkbWkgTm90ZSA5IFBybyBNSVVJL1YxMi4wLjMuMC5RSlpNSVhNKQ0KSG9zdDogMjAzLjEwNy4xLjY1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} 01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"203.107.1.65","domainame":"203.107.1.65","http": {"url":"203.107.1.65\/164566\/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI\/V12.0.3.0.QJZMIXM)"}}} -01176{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853538407000,"flow_dst_last_pkt_time":1649853179817000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":948,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":593,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com"}} +01174{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853538407000,"flow_dst_last_pkt_time":1649853179817000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":948,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":593,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":52,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1650283579202000} +00813{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":52,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1650283579202000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 52/52 ~~ skipped flows.............: 0 @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673963 bytes -~~ total memory freed........: 8673963 bytes -~~ total allocations/frees...: 140676/140676 +~~ total memory allocated....: 9438529 bytes +~~ total memory freed........: 9438529 bytes +~~ total allocations/frees...: 154642/154642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 1835 chars diff --git a/test/results/default/xss.pcap.out b/test/results/default/xss.pcap.out index c63dfad45..5a81f46b7 100644 --- a/test/results/default/xss.pcap.out +++ b/test/results/default/xss.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655243489609806} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655243489609806} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243489609806,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489609806,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655243489609806,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA8+yJAAEAGt3DAqANtwKgDa9EKAFDSR62xAAAAAKAC+vBHrAAAAgQFtAQCCAqQR5ueAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655243489609822,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA8AABAAEAGspPAqANrwKgDbQBQ0QpkRtWU0ketsqAS\/og+LAAAAgQFtAQCCAqztRhGkEebngEDAwc="} @@ -14,7 +14,7 @@ 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1655243489609806,"flow_src_last_pkt_time":1655243489620426,"flow_dst_last_pkt_time":1655243489615942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":608,"flow_dst_tot_l4_payload_len":1843,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.3.107"}} 00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1655243489609847,"flow_src_last_pkt_time":1655243489614470,"flow_dst_last_pkt_time":1655243489609849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1655243489609847,"flow_src_last_pkt_time":1655243489614470,"flow_dst_last_pkt_time":1655243489609849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1655243489620426} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1655243489620426} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648066 bytes -~~ total memory freed........: 8648066 bytes -~~ total allocations/frees...: 140565/140565 +~~ total memory allocated....: 9412472 bytes +~~ total memory freed........: 9412472 bytes +~~ total allocations/frees...: 154531/154531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 1510 chars diff --git a/test/results/default/yandex.pcapng.out b/test/results/default/yandex.pcapng.out index 2ef34bf13..d1a0f320e 100644 --- a/test/results/default/yandex.pcapng.out +++ b/test/results/default/yandex.pcapng.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675629757956767} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675629757956767} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675629757956767,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757956767,"pkt":"dNqIE5X\/CI6QkAulCABFAAA87YBAAEAG6CrAqAH51bTMup0aAbsZxJRyAAAAAKAC+vDi+wAAAgQFtAQCCApF2HIeAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757971675,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcG3qvVtMy6wKgB+QG7nRotDdTkGcSUc6ASqUoQtAAAAgQFggQCCApPBdMWRdhyHgEDAwg="} @@ -9,7 +9,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675629757997818,"pkt":"CI6QkAuldNqIE5X\/CABFAAA03SdAADcGAYzVtMy6wKgB+QG7nRotDdTlGcSWeIAQAKjlzQAAAQEICk8F0yZF2HIt"} 01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675629757997818,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757997886,"flow_dst_last_pkt_time":1675629758006704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4440,"midstream":0,"thread_ts_usec":1675629758006704,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88","blocks":0}}} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1675632200347508} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1675632200347508} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632200347508,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632200347508,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8p+RAAEAGmcPAqAH5spqD2N8mAbsQs3pEAAAAAKAC+vC2kwAAAgQFtAQCCAoxyf\/EAAAAAAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675632200354042,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632200354042,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0p+VAAEAGmcrAqAH5spqD2N8mAbsQs3pFVOenIIAQAfYqYQAAAQEICjHJ\/8uE0TMJ"} @@ -39,7 +39,7 @@ 01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632771649412,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","domainame":"cloud.yandex.ru","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771661361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632771661361,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0o39AADcGizxX+vpswKgB+QG73+pH994DthYOFIAQAKjWtwAAAQEICjlcYGHJQVuK"} 01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771666494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675632771666494,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","domainame":"cloud.yandex.ru","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1675633561788867} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1675633561788867} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561788867,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561788867,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8OJ1AAEAG7PzAqAH5V\/r6huXQAbth\/x6mAAAAAKAC+vAp1QAAAgQFtAQCCAqt2\/gKAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561796212,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLppX+vqGwKgB+QG75dDNImeHYf8ep6ASqUqZLQAAAgQFggQCCAroj8Uzrdv4CgEDAwg="} @@ -81,7 +81,7 @@ 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1675632204761716,"flow_src_last_pkt_time":1675632204850774,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":42102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":2703,"flow_dst_tot_l4_payload_len":5466,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629758531921,"flow_dst_last_pkt_time":1675629758544983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":2357,"flow_dst_tot_l4_payload_len":4682,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":130,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1675633561819787} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":130,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1675633561819787} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 130/130 ~~ skipped flows.............: 0 @@ -90,9 +90,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8803735 bytes -~~ total memory freed........: 8803735 bytes -~~ total allocations/frees...: 140856/140856 +~~ total memory allocated....: 9568365 bytes +~~ total memory freed........: 9568365 bytes +~~ total allocations/frees...: 154822/154822 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 2665 chars diff --git a/test/results/default/yojimbo.pcap.out b/test/results/default/yojimbo.pcap.out index a17d50c10..e3b2cbbf2 100644 --- a/test/results/default/yojimbo.pcap.out +++ b/test/results/default/yojimbo.pcap.out @@ -1,10 +1,10 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705841430802164} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705841430802164} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1120,"pkt_l4_len":1086,"thread_ts_usec":1705841430802164,"pkt":"AAAAAAAAAAAAAAAACABFAARSxRtAAMIR8Xx\/AAABfwAAAYdOnEAEPgJSAE5FVENPREUgMS4wMgAAAAAAAAAAACATrWUAAAAAKEYo4cxsxbeO0bGn47kL6bIDhwFb6cXNgaAmgqG7OfEIoRHWgUHLOBEsmzkfjmvr6Cthgf2QIZ4Mk97xNQCSoVT3IBfKGcbuFUHtjUME04dUg7FSon9uKz63H8kkKmDM27hCsGkJ8pcpvjODFXa6vECBXfQ7YwQcC2hwnujXyAGXyxzMKYHJtc5zGs9uPLGhiXZjs2b6ZRVpcMfTM+TUewRvLl9d5pRM8MRznO6ke8Xij0xoZ4bLXDhDZPxxUSUVxlUi6PhvuXQHObIM\/Irjj0yYWbNeS58cDeEjgOhfFfUE4p7fKkwPOxG+L1LHt2i\/pa4hsJZd0nLAKeYIMmzBiXnhLmYw4aEX7KAldE8N5x6a28ChMpaJMTJaXdYeCFkSOSETAf5VATmAjsz246WRUBfKruKjYi8w3DE12Fy8q218zC6ajbMjixM5OZLYE1sQG54x2IGCnJrOSpeuH9vhXzg2pOr9jgTQC9tXUBIK+BRNxNdMRgGvAf8OPPdNPcqfzkMwzZyUNQ\/X04UIZ6bgZZJPXY+y5y6bcC\/g9UhsUR0EhuEaQOCeeS2KdT9X91bAosid3B8wXik5wugpmMknTQgFVJYtrv4hdQMejIa9CfAO9EoqOaFhYmjQtOVG2zByti3XrAIzqgPAtzkaaqxG\/kTxzvAUPgfDvj1vwKigHErva2jRMBMRYc7fbqVifXw\/5oCpNfT4haDeRE63W5LKPGcmgPUgTPAzrXHPE\/Cq5+pd3Rt0+DN\/VSMKYiSD9MAyk89fLaGI2W5c0QiWHVz+axOGP\/A5u2B2vBfPfMh1AaTS93MK2gyLL+HpMqcgYbXmyscvSydsrTl22fDmJYaUBcx32PcIQxaBxchgWRuJGWEiw2eQmZCQD4I\/WZqmzDRX088uAJ6qxRD+3xulxNOTxaqQNUh7ZxTktY4BswfyhNDJtqiYALpiEUNCzpAJSNm4FPNz8um1NGS9d3Dqlwp\/q6t8ZcMsQvpR1yhIBA25SdfmSxrb8p+l1QcjONwKhERsV9voT5pKSzybGc3pgzBRumB3VwY\/ZDYkj8uqoegxypS5Asq\/kC6A0xOkYpUIpttO3TOT6ESzAIqKxH8MIpyux5EE6onb1aqExUmjiIV40rg5XdsQspYr\/\/W3AIpktQpP\/0e+44QlnvT565BwfSP+TULnRvrtYXdwt9c52oukW09dpwXDN0wOhY4i8TIDqjp0+bXvULBMFKp4IkzmRvciwOsw0G1nWP4ZY11NM2vPdIYWaaX4TrkxuE5sMAhxj81+AiEYrkCDqZ3wnzr1gqS+O+eTzyuSzbjZ3vJ32fEbVr9h9T\/+ZUw5aAIYvIAcIcKWdBFxw3VYno5Dec9Hb82M+AI4a5b6jkRyqbp4x0KEtIBTd1IlRBcm4w=="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Yojimbo","proto_id":"388","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Yojimbo","proto_id":"388","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1705841430802164} +00810{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1705841430802164} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644871 bytes -~~ total memory freed........: 8644871 bytes -~~ total allocations/frees...: 140534/140534 +~~ total memory allocated....: 9409245 bytes +~~ total memory freed........: 9409245 bytes +~~ total allocations/frees...: 154500/154500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 1976 chars diff --git a/test/results/default/youtube_quic.pcap.out b/test/results/default/youtube_quic.pcap.out index 65573d572..3b483349e 100644 --- a/test/results/default/youtube_quic.pcap.out +++ b/test/results/default/youtube_quic.pcap.out @@ -1,5 +1,5 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1489363823466752} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00810{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1489363823466752} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823466752,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Q035"}}} @@ -25,7 +25,7 @@ 01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824712581,"flow_dst_last_pkt_time":1489363824840806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3551,"flow_dst_tot_l4_payload_len":4358,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363824024913,"flow_dst_last_pkt_time":1489363823999542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2018,"flow_dst_tot_l4_payload_len":1915,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":113,"flow_dst_packets_processed":145,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363826862170,"flow_dst_last_pkt_time":1489363826861980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":11365,"flow_dst_tot_l4_payload_len":156294,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":289,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1489363826862170} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":289,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1489363826862170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 289/289 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8658194 bytes -~~ total memory freed........: 8658194 bytes -~~ total allocations/frees...: 140847/140847 +~~ total memory allocated....: 9422533 bytes +~~ total memory freed........: 9422533 bytes +~~ total allocations/frees...: 154810/154810 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 2350 chars diff --git a/test/results/default/youtubeupload.pcap.out b/test/results/default/youtubeupload.pcap.out index ca6b811d7..4e77434e4 100644 --- a/test/results/default/youtubeupload.pcap.out +++ b/test/results/default/youtubeupload.pcap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1511102576794424} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1511102576794424} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102576794424,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","quic": {"quic_version":"Q039"}}} @@ -27,7 +27,7 @@ 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":20,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102580286427,"flow_dst_last_pkt_time":1511102580285015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":97113,"flow_dst_tot_l4_payload_len":5163,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576954116,"flow_dst_last_pkt_time":1511102576952686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":4409,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102594783349,"flow_dst_last_pkt_time":1511102594936951,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":8105,"flow_dst_tot_l4_payload_len":6001,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com"}} -00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":137,"packets-processed":137,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1511102594936951} +00825{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":137,"packets-processed":137,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1511102594936951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 137/137 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8666113 bytes -~~ total memory freed........: 8666113 bytes -~~ total allocations/frees...: 140715/140715 +~~ total memory allocated....: 9430485 bytes +~~ total memory freed........: 9430485 bytes +~~ total allocations/frees...: 154679/154679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2355 chars diff --git a/test/results/default/z3950.pcapng.out b/test/results/default/z3950.pcapng.out index 397b66360..614e7acb8 100644 --- a/test/results/default/z3950.pcapng.out +++ b/test/results/default/z3950.pcapng.out @@ -1,12 +1,12 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623680697296098} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623680697296098} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623680697296098,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697296098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623680697296098,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697296098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623680697296098,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623680697327356,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623680697329724,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1623680697329724,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7vxAAH8Gl7rAqAJkwa7wXeYpANJ85vsC3ZUIa1AQAgTz0QAA"} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623680697330632,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1623680697330632,"pkt":"eJS0JASgYDjgxTWgCABFAACC7v1AAH8Gl1\/AqAJkwa7wXeYpANJ85vsC3ZUIa1AYAgRPTgAAtFiDAgDghAMAwaKFBAQAAACGBAQAAACfbgI4MZ9vClpPT00tQy9ZQVqfcC41LjQuMSAxMmI5NmNlNzE1NjBhNTY2ZGZmZjU5MDFlMmIxYWFhOWQyZGM5NGNj"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623680697330632,"flow_dst_last_pkt_time":1623680697354970,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623680697354970,"pkt":"YDjgxTWgeJS0JASgCABFAAAoHB9AADYGs5jBrvBdwKgCZADS5indlQhrfOb7XFAQAfbzhQAAAAAAAAAA"} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1625070123680497} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1625070123680497} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123680497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625070123680497,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123680497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1625070123680497,"pkt":"YDjgxTWgABjzZLGICABFAAA0k\/xAAJAGiSTAqAAUgbuLK7W8JweM39PGAAAAAIAC+vDNyQAAAgQFtAEBBAIBAwMH"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123709562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1625070123709562,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADUGeCGBu4srwKgAFCcHtbz4JgxZjN\/Tx4ASchDtagAAAgQFrAEBBAIBAwMH"} @@ -17,7 +17,7 @@ 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1623680697296098,"flow_src_last_pkt_time":1623680698821983,"flow_dst_last_pkt_time":1623680698846157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":3918,"midstream":0,"thread_ts_usec":1625070132777881,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070196998319,"flow_dst_last_pkt_time":1625070132777866,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":113,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1625070196998319,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Z3950","proto_id":"260","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070200217383,"flow_dst_last_pkt_time":1625070200217346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":113,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":199,"midstream":0,"thread_ts_usec":1625070200217383,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Z3950","proto_id":"260","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":31,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1625070200217383} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":31,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1625070200217383} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652433 bytes -~~ total memory freed........: 8652433 bytes -~~ total allocations/frees...: 140583/140583 +~~ total memory allocated....: 9416839 bytes +~~ total memory freed........: 9416839 bytes +~~ total allocations/frees...: 154549/154549 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 1110 chars diff --git a/test/results/default/zabbix.pcap.out b/test/results/default/zabbix.pcap.out index dc7701301..6a9980c2e 100644 --- a/test/results/default/zabbix.pcap.out +++ b/test/results/default/zabbix.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1572254070608539} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1572254070608539} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608539,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572254070608539,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572254070608854,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="} @@ -7,7 +7,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1572254070608917,"pkt":"RoQclwmZOjUSPEK7CABFAABL5AlAAEAGTtfAqENiwKhDGd9KJ0JwAdHVcPF4ZYAYAOUICgAAAQEICivCNdQrfUX3WkJYRAEKAAAAAAAAAHByb2MubnVtW10="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608917,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070609214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572254070609214,"pkt":"OjUSPEK7RoQclwmZCABFAAA0t4ZAAEAGe3HAqEMZwKhDYidC30pw8XhlcAHR7IAQAONpMQAAAQEICit9RfcrwjXU"} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1657872825792772} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1657872825792772} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872825792772,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872825792772,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36699,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792772,"pkt":"AAwphPY8AAwpXdTzCABFAAA86nZAAEAGwNPAqAcQwKgHEY9bJ0PFmT3IAAAAAKAC+vDyGgAAAgQFtAQCCArVxDu9AAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792809,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDj1uwlSH0xZk9yaAS\/ohzWgAAAgQFtAQCCAqaoA3u1cQ7vQEDAwc="} @@ -193,7 +193,7 @@ 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872952792575,"flow_src_last_pkt_time":1657872952793338,"flow_dst_last_pkt_time":1657872952793345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":52901,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1657872930793502,"flow_src_last_pkt_time":1657872930795972,"flow_dst_last_pkt_time":1657872930795980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":55759,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872946792586,"flow_src_last_pkt_time":1657872946796114,"flow_dst_last_pkt_time":1657872946796119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":745,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":745,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":60217,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":236,"packets-processed":236,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1657872986793226} +00820{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":236,"packets-processed":236,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1657872986793226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 236/236 ~~ skipped flows.............: 0 @@ -202,9 +202,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8707618 bytes -~~ total memory freed........: 8707618 bytes -~~ total allocations/frees...: 141022/141022 +~~ total memory allocated....: 9472728 bytes +~~ total memory freed........: 9472728 bytes +~~ total allocations/frees...: 154988/154988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 1004 chars diff --git a/test/results/default/zattoo.pcap.out b/test/results/default/zattoo.pcap.out index 31499a9fb..3d4216f69 100644 --- a/test/results/default/zattoo.pcap.out +++ b/test/results/default/zattoo.pcap.out @@ -1,5 +1,5 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614851148233981} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614851148233981} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148233981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614851148233981,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148233981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148233981,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148234305,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="} @@ -17,7 +17,7 @@ 01069{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1614851148248533,"flow_dst_last_pkt_time":1614851148248907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"thread_ts_usec":1614851148248907,"pkt":"ApXG95NL5kBKB+riCABFAAG84bgAAH8GQ7UKZgACCmUAAgBQC3gk9N+zJPTdL1AYgAGT3gAASFRUUC8xLjAgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDY5MzQ0MjM5NA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAyNTANCkRhdGU6IFNhdCwgMjAgQXVnIDIwMTEgMjM6MzQ6NTkgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjw\/eG1sIHZlcnNpb249IjEuMCI\/PjwhRE9DVFlQRSBjcm9zcy1kb21haW4tcG9saWN5IFNZU1RFTSAiaHR0cDovL3d3dy5tYWNyb21lZGlhLmNvbS94bWwvZHRkcy9jcm9zcy1kb21haW4tcG9saWN5LmR0ZCI+PGNyb3NzLWRvbWFpbi1wb2xpY3k+PGFsbG93LWFjY2Vzcy1mcm9tIGRvbWFpbj0iKiIvPjxhbGxvdy1odHRwLXJlcXVlc3QtaGVhZGVycy1mcm9tIGRvbWFpbj0iKiIgaGVhZGVycz0iKiIvPjwvY3Jvc3MtZG9tYWluLXBvbGljeT4="} 01008{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1614851148248095,"flow_src_last_pkt_time":1614851148254413,"flow_dst_last_pkt_time":1614851148254534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":961,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":5785,"flow_dst_tot_l4_payload_len":2260,"midstream":0,"thread_ts_usec":1614851148254534,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Zattoo","proto_id":"7.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"zattosecurehd2-f.akamaihd.net"}} 01316{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148237771,"flow_dst_last_pkt_time":1614851148238027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1165,"flow_dst_max_l4_payload_len":1072,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":2030,"midstream":0,"thread_ts_usec":1614851148254534,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","proto_id":"91.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1614851148254534} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1614851148254534} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652719 bytes -~~ total memory freed........: 8652719 bytes -~~ total allocations/frees...: 140588/140588 +~~ total memory allocated....: 9417125 bytes +~~ total memory freed........: 9417125 bytes +~~ total allocations/frees...: 154554/154554 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1982 chars diff --git a/test/results/default/zeromq.pcapng.out b/test/results/default/zeromq.pcapng.out index ef460b6ba..8507c444d 100644 --- a/test/results/default/zeromq.pcapng.out +++ b/test/results/default/zeromq.pcapng.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1747672778068254} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1747672778068254} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1747672778068254,"flow_src_last_pkt_time":1747672778068254,"flow_dst_last_pkt_time":1747672778068254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1747672778068254,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1747672778068254,"flow_dst_last_pkt_time":1747672778068254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747672778068254,"pkt":"AAAAAAAAAAAAAAAACABFAAA8EkpAAEAGKnB\/AAABfwAAAboWFbOULYiAAAAAAKAC\/9f+MAAAAgT\/1wQCCAp976tLAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1747672778068254,"flow_dst_last_pkt_time":1747672778068267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1747672778068267,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARWzuhb6t8IHlC2IgaAS\/8v+MAAAAgT\/1wQCCAp976tLfe+rSwEDAwc="} @@ -9,7 +9,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1747672778068327,"flow_dst_last_pkt_time":1747672778068331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1747672778068331,"pkt":"AAAAAAAAAAAAAAAACABFAAA0wbhAAEAGewl\/AAABfwAAARWzuhb6t8IIlC2Ii4AQAgD+KAAAAQEICn3vq0t976tL"} 02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1747672778068254,"flow_src_last_pkt_time":1747672784071391,"flow_dst_last_pkt_time":1747672785071619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1747672785071619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":419564.6,"max":1000781,"stddev":491050.2,"var":241130323968.0,"ent":3.7,"data": [13,23,50,64,30,41,11,49,10,56,25,40662,959955,1000754,189,1000208,1000399,194,1000186,1000305,116,1000172,1000311,141,1000559,1000781,223,1000206,1000381,181,1000207]},"pktlen": {"min":52,"avg":62.5,"max":106,"stddev":14.5,"var":209.6,"ent":5.0,"data": [60,60,52,62,52,63,52,106,105,79,52,101,52,61,61,52,61,61,52,61,61,52,61,61,52,61,61,52,61,61,52,61]},"bins": {"c_to_s": [11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [18,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.390281677,4.760081291,4.585552216,4.375948906,4.638530731,4.424082756,4.676992416,3.262140512,3.196412563,5.280230999,4.676992416,5.218214989,4.715454102,4.904028893,4.793292999,4.624013901,4.838455200,4.760506153,4.554597855,4.772881508,4.715343952,4.585552216,4.838455200,4.727719307,4.585552216,4.838455200,4.772881508,4.676992416,4.838455200,4.760506153,4.585552216,4.826079845]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ZeroMQ","proto_id":"177","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":26,"flow_first_seen":1747672778068254,"flow_src_last_pkt_time":1747672788072877,"flow_dst_last_pkt_time":1747672788072855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":181,"midstream":0,"thread_ts_usec":1747672788072877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZeroMQ","proto_id":"177","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1747672788072877} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/zeromq.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1747672788072877} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648162 bytes -~~ total memory freed........: 8648162 bytes -~~ total allocations/frees...: 140578/140578 +~~ total memory allocated....: 9412536 bytes +~~ total memory freed........: 9412536 bytes +~~ total allocations/frees...: 154544/154544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 2157 chars diff --git a/test/results/default/zmap.pcap.out b/test/results/default/zmap.pcap.out index 13d879424..9beee89e9 100644 --- a/test/results/default/zmap.pcap.out +++ b/test/results/default/zmap.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748006534335482} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748006534335482} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748006534335482,"flow_src_last_pkt_time":1748006534335482,"flow_dst_last_pkt_time":1748006534335482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748006534335482,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.65","src_port":42416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1748006534335482,"flow_dst_last_pkt_time":1748006534335482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1748006534335482,"pkt":"BBjWBrNafMJVS2K8CABFAAAo1DEAAP8GYc\/AqAI9wKgCQaWwAFCnuWGFAAAAAFAC\/\/961AAA"} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748006534335492,"flow_src_last_pkt_time":1748006534335492,"flow_dst_last_pkt_time":1748006534335492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748006534335492,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.4","src_port":38482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -40,7 +40,7 @@ 00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748006534335517,"flow_src_last_pkt_time":1748006534335517,"flow_dst_last_pkt_time":1748006534335517,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748006534335517,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.41","src_port":40049,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01197{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748006534335482,"flow_src_last_pkt_time":1748006534335482,"flow_dst_last_pkt_time":1748006534335482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748006534335517,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.65","src_port":42416,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"28": {"risk":"Malicious Fingerprint","severity":"High","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748006534335482,"flow_src_last_pkt_time":1748006534335482,"flow_dst_last_pkt_time":1748006534335482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748006534335517,"l3_proto":"ip4","src_ip":"192.168.2.61","dst_ip":"192.168.2.65","src_port":42416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":10,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1748006534335517} +00811{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zmap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":10,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1748006534335517} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667716 bytes -~~ total memory freed........: 8667716 bytes -~~ total allocations/frees...: 140662/140662 +~~ total memory allocated....: 9432378 bytes +~~ total memory freed........: 9432378 bytes +~~ total allocations/frees...: 154628/154628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 1203 chars diff --git a/test/results/default/zoom.pcap.out b/test/results/default/zoom.pcap.out index 557ce4a79..3cdd64d4c 100644 --- a/test/results/default/zoom.pcap.out +++ b/test/results/default/zoom.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520466080774,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} @@ -48,15 +48,15 @@ 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469081864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469081864,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469081864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520469081864,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520469090576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvbAqAF1NMo+7tZQAbuf1vAclW0+lVAYIABOFwAAFgMBAgABAAH8AwOmdJtxNFfMjcfLUUPitDEoY1B0Di2UTNnlfk3BbUb8gQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEAAOAAALbG9nLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEzdAAAABAACwAJCGh0dHAvMS4xABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469090576,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469090576,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469116573,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469189810,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469198772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469198772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAomZxAAO4GvV00yj7uwKgBdQG71lCVbT6Vn9byIVAQAAc78QAAAAAAAAAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469200030,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469200030,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01549{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01547{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469210161,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469221116,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} @@ -108,19 +108,19 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469950703,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470060882,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470061040,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520470061040,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"} 01218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520470086807,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAyDAqAF1NMo+xNZRAbvXiDKJch71hFAYIACSLwAAFgMBAgABAAH8AwM713rsHGfD7mJ354PwCuGZwTjUqrrL0CuQ4TzCSd+cxAAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAADAAKAAAHem9vbS51cwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABATN0AAAAEAALAAkIaHR0cC8xLjEAFQC7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01158{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470086807,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470086807,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470022260,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470134646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470134790,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520470134790,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"} 01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520470165906,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvjAqAF1NMo+7NZSAbv67hZuvPb3MFAYIADjOQAAFgMBAgABAAH8AwObHTBBjptn8M2MO45Zv5ljKTP+98xeE3APrXXUMhcUnQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEQAPAAAMd3d3My56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBM3QAAAAQAAsACQhodHRwLzEuMQAVALYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470165906,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470165906,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470197342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520470197342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoYcxAAO8G9Fc0yj7EwKgBdQG71lFyHvWE14g0jlAQAAcuWwAAAAAAAAAA"} -01219{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470199286,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470199286,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01543{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470199565,"flow_dst_last_pkt_time":1569520470199762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470199762,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470199286,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470199286,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01541{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470199565,"flow_dst_last_pkt_time":1569520470199762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470199762,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470278606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520470278606,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAo8dBAAO4GZSs0yj7swKgBdQG71lK89vcw+u4Yc1AQAAfaYgAAAAAAAAAA"} -01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01551{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470350181,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520470350181,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38469.9,"max":210729,"stddev":59394.9,"var":3527759616.0,"ent":3.3,"data": [112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148]},"pktlen": {"min":40,"avg":663.0,"max":1492,"stddev":660.1,"var":435695.1,"ent":4.2,"data": [64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} +02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38469.9,"max":210729,"stddev":59394.9,"var":3527759616.0,"ent":3.3,"data": [112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148]},"pktlen": {"min":40,"avg":663.0,"max":1492,"stddev":660.1,"var":435695.1,"ent":4.2,"data": [64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470666966,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520470666966,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABI4PAAAEARFPDAqAF1wKgB\/+EV4RUANLyaU3BvdFVkcDAJFTOWktM6lAABAARIlcIDDi3QR5gZLZgtSkZtNr91y8rdz4k="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470666966,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -211,7 +211,7 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1569520473084563,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1569520473116083,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1569520473116331,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1569520473116331,"pkt":"EBMx8Tl2KDc3AG3ICABFAAApU1gAAEARV43AqAF1bV6gY\/EjImEAFahIBAAAAAF2KpKmAFoORA=="} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1569520473121070,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1569520473121070,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDmwAAEARnEPAqAF1bV6gY\/EjImEAS0M9BQ0AAAAMASGOnDkoxEsvqQJwcoIuVvYBAAQDAgAAAAAAAAABAAAAFmRhdGFfYmluZF9yZXBsYWNlX2ZsYWcCAAAAAQ=="} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":701,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1673444902645655} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":701,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1673444902645655} 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902645655,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902645655} 00517{"packet_event_id":1,"packet_event_name":"packet","packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":167,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":167,"pkt_l4_len":0,"thread_ts_usec":1569520473198709,"pkt":"AAAAAAAAAAECAAD6gQBNQoEAQHEIAEUwAJHKGwAA\/xGzEwqGGUMKhA+wCGgIaAB9eUgw\/wBtBJhmXEUAAG316wAAQBEffgqMdSPBeiPtskIiYQBZseADAAAAEg\/+mNIAJy7JAQVA3IMlEZ3S66JjfHMo8enxO0XEN5PMhIeLRp6CXCZ6i5NbikRhcdwrc6d1VElcFx1R+ZHQglXiW8kQjpgMrPMjkQA="} 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902769137,"packet_id":702,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902769137} @@ -291,14 +291,14 @@ 00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520469423595,"flow_src_last_pkt_time":1569520469433729,"flow_dst_last_pkt_time":1569520469423595,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469797670,"flow_src_last_pkt_time":1569520469797670,"flow_dst_last_pkt_time":1569520469797670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742102,"flow_src_last_pkt_time":1569520470742102,"flow_dst_last_pkt_time":1569520470776015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"zoomfr84zc.zoom.us"}} -00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469402528,"flow_dst_last_pkt_time":1569520469413824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1489,"flow_dst_tot_l4_payload_len":4294,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469402528,"flow_dst_last_pkt_time":1569520469413824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1489,"flow_dst_tot_l4_payload_len":4294,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00973{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520470741922,"flow_src_last_pkt_time":1569520470741922,"flow_dst_last_pkt_time":1569520470768577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"zoomfr85zc.zoom.us"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469984408,"flow_src_last_pkt_time":1569520469984408,"flow_dst_last_pkt_time":1569520470021639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www3.zoom.us"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469430881,"flow_dst_last_pkt_time":1569520469430777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":758,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1466,"flow_dst_tot_l4_payload_len":5833,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470454378,"flow_dst_last_pkt_time":1569520470449389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":15671,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470628076,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469430881,"flow_dst_last_pkt_time":1569520469430777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":758,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1466,"flow_dst_tot_l4_payload_len":5833,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470454378,"flow_dst_last_pkt_time":1569520470449389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":15671,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470628076,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520468922117,"flow_src_last_pkt_time":1569520468922117,"flow_dst_last_pkt_time":1569520468958056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"log.zoom.us"}} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469036433,"flow_src_last_pkt_time":1569520469036433,"flow_dst_last_pkt_time":1569520469072146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"local"}} 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469072220,"flow_src_last_pkt_time":1569520469072220,"flow_dst_last_pkt_time":1569520469072220,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -306,12 +306,12 @@ 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520472536483,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":127,"flow_dst_packets_processed":83,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520473190218,"flow_dst_last_pkt_time":1569520473152463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":45724,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us"}} -01159{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01164{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01232{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520471535462,"flow_dst_last_pkt_time":1569520471572328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":866,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1526,"flow_dst_tot_l4_payload_len":1399,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520471156543,"flow_dst_last_pkt_time":1569520471156659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520471159604,"flow_dst_last_pkt_time":1569520471159577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":5902,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":781,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1673445056996306} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":781,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1673445056996306} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 781/697 ~~ skipped flows.............: 0 @@ -320,9 +320,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8985201 bytes -~~ total memory freed........: 8985201 bytes -~~ total allocations/frees...: 141678/141678 +~~ total memory allocated....: 9750632 bytes +~~ total memory freed........: 9750632 bytes +~~ total allocations/frees...: 155645/155645 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 298 chars ~~ json message max len.......: 2404 chars diff --git a/test/results/default/zoom2.pcap.out b/test/results/default/zoom2.pcap.out index 5d2eedc89..8ab916f92 100644 --- a/test/results/default/zoom2.pcap.out +++ b/test/results/default/zoom2.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458402978,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1642965458402978,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642965458577638,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} @@ -37,7 +37,7 @@ 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":44,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965500043016,"flow_dst_last_pkt_time":1642965498034804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":3423,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":98,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965464235467,"flow_dst_last_pkt_time":1642965464220244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":6619,"flow_dst_tot_l4_payload_len":13719,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":66,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965460403587,"flow_dst_last_pkt_time":1642965460412418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":2702,"flow_dst_tot_l4_payload_len":61420,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":342,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1642965500043016} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":342,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1642965500043016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 342/342 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673109 bytes -~~ total memory freed........: 8673109 bytes -~~ total allocations/frees...: 140914/140914 +~~ total memory allocated....: 9437579 bytes +~~ total memory freed........: 9437579 bytes +~~ total allocations/frees...: 154880/154880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2208 chars diff --git a/test/results/default/zoom_p2p.pcapng.out b/test/results/default/zoom_p2p.pcapng.out index 7dcc488c1..96de13cea 100644 --- a/test/results/default/zoom_p2p.pcapng.out +++ b/test/results/default/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -131,7 +131,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892918986914,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892928125663,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12936,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 763/763 ~~ skipped flows.............: 0 @@ -140,9 +140,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8696147 bytes -~~ total memory freed........: 8696147 bytes -~~ total allocations/frees...: 141426/141426 +~~ total memory allocated....: 9460905 bytes +~~ total memory freed........: 9460905 bytes +~~ total allocations/frees...: 155392/155392 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 575 chars ~~ json message max len.......: 2326 chars diff --git a/test/results/default/zug.pcap.out b/test/results/default/zug.pcap.out index 80eed00b9..cd9f1068a 100644 --- a/test/results/default/zug.pcap.out +++ b/test/results/default/zug.pcap.out @@ -1,9 +1,9 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1683726609201364} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1683726609201364} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683726609201364,"flow_src_last_pkt_time":1683726609201364,"flow_dst_last_pkt_time":1683726609201364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683726609201364,"l3_proto":"ip4","src_ip":"197.130.35.95","dst_ip":"163.40.238.205","src_port":39594,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1683726609201364,"flow_dst_last_pkt_time":1683726609201364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683726609201364,"pkt":"PHc4rUOjRjCuBxptCABFAACWud1AAD8RBqLFgiNfoyjuzZqqSjgAgtArAHpVRxCuoEEAbrwqaLJud0OTiHhyfLKFFVbCvCrtUGe+F5gQSvbpXmb4qIr5txtNI2it9UorS+WZDZBwIeQ5MAMovy+bzbpDtQjADR\/X00Xy2yhu+HCKdNHybGtd4qcTN7oqNVLanHdek8KKwsNpdl+5ID2OwjmnC\/o="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683726609201364,"flow_src_last_pkt_time":1683726609201364,"flow_dst_last_pkt_time":1683726609201364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683726609201364,"l3_proto":"ip4","src_ip":"197.130.35.95","dst_ip":"163.40.238.205","src_port":39594,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1683727905139157} +00803{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1683727905139157} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683727905139157,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683727905139157,"l3_proto":"ip4","src_ip":"225.110.130.102","dst_ip":"133.150.105.134","src_port":44066,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683727905139157,"pkt":"ADsD+gOwwddEBmcGCABFAACWhyNAAD8RYULhboJmhZZphqwiSjgAgvi+AHpVRxDNLFMAbko56ORtJSqLUwxPrgwGIggUuNywfxRiepZM3Bwx3bY+8BVqnFyCdoHQQkntnD2zJ8xN53oQhkxs93eG\/hVg1\/ufEnHjZNhcMuQuPWzuuv4beVXiwXdUoVCqf\/UxsEwtNwcIdFr9DD38157zzNXDIqE="} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683727905139157,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683727905139157,"l3_proto":"ip4","src_ip":"225.110.130.102","dst_ip":"133.150.105.134","src_port":44066,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -12,18 +12,18 @@ 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1683728060301039,"flow_dst_last_pkt_time":1683728060301039,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683728060301039,"pkt":"PC8MQ7Q\/oefp8FWkCABFAACWcN5AAD8R3nt13MUpLBaE4ZK0SjgAguYLAHpVRxAbTrgAbvoJDZN8SPuKYA6jToxwINwWUyheOmJTC01nkgSRxRd4CIN2aqWnhITmK3ivlTB0RcknBtuEgtDKghDE2I+C7+u97FzPOQs1MGWWxPIDpNlQcWur9ZhJ06AXWq2vzW6kNujD+tJ0TqZSOBxQfLJaj2A="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683728060301039,"flow_src_last_pkt_time":1683728060301039,"flow_dst_last_pkt_time":1683728060301039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683728060301039,"l3_proto":"ip4","src_ip":"117.220.197.41","dst_ip":"44.22.132.225","src_port":37556,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683727905139157,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683728060301039,"l3_proto":"ip4","src_ip":"225.110.130.102","dst_ip":"133.150.105.134","src_port":44066,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":366,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1683734952148704} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":366,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1683734952148704} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683734952148704,"flow_src_last_pkt_time":1683734952148704,"flow_dst_last_pkt_time":1683734952148704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":410,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683734952148704,"l3_proto":"ip4","src_ip":"61.59.105.181","dst_ip":"199.24.15.231","src_port":19000,"dst_port":48793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01059{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1683734952148704,"flow_dst_last_pkt_time":1683734952148704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"thread_ts_usec":1683734952148704,"pkt":"PL0ZovEE4aiDxctrCABFAAG2U1NAAC0RevQ9O2m1xxgP50o4vpkBovNlAZpVRxC5jr8BiLXGWblyHBWcxoOpYgwH4kTPGL7aHsEwcKx1c74DAglO9pd20WBpqnTxF5RPd22hnmf8cCfSPEew2tq2ID\/pvz+xYWxzYAie+sddoMGYgT4m0j4H5eQYAZnQ8q4koB9UuO5PSsYQgT6MNpTWzj1sMuPRuOfoCcg3AzaEr1zRrTjeCqWZURwBzWKZ0nwCfkPo6KzkW0apXm7duuGLCiUJlDrDWkWnymHRPTgm9oyeJOfvmXRvQ1VeTZURwr5RvvgPAWB7mpmmMvpvhKDNNRTAJr2eK6qO\/7Rg+av6CaZYrHaAWaHpBzxU5UT9law2miL0Dn5BjoN6lJaNPpBAlHOYbjQmgOe9q\/UvZWu8BTc96\/0c9Wi97GDGFvMhr3jDI8wfIGPklFnKRBLnUvOmVVzQVHZl29T+21XO0UeurQikFoc43b57UEkjguQY62hg9urUVPSYm9WFdXS4Se6twx2UWwxyFX86KHwsabYhz8i2ojFKhTAFpcMbOu3SXGmEAgvB0E+nb1XMOhAsOd\/7SopEDAc="} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683728060301039,"flow_src_last_pkt_time":1683728060301039,"flow_dst_last_pkt_time":1683728060301039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683734952148704,"l3_proto":"ip4","src_ip":"117.220.197.41","dst_ip":"44.22.132.225","src_port":37556,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683727905139157,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683734952148704,"l3_proto":"ip4","src_ip":"225.110.130.102","dst_ip":"133.150.105.134","src_port":44066,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1683795503095835} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1683795503095835} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683795503095835,"flow_src_last_pkt_time":1683795503095835,"flow_dst_last_pkt_time":1683795503095835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683795503095835,"l3_proto":"ip4","src_ip":"173.46.102.72","dst_ip":"204.88.149.147","src_port":41686,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1683795503095835,"flow_dst_last_pkt_time":1683795503095835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683795503095835,"pkt":"PJFY\/pn8Dhcrg4b+CABFAACWnT5AAD8RKLatLmZIzFiVk6LWSjgAgjsSAHpVRxDd\/acAaQ4plwDYFUdWOYeEaXSTXIBIwsYDLUQ0OSZRywj7O\/WCbwHaVDgLSFtQJg5pLRNOhdzPnMXjvlwE4K+rOpVm64NE32P3xvu6V0cqvWSPXmvqJ3F\/s9jaGtOvHM2PTpcwDGyngeBgp4V3xF7PPuTG330="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683795503095835,"flow_src_last_pkt_time":1683795503095835,"flow_dst_last_pkt_time":1683795503095835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683795503095835,"l3_proto":"ip4","src_ip":"173.46.102.72","dst_ip":"204.88.149.147","src_port":41686,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01131{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683734952148704,"flow_src_last_pkt_time":1683734952148704,"flow_dst_last_pkt_time":1683734952148704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":410,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683795503095835,"l3_proto":"ip4","src_ip":"61.59.105.181","dst_ip":"199.24.15.231","src_port":19000,"dst_port":48793,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683734952148704,"flow_src_last_pkt_time":1683734952148704,"flow_dst_last_pkt_time":1683734952148704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":410,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683795503095835,"l3_proto":"ip4","src_ip":"61.59.105.181","dst_ip":"199.24.15.231","src_port":19000,"dst_port":48793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":898,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1683798207057178} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":898,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1683798207057178} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683798207057178,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"74.90.102.55","dst_ip":"17.218.251.92","src_port":44370,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683798207057178,"pkt":"PO2gb2lau3UM5hbzCABFAACWxHdAAD8RuRdKWmY3Edr7XK1SSjgAgrq9AHpVRxCZqrwAbuLdBlzqs+49WsSxb9ohIqmSjrZV2pV8vq23AgVem0\/rjKpdgf5g2d8b7Kic8xqWFoIonx0VNf441J\/GBdbekB8yVCPDyaper6qaispHGCJ9zEXttbVpoxrbg5QERcnV+Yp5zbMNRJdxvYfEDbpVeSg="} 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683798207057178,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"74.90.102.55","dst_ip":"17.218.251.92","src_port":44370,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -33,7 +33,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683798207057178,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"52.104.45.69","dst_ip":"53.52.158.15","src_port":44174,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"MS_OneDrive","proto_by_ip_id":221,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683798207057178,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"74.90.102.55","dst_ip":"17.218.251.92","src_port":44370,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683795503095835,"flow_src_last_pkt_time":1683795503095835,"flow_dst_last_pkt_time":1683795503095835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"173.46.102.72","dst_ip":"204.88.149.147","src_port":41686,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1142,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1683798207057178} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1142,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1683798207057178} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659699 bytes -~~ total memory freed........: 8659699 bytes -~~ total allocations/frees...: 140607/140607 +~~ total memory allocated....: 9424265 bytes +~~ total memory freed........: 9424265 bytes +~~ total allocations/frees...: 154573/154573 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 1136 chars diff --git a/test/results/disable_aggressiveness/ookla.pcap.out b/test/results/disable_aggressiveness/ookla.pcap.out index 5f5e3e7ac..a75c76e42 100644 --- a/test/results/disable_aggressiveness/ookla.pcap.out +++ b/test/results/disable_aggressiveness/ookla.pcap.out @@ -1,4 +1,4 @@ -00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00597{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,7 +31,7 @@ 01049{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} @@ -52,7 +52,7 @@ 01419{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8815935 bytes -~~ total memory freed........: 8815935 bytes -~~ total allocations/frees...: 140738/140738 +~~ total memory allocated....: 9580469 bytes +~~ total memory freed........: 9580469 bytes +~~ total allocations/frees...: 154704/154704 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 1484 chars diff --git a/test/results/disable_protocols/dns_long_domainname.pcap.out b/test/results/disable_protocols/dns_long_domainname.pcap.out index 3cc219013..144f2ec08 100644 --- a/test/results/disable_protocols/dns_long_domainname.pcap.out +++ b/test/results/disable_protocols/dns_long_domainname.pcap.out @@ -1,12 +1,12 @@ -00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} +00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} 01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","domainame":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} 01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","domainame":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com"}} -00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} +00831{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644896 bytes -~~ total memory freed........: 8644896 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409270 bytes +~~ total memory freed........: 9409270 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 611 chars ~~ json message max len.......: 1283 chars diff --git a/test/results/disable_protocols/esp.pcapng.out b/test/results/disable_protocols/esp.pcapng.out index 8d6ae36ee..cfea6d1d0 100644 --- a/test/results/disable_protocols/esp.pcapng.out +++ b/test/results/disable_protocols/esp.pcapng.out @@ -1,5 +1,5 @@ -00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587340723655842} +00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00813{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587340723655842} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01004{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587340723655842,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAN8AAP8RncEKAgMCCgMEBAH0AfQBbm9jBawPTRIgE\/QAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAADDsDka\/duvsZYQytelWlC6NzARHfxQ9jT\/JU2Un7NCQA+jXJ08WlF7e\/NDuPTB526R8Cb4Zuk\/QhNNiyysAyBZ0W7cfOpAFmMETkjg2lvpSaO0W743zdwZbhwL5xtEDwKwAAJBinv2eNdHZsJ29wVvPTnOU5tMnnhBtj26lK3VUpGlaPKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABE++qlf\/rnDMCHdomXQhhbbCu7VdAAAAHAAAQAWxbxU4srTSjW8apuj3nZ6SyjPUCQ=="} 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -12,7 +12,7 @@ 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587340725659995,"pkt":"qrvMAAIQqrvMAAMQCABFAACYACQAAP4yoQUKAwQECgIDAvAJLLUAAAABLX+WjVQswRpYbFeiaZdQW6eWJsw6BS2eB7OP9\/5eHwi2mYpUZ6G3t755XGwuYLanMk25K6hMBwBSxcZ\/ydNZPrrxBrySAlcBAFV4v6tDTuHpnnv89BSOnoK6gF0SG3nSCAMIxyxKQV4U+ecInNO5d\/EnrgCW7OWI7NuXZg=="} 00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587340725658959,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ESP","proto_id":"117","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":2,"category":"VPN"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723670088,"flow_dst_last_pkt_time":1587340723676343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":702,"flow_dst_tot_l4_payload_len":654,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587340725659995} +00819{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/esp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587340725659995} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647452 bytes -~~ total memory freed........: 8647452 bytes -~~ total allocations/frees...: 140550/140550 +~~ total memory allocated....: 9411858 bytes +~~ total memory freed........: 9411858 bytes +~~ total allocations/frees...: 154516/154516 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 597 chars ~~ json message max len.......: 1009 chars diff --git a/test/results/disable_protocols/ospfv2_add_new_prefix.pcap.out b/test/results/disable_protocols/ospfv2_add_new_prefix.pcap.out index 4c5083337..a1697148e 100644 --- a/test/results/disable_protocols/ospfv2_add_new_prefix.pcap.out +++ b/test/results/disable_protocols/ospfv2_add_new_prefix.pcap.out @@ -1,11 +1,11 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1596626889276433} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1596626889276433} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1596626889276433,"pkt":"qrvMAAEwqrvMAAowCABFwABsAPoAAAFZj3MKAQoKCgEKAQIEAFisEAAKAAAABqsnAAAAAAAAAAAAAAAAAAEAASIBrBAACqwQAAqAAAASxYoAPAAAAAMKAAAK\/\/\/\/\/wMAAAGsEAAK\/\/\/\/\/wMAAAEKAQoKCgEKCgIAAAo="} 00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1596626891781999,"pkt":"qrvMAAowqrvMAAEwCABFwABAAqkAAAFZjfAKAQoBCgEKCgIFACwKAAABAAAABjO3AAAAAAAAAAAAAAABIgGsEAAKrBAACoAAABLFigA8"} 00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1596626891781999,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1596626891781999} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1596626891781999} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644900 bytes -~~ total memory freed........: 8644900 bytes -~~ total allocations/frees...: 140535/140535 +~~ total memory allocated....: 9409274 bytes +~~ total memory freed........: 9409274 bytes +~~ total allocations/frees...: 154501/154501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 584 chars ~~ json message max len.......: 956 chars diff --git a/test/results/disable_protocols/pluralsight.pcap.out b/test/results/disable_protocols/pluralsight.pcap.out index 55019359e..5dc278a9c 100644 --- a/test/results/disable_protocols/pluralsight.pcap.out +++ b/test/results/disable_protocols/pluralsight.pcap.out @@ -1,14 +1,14 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} 01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373355952549,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139861,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqW9AAOAGNyw2RbwSwKgBgAG7ppJ9QO7TOZprmoAQAG5jngAAAQEIClIxHsWK+PqXFgMDAEYCAABCAwOA5WC3JqevYzzUx7sAgkcnkWLtUg1Xcif8LAl\/TJHvdQDALwAAGv8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDFCsLABQnABQkAAa\/MIIGuzCCBaOgAwIBAgIIRQTgxdAUfGQwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjAwNTAyMTYwMjA4WhcNMjIwNzAxMjM0MjI4WjA\/MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGjAYBgNVBAMMESoucGx1cmFsc2lnaHQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSJg4wZgzdbbQJBQZhpcu6kt1yALpBEwdrVeNm1058LHSvcFCpcQ7k2VflDO787iBTgMlrfWy2xPSA7dEEi3sWmGvwZhI42laHi\/cRXRuYGgAg+p5ED1\/KI4VgH0+\/DEDlJmdBUPV4w70Lzu\/VFvb5N6Kw9OPAje4RaJcjYC6fjHvQDyP8IefKIgkzP\/J68B00drY5eqZcv63b1GwhRozV7ChHkjNJwACK6ZKNc1d65kuAAQlO8yxZbKqqIP8vsHzhwdrLvF2OkMFV9i\/YcFzJmEwdUHpo2qHLQXdNUUdz0lxCntTc5uG8AFLCsuVyzRahyj9I2frvleD\/hGr412owIDAQABo4IDQzCCAz8wDAYDVR0TAQH\/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH\/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0xOTI1LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG\/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1\/tss\/C0LIDOMC0GA1UdEQQmMCSCESoucGx1cmFsc2lnaHQuY29tgg9wbHVyYWxzaWdodC5jb20wHQYDVR0OBBYEFHGsEKvGACoriNxVjIM6FsyWy5xFMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAXHWH6HXAAAEAwBHMEUCIQCdq2ML0Jumv\/iwktHg9EsmJGw6zFWoVcwtyGu\/OquCpwIgJNt1t1fAS5zanYUHVg1aMgxKZxKpYR6jQNCINKhMD8EAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAXHWH6eYAAAEAwBHMEUCIQDOz0qVjezJW1dWI7uBCCgp8Vare8XuroiKxVinR889OwIgTBWtS\/mx69sNFk2T86UGhx90X2tLUGINGtaF04Pqrs0AdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMA="} -01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139917,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139917,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqXBAAOAGNys2RbwSwKgBgAG7ppJ9QPR7OZprmoAQAG5r5gAAAQEIClIxHsWK+PqX75SYVdaJ0N0AAAFx1h+p5gAABAMARzBFAiArTqTaTNvTVBxKcE\/cBnjdmdOpwF7wOjcm630XBESqNQIhAP9I\/m28a30n87OXSSWJMlzY0ZubLGqcj8tRe9nxjdH6MA0GCSqGSIb3DQEBCwUAA4IBAQArJTxpGLwd+6RFESgocdVAaUnnWVF05CS6VyiI\/I\/6hlgY98VaPMbYAUs625+z4QW6RINrj\/dBbui4MFxolC+9fx01MHlq8FWGhd6ATKhv9SsO39\/E7GyBeHsdEDqXs5\/rAOwx7YkF9iaJEzlt9DxDaybhln4vlGlbk4WSRU8XJJEXZcvvMBDpLw2v2xC1PTQ+qQYru7XvN8uqc5qpIflenl6uZn8fv8mM9AIofo2gd0QTddupk+TbkOroHXLBf9I4mGcXV7ofNOZhiVDQs179yI7PbSfDz\/HBeL8engijD\/xuPLda37wCjIJ07hx0Z0ehQNPvZtHGLsnh96sdovIjAATUMIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v\/z5lz4\/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK\/6AYZ15V8TPLvQ\/MDxdR\/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR\/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv\/oV9PBO9sPpyIBslQj6Zz91cxG7685C\/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6Enrg="} -01675{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7","blocks":0}}} +01673{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357854664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357854664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357861427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -31,11 +31,11 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358908144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358948816,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373358949276,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358988767,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRJAAOUGNN0Sy8k4wKgBgAG7pnpgCgHKF43OUIAQAG7AjQAAAQEICpVe25C7LqGoFgMDAEYCAABCAwONSvORfRK+oCxj36Hg6J2Hj1QoaCg2HEgsIONHMtI7MQDALwAAGgAAAAD\/AQABAAALAAQDAAECABAABQADAmgyFgMDD1QLAA9QAA9NAAbPMIIGyzCCBbOgAwIBAgIQB\/B75x6f37TLIkIFT5mkADANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMTEwMDEwMDAwMDBaFw0yMjEwMDEyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHDAaBgNVBAMTE3N0dC5wbHVyYWxzaWdodC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr0xSOZf6cCydxEcuFpMVtE13xSxgvN+BhmKgaQAFAzHuwpqwKyaYNmuuLH\/VY4kWvt8oOW3wCuzOM+EMY1K7qcL+jle28Q47YlvtlMucVxaWwRNmKApjrDY2t5SUUQdf2joKa3AMbeENJerDPlu+0VGDcQTqWT9piC0Gkf4X3KOy\/pQfvHRbuzGVd27UtimfLJFXU0JlWM+hCFgHHXQ0OsRQGtSRQn7NHHZvcjzGEcKei5SlMP5F+AbeUb0TDvIhz8x1hWofd9DhmJevyeADezC\/ufKEHGqCAV5PP3Z1d2enMQP1jzKpQXhefR9QTTv1Xw+xqOoPmo8RYBDpRcC6HAgMBAAGjggN4MIIDdDAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNVHQ4EFgQUBvB7mWhufk4oLyHNuYTGk+hRL+IwHgYDVR0RBBcwFYITc3R0LnBsdXJhbHNpZ2h0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB\/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfD5FpRQAAAQDAEgwRgIhANbj9wEZj1VoGi2UMZnu3XdkngNqGzgH0H+SQhnbt3jmAiEAqwd+SxYB3DbbxtBV\/7joXhChyIF2XFd33lGbzb6QjcEAdwBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAXw+RaUVAAAEAwBIMEYCIQDAIrZL2u\/2JggDkhT0JCtofKLodQnV8LO7lcpEm5pVngIhAM0ARgZECXgacp8gNEXiUuDbe\/K5+5FF6yOd5k8zoidrAHYA36Veq2iCTx8="} -01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358992536,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRNAAOUGNNwSy8k4wKgBgAG7pnpgCgdyF43OUIAQAG4ZwQAAAQEICpVe25C7LqGobK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfD5FpVkAAAQDAEcwRQIgD\/C+dWI8FNoRd7swKXa4Z3HVOZE6Xo7KLlhYwlDQxUUCIQCORa5g5oY\/p0EanlV0l9hVbXFwuN3kDs7vi8zHYx0FHzANBgkqhkiG9w0BAQsFAAOCAQEAi6q+Yac3NG5zNVZmjOqlgVySNn4urWYHVdnWUcpSV1FJEbUvEiDf6tt46etJ35ZdH6y8l394Q7SRjdYbsn4fD\/+G1nXxjmE4R1M4s9O9PIX353I\/EynAH\/JMAEHRHDLvAMSqCPTBDGQoI\/MgZeEqkZ45e6CE1was5eBG\/IVEv5AISEuq9PMyxIRwHqPEyekxORc5LUg\/jZoUKL9sOGiDWpuM4l2CFZJFEqYf9Qquu5ANUnEjWiMeqiIu55kD1AtVpL5t6znkbU19ECEyuL9lJ\/R1BjOCUDSFpmWLJRHg1pEVTh3mx2+HxqVgJwUWZ8rKriBkPEnLAZJWN54WtrOPrQAEwjCCBL4wggOmoAMCAQICEAbY2QTVWENG9oovp1QifsQwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMjEwNDE0MDAwMDAwWhcNMzEwNDEzMjM1OTU5WjBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFLs2VHcLzdT1jb7Jztw2blHzETVK1KZkYfLArsZAflLtzcuQog7d\/jxNCemql6HYKI5RFW2x6fWMJR5yw0DS7SkuFWy\/F5X7O7h8olA3uaUkFmEGBPVxNJ8Og3Z4Pf59NLZ0wiUabfDpkQ7VdRdCbifcfKYi4TG38jiCVTb8E0WACLhP\/4vqdYSSJ7lq2iiJsVvKB83+lRqNWw7TfiNrSCS2K1SZrsx2fW4z7149YSXkTxv3FCfViEA4CxgQH6+coyu7SOJ4cnxSt01KjWl97DZPnKzlOiVrx4F45JAymu+0lPpBW5zvJcGVdta3mnK6InIBO10D1A0yEwB5PqmfUCAwEAAaOCAYIwggF+MBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLdrouqoqoSMeeq02g+YssWVdrn0MB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MAsGCWCGSAGG\/WwCATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEAgDLOXgvdbloNCq\/h1oTLwI76hXDt2l2zDPcrdUD+hQr68zF4t3BLGolYuoC982sd6X7PC7pYnFnUkNP9bP3QmG23cYJbz20LWgnQe97EQ9gqpN6eQSZfu4+Zy92u4ahvn4c="} -01621{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82","blocks":0}}} +01619{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82","blocks":0}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359576448,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359576448,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359597402,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"} @@ -50,13 +50,13 @@ 01332{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359662306,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373359681609,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXciMBAADkGtzFoEdHwwKgBgAG7ruI30m4WyDHTqVAQAEMEpAAAFgMDAHoCAAB2AwPh3f4G6bvkpAQiBlVF27q7BUriTXi+L8W0hRbgEpZaoiDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRhMBAAAuADMAJAAdACA1SyvSQZLLx5CIHv4HSvtmmCUXoZblQcltm9P7V5WpIAArAAIDBBQDAwABARcDAwwzmT+Htjc5hkKanw\/IShWHFSoHCihsxypO2X+bsSjpwMmM9sH5YD79mqbLGND5TLQzhnwEx6cw5hrszrANTqt\/hHmfTxGJHTmIg9d+PzYlznjyJf8kSYA45HzBeXkEMc6uPO4NwiMvO2n78Gu30CV+TWYgfT0b15WA5H9vY9Xu\/V8RFdxMbaKGFia36IyaX5O\/8ke0pBwdrJXOVuqOQhF8CeV8Fh6w3PUEfuYXD4+Ho33B12ArNvK3hYu7A\/s3k2BRfDaPzqCtp086iJx0y39Ho2dJBXgxQFyVWnmnsd20f5YDk4M\/xkmxuKOOOArMJPwKYBoPrXvq3\/JRU2QhZBOxUwgBpJglNvZBrqKKvpCkGjiHYTVStQx9RudFVvC3myuChgy\/1G0vy80sg6Ky+Y\/\/3kNqAM\/tANNu5mQx3WbYrvvfTmDGCU9AYGcppPTP09XJnodaV8\/CkiqTbPMuyCkYqvCI5WwnyGC8WZYpKt+2TazshOiXqO9SL1RHv6Dn8te02a+10maxCvSlAqJBWR1+x+r+ThqQTllwTjIE9ldAyhj8ENZbbjj+ocUdjDQ\/suSJ9GPBe7o5y5U0tgXCBLgkqjGoTeMbYy6LVJn1ShYjby7XjWr1QSKmsm3D5VZ91QCbp8LXn28LvZldZyecaHfl8wO7ipN+ECY2WQUeLyHyxoJRrxRDNi43\/BsYJnohonEepMLiaGMHeGTkbT+FozcpsymnssgPxEzVyGVodKDyDiMtOS2\/4gVH00s+CjiEOvU\/WA2WYO+W0GaBoObQCC8C+wgP8X+9\/Lly4MJ8uYHzwJZULnomHy4Zhu3eO8OaaOD8adiKrmX6nf6RRAu9XTBSP6Pea+PT8ApgiP6cHHICUjEIoh1EKF0UWXUO9dydWy8GNBhCnF52mzdJWkKFMi4\/fZktIi123bVOx\/8O85m8SxP9YAHKNNRoCN75\/KXIi7BsS\/yRQl3sqhWASSR7qZOvy+t0usBhHJ97tgy43o+oXVboG5ECaj0mauoYvu75AmhrEMI5qxh+LSqg+vNZHX32i43L5wOTf5bLMarYHZ2zd3Pg+FItI\/oos+WGxlPPYSigPsvRd0ylS\/YCDOt9L5JYmtpF33miRvOv++1Yk\/XWR5vMXeGReVxoq8ugQklfwnbSUSgD6wAX+kbj8AKGs5ZYuXyk7kqFG\/vMOTQPPCPk\/rCLij28VaGG3XQju7sjATGtsw5czsHJGiGwlP5tELr5hlojoMQrDMZr03CYMBu\/6EmnFBWmF1oJZfg4bGfWGEPfI7OoSqGHyoSay0AIlQVjj+d9f0FDqQ97cabxH0umDoaC\/FKH6X\/yc\/hrjIl4HmRt7VMpQyz2KdTzE8B4vzoujGXvtombEVZZCjytpnXTvHrVZua0Nx6vnYWN6U8hOPTiQzVv6YW6MflR92hbAH3p76MQVsREGfgb9bUAvIi+LGIt8MS39s03IWH5ITKktk1M0EDFu9rxI3fMzRA2+G+N4DZBBqlW0y+82xrp9wlYKMPmZCijkiUoYkreaDPjpGYTvkJAsDo1MY+vTQW3dm5sfsFKLG7cIjM6A3z4yo\/7FFTyhkQz7qkQuhIb45msYMVl46RKf8E4zW5YOVa5yF4IQYePRSUh+e\/LuyeYbl7fd6XURSxrpcv5Ie0Xz51vOk3KidEbdAfwA3A5yNwHZ+P2B22mjmaE\/kNxdDWA\/RSgensrsfzyAwjZrMsqHPSI5rKW2m9kOpusiMUcPgzvTzqRcYx8vb4upSN5jLk="} 01377{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358995982,"flow_dst_last_pkt_time":1648373359037654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4402,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358995982,"flow_dst_last_pkt_time":1648373359037654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4402,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8716620 bytes -~~ total memory freed........: 8716620 bytes -~~ total allocations/frees...: 140688/140688 +~~ total memory allocated....: 9481154 bytes +~~ total memory freed........: 9481154 bytes +~~ total allocations/frees...: 154654/154654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 563 chars ~~ json message max len.......: 2533 chars diff --git a/test/results/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/disable_protocols/quic-mvfst-27.pcapng.out index 3c9c1f60b..d3c60de34 100644 --- a/test/results/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/disable_protocols/quic-mvfst-27.pcapng.out @@ -1,4 +1,4 @@ -00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} 01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0108h5_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} @@ -7,7 +7,7 @@ 02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} 02280{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} -00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655566 bytes -~~ total memory freed........: 8655566 bytes -~~ total allocations/frees...: 140575/140575 +~~ total memory allocated....: 9419940 bytes +~~ total memory freed........: 9419940 bytes +~~ total allocations/frees...: 154541/154541 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 607 chars ~~ json message max len.......: 2285 chars diff --git a/test/results/disable_protocols/sctp.cap.out b/test/results/disable_protocols/sctp.cap.out index ad39c7bbe..5b329dce1 100644 --- a/test/results/disable_protocols/sctp.cap.out +++ b/test/results/disable_protocols/sctp.cap.out @@ -1,5 +1,5 @@ -00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1088696689784578} +00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1088696689784578} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1088696689784578,"pkt":"AKCAAF5GCAADSgA1CABFAAB8FBwAADuESlQKHAYrChwGLEAAC4AAAW8KbbAYggADAFsoAkNFAACgvQAAAAdNRUdBQ08vMiA8bWctdHI+OjE2Mzg0ClJlcGx5ID0gMTc0MDkxewpDb250ZXh0ID0gMjU1ewpNb2RpZnkgPSBNVVgvMjU1Cn0KfQpn"} 00894{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -10,7 +10,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1088696689872631,"pkt":"AAGvDAaWAKCAAF5GCABFAAA4u4FAAP+EnzIKHAYsChwGKgtZC1kNU+b+jI4HRgUAABgAAQAUQORLkgocBiwbZq9+AAAAAA=="} 00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689872282,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784927,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1088696689872631} +00816{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/sctp.cap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1088696689872631} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647394 bytes -~~ total memory freed........: 8647394 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9411800 bytes +~~ total memory freed........: 9411800 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 940 chars diff --git a/test/results/disable_protocols/soap.pcap.out b/test/results/disable_protocols/soap.pcap.out index 21e3108bd..f22996e7c 100644 --- a/test/results/disable_protocols/soap.pcap.out +++ b/test/results/disable_protocols/soap.pcap.out @@ -1,16 +1,16 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946731321416000} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00811{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946731321416000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} 02471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946731323902000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731323902000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtJAAH8GH57AqAJkFwLVpcO0AFABqsQz6c\/N2FAYAQQJEwAAOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBWAEkARAAmAGEAbQBwADsAMAAwADAAMQAwADAANQA3AF8AUABJAEQAJgBhAG0AcAA7ADAAMAAyADMAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAFYASQBEACYAYQBtAHAAOwAwADAAMAAxADAAMAA1ADcAXwBQAEkARAAmAGEAbQBwADsAMAAwADIAMwA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGIALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADAAMQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADEAMABjAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGUALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADEAZQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwALwBoAHcAaQBkAHMAPgA8AC8AZwBkAG0AZABoAHcAaQBkAD4APAAvAEgAVwBJAEQAUgBlAHEAdQBlAHMAdABzAD4APAAvAEQAZQB2AGkAYwBlAE0AZQB0AGEAZABhAHQAYQBCAGEAdABjAGgAUgBlAHEAdQBlAHMAdAA+ADwALwBzADoAQgBvAGQAeQA+ADwALwBzADoARQBuAHYAZQBsAG8AcABlAD4A"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946731323902000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731323927000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0aS1AADwGJeMXAtWlwKgCZABQw7Tpz83YAaq6aYAQAfb+6gAAAQEFCgGqxDMBqsnf"} 02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0AFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2904,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2904,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} -01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"go.microsoft.com","domainame":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054092487860} +01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"go.microsoft.com","domainame":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054092487860} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} @@ -19,9 +19,9 @@ 02010{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1132,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1132,"pkt_l4_len":1094,"thread_ts_usec":1639054092826381,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAEWqu1QADxBpiduSDAHlWacnEAUNrcPMekH5W6dgJQGD191s4AAIyNda9b\/4Wk\/q7kvzA0zlo0OCy+ohRx\/gWlD6cuZaKXDpcZnDmdSt\/gCNGopu6AS8JATRDB2sNkdvs0VYqXuo85LWLXgz\/GGa9Jc6MG6JYPBLtZ68AEkD4E7Ixgxj5VoD8X1vcUPgbavdxsBF6ml+drczg2gmaNkDFO7B933+q9zZKg+oG2pMj87ESLGu\/fp4BFA7hj0TH0xUqeBDvAR85kXVH5RLFVcwlzf5SkxaK76gkzu60llYNi5wv4hugteIIw1qnuuG0F2lOzsJeXnOmZr2YLWmTVeZYmw5JFWYaOW88oh3lE8wTOL6kkf6422YOL+vSBdTD+5GVjul+dz5efILQi0gJb9SDXms4KOszaLOz7oz\/eH9i5zXlpDJFf24wMnOC2K8IIqs8dhhBblctV5U7MCi6fbjwTNFDnkkrhAsQLfflwcnijU0wkUYZVsP2Mopqss2DfWxrrzjtvU\/3TnJzhxzjOfuyUKfTBG3L8dD4Gwoav79OfgC9+Idtf1PTDn9ex7v\/Fmyd30pyd1s0bbUnz4vg2h1D5DlfOPo7q5SkbGllQNKS2sypM2gujPrdAAhAO0MRmdruKPyfFmHldo0sI4qDDyoWYToWvYReNG4+MAkhnOTEs6LErtCWDATGKcwqKh6PqbM69SZXd5JlPmgt0LzAoUrLTLasxmrJeZtJFQ8MXa1ME4ZfLLSHL9nOyiq2E0UL\/rQPyurLaNNs0NvV7I0Bfi5FZAvQC2QwQhlY8Y7p2Bqy8Cdxd4LbTsK8IE9vImZYfFmbm\/RO6LBSYlfLawEeVfZKSXPyz7v29dbM2LCt3pR5f\/Jn2HtSd2bsC9XpH67WDfGJ5VKnDZGKU7pj7BvwgMeQEj+8L3eTOjjaReBB4MsrpfGwTE9aSt9aw0m1unF81+cY5x9BcRGq4bCtgkFz8DnHAsF0lI9XP52++JBk5mERUR2eEaHIcSiQzhvYPVXGzmTYBHdq6F\/nfwq0p+OjBjzHWUKpaQwrLVdKIyww95od0Sguqb1MCuKRpSrwOQvXZWV9jQNM03ynZj2wo3dQHbNZyEBxcA0jdj8EeZvvk0eVvzuEF6NayagghINncRhZZDA2muQ+gK3F8BvvNO\/9IlbBxiXKRdXubXKUyOTU2MAwix\/0nAhAyuwnq+Q88d7anWWPi3zwTnVBWrrC7vBJoJ1Z7g0f5E+\/HysBN7mVyq5MveGyL62bIoMLmpI1KNsCgMGwDITFykvlhjWDGYryDj+XT6t7Jvx\/xd9+NXSrdaHyxzR3sl\/V+aathuQMWxApeB5TtLieObBBINO6kN5U2O13qaE+PH1T8uNTDUsPwPEKqgRdQIY7ffwW36TMVsARN5+bm1DJ4iy1DNQ4LE8HbDySzNbnrVS7GRtQIF0zepOpR7thyhsgydrZzJ3XiE0fSTioqLAsNToYNCg=="} 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} -00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} +00821{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654539 bytes -~~ total memory freed........: 8654539 bytes -~~ total allocations/frees...: 140584/140584 +~~ total memory allocated....: 9418977 bytes +~~ total memory freed........: 9418977 bytes +~~ total allocations/frees...: 154550/154550 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2479 chars diff --git a/test/results/disable_use_client_ip/bot.pcap.out b/test/results/disable_use_client_ip/bot.pcap.out index 72ca757a8..e47bc5980 100644 --- a/test/results/disable_use_client_ip/bot.pcap.out +++ b/test/results/disable_use_client_ip/bot.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240233170,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233170,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233579,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} @@ -9,7 +9,7 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240340261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240340261,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAKO4IQAA\/BtxaWR9I3ChNpyQAUP0AWPWTmLcGyylQEHVAXRgAAAAAtTpUPQ=="} 02309{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240455112,"flow_dst_last_pkt_time":1645108240455337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":33120,"midstream":0,"thread_ts_usec":1645108240455337,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":14326.1,"max":114244,"stddev":36180.2,"var":1309009792.0,"ent":2.2,"data": [409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465]},"pktlen": {"min":46,"avg":1086.5,"max":1480,"stddev":631.2,"var":398369.0,"ent":4.6,"data": [48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1],"entropies": [4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334]},"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} 01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108245896135,"flow_dst_last_pkt_time":1645108245896491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":406780,"midstream":0,"thread_ts_usec":1645108245896491,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8656747 bytes -~~ total memory freed........: 8656747 bytes -~~ total allocations/frees...: 140942/140942 +~~ total memory allocated....: 9421121 bytes +~~ total memory freed........: 9421121 bytes +~~ total allocations/frees...: 154908/154908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 568 chars ~~ json message max len.......: 2314 chars diff --git a/test/results/disable_use_client_port/iphone.pcap.out b/test/results/disable_use_client_port/iphone.pcap.out index 6ae374904..543f40042 100644 --- a/test/results/disable_use_client_port/iphone.pcap.out +++ b/test/results/disable_use_client_port/iphone.pcap.out @@ -1,5 +1,5 @@ -00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} +00599{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00820{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_usec":1582454552576659,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -108,7 +108,7 @@ 01150{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598373077,"flow_src_last_pkt_time":1582454598373077,"flow_dst_last_pkt_time":1582454598412843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1582454598412843,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mesu.apple.com","domainame":"mesu.apple.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.253.105.202,ttl=15","17.253.53.203,ttl=15"]}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598413932,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598413932,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598414051,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/WnAqAIRX2UZNcWQAbugppiojD2gk4AYBAtyOwAAAQEIChHf524i0AShFgMBAgABAAH8AwMW\/vdiXnKGt2kAM475LRdq4DAZD5IWJivMSs32aPZe4CBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABwAGgAAF2dzcGUzNS1zc2wubHMuYXBwbGUuY29tABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBRvQycnSvLFzO5Ac0Wc91U3eqgFfR5Utrll4x2uEjNDgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598414051,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598414051,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598416547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598416547,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598416547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598416547,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598418108,"flow_dst_last_pkt_time":1582454598418108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598418108,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -116,7 +116,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598387073,"flow_dst_last_pkt_time":1582454598426588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598426588,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598385187,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598427688,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598447691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598447691,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0RA0AADUGBmRfZRk1wKgCEQG7xZCMPaCToKaarYAQAOvqKgAAAQEICiLQBMUR3+du"} -01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598449324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598449324,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598449324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598449324,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598418108,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598453979,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598459069,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598542807,"flow_src_last_pkt_time":1582454598542807,"flow_dst_last_pkt_time":1582454598542807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598542807,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -212,18 +212,18 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598888448,"flow_dst_last_pkt_time":1582454598888448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598888448,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598888916,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598888916,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"} 01257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598889102,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGHTfAqAIRXHr8UsWWAbuHn+lThYjGHYAYBAsDXwAAAQEIChHf6Ur\/dyjxFgMBAgABAAH8AwPBzadgheRj5PvWKLwSvBgHRWReYUBmRY58bZ7Lfe7D+CBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9QA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABgAFgAAE2lwaG9uZS1sZC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg8pt2q3lQ9HWbBRi6RvIDs4431U3XsDOQIuUc1COGcGsALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598889102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598889102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598892865,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598892865,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598893224,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqrTAqAIREfi5V8WVAbuoGt7pnxPiJoAYBAtl8wAAAQEIChHf6VPpLCwFFgMBAgABAAH8AwPupC\/\/Idf\/TKV61u4UD47k+sXPhTWRB8OAqYTTHEr2LyB7RNdSKNgM9EL2qrN2iyDWEEsm1843GXQB9crRbp8tlwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACMAIQAAHnAyNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCDleNDTQhj0xF8bnwK051jtivCaSKiZkunSXcl4Va+AgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAL8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598893224,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598925453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598925453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0z7EAADUGmoxcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOuwTQAAAQEICv93KWwR3+lK"} -01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598926093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598926093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598926093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598926093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598888448,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598926741,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598934682,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598934682,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598934804,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG0JzAqAIRaEk9HsWXAbvBeeAbaSF1XIAYBAsuXAAAAQEIChHf6XagrSHdFgMBAgABAAH8AwNtBQ39ZZolUQlIKZvwJ9K7La1xqdRBloywOH0GLRPkhCDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWNsNC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgkut+xvbl0enT8wHxxvt3I2L9WcgyzsmX6TenEv+j7w0ALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598934804,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598934804,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598972842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598972842,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0b4QAADUGrh9oST0ewKgCEQG7xZdpIXVcwXniIIAQAOsGOAAAAQEICqCtIgsR3+l2"} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598974332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598974332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598974332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598974332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599039138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599039138,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0NCoAADEGx5ER+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6sCYwAAAQEICuksLLIR3+lT"} 01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599041842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599041842,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04015{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599054383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454599054383,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F","blocks":0}}} @@ -282,11 +282,11 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599934729,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599967985,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1582454600080813,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600080813,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"} 01260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454600080888,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGzG7AqAIRXHtNGsWbAbupO4D6VGVqJ4AYBAvCNgAAAQEIChHf7eAzMbcgFgMBAgABAAH8AwOVQZ8FnUDf4cuVlN3Dfe\/tO8oLU\/pP+UZ2rTRx02gYWCC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXBsYXkuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCvIr1kF5VgJNd\/0ntXVaysO1Tdse1BkZg8MzZDFY0NfAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600080888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600080888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600115292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600115292,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cJ0AADUGqNhce00awKgCEQG7xZtUZWonqTuC\/4AQAOtswQAAAQEICjMxt7IR3+3g"} -01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600116695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600116695,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600116695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600116695,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":397,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454600252426,"flow_dst_last_pkt_time":1582454600287478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1018,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2233,"flow_dst_tot_l4_payload_len":5676,"midstream":0,"thread_ts_usec":1582454600287478,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":67409.2,"max":654765,"stddev":146324.1,"var":21410738176.0,"ent":2.9,"data": [34116,36074,120,34743,1609,104,2287,55,140235,397,7279,143339,13,33865,58,1492,19,11,252,423,44,150,34850,6,1213,30,128241,155238,167955,510701,654765]},"pktlen": {"min":40,"avg":299.4,"max":1492,"stddev":449.8,"var":202280.4,"ent":3.8,"data": [64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52]},"bins": {"c_to_s": [9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1],"entropies": [4.410132408,5.160978794,5.101186275,4.520410061,5.142373085,6.747455597,7.544580936,7.534257412,7.316954136,4.932822704,5.009746075,6.044896126,5.671187878,6.038887501,4.985801220,5.024262905,5.722696304,5.781558990,5.543742657,7.804463387,5.504428864,7.447539806,5.482206821,4.932822704,5.457657814,4.988526344,4.974009514,4.894361019,7.697007179,5.009746075,4.521928787,5.089394093]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":401,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600290030,"flow_dst_last_pkt_time":1582454600371223,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":5165,"midstream":0,"thread_ts_usec":1582454600371223,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":25541.8,"max":147307,"stddev":44603.2,"var":1989448704.0,"ent":3.2,"data": [33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566]},"pktlen": {"min":52,"avg":322.1,"max":1492,"stddev":461.1,"var":212650.1,"ent":3.9,"data": [64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1],"entropies": [4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +02179{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":401,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600290030,"flow_dst_last_pkt_time":1582454600371223,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":5165,"midstream":0,"thread_ts_usec":1582454600371223,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":25541.8,"max":147307,"stddev":44603.2,"var":1989448704.0,"ent":3.2,"data": [33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566]},"pktlen": {"min":52,"avg":322.1,"max":1492,"stddev":461.1,"var":212650.1,"ent":3.9,"data": [64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1],"entropies": [4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 02223{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":412,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454600432880,"flow_dst_last_pkt_time":1582454600398737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":13211,"flow_dst_tot_l4_payload_len":8177,"midstream":0,"thread_ts_usec":1582454600432880,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":109285.4,"max":803512,"stddev":185220.7,"var":34306707456.0,"ent":3.4,"data": [145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245]},"pktlen": {"min":52,"avg":721.0,"max":1492,"stddev":667.3,"var":445284.8,"ent":4.3,"data": [64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492]},"bins": {"c_to_s": [8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0],"entropies": [4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454600454021,"flow_src_last_pkt_time":1582454600454021,"flow_dst_last_pkt_time":1582454600454021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600454021,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1582454600454021,"flow_dst_last_pkt_time":1582454600454021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1582454600454021,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} @@ -298,9 +298,9 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1582454600508065,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454600541627,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1582454600545275,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600545275,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454600545389,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/mnAqAIRX2UYNcWcAbsi3fgfxZi1QIAYBAuKRgAAAQEIChHf76yI0z6tFgMBAgABAAH8AwOiR+2o6dU1g3+Svap+gZcnw25M6wGbHtuAePAdQo0oAiAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXN5bmMuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBtkoBkQDrwLLXqjG5TumykfSzBBltHwjkMpbOHvdDHVQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600545389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600545389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600579000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600579000,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0r2YAADUGnApfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOsTGQAAAQEICojTPtMR3++s"} -01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600580592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600580592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600580592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600580592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1582454553219847,"flow_src_last_pkt_time":1582454596366527,"flow_dst_last_pkt_time":1582454553219847,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}} 00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454595354441,"flow_src_last_pkt_time":1582454595354441,"flow_dst_last_pkt_time":1582454595354441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454556158287,"flow_src_last_pkt_time":1582454586170857,"flow_dst_last_pkt_time":1582454556158287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -318,7 +318,7 @@ 00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599054579,"flow_src_last_pkt_time":1582454599054579,"flow_dst_last_pkt_time":1582454599054579,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598373077,"flow_src_last_pkt_time":1582454598373077,"flow_dst_last_pkt_time":1582454598412843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mesu.apple.com"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598212900,"flow_src_last_pkt_time":1582454598212900,"flow_dst_last_pkt_time":1582454598252214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gsp85-ssl.ls.apple.com"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454599079456,"flow_dst_last_pkt_time":1582454599077950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6498,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454599079456,"flow_dst_last_pkt_time":1582454599077950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6498,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598209581,"flow_src_last_pkt_time":1582454598209581,"flow_dst_last_pkt_time":1582454598248721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gspe35-ssl.ls.apple.com"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454599065380,"flow_src_last_pkt_time":1582454599065380,"flow_dst_last_pkt_time":1582454599105084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gsa.apple.com"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713413,"flow_src_last_pkt_time":1582454598713413,"flow_dst_last_pkt_time":1582454598760726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":170,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cl4.apple.com"}} @@ -335,8 +335,8 @@ 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454560698945,"flow_src_last_pkt_time":1582454560698947,"flow_dst_last_pkt_time":1582454560698945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454598373420,"flow_src_last_pkt_time":1582454599396209,"flow_dst_last_pkt_time":1582454598373420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1582454553606988,"flow_src_last_pkt_time":1582454586688849,"flow_dst_last_pkt_time":1582454553606988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1926,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"luca’s imac._odisk._tcp.local"}} -00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598754938,"flow_dst_last_pkt_time":1582454598750144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1018,"flow_dst_tot_l4_payload_len":8028,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600678062,"flow_dst_last_pkt_time":1582454600676472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2685,"flow_dst_tot_l4_payload_len":6914,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598754938,"flow_dst_last_pkt_time":1582454598750144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1018,"flow_dst_tot_l4_payload_len":8028,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600678062,"flow_dst_last_pkt_time":1582454600676472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2685,"flow_dst_tot_l4_payload_len":6914,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454582628608,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1582454553607048,"flow_src_last_pkt_time":1582454586688899,"flow_dst_last_pkt_time":1582454553607048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"luca’s imac._odisk._tcp.local"}} 01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1582454598387073,"flow_src_last_pkt_time":1582454598716744,"flow_dst_last_pkt_time":1582454598589196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":131,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":131,"flow_dst_tot_l4_payload_len":696,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","proto_id":"7.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"captive.apple.com"}} @@ -345,15 +345,15 @@ 01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":21,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454600734115,"flow_dst_last_pkt_time":1582454600748726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":65051,"flow_dst_tot_l4_payload_len":8177,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com"}} 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454600252426,"flow_dst_last_pkt_time":1582454600287478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1018,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2233,"flow_dst_tot_l4_payload_len":5676,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454600279222,"flow_dst_last_pkt_time":1582454600277877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1018,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2309,"flow_dst_tot_l4_payload_len":5604,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598934663,"flow_dst_last_pkt_time":1582454598926730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5298,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600426939,"flow_dst_last_pkt_time":1582454600393972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":6110,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598934663,"flow_dst_last_pkt_time":1582454598926730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5298,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600426939,"flow_dst_last_pkt_time":1582454600393972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":6110,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com"}} 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454600719221,"flow_dst_last_pkt_time":1582454598791328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":4859,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454600719163,"flow_dst_last_pkt_time":1582454598750163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":999,"flow_dst_tot_l4_payload_len":4859,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454599058356,"flow_dst_last_pkt_time":1582454598935201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1049,"flow_dst_tot_l4_payload_len":4265,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454585624880,"flow_src_last_pkt_time":1582454585624880,"flow_dst_last_pkt_time":1582454585624880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454585625038,"flow_src_last_pkt_time":1582454585625038,"flow_dst_last_pkt_time":1582454585625038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454600252093,"flow_dst_last_pkt_time":1582454600443725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":3842,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":500,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":356,"global_ts_usec":1582454600748726} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":500,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":356,"global_ts_usec":1582454600748726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/486 ~~ skipped flows.............: 0 @@ -362,9 +362,9 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9304107 bytes -~~ total memory freed........: 9304107 bytes -~~ total allocations/frees...: 141864/141864 +~~ total memory allocated....: 10070213 bytes +~~ total memory freed........: 10070213 bytes +~~ total allocations/frees...: 155834/155834 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 4020 chars diff --git a/test/results/dns_sub_enable/dns.pcap.out b/test/results/dns_sub_enable/dns.pcap.out index 38ef2e43e..df06bf1d5 100644 --- a/test/results/dns_sub_enable/dns.pcap.out +++ b/test/results/dns_sub_enable/dns.pcap.out @@ -1,4 +1,4 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":15458020,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":371,"pkt_l4_len":317,"thread_ts_usec":15458020,"pkt":"MzMAAAD7CAAns+Yuht1gDvfuAT0R\/\/6AAAAAAAAACgAn\/\/6z5i7\/AgAAAAAAAAAAAAAAAAD7FOkU6QE94YsAAIQAAAAABgAAAAMBRQEyATYBRQEzAUIBRQFGAUYBRgE3ATIBMAEwAUEBMAEwATABMAEwATABMAEwATABMAEwATABMAEwATgBRQFGA2lwNgRhcnBhAAAMgAEAAAB4AA8HQW5kcm9pZAVsb2NhbAAQYWRiLXVuaWRlbnRpZmllZARfYWRiBF90Y3DAaAAQgAEAABGUAAEACV9zZXJ2aWNlcwdfZG5zLXNkBF91ZHDAaAAMAAEAABGUAALAgMCAAAwAAQAAEZQAAsBvwGAAHIABAAAAeAAQ\/oAAAAAAAAAKACf\/\/rPmLsBvACGAAQAAAHgACAAAAAAVs8BgwAwAL4ABAAAAeAAGwAwAAgAIwG8AL4ABAAARlAAJwG8ABQAAgABAwGAAL4ABAAAAeAAIwGAABAAAAAg="} 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":15458020,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","domainame":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","mdns": {}}} @@ -11,7 +11,7 @@ 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":69520583,"flow_dst_last_pkt_time":69520924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_usec":69520924,"pkt":"CAAnOk7TILAB4IZiht1gAAAAABQGQCABCwcKPcESAAAAAAAAAAEgAQsHCj3BErgxpz95dOYEADXCbjRYwBs5t9KvUBABfj89AAA="} 01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":69519720,"flow_src_last_pkt_time":69520583,"flow_dst_last_pkt_time":69526637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":69526637,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b831:a73f:7974:e604","dst_ip":"2001:b07:a3d:c112::1","src_port":49774,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"opentracker.io","domainame":"opentracker.io","dns": {"num_queries":1,"num_answers":23,"reply_code":0,"query_type":255,"rsp_type":43,"rsp_addr": ["45.9.60.30,ttl=1347"]}}} 01032{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":69527477,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1112172654366527} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1112172654366527} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="} 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","domainame":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} @@ -21,13 +21,13 @@ 01096{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695204348,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.example.com","domainame":"www.example.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} 01096{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.example.com","domainame":"www.example.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1484673025972667} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1484673025972667} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":16,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667} 00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":17,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144} 00588{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1484673025976144} +00817{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/dns_sub_enable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1484673025976144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/15 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650089 bytes -~~ total memory freed........: 8650089 bytes -~~ total allocations/frees...: 140568/140568 +~~ total memory allocated....: 9414527 bytes +~~ total memory freed........: 9414527 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 304 chars ~~ json message max len.......: 1124 chars diff --git a/test/results/dns_sub_enable/dns2.pcap.out b/test/results/dns_sub_enable/dns2.pcap.out index 6a9833841..825ba650a 100644 --- a/test/results/dns_sub_enable/dns2.pcap.out +++ b/test/results/dns_sub_enable/dns2.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727454108448141} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727454108448141} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727454108448141,"flow_src_last_pkt_time":1727454108448141,"flow_dst_last_pkt_time":1727454108448141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727454108448141,"l3_proto":"ip4","src_ip":"192.168.255.251","dst_ip":"8.8.8.8","src_port":56550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1727454108448141,"flow_dst_last_pkt_time":1727454108448141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1727454108448141,"pkt":"HFc+pX\/wAOBnMU8qCABFAAA8qHtAAEARwYHAqP\/7CAgICNzmADUAKOwr3uwBAAABAAAAAAAAA3d3dwZnaXRodWIDY29tAAABAAE="} 01079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727454108448141,"flow_src_last_pkt_time":1727454108448141,"flow_dst_last_pkt_time":1727454108448141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727454108448141,"l3_proto":"ip4","src_ip":"192.168.255.251","dst_ip":"8.8.8.8","src_port":56550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.github.com","domainame":"www.github.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -9,7 +9,7 @@ 01091{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1727454108448141,"flow_src_last_pkt_time":1727454108448181,"flow_dst_last_pkt_time":1727454108459948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":111,"midstream":0,"thread_ts_usec":1727454108459948,"l3_proto":"ip4","src_ip":"192.168.255.251","dst_ip":"8.8.8.8","src_port":56550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.github.com","domainame":"www.github.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":5,"rsp_addr": []}}} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1727454108448181,"flow_dst_last_pkt_time":1727454108477621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1727454108477621,"pkt":"AOBnMU8qHFc+pX\/wCABFAABab50AAHsR\/0EICAgIwKj\/+wA13OYARheq3uyBgAABAAIAAAAAA3d3dwZnaXRodWIDY29tAAABAAHADAAFAAEAAA30AALAEMAQAAEAAQAAADwABIxSeQQ="} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1727454108448141,"flow_src_last_pkt_time":1727454108448181,"flow_dst_last_pkt_time":1727454108477621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":173,"midstream":0,"thread_ts_usec":1727454108477621,"l3_proto":"ip4","src_ip":"192.168.255.251","dst_ip":"8.8.8.8","src_port":56550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.github.com"}} -00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":237,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1727454108477621} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/dns_sub_enable\/pcap\/dns2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":237,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1727454108477621} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644930 bytes -~~ total memory freed........: 8644930 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409304 bytes +~~ total memory freed........: 9409304 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 1096 chars diff --git a/test/results/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out b/test/results/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out index 015a4024e..20e8bac18 100644 --- a/test/results/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out +++ b/test/results/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out @@ -1,4 +1,4 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":30880377,"flow_src_last_pkt_time":30880377,"flow_dst_last_pkt_time":30880377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":30880377,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":30880377,"flow_dst_last_pkt_time":30880377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":30880377,"pkt":"3KYyW3JVCAAnOk7TCABFAAA8mOMAAIARHLTAqAHMwKgB\/cQ6ADUAKBEYFlUBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":30880377,"flow_src_last_pkt_time":30880377,"flow_dst_last_pkt_time":30880377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":30880377,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","domainame":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -13,7 +13,7 @@ 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":69,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":34,"flow_first_seen":30880377,"flow_src_last_pkt_time":207846046,"flow_dst_last_pkt_time":207859331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":312,"flow_src_tot_l4_payload_len":1263,"flow_dst_tot_l4_payload_len":5201,"midstream":0,"thread_ts_usec":207859331,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":75,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":37,"flow_first_seen":30880377,"flow_src_last_pkt_time":326485080,"flow_dst_last_pkt_time":326489906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":5567,"midstream":0,"thread_ts_usec":326489906,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":80,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":40,"flow_first_seen":30880377,"flow_src_last_pkt_time":434536207,"flow_dst_last_pkt_time":434545692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":6137,"midstream":0,"thread_ts_usec":434545692,"l3_proto":"ip4","src_ip":"192.168.1.204","dst_ip":"192.168.1.253","src_port":50234,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":80,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":80,"packets-processed":80,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":4,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":434545692} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":80,"source":"cfgs\/dns_sub_enable\/pcap\/dns_multiple_transactions_same_flow.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":80,"packets-processed":80,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":4,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":434545692} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 80/80 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647134 bytes -~~ total memory freed........: 8647134 bytes -~~ total allocations/frees...: 140612/140612 +~~ total memory allocated....: 9411508 bytes +~~ total memory freed........: 9411508 bytes +~~ total allocations/frees...: 154578/154578 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 559 chars ~~ json message max len.......: 2250 chars diff --git a/test/results/dns_sub_enable/dns_retransmissions.pcap.out b/test/results/dns_sub_enable/dns_retransmissions.pcap.out index 3e2eaea4a..81361ea07 100644 --- a/test/results/dns_sub_enable/dns_retransmissions.pcap.out +++ b/test/results/dns_sub_enable/dns_retransmissions.pcap.out @@ -1,5 +1,5 @@ -00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938020640966} +00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938020640966} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938020640966,"flow_src_last_pkt_time":1614938020640966,"flow_dst_last_pkt_time":1614938020640966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938020640966,"vlan_id":103,"l3_proto":"ip4","src_ip":"37.41.101.140","dst_ip":"208.67.222.222","src_port":11892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","vlan_id":103,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938020640966,"flow_dst_last_pkt_time":1614938020640966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_usec":1614938020640966,"pkt":"AAAAAAAAAAEAAAADgQAAZwgARQAAOc5tQAA\/ETNvJSlljNBD3t4udAA1ACV9ybjiAQAAAQAAAAAAAANhcGkDbXNuA2NvbQAAAQAB"} 01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938020640966,"flow_src_last_pkt_time":1614938020640966,"flow_dst_last_pkt_time":1614938020640966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938020640966,"vlan_id":103,"l3_proto":"ip4","src_ip":"37.41.101.140","dst_ip":"208.67.222.222","src_port":11892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.msn.com","domainame":"api.msn.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -8,7 +8,7 @@ 01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1614938020640966,"flow_src_last_pkt_time":1614938020734734,"flow_dst_last_pkt_time":1614938020749410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1614938020749410,"vlan_id":103,"l3_proto":"ip4","src_ip":"37.41.101.140","dst_ip":"208.67.222.222","src_port":11892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.msn.com","domainame":"api.msn.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["204.79.197.203,ttl=80"]}}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","vlan_id":103,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614938020734734,"flow_dst_last_pkt_time":1614938020843060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":150,"pkt_l4_len":112,"thread_ts_usec":1614938020843060,"pkt":"AAAAAAAAAAEAAAADgQAAZwgARQAAhJLfQAA2EXey0EPe3iUpZYwANS50AHAtJbjigYAAAQADAAAAAANhcGkDbXNuA2NvbQAAAQABwAwABQABAAAXOwAhC2FwaS1tc24tY29tBmEtMDAwMwhhLW1zZWRnZQNuZXQAwCkABQABAAAAUAACwDXANQABAAEAAABQAATMT8XL"} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938020640966,"flow_src_last_pkt_time":1614938020734734,"flow_dst_last_pkt_time":1614938020843060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1614938020843060,"vlan_id":103,"l3_proto":"ip4","src_ip":"37.41.101.140","dst_ip":"208.67.222.222","src_port":11892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.msn.com"}} -00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1614938020843060} +00829{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/dns_sub_enable\/pcap\/dns_retransmissions.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1614938020843060} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8644930 bytes -~~ total memory freed........: 8644930 bytes -~~ total allocations/frees...: 140536/140536 +~~ total memory allocated....: 9409304 bytes +~~ total memory freed........: 9409304 bytes +~~ total allocations/frees...: 154502/154502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 590 chars ~~ json message max len.......: 1148 chars diff --git a/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out index 99aa7f1c4..275a5290a 100644 --- a/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out +++ b/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out @@ -1,4 +1,4 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":15458020,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":371,"pkt_l4_len":317,"thread_ts_usec":15458020,"pkt":"MzMAAAD7CAAns+Yuht1gDvfuAT0R\/\/6AAAAAAAAACgAn\/\/6z5i7\/AgAAAAAAAAAAAAAAAAD7FOkU6QE94YsAAIQAAAAABgAAAAMBRQEyATYBRQEzAUIBRQFGAUYBRgE3ATIBMAEwAUEBMAEwATABMAEwATABMAEwATABMAEwATABMAEwATgBRQFGA2lwNgRhcnBhAAAMgAEAAAB4AA8HQW5kcm9pZAVsb2NhbAAQYWRiLXVuaWRlbnRpZmllZARfYWRiBF90Y3DAaAAQgAEAABGUAAEACV9zZXJ2aWNlcwdfZG5zLXNkBF91ZHDAaAAMAAEAABGUAALAgMCAAAwAAQAAEZQAAsBvwGAAHIABAAAAeAAQ\/oAAAAAAAAAKACf\/\/rPmLsBvACGAAQAAAHgACAAAAAAVs8BgwAwAL4ABAAAAeAAGwAwAAgAIwG8AL4ABAAARlAAJwG8ABQAAgABAwGAAL4ABAAAAeAAIwGAABAAAAAg="} 01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":15458020,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","domainame":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","mdns": {}}} @@ -10,7 +10,7 @@ 01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":69519720,"flow_src_last_pkt_time":69520583,"flow_dst_last_pkt_time":69520278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":69520583,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b831:a73f:7974:e604","dst_ip":"2001:b07:a3d:c112::1","src_port":49774,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"opentracker.io","domainame":"opentracker.io","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":255,"rsp_type":0,"rsp_addr": []}}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":69520583,"flow_dst_last_pkt_time":69520924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_usec":69520924,"pkt":"CAAnOk7TILAB4IZiht1gAAAAABQGQCABCwcKPcESAAAAAAAAAAEgAQsHCj3BErgxpz95dOYEADXCbjRYwBs5t9KvUBABfj89AAA="} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":69527477,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1112172654366527} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1112172654366527} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="} 01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","domainame":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} @@ -18,13 +18,13 @@ 01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":69519720,"flow_src_last_pkt_time":69527477,"flow_dst_last_pkt_time":69527300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":1774,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b831:a73f:7974:e604","dst_ip":"2001:b07:a3d:c112::1","src_port":49774,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"opentracker.io"}} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1484673025972667} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1484673025972667} 00335{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":16,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667} 00453{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00335{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":17,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144} 00624{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1484673025976144} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1484673025976144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/15 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650117 bytes -~~ total memory freed........: 8650117 bytes -~~ total allocations/frees...: 140569/140569 +~~ total memory allocated....: 9414555 bytes +~~ total memory freed........: 9414555 bytes +~~ total allocations/frees...: 154535/154535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 340 chars ~~ json message max len.......: 1129 chars diff --git a/test/results/enable_doh_heuristic/doh.pcapng.out b/test/results/enable_doh_heuristic/doh.pcapng.out index 0a39579a9..5f32b17d0 100644 --- a/test/results/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/enable_doh_heuristic/doh.pcapng.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"} @@ -10,7 +10,7 @@ 01475{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13i1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02394{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8668228 bytes -~~ total memory freed........: 8668228 bytes -~~ total allocations/frees...: 140664/140664 +~~ total memory allocated....: 9432635 bytes +~~ total memory freed........: 9432635 bytes +~~ total allocations/frees...: 154631/154631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2399 chars diff --git a/test/results/enable_payload_stat/1kxun.pcap.out b/test/results/enable_payload_stat/1kxun.pcap.out index 03e6ce618..bcdd5dcc0 100644 --- a/test/results/enable_payload_stat/1kxun.pcap.out +++ b/test/results/enable_payload_stat/1kxun.pcap.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -687,7 +687,7 @@ 01021{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 01014{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01158{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01509{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -959,7 +959,7 @@ 02884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1086,27 +1086,27 @@ 02520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120591,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPtAADcGHEesaXlSwKgCfgBQlawVUngs+Pyij4AQAOvjqQAAAQEICsmibePytblgupUqqNl16+S0Pz2Eh252smBlVkADDp1rpWh885p2i36jktrhwQI+Nu8uV5x\/h60qcXO6Whaq0m\/wsIFVFwkjNhQQQMHPpn\/PFJJrQFfmeliOSIMA0uQzNkgA8fSpst3ub05uLstkKkSu5ijB2\/xlx396cIq9lsE21Dmmx5ZI2YNtbGAV7nPb\/Gpm4x31OdNtJrQ6jwV8Evjb8R9Pk8Q\/Df4MeMNe09WKNf6J4Zu7uJTuClN8SFc7mAIzkZHrUKrGOqdmbrDYqrTvGDavul\/Wx2erfsMftuaR4bHjTU\/2Pfidb6Zgme\/k8E3oXjuw8vcB74xUyxEU9wjl+OjBydN26adTyy8muI3Nnd28sU8LssqSRlGjYcFGVuQQeMEAit\/atpHFCmqU5J6f5lbyQ6iQqzfNz8vFJR57Pc9KOIjFcm1ydIJAwyoXnJXGDnFdUaMr3OSc4u6TJoVMauCoyx4IHA+grX2WrdtTgqwUmrO5O2mEqZmDKY8HZtxuz6d6znSdrs51XcGkupWkhIlEJjlOBkBR3rmlJxZ0wqrl03HwxtuLxxBQo\/eB+\/FbUnJy0K57e63dsUSJHFskQb1PY\/55q4zUWJt3vHYYZopJhuiU54cdAaUpKUkxxhPl91jQ0rk7ZRwvRCeT\/SplJrbYrkUI3f4n66a74A1CbVbmRrmM5nJMbSHn6nHH1962WIVj8xeWTnUlJvq\/zMPUNHl01haX9oyMR8rZyGHYj29xU8zkrozqYd0nyyVjKvLSN0AeULt+5t7+3NbQ2TZyVaUXYxL\/AEh5GK+dyysAxj6e3HetVJLY86eHvJnO3trGsmY1O2Pk9Tu9smtlM4HTipWGuI2jjcF0KEoCsWcg9uen4CpuaOMOW4huYYoltyxORwpG3Pt+NBfMoqzILy7VpZmVlJ3qFbIwwI747g8cVpFmFRtN29CtNYzFGknI3Md25c4Ue5547Vakck8M9W\/kYuosXT7MVjXyT8ofO1h6\/T3rRGDcnKzWxRntp4GZrmIhvvIhByAQPXpSbuaJKO5Qni+0r5ogUKuCzDJGOvfr6U1I0hzXuZVxGHQtsbJUnOCce+Pyo5kdNN6mZeWiRgKkm9uvFS\/I7Kc5a3NH4cfCH4pfGLxJD4V+FPw71zxLfSvtS00XTpLghsZ+ZlBVB6liAK56tanSdpOx7OAy7H5jJU8LTcm+yPrT4Ff8EBv2wfiz9g1L4vahoXgDTbmQm6tr+X7bqUUY6MsEXyBjngNIMY5xXnVc1oxbUFfzP0HLPDzNaqi8RJU79NXK3ov80fQtt\/wTm\/4I6fsKRWg\/au+K1p4j1owF5U8V6xtjDRbS2yxs+QSSAI335GRzg1xPF42u\/cWnl\/mfVw4d4UyZJ4qSct\/edv8AyWN9eyZ9GfsO\/tofsjftC6D4o8JfsjeCbzw34c8FXVtbzXyeFI7CyuXmzs8mOP5t3B++oOOcYzjnq0atKV6j1fzPoMrzLLcxpOGCTUIeSSd\/Tr66nwh\/wWM\/4KyftM+DP2rtY\/Zv\/Zp+LmoeEtD8H2kVjrN3pVtEtzfam6b5iZmVmWNFeNF2bfmDHJ4x34HCUatPnqL0Pl+J+Icbgca8JhJ8vLpJ9b9bPyPzk8Z\/EHx98TfEL+Jvij471jxJqMhy99r2pS3coJOcbpWO3r2r14U4Q+FWPgMTi8VinzVJtvzZl3sQMarxuZec+h9K0aj0OSm3fU\/cr\/gk5e2n7VH\/AARuHwa1m4ine10PXvB1zGyZ8vAlMO4e0c0RH0FfL4mPssW35o\/ashq\/2hkEYS\/llD5WuvzPwcvLW5sh9ju1IuIGMcwIPDKdp\/UGvoU+aN0flUouFWUezIGXEYcxgkHkAcmn01KUtbXHRQyYdm3RYIGO7D0HvUq4cxoiP7GjXsRKSRoDGzAnKkcj8cVWzujmbVX3"} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_usec":1654385181857708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 01874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1654385181897114,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_usec":1654385183491860,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01778{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01776{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_usec":1654385183495868,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01765{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01763{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_usec":1654385183496601,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01759{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01757{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183514792,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 01094{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183517888,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 02790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_usec":1654385183520039,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_usec":1654385183618295,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01798{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01796{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1654385183642352,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02073{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_usec":1654385184096708,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -02097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1654385184117986,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} 01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} @@ -1114,7 +1114,7 @@ 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385184139299,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_usec":1654385184174078,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01539{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01544{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385184282680,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01954{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184845262,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} @@ -1124,22 +1124,22 @@ 02055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1584,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1654385184927393,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} -01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1654385184928623,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01018{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1654385184938285,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01336{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1654385184942273,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184942885,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} 04411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184943456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184943456,"pkt":"nLbQ0+MztKXvZygQCABFAAtciZ0AAPgGVjwSQgJawKgCfgBQi1Aw2KNaFQTlKYAYAIPjEAAAAQEICjG9uf4hNwYeQbsg9lrR\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCBQQQQKCUoJSgl8UFMqwlOyqPJLvJdD+U1NwRaJQ9yFWVy9j1ThsgYSZISdQTt7l0aOvfT7dnp7HxLU284nmrcovuRmbDuSYNebaPA77D5r1NHcRbmk\/k\/UTXZeKaPTqRmff1hp2aMrV+EOMsYM9L0e0be9d+nq1vx6vxXifgO42Uzav3qe7AhwINvqWvS8SEAfEquFoA\/wTCUObxKBzaJEGEWuIuiMHMehQxCPN5qyC4I1VUYZfKeZsQwKpBY8y07j343HSyzvpVtHL2PC\/GNx4ff7s5r6w3\/ADHhlHmfLLMQoh33N5mO6g+C8rX0sxNZ7w\/d7zbaPieyjX0o7\/8AzDl0kT4pXxPbZzDykFeXMY4l+AvWa2ms94QGqhRMiMpmhET2TDRFcotAsgmaPK6spMItCqr3b5w64e1GKCOvxUOhpSQWR7OkH9gVLWfRPK\/kXW30V3O8+7p+kes\/8Q7Fl7AqWgpGQU8DIImjRrRa\/vWczl9n2Ww2+z0o0tCsVrHszFPE1gs1oAUOxUsEBBMBZAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEEqAgICAgICAgICClPTxSts9ov42Qx7tO4gZDw3HKVxlhbHMAeSeNtnA+amLYflfMHlLYeL6c9dcX9Jju4VnbK2J5aq+yrIi6F5+9zNHdd+grSJy+AeP+Wt74LrdOvX7s9rek\/wDVglbL88fNIEPoqRAlRCYylUpSuI8UWQ0soyJSdwpWqzWRMK+6OKB723jiNzpolYe14Nsf0jXzPaHR66rhwzDHzusA1tmjxVpnEZfvdxudPZbadSfTs5tX1UlbXyVUriS46LktOXy3ca9tzrTq39VC\/moUFECBUpwg33qqUbmymOwXTCIQv5pKS\/mmBEGzU9B7LV39gCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBBA7IIIJUEh2QS+KmBLZQPI9l0P5ShKVMJS9dUwslKhMTlVw6sqaGcTU0hY4HodCrVtNZzDfQ3Gpo26qThvmUs2Utc00tcGskdoQ4dx679HdRPFn67w7xnS1o+Hq8TP8JU81ZGpq5hq8GcI5j3jETo73L09Lc+lu3u5PFPLGnrxOrtOJ9v+HPq+lqaGpdT1kLopG9HDddsYtGYfhtbb6u3vNNWuJW7iBqkQzqXUYEL+ajCfREHQ3KnBga7QpgwA26oYA64RGEebS3ROEYdB4E4q909Rgs7+4Wl8YPQhcW6piOqH7nybvbTa+0tPE8wxHE6kZSZomDGBoeAbea8LXjF5w4PH9GNLeWiI7teYFi8RM0aIqnaEVyjbogi0IqmaPBFZdK4R5E7fs8YxaElpINPA4b\/viqXt6Q+qeSvJvxOnfb6vHetZ\/rP9nY8OomQsBcBzAaADRoWT7DWIrGIXjRdEooCCLeqCKAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBAQEBAQEBAQEBAAFrEXCDA5vy\/RYvhktLUwtkie3Yi5afEKYnDzvE\/C9t4ltrbfcVzE\/yeduIWVKzLGKGKQOfSyH7zNbQ+R81rE5h\/Nvmby1uPBdzNLRnTn8Nv8A56teBurPzMJUIxKHihhLdFoS+ajslAlMLVKaJ9RUNijF3PNgkNdLTte0Vj1dRyjhbMMw1senORd7lpEcPo3heyrttGK+vq1vPuKmsrvVYnfe4z06rDUtmcQ\/J+YfEZ3Ov8Gk\/dhgSbCw6LF4UcIX1QEECowmEQdLqUiK55E6U5R+pEpR1UcCF\/NMQPZyu\/sAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQSoCCVBKghZBIQgkI6qw8klbP5RSkeCJhIrJiUqrMJhKi2Uut7jceCJiWx5SzfV4W9sVSXTU48T3m\/Fb6evan0e54d41q7eem\/Nf5t65MBzfhtpQyRxGjxo9i9HQ3OOaT+T9RfT2Hi2l9\/n5+sNBzjkXE8F5qilBqqTcPbqR7wvU0d1TU47S\/EeK+W9zs5m9PvU94aoCLkG4I6FdGH5+PaT3KMJzkB3UYEA4oDXJgwc3RRBjhMD4KTDc+BFDJVZyM7bhlPG4uPwXJvLRGm\/T+T9tOr4h1+lYld8ai05kFt+TVfn9f8Tr80TE7vhpzQsH5lOwboqi0eCKpmjwQTMGiKtx4QZXON4t63Ux3pKZwuCNJHeCracP23kjy5\/2luvj60f4dJ\/jPs73hFKyCIEsANrNsNgsX3ytYrWKx2Xg1RZM3QICANUEyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQQOyCCDW8\/ZepcZwaajmYCyRvdJGrHdCFMTh5HjfhOh4psr7fVjvHHyn3eacxYXUYPi8+H1LSHxOsDb2h0K2ieH8u+KeHa3h27vttWOaz\/GPdYnRQ4EqsJb7qI7LJSdCnPqJfykwtVtPDfCnS1JrpG9xmjbjdWrD9N4Bsptf41o4hs+bsSGG4UWg\/fJRYDwS9sQ97xnfxs9rMR+KXPy4uc57jdzjdcsy+dVzMzae8pTayhcvpa6junADcb3UpEVTMN1MRkFbCpbqmCJFEwtHKVVTlDrqiXs9Wf2AICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBAoIdEEqCUhBJZB5II6Low\/lFKglI0QSEWRaJQROUp0CJS28kMq+GV1Vh9QJ6OZ0bx1HVTEzHZ0aG51NC3VScS6Jk3P0FQ0U2KgRuOhcfYf7wuvT3GeLP2PhvmGl4+HuOP6Su81ZCwfMMLqzCXspqpwuAw9xxXpaO9tTi3MNPEPLe030Tqbeem0\/wAJcuzJgOK4DWGnxGmeyxsHgd0jxuvW0tWmrXNZfP8AfeGbrZak01q4Yy4IuFfDgiRVmEwgbphICRuoxkRLrA\/JT0jtvBDBDg2UJMSqm8ktcbi\/Rq8be6sX1OmO0PqPlTw\/9D2E69+Jv\/RzrPmIDEczVMzHczQ7lafcvHvbqtl+M8X3P6RvL2ieGIYN1m8tOiJRA1RWUzOqIV8NppaytjpYQXSSvDW\/FGu22+puNaujSObTiHo3h9gcOE4NBRxtAEbQXm27lhM5l\/THgfhmn4bsabekdo5+c+rZRsoeumaEBBFougiNEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385184944474,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01483{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01488{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00954{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1654385184944791,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 06332{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184945955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184945955,"pkt":"nLbQ0+MztKXvZygQCABFABDwiZ8AAPgGUKYSQgJawKgCfgBQi1Aw2K6CFQTlKYAYAIPopAAAAQEICjG9uf4hNwYeEBAQEBAQEEqAgICAgICAgICAgIIFBBBJI1r2Fjtig5B6QuWjNRjFYIwZabSSw1c1XrPo+U\/aV4D+kbeN9pR96vf6OMA2V3wyEvmphdBQJCiYVcOgdVVscDBcucArVdG30p1dSKR6uqYPTRUGGNZYNZEzVXjh9J2ujTbaGPSIaJmvEjiOLPeCezYbNC572zL5\/wCK72d5upt6Qxt1k4UGk2Q4L2CLDSiqZl1aIRKYbaK8QrMpraKcK8oW0TCcpTuVWYWiUvxVJ7rVQULVe0FZ\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBBKghZBLZBLZB5IGxK6e7+UIS9FCUpCCVWEpCqnKUhT3XQI8lAltuhlLY9FYZvKuacTwWRojldJCDrE46K1NS1Z4etsPF9xtJxE5j2dMy\/mnAM00PqOKRxOLhYxS2uPcV1aWtic0nEv2m08W2PiWl8LXiJ+U\/2a9nLhMJGOrcszh7Tqad2\/wXraHiX+nVj83ieJ+S8xOpspzHt6ubYrhuI4ZUOgr6OWF4P0mr1KWpeM1l+H19pr7e801azErS48Vboc2S48UwROeze+EuQavHKuPE8SidDhsTg67h+F9y4N3vK6UTWv4n63y75b1d7qRr60Y04\/m3ji7mKDCcHGGURa2WRnIxrfoM2K\/O6l5iJj1l+r8xeKU2u3+Bpd5jEfKHHm3JJOpK5nzSZmeZTMCImU30UVRYiqZgsg3\/gLgorMakxOVt2Uw5WXG7iqXn0fRPs68Jjcby27vHFOI+rulFH2cAFtTqVk+4KzeqCKCLRdBFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBA7IIICAgICAgICAgICAglQEEqDF5noo63D5I5GhzXtLXaJE4c+729NzoX0rxxMPL2b8NdhOYKqgcDaOQ8n5p2W0S\/lPxrw+dhv9Xbz2iePp6MUeqnu8yEPsUpSlVWjltfDLDWyzPrZB7Gjbq9X6jy9tIvadafRnc+Yj6lhXq8brSS7+5Re2Iep5h336PtvhVn70tBGg13OpK534OkYL3uFVZC\/VFi90RCManCEzSALkq9YUm2IZHBcHr8SJMERDB9Ky0iHZsvDN1vJzp14XdZljFKaMvDS8NHRWw6dfy\/vtGs2xmGH1Di1ws4aEKuHjxM5xPdKdvNVleEh+CpK0IbhQl7RR\/YQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBA6IJUELIJbIPI9l1P5PSnQbIsgdQokSkeagSkaWSolI0QS21RMShqiUtkTlC3khmEY3PY8OY4tI1BBslUxaazmG25R4gYvhAbFM71iIflHULWurMcS\/Q+H+Y91tfu2nqhv+F5xylmOnEWLQQF5FiJmgEfFbaevNfwTh+s0fG\/C\/EK9O4rGfmg3JPDqu5nxMYOb8h+y66+I7iPVWPAfAdbMx\/IZlHh1g16idkZLdW9o7dL+Ibi0Yzg\/7F8B2kdd4\/isc3cS8Po6T1PBI2vLBys5RZjFwzqYzPq5fEfNOhpafwtrGcdvaHLMUrqnEq6Srq5TJJIbklYTOZfgNzudTcak6mpOZlQaFDnTt2uio3X4IiUzPZRCZgJ0A1RV6B4PYO3Dsr0kZaA+Udq8+N9Vjacy\/o3yb4bGx8J06zH3rcz+bdlV+pTN0CANUEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQEEqB0QS9EFOZvPE5niEHAvSLwxsGORV7BYSjlebdVpTs+Efad4fGnvabmv+riXNlo+YJfHVR6FSJpkeGNFy42ClrSvVOIdUynRtpMIiZygEM5nK0Q+k+GbeNHbx8oy0rOVc6uxp9\/ZiNgFjecy\/CeM7udzvLe0MTdZS8+Et1CUL+aJhFtvFWqlMzxVohSWTynhj8VxJrOU9k32itKxl2+F7C2+3MV\/0x3dBqZaTCMOJHLHDENTtdacPo9p0tno9NOKwky9i1NilOZaZ3My9nApE5Rs95TXrms5hqXEKgZR4sJom8rJdbfWqy\/DeZNjXbbvrpHFmvuKzmHhVUzZZrwgiXtJH9hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBCyCCCFkHkZdD+TsoW1RKWyH1QABuUTEpbeSHZC2iGUtkTE+iUjdEwlsiaoKcAmCpYKAbobhERMwq09VUxfg53t9zlMNK62pTtYqKqpn\/DTPf73JlF9bUv+KcqYHiowzRaNUVTAXREo28AohCLR4KVUw1RWV7l6mNXjNNTDeWVo+1HZ4bt53G809KPWYemsuQNhpGtbs1oA8li\/qTbacaelWkdohkm9VVsigi3qgigICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBAQEBAQEBAQEBAQEEqCB2QSnZBKUHL\/SNoTLlx0rYweyeHX8Fand85+0nazq+F9cR+GXBzday\/n+qUkXKlMMhlGlFZjLIydGjm+0fpUer0vDNGNbcRWfq6fiDhS4NO8G3KwgFXfQt1aNHZ3t8nK5HF8j5HG5cb3WMvlUTNrTaUg6rOWiBKiIT6DT4KThFouFMRlEqtHC+oqGU8QJc820V4hWlL61406d5dPy1hcWEYWIwB2rhd58FpWMPp3hnh9Nht4rH4p7tC4n48aupOH0z\/AL1Ge+R9IqJnL834zv8A4tvg0niGQ4KCTsKkfR5gkOzy5nFl5xYBD6e40IUuTzhmLabTyVSX5KvZKTqqS0qh5Kpw9po\/sIQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBCyCCAghZBBB5G3XQ\/k1BE8IOCEIEInKUhWKoWVVkv9iCWyIygQiapbeSBYIFvJTyIWTIWUVRlFo8ERlEDRBFoREpkQDVEZTNGiIRaBZFWycKKMVec6ZpvaMl\/1KtuIfp\/J22jX8Y0on05\/g9F4W0NpbDqsX9HVjEYhdN0CJEEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBAQEBAQEBAQEBAQEDoglQQKCUoJSg1XitRtrMr1UbjvEbHzU17vB8zbWu58K1qT7S8xuHK5zfA2W7+WLRiZhIShDMZALRmAc2xZb+kFFfm9nwPEbqM+394dGzJAZcvVDRe4BOil+48T0vibDUhysNs0g9CqYfKtPthJ4qkw2ieEG3UYSAdEwI7Dz6BWhS04hvnDPAewgOJ1bO+fYafmtKw\/beWPCfh1\/StWOfRNxLx\/7nUDqeF4M8wtp9EJl3+M+I\/ApNaz96XKnuc9xe4kucbkqH4aZmeZdH4KMd9z6gkaFwsph+w8t1n4dplV4vFwfTNtpb9KlxecJnq04aYVm\/IQlvuqroKMD2oof2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCVAQEHkXYFdD+TUN+qCCCBQQROUqnKULKExKHkiMpQgW3RZCyIhDlRJyoqNHggAeSGUQPNEZlFECIyiBa6IlNpbzRVEbIN84AQtfmmSVzb8kRsq37PoX2b6VbeJ2vMdod3ohaBvuWL7oqoDd0EyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggUEEBAQEBAQEBAQEBAQOiCVBAoJSglKDAcRP2sVLvBhUw8rxv8AZ2r9HluuaWVkrSNQ4rd\/KmvWa6ton3UVX5MoVcMndTVrJmm1nC\/1qcujbak6WpFodhwqRmIYQCCCJo7fFS+pbe1dxtsf7oc0zJhs2G4nKyRh5C7Q2TD5d4jstTZ7i1bRwx3LcabKkw5azwlA8AownIAALlIhHVhsPD3L8mK14qp2EU8Rve2hVoh73l\/wm291viXj7kN7zFiNPhOGumeQ1rG2Y3xU5fvt5udPbaWe0R2cXx3EJcTxKSqlN+Y6DwCS+b7vc219WdSyyPioc2XT+CTXHCprjTnFkftvLMT8KVDjBIfunDEQbAfpU8vJ84Xn9JrX0agToqy\/LRCUa3VMLCYHtRVf2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAghZBBB5FXQ\/k1A3Vkd0FVIpwIWUZRlAjyU5SgRuoMpbItHbKCnkyW0UYEN0C\/kERygiREdxEdho8EEQPNBECyKot2RVFAUxA6H6PQ\/yvVu8GD5qmp2fS\/szj\/xmrPyh3OAWhb+aFi+1pkEW9UEUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBKgICAgICAgICAgICAgdEEqCBQSlBKUFhjcLJqUNlAczmF2nY+9WZ6mlXUjF+Y9nlXNFhmSvAAAFTIAB07xWkdn8m+LRjxDXiP91v6yx520VnBCVVWhuXDPMDYZPUKqTla78G4nS\/gpy\/WeX\/E4pPwdSceze6yioMXpTDVxt5iNHBInD9fr7Xbb\/TnT1o592g5lyhiGHTudTsMsJ1BHgrRy+eeJ+XN3s9SZ046qsA6CoabGB99vZKYeFNNWJxNZ\/gy+WMr1+LVTTJE6OAHvOItooxh7Hhnge53upGa4r6ulMZR4PhPZMLY4YW953ioy+mU09DZbf4dOKw5JxBzC\/GK90cTj6vGe6PFS\/AeL+JTutSa1\/DDW\/wApRh4xqeqhPzdV4IRv+4sjneyXCyP3flis\/AmZWPGcuGNRAjQDRHiecM\/pdYlpzttEflqpVVYvdMD2ss39hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg"} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184953988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184953988,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184956858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184956858,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} @@ -1155,7 +1155,7 @@ 02495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184973564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184973564,"pkt":"nLbQ0+MztKXvZygQCABFAAXIKLQAAPgGV\/cSQGcewKgCfgBQjy5+eJ1f0XpgIYAYAIMAzwAAAQEICvuAHVOcUadRJQJEMyhfWzk4c69t8VudXr6pn+znDQ0VEhQPPcyGS61d5+1zHyZ4kw8InhkhW68pyvvrnzX5t\/H39maFxWc2r\/jFxwq\/hEVoXAiKHiLMU4\/KyHs5sV1wD559f9zcFztWUj0ihMMgtggEDfMxXUM9dFGV6JcgarAA5KIX8Rhx4KKjXR5FenSf6ir4Wu45nkDFW59zYej9BmKhpdMb8rY8eNPnAfGmIQzij55nkq\/uWJQgPv88G0x6gqY4XOyV9k8a+qsSfYKU5lLVQEUHepnWRDQfUc+335Q9qXuFH7f+8ng\/aQrf84kI7WaO+SnxnLQouz0Cv9v8f3lE+4owCfP1Cz8OEYnQkhXEehYZgVia7bxcHiv6v4xaanozJ5rmOorquwr9GrpFyxLzcpsLlUqzK+KacyS7QwJS\/Ky0\/PTcIlt8ZLwU7TL\/\/o1pr2hLdfT095T4mmP+2+1ddHU48Byxr3aLa3WT\/jG\/C3X6ePA0eanW9XpA7VJvL\/6JmLlix5z9hSS3OqzNKQTjBUM3s7KkvCOkhFHfw0EXJwWgoKSWmSsy5BrLZEfkM0FV7a+ikWpLo3uxdOw31fp7dfTjbB4kd6HRjhDkihmhg3Fxj9HXloHyHwvckfdTCsRiouxlgct7lNCoCgpUmfTu6Yyx7kf\/6aih8KzpyyqkP02jZkyX6OCTx82lz89o7u9CyGfsWhKD\/7BBbiMdXaKK4TysUCFlwE9GGF2seEuicF8r6CTuiOZsrl8ro7A0wal1282SC8UewlAVeiOv42DSkeq4dNBmW50TVjG35t+WUxNn4Q3p5nPJnsGwNKxtQn\/XWWm1U5Gt7+GDvLGqhGlz\/Ki8pfJccVYEawTw7SCN4wp\/3ocQ6vkT4Dpx9fSRTemmYi6pENOZS6VuARnHqwYSWl4t6yJoHK9sCfi9ST8HVXbqDXWFZ2q3BJnFLL2KjKRKEQ6cwz09MaWHVSAOYMFLPRa1P4jAx3PdtEcA6Suw\/o0nBxQpA1VcK\/L5h29Se6TnnwGGwNCLWwcEJVFxaxhV\/90VokUL7AtF\/O2q\/1vhOGyiX6EkZzZs6nexDcqCRxLporgd6yB4OIQ\/K5UvGbYe6+Sm7lH6OGAMK4UMwjkq9mCtaTHr7mvhnhxRuW7uj2lidYSV8hOTyPermC3rpaeQy2urqLgBbyapxA5Pobg8dWmnSefHpRew8i1Lo7xZJ2SpCdkX1yUKisC8EMEhExSgxRoJO6lJwnDpHM5WJ36k3Ry+3q9OcgN6NLQRO5pRs8nhTf4nqy7lt5uTY1pqNSduEscx56wTi21bJStBpnuJ8UvGJx\/R+YeP8QzcFQlKJycJlPLg6eX96ULPBZxzLMetvK3n66CoeI4YwUg4QxFhrIktxxA1moIwNkkn6SE2PJvny3Cxi6Q7lkUmD0rurnBMt9ApEb3z5XFrSDnmX6QwTGHURMLAjPSQ1rzsHHaLMjENdwshfdWaIsx0\/C+jJ4udEOtxA9Fm0BuIFf8jWdfxwPFpB7wf1zLIyaPgXgtem4PL4uFnUr\/LL8Mi6yuMoLm28awieMUxVDrx8BpEilb9smuibdWhYybgbrhRDSVz2VcvfeF7S52u5dohgrnorV7VIGu4Fbfjcdt5eZr90iPKqeLRmae8arWdU6pk0+036XKkyixVdtPL96eMfve4A6Zh9TvzUvY2yZhS+fWayDF170ogtacHtunN1Y8fbumfzzXBlbMPAxKwloCcANStnnowf0vhV+lwOAC5eJ0wwfBbE\/fZdlz+fa+lDBSbIFzwquAzceoahA\/CkYEf4Il0qBgoQR8xij74ARiwygmvlhBcVhebT1T8Wht+RIpph7wDNRWhIpJICJTvhB4xG3THeUUikIIY59QcKEF+mfeRHq7zWxIrV0MxaCgpfmHu"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00910{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1654385184982489,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} 04530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} 00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1654385185015695,"pkt":"nLbQ0+MztKXvZygQCABFAAEvXw0AAPgGJjcSQGcewKgCfgBQjzQ\/gIf3GAA7E4AYAIPMaQAAAQEICgAnDeicUad2d33ytWgxPP549E8++kcL03\/7Z00U1zPvd5U\/\/8YR2M0q4PPBMJux8PPglf8nf+J\/WlmA7T+B3oKJaxaPsyxAjo+gp2JAZ5f+d\/QE\/X16KoYvHYEq954+vunj+e3Gw9PlfRI7wGV\/Kcwu++3HT+gdRAlPuP4TwL+\/wXgPgV3QrzI7kWKnsqsRSgE4+UMeBH71hw57f63nFza\/qSLL\/OFoiNQfOuTbteZRPb6e0QR0tTv7ifp0lPj6fqAJqv05gqzIACaWCLm2CQJ3YQLH5hDxubHvodkW5lBnhujgmuZOB8zInqMh0Ahg+Dnl\/wXDsfHrS4oAAA0KMA0KDQo="} @@ -1163,32 +1163,32 @@ 00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1654385185942149,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229374771,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} -01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229374794,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_usec":1654385229375778,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -02274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1654385229376461,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01052{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +01050{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229377895,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} -01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} +01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229377922,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_usec":1654385229378645,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -02274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1654385229379534,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01047{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229398934,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1654385229399980,"pkt":"nLbQ0+MztKXvZygQCABFAACbqYhAAPUGMt80HbGxwKgCfgBQkOxILxECXvClqIAYAIBoGAAAAQEICvNkXe4Ae5ZkSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229406775,"pkt":"nLbQ0+MztKXvZygQCABFAADQbSRAAPUGBTQjnCwNwKgCfgBQpkaCxYqTe31v0oAYAHWAFwAAAQEICg9XxG0ZZxH8SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_usec":1654385229413001,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385229450708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01455{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_usec":1654385229460595,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01708{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01706{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1654385229557713,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":5,"flow_src_last_pkt_time":1654385229559611,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229559611,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkxAAEAGHePAqAJ+NB2xsZDsAFBe8KWoSC8RaYAQAfauuwAAAQEICgB7lxvzZF3uR0VUIC9pbXByZXNzaW9uP29wcmk9TmpJNVltVmhNakJqTkdNM05HTXdNUDViZFE5Xy1NY0ZjdngyeWc9PSZyaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWto"} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1654385229568829,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} @@ -1200,7 +1200,7 @@ 01589{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1654385232057407,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} 01360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385232085154,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1214,19 +1214,19 @@ 01361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":4,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385234239203,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5RAAPUGSvIDer5GwKgCfgBQgRKT0VmtkWAGsYAYAHiq\/QAAAQEICk9CoLuWJXANSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjE0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPVpJSGdqdXNlZGg5Yk5qVWRLZ3BSZUsySU93alRKTnloV0psZHkvdUZiNUNYdnVnektUYnNkQWtqS2QvOHVSa1dDL0JlUnVJd2k0QWtueG9LeUJQcWVvTjBid2VRZnpFeWJZR0crVFdwdDBQL3NIQUpqUmdOdXVpWXUrOSs7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxNCBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1aSUhnanVzZWRoOWJOalVkS2dwUmVLMklPd2pUSk55aFdKbGR5L3VGYjVDWHZ1Z3pLVGJzZEFraktkLzh1UmtXQy9CZVJ1SXdpNEFrbnhvS3lCUHFlb04wYndlUWZ6RXliWUdHK1RXcHQwUC9zSEFKalJnTnV1aVl1KzkrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTQgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_usec":1654385235892637,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -02194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385236487007,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119358297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385120216027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} -01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} -01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385185166661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":6082,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} @@ -1234,18 +1234,18 @@ 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} 01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} -01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} +01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} 01053{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":12,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142861550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":27563,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":12,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385137088135,"flow_dst_last_pkt_time":1654385137795021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":37440,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":124042,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":8,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385145113565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":8192,"flow_src_tot_l4_payload_len":1183,"flow_dst_tot_l4_payload_len":18456,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} @@ -1257,7 +1257,7 @@ 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com"}} 01164{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} -01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} +01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385129190022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":817,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":817,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi"}} @@ -1267,9 +1267,9 @@ 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385157162185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":508,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":508,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385157178524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":680,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":680,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":1950,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} -01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} 01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":19,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385146051643,"flow_dst_last_pkt_time":1654385146257351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":51980,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146481114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":4320,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":7485,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} @@ -1277,14 +1277,14 @@ 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385147163604,"flow_dst_last_pkt_time":1654385147585918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":97896,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":28,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385147363303,"flow_dst_last_pkt_time":1654385147935185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1578,"flow_dst_tot_l4_payload_len":131729,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":23,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385147316212,"flow_dst_last_pkt_time":1654385147926816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":126758,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} -01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 @@ -1293,9 +1293,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9257069 bytes -~~ total memory freed........: 9257069 bytes -~~ total allocations/frees...: 145272/145272 +~~ total memory allocated....: 10027715 bytes +~~ total memory freed........: 10027715 bytes +~~ total allocations/frees...: 159238/159238 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 11864 chars diff --git a/test/results/flow-analyse/custom_rules/custom_rules_overwrite_domains.pcap.out b/test/results/flow-analyse/custom_rules/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..01e5f5690 --- /dev/null +++ b/test/results/flow-analyse/custom_rules/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.143,64.233.167.84,tcp,46326,443,info,15,17,1760964921304285,1760964921416596,1760964921435421,0,0,4419,1858,7117,4694,0,0,7853.1,60534,14243.3,202872752.0,3.1,"22349,22398,1156,520,42,20617,0,0,1509,0,0,0,0,20391,18,12,652,606,20389,41123,0,0,0,0,60534,1426,1192,4030,736,24,23723",52,421.6,4471,924.4,854508.3,3.2,"60,60,52,2527,58,4471,52,52,52,1910,114,52,52,83,52,52,52,136,83,52,1452,722,366,341,83,52,91,91,91,76,52,52","10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2","10,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1","0,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,0,0,0,0,1","4.646634102,5.212701797,4.897086143,7.816514969,4.956866741,7.955480576,5.178914070,5.140452385,5.101990700,7.886328697,6.212090969,5.010550976,4.988526344,5.749540806,4.933627129,4.933627129,4.933627129,6.142579079,5.693960667,5.103911400,7.892829418,7.668910027,7.338832855,7.263511181,5.734539032,5.049012184,5.937283039,5.850928307,5.893327236,5.523987293,5.010550499,5.026988029",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,31,36410,12994,6376,3,2,1,0,1,0,3,3,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/1kxun.pcap.out b/test/results/flow-analyse/default/1kxun.pcap.out index 4e14c9a09..d23ef4bc4 100644 --- a/test/results/flow-analyse/default/1kxun.pcap.out +++ b/test/results/flow-analyse/default/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1287,1538832,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,1287,1538878,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/KakaoTalk_chat.pcap.out b/test/results/flow-analyse/default/KakaoTalk_chat.pcap.out index 6e965b3f1..56cc7054f 100644 --- a/test/results/flow-analyse/default/KakaoTalk_chat.pcap.out +++ b/test/results/flow-analyse/default/KakaoTalk_chat.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 113,ip4,10.24.82.188,173.252.97.2,tcp,35503,443,info,18,14,1430069026370215,1430069036014563,1430069032269782,0,0,654,1280,1689,3666,0,3723,501416.6,3802978,831986.8,692202045440.0,3.7,"995911,1037903,49316,6684,695526,683563,56000,2329864,2320373,251618,299011,4547,4395,4089,3723,105469,239411,242157,376495,82611,125763,244537,287323,18128,164581,238983,428131,146027,274079,3802978,24719",40,209.0,1320,352.3,124085.1,3.7,"60,60,44,40,224,44,40,44,224,40,1320,40,1320,40,1027,40,162,40,87,40,694,40,69,40,342,40,83,40,180,40,67,116","11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0","4.685176849,4.685176849,4.968303204,4.931687355,5.173561573,5.104666710,4.981687546,4.658042908,5.164632797,4.931687355,6.476998329,4.734184265,7.115762234,4.784183979,6.729174137,4.884183884,6.557168484,4.881687164,5.730113029,4.834184170,7.744181156,4.881687164,5.543020725,4.884183884,7.357668877,4.981687546,5.880825043,4.834184170,6.839711666,4.981687546,5.593678474,6.365212917",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"7" 113,ip4,10.24.82.188,173.252.97.2,tcp,35511,443,info,16,16,1430069036068122,1430069064769263,1430069064804816,0,0,522,1280,1362,3690,0,122,1852833.4,27030701,6601250.5,43576507498496.0,1.5,"41748,45806,2228,39459,11261,448395,183,2868,498749,183,122,36927,124176,229920,321990,23011,161804,229858,405273,183,57404,108246,75989,156006,245086,67993,69489,26937805,56885,27030701,8087",40,198.8,1320,348.1,121165.0,3.7,"60,44,40,224,44,40,1320,1320,1027,40,40,40,162,40,87,40,562,40,69,40,199,312,40,40,78,40,69,40,67,116,40,40","10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1","4.718510151,5.042055130,4.931687355,5.220941067,4.748951435,4.981687069,6.464412689,7.117209911,6.734959602,4.834183693,4.884183884,4.884183884,6.501401424,4.931686878,5.853732109,4.834183693,7.664524555,4.981687069,5.600991726,4.784183979,6.880613327,7.129980087,5.031687260,4.981687069,5.767374516,4.884183884,5.543020248,4.884183884,5.563827038,6.334234238,5.031687260,5.031687260",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"7" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,269,238703,15862,36150,38,8,30,1,3,5,33,32,0,10,0,116,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,26,9,19,5,0,0,0,0,0,0,0,0,0,0,0,9,5,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,9,3,14,0,0,0,0,38,0,0,19,18,1,0,38,33,5,0,0,0,0,0,0,3,0,13,2,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,269,238695,15862,36150,38,8,30,1,3,5,33,32,0,10,0,116,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,26,9,19,5,0,0,0,0,0,0,0,0,0,0,0,9,5,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,9,3,14,0,0,0,0,38,0,0,19,18,1,0,38,33,5,0,0,0,0,0,0,3,0,13,2,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/KakaoTalk_talk.pcap.out b/test/results/flow-analyse/default/KakaoTalk_talk.pcap.out index 236ac75fe..7643f2066 100644 --- a/test/results/flow-analyse/default/KakaoTalk_talk.pcap.out +++ b/test/results/flow-analyse/default/KakaoTalk_talk.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 113,ip4,10.24.82.188,110.76.143.50,tcp,32968,8080,info,18,14,1430069163715308,1430069202114386,1430069181143378,0,0,746,852,2452,3072,0,2289,1800875.8,20336762,4155046.5,17264411672576.0,2.9,"141571,151855,11750,244934,5676,231720,5279,268921,267944,260468,295685,6066894,6069489,2289,183686,177368,76049,36560,148072,8359650,8675995,4516,469818,147369,147094,2564,694885,724152,479767,20336762,1138366",52,225.5,904,230.0,52885.8,4.4,"60,60,52,194,52,904,52,378,286,798,558,52,766,52,222,350,52,52,222,52,238,52,222,52,350,52,222,222,52,64,238,238","8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0","4.739262104,5.194311619,5.168681622,5.344344139,5.053296566,7.386932850,5.077241421,7.234003544,7.051656723,7.730213165,7.626702785,5.130219936,7.729208469,5.130219936,7.004224300,7.276331425,5.168681622,5.053296566,6.966996193,5.168681622,7.017478943,5.091758251,6.947218895,5.130219936,7.270596504,5.168681622,6.928867817,6.919858456,5.130219936,5.071470261,7.064198494,7.072602749",TLS.KakaoTalk,91.193,1,Acceptable,Chat,6,DPI,"5,6,7,8" 113,ip4,10.24.82.188,110.76.143.50,tcp,58857,9001,info,18,14,1430069164966834,1430069202329230,1430069203383368,0,0,794,852,2842,3488,0,183,2444481.5,21237091,5342425.0,28541506813952.0,2.9,"148041,148315,14374,196289,3692,185608,22217,228394,215698,291656,316833,4536377,4872620,301514,147949,147858,122284,336243,8596588,8810699,73731,557586,700867,602508,20472016,917846,21237091,519257,336,183,1054260",52,251.1,904,266.4,70953.5,4.3,"60,60,52,194,52,904,52,378,286,750,718,52,846,830,52,350,52,222,52,350,52,222,222,52,64,238,238,414,52,52,52,64","9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1","4.685176373,5.185489655,5.156889915,5.339006424,5.207143307,7.375075340,5.233812809,7.382006645,6.995015144,7.704098225,7.705970764,5.248330116,7.776240349,7.756853104,5.171406746,7.334384441,5.130220413,7.042468071,5.207143307,7.231501102,5.171406746,6.845736027,6.836727142,5.130220413,5.138105392,7.055267334,7.030057430,7.403200150,5.248330116,5.168681622,5.248330116,5.220060349",TLS.KakaoTalk,91.193,1,Acceptable,Chat,6,DPI,"5,6,7,8" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,145,122797,146910,144494,20,6,14,0,4,9,11,5,0,5,0,73,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,9,5,5,1,0,0,0,0,0,0,0,2,0,0,0,5,0,0,0,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,8,6,0,0,0,0,20,0,0,15,5,0,0,20,11,9,0,0,0,0,0,0,7,2,6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,145,122793,146910,144494,20,6,14,0,4,9,11,5,0,5,0,73,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,9,5,5,1,0,0,0,0,0,0,0,2,0,0,0,5,0,0,0,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,8,6,0,0,0,0,20,0,0,15,5,0,0,20,11,9,0,0,0,0,0,0,7,2,6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/alexa-app.pcapng.out b/test/results/flow-analyse/default/alexa-app.pcapng.out index 6600b3809..f501a2afd 100644 --- a/test/results/flow-analyse/default/alexa-app.pcapng.out +++ b/test/results/flow-analyse/default/alexa-app.pcapng.out @@ -23,4 +23,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,172.16.42.216,52.84.62.115,tcp,41914,443,info,18,14,1490976195985305,1490976196879161,1490976196866304,0,0,1285,1448,5470,9856,0,50,57253.4,264056,85984.0,7393244160.0,3.6,"22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142",52,532.2,1500,595.2,354289.1,4.1,"60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52","12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0","2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0","4.705928802,5.306893826,5.094483852,5.740943432,5.077241898,7.061615944,7.289163589,7.495290279,7.599352837,5.094483852,5.017560482,5.094483852,5.017560482,6.445491791,7.218114853,7.854625702,7.211663246,5.042434692,7.851956367,7.855620384,7.792708397,5.812836647,5.812836647,5.056022167,5.132945538,5.093139648,7.841275692,7.859713554,7.867431164,7.510861874,5.094483852,5.094483852",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"" 1,ip4,172.16.42.216,54.239.23.94,tcp,44912,443,info,18,14,1490976186884448,1490976195471370,1490976197346218,0,0,1460,1460,10437,5046,0,32,614473.9,7470598,1477715.5,2183643136000.0,2.8,"168457,171158,1511,108893,4406,1671,697,112679,290,4146,167,6217,127,10389,13091,1079,255,290409,42,32,60,299358,743,529311,1065924,2114234,3665356,7470598,595200,595070,1817122",40,526.2,1500,637.5,406420.1,3.9,"60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46","8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1","4.626680374,5.134761333,4.831686974,5.716956139,4.609350204,4.505982876,7.141723156,7.316176414,4.831687450,4.812815189,7.392494678,7.608505726,4.881687164,4.831687450,6.348018646,7.864303589,7.858262062,7.260771751,4.390829086,4.347350597,5.864610672,4.390829086,4.684184074,7.859017372,7.859235764,7.859332085,7.859507561,4.784183979,4.347350597,7.859881401,4.457920074,4.501398087",TLS.AmazonAWS,91.265,1,Acceptable,Cloud,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1415,1279539,399153,588052,160,104,56,77,23,14,146,143,0,62,5,679,1,0,1,1,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,82,78,7,138,0,0,0,1,0,0,0,0,0,0,0,0,44,0,0,0,0,0,0,0,14,39,0,0,0,0,1,0,0,0,0,0,2,0,45,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,146,0,0,0,0,0,26,5,59,0,0,0,0,156,4,0,121,33,1,5,160,146,14,0,0,0,0,0,0,2,0,8,51,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,1415,1279850,399153,588052,160,104,56,77,23,14,146,143,0,62,5,679,1,0,1,1,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,82,78,7,138,0,0,0,1,0,0,0,0,0,0,0,0,44,0,0,0,0,0,0,0,14,39,0,0,0,0,1,0,0,0,0,0,2,0,45,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,146,0,0,0,0,0,26,5,59,0,0,0,0,156,4,0,121,33,1,5,160,146,14,0,0,0,0,0,0,2,0,8,51,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/android.pcap.out b/test/results/flow-analyse/default/android.pcap.out index 06db23ee0..ee06eaaeb 100644 --- a/test/results/flow-analyse/default/android.pcap.out +++ b/test/results/flow-analyse/default/android.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.16,216.239.38.120,tcp,32996,443,info,17,15,1582454871152402,1582454871906464,1582454871901421,0,0,512,1418,819,10828,0,3,48486.5,404574,104241.1,10866214912.0,3.0,"13673,15022,32725,47474,16568,3,34518,282,386517,404574,19668,197623,221096,19209,15019,27735,41804,1657,22,36,1002,1575,133,18,9,1204,14,1169,2703,19,10",52,416.5,1470,552.7,305506.2,3.9,"60,60,52,232,52,1470,1188,52,52,145,344,52,564,52,86,52,641,52,1470,1470,1407,1470,52,1470,382,88,52,52,52,52,52,52","13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0","0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0","4.671797276,5.277319908,5.092563152,5.518131256,5.077241421,7.236341000,7.433474064,5.131024837,5.131024837,6.086913109,7.119209766,4.962661266,7.515064716,4.947339535,5.439514160,5.038779736,7.633175850,5.015639782,7.866302967,7.846067905,7.867026806,7.835390091,5.092563152,7.847195148,7.413039684,5.580356598,5.054101467,5.092563152,5.054101467,5.092563152,5.015639782,4.977178097",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,436,376508,25482,76498,63,9,54,3,1,3,60,44,0,7,0,196,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,41,9,50,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,1,30,0,0,0,3,4,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,13,0,0,0,0,0,0,58,5,0,28,31,0,4,63,60,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,436,376510,25482,76498,63,9,54,3,1,3,60,44,0,7,0,196,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,41,9,50,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,1,30,0,0,0,3,4,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,13,0,0,0,0,0,0,58,5,0,28,31,0,4,63,60,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/anyconnect-vpn.pcap.out b/test/results/flow-analyse/default/anyconnect-vpn.pcap.out index 22d05f366..3f05b5f7a 100644 --- a/test/results/flow-analyse/default/anyconnect-vpn.pcap.out +++ b/test/results/flow-analyse/default/anyconnect-vpn.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.0.0.227,8.37.96.194,tcp,56921,4287,info,16,16,1569687260591875,1569687261807505,1569687261836138,0,0,1195,1368,2943,4489,0,272,79351.4,384774,121592.3,14784686080.0,3.7,"28537,28596,272,35158,11581,46466,4231,33144,2963,31899,1468,30539,1730,30777,254948,281121,5133,31326,314965,342213,26303,53543,25788,25778,4801,30501,2712,28408,358152,384774,2066",52,285.0,1420,416.2,173206.9,3.9,"64,64,52,200,52,1360,52,1247,52,103,52,496,52,463,52,363,52,167,52,777,52,1420,52,1160,52,114,52,122,52,110,52,110","9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1","4.328511238,5.005488396,4.776612282,5.402243614,5.091758728,7.442438602,4.882569313,7.578964233,4.916693211,5.863890648,4.829590321,7.531296730,4.969671726,7.509452820,4.882569313,7.315038681,4.993616581,6.548084259,4.959492683,7.706759453,5.014835358,7.870440960,4.921030998,7.786418438,4.882569313,6.148206234,5.014835358,6.198904037,4.921030998,6.028552055,5.091758728,6.119950771",TLS,91,1,Safe,Web,6,DPI,"5,6,15,24" 1,ip4,10.0.0.227,8.37.102.91,tcp,56929,443,info,15,17,1569687267035097,1569687267393587,1569687267393508,0,0,965,1448,1471,13402,0,0,23125.8,138032,32185.7,1035917504.0,3.6,"42362,42438,1999,46916,1210,46124,40336,4,40344,1,37231,6,37243,1,97159,138032,40854,1159,43270,9027,4,1,1,0,9,1,1,51168,0,0,0",52,517.3,1500,619.3,383541.0,4.0,"64,56,52,204,52,1500,52,1500,1500,52,52,1500,1167,52,52,406,127,52,1017,52,1500,209,1500,209,1500,209,1500,209,52,52,52,52","12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0","4.215306282,4.950672150,4.700937271,5.452831745,4.700937271,7.337546349,4.738150120,7.112461567,7.211231709,4.791128635,4.791128635,7.407482147,5.922111034,4.791128635,4.829590321,7.350569248,6.160544395,4.791128635,7.794639587,4.868052006,7.862796307,6.916011810,7.871273518,6.899218082,7.872875214,6.733156681,7.846444607,6.809710979,4.829590321,4.767184258,4.829590321,4.829590321",TLS,91,1,Safe,Web,6,DPI,"8,15,24" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,457,391173,38688,56727,69,10,59,3,3,6,61,34,2,17,0,207,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,53,13,48,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,35,1,0,0,10,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,13,14,5,0,0,0,0,66,3,0,22,37,2,8,69,61,6,2,0,0,0,0,0,6,1,2,6,0,0,0,2,0,0,5,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,6,0,0,0,0 +0,457,391177,38688,56727,69,10,59,3,3,6,61,34,2,17,0,207,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,52,13,48,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,35,1,0,0,10,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,13,14,5,0,0,0,0,66,3,0,22,37,2,8,69,61,6,2,0,0,0,0,0,6,1,2,6,0,0,0,2,0,0,5,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,6,0,0,0,0 diff --git a/test/results/flow-analyse/default/anydesk.pcapng.out b/test/results/flow-analyse/default/anydesk.pcapng.out index 850886753..c49cb9106 100644 --- a/test/results/flow-analyse/default/anydesk.pcapng.out +++ b/test/results/flow-analyse/default/anydesk.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.187,192.168.1.178,tcp,54164,7070,info,14,18,1613977595379986,1613977601740964,1613977601737415,0,0,3926,1460,5712,2727,0,0,410271.2,3021750,825943.1,682181918720.0,2.9,"491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006",40,306.3,3966,747.4,558552.1,3.1,"52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116","6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1","11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0","4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"5,15,24,30" 1,ip4,192.168.1.128,195.181.174.176,tcp,48260,443,info,16,16,1663090549161771,1663090558034917,1663090558365585,0,0,1448,1448,5817,3029,0,4,583127.8,8444631,2063627.1,4258557067264.0,1.5,"17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993",52,328.9,1500,495.5,245485.5,3.8,"60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145","8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0","7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1","4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"24,30,31" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,66,66126,19883,15955,7,1,6,0,3,0,7,8,0,5,0,29,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,4,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,4,13,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,8,0,0,1,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,9,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,66,66122,19883,15955,7,1,6,0,3,0,7,8,0,5,0,29,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,5,4,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,4,13,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,8,0,0,1,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,9,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bets.pcapng.out b/test/results/flow-analyse/default/bets.pcapng.out index 40e73dc26..09fb207e6 100644 --- a/test/results/flow-analyse/default/bets.pcapng.out +++ b/test/results/flow-analyse/default/bets.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 12,ip4,192.168.10.2,13.224.103.22,tcp,60099,443,info,16,16,1693252376328241,1693252376473051,1693252376516940,0,0,328,1368,573,6919,0,1,10758.4,46532,18210.4,331618016.0,3.2,"45063,45086,716,45768,1485,46532,228,223,359,358,497,1,497,2530,35,126,50,44471,1044,896,1,81,43759,187,180,74,3041,2969,1675,39830,5747",52,286.8,1420,477.2,227739.3,3.6,"64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52","12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1","4.359427452,5.254205704,5.077241421,6.193246841,5.115703106,7.830681801,5.024262905,7.844112873,5.154164791,7.881240845,5.115703106,7.848938465,5.975646019,5.115703106,4.911536217,6.119595051,6.468632221,6.137733459,5.192626476,5.154164791,5.154164791,5.192626476,6.778203011,5.077241421,6.239024639,5.154164791,5.561018467,7.842863560,5.115703106,4.979099274,5.154164791,5.154164791",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,11804,573,6919,1,1,0,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,11824,573,6919,1,1,0,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/conncheck.pcap.out b/test/results/flow-analyse/default/conncheck.pcap.out index 222146343..e984de870 100644 --- a/test/results/flow-analyse/default/conncheck.pcap.out +++ b/test/results/flow-analyse/default/conncheck.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,96,74463,5724,5222,10,6,4,0,0,0,10,1,0,0,7,47,1,0,1,2,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,7,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,9,1,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,102,81994,5724,5222,10,6,4,0,0,0,10,7,0,0,7,47,1,0,1,2,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,7,1,9,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,9,1,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/custom_rules_ip.pcapng.out b/test/results/flow-analyse/default/custom_rules_ip.pcapng.out new file mode 100644 index 000000000..064e3f35f --- /dev/null +++ b/test/results/flow-analyse/default/custom_rules_ip.pcapng.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,21,15912,75,0,3,1,2,0,0,2,1,0,0,1,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,3,0,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/custom_rules_overwrite_domains.pcap.out b/test/results/flow-analyse/default/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..718b07357 --- /dev/null +++ b/test/results/flow-analyse/default/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.143,64.233.167.84,tcp,46326,443,info,15,17,1760964921304285,1760964921416596,1760964921435421,0,0,4419,1858,7117,4694,0,0,7853.1,60534,14243.3,202872752.0,3.1,"22349,22398,1156,520,42,20617,0,0,1509,0,0,0,0,20391,18,12,652,606,20389,41123,0,0,0,0,60534,1426,1192,4030,736,24,23723",52,421.6,4471,924.4,854508.3,3.2,"60,60,52,2527,58,4471,52,52,52,1910,114,52,52,83,52,52,52,136,83,52,1452,722,366,341,83,52,91,91,91,76,52,52","10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2","10,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1","0,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,0,0,0,0,1","4.646634102,5.212701797,4.897086143,7.816514969,4.956866741,7.955480576,5.178914070,5.140452385,5.101990700,7.886328697,6.212090969,5.010550976,4.988526344,5.749540806,4.933627129,4.933627129,4.933627129,6.142579079,5.693960667,5.103911400,7.892829418,7.668910027,7.338832855,7.263511181,5.734539032,5.049012184,5.937283039,5.850928307,5.893327236,5.523987293,5.010550499,5.026988029",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,31,36255,12994,6376,3,2,1,0,1,0,3,3,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dazn.pcapng.out b/test/results/flow-analyse/default/dazn.pcapng.out index 24844a100..be96974f7 100644 --- a/test/results/flow-analyse/default/dazn.pcapng.out +++ b/test/results/flow-analyse/default/dazn.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,27,29731,1551,4284,3,0,3,0,0,0,3,3,0,0,0,12,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,27,29776,1551,4284,3,0,3,0,0,0,3,3,0,0,0,12,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/flow-analyse/default/dnscrypt-v1-and-resolver-pings.pcap.out index 803922d43..b83b88ff4 100644 --- a/test/results/flow-analyse/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/flow-analyse/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1539,1581778,244416,44650,245,0,245,200,0,0,245,0,0,0,56,488,1,0,1,2,0,0,0,0,0,0,0,0,56,0,0,0,0,0,0,0,0,0,245,0,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,245,0,0,245,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,1539,1581742,244416,44650,245,0,245,200,0,0,245,0,0,0,56,488,1,0,1,2,0,0,0,0,0,0,0,0,56,0,0,0,0,0,0,0,0,0,245,0,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,245,0,0,245,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dofus.pcap.out b/test/results/flow-analyse/default/dofus.pcap.out index 7aec10c8f..b2fd6d905 100644 --- a/test/results/flow-analyse/default/dofus.pcap.out +++ b/test/results/flow-analyse/default/dofus.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,48,39241,2216,20930,5,1,4,0,0,0,5,5,0,0,0,25,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,2,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,48,39236,2216,20930,5,1,4,0,0,0,5,5,0,0,0,25,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,2,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/epicgames.pcapng.out b/test/results/flow-analyse/default/epicgames.pcapng.out index 63b9aeb7d..73a0297e4 100644 --- a/test/results/flow-analyse/default/epicgames.pcapng.out +++ b/test/results/flow-analyse/default/epicgames.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,25120,5959,1825,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,25104,5959,1825,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ethereum.pcap.out b/test/results/flow-analyse/default/ethereum.pcap.out index f9e65739e..ecbc43781 100644 --- a/test/results/flow-analyse/default/ethereum.pcap.out +++ b/test/results/flow-analyse/default/ethereum.pcap.out @@ -33,4 +33,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.184,138.75.171.190,tcp,56657,30303,finished,17,15,1578508365226088,1578508365751522,1578508366012044,0,0,539,459,779,523,0,8,42302.9,263115,95827.5,9182917632.0,2.4,"259670,259779,1313,261414,3049,263115,462,422,253,247,161,10,63,22,41,100,13,84,18,22,24,260103,45,20,93,122,13,668,28,8,8",46,91.4,591,121.5,14755.2,4.3,"64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46","13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1","4.484427452,5.266787052,5.014835358,7.622575283,5.176993370,7.537411690,4.937911987,5.836015701,4.937911987,5.821192741,4.937912464,5.839856625,5.055252075,6.730566502,5.133149624,5.533761024,5.816047192,4.979780197,5.094675064,5.473884583,5.364500046,5.014835358,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" 1,ip4,192.168.1.184,78.47.147.155,tcp,56673,30303,finished,23,9,1578508365712625,1578508366123630,1578508366123331,0,0,567,347,951,859,0,12,26506.8,285939,65286.3,4262303488.0,2.6,"40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216",52,109.6,619,120.4,14503.6,4.5,"64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84","16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0","4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,573,509768,43570,43398,74,47,27,0,33,3,71,0,0,0,0,315,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,71,0,71,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0,56,18,0,0,74,71,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,573,509720,43570,43398,74,47,27,0,33,3,71,0,0,0,0,315,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,71,0,71,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0,56,18,0,0,74,71,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-analyse/default/fuzz-2006-09-29-28586.pcap.out index 1514d6b0c..75a8954d0 100644 --- a/test/results/flow-analyse/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/flow-analyse/default/fuzz-2006-09-29-28586.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,218,192174,14756,10874,39,12,27,0,0,22,13,0,4,11,8,82,1,0,1,1,0,2,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,34,5,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,4,0,10,1,0,0,0,39,0,0,37,0,0,2,39,13,22,4,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,218,192172,14756,10874,39,12,27,0,0,22,13,0,4,11,8,82,1,0,1,1,0,2,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,34,5,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,4,0,10,1,0,0,0,39,0,0,37,0,0,2,39,13,22,4,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gaijin_mobile_mixed.pcap.out b/test/results/flow-analyse/default/gaijin_mobile_mixed.pcap.out index cee984cc4..d4c75cce4 100644 --- a/test/results/flow-analyse/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/flow-analyse/default/gaijin_mobile_mixed.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,25454,1542,8296,3,0,3,0,0,0,3,2,0,1,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,3,0,0,2,1,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,25448,1542,8296,3,0,3,0,0,0,3,2,0,1,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,3,0,0,2,1,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gearup_booster.pcap.out b/test/results/flow-analyse/default/gearup_booster.pcap.out index 7ceea2444..11c654ab7 100644 --- a/test/results/flow-analyse/default/gearup_booster.pcap.out +++ b/test/results/flow-analyse/default/gearup_booster.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,971,751526,5730,16706,192,0,192,1,0,1,191,5,0,0,0,385,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,186,0,186,5,0,0,0,0,0,0,0,0,191,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,191,0,0,0,0,0,0,0,0,0,0,0,0,192,0,0,5,187,0,0,192,191,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,971,751305,5730,16706,192,0,192,1,0,1,191,5,0,0,0,385,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,186,0,186,5,0,0,0,0,0,0,0,0,191,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,191,0,0,0,0,0,0,0,0,0,0,0,0,192,0,0,5,187,0,0,192,191,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gnutella.pcap.out b/test/results/flow-analyse/default/gnutella.pcap.out index 4bfafd913..f224c3225 100644 --- a/test/results/flow-analyse/default/gnutella.pcap.out +++ b/test/results/flow-analyse/default/gnutella.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.0.2.15,109.214.154.216,tcp,50248,6346,finished,14,18,71205274,117002547,132821508,0,0,304,1024,705,2420,0,1091,3464951.8,22684647,6255594.5,39132462055424.0,3.3,"399865,400165,2576,3065,879170,880284,1091,343284,15848,359592,3003,2180,5087,145122,145627,10048654,10048652,469496,2676,472723,3557750,3604090,6175326,6222212,413766,464528,22633783,22684647,605343,604983,15818919",40,138.2,1064,217.4,47264.8,4.0,"52,44,40,344,40,323,143,40,118,762,40,53,58,40,149,40,104,40,1064,45,40,122,40,70,40,213,40,52,40,123,40,62","9,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,2,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1","4.638531685,4.760457039,4.611769199,5.768550396,4.503056526,5.575543404,5.615631580,4.553056717,5.640929699,7.709812641,4.680641174,4.708038807,4.874885082,4.592897415,6.317804813,4.453056812,5.923436165,4.453056812,7.776337624,4.335103989,4.830641270,6.163827896,4.780641556,5.454720020,4.621928692,6.573338509,4.730640888,4.776329994,4.621928692,6.159438610,4.571928978,4.925578117",Gnutella,35,0,Potentially_Dangerous,Download,6,DPI,"22" 1,ip4,10.0.2.15,86.208.180.181,tcp,50249,45883,finished,16,16,71205609,187576304,187064352,0,0,303,1065,713,3012,0,276,7491272.5,55455380,14262251.0,203411798622208.0,3.2,"106993,107336,276,805,178388,179820,1439,41004,98031,375723,432936,10046845,10046768,42293,94463,6595038,6594815,3591919,3643921,39217,93460,24009088,24063297,605105,604823,14641110,23768,14665256,55396943,55455380,453178",40,156.9,1105,244.6,59812.5,4.0,"52,44,40,343,40,323,143,40,912,40,149,40,104,40,1105,40,200,40,70,40,189,40,52,40,123,40,64,489,40,50,40,49","11,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,0,0,1,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,0,0","4.624014378,4.624093533,4.730641365,5.758390427,4.553056717,5.558244705,5.696007252,4.621928692,7.730160713,4.830641270,6.349717140,4.521929264,5.981128693,4.571928978,7.767892838,4.780641556,6.727245331,4.730641365,5.454720020,4.603056908,6.642654419,4.780641079,4.853253365,4.671928883,6.256999493,4.671928883,5.061660290,7.508594036,4.830641270,4.642780781,4.780641556,4.618614674",Gnutella,35,0,Potentially_Dangerous,Download,6,DPI,"22" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,6866,6215505,149308,234286,801,66,735,2519,6,0,712,5,89,672,1,1928,1,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,94,707,1,42,0,0,667,0,2,0,0,0,0,0,0,0,1,0,667,0,0,0,0,0,0,32,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,712,0,0,0,0,0,675,8,0,0,0,0,0,787,14,0,137,653,5,6,801,712,0,89,0,0,0,0,0,7,1,0,0,1,0,0,5,0,0,2,0,0,0,0,0,0,669,0,2,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0 +0,6866,6215495,149308,234286,801,66,735,2519,6,0,712,5,89,672,1,1928,1,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,94,707,1,42,0,0,667,0,2,0,0,0,0,0,0,0,1,0,667,0,0,0,0,0,0,32,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,712,0,0,0,0,0,675,8,0,0,0,0,0,787,14,0,137,653,5,6,801,712,0,89,0,0,0,0,0,7,1,0,0,1,0,0,5,0,0,2,0,0,0,0,0,0,669,0,2,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0 diff --git a/test/results/flow-analyse/default/guildwars2.pcapng.out b/test/results/flow-analyse/default/guildwars2.pcapng.out index a8356185f..8373585e1 100644 --- a/test/results/flow-analyse/default/guildwars2.pcapng.out +++ b/test/results/flow-analyse/default/guildwars2.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8149,800,1231,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8145,800,1231,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/heuristic_tcp_ack_payload.pcap.out b/test/results/flow-analyse/default/heuristic_tcp_ack_payload.pcap.out index 1277d2f23..75853244d 100644 --- a/test/results/flow-analyse/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/flow-analyse/default/heuristic_tcp_ack_payload.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,194.226.199.103,217.69.139.59,tcp,62580,443,info,18,14,1682070088015038,1682070095281485,1682070089825216,0,0,569,2843,1472,9558,0,0,292794.3,5455602,1016505.8,1033283960832.0,1.7,"0,10465,0,1548808,0,1559948,0,2544,0,14096,0,4417,0,92,0,17069,0,11,0,4686,0,18454,0,216157,0,213846,0,10430,0,5455602,0",42,385.9,2883,734.4,539373.9,3.4,"52,52,46,46,46,46,42,42,609,609,46,46,1450,1450,2883,2883,42,42,42,42,166,166,298,298,42,42,298,298,42,42,71,71","14,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2","0,0,1,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0","4.540081024,4.540081024,4.772925377,4.772925377,4.772925377,4.772925377,4.829184532,4.829184532,7.086583614,7.086583614,4.565871716,4.565871716,7.215152740,7.215152740,7.539601803,7.539601803,4.715973377,4.715973377,4.733946800,4.733946800,6.348270416,6.348270416,7.138381004,7.138381004,4.781565666,4.781565666,7.126602650,7.126602650,4.733946800,4.733946800,5.169243813,5.169243813",,,,,,,,"" 1,ip4,194.226.199.61,2.22.40.186,tcp,6946,443,info,14,18,1682070122465460,1682070127475501,1682070127468714,0,0,1460,2920,3416,10610,0,1,323009.5,2634777,687597.7,472790597632.0,2.8,"9842,15325,2065171,1798,114,2048180,1988,1777,823,1,2161,39414,217233,215957,433218,854700,2634777,793,114791,2391,133538,311,1201538,215,30,1,210,55,15686,389,868",42,481.7,2960,697.2,486142.7,3.8,"52,52,52,52,42,561,52,52,46,2960,1216,1500,52,46,1500,1500,1500,52,52,42,42,120,138,46,311,327,46,101,71,1500,658,673","8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","9,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,1","0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0","4.767184734,4.961856842,4.961856842,4.767184734,4.617807865,6.804517746,4.961856842,4.961856842,4.565872192,7.936507702,7.812016487,7.865312576,4.834680557,5.055958748,7.863229275,7.863562107,7.864302158,4.873142242,4.834680557,4.725648880,4.773267746,6.283937454,6.596406460,4.609350204,7.253105640,7.293287277,4.609350204,6.180341721,5.790450096,7.859360218,7.630677700,7.711422920",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,57,47694,14860,81741,6,5,1,0,4,6,0,0,0,0,0,30,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,57,47692,14860,81741,6,5,1,0,4,6,0,0,0,0,0,30,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http-crash-content-disposition.pcap.out b/test/results/flow-analyse/default/http-crash-content-disposition.pcap.out index 3dfd7b207..0773681a4 100644 --- a/test/results/flow-analyse/default/http-crash-content-disposition.pcap.out +++ b/test/results/flow-analyse/default/http-crash-content-disposition.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8745,475,2369,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8741,475,2369,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_invalid_server.pcap.out b/test/results/flow-analyse/default/http_invalid_server.pcap.out index d13eb2c24..dc9f4ace4 100644 --- a/test/results/flow-analyse/default/http_invalid_server.pcap.out +++ b/test/results/flow-analyse/default/http_invalid_server.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9931,82,407,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9939,82,407,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_ipv6.pcap.out b/test/results/flow-analyse/default/http_ipv6.pcap.out index 896048251..17cff6830 100644 --- a/test/results/flow-analyse/default/http_ipv6.pcap.out +++ b/test/results/flow-analyse/default/http_ipv6.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip6,2a00:d40:1:3:7aac:c0ff:fea7:d4c,2a00:1450:4001:803::1017,udp,45931,443,finished,17,15,1448269127400446,1448269137275811,1448269136257808,37,0,1350,1350,4058,4856,0,1512,604281.6,6008829,1486148.8,2208638173184.0,2.8,"25363,26190,172445,219452,15689,87208,38758,110203,47003,1512,26672,45844,1752482,1778725,6798,78256,246614,318052,6008829,6008710,4760,76866,102599,174483,2367,73860,70885,142482,2922,74310,992388",77,326.6,1398,376.2,141514.9,4.3,"1398,1398,85,1202,80,660,88,238,80,88,567,88,77,243,80,623,91,88,80,248,77,575,91,249,80,572,88,250,80,547,88,251","0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0","2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0","4.737460136,7.856492996,5.340356827,7.783504963,5.237494946,7.640817642,5.426836967,6.897242546,5.228057861,5.435415268,7.531185150,5.426837444,4.923079967,6.917997837,5.187493324,7.660722733,5.627426147,5.458142281,5.212494373,6.952660084,4.934730053,7.572426796,5.495558739,6.882013798,5.262493610,7.594254971,5.480869293,6.910377979,5.237494469,7.573482990,5.374089718,6.950065613",QUIC.Google,188.126,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,115,104362,10659,40534,15,3,12,0,1,7,8,11,0,4,0,55,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,1,5,1,2,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,15,0,13,2,0,0,15,8,7,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,115,104370,10659,40534,15,3,12,0,1,7,8,11,0,4,0,55,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,1,5,1,2,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,15,0,13,2,0,0,15,8,7,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/instagram.pcap.out b/test/results/flow-analyse/default/instagram.pcap.out index 3936b5941..b620f9d64 100644 --- a/test/results/flow-analyse/default/instagram.pcap.out +++ b/test/results/flow-analyse/default/instagram.pcap.out @@ -9,4 +9,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,2.22.236.51,192.168.0.103,tcp,80,44151,info,17,15,1436720952553865,1436720952574830,1436720952572908,1418,0,1418,0,24106,0,1,31,1290.6,3846,1167.1,1362190.6,4.3,"122,2106,427,3387,31,3174,2289,427,946,1892,213,2563,1831,3785,61,3846,183,1342,1312,367,183,213,275,519,519,885,854,2075,2106,2014,61",52,805.3,1470,707.6,500717.4,4.3,"1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,1470","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0","7.838996410,5.123517990,7.796014309,7.834145069,5.123517990,5.085056305,7.799090385,5.085056305,7.778009892,7.746161938,5.046594620,5.085056305,7.694964409,5.085056305,7.722822666,7.781306744,5.161979675,5.109000683,7.744096756,5.161979675,7.786537647,5.161979675,7.830977440,5.161979675,7.801307678,5.123517990,7.796917439,5.123517990,7.805510998,5.123517990,7.825653553,7.826405048",,,,,,,,"" 1,ip4,192.168.2.17,31.13.86.52,tcp,49357,443,info,15,17,1568796254514906,1568796265194500,1568796265280665,0,0,597,1388,2170,10887,0,6,691785.6,10469815,2560795.0,6557671096320.0,1.2,"11096,12433,1241,548,13252,614,103,14204,568,14367,12466,169576,258,200,98,307,55,169,229,6,169709,106,1819,218,113,542,10413415,52212,10469815,9752,75862",52,460.7,1440,528.6,279392.3,4.1,"64,60,52,471,649,52,52,274,52,136,230,52,825,1440,1440,1440,1440,1440,628,1440,86,52,52,52,52,52,52,587,587,52,52,828","10,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1","4.215376377,5.115063667,4.860988617,7.062851906,7.630533695,5.014835358,4.976373672,6.836615562,4.884933949,6.378606796,7.007258415,4.822527409,7.742178440,7.852344990,7.873802185,7.849394321,7.865141869,7.857724190,7.720446110,7.850056171,5.757548332,4.976373672,4.976373672,4.937912464,4.937911987,4.899450779,4.976373672,7.590856075,7.594714642,5.053297043,5.053297043,7.784784317",TLS.Instagram,91.211,1,Fun,SocialNetwork,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,299,322254,116573,413697,38,6,32,4,9,7,30,18,1,5,0,150,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,16,5,7,18,0,0,0,0,0,0,0,0,0,0,0,5,18,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,14,0,0,0,0,38,0,0,30,7,1,0,38,30,7,1,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,299,322257,116573,413697,38,6,32,4,9,7,30,18,1,5,0,150,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,16,5,7,18,0,0,0,0,0,0,0,0,0,0,0,5,18,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,14,0,0,0,0,38,0,0,30,7,1,0,38,30,7,1,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/iphone.pcap.out b/test/results/flow-analyse/default/iphone.pcap.out index 5af6cda0e..f8daa4454 100644 --- a/test/results/flow-analyse/default/iphone.pcap.out +++ b/test/results/flow-analyse/default/iphone.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.17,92.123.77.26,tcp,50587,443,info,18,14,1582454599934729,1582454600290030,1582454600371223,0,0,1440,1440,3458,5165,0,4,25541.8,147307,44603.2,1989448704.0,3.2,"33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566",52,322.1,1492,461.1,212650.1,3.9,"64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52","10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1","4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167",TLS.AppleiTunes,91.145,1,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.17,17.248.185.87,tcp,50581,443,info,20,12,1582454598721885,1582454600432880,1582454600398737,0,0,1440,1440,13211,8177,0,19,109285.4,803512,185220.7,34306707456.0,3.4,"145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245",52,721.0,1492,667.3,445284.8,4.3,"64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492","8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0","4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625",TLS.AppleiCloud,91.143,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,356,326907,99351,91009,51,3,48,0,4,1,50,40,0,0,0,156,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,38,8,39,3,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,1,31,0,0,2,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,46,5,0,15,31,1,4,51,50,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,356,326923,99351,91009,51,3,48,0,4,1,50,40,0,0,0,156,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,38,8,39,3,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,1,31,0,0,2,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,46,5,0,15,31,1,4,51,50,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/lagofast.pcap.out b/test/results/flow-analyse/default/lagofast.pcap.out index b75842369..73c2380a7 100644 --- a/test/results/flow-analyse/default/lagofast.pcap.out +++ b/test/results/flow-analyse/default/lagofast.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,124,118492,10830,0,30,0,30,0,0,0,30,0,0,0,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,13,5,17,8,0,0,0,0,0,0,0,0,20,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,13,17,0,0,30,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,124,118494,10830,0,30,0,30,0,0,0,30,0,0,0,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,13,5,17,8,0,0,0,0,0,0,0,0,20,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,13,17,0,0,30,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/line.pcap.out b/test/results/flow-analyse/default/line.pcap.out index 189875754..26bbb5a7b 100644 --- a/test/results/flow-analyse/default/line.pcap.out +++ b/test/results/flow-analyse/default/line.pcap.out @@ -1,7 +1,7 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.0.2.15,125.209.252.210,udp,50835,20610,finished,19,13,608455689,610177798,609998416,30,0,872,740,2795,1792,0,41,105317.3,602060,182193.2,33194352640.0,3.4,"500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443",58,171.3,900,234.5,54984.5,4.1,"900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65","1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0","7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036",LineCall,316,1,Acceptable,VoIP,6,DPI,"" -1,ip4,10.200.3.125,147.92.165.194,tcp,57841,443,finished,14,18,1663913332980371,1663913336388129,1663913336380823,0,0,296,334,1142,1292,1,6905,219619.7,2533141,601190.4,361429958656.0,2.8,"74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143",40,118.1,374,90.9,8262.1,4.6,"100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89","1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0","5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,10.200.3.125,147.92.165.194,tcp,57841,443,info,14,18,1663913332980371,1663913336388129,1663913336380823,0,0,296,334,1142,1292,1,6905,219619.7,2533141,601190.4,361429958656.0,2.8,"74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143",40,118.1,374,90.9,8262.1,4.6,"100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89","1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0","5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141",TLS,91,1,Safe,Web,6,DPI,"" 1,ip4,10.200.3.125,147.92.242.232,tcp,58160,443,info,14,18,1663913333003014,1663913342823022,1663913342822836,0,0,573,1460,3181,4192,0,0,633542.9,7306445,1725177.1,2976235913216.0,2.7,"237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727",40,272.5,1500,367.3,134881.6,4.1,"52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40","6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0","4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883",TLS.Line,91.315,1,Acceptable,Chat,6,DPI,"15" 1,ip4,10.200.3.125,147.92.169.90,udp,51161,29070,finished,19,13,1663913345063942,1663913345289714,1663913345324209,31,0,853,542,9673,6723,0,0,15678.7,225047,51123.4,2613605376.0,1.5,"175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48",59,540.4,881,131.0,17170.0,4.9,"881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570","1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1","7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664",LineCall,316,1,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,51,52756,25568,23936,5,1,4,1,4,0,5,2,0,1,0,25,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,4,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,3,0,0,0,0,0,0,5,0,0,2,3,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,51,52752,25568,23936,5,1,4,1,4,0,5,2,0,1,0,25,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,4,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,3,0,0,0,0,0,0,5,0,0,2,3,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/lol_wild_rift_udp.pcap.out b/test/results/flow-analyse/default/lol_wild_rift_udp.pcap.out index 658efcc68..65d68af1f 100644 --- a/test/results/flow-analyse/default/lol_wild_rift_udp.pcap.out +++ b/test/results/flow-analyse/default/lol_wild_rift_udp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,25139,251,1077,5,0,5,0,0,0,5,0,0,0,0,8,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,25119,251,1077,5,0,5,0,0,0,5,0,0,0,0,8,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/matter_onoff.pcapng.out b/test/results/flow-analyse/default/matter_onoff.pcapng.out new file mode 100644 index 000000000..484d22092 --- /dev/null +++ b/test/results/flow-analyse/default/matter_onoff.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +113,ip6,fd5e:a43d:fedd::af13:b2b3:fc69:f7e0,fd5e:a43d:fedd::af13:b2b3:fc69:f7e0,udp,5542,5540,finished,21,11,1641326694097666,1641326694125479,1641326694123752,18,0,556,559,1958,2420,0,74,1738.7,7389,1916.1,3671347.2,4.2,"754,1491,2490,2536,980,481,74,791,1137,129,1879,1785,137,1211,1055,130,1146,986,130,2911,5249,180,4300,2712,217,2235,989,129,7389,7345,921",66,184.8,607,162.2,26323.5,4.6,"118,177,136,171,103,74,114,66,112,117,82,112,107,82,585,107,82,607,139,82,458,139,82,422,344,82,112,604,82,118,82,216","1,11,6,0,0,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,4,1,1,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","5.707329750,6.364796162,6.126908779,6.566694260,5.641691208,4.480421543,5.992292881,4.747190952,5.934601307,5.976493359,5.304888725,6.086561203,5.916059971,5.368854046,7.584079742,5.848347664,5.411656380,7.636106491,6.291174412,5.411656380,7.470847130,6.330708981,5.353669643,7.469085217,7.220839500,5.396471977,6.086561680,7.546925068,5.387265682,6.060663223,5.286477089,6.635004044",Matter,457,0,Acceptable,IoT-Scada,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,28,28103,13317,3242,3,0,3,0,1,0,3,0,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mismatching_hostname.pcap.out b/test/results/flow-analyse/default/mismatching_hostname.pcap.out new file mode 100644 index 000000000..7a5a3bda9 --- /dev/null +++ b/test/results/flow-analyse/default/mismatching_hostname.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.7,51.38.65.98,tcp,35162,443,info,16,16,1760686200815296,1760686201483204,1760686201478562,0,0,1038,1440,1711,5791,0,2,42941.1,312973,63431.0,4023491328.0,3.9,"49889,53851,4369,39948,2085,112,7,39750,2472,2,2652,43034,74,36580,13260,12743,24878,24888,89899,89590,35956,7045,87216,192273,312973,76605,34738,691,36324,8677,8593",52,286.9,1492,411.5,169326.6,4.0,"60,60,52,306,52,1492,1492,279,52,52,52,116,307,307,87,114,52,1154,1090,52,122,52,574,52,90,52,264,52,142,52,450,52","9,2,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,1,0,0,0,0,3,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0","4.771797657,5.260978699,5.118428230,6.109217167,5.171406746,7.856598377,7.879835606,7.200346947,5.180834293,5.103910923,5.180834293,6.022691250,7.287860394,7.204682350,5.817579746,6.303006649,5.142372608,7.848276138,7.838791847,5.171406746,6.371196747,5.132945538,7.614748001,5.156889915,5.901170731,5.209868431,7.135586262,5.248330116,6.601037025,5.233812809,7.481281757,5.233812809",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"15" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,14,14139,6859,26473,1,0,1,0,1,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mpeg-dash.pcap.out b/test/results/flow-analyse/default/mpeg-dash.pcap.out index b48fb1f45..35e47e783 100644 --- a/test/results/flow-analyse/default/mpeg-dash.pcap.out +++ b/test/results/flow-analyse/default/mpeg-dash.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,28565,2220,1591,4,0,4,0,0,0,4,1,0,1,0,13,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,28551,2220,1591,4,0,4,0,0,0,4,1,0,1,0,13,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mudfish.pcap.out b/test/results/flow-analyse/default/mudfish.pcap.out index eb5a2760f..68f22db67 100644 --- a/test/results/flow-analyse/default/mudfish.pcap.out +++ b/test/results/flow-analyse/default/mudfish.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.102,14.63.214.216,tcp,50023,10010,finished,17,15,1740392849077905,1740392849903033,1740392849900566,0,0,7,4356,7,27563,0,0,53154.5,274366,107961.7,11655734272.0,2.6,"273246,273648,0,274151,9,88,184,317,274366,0,0,105,41,263,0,0,0,159,272830,272927,721,226,661,232,126,248,7,330,256,181,2467",40,906.6,4396,1294.7,1676122.4,3.7,"52,52,46,47,40,141,1492,2944,4396,52,52,52,2944,1492,52,52,46,46,46,1492,52,1492,1492,52,2944,52,1366,1492,46,4396,46,46","17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,6,0,5","0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,0,1,1,0,1,0,1,1,0,1,0,0","4.724882126,4.916693211,4.457920074,5.182038784,4.830641270,5.374808788,4.966568470,4.891940594,4.879790783,5.050932407,5.065449238,5.103910923,4.922792912,4.863374710,5.065449238,5.065449238,4.588354588,4.588354588,4.588354588,4.931734562,5.103910923,4.974353313,4.975913525,5.065449238,4.881751060,4.964581490,4.961178303,4.943034172,4.588354588,4.877346516,4.588354588,4.501397610",Mudfish,454,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,64,48488,18,72814,11,1,10,0,1,0,11,0,0,0,0,27,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,1,10,0,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,64,48490,18,72814,11,1,10,0,1,0,11,0,0,0,0,27,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,1,10,0,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/naver.pcap.out b/test/results/flow-analyse/default/naver.pcap.out index 455772f63..804019fdb 100644 --- a/test/results/flow-analyse/default/naver.pcap.out +++ b/test/results/flow-analyse/default/naver.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,26093,1551,10972,3,0,3,0,0,0,3,3,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,26099,1551,10972,3,0,3,0,0,0,3,3,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nest_log_sink.pcap.out b/test/results/flow-analyse/default/nest_log_sink.pcap.out index 82f1a0eeb..5d8a27bd5 100644 --- a/test/results/flow-analyse/default/nest_log_sink.pcap.out +++ b/test/results/flow-analyse/default/nest_log_sink.pcap.out @@ -10,4 +10,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.242.15,35.174.82.237,tcp,63350,11095,finished,18,14,1536718052990525,1536718206570249,1536718206634864,0,0,531,677,1623,1739,0,1252,9910454.0,60155801,20689402.0,428051338887168.0,2.7,"68635,72232,634362,701888,15937,150934,1314255,1491295,109213,70989,18037,93450,70186,72141,7151,80030,74076,77118,76505,41618,115484,208508,59946855,60155801,60057740,60124304,30586012,30652885,66856,1252,68314",40,147.1,717,180.1,32452.7,4.2,"46,44,46,571,40,717,46,92,40,244,40,100,162,669,46,220,190,220,201,46,332,102,46,46,40,40,46,102,40,46,46,40","10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1","4.260394096,4.921897411,4.434307098,6.934753895,4.931686878,7.082575321,4.501398087,5.325510979,4.981687546,6.942802429,4.981687069,5.756309986,6.493349075,7.689117908,4.434307098,6.784736156,6.532172680,6.853400707,6.767163754,4.457919598,7.212311268,5.867391586,4.501398087,4.544876099,5.031687260,5.031687260,4.544876099,5.644305706,5.031687260,4.544876099,4.588354588,5.031687260",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" 1,ip4,192.168.242.15,35.174.82.237,tcp,63352,11095,finished,18,14,1536718206572751,1536718392321066,1536718332214337,0,0,532,676,1942,1904,0,4658,10044835.0,60173109,21953530.0,481957439864832.0,2.6,"65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330",40,162.2,716,185.8,34529.8,4.3,"46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46","10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0","4.347350597,4.967352390,4.434307098,6.920494080,4.981687546,7.105970383,4.544876099,5.378740311,4.881687164,7.440455914,4.812814713,5.615177631,6.437895298,7.618911266,4.434307098,6.860777378,6.737969398,6.892507076,6.603207111,6.959574699,6.884947777,4.457919598,7.273610592,5.848325729,4.414441586,4.501398087,4.831686974,4.544876099,4.881687164,4.501398087,4.881687164,4.544876099",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,167,148313,55213,20167,17,12,5,8,10,1,16,4,0,0,0,80,1,0,1,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,13,4,0,0,17,16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,167,148279,55213,20167,17,12,5,8,10,1,16,4,0,0,0,80,1,0,1,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,13,4,0,0,17,16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/netease_games.pcapng.out b/test/results/flow-analyse/default/netease_games.pcapng.out index d63087359..13929e567 100644 --- a/test/results/flow-analyse/default/netease_games.pcapng.out +++ b/test/results/flow-analyse/default/netease_games.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,42,34275,874,782,5,0,5,0,0,0,5,3,0,1,0,19,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,2,0,0,0,0,0,0,5,0,0,1,4,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,42,34269,874,782,5,0,5,0,0,0,5,3,0,1,0,19,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,2,0,0,0,0,0,0,5,0,0,1,4,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/netflix.pcap.out b/test/results/flow-analyse/default/netflix.pcap.out index 56918b23f..ac52e0a9e 100644 --- a/test/results/flow-analyse/default/netflix.pcap.out +++ b/test/results/flow-analyse/default/netflix.pcap.out @@ -27,4 +27,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.7,184.25.204.10,tcp,53252,80,finished,6,26,1484319118658049,1484319118854817,1484319119584735,0,0,245,1448,245,34752,0,508,36240.5,99830,21554.2,464585632.0,4.7,"16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489",52,1146.7,1500,613.3,376142.5,4.7,"64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" 1,ip4,192.168.1.7,184.25.204.10,tcp,53251,80,finished,14,18,1484319118657433,1484319120611345,1484319120609765,0,0,245,1448,490,22387,0,241,126007.9,1416280,340787.6,116136157184.0,2.6,"15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156",52,767.5,1500,698.9,488505.9,4.3,"64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52","12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0","4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,557,562420,117204,768140,61,31,30,9,27,1,60,69,0,31,0,266,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,49,0,32,28,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,13,0,0,0,1,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,68,18,1,0,0,0,0,61,0,0,47,13,0,1,61,60,1,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,32,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0 +0,557,562266,117204,768140,61,31,30,9,27,1,60,69,0,31,0,266,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,49,0,32,28,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,13,0,0,0,1,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,68,18,1,0,0,0,0,61,0,0,47,13,0,1,61,60,1,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,32,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0 diff --git a/test/results/flow-analyse/default/nexon.pcapng.out b/test/results/flow-analyse/default/nexon.pcapng.out index 4ab911db7..158401da9 100644 --- a/test/results/flow-analyse/default/nexon.pcapng.out +++ b/test/results/flow-analyse/default/nexon.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.67,54.64.252.215,tcp,46824,9995,finished,17,15,1742389906169830,1742390001417221,1742390001680430,0,0,224,28,880,36,0,44,6153483.5,43050817,11570571.0,133878106816512.0,3.3,"263659,306129,821,306586,44,307390,74,307185,313383,2118528,2477124,7517181,7472379,291234,291203,25327845,25327915,1611489,1610944,265504,265357,43050071,43050817,266877,266488,9059166,9059123,289475,289534,4522224,4522242",52,81.1,276,43.7,1910.2,4.8,"60,60,52,76,52,60,100,52,80,52,108,52,108,52,108,52,276,52,108,52,116,52,116,52,108,52,108,52,108,52,116,52","5,8,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.813301563,5.346035480,5.195351124,5.435106754,5.325253010,5.093415737,6.106114388,5.156889439,5.743621826,5.118427753,6.171375751,5.286791325,6.270958900,5.209868431,6.164386272,5.248329639,7.040317535,5.171406746,6.261518478,5.248329639,6.273720264,5.118427753,6.418159008,5.171406746,6.134338379,5.171406746,6.159847260,5.209868431,6.194433689,5.171406269,6.331952095,5.130219936",Nexon,113,0,Fun,Game,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,15479,4489,1115,2,1,1,0,1,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,15469,4489,1115,2,1,1,0,1,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nintendo.pcap.out b/test/results/flow-analyse/default/nintendo.pcap.out index b6a2c67ad..16cb4e072 100644 --- a/test/results/flow-analyse/default/nintendo.pcap.out +++ b/test/results/flow-analyse/default/nintendo.pcap.out @@ -1,8 +1,8 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.114,91.8.243.35,udp,52119,49432,finished,16,16,1500731320644357,1500731323575958,1500731323714896,60,0,188,812,1264,2736,0,53,193617.4,1729670,331922.2,110172323840.0,3.6,"87919,239629,335441,89838,30639,131192,103304,499986,507312,130872,234805,19308,15810,5164,16850,12585,53490,8758,197,60833,14170,505639,501514,5142,514446,94641,233,1729670,53,52619,81",88,153.0,840,179.5,32207.0,4.5,"88,88,184,216,104,88,136,104,88,104,136,120,104,104,104,840,104,840,88,88,104,88,88,88,88,88,104,104,104,104,104,104","0,7,7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,4,8,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1","6.054771423,6.070055008,6.784899235,6.928938866,6.170448780,6.114374638,6.682166576,6.236359596,6.114374638,6.332513809,6.593932629,6.402483463,6.228141308,6.167903423,6.240113258,6.264906406,6.300350189,5.915572166,5.837212563,5.851361752,6.208909988,5.936699867,6.078633785,6.168406963,6.024600983,5.979146481,6.063282490,6.067996502,6.005589962,6.166695118,6.181211948,6.193184376",Nintendo,173,0,Fun,Game,6,DPI,"" -1,ip4,54.187.10.185,192.168.12.114,tcp,443,48328,finished,19,13,1500731322454625,1500731342015923,1500731342041758,0,0,334,405,1090,1094,1,43,1262852.6,14019058,3442938.0,11853821378560.0,2.4,"6277,307132,3508675,3481620,246,43,276417,18546,55237,145,35743,210876,214177,255332,13944464,14019058,757,51,5265,332523,29922,280387,254222,215658,3394,13561,231064,4335,258992,453544,730768",52,120.2,457,98.4,9678.6,4.6,"152,103,52,119,52,110,99,52,103,152,152,52,52,103,52,457,52,99,386,152,52,103,52,368,52,109,99,52,103,52,152,103","8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1","6.479545116,5.785408020,5.038780212,5.979954243,4.955154419,6.040005207,6.008045197,5.003043652,5.726619720,6.592999458,6.614606380,4.988526344,5.077241898,5.668902874,5.000318527,7.493407249,5.115703106,6.091131687,7.370351791,6.507602692,5.003043175,5.784872532,5.077241898,7.341584682,5.077241898,6.192684174,5.995468616,5.079966545,5.751333237,5.077241898,6.654079914,5.719826698",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,54.187.10.185,192.168.12.114,tcp,443,48328,info,19,13,1500731322454625,1500731342015923,1500731342041758,0,0,334,405,1090,1094,1,43,1262852.6,14019058,3442938.0,11853821378560.0,2.4,"6277,307132,3508675,3481620,246,43,276417,18546,55237,145,35743,210876,214177,255332,13944464,14019058,757,51,5265,332523,29922,280387,254222,215658,3394,13561,231064,4335,258992,453544,730768",52,120.2,457,98.4,9678.6,4.6,"152,103,52,119,52,110,99,52,103,152,152,52,52,103,52,457,52,99,386,152,52,103,52,368,52,109,99,52,103,52,152,103","8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1","6.479545116,5.785408020,5.038780212,5.979954243,4.955154419,6.040005207,6.008045197,5.003043652,5.726619720,6.592999458,6.614606380,4.988526344,5.077241898,5.668902874,5.000318527,7.493407249,5.115703106,6.091131687,7.370351791,6.507602692,5.003043175,5.784872532,5.077241898,7.341584682,5.077241898,6.192684174,5.995468616,5.079966545,5.751333237,5.077241898,6.654079914,5.719826698",TLS,91,1,Safe,Web,6,DPI,"" 1,ip4,192.168.12.114,185.118.169.65,udp,55915,27520,finished,22,10,1500731342849734,1500731344006747,1500731344120690,60,0,844,844,2472,1560,0,25,78321.6,754134,152593.1,23284658176.0,3.2,"280,397,210011,243,431,203806,304,212,311877,2339,183,754134,1127,30674,588,242272,245592,5517,2752,1899,125604,98,25,109131,222,10721,20118,10437,105846,2222,28907",88,154.0,872,186.2,34652.0,4.5,"104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,88,104,104,104,104,872,88,872,104,104,88","0,2,18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,1,1,1,0,0,1,0,0,1,1,1","6.027614594,6.162230015,5.955404758,6.008383274,6.027614117,5.981129169,5.969922066,6.066075802,6.046844959,5.974635601,6.058817387,6.054103374,6.103913307,6.176122665,6.046596527,6.109002590,6.645735741,5.936699867,6.072710037,6.149633408,6.658484459,6.054296017,6.158073902,6.254228115,6.048765182,6.142750740,5.609991074,5.891245842,5.565810204,6.126870632,6.246969700,5.874088764",Nintendo,173,0,Fun,Game,6,DPI,"" 1,ip4,192.168.12.114,93.237.131.235,udp,55915,56066,finished,22,10,1500731343061460,1500731344751616,1500731344671142,60,0,844,844,4168,1560,0,67,106446.4,757918,188381.8,35487694848.0,3.4,"726,2728,200750,236,363,313750,216,309,757918,67,245897,246,38434,238,116689,3047,25905,110485,1189,79734,7959,87905,10077,91853,20145,506365,607064,9714,10174,12917,36738",88,207.0,872,231.8,53743.0,4.4,"104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,168,88,872,88,872,88,104,104,88,344,840,472,472","0,3,13,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,0,1,1,1,0,0,0,0,0","6.039587021,6.058817387,5.969922066,6.032328129,6.054103374,6.019590855,6.073334694,6.111796379,6.092565060,6.168863773,6.214584351,6.109002590,6.140205860,6.123519897,6.154723167,6.208508015,6.138843060,6.726152897,5.973575592,6.683043003,5.940660000,5.584841251,5.973575592,5.570620537,5.787140369,6.150815010,6.182018280,6.004880905,7.315718174,5.846724510,6.181584358,6.204835892",Nintendo,173,0,Fun,Game,6,DPI,"" 1,ip4,192.168.12.114,81.61.158.138,udp,55915,51769,finished,20,12,1500731343266581,1500731344811760,1500731344805333,60,0,844,844,2304,1712,0,137,99481.6,649265,183756.7,33766533120.0,3.2,"295,399,313495,260,289,284287,137,381,629371,5230,43658,5349,61371,137,131610,65365,7948,186,836,31052,435,67583,2946,484,7525,105852,5669,103301,9836,549379,649265",88,153.5,872,186.3,34709.8,4.4,"104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,104,104,88,104,104,872,88,872,88,104,104,88","0,3,15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0","6.066075802,6.142999172,6.123768806,6.032328606,6.188719273,6.181460857,6.181460857,6.169488430,6.111796379,6.038962364,6.065451622,6.120974541,6.128233433,6.053479195,6.116261482,6.740974426,6.004880905,6.097030163,6.166695118,6.774616718,6.150815487,6.220480442,5.905394077,6.170046329,6.234997272,5.541868210,5.928121090,5.589448929,6.027608395,6.189277172,6.140205860,6.004880905",Nintendo,173,0,Fun,Game,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,164,136859,151475,137750,21,2,19,0,5,6,15,9,0,2,0,84,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,13,1,5,9,0,0,0,0,0,0,0,0,0,0,0,1,0,0,9,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0,4,15,2,0,21,15,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,164,136863,151475,137750,21,2,19,0,5,6,15,9,0,2,0,84,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,13,1,5,9,0,0,0,0,0,0,0,0,0,0,0,1,0,0,9,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0,4,15,2,0,21,15,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ocs.pcap.out b/test/results/flow-analyse/default/ocs.pcap.out index ecc5db1b2..9f6aaea4f 100644 --- a/test/results/flow-analyse/default/ocs.pcap.out +++ b/test/results/flow-analyse/default/ocs.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 12,ip4,192.168.180.2,178.248.208.54,tcp,49881,80,finished,32,0,1449652787983929,1449652790713183,1449652787983929,0,0,663,0,663,0,0,450,88040.5,928563,172609.9,29794174976.0,3.5,"83797,14275,246872,572,450,68391,1837,71492,506,5433,4137,41728,146026,90832,71054,77421,63432,3718,80468,1653,86121,564,67336,32599,43283,386587,73735,2510,928563,31722,2140",52,83.1,715,113.8,12942.2,4.5,"60,52,715,64,72,72,80,72,72,72,72,72,64,52,64,64,64,52,52,52,52,64,64,64,64,52,52,64,64,52,64,64","31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.517588139,5.123517990,6.025798798,5.070159912,5.236322403,5.173415184,5.239589214,5.201192856,5.264100075,5.236322403,5.236322403,5.182154179,5.152114868,5.091758728,5.194910049,5.194910049,5.132410049,5.154164791,5.115703106,5.115703106,5.032077789,5.132410049,5.163660049,5.132410049,5.163660049,5.115703106,5.168681622,5.220060349,5.169355392,5.008133411,5.120864868,5.077819824",HTTP.OCS,7.218,0,Fun,Media,6,DPI,"46" 12,ip4,192.168.180.2,178.248.208.210,tcp,42590,80,finished,32,0,1449652842628827,1449652843470951,1449652842628827,0,0,152,0,152,0,0,77,27165.3,79495,29589.7,875550464.0,4.0,"71399,1526,54762,1106,3570,59902,605,77,5328,64776,1667,1533,79495,5458,58361,1849,64604,1987,67520,26503,42864,25995,65439,972,48553,1253,1960,1270,75524,1445,4821",52,63.9,204,26.3,690.5,4.9,"60,52,204,52,52,52,52,52,64,64,64,64,72,64,64,72,72,72,64,64,64,52,52,52,52,52,52,52,52,52,64,72","31,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.550921917,5.046595097,5.875504971,5.154164791,5.115703106,5.154164791,5.192625999,5.154164791,5.194910049,5.226160049,5.194910049,5.226160049,5.329917908,5.226160049,5.251310349,5.296718597,5.391922951,5.336368084,5.251310349,5.294355392,5.294355392,5.207143307,5.154164314,5.168681622,5.091758728,5.168681622,5.168681622,5.130220413,5.168681622,5.207143307,5.313810349,5.324496269",HTTP.OCS,7.218,0,Fun,Media,6,DPI,"11,46" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,139,114810,12361,0,20,5,15,7,2,2,18,2,0,9,0,65,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,2,2,12,4,0,0,0,0,0,0,0,4,0,0,1,5,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,3,0,8,0,0,0,0,20,0,0,12,8,0,0,20,18,2,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,139,114806,12361,0,20,5,15,7,2,2,18,2,0,9,0,65,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,2,2,12,4,0,0,0,0,0,0,0,4,0,0,1,5,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,3,0,8,0,0,0,0,20,0,0,12,8,0,0,20,18,2,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ocsp.pcapng.out b/test/results/flow-analyse/default/ocsp.pcapng.out index 2c584d91b..5fb00168b 100644 --- a/test/results/flow-analyse/default/ocsp.pcapng.out +++ b/test/results/flow-analyse/default/ocsp.pcapng.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.128,52.85.15.92,tcp,49382,80,finished,17,15,1623227471703092,1623227587366039,1623227587361645,0,0,396,1006,396,1006,0,379,7461984.0,10240568,4364520.0,19049033498624.0,4.6,"11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865",104,148.3,1110,185.9,34567.0,4.5,"112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104","16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","3.872647047,4.259160519,4.034724236,6.288679600,4.284656048,6.962940216,4.381252289,4.381252289,4.315859318,4.362021446,4.250907898,4.362021446,4.335090160,4.354762554,4.277397633,4.283735275,4.335090160,4.381252289,4.315859318,4.362021446,4.284656048,4.381252289,4.284656048,4.323559761,4.335090160,4.335531712,4.296628475,4.362021446,4.315859318,4.329455853,4.250907898,4.369279861",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" 1,ip4,192.168.1.128,23.12.96.145,tcp,49034,80,finished,17,15,1623229850956311,1623229914599193,1623229904370774,0,0,387,1448,1159,5872,0,0,3776043.2,10241196,4797137.5,23012529143808.0,3.6,"12234,16624,475,17773,3362,0,21718,0,1169650,1186786,9796,0,24736,0,1031529,1046686,2550,0,18982,0,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196",104,324.2,1552,431.7,186386.9,4.1,"112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104","14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0","3.854789734,4.239557266,4.034724236,6.314732075,4.338077068,7.042398453,7.244339943,4.381252289,4.362021446,6.303278446,4.335968971,7.031822681,7.242278576,4.270580769,4.335531712,6.231549740,4.350049019,7.030226231,7.237232208,4.342790604,4.323559761,4.400483131,4.426972389,4.400483131,4.426972389,4.362021446,4.426972389,4.335532188,4.388510704,4.400482655,4.426972389,4.400482655",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,94,87776,6995,26118,10,10,0,0,6,0,10,1,0,0,0,50,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,94,87797,6995,26118,10,10,0,0,6,0,10,1,0,0,0,50,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openvpn.pcap.out b/test/results/flow-analyse/default/openvpn.pcap.out index 9bf578484..15fbbf231 100644 --- a/test/results/flow-analyse/default/openvpn.pcap.out +++ b/test/results/flow-analyse/default/openvpn.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,3.111.166.78,85.134.13.165,udp,51146,1194,finished,18,14,1512848303527265,1512848306813195,1512848307027916,14,0,126,1200,1541,4853,0,55,218922.0,2241123,513027.0,263196672000.0,2.8,"216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926",46,227.9,1228,364.9,133184.4,3.9,"46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50","5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1","4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043",OpenVPN,159,1,Acceptable,VPN,6,DPI,"" 1,ip4,127.0.0.1,127.0.0.1,tcp,36138,443,finished,16,16,1674530805823658,1674530806238844,1674530806238807,0,0,1460,1386,3980,4153,0,34,26785.0,221529,54768.3,2999562752.0,3.1,"22199,22283,1235,1541,24351,24605,380,617,225,122,221396,221529,844,1007,149,112,201,197,52335,56406,4152,2697,123,2780,147,117,34,22205,65582,61984,18780",40,296.7,1500,446.1,199012.8,3.8,"60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40","7,1,4,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0","10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,0","4.369529724,4.398030758,4.339823246,5.763498783,3.898455381,5.946529865,4.389823437,5.850727081,3.985411644,7.430057526,3.941933870,7.823157787,4.339823246,5.788781643,7.836597443,4.289823055,3.985411644,5.865244389,3.985411644,7.759013176,5.942167759,3.985411882,7.803529263,7.856170654,3.985411882,7.761924267,3.985411882,3.941933393,5.743062019,4.172574520,7.582319260,4.339823246",OpenVPN,159,1,Acceptable,VPN,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,96,91694,49021,52809,10,1,9,0,6,0,10,0,0,8,0,50,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,8,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,96,91688,49021,52809,10,1,9,0,6,0,10,0,0,8,0,50,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,8,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openvpn_nohmac.pcapng.out b/test/results/flow-analyse/default/openvpn_nohmac.pcapng.out index 62d58ab0c..0b77f5313 100644 --- a/test/results/flow-analyse/default/openvpn_nohmac.pcapng.out +++ b/test/results/flow-analyse/default/openvpn_nohmac.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,3.111.166.78,85.134.13.165,udp,51146,1194,finished,18,14,1512848303527265,1512848306813195,1512848307027916,14,0,126,1200,1541,4853,0,55,218922.0,2241123,513027.0,263196672000.0,2.8,"216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926",46,227.9,1228,364.9,133184.4,3.9,"46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50","5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1","4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043",OpenVPN,159,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,11196,113447,150832,1,0,1,1,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,11188,113447,150832,1,0,1,1,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/paltalk.pcapng.out b/test/results/flow-analyse/default/paltalk.pcapng.out index 45eeb490b..16c94a373 100644 --- a/test/results/flow-analyse/default/paltalk.pcapng.out +++ b/test/results/flow-analyse/default/paltalk.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,33,26120,1047,1460,4,0,4,0,0,0,4,1,0,1,0,16,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,2,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,33,26131,1047,1460,4,0,4,0,0,0,4,1,0,1,0,16,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,2,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pinterest.pcap.out b/test/results/flow-analyse/default/pinterest.pcap.out index be4530cbd..88245ae0e 100644 --- a/test/results/flow-analyse/default/pinterest.pcap.out +++ b/test/results/flow-analyse/default/pinterest.pcap.out @@ -6,11 +6,11 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7854,tcp,33280,443,info,16,16,1605289714658043,1605289714873020,1605289714873010,0,0,517,1048,1043,6264,0,0,13869.2,89623,22425.8,502918720.0,3.3,"39835,39893,388,39880,1850,1,41296,35,60,0,18,4,565,0,563,29,2922,2605,564,39805,119,1086,1924,0,36819,15,203,49740,40102,0,89623",72,300.8,1120,374.8,140490.0,4.1,"80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72","11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0","4.759509563,5.142373085,5.117740154,4.564804554,4.953123093,6.789499283,4.442035198,5.175263882,5.103079796,6.610801220,7.126421452,5.203041553,5.203041553,7.603042603,6.151700974,5.175263882,5.175263882,6.101224422,6.300935745,7.262635231,4.980900764,5.036456108,4.980900764,7.043718815,6.196548939,5.175263882,5.175263882,5.631328106,5.036456108,7.479037762,6.852047443,5.230819225",TLS.Pinterest,91.183,1,Fun,SocialNetwork,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::720,tcp,57050,443,info,16,16,1605289714782619,1605289714902517,1605289714903070,0,0,517,1388,1077,12561,0,0,7753.2,50337,15382.7,236626480.0,2.9,"50290,50337,220,31719,3102,0,34561,13,675,659,1179,1,1182,11,2643,116,155,32346,0,0,0,1,29460,6,548,1,0,514,15,6,589",72,498.7,1460,595.9,355070.7,4.0,"80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460","12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1","4.703702927,5.136080265,5.124309540,4.545345783,5.017591953,6.717867374,4.853471756,5.096531868,5.124309540,7.395221710,5.124309540,7.321218014,7.643990993,5.124309540,5.152087212,5.949683189,6.333797455,7.364598274,5.017591953,5.017591953,4.989814281,7.067564487,6.163845539,5.152087212,5.124309540,7.852941513,7.865815639,7.871354580,5.096531868,5.124309540,5.053668499,7.834792614",TLS,91,1,Fun,Media,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a03:2880:f030:13:face:b00c::3,tcp,51292,443,info,18,14,1605289715274358,1605289715471680,1605289715427326,0,0,517,1380,1347,5004,0,0,11299.7,93180,21751.5,473125984.0,3.0,"26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879",72,271.0,1452,368.4,135732.3,4.1,"80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199","12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0","5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"" -1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2003,tcp,43562,443,finished,9,23,1605289716168715,1605289716199465,1605289716199511,0,0,158,1208,281,21058,1,0,1985.4,28590,6415.7,41161208.0,1.8,"202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0",72,738.8,1280,578.2,334348.7,4.5,"230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280","7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1","6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618",TLS,91,1,Safe,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2003,tcp,43562,443,info,9,23,1605289716168715,1605289716199465,1605289716199511,0,0,158,1208,281,21058,1,0,1985.4,28590,6415.7,41161208.0,1.8,"202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0",72,738.8,1280,578.2,334348.7,4.5,"230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280","7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1","6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618",TLS,91,1,Safe,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::200a,tcp,47790,443,info,17,15,1605289715966342,1605289717653626,1605289716195463,0,0,517,1208,1280,4020,0,0,61819.5,1485939,260701.6,67965321216.0,1.6,"55481,55557,2604,45080,17803,15,60231,16,286,275,9398,2484,606,42880,0,228,1,30633,193,14864,14650,23014,0,23014,8,85,0,70,1606,29384,1485939",72,238.1,1280,317.7,100919.6,4.1,"80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237","11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0","4.830388546,5.236173153,5.083273411,4.664566517,5.024503708,7.801916599,7.849427700,5.232646465,5.204868793,7.603487968,5.204868793,6.090775967,6.470489025,7.520395279,5.107836723,5.107836723,5.080059052,7.600295067,5.194384098,5.756132126,5.672693253,5.166606426,7.483500957,6.249640465,5.177091122,5.204868793,5.886195660,5.135614395,5.204868793,5.955920696,5.135614395,6.860337257",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::200d,tcp,40894,443,info,16,16,1605289717548570,1605289717681759,1605289717681662,0,0,517,1208,959,10121,0,0,8589.7,42968,12964.6,168080032.0,3.5,"23434,23612,605,27825,5261,2,0,32335,48,7,3191,171,159,42968,880,1,157,40413,894,3393,2534,21369,1,21337,22,7799,1,0,1,7829,32",72,418.8,1280,492.4,242485.9,4.1,"80,80,72,589,72,1280,1280,322,72,72,72,136,164,327,72,72,72,652,72,103,103,72,876,1280,72,72,1280,1280,1280,1280,72,72","12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0","4.905389309,5.361174107,5.232646465,4.557852268,5.107836723,7.817549706,7.840916157,7.180346489,5.232646465,5.260424137,5.260424137,6.185771942,6.393667221,7.196280479,5.107836723,5.107836723,5.107836723,7.630718231,5.204868793,5.782878876,5.796528339,5.222161770,7.750598431,7.833017826,5.260424137,5.260424137,7.845281124,7.848848343,7.857541561,7.841633797,5.194384098,5.232646465",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80a::200e,tcp,45126,443,info,17,15,1605289732972740,1605289733216831,1605289733216812,0,0,517,1208,969,9927,0,0,15747.2,157269,35268.1,1243837184.0,2.7,"46894,46909,201,112030,45428,0,2,157269,9,5,2935,270,2964,37660,1,0,1100,1,0,32562,12,3,631,955,1,0,0,308,7,3,3",72,413.0,1280,486.7,236885.8,4.1,"80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72","13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0","4.855388165,5.286173344,5.149313450,4.600729942,5.080059052,7.797164440,7.832664490,7.507453918,5.138828754,5.081305504,5.166606903,6.092433929,6.575641632,7.259848118,5.043183804,5.097352505,5.052281380,7.626473904,7.461633682,7.832756042,5.149313450,5.132019997,5.083273411,5.775549889,7.833918095,7.851273537,7.839205742,7.857754707,5.121535778,5.177091122,5.111051083,5.177091122",TLS.Google,91.126,1,Tracker_Ads,Advertisement,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::84,tcp,38546,443,info,15,17,1605289732959160,1605289733287022,1605289733341107,0,0,517,1388,1151,10308,0,0,22897.1,135965,39614.3,1569289984.0,3.2,"46509,46553,392,49783,3591,0,52945,10,1267,1,1272,3,2358,266,496,109019,0,0,1,0,1,105909,5,6,6499,35807,111148,135965,1,2,0",72,430.6,1460,544.3,296293.8,4.0,"80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460","9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1","4.684510231,5.128057957,5.091930866,4.525407314,4.980900764,6.391155720,5.165083408,5.175263882,5.175263882,7.346390247,7.633969307,5.175263882,5.109223843,6.098253250,6.329233170,7.209453583,5.008678436,4.970416069,7.086939812,6.058278084,4.925345421,7.519527912,5.175263882,5.147486210,5.175263882,5.594966412,4.980900764,6.689027309,4.980900764,7.853739262,7.845409870,7.847467899",TLS.Pinterest,91.183,1,Fun,SocialNetwork,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7a6e,tcp,40114,443,info,16,16,1605289733399863,1605289733500742,1605289733511200,0,0,517,1048,1017,8749,0,1,6845.7,45476,12150.2,147627232.0,3.2,"20965,21014,506,37100,8905,1,45476,39,2004,2,1,1,1959,29,12,7,90,33,7803,454,394,31006,1,387,1,22756,38,359,8296,2575,2",72,377.7,1120,441.2,194656.5,4.1,"80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120","11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1","4.809510231,5.143908501,5.203041553,4.540377140,5.064233780,6.870509624,5.058271885,5.230819225,5.230819225,6.720662117,7.193079948,7.346520901,7.621092319,5.230819225,5.137001038,5.203041553,5.175263882,5.649272442,5.175263405,6.019917488,6.380431175,7.094295502,5.064233780,5.064233780,7.049797535,6.150704861,5.203041077,5.203041553,5.667691708,5.008678436,7.799199581,7.796170235",TLS,91,1,Tracker_Ads,Advertisement,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,295,296022,30054,337815,37,5,32,0,13,16,21,31,0,0,0,137,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,13,3,5,11,0,0,2,0,0,0,0,0,0,0,0,8,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,37,0,0,0,37,21,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,295,296018,30054,337815,37,5,32,0,13,16,21,31,0,0,0,137,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,13,3,5,11,0,0,2,0,0,0,0,0,0,0,0,8,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,37,0,0,0,37,21,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pluralsight.pcap.out b/test/results/flow-analyse/default/pluralsight.pcap.out index 99f3eefd5..81f8cd7e2 100644 --- a/test/results/flow-analyse/default/pluralsight.pcap.out +++ b/test/results/flow-analyse/default/pluralsight.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,73866,3540,23176,6,0,6,0,0,0,6,10,0,0,0,28,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,59,73850,3540,23176,6,0,6,0,0,0,6,10,0,0,0,28,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-analyse/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index ef2bbca0f..4425e4dcc 100644 --- a/test/results/flow-analyse/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/flow-analyse/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,667,947214,241650,0,113,0,113,123,0,0,113,0,0,0,0,179,1,0,1,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,113,3,72,21,0,0,17,0,0,0,0,21,0,0,0,59,0,1,0,0,0,0,0,5,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,113,0,0,0,0,0,0,0,0,0,0,0,0,113,0,0,0,113,0,0,113,113,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,667,969999,241650,0,113,0,113,123,0,0,113,0,0,49,0,179,1,0,1,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,113,3,72,21,0,0,17,0,0,0,0,21,0,0,0,59,0,1,0,0,0,0,0,5,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,113,0,0,0,0,0,0,0,49,0,0,0,0,113,0,0,0,113,0,0,113,113,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_interop_V.pcapng.out b/test/results/flow-analyse/default/quic_interop_V.pcapng.out index 1a0e79acd..88e8702e7 100644 --- a/test/results/flow-analyse/default/quic_interop_V.pcapng.out +++ b/test/results/flow-analyse/default/quic_interop_V.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,471,631779,229418,1702,77,0,77,0,0,0,77,30,0,58,0,207,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,44,0,77,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,77,0,0,0,0,0,36,62,0,0,0,0,0,42,35,0,0,63,9,5,77,77,0,0,0,0,0,0,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0 +0,471,631717,229418,1702,77,0,77,0,0,0,77,30,0,58,0,207,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,44,0,77,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,77,0,0,0,0,0,36,62,0,0,0,0,0,42,35,0,0,63,9,5,77,77,0,0,0,0,0,0,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_sh.pcap.out b/test/results/flow-analyse/default/quic_sh.pcap.out index 5967524d9..612c2dc4b 100644 --- a/test/results/flow-analyse/default/quic_sh.pcap.out +++ b/test/results/flow-analyse/default/quic_sh.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,27,27189,4124,16771,3,0,3,0,0,0,3,0,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,1,2,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,27,27199,4124,16771,3,0,3,0,0,0,3,0,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,1,2,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_t51.pcap.out b/test/results/flow-analyse/default/quic_t51.pcap.out index 2fd84dc44..e155766d1 100644 --- a/test/results/flow-analyse/default/quic_t51.pcap.out +++ b/test/results/flow-analyse/default/quic_t51.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,17054,2888,5904,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,17348,2888,5904,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quickplay.pcap.out b/test/results/flow-analyse/default/quickplay.pcap.out index 547722341..6fb5a0fd1 100644 --- a/test/results/flow-analyse/default/quickplay.pcap.out +++ b/test/results/flow-analyse/default/quickplay.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip4,10.54.169.250,120.28.35.40,tcp,52009,80,finished,18,14,1429000052217627,1429000090450568,1429000090229285,444,0,531,1400,8360,10852,1,182557,2459503.2,5871155,1331263.2,1772261736448.0,4.7,"2337891,2470825,5776550,5871155,324615,2084534,1689148,182557,2170257,2013275,645600,519622,2223724,2353455,480927,4401947,3911834,3909668,3936554,2356476,2338349,2619995,2626526,2264068,2270477,2391541,2349518,2604523,2641967,2224884,2252137",60,640.4,1440,347.9,121006.6,4.8,"484,1440,484,224,569,486,1232,569,486,838,571,60,488,1252,569,486,142,486,642,486,1108,486,1192,486,332,486,1440,486,946,486,564,486","0,0,0,0,0,0,0,0,0,0,0,0,0,13,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,1,2,0,0,0,0,0,2,0,0,0,0","0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","5.927153111,7.868373871,5.963050365,7.051006317,5.916583061,5.928764343,7.836061001,5.947601795,5.927013874,7.735056400,5.960254192,4.985874176,5.956949711,7.848547459,5.950881958,5.944071770,6.557918549,5.946902752,7.695936680,5.966873169,7.840433598,5.939571857,7.838245869,5.963761330,7.329223633,5.943363190,7.857814789,5.947385788,7.759774208,5.933074474,7.621943474,5.938513279",HTTP,7,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,139,163455,37682,58185,21,2,19,0,1,0,21,4,0,5,0,68,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,13,0,1,20,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,5,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,13,0,0,0,0,0,21,0,0,21,0,0,0,21,21,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0 +0,140,164920,37682,58185,21,2,19,0,1,0,21,5,0,6,0,68,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,13,0,1,20,0,0,0,0,0,0,0,0,0,0,0,2,3,0,0,5,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,13,1,0,0,0,0,21,0,0,21,0,0,0,21,21,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0 diff --git a/test/results/flow-analyse/default/reddit.pcap.out b/test/results/flow-analyse/default/reddit.pcap.out index 7c42c5050..a46a8fedb 100644 --- a/test/results/flow-analyse/default/reddit.pcap.out +++ b/test/results/flow-analyse/default/reddit.pcap.out @@ -13,8 +13,8 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2001,tcp,58122,443,info,15,17,1605291688830061,1605291689005944,1605291689006046,0,0,517,1208,1039,8982,0,0,11350.6,68993,22767.9,518376128.0,2.8,"63745,63780,224,68524,719,1,1,1,68993,14,7,6,49,23,8336,2581,2495,40185,1017,0,0,27807,170,1594,1,1430,17,147,0,1,0",72,385.7,1280,459.2,210886.5,4.1,"80,80,72,589,72,1280,1280,1280,1280,72,72,72,72,469,72,136,164,407,72,652,72,72,72,103,103,503,72,72,1280,1280,328,111","11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1","4.810268402,5.216053009,5.081305027,4.495285511,5.070961475,7.775168419,7.813756466,7.830919743,7.820947170,5.175122738,5.202900410,5.175122738,5.164638042,7.419659138,5.202900410,6.144525528,6.597908497,7.465239525,5.081446171,7.628419399,5.025890350,5.081446171,5.136860371,5.834997177,5.649486065,7.575581074,5.202900410,5.202900410,7.817056179,7.851086140,7.198029995,5.871317387",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56640,443,info,16,16,1605291689408040,1605291689629927,1605291689672104,0,0,517,1048,1710,4392,0,0,15675.8,144189,36484.9,1331146624.0,2.7,"25745,25768,203,144189,2,0,143997,4,71,1,41,7,2508,597,1253,49737,1,0,1,45397,18,103,1,65,704,437,888,38392,2516,1067,2238",72,263.2,1120,320.8,102914.8,4.2,"80,80,72,589,72,1120,1120,72,72,1120,587,72,72,165,171,471,72,72,330,138,72,72,72,439,72,110,566,142,72,72,72,114","9,1,2,1,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,1,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1","4.857011795,5.259831905,5.179864883,4.529115200,5.055853844,6.908260822,7.364731312,5.245904922,5.218127251,7.327914715,7.541935444,5.162571907,5.218127251,6.139030457,6.351455688,7.439690113,5.166965008,5.139187336,7.125073433,6.245332241,5.235420227,5.273682594,5.139187336,7.450459003,5.273682594,5.556783676,7.574505329,6.164192200,5.085018635,5.139187336,5.139187336,5.963419437",TLS.Reddit,91.205,1,Fun,SocialNetwork,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80b::2002,tcp,59336,443,info,17,15,1605291690384370,1605291690495032,1605291690511816,0,0,517,1208,1020,5622,0,1,7680.9,45875,12464.9,155373568.0,3.4,"18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526",72,280.1,1280,371.7,138197.8,4.1,"80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72","12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1","4.830388546,5.286173820,5.175123215,4.582562923,5.135614395,7.820514202,7.848834991,7.840905190,7.029392242,5.204868793,5.232646465,5.232646465,5.232646465,6.256432056,6.550828457,7.277585983,5.097352028,5.107836723,5.107836723,7.629249096,5.686814308,5.260424137,5.260424137,5.854413509,7.698106289,7.556940079,5.871694088,5.222162247,5.166606903,5.166606903,5.962721825,5.004921436",TLS.Google,91.126,1,Tracker_Ads,Advertisement,6,DPI,"" -1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80b::2001,tcp,59624,443,info,17,15,1605291690421002,1605291690527565,1605291690527527,0,0,517,1208,1054,6986,0,0,6873.8,34221,11275.4,127133528.0,3.4,"28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22",72,323.8,1280,408.2,166632.7,4.1,"80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72","13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0","4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738",TLS.Google,91.126,1,Tracker_Ads,Advertisement,6,DPI,"39,40" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80b::2001,tcp,59624,443,info,17,15,1605291690421002,1605291690527565,1605291690527527,0,0,517,1208,1054,6986,0,0,6873.8,34221,11275.4,127133528.0,3.4,"28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22",72,323.8,1280,408.2,166632.7,4.1,"80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72","13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0","4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738",TLS.Google,91.126,1,Tracker_Ads,Advertisement,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80f::2001,tcp,36964,443,info,16,16,1605291690926912,1605291691067608,1605291691069122,0,0,517,1208,1326,6622,0,0,9126.0,45897,14144.4,200064000.0,3.4,"29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,0,2950,29,8,1564,1",72,320.9,1280,398.4,158685.9,4.1,"80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280","11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1","4.860268116,5.316052437,5.175122738,4.626070023,5.053668499,7.798489094,7.858765125,7.213901043,5.175122738,5.175122738,5.136860371,6.074123383,6.494878292,7.385508060,7.250154495,4.998777390,7.691906452,5.175122738,5.820339203,5.053668022,5.765991211,5.015406132,5.015406132,5.147345066,7.610651970,7.403194427,6.718353748,5.175122738,5.175122738,5.114727020,7.829133987,7.837005138",TLS.Google,91.126,1,Tracker_Ads,Advertisement,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:811::200a,tcp,38166,443,info,16,16,1605291690926867,1605291691075065,1605291691075150,0,0,517,1208,987,5335,0,0,9563.9,43801,13475.5,181588928.0,3.6,"28655,28663,221,37924,6057,43801,75,33,588,595,16415,9761,878,43789,3898,20653,579,14876,1700,0,16044,10542,2,1,1,10492,40,13,10,172,3",72,270.1,1280,336.6,113301.5,4.2,"80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1","4.786516666,5.247180939,5.070820332,4.566688538,5.043183804,7.807061672,5.053527355,7.847422123,5.025749683,7.577804089,5.043042660,6.031175137,6.392292976,7.341467381,4.977143764,7.597589493,5.081305027,5.788832188,5.004921436,5.547259808,5.015406132,5.081305027,7.471312523,7.741707325,7.060866833,7.323482037,5.109082699,5.109082699,5.064012051,5.053527355,5.763209343,5.043183804",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,582,567198,64920,481968,60,23,37,0,17,1,59,84,0,1,0,298,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,17,6,14,26,0,0,13,0,0,0,0,3,0,0,0,20,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,0,0,0,0,0,2,2,0,0,0,0,60,0,60,0,0,0,60,59,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,583,567830,64920,481968,60,23,37,0,17,1,59,85,0,1,0,298,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,17,6,14,26,0,0,13,0,0,0,0,3,0,0,0,20,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,0,0,0,0,0,1,0,0,0,0,0,60,0,60,0,0,0,60,59,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/riot.pcapng.out b/test/results/flow-analyse/default/riot.pcapng.out index 0701cfb07..49c574822 100644 --- a/test/results/flow-analyse/default/riot.pcapng.out +++ b/test/results/flow-analyse/default/riot.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,17,24145,8202,0,2,0,2,0,0,1,1,1,0,0,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,17,24143,8202,0,2,0,2,0,0,1,1,1,0,0,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ripe_atlas.pcap.out b/test/results/flow-analyse/default/ripe_atlas.pcap.out index de2f5d456..43ff98ca6 100644 --- a/test/results/flow-analyse/default/ripe_atlas.pcap.out +++ b/test/results/flow-analyse/default/ripe_atlas.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,28468,175,0,7,0,7,0,0,0,7,0,0,0,0,7,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,28470,175,0,7,0,7,0,0,0,7,0,0,0,0,7,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rmcp.pcap.out b/test/results/flow-analyse/default/rmcp.pcap.out index 94008f684..24b8a6dbc 100644 --- a/test/results/flow-analyse/default/rmcp.pcap.out +++ b/test/results/flow-analyse/default/rmcp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,29,23177,116,0,6,0,6,0,0,0,6,0,0,0,0,6,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,29,23173,116,0,6,0,6,0,0,0,6,0,0,0,0,6,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rockstar_games.pcapng.out b/test/results/flow-analyse/default/rockstar_games.pcapng.out index 4bf17424a..f9c9d8db5 100644 --- a/test/results/flow-analyse/default/rockstar_games.pcapng.out +++ b/test/results/flow-analyse/default/rockstar_games.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,41,37390,2169,5443,4,0,4,0,0,0,4,4,0,2,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,1,1,0,0,0,0,4,0,0,3,1,0,0,4,4,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,41,37396,2169,5443,4,0,4,0,0,0,4,4,0,2,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,1,1,0,0,0,0,4,0,0,3,1,0,0,4,4,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/signal.pcap.out b/test/results/flow-analyse/default/signal.pcap.out index 241a8cb41..6562cc46d 100644 --- a/test/results/flow-analyse/default/signal.pcap.out +++ b/test/results/flow-analyse/default/signal.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.17,35.169.3.40,tcp,57026,443,info,20,12,1569051264666082,1569051265118031,1569051265227415,0,0,1440,1440,12293,2636,0,11,32686.5,114919,49905.0,2490513152.0,3.3,"108942,110621,122,110401,2138,28,112445,4951,114919,23,109553,1892,17,11,122,779,118,231,116,111402,211,108448,1776,614,1715,181,200,291,136,109394,1485",52,519.2,1492,606.2,367455.8,4.1,"64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52","4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1","4.390677452,5.215063572,5.101185799,4.568855762,5.154164791,7.123593330,7.686298847,5.024262428,6.455136299,5.824676991,6.354698181,5.077241421,5.747490406,5.596203804,5.551773548,7.089583874,7.859809875,7.887398720,7.860632420,7.352869511,5.192626476,5.919520855,7.736015797,5.115703106,5.115703106,7.850556374,7.899875164,7.874493599,7.879738331,6.114603519,5.154164791,4.993616104",TLS.Signal,91.39,1,Acceptable,Chat,6,DPI,"" 1,ip4,192.168.2.17,13.35.253.42,tcp,57027,443,info,20,12,1569051267121677,1569051267296344,1569051267317465,0,0,1440,1440,11716,2541,0,13,11950.2,43365,16041.8,257340416.0,3.7,"32885,39763,98,40023,2747,13,39382,7752,43365,416,22,34673,57,7463,493,19,81,373,5900,119,379,42152,16,471,26781,7559,10672,123,259,280,26119",52,498.2,1492,608.0,369644.2,4.0,"64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52","5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1","4.433722496,5.194311619,5.024262428,4.269306660,5.062724590,7.102223873,7.698739052,5.077241421,6.281415939,5.115703106,5.989915848,6.360937119,5.077241421,5.077241421,5.716584206,5.596204281,5.530496597,6.966745853,5.422244072,7.874898434,7.862365246,7.863490105,4.937912464,5.888910294,5.077241421,7.631612301,5.077241421,7.861750603,7.881488323,7.873866558,7.857449532,5.115703106",TLS.Signal,91.39,1,Acceptable,Chat,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,173,160587,219449,54393,19,9,10,0,4,0,19,25,0,3,0,84,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,10,3,14,2,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,10,0,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,7,0,0,0,0,0,0,19,0,0,15,3,1,0,19,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,173,160550,219449,54393,19,9,10,0,4,0,19,25,0,3,0,84,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,10,3,14,2,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,10,0,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,7,0,0,0,0,0,0,19,0,0,15,3,1,0,19,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sites.pcapng.out b/test/results/flow-analyse/default/sites.pcapng.out index bba547c8b..a5273820d 100644 --- a/test/results/flow-analyse/default/sites.pcapng.out +++ b/test/results/flow-analyse/default/sites.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.250,45.82.241.51,tcp,39890,80,finished,17,15,1623226283573712,1623226284678348,1623226284677149,0,0,190,1460,380,18862,0,0,71228.2,1031142,245139.1,60093177856.0,1.6,"27914,29082,9509,39180,2950,0,249,0,0,0,0,59912,0,307,0,0,304,0,974261,1031142,0,0,0,29550,491,2002,0,490,0,730,0",46,645.1,1500,701.2,491744.0,4.0,"60,52,46,230,46,1500,1500,1500,1500,1500,1500,1382,46,46,46,46,46,46,46,230,1500,1500,1500,1500,46,46,1500,1500,46,46,46,46","15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0","0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0","4.650921822,4.854286671,4.347350597,5.690956593,4.347350597,7.663578510,7.860166073,7.846680641,7.877070427,7.858085155,7.884421825,7.865271091,4.347350597,4.303872585,4.260394573,4.303872585,4.303872585,4.347350597,4.347350597,5.731587410,7.670816898,7.866776943,7.851586819,7.865674973,4.303872585,4.303872108,7.855195045,7.870656013,4.303872585,4.260394096,4.303872108,4.303872585",HTTP.Likee,7.261,0,Fun,SocialNetwork,6,DPI,"" 1,ip4,192.168.88.98,109.238.90.239,tcp,65086,443,info,8,24,1739618620340283,1739618620404970,1739618620417846,0,0,1991,1460,2588,27471,0,0,4588.7,39059,9828.0,96590432.0,2.8,"5308,5340,222,9189,0,0,0,0,9037,1787,198,11102,0,0,9044,39024,0,0,0,0,0,0,0,0,0,39059,12940,0,0,0,0",40,980.3,2031,674.0,454340.0,4.5,"52,48,40,557,46,1500,1500,1216,941,40,120,2031,46,327,327,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,40,1500,1500,1500,1500,1500","5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,17,0,0","0,1,0,0,1,1,1,1,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1","4.500089169,4.951495171,4.671928406,6.625383854,4.670969009,7.831572533,7.875962734,7.855746269,7.747753143,4.671928406,6.160531998,7.902746677,4.714447498,7.261562824,7.307878971,4.671928406,7.903173923,7.858101368,7.873634338,7.895243168,7.859722137,7.886281967,7.878189087,7.856512547,7.879987717,7.880470276,4.671928406,7.873325348,7.872891426,7.877501011,7.861202240,7.865600586",TLS.RUTUBE,91.443,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,625,661720,77223,365096,72,10,62,1,3,4,68,65,0,6,0,311,1,0,1,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,8,11,24,32,0,1,0,0,0,0,0,1,2,1,0,11,10,1,6,4,1,0,0,10,1,3,0,7,0,0,3,5,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0,0,0,0,9,0,1,0,0,0,0,66,6,0,67,5,0,0,72,68,4,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,625,661845,77223,365096,72,10,62,1,3,4,68,65,0,6,0,311,1,0,1,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,8,11,24,32,0,1,0,0,0,0,0,1,2,1,0,11,10,1,6,4,1,0,0,10,1,3,0,7,0,0,3,5,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0,0,0,0,9,0,1,0,0,0,0,66,6,0,67,5,0,0,72,68,4,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sites2.pcapng.out b/test/results/flow-analyse/default/sites2.pcapng.out index 307ee5258..d0c37a4a6 100644 --- a/test/results/flow-analyse/default/sites2.pcapng.out +++ b/test/results/flow-analyse/default/sites2.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,49,42531,4931,12452,5,1,4,0,0,0,5,4,0,0,0,24,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,49,42542,4931,12452,5,1,4,0,0,0,5,4,0,0,0,24,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sites3.pcapng.out b/test/results/flow-analyse/default/sites3.pcapng.out index c7724097e..202727cd0 100644 --- a/test/results/flow-analyse/default/sites3.pcapng.out +++ b/test/results/flow-analyse/default/sites3.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.43.159,52.215.125.151,tcp,19127,443,info,12,20,1751380979069858,1751380980547137,1751380981057554,0,0,1360,1360,6003,10578,0,0,111773.4,489732,135576.3,18380933120.0,3.8,"191648,191729,456,0,181880,219,0,181933,182908,0,227224,0,235242,188351,0,0,0,379060,3533,0,202603,290270,379,0,0,489732,3612,234716,278539,941,0",40,558.9,1400,594.5,353482.7,4.1,"52,52,40,1400,687,40,40,265,104,40,219,1400,81,40,1400,1400,883,67,40,1400,81,40,1400,1400,881,67,40,1170,40,1400,1400,316","4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0","9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0","0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1,1,0,0,0,1,1,1,1,1,0,0,1,1,1,1","4.714205742,4.884933949,4.831686974,7.786003590,7.385989666,4.784183979,4.784183979,6.727743149,6.053701401,4.834184170,7.026135445,7.878670692,5.975535393,4.780641556,7.856169224,7.871372223,7.742848873,5.623528481,4.931687355,7.872314930,5.998993874,4.834183693,7.836326122,7.864439964,7.803820133,5.457807064,4.981687069,7.824966908,4.884183884,7.831421852,7.888859272,7.341914654",TLS.Blacknut,91.107,1,Fun,Game,6,DPI,"" 1,ip4,192.168.43.159,172.67.42.21,tcp,19191,443,info,12,20,1751381031097046,1751381033537362,1751381033666838,0,0,1360,1360,4436,10174,0,0,161616.4,876863,251562.1,63283486720.0,3.4,"167783,167959,1633,0,340761,516328,0,147,0,0,174031,2239,0,2303,4809,3592,108651,11261,765245,269,0,876863,504389,711616,113435,363976,171815,1003,0,0,0",40,498.1,1400,553.4,306248.8,4.1,"52,52,40,1400,410,1400,40,40,1400,1400,841,40,52,841,52,104,665,40,40,1044,181,67,40,697,40,578,40,1400,71,1400,71,1400","6,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0","0,1,0,0,0,0,1,1,1,1,1,0,1,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,1,1,1","4.661227226,4.884933472,4.831687450,7.780591011,6.857981205,7.736375809,4.834184170,4.834184170,7.845101833,7.874835014,7.784056187,4.881687641,4.778976440,7.785583496,4.794297695,5.947743893,7.669537067,4.784184456,4.834184170,7.828474522,6.797306538,5.593678474,4.884183884,7.729642391,4.784184456,7.708610535,4.734184265,7.869575977,5.705943584,7.840100765,5.628342152,7.863358021",TLS.Boosteroid,91.108,1,Fun,Game,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,32,35526,18386,67079,3,3,0,0,2,0,3,3,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,42,45969,20455,72868,4,3,1,0,2,0,4,4,0,0,0,20,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/snapchat_call.pcapng.out b/test/results/flow-analyse/default/snapchat_call.pcapng.out index 66962c693..5da5d5180 100644 --- a/test/results/flow-analyse/default/snapchat_call.pcapng.out +++ b/test/results/flow-analyse/default/snapchat_call.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.169,18.184.138.142,udp,42083,443,finished,16,16,1595865799020160,1595865802042641,1595865802853531,28,0,1350,1350,3902,5824,0,7,221156.5,1447282,397282.2,157833134080.0,3.2,"16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800",48,331.9,1378,468.5,219532.9,3.9,"1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72","4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0","0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1","2.189238071,7.706800461,4.743436813,3.984874964,7.719462395,5.249389172,7.849965572,5.376628876,7.440353394,5.374054909,5.683540821,5.644934177,5.675237656,5.595766544,6.808179855,6.041157246,5.293295383,5.251628876,5.209962368,5.540976048,7.375632763,7.234831333,7.426898956,7.225734234,5.603883266,5.407986164,5.336557388,5.692057133,5.063577652,5.570461750,5.619208336,5.674763680",QUIC.SnapchatCall,188.255,1,Acceptable,VoIP,6,DPI,"24" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,19499,4245,6427,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,19491,4245,6427,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/snapchat_call_v1.pcapng.out b/test/results/flow-analyse/default/snapchat_call_v1.pcapng.out index 9c87640eb..b28177d24 100644 --- a/test/results/flow-analyse/default/snapchat_call_v1.pcapng.out +++ b/test/results/flow-analyse/default/snapchat_call_v1.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.169,34.246.231.140,udp,47520,443,finished,21,11,1642584090467068,1642584091097462,1642584091088958,33,0,1200,1200,10528,3826,0,18,40396.3,284273,69954.6,4893651456.0,3.5,"43831,48,18,47171,5912,7197,49242,50,34720,7943,33195,29741,120469,284273,668,11816,262103,35232,126423,262,9441,12613,6510,7068,102933,21,6234,340,1312,2360,3138",53,476.6,1228,428.3,183471.5,4.4,"1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525","0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0","3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0","7.846151352,7.818212032,7.842855453,7.458201885,7.834816933,6.378828526,7.731168270,7.464651108,6.216168880,5.760650158,7.392130375,5.557705879,6.136295319,5.508872986,5.957851410,5.707712650,6.936640739,5.357929230,5.395664692,5.928121090,7.845738411,7.830622196,7.823609829,7.678224087,7.645185947,5.669923306,6.181212425,7.564388752,7.568304062,7.613670826,7.625892639,7.577367783",QUIC.SnapchatCall,188.255,1,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,18770,337357,7923,1,0,1,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,18762,337357,7923,1,0,1,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/snmp.pcap.out b/test/results/flow-analyse/default/snmp.pcap.out index c9dfd1b1c..9b73499fb 100644 --- a/test/results/flow-analyse/default/snmp.pcap.out +++ b/test/results/flow-analyse/default/snmp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,137,113942,7241,4130,17,0,17,10,0,0,17,5,0,2,0,65,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,15,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,2,0,0,0,0,0,0,17,0,0,0,17,0,0,17,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,137,113914,7241,4130,17,0,17,10,0,0,17,5,0,2,0,65,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,15,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,2,0,0,0,0,0,0,17,0,0,0,17,0,0,17,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/soap.pcap.out b/test/results/flow-analyse/default/soap.pcap.out index a64571cff..98552b8d8 100644 --- a/test/results/flow-analyse/default/soap.pcap.out +++ b/test/results/flow-analyse/default/soap.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,24,28432,8109,1637,3,1,2,0,0,0,3,0,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,24,28436,8109,1637,3,1,2,0,0,0,3,0,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/srvloc-v1.pcapng.out b/test/results/flow-analyse/default/srvloc-v1.pcapng.out index 7527436d8..9f7bc2ede 100644 --- a/test/results/flow-analyse/default/srvloc-v1.pcapng.out +++ b/test/results/flow-analyse/default/srvloc-v1.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9334,406,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,9336,406,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/srvloc.pcap.out b/test/results/flow-analyse/default/srvloc.pcap.out index f1ea70f9d..8aa8e4751 100644 --- a/test/results/flow-analyse/default/srvloc.pcap.out +++ b/test/results/flow-analyse/default/srvloc.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,3001,2512361,30707,0,621,0,621,103,0,0,621,0,0,0,0,629,1,0,1,404,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,621,0,0,621,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,3001,2512329,30707,0,621,0,621,103,0,0,621,0,0,0,0,629,1,0,1,404,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,621,0,0,621,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/steam.pcapng.out b/test/results/flow-analyse/default/steam.pcapng.out index aef2c8a03..9f955e56e 100644 --- a/test/results/flow-analyse/default/steam.pcapng.out +++ b/test/results/flow-analyse/default/steam.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,51184,5134,4588,7,1,6,0,0,0,7,4,0,1,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,3,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,2,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,59,51192,5134,4588,7,1,6,0,0,0,7,4,0,1,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,3,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,2,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_signal.pcapng.out b/test/results/flow-analyse/default/stun_signal.pcapng.out index 7c7cd2a87..286d17729 100644 --- a/test/results/flow-analyse/default/stun_signal.pcapng.out +++ b/test/results/flow-analyse/default/stun_signal.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,35.158.183.167,192.168.12.169,icmp,,,finished,30,2,1636901936083692,1636901980739508,1636901940925734,56,0,64,104,1760,208,0,15,1596705.0,17079364,3547473.5,12584568750080.0,2.8,"4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065",76,81.5,124,11.6,133.8,5.0,"76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84","0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384",ICMP,81,0,Acceptable,Network,6,DPI,"35" 1,ip4,192.168.12.169,18.195.131.143,udp,47767,61498,finished,16,16,1636902000073738,1636902002442030,1636902002440493,28,0,104,96,1068,1052,0,43,152743.5,665020,189167.3,35784253440.0,4.0,"68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176",56,94.2,132,24.6,605.9,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0","5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,220,177427,13408,16192,23,0,23,15,3,0,23,17,0,8,0,113,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,20,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,8,0,0,0,0,0,8,0,0,0,0,0,0,23,0,0,0,21,2,0,23,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0 +0,220,177301,13408,16192,23,0,23,15,3,0,23,17,0,8,0,113,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,20,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,8,0,0,0,0,0,8,0,0,0,0,0,0,23,0,0,0,21,2,0,23,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tailscale.pcap.out b/test/results/flow-analyse/default/tailscale.pcap.out index f515c74bf..2c25cf5c2 100644 --- a/test/results/flow-analyse/default/tailscale.pcap.out +++ b/test/results/flow-analyse/default/tailscale.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.88.3,18.196.71.179,udp,41641,41641,finished,13,19,1623328901893092,1623328910935194,1623328911751937,92,0,128,128,1430,2162,0,7,609708.0,1999684,605237.1,366311899136.0,4.2,"1831567,1832853,459337,19,7,851239,689283,1999684,305038,1197527,993302,17713,10,118067,686079,686069,167240,28515,268363,28631,1001510,1709853,809387,161594,38729,229122,33650,39336,1000927,1009891,706405",120,140.2,156,15.4,237.9,5.0,"120,120,138,156,156,156,156,120,138,156,120,138,156,120,138,120,138,120,156,138,156,156,120,138,120,156,156,138,156,156,156,120","0,0,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,6,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1","6.258774757,6.327646255,6.564895153,6.334487915,6.307401657,6.374646664,6.326507568,6.403507233,6.611924648,6.410363674,6.506895065,6.510478020,6.402382374,6.340927124,6.480768204,6.334637165,6.568448067,6.498397350,6.475291729,6.619921207,6.387466908,6.409846783,6.390228748,6.538738251,6.500603676,6.552214622,6.461646080,6.474994183,6.375043869,6.467308998,6.309903622,6.317968845",Tailscale,24,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10574,5700,6322,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10568,5700,6322,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/telegram_videocall.pcapng.out b/test/results/flow-analyse/default/telegram_videocall.pcapng.out index ec6e2e96f..15b1a0cbe 100644 --- a/test/results/flow-analyse/default/telegram_videocall.pcapng.out +++ b/test/results/flow-analyse/default/telegram_videocall.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,5,DPI (cache),"" 1,ip4,192.168.12.169,149.154.167.222,tcp,40832,443,finished,17,15,1648032336639074,1648032364799931,1648032364830191,0,0,578,1228,1060,12707,0,8,1817805.6,25078496,6146606.0,37780767899648.0,1.5,"29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496",52,482.7,1280,530.0,280877.2,4.1,"60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52","14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1","4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439",Telegram,185,1,Acceptable,Chat,7,Match by IP,"35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,258,214644,59877,270358,34,6,28,1,4,2,32,14,0,12,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,0,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,258,214636,59877,270358,34,6,28,1,4,2,32,14,0,12,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,0,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/telnet.pcap.out b/test/results/flow-analyse/default/telnet.pcap.out index 015355da6..35d24a8d8 100644 --- a/test/results/flow-analyse/default/telnet.pcap.out +++ b/test/results/flow-analyse/default/telnet.pcap.out @@ -1,4 +1,5 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.2,192.168.0.1,tcp,1550,23,info,17,15,943755158387203,943755160950568,943755159705066,0,0,85,32,203,139,0,172,125200.9,1232764,336743.6,113396252672.0,2.2,"2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372",52,63.2,137,18.8,354.0,4.9,"60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52","15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0","4.315444469,4.777318954,4.791129112,5.044729233,4.800010681,4.791129112,4.871557236,4.662475586,5.051413059,5.269734383,4.647958755,5.011583805,5.044849873,4.777860641,4.820554256,4.791128635,5.556590080,4.868052006,4.850099087,4.862643719,4.777860641,4.944003105,4.924550533,4.739398956,4.948766708,4.791129112,5.493695259,4.829590797,5.035621166,4.686420441,5.042736053,4.829590321",Telnet,77,0,Unsafe,RemoteAccess,6,DPI,"22" +1,ip4,10.17.167.141,20.1.178.225,tcp,5355,23,finished,25,7,1753563678000332,1753563678000333,1753563678000333,0,0,21,1375,42,1415,0,0,0.1,1,0.2,0.1,1.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0",52,97.8,1427,238.8,57014.5,3.7,"56,56,52,67,58,59,73,53,53,53,53,53,53,53,53,53,62,53,53,53,53,53,53,53,53,53,54,53,53,53,1427,52","25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0","4.663463593,5.217718124,5.118428230,5.196853638,5.094797611,5.322986603,5.276523590,5.119154930,5.156890869,5.043683052,5.194626331,5.142647266,5.119154930,5.119154453,5.119154453,5.104911327,5.369284153,5.156890869,5.119154453,5.104911327,5.156890869,5.081418991,5.156890869,5.156890869,5.119154930,5.104911327,5.046283245,5.081418991,5.119154930,5.067175865,3.364444971,5.065449238",Telnet,77,0,Unsafe,RemoteAccess,6,DPI,"22,36" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,12489,289,1371,1,1,0,0,1,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,43,44750,336,2786,2,2,0,0,2,0,2,21,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,6,0,1,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_certificate_too_long.pcap.out b/test/results/flow-analyse/default/tls_certificate_too_long.pcap.out index 2d6b67c12..de7280828 100644 --- a/test/results/flow-analyse/default/tls_certificate_too_long.pcap.out +++ b/test/results/flow-analyse/default/tls_certificate_too_long.pcap.out @@ -1,5 +1,5 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.121,52.98.163.18,tcp,53429,443,finished,7,25,1626168078673569,1626168078741395,1626168078741532,0,0,1448,1318,6192,5635,1,0,4380.3,66556,14076.5,198149200.0,1.7,"0,1268,0,1,22712,2791,42219,7,1,1,2,1,1,3,1,2,0,1,1,1,1,2,1,1,1,66556,1,207,4,1,1",40,409.6,1488,443.8,196953.1,4.3,"1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1","7.844867706,7.768162727,7.838919640,7.877963066,7.801912785,4.931687355,4.931687355,7.872855663,6.611027718,5.917587280,7.063786030,7.077864647,7.070313454,7.063032150,7.077404976,7.132514954,7.133229256,7.145859718,7.155868053,7.036940575,7.138390064,7.124177456,7.128092766,7.045049191,6.969915390,5.878566742,4.680641174,4.680641174,7.009124756,7.071732044,7.305675030,5.664766788",TLS,91,1,Safe,Web,6,DPI,"" -1,ip4,192.168.1.121,52.98.163.18,tcp,53428,443,finished,12,20,1626168078673880,1626168078802752,1626168078815501,0,0,1448,1312,8443,4308,1,1,8725.6,48024,14356.9,206121952.0,3.3,"1,1055,23210,47617,37039,8,1,2,1,1,11720,448,454,9939,10211,1,619,25332,48024,32224,8,8662,433,9,3,3,2,1,2,508,12955",40,439.2,1488,490.6,240677.5,4.2,"1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0","4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1","7.851675034,7.762215614,7.854618549,4.931687355,7.853376865,7.847486019,6.592478275,7.073016644,7.479730606,5.652988434,5.603165150,4.680641174,5.374660492,4.680641174,4.887658596,7.882281303,7.798806667,7.618238926,4.862814903,7.611861229,7.774961472,7.463752747,4.630641460,6.593664169,7.007197857,7.177185059,6.230616570,5.640376568,5.764585972,5.533047199,4.680641174,4.962661743",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.121,52.98.163.18,tcp,53429,443,info,7,25,1626168078673569,1626168078741395,1626168078741532,0,0,1448,1318,6192,5635,1,0,4380.3,66556,14076.5,198149200.0,1.7,"0,1268,0,1,22712,2791,42219,7,1,1,2,1,1,3,1,2,0,1,1,1,1,2,1,1,1,66556,1,207,4,1,1",40,409.6,1488,443.8,196953.1,4.3,"1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1","7.844867706,7.768162727,7.838919640,7.877963066,7.801912785,4.931687355,4.931687355,7.872855663,6.611027718,5.917587280,7.063786030,7.077864647,7.070313454,7.063032150,7.077404976,7.132514954,7.133229256,7.145859718,7.155868053,7.036940575,7.138390064,7.124177456,7.128092766,7.045049191,6.969915390,5.878566742,4.680641174,4.680641174,7.009124756,7.071732044,7.305675030,5.664766788",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.121,52.98.163.18,tcp,53428,443,info,12,20,1626168078673880,1626168078802752,1626168078815501,0,0,1448,1312,8443,4308,1,1,8725.6,48024,14356.9,206121952.0,3.3,"1,1055,23210,47617,37039,8,1,2,1,1,11720,448,454,9939,10211,1,619,25332,48024,32224,8,8662,433,9,3,3,2,1,2,508,12955",40,439.2,1488,490.6,240677.5,4.2,"1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0","4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1","7.851675034,7.762215614,7.854618549,4.931687355,7.853376865,7.847486019,6.592478275,7.073016644,7.479730606,5.652988434,5.603165150,4.680641174,5.374660492,4.680641174,4.887658596,7.882281303,7.798806667,7.618238926,4.862814903,7.611861229,7.774961472,7.463752747,4.630641460,6.593664169,7.007197857,7.177185059,6.230616570,5.640376568,5.764585972,5.533047199,4.680641174,4.962661743",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,250,252922,37396,58312,35,11,24,0,2,1,33,24,1,11,0,116,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,22,4,29,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,15,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,2,10,2,0,0,0,0,34,1,0,16,17,0,2,35,33,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0 +0,250,252920,37396,58312,35,11,24,0,2,1,33,24,1,11,0,116,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,22,4,29,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,15,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,2,10,2,0,0,0,0,34,1,0,16,17,0,2,35,33,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0 diff --git a/test/results/flow-analyse/default/tls_long_cert.pcap.out b/test/results/flow-analyse/default/tls_long_cert.pcap.out index 70fe98559..6a2ead26a 100644 --- a/test/results/flow-analyse/default/tls_long_cert.pcap.out +++ b/test/results/flow-analyse/default/tls_long_cert.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.126,104.111.215.93,tcp,60174,443,info,16,16,1553619078033240,1553619078157096,1553619078157742,0,0,836,1448,1610,13760,0,1,8011.5,34221,11402.3,130012760.0,3.6,"25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1",52,532.9,1500,584.9,342142.3,4.1,"64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500","11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1","4.464972496,5.400120735,5.115703106,4.441882610,5.233812809,6.523200512,6.789650440,5.070538998,7.259748936,5.109000683,7.672616482,5.192625999,6.387032032,6.158265114,7.732074261,7.074759483,5.192625999,5.272274494,6.411020756,5.192625999,5.541742325,7.789433956,7.819917679,7.870871544,5.154164314,5.154164314,5.032077789,7.695037842,5.154164314,7.862812519,7.871836662,7.867298126",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,15086,2858,102711,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,15091,2858,102711,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/flow-analyse/default/tls_multiple_synack_different_seq.pcapng.out index 5083c294e..dcd80ca7a 100644 --- a/test/results/flow-analyse/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/flow-analyse/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12561,5427,517,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,12549,5427,517,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tumblr.pcap.out b/test/results/flow-analyse/default/tumblr.pcap.out index 60f56bafc..62972f44f 100644 --- a/test/results/flow-analyse/default/tumblr.pcap.out +++ b/test/results/flow-analyse/default/tumblr.pcap.out @@ -1,5 +1,5 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::98c7:1593,tcp,42908,443,finished,16,16,1605292103810303,1605292105112205,1605292105112063,0,0,382,1400,607,11474,1,1,83989.1,700859,188930.8,35694845952.0,2.6,"870,91738,194148,2,1,2772,104383,700859,700827,1324,5830,44963,352,357119,395282,1534,2,2,1,1,1,1,2,1529,39,13,18,11,13,13,12",72,449.5,1472,576.4,332266.9,4.0,"454,111,111,72,72,72,111,72,944,72,107,184,72,72,1460,72,84,1472,1472,1472,1472,835,1472,1472,72,72,72,72,72,72,72,72","11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0","0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0","7.475968361,5.973469734,5.991487980,5.083631992,5.055854321,5.055854321,5.836178780,5.218127251,7.768151760,5.245904922,5.915576458,6.683409691,5.034884930,5.073147297,7.871325970,5.162571907,5.437397003,7.868166924,7.884456158,7.861326694,7.846504688,7.733069897,7.846429825,7.853037357,5.218127251,5.218127251,5.218127251,5.218127251,5.218127251,5.190349579,5.245904922,5.190349579",TLS,91,1,Safe,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::98c7:1593,tcp,42908,443,info,16,16,1605292103810303,1605292105112205,1605292105112063,0,0,382,1400,607,11474,1,1,83989.1,700859,188930.8,35694845952.0,2.6,"870,91738,194148,2,1,2772,104383,700859,700827,1324,5830,44963,352,357119,395282,1534,2,2,1,1,1,1,2,1529,39,13,18,11,13,13,12",72,449.5,1472,576.4,332266.9,4.0,"454,111,111,72,72,72,111,72,944,72,107,184,72,72,1460,72,84,1472,1472,1472,1472,835,1472,1472,72,72,72,72,72,72,72,72","11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0","0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0","7.475968361,5.973469734,5.991487980,5.083631992,5.055854321,5.055854321,5.836178780,5.218127251,7.768151760,5.245904922,5.915576458,6.683409691,5.034884930,5.073147297,7.871325970,5.162571907,5.437397003,7.868166924,7.884456158,7.861326694,7.846504688,7.733069897,7.846429825,7.853037357,5.218127251,5.218127251,5.218127251,5.218127251,5.218127251,5.190349579,5.245904922,5.190349579",TLS,91,1,Safe,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d28,tcp,43434,443,info,16,16,1605292105171046,1605292105231565,1605292105231522,0,0,112,1400,362,16800,1,1,3903.1,45055,9416.3,88667112.0,2.8,"365,4822,355,27249,2992,337,2701,17288,45055,519,518,603,1,579,9,7282,1,7292,34,289,2,248,25,174,1,157,27,1036,1,1005,28",72,608.3,1472,669.7,448506.0,4.1,"184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72","12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0","0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0","6.587406158,5.914531231,6.603403568,6.519369125,4.980900764,4.980900764,4.894209862,4.980900764,7.851428509,5.118321419,7.864492416,5.118321419,7.853987694,7.848294735,5.062766075,5.080059052,7.860019684,7.828007221,5.118321419,5.118321419,7.856985092,7.866126060,5.118321419,5.080059052,7.856244087,7.840456009,5.146099091,5.080059052,7.871989727,7.857123375,5.118321419,5.118321419",TLS,91,1,Safe,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2606:2800:135:155a:23ba:b2a:25ff:122d,tcp,58380,443,info,16,16,1605292105197307,1605292105347875,1605292105347850,0,0,523,1208,1519,5784,0,0,9713.3,47694,16101.6,259260704.0,3.2,"33179,33247,488,47694,0,47160,1225,37725,2106,0,0,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,0,0,25234,8",72,300.7,1280,381.9,145812.8,4.1,"80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72","10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0","5.295193195,5.637294769,5.563652992,4.598795891,5.459350586,6.223492146,5.497612953,5.044443607,5.487128258,7.814322472,7.863967419,7.842244625,5.591430664,5.503256798,5.563652992,7.612953186,5.591430664,7.763548851,5.563652992,6.558448792,6.685117722,7.291459560,6.278277397,5.487128258,5.487128258,5.431572914,5.487128258,7.317289352,7.268368721,6.510692596,5.591430664,5.563652992",TLS,91,1,Safe,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d03,tcp,56794,443,info,14,18,1605292105669051,1605292105720296,1605292105720289,0,0,130,1400,525,11113,1,0,3305.9,36646,8575.8,73544632.0,2.4,"375,92,385,236,26419,36646,2159,0,376,0,10012,21697,203,197,169,221,0,406,8,175,469,1,0,620,51,101,150,197,535,21,562",72,435.7,1472,586.0,343353.7,3.9,"192,111,201,202,143,108,72,72,72,72,72,1472,72,1472,72,1460,84,1472,72,72,1460,84,1327,103,72,72,111,1460,72,84,1460,72","8,2,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,0,0,0,0","0,0,0,0,0,0,1,1,1,1,1,1,0,1,0,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0","6.771437645,5.700867176,6.623061657,6.706957817,6.270517826,5.792555332,5.008678436,5.036456108,5.008678436,5.036456108,5.008678436,7.827867985,5.069574833,7.856517315,5.080059528,7.842531681,5.292736530,7.873940468,5.069574833,5.034988403,7.877679825,5.307831764,7.852031708,5.639400959,5.146099567,5.090544224,5.719091892,7.856316566,5.118321896,5.301723003,7.853841305,5.090544224",TLS,91,1,Safe,Web,6,DPI,"" @@ -9,4 +9,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:809::200e,tcp,49548,443,info,16,16,1605292122064463,1605292122281616,1605292122282509,0,0,517,1208,962,9011,0,0,14038.7,83018,20606.9,424642560.0,3.6,"30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,0,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,0,1,34679,24,2,2,942",72,384.2,1280,474.8,225406.5,4.1,"80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1","4.836515903,5.311173439,5.222161770,4.516429901,5.097352028,7.813626766,7.833569527,7.238987446,5.249939442,5.211677551,5.222161770,6.183825970,5.163392067,7.648269653,5.182794571,6.507936478,5.802297115,7.243775845,5.097352028,5.700409889,5.249939919,5.097352028,5.163392067,7.756225586,7.832665920,7.840676308,7.826161861,5.222161770,5.222161770,5.166606426,5.183899403,7.820078373",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::6006:749,tcp,39152,443,info,17,15,1605292105418417,1605292122813676,1605292122725006,0,0,764,1279,4217,4676,0,98,1119414.5,16588707,4059258.8,16477581213696.0,1.4,"29466,29487,204,37942,9029,46759,696,98,30996,1834,7035,39073,52635,52694,371915,406395,20731,55185,2451,32929,9268,39721,16556740,16588707,11402,43353,16903,58413,9807,93158,46822",72,350.4,1351,367.9,135349.6,4.3,"80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656","9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0","4.797575951,5.229953289,5.190349579,7.030211926,4.972520828,6.811050892,5.091930866,6.334684849,7.516590118,5.055853844,5.055853844,7.313119888,5.190349579,7.806543827,5.218127251,7.745193005,5.000298500,7.694315910,5.134794235,7.706961155,5.028076172,7.266840458,5.190349579,7.564545631,4.972520828,7.854704857,5.162571907,7.655811310,5.000298500,7.622268677,5.134794235,7.624323368",TLS,91,1,Tracker_Ads,Advertisement,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,314,268572,19532,275102,47,1,46,0,9,28,19,10,0,0,0,151,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,10,13,2,2,0,0,2,0,0,0,0,0,0,0,0,15,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,47,0,0,0,47,19,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,314,268564,19532,275102,47,1,46,0,9,28,19,10,0,0,0,151,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,9,13,2,2,0,0,2,0,0,0,0,0,0,0,0,15,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,47,0,0,0,47,19,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/viber.pcap.out b/test/results/flow-analyse/default/viber.pcap.out index 253b1fcb9..b2fb5d234 100644 --- a/test/results/flow-analyse/default/viber.pcap.out +++ b/test/results/flow-analyse/default/viber.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.0.17,18.201.4.32,udp,47171,7985,finished,17,15,1527155670640484,1527155675775126,1527155675692683,20,0,257,76,2947,930,0,129,328607.8,525007,210300.8,44226416640.0,4.6,"129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810",48,149.2,285,100.4,10086.1,4.7,"285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285","6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","6.429836750,5.092222691,3.431529284,6.457198620,3.469990969,5.092222691,6.466431141,4.018082619,3.469990969,6.511886120,3.469990969,5.092222691,3.985824585,6.440430164,3.469990969,6.468061447,3.419557333,4.967222214,3.953566313,6.441361427,3.450760365,6.449966431,3.469991207,5.050555706,4.018082619,6.492553234,3.489221811,6.449169159,3.469991207,5.050556183,4.018082619,6.452616215",Viber,144,1,Fun,Chat,6,DPI,"" 1,ip4,192.168.0.17,18.201.4.3,udp,38190,7985,finished,19,13,1527155679411371,1527155683480847,1527155683453495,12,0,257,76,2479,778,0,49,261664.5,531417,244884.4,59968385024.0,4.1,"2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424",40,129.8,285,99.7,9932.1,4.6,"285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285","10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0","6.294480801,4.507713318,5.008889198,3.477249622,4.018082619,6.362309933,3.496480465,5.050556183,4.408695221,6.358519077,3.985824585,3.458018780,6.336889267,3.458018780,4.967222214,4.408695221,6.270152092,3.909132719,3.438787937,6.396345615,3.496480465,5.008889198,4.408695221,6.346873283,3.855867863,3.496480465,6.368536949,3.477249622,5.008889198,4.408695221,3.985824585,6.367835045",Viber,144,1,Fun,Chat,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,231,195639,26457,101364,30,6,24,4,4,4,26,19,0,1,0,107,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,22,4,13,9,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,9,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,1,0,0,0,0,0,0,29,1,0,13,15,1,1,30,26,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,231,195636,26457,101364,30,6,24,4,4,4,26,19,0,1,0,107,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,22,4,13,9,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,9,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,1,0,0,0,0,0,0,29,1,0,13,15,1,1,30,26,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/waze.pcap.out b/test/results/flow-analyse/default/waze.pcap.out index e2085676c..57c55e5d2 100644 --- a/test/results/flow-analyse/default/waze.pcap.out +++ b/test/results/flow-analyse/default/waze.pcap.out @@ -5,4 +5,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.8.0.1,176.34.186.180,tcp,36312,443,info,17,15,1435587878606407,1435587882306533,1435587880854651,0,0,536,11132,1238,41633,0,330,191882.9,1449192,279549.5,78147936256.0,3.8,"2413,2787,291811,292494,279839,332432,52742,50748,425063,475681,259886,310653,731,51371,620,734,450,330,293909,545953,252820,1543,20204,21185,56923,56823,156171,205918,52727,4217,1449192",40,1380.3,11172,2994.0,8963944.0,2.9,"60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40","12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0","4.438340187,4.834184170,4.784184456,5.232826710,4.734184265,7.011441231,4.784184456,7.575597763,4.634184361,6.629845142,4.684184074,7.007690430,4.734184742,7.624808311,4.784184456,7.415266037,4.734184742,5.664109230,4.734184265,7.981531620,4.784184456,7.979642391,4.734184265,7.801960945,4.715312004,7.982071400,4.834183693,7.818040848,4.834183693,7.971698284,4.715311527,4.765311718",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7" 1,ip4,10.8.0.1,46.51.173.182,tcp,36102,443,info,16,16,1435587868635666,1435587884544120,1435587884544651,0,0,501,3606,1600,8366,0,413,1026369.1,5890947,1778823.2,3164212035584.0,3.4,"9060,9459,461199,462055,319157,370793,51463,554,58722,59273,267346,318521,5838678,5890947,1921,3057,232692,285896,1892628,1892382,50926,52168,293028,345106,632,413,1258587,1309974,5014758,5014527,51517",40,352.1,3646,731.9,535720.0,3.4,"60,40,40,222,40,1052,40,2175,40,366,40,274,40,221,40,541,40,93,40,1052,40,3646,40,189,40,301,40,317,40,77,40,40","10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1","4.325758457,4.734184265,4.684184074,5.244800568,4.615312099,7.020944595,4.734184265,7.476994514,4.634184361,7.276714802,4.665312290,7.041373253,4.734184265,6.961156845,4.734184265,7.528326035,4.684184551,6.083172798,4.734184265,7.792463779,4.734184265,7.940383911,4.734184265,6.823890686,4.734184265,7.240302563,4.734184265,7.320995331,4.734184265,5.654304981,4.615312099,4.665312290",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7,8" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,282,229781,19999,306184,33,30,3,0,5,9,23,22,1,14,0,153,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,14,13,10,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,1,39,0,0,0,0,33,0,0,32,1,0,0,33,23,9,1,0,0,0,0,0,0,0,34,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,282,229755,19999,306184,33,30,3,0,5,9,23,22,1,14,0,153,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,14,13,10,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,1,39,0,0,0,0,33,0,0,32,1,0,0,33,23,9,1,0,0,0,0,0,0,0,34,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/webex.pcap.out b/test/results/flow-analyse/default/webex.pcap.out index e9b5403ea..20f14c9a4 100644 --- a/test/results/flow-analyse/default/webex.pcap.out +++ b/test/results/flow-analyse/default/webex.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.8.0.1,62.109.224.120,tcp,51154,443,info,16,16,1444570669736143,1444570675113022,1444570675113218,0,0,536,3907,4673,3966,0,309,346901.8,2270107,598058.5,357673959424.0,3.3,"9053,24144,367,16512,915259,917382,50710,52699,154574,206585,52440,7882,9392,3319,2120,963298,961965,473,411,393,309,561975,562100,368561,368512,670,601,2270083,2270107,1037,1021",40,310.6,3947,685.4,469733.5,3.5,"60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40","3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.446510792,4.734184742,4.596439362,5.373945713,4.734184742,7.261288166,4.765311718,7.251562119,4.784184456,6.015275955,7.613259315,4.784184456,7.593419075,4.784184456,6.485950947,4.784184456,7.627359390,4.784184456,7.574399471,4.784184456,7.380361080,4.784184456,7.422137737,4.734184265,7.643012047,4.734184265,6.542441368,4.734184265,7.559129715,4.734184265,7.015539169,4.784184456",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" 1,ip4,10.8.0.1,62.109.229.158,tcp,51857,443,info,16,16,1444570716599098,1444570719040525,1444570720047703,0,0,378,3907,1559,4630,0,213,190001.0,1366658,352312.5,124124102656.0,3.4,"4232,4962,6442,7614,1312624,1366658,17526,71444,145665,198977,339,53733,129549,180935,213,51454,121214,172258,51492,51164,125484,176177,50764,50844,546,1023,264310,263832,849,855,1006853",40,234.0,3947,677.2,458632.1,3.1,"60,40,40,227,40,3947,40,366,40,99,40,114,40,77,40,418,40,109,40,529,40,130,40,194,40,162,40,162,40,146,40,109","7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1","4.459092140,4.834184170,4.784183979,5.220240593,4.734184265,7.263404846,4.784183979,7.281803131,4.784184456,5.980217934,4.834184170,6.198987961,4.784184456,5.680279255,4.834183693,7.512312412,4.784184456,6.181793690,4.784184456,7.433725834,4.784183979,6.433676720,4.784184456,6.824645042,4.734184265,6.550875664,4.634184361,6.555935860,4.784184456,6.391854286,4.734184265,6.211565018",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,500,425084,67701,426653,57,45,12,2,6,4,53,39,0,51,0,279,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,10,45,7,0,0,0,1,0,0,0,0,0,0,0,0,47,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,53,0,0,0,0,0,10,2,111,0,0,0,0,57,0,0,55,2,0,0,57,53,4,0,0,0,0,0,0,0,0,76,36,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0 +0,500,425077,67701,426653,57,45,12,2,6,4,53,39,0,51,0,279,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,10,45,7,0,0,0,1,0,0,0,0,0,0,0,0,47,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,53,0,0,0,0,0,10,2,111,0,0,0,0,57,0,0,55,2,0,0,57,53,4,0,0,0,0,0,0,0,0,76,36,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/wechat.pcap.out b/test/results/flow-analyse/default/wechat.pcap.out index 9e7f73c25..99103309b 100644 --- a/test/results/flow-analyse/default/wechat.pcap.out +++ b/test/results/flow-analyse/default/wechat.pcap.out @@ -2,7 +2,7 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.103,203.205.151.162,tcp,54089,443,info,16,16,1492167353687624,1492167356095248,1492167356095234,0,0,1240,5826,4717,16498,0,287,155330.1,410564,180667.8,32640860160.0,3.8,"361610,361650,376,378130,3564,381307,56857,56856,287,287,2657,376606,375028,3327,373835,38287,2818,410564,21157,3298,393374,30885,401110,383706,785,383140,2859,2894,5754,1113,1113",52,715.5,5878,1101.2,1212669.6,3.9,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,219,52,1225,429,52,250,1140,1480,1480,52,1480,1480,52,5878,52","9,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0","4,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,1","0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,1,0,1,0","4.726680756,5.187538624,5.014835835,5.834213257,5.171407223,6.822011948,4.961856842,7.516278267,5.025067806,7.308955193,4.986606121,6.311928749,5.841652393,7.825830460,7.553427219,5.094483852,7.883197308,6.999384403,4.986606121,7.834380150,7.373102665,5.171406746,7.071372032,7.838574886,7.869080067,7.888019085,4.948144436,7.880359650,7.858109951,5.025067806,7.967877865,5.132945538",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" 1,ip4,192.168.1.103,203.205.151.162,tcp,54094,443,info,18,14,1492167378674770,1492167386718697,1492167385566065,0,0,1240,1688,8227,6835,0,435,481781.3,4544256,1044110.9,1090167570432.0,3.2,"359228,359315,435,360585,1948,362066,491,468,3580,359717,357128,3318,369214,32832,2766,400529,15038,3260,381959,38044,403106,2395,369120,36996,438834,4139732,3287,4544256,34139,398836,1152600",52,523.2,1740,556.0,309130.7,4.2,"60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,221,52,1225,429,52,250,1292,527,52,988,52,1292,527,52,989,52,1220","7,0,0,1,0,0,0,1,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0","6,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0","4.605928421,5.108290672,5.014834881,5.876290798,5.094483376,6.803863049,5.053297043,7.616803169,4.972088814,6.308379173,5.995617867,7.811126232,7.530417919,5.171407223,7.866411686,7.065956593,5.063529015,7.814155579,7.416600704,5.171407223,7.067113400,7.817794323,7.516748905,5.171407223,7.779650211,5.025067329,7.859876633,7.574586868,5.176993370,7.802303791,5.025067806,7.850266933",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" 1,ip4,192.168.1.103,203.205.151.162,tcp,54095,443,info,18,14,1492167378926091,1492167387133549,1492167385164247,0,0,1240,8225,6431,15757,0,438,465987.6,3383945,827194.4,684250497024.0,3.4,"353750,353837,953113,1178147,225005,127739,4445,132165,453,438,626,638,1531,362180,361114,370977,4561,375090,3297,3310,3017858,3341,3383945,31235,408978,7414,382158,34643,434308,1925965,3353",52,746.1,8277,1463.3,2141136.5,3.6,"60,60,52,290,60,52,52,1480,52,1480,52,312,52,178,103,1139,1480,1480,52,8277,52,1292,527,52,1363,1225,429,52,250,52,1292,527","9,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0","5,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,1","0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,0,0,0","4.726680756,5.187539101,5.014835358,5.881073475,5.174957275,4.976373672,5.171406746,6.805123806,4.976373672,7.508996010,5.025067806,7.162304878,5.025067806,6.445491314,5.965487480,7.807569027,7.879969597,7.864712715,4.986606121,7.977176189,5.025067806,7.830005169,7.567298412,5.094483376,7.875021458,7.841088295,7.461124897,5.132945061,7.021474361,5.025067806,7.846213341,7.502761364",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" -1,ip4,203.205.151.162,192.168.1.103,tcp,443,54058,finished,16,16,1492167353674975,1492167387855952,1492167387536614,0,0,198,1188,1584,9504,1,67,2194923.0,11774429,3337575.2,11139408723968.0,3.8,"67,1713342,2033838,5903,326356,805535,1165376,11414547,11774429,393649,716591,9325022,9647966,1906296,2225757,6412,325847,425651,784494,2983400,3342263,487827,806732,9168,328050,421461,782117,1181667,1542348,420552,739953",52,398.5,1240,492.5,242574.8,4.0,"250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52","8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0","7.178055763,5.101991177,7.840975285,5.162476063,7.144028187,5.025067806,7.842404366,5.138531685,7.054569721,5.063529491,7.824712276,5.138531685,7.172506809,5.171406746,7.844462872,5.138531685,7.113152027,5.041504860,7.832453728,5.100070000,7.041498184,5.094483852,7.836290359,5.138531685,7.090556145,5.132945538,7.813812256,5.138531685,6.974005222,5.118428230,7.850635529,5.124014854",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,203.205.151.162,192.168.1.103,tcp,443,54058,info,16,16,1492167353674975,1492167387855952,1492167387536614,0,0,198,1188,1584,9504,1,67,2194923.0,11774429,3337575.2,11139408723968.0,3.8,"67,1713342,2033838,5903,326356,805535,1165376,11414547,11774429,393649,716591,9325022,9647966,1906296,2225757,6412,325847,425651,784494,2983400,3342263,487827,806732,9168,328050,421461,782117,1181667,1542348,420552,739953",52,398.5,1240,492.5,242574.8,4.0,"250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52","8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0","7.178055763,5.101991177,7.840975285,5.162476063,7.144028187,5.025067806,7.842404366,5.138531685,7.054569721,5.063529491,7.824712276,5.138531685,7.172506809,5.171406746,7.844462872,5.138531685,7.113152027,5.041504860,7.832453728,5.100070000,7.041498184,5.094483852,7.836290359,5.138531685,7.090556145,5.132945538,7.813812256,5.138531685,6.974005222,5.118428230,7.850635529,5.124014854",TLS,91,1,Safe,Web,6,DPI,"" 1,ip4,192.168.1.103,203.205.151.162,tcp,54097,443,info,19,13,1492167400812629,1492167418885540,1492167414163142,0,0,1240,1688,8690,5502,0,652,1013658.8,6862195,1947754.9,3793749016576.0,3.1,"362688,362730,698,359771,652,359747,1773,1754,3156,359980,358071,7205,373852,64622,431388,4503,369570,39986,442333,4042219,3253,4448907,74384,439211,6493521,3286,6862195,32133,397513,4719084,3239",52,496.0,1740,523.8,274414.8,4.2,"60,60,52,290,52,1480,52,1740,52,178,103,1220,521,52,283,1292,527,52,988,52,1220,511,52,283,52,1292,527,52,989,52,1220,516","7,0,0,1,0,0,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0","4.693346977,5.208290577,5.053297043,5.889862537,5.094483852,6.800672054,5.014835835,7.599623203,4.948144436,6.376589775,6.023739815,7.844972134,7.566354275,5.091758728,7.215152264,7.841954708,7.609091282,4.979098797,7.780104637,5.063529015,7.807397842,7.520520687,4.948143959,7.157586575,5.026988506,7.822068691,7.580903053,5.176993370,7.824234486,5.025067329,7.837800980,7.490112305",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" 1,ip4,192.168.1.103,203.205.151.162,tcp,54098,443,info,19,13,1492167401063693,1492167421570947,1492167421929069,0,0,1240,1688,7047,5272,0,539,1334601.0,6095000,2041764.4,4168801845248.0,3.5,"346826,346918,899535,1092804,193235,160456,1799,162254,554,539,2941,351941,387151,4178860,3305,4577735,29191,386626,5733723,3651,6095000,83021,440653,5485473,3274,5845918,30151,387318,1889056,2742,2249980",52,437.7,1740,521.0,271486.5,4.1,"60,60,52,290,60,52,52,1480,52,1740,52,178,103,52,1292,527,52,989,52,1220,508,52,283,52,1292,527,52,989,52,1220,513,52","9,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1","0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1","4.760014057,5.220871925,5.000318050,5.874381065,5.254205227,5.053296566,5.118428230,6.815816879,4.983880520,7.609316826,4.930902004,6.376590252,5.910619259,5.025067806,7.831663132,7.556474686,4.961856365,7.782391071,4.983880520,7.816404343,7.565681934,5.094483852,7.163718224,5.063529015,7.819398880,7.535512924,5.132945538,7.794347763,5.101990700,7.811570168,7.574221134,5.100070000",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" 1,ip4,192.168.1.103,172.217.22.14,tcp,38657,443,info,16,16,1492167342893680,1492167433192261,1492167433240018,0,0,829,1418,1283,5138,0,53,5827255.0,45056034,15096891.0,227916113772544.0,2.0,"48172,48219,208,52487,725,52995,2368,2380,502,490,4525,7884,13634,51249,2766,53,28029,293,26129,2791,10149,38903,378,801,249,45379,2766,45043937,45047542,45056034,45052882",52,253.2,1470,422.2,178253.9,3.7,"60,60,52,274,52,1470,52,1470,52,1428,52,137,97,881,322,100,86,52,82,52,82,558,52,90,90,86,52,52,52,52,52,52","10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1","4.605927944,5.281730652,4.945419312,5.680894375,5.026988029,6.433983326,4.853978634,7.138501167,4.858624458,7.442424297,4.897086143,6.106687546,5.925421238,7.741159916,7.131931782,5.977149487,5.818537235,4.911602974,5.724431038,4.988526344,5.642052650,7.611984253,4.873141289,5.899595737,5.749487400,5.581253052,4.988526344,5.026988029,4.858624458,5.026988029,4.897086143,5.026988029",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" @@ -17,4 +17,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.103,203.205.147.171,tcp,58038,443,info,19,13,1492167776953879,1492167781392220,1492167781372855,0,0,1240,1688,8609,6923,0,433,285719.9,2508511,565344.7,319614582784.0,3.4,"266637,266706,433,272250,1305,273110,594,572,2940,271769,269630,3217,281421,29714,327642,3217,299639,37418,350851,50937,3180,368575,30208,307140,2227616,3191,2508511,50935,328714,16106,3139",52,537.9,1740,561.4,315202.6,4.2,"60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1357,1225,429,52,250,52,1292,527,52,990,52,1292,527,52,1367,52,1225,429","7,0,0,1,0,0,0,1,0,0,0,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0","4.726680279,5.287539005,5.053297043,5.856728077,5.094483852,6.784938335,4.976374149,7.592500210,4.986606121,6.312986374,5.936172009,7.837973118,7.533455849,5.132945538,7.845239639,7.816359520,7.375327110,5.132945538,7.120093346,4.986605644,7.828961372,7.600332737,5.079966545,7.769877911,4.933627129,7.832687378,7.593090057,5.138531685,7.868632793,4.933627605,7.822371960,7.393807888",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" 1,ip4,192.168.1.103,203.205.147.171,tcp,58040,443,info,20,12,1492167865975033,1492167868793020,1492167868783731,0,0,1428,1428,12291,3489,0,11,181506.0,1577028,351924.9,123851137024.0,3.2,"268280,268366,474,270444,798,270739,392,385,993,969,2788,273097,271415,164,26,13,12,11,1155,289376,22800,22424,9724,380702,1255603,4960,1577028,73342,350958,5989,3258",52,545.6,1480,599.0,358844.3,4.1,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1232,1480,1480,1480,1480,1480,315,52,52,52,143,52,1220,513,52,283,52,1292,527","7,0,0,1,0,0,0,1,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,5,0,0,0","6,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,0,0","4.680765629,5.154205322,4.884933472,5.839785576,5.017560482,6.813761711,4.831954956,7.514670849,4.842186928,7.190687180,4.895165443,6.306419849,5.873158932,7.841919422,7.869560242,7.865934372,7.865987301,7.878506184,7.864762306,7.242313385,4.964581966,4.834680080,4.895165443,6.393952847,4.986606121,7.814539909,7.515988827,5.061608315,7.244477749,4.895165443,7.844690800,7.504737377",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,883,770847,184490,376782,109,52,57,77,17,25,84,64,0,1,0,394,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,50,6,49,27,0,0,0,2,0,0,0,0,0,0,0,9,0,0,0,27,0,0,0,0,43,1,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0,0,0,0,0,0,2,0,0,0,0,100,9,0,59,40,0,10,109,84,25,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,883,770851,184490,376782,109,52,57,77,17,25,84,64,0,1,0,394,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,50,6,49,27,0,0,0,2,0,0,0,0,0,0,0,9,0,0,0,27,0,0,0,0,43,1,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0,0,0,0,0,0,2,0,0,0,0,100,9,0,59,40,0,10,109,84,25,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/weibo.pcap.out b/test/results/flow-analyse/default/weibo.pcap.out index 28d688ac3..ededf7196 100644 --- a/test/results/flow-analyse/default/weibo.pcap.out +++ b/test/results/flow-analyse/default/weibo.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.105,93.188.134.246,tcp,35807,80,finished,16,16,1463089073321163,1463089073801051,1463089073804152,0,0,484,1436,484,18086,0,142,31060.5,183686,54622.5,2983621632.0,3.4,"62151,62179,142,161101,22711,183686,5733,5740,2565,2546,10538,10551,5220,5299,3225,3182,2451,2404,5526,5539,2866,2854,2576,2563,4789,4821,162100,162064,26294,26318,3143",52,633.2,1488,674.0,454231.7,4.1,"60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.684255600,5.152156830,4.993616104,5.845283031,5.077241421,5.771981716,5.032077789,7.798841476,5.014835358,7.818611622,5.091758728,7.745497227,5.091758728,7.718579292,5.091758728,7.835317612,5.014835358,7.586729527,5.091758728,7.852894306,5.053297043,7.826751709,5.091758728,7.851661682,4.969671726,7.833436489,5.053297043,5.785848141,5.090925217,7.852241993,5.014835835,7.846589088",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" 1,ip4,192.168.1.105,93.188.134.246,tcp,35809,80,finished,16,16,1463089073334322,1463089073888564,1463089073891278,0,0,473,1436,473,18114,0,137,35845.1,252228,55584.3,3089619200.0,3.8,"50173,50197,137,181460,70884,252228,2685,2690,2552,2523,4210,4257,31840,31804,8134,8135,11411,11401,8727,8746,2645,2641,7148,7148,13606,13617,66334,66313,92394,92405,2753",52,633.7,1488,673.8,454044.4,4.1,"60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.650922298,5.152156830,4.993616104,5.858173847,5.077241421,5.751578331,5.032077789,7.309309959,5.014835358,7.854790211,5.053297043,7.861942291,4.976373672,7.880206108,5.014835358,7.834024906,4.976373672,7.858521461,5.000318050,7.864043236,5.053297043,7.880113125,4.937911987,7.884674549,4.923395157,7.850847721,5.014835358,5.755910873,5.090925217,7.855472088,5.053297043,7.856210232",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,267,223165,9449,225426,44,1,43,0,6,21,23,9,0,2,0,117,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,17,0,13,10,0,0,0,0,0,0,0,0,0,0,0,1,10,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,1,1,2,0,0,0,0,44,0,0,30,14,0,0,44,23,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 +0,267,223163,9449,225426,44,1,43,0,6,21,23,9,0,2,0,117,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,17,0,13,10,0,0,0,0,0,0,0,0,0,0,0,1,10,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,1,1,2,0,0,0,0,44,0,0,30,14,0,0,44,23,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/whatsapp_login_call.pcap.out b/test/results/flow-analyse/default/whatsapp_login_call.pcap.out index aa942dcf1..950c8c624 100644 --- a/test/results/flow-analyse/default/whatsapp_login_call.pcap.out +++ b/test/results/flow-analyse/default/whatsapp_login_call.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.4,91.253.176.65,udp,52794,9665,finished,16,16,1432582303300524,1432582305119064,1432582305008654,26,0,278,200,1888,1727,0,40,113763.5,307394,86013.0,7398240768.0,4.5,"304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436",54,141.0,306,58.8,3453.3,4.9,"72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171","1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0","5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874",SRTP.WhatsAppCall,338.45,1,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,info,17,15,1432582355253275,1432582356195572,1432582356100109,0,0,1440,948,5224,2717,0,11,57713.9,271808,91895.6,8444797952.0,3.3,"139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275",40,289.3,1480,408.5,166876.7,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.478777409,4.849197388,4.715312004,5.931038380,4.784183979,6.049894810,5.799257278,4.881687164,4.881687164,4.802665710,5.737505436,7.869925976,7.601890564,7.659376144,4.834184170,4.884183884,4.884183884,4.834183693,4.834183693,7.790913582,7.529675484,4.881687164,4.931687355,7.881880760,7.552830696,7.654625893,4.834183693,4.884183884,7.775795460,7.413623333,4.931687355,4.881687164",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"8,15" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,464,383702,81240,51420,57,24,33,45,6,20,37,13,0,5,0,226,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,23,5,31,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,1,20,0,0,2,8,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,8,0,3,0,0,0,0,55,2,0,27,29,1,0,57,37,20,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,464,383700,81240,51420,57,24,33,45,6,20,37,13,0,5,0,226,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,22,5,31,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,1,20,0,0,2,8,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,8,0,3,0,0,0,0,55,2,0,27,29,1,0,57,37,20,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/whatsapp_login_chat.pcap.out b/test/results/flow-analyse/default/whatsapp_login_chat.pcap.out index fecba9676..c31eaf996 100644 --- a/test/results/flow-analyse/default/whatsapp_login_chat.pcap.out +++ b/test/results/flow-analyse/default/whatsapp_login_chat.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,finished,17,15,1432582381179399,1432582384764367,1432582384691063,0,0,1440,948,11339,3880,1,3,228923.6,3030585,711161.6,505750847488.0,2.0,"307,68,156057,6041,20562,3,205015,214,59650,355,76,237850,6388,13739,3,246436,156,2803227,690,58,155,163,149,3030585,5762,13968,11,3,10327,10365,268249",40,515.6,1480,518.7,269058.2,4.2,"1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113","4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0","9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0","7.845222473,7.564460754,7.723596096,4.884183884,4.784184456,7.802291870,7.349081993,4.781687260,4.881687164,7.891665459,7.618573189,7.589188576,4.834184170,4.884183884,7.765514851,7.364068508,4.931687355,4.931687355,7.868970394,7.635158062,7.659084320,7.869641304,7.832291603,7.869807243,4.884183884,4.884183884,7.782162189,7.393073082,4.765311718,4.815311432,4.815311432,6.363091469",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,info,17,15,1432582381179399,1432582384764367,1432582384691063,0,0,1440,948,11339,3880,1,3,228923.6,3030585,711161.6,505750847488.0,2.0,"307,68,156057,6041,20562,3,205015,214,59650,355,76,237850,6388,13739,3,246436,156,2803227,690,58,155,163,149,3030585,5762,13968,11,3,10327,10365,268249",40,515.6,1480,518.7,269058.2,4.2,"1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113","4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0","9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0","7.845222473,7.564460754,7.723596096,4.884183884,4.784184456,7.802291870,7.349081993,4.781687260,4.881687164,7.891665459,7.618573189,7.589188576,4.834184170,4.884183884,7.765514851,7.364068508,4.931687355,4.931687355,7.868970394,7.635158062,7.659084320,7.869641304,7.832291603,7.869807243,4.884183884,4.884183884,7.782162189,7.393073082,4.765311718,4.815311432,4.815311432,6.363091469",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,60,56657,19160,5639,9,2,7,0,1,0,9,2,0,1,0,27,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,2,6,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,1,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,1,2,0,0,0,0,0,8,1,0,3,6,0,0,9,9,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,60,56653,19160,5639,9,2,7,0,1,0,9,2,0,1,0,27,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,2,6,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,1,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,1,2,0,0,0,0,0,8,1,0,3,6,0,0,9,9,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/windowsupdate_over_http.pcap.out b/test/results/flow-analyse/default/windowsupdate_over_http.pcap.out index 6d01df42f..1921ce6a0 100644 --- a/test/results/flow-analyse/default/windowsupdate_over_http.pcap.out +++ b/test/results/flow-analyse/default/windowsupdate_over_http.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9953,479,14400,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,10,8163,479,14400,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/xiaomi.pcap.out b/test/results/flow-analyse/default/xiaomi.pcap.out index aa271d377..cc0cdba81 100644 --- a/test/results/flow-analyse/default/xiaomi.pcap.out +++ b/test/results/flow-analyse/default/xiaomi.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,58,50035,3913,4078,7,0,7,0,0,0,7,0,0,6,0,30,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,6,0,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,58,50027,3913,4078,7,0,7,0,0,0,7,0,0,6,0,30,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,6,0,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/zoom.pcap.out b/test/results/flow-analyse/default/zoom.pcap.out index c596e6b9a..33deed810 100644 --- a/test/results/flow-analyse/default/zoom.pcap.out +++ b/test/results/flow-analyse/default/zoom.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.117,109.94.160.99,tcp,54871,443,info,18,14,1569520471189039,1569520471662963,1569520471590160,0,0,1440,1440,3063,8708,0,1,28227.3,156067,40349.6,1628089600.0,3.8,"31621,31782,223,32749,1986,135,18,34538,3,10485,3,10554,60088,93852,33789,375,31290,30856,4598,4,36582,6223,38193,156062,156067,114,1,94,10606,59053,3101",52,420.5,1492,552.4,305116.1,3.9,"64,60,52,569,52,1492,1492,1268,52,52,1492,79,52,178,294,52,192,118,52,1492,533,52,90,52,1317,52,1492,146,52,90,202,223","10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0","4.428027153,5.266787052,5.014835358,4.340119362,5.209868431,7.128724575,7.325717926,7.321290493,5.014835358,5.053297043,7.580979347,5.559112549,5.053297043,6.556212902,7.136325836,5.130220413,6.862732410,6.273187160,5.053297043,7.864217758,7.611272335,5.132945538,5.887335777,5.091758728,7.866543293,5.130220413,7.874340057,6.566402435,5.130220413,5.819303036,6.871904373,6.960445881",TLS.Zoom,91.189,1,Acceptable,Video,6,DPI,"15" 1,ip4,192.168.1.117,109.94.160.99,udp,58327,8801,finished,3,29,1569520471748648,1569520471785584,1569520472033049,13,0,107,1029,183,26845,0,28,10365.7,35562,8525.9,72690992.0,4.5,"31967,28,32217,4719,35562,13763,10264,10242,9996,63,10130,10327,9979,9966,107,9866,10246,10252,10251,126,10146,9980,10130,10478,32,9954,10261,9714,10315,406,9850",41,872.8,1057,383.7,147246.2,4.8,"135,63,46,41,91,71,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057","1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.872597694,4.834421635,4.434307098,4.564153194,5.116748810,4.833924294,0.510210812,0.504684150,0.513590038,0.511697888,0.528077245,0.513589978,0.515482187,0.515482187,0.513590038,0.532575667,0.515482187,0.508318722,0.515482187,0.512875855,0.532575667,0.515482187,0.511697948,0.511697888,0.513590038,0.532575667,0.515482187,0.513589978,0.510983646,0.515482187,0.532575667,0.515482187",Zoom,189,1,Acceptable,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,314,241150,69672,259806,33,6,27,0,3,2,31,23,0,8,35,115,1,0,1,2,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,12,21,3,27,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,11,0,0,0,2,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,18,2,1,0,0,0,0,33,0,0,14,17,2,0,33,31,2,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,314,241125,69672,259806,33,6,27,0,3,2,31,23,0,8,35,115,1,0,1,2,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,13,20,3,27,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,11,0,0,0,2,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,18,2,1,0,0,0,0,33,0,0,14,17,2,0,33,31,2,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_protocols/pluralsight.pcap.out b/test/results/flow-analyse/disable_protocols/pluralsight.pcap.out index f70ef698e..827ff78c9 100644 --- a/test/results/flow-analyse/disable_protocols/pluralsight.pcap.out +++ b/test/results/flow-analyse/disable_protocols/pluralsight.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,74456,3540,23176,6,0,6,0,0,0,6,10,0,0,0,28,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,59,74440,3540,23176,6,0,6,0,0,0,6,10,0,0,0,28,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_protocols/soap.pcap.out b/test/results/flow-analyse/disable_protocols/soap.pcap.out index 0b59e605d..993595bd8 100644 --- a/test/results/flow-analyse/disable_protocols/soap.pcap.out +++ b/test/results/flow-analyse/disable_protocols/soap.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,24,28672,8109,1637,3,1,2,0,0,0,3,0,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,24,28676,8109,1637,3,1,2,0,0,0,3,0,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_use_client_port/iphone.pcap.out b/test/results/flow-analyse/disable_use_client_port/iphone.pcap.out index 8bd67e1db..937843db6 100644 --- a/test/results/flow-analyse/disable_use_client_port/iphone.pcap.out +++ b/test/results/flow-analyse/disable_use_client_port/iphone.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.17,92.123.77.26,tcp,50587,443,info,18,14,1582454599934729,1582454600290030,1582454600371223,0,0,1440,1440,3458,5165,0,4,25541.8,147307,44603.2,1989448704.0,3.2,"33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566",52,322.1,1492,461.1,212650.1,3.9,"64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52","10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1","4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167",TLS.AppleiTunes,91.145,1,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.17,17.248.185.87,tcp,50581,443,info,20,12,1582454598721885,1582454600432880,1582454600398737,0,0,1440,1440,13211,8177,0,19,109285.4,803512,185220.7,34306707456.0,3.4,"145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245",52,721.0,1492,667.3,445284.8,4.3,"64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492","8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0","4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625",TLS.AppleiCloud,91.143,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,356,332482,99351,91009,51,3,48,0,4,0,50,40,1,0,0,156,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,38,8,39,3,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,1,31,0,0,2,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,46,5,0,15,31,1,4,51,50,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,356,332498,99351,91009,51,3,48,0,4,0,50,40,1,0,0,156,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,38,8,39,3,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,1,31,0,0,2,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,46,5,0,15,31,1,4,51,50,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/enable_payload_stat/1kxun.pcap.out b/test/results/flow-analyse/enable_payload_stat/1kxun.pcap.out index 2fbf779db..690ff8b18 100644 --- a/test/results/flow-analyse/enable_payload_stat/1kxun.pcap.out +++ b/test/results/flow-analyse/enable_payload_stat/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1287,1554276,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,1287,1554322,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/flow_risk_infos_disabled/http_invalid_server.pcap.out b/test/results/flow-analyse/flow_risk_infos_disabled/http_invalid_server.pcap.out index 09da8d2d6..03282adee 100644 --- a/test/results/flow-analyse/flow_risk_infos_disabled/http_invalid_server.pcap.out +++ b/test/results/flow-analyse/flow_risk_infos_disabled/http_invalid_server.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10135,82,407,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10143,82,407,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/fpc/1kxun.pcap.out b/test/results/flow-analyse/fpc/1kxun.pcap.out index 98babaeae..fce23683e 100644 --- a/test/results/flow-analyse/fpc/1kxun.pcap.out +++ b/test/results/flow-analyse/fpc/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1287,1533684,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,1287,1533730,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/flow-analyse/guess_ip_before_port_enabled/1kxun.pcap.out index d31b7f089..b83827750 100644 --- a/test/results/flow-analyse/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/flow-analyse/guess_ip_before_port_enabled/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1287,1565859,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,1287,1565905,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/guessing_disable/webex.pcap.out b/test/results/flow-analyse/guessing_disable/webex.pcap.out index 642ab8f79..c220b8e8a 100644 --- a/test/results/flow-analyse/guessing_disable/webex.pcap.out +++ b/test/results/flow-analyse/guessing_disable/webex.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.8.0.1,62.109.224.120,tcp,51154,443,info,16,16,1444570669736143,1444570675113022,1444570675113218,0,0,536,3907,4673,3966,0,309,346901.8,2270107,598058.5,357673959424.0,3.3,"9053,24144,367,16512,915259,917382,50710,52699,154574,206585,52440,7882,9392,3319,2120,963298,961965,473,411,393,309,561975,562100,368561,368512,670,601,2270083,2270107,1037,1021",40,310.6,3947,685.4,469733.5,3.5,"60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40","3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.446510792,4.734184742,4.596439362,5.373945713,4.734184742,7.261288166,4.765311718,7.251562119,4.784184456,6.015275955,7.613259315,4.784184456,7.593419075,4.784184456,6.485950947,4.784184456,7.627359390,4.784184456,7.574399471,4.784184456,7.380361080,4.784184456,7.422137737,4.734184265,7.643012047,4.734184265,6.542441368,4.734184265,7.559129715,4.734184265,7.015539169,4.784184456",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" 1,ip4,10.8.0.1,62.109.229.158,tcp,51857,443,info,16,16,1444570716599098,1444570719040525,1444570720047703,0,0,378,3907,1559,4630,0,213,190001.0,1366658,352312.5,124124102656.0,3.4,"4232,4962,6442,7614,1312624,1366658,17526,71444,145665,198977,339,53733,129549,180935,213,51454,121214,172258,51492,51164,125484,176177,50764,50844,546,1023,264310,263832,849,855,1006853",40,234.0,3947,677.2,458632.1,3.1,"60,40,40,227,40,3947,40,366,40,99,40,114,40,77,40,418,40,109,40,529,40,130,40,194,40,162,40,162,40,146,40,109","7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1","4.459092140,4.834184170,4.784183979,5.220240593,4.734184265,7.263404846,4.784183979,7.281803131,4.784184456,5.980217934,4.834184170,6.198987961,4.784184456,5.680279255,4.834183693,7.512312412,4.784184456,6.181793690,4.784184456,7.433725834,4.784183979,6.433676720,4.784184456,6.824645042,4.734184265,6.550875664,4.634184361,6.555935860,4.784184456,6.391854286,4.734184265,6.211565018",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,500,429584,67701,426653,57,45,12,2,6,4,53,39,0,51,0,279,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,10,45,7,0,0,0,1,0,0,0,0,0,0,0,0,47,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,53,0,0,0,0,0,10,2,111,0,0,0,0,57,0,0,55,2,0,0,57,53,4,0,0,0,0,0,0,0,0,76,36,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0 +0,500,429577,67701,426653,57,45,12,2,6,4,53,39,0,51,0,279,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,10,45,7,0,0,0,1,0,0,0,0,0,0,0,0,47,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,53,0,0,0,0,0,10,2,111,0,0,0,0,57,0,0,55,2,0,0,57,53,4,0,0,0,0,0,0,0,0,76,36,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/hostname_dns_check/netflix.pcap.out b/test/results/flow-analyse/hostname_dns_check/netflix.pcap.out index c2765e523..da920b228 100644 --- a/test/results/flow-analyse/hostname_dns_check/netflix.pcap.out +++ b/test/results/flow-analyse/hostname_dns_check/netflix.pcap.out @@ -27,4 +27,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.7,184.25.204.10,tcp,53252,80,finished,6,26,1484319118658049,1484319118854817,1484319119584735,0,0,245,1448,245,34752,0,508,36240.5,99830,21554.2,464585632.0,4.7,"16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489",52,1146.7,1500,613.3,376142.5,4.7,"64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" 1,ip4,192.168.1.7,184.25.204.10,tcp,53251,80,finished,14,18,1484319118657433,1484319120611345,1484319120609765,0,0,245,1448,490,22387,0,241,126007.9,1416280,340787.6,116136157184.0,2.6,"15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156",52,767.5,1500,698.9,488505.9,4.3,"64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52","12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0","4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,557,568547,117204,768140,61,31,30,9,27,1,60,69,0,31,0,266,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,49,0,32,28,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,13,0,0,0,1,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,68,18,1,0,0,0,0,61,0,0,47,13,0,1,61,60,1,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,32,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0 +0,557,568393,117204,768140,61,31,30,9,27,1,60,69,0,31,0,266,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,49,0,32,28,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,13,0,0,0,1,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,68,18,1,0,0,0,0,61,0,0,47,13,0,1,61,60,1,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,32,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0 diff --git a/test/results/flow-analyse/ip_lists_disable/1kxun.pcap.out b/test/results/flow-analyse/ip_lists_disable/1kxun.pcap.out index cb36f8cc6..8a3a9d202 100644 --- a/test/results/flow-analyse/ip_lists_disable/1kxun.pcap.out +++ b/test/results/flow-analyse/ip_lists_disable/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1287,1550415,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,1287,1550461,156501,2270815,197,9,188,38,13,6,182,17,9,24,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,7,122,49,0,0,2,2,0,0,0,1,0,0,0,38,0,0,0,5,0,0,0,0,68,0,0,45,22,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,20,6,18,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,8,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/monitoring/stun_signal.pcapng.out b/test/results/flow-analyse/monitoring/stun_signal.pcapng.out index 3354a883a..ed5056c2c 100644 --- a/test/results/flow-analyse/monitoring/stun_signal.pcapng.out +++ b/test/results/flow-analyse/monitoring/stun_signal.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,35.158.183.167,192.168.12.169,icmp,,,finished,30,2,1636901936083692,1636901980739508,1636901940925734,56,0,64,104,1760,208,0,15,1596705.0,17079364,3547473.5,12584568750080.0,2.8,"4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065",76,81.5,124,11.6,133.8,5.0,"76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84","0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384",ICMP,81,0,Acceptable,Network,6,DPI,"35" 1,ip4,192.168.12.169,18.195.131.143,udp,47767,61498,finished,16,16,1636902000073738,1636902002442030,1636902002440493,28,0,104,96,1068,1052,0,43,152743.5,665020,189167.3,35784253440.0,4.0,"68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176",56,94.2,132,24.6,605.9,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0","5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,220,178087,13408,16192,23,0,23,15,3,0,23,17,0,8,0,113,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,20,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,8,0,0,0,0,0,8,0,0,0,0,0,0,23,0,0,0,21,2,0,23,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0 +0,220,177961,13408,16192,23,0,23,15,3,0,23,17,0,8,0,113,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,20,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,8,0,0,0,0,0,8,0,0,0,0,0,0,23,0,0,0,21,2,0,23,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/telegram_videocall.pcapng.out b/test/results/flow-analyse/monitoring/telegram_videocall.pcapng.out index d2d722923..2f9da711f 100644 --- a/test/results/flow-analyse/monitoring/telegram_videocall.pcapng.out +++ b/test/results/flow-analyse/monitoring/telegram_videocall.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,5,DPI (cache),"" 1,ip4,192.168.12.169,149.154.167.222,tcp,40832,443,finished,17,15,1648032336639074,1648032364799931,1648032364830191,0,0,578,1228,1060,12707,0,8,1817805.6,25078496,6146606.0,37780767899648.0,1.5,"29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496",52,482.7,1280,530.0,280877.2,4.1,"60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52","14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1","4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439",Telegram,185,1,Acceptable,Chat,7,Match by IP,"35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,258,215418,59877,270358,34,6,28,1,4,2,32,14,0,12,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,0,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,258,215410,59877,270358,34,6,28,1,4,2,32,14,0,12,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,0,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/flow-analyse/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index 24c4402fc..9c3383089 100644 --- a/test/results/flow-analyse/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/flow-analyse/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,5,DPI (cache),"" 1,ip4,192.168.12.169,149.154.167.222,tcp,40832,443,finished,17,15,1648032336639074,1648032364799931,1648032364830191,0,0,578,1228,1060,12707,0,8,1817805.6,25078496,6146606.0,37780767899648.0,1.5,"29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496",52,482.7,1280,530.0,280877.2,4.1,"60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52","14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1","4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439",Telegram,185,1,Acceptable,Chat,7,Match by IP,"35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,258,220578,59877,270358,34,6,28,1,4,2,32,14,0,12,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,0,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,258,220570,59877,270358,34,6,28,1,4,2,32,14,0,12,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,0,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/subclassification_disable/anydesk.pcapng.out b/test/results/flow-analyse/subclassification_disable/anydesk.pcapng.out index 7a27d55a1..a9e3f335f 100644 --- a/test/results/flow-analyse/subclassification_disable/anydesk.pcapng.out +++ b/test/results/flow-analyse/subclassification_disable/anydesk.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.187,192.168.1.178,tcp,54164,7070,info,14,18,1613977595379986,1613977601740964,1613977601737415,0,0,3926,1460,5712,2727,0,0,410271.2,3021750,825943.1,682181918720.0,2.9,"491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006",40,306.3,3966,747.4,558552.1,3.1,"52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116","6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1","11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0","4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"5,15,24,30" 1,ip4,192.168.1.128,195.181.174.176,tcp,48260,443,info,16,16,1663090549161771,1663090558034917,1663090558365585,0,0,1448,1448,5817,3029,0,4,583127.8,8444631,2063627.1,4258557067264.0,1.5,"17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993",52,328.9,1500,495.5,245485.5,3.8,"60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145","8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0","7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1","4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"24,30,31" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,66,67314,19883,15955,7,1,6,0,3,0,7,8,0,5,0,29,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,4,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,4,13,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,8,0,0,1,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,9,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,66,67310,19883,15955,7,1,6,0,3,0,7,8,0,5,0,29,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,5,4,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,4,13,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,8,0,0,1,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,9,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/zoom_extra_dissection/zoom.pcap.out b/test/results/flow-analyse/zoom_extra_dissection/zoom.pcap.out index 98def4a7e..1b70023d3 100644 --- a/test/results/flow-analyse/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/flow-analyse/zoom_extra_dissection/zoom.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.117,109.94.160.99,tcp,54871,443,info,18,14,1569520471189039,1569520471662963,1569520471590160,0,0,1440,1440,3063,8708,0,1,28227.3,156067,40349.6,1628089600.0,3.8,"31621,31782,223,32749,1986,135,18,34538,3,10485,3,10554,60088,93852,33789,375,31290,30856,4598,4,36582,6223,38193,156062,156067,114,1,94,10606,59053,3101",52,420.5,1492,552.4,305116.1,3.9,"64,60,52,569,52,1492,1492,1268,52,52,1492,79,52,178,294,52,192,118,52,1492,533,52,90,52,1317,52,1492,146,52,90,202,223","10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0","4.428027153,5.266787052,5.014835358,4.340119362,5.209868431,7.128724575,7.325717926,7.321290493,5.014835358,5.053297043,7.580979347,5.559112549,5.053297043,6.556212902,7.136325836,5.130220413,6.862732410,6.273187160,5.053297043,7.864217758,7.611272335,5.132945538,5.887335777,5.091758728,7.866543293,5.130220413,7.874340057,6.566402435,5.130220413,5.819303036,6.871904373,6.960445881",TLS.Zoom,91.189,1,Acceptable,Video,6,DPI,"15" 1,ip4,192.168.1.117,109.94.160.99,udp,58327,8801,finished,3,29,1569520471748648,1569520471785584,1569520472033049,13,0,107,1029,183,26845,0,28,10365.7,35562,8525.9,72690992.0,4.5,"31967,28,32217,4719,35562,13763,10264,10242,9996,63,10130,10327,9979,9966,107,9866,10246,10252,10251,126,10146,9980,10130,10478,32,9954,10261,9714,10315,406,9850",41,872.8,1057,383.7,147246.2,4.8,"135,63,46,41,91,71,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057","1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.872597694,4.834421635,4.434307098,4.564153194,5.116748810,4.833924294,0.510210812,0.504684150,0.513590038,0.511697888,0.528077245,0.513589978,0.515482187,0.515482187,0.513590038,0.532575667,0.515482187,0.508318722,0.515482187,0.512875855,0.532575667,0.515482187,0.511697948,0.511697888,0.513590038,0.532575667,0.515482187,0.513589978,0.510983646,0.515482187,0.532575667,0.515482187",Zoom,189,1,Acceptable,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,314,245546,69672,259806,33,6,27,0,3,2,31,23,0,8,35,115,1,0,1,2,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,12,21,3,27,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,11,0,0,0,2,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,18,2,1,0,0,0,0,33,0,0,14,17,2,0,33,31,2,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,314,245521,69672,259806,33,6,27,0,3,2,31,23,0,8,35,115,1,0,1,2,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,13,20,3,27,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,11,0,0,0,2,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,18,2,1,0,0,0,0,33,0,0,14,17,2,0,33,31,2,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-captured/custom_rules/custom_rules_overwrite_domains.pcap.out b/test/results/flow-captured/custom_rules/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/anyconnect-vpn.pcap.out b/test/results/flow-captured/default/anyconnect-vpn.pcap.out index 13b9dbbdd..d9cf3afdc 100644 --- a/test/results/flow-captured/default/anyconnect-vpn.pcap.out +++ b/test/results/flow-captured/default/anyconnect-vpn.pcap.out @@ -13,8 +13,6 @@ Flow 60 not-detected: udp 10.0.0.227:52595 -> 10.0.0.1:192 Flow 25 midstream: tcp 10.0.0.227:56884 -> 184.25.56.77:80 Flow 24 midstream: tcp 10.0.0.227:56917 -> 184.25.56.77:80 Flow 58 risky: udp 10.0.0.227:54107 -> 8.37.102.91:443 -Flow 3 risky: tcp 10.0.0.227:56320 -> 10.0.0.149:8009 -Flow 3 midstream: tcp 10.0.0.227:56320 -> 10.0.0.149:8009 Flow 40 not-detected: tcp 10.0.0.227:56866 -> 10.0.0.151:8060 Flow 40 midstream: tcp 10.0.0.227:56866 -> 10.0.0.151:8060 Flow 62 risky: tcp 10.0.0.227:56954 -> 10.0.0.149:8008 diff --git a/test/results/flow-captured/default/anydesk.pcapng.out b/test/results/flow-captured/default/anydesk.pcapng.out index 9f090eeb4..1a681f6b5 100644 --- a/test/results/flow-captured/default/anydesk.pcapng.out +++ b/test/results/flow-captured/default/anydesk.pcapng.out @@ -1,5 +1,3 @@ -Flow 1 risky: tcp 192.168.149.129:36351 -> 51.83.239.144:80 -Flow 1 midstream: tcp 192.168.149.129:36351 -> 51.83.239.144:80 Flow 2 risky: tcp 192.168.149.129:43535 -> 51.83.238.219:80 Flow 5 risky: tcp 192.168.1.187:54164 -> 192.168.1.178:7070 Flow 7 risky: tcp 192.168.1.128:48260 -> 195.181.174.176:443 diff --git a/test/results/flow-captured/default/custom_rules_ip.pcapng.out b/test/results/flow-captured/default/custom_rules_ip.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/custom_rules_overwrite_domains.pcap.out b/test/results/flow-captured/default/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/matter_onoff.pcapng.out b/test/results/flow-captured/default/matter_onoff.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/mismatching_hostname.pcap.out b/test/results/flow-captured/default/mismatching_hostname.pcap.out new file mode 100644 index 000000000..617a01694 --- /dev/null +++ b/test/results/flow-captured/default/mismatching_hostname.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.2.7:35162 -> 51.38.65.98:443 diff --git a/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index e69de29bb..597972475 100644 --- a/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -0,0 +1,49 @@ +Flow 2 risky: udp 147.196.90.42:61647 -> 177.86.46.206:443 +Flow 3 risky: udp 168.144.64.5:55376 -> 212.22.246.243:443 +Flow 6 risky: udp 168.144.64.5:59827 -> 37.47.218.224:443 +Flow 4 risky: udp 168.144.64.5:64964 -> 133.202.76.105:443 +Flow 8 risky: udp 10.117.78.100:44252 -> 251.236.18.198:443 +Flow 9 risky: udp 10.117.78.100:55273 -> 202.152.155.121:443 +Flow 13 risky: udp 168.144.64.5:62652 -> 158.146.215.30:443 +Flow 11 risky: udp 168.144.64.5:53431 -> 128.248.24.1:443 +Flow 18 risky: udp 168.144.64.5:51248 -> 99.42.133.245:443 +Flow 19 risky: udp 168.144.64.5:60896 -> 45.228.175.189:443 +Flow 20 risky: udp 168.144.64.5:60551 -> 128.248.24.1:443 +Flow 23 risky: udp 168.144.64.5:51296 -> 128.248.24.1:443 +Flow 34 risky: udp 168.144.64.5:53127 -> 113.250.137.243:443 +Flow 36 risky: udp 192.168.254.11:59048 -> 251.236.18.198:443 +Flow 42 risky: udp 192.168.254.11:51075 -> 117.148.117.30:443 +Flow 43 risky: udp 192.168.254.11:49689 -> 87.179.155.149:443 +Flow 47 risky: udp 168.144.64.5:50552 -> 108.171.138.182:443 +Flow 48 risky: udp 168.144.64.5:56844 -> 113.250.137.243:443 +Flow 51 risky: udp 168.144.64.5:56683 -> 113.250.137.243:443 +Flow 55 risky: udp 168.144.64.5:64693 -> 113.250.137.243:443 +Flow 56 risky: udp 168.144.64.5:59680 -> 117.148.117.30:443 +Flow 58 risky: udp 168.144.64.5:52387 -> 143.52.137.18:443 +Flow 59 risky: udp 168.144.64.5:49860 -> 113.250.137.243:443 +Flow 61 risky: udp 168.144.64.5:57735 -> 137.238.249.2:443 +Flow 68 risky: udp 52.187.20.175:63507 -> 121.209.126.161:443 +Flow 67 risky: udp 52.187.20.175:58123 -> 118.89.218.46:443 +Flow 75 risky: udp 168.144.64.5:65391 -> 128.248.24.1:443 +Flow 76 risky: udp 168.144.64.5:58832 -> 117.148.117.30:443 +Flow 74 risky: udp 168.144.64.5:61886 -> 65.33.51.74:443 +Flow 77 risky: udp 168.144.64.5:58429 -> 38.57.8.121:443 +Flow 73 risky: udp 168.144.64.5:55066 -> 128.248.24.1:443 +Flow 79 risky: udp 168.144.64.5:60934 -> 128.248.24.1:443 +Flow 82 risky: udp 168.144.64.5:63925 -> 39.227.72.32:443 +Flow 80 risky: udp 168.144.64.5:59785 -> 128.248.24.1:443 +Flow 84 risky: udp 168.144.64.5:56384 -> 117.148.117.30:443 +Flow 86 risky: udp 168.144.64.5:64497 -> 102.194.207.179:443 +Flow 85 risky: udp 168.144.64.5:57398 -> 137.238.249.2:443 +Flow 88 risky: udp 168.144.64.5:58956 -> 128.248.24.1:443 +Flow 87 risky: udp 168.144.64.5:55572 -> 117.148.117.30:443 +Flow 89 risky: udp 168.144.64.5:54449 -> 102.194.207.179:443 +Flow 92 risky: udp 168.144.64.5:52942 -> 93.100.151.221:443 +Flow 101 risky: udp 168.144.64.5:65360 -> 65.33.51.74:443 +Flow 103 risky: udp 52.187.20.175:61484 -> 202.152.155.121:443 +Flow 102 risky: udp 159.117.176.124:64134 -> 207.121.63.92:443 +Flow 109 risky: udp 168.144.64.5:58351 -> 193.68.169.100:443 +Flow 108 risky: udp 168.144.64.5:62719 -> 31.219.210.96:443 +Flow 111 risky: udp 168.144.64.5:60919 -> 53.101.228.200:443 +Flow 112 risky: udp 168.144.64.5:50423 -> 144.237.113.58:443 +Flow 113 risky: udp 168.144.64.5:59206 -> 76.231.104.92:443 diff --git a/test/results/flow-captured/default/quic_t51.pcap.out b/test/results/flow-captured/default/quic_t51.pcap.out index e69de29bb..59bec8c5d 100644 --- a/test/results/flow-captured/default/quic_t51.pcap.out +++ b/test/results/flow-captured/default/quic_t51.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 187.227.136.152:55356 -> 211.247.147.90:443 diff --git a/test/results/flow-captured/default/quickplay.pcap.out b/test/results/flow-captured/default/quickplay.pcap.out index ed14e2db3..9b87595ad 100644 --- a/test/results/flow-captured/default/quickplay.pcap.out +++ b/test/results/flow-captured/default/quickplay.pcap.out @@ -11,6 +11,7 @@ Flow 12 midstream: tcp 10.54.169.250:42761 -> 203.205.129.101:80 Flow 14 risky: tcp 10.54.169.250:42762 -> 203.205.129.101:80 Flow 14 midstream: tcp 10.54.169.250:42762 -> 203.205.129.101:80 Flow 16 midstream: tcp 10.54.169.250:56381 -> 54.179.140.65:80 +Flow 6 risky: tcp 10.54.169.250:33277 -> 120.28.26.231:80 Flow 6 midstream: tcp 10.54.169.250:33277 -> 120.28.26.231:80 Flow 7 midstream: tcp 10.54.169.250:44793 -> 31.13.68.49:80 Flow 4 midstream: tcp 10.54.169.250:52285 -> 173.252.74.22:80 diff --git a/test/results/flow-captured/default/reddit.pcap.out b/test/results/flow-captured/default/reddit.pcap.out index eb82cedf8..5399564dc 100644 --- a/test/results/flow-captured/default/reddit.pcap.out +++ b/test/results/flow-captured/default/reddit.pcap.out @@ -1 +1 @@ -Flow 48 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:59624 -> 2a00:1450:4007:80b::2001:443 +Flow 34 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:51100 -> 64:ff9b::d83a:d1e6:443 diff --git a/test/results/flow-captured/default/telnet.pcap.out b/test/results/flow-captured/default/telnet.pcap.out index 70d284ec3..99e34f810 100644 --- a/test/results/flow-captured/default/telnet.pcap.out +++ b/test/results/flow-captured/default/telnet.pcap.out @@ -1 +1,2 @@ +Flow 2 risky: tcp 10.17.167.141:5355 -> 20.1.178.225:23 Flow 1 risky: tcp 192.168.0.2:1550 -> 192.168.0.1:23 diff --git a/test/results/flow-captured/default/tls_certificate_too_long.pcap.out b/test/results/flow-captured/default/tls_certificate_too_long.pcap.out index 8cb8fcc8e..607ac1178 100644 --- a/test/results/flow-captured/default/tls_certificate_too_long.pcap.out +++ b/test/results/flow-captured/default/tls_certificate_too_long.pcap.out @@ -1,8 +1,8 @@ -Flow 24 midstream: tcp 192.168.1.121:53429 -> 52.98.163.18:443 -Flow 25 midstream: tcp 192.168.1.121:53428 -> 52.98.163.18:443 Flow 18 risky: tcp 192.168.1.121:53912 -> 2.22.33.235:80 Flow 19 risky: tcp 192.168.1.121:53913 -> 2.22.33.235:80 Flow 20 midstream: tcp 192.168.1.121:53905 -> 140.82.113.26:443 +Flow 25 midstream: tcp 192.168.1.121:53428 -> 52.98.163.18:443 +Flow 24 midstream: tcp 192.168.1.121:53429 -> 52.98.163.18:443 Flow 2 not-detected: tcp 192.168.1.121:52721 -> 192.168.1.139:55367 Flow 2 midstream: tcp 192.168.1.121:52721 -> 192.168.1.139:55367 Flow 3 risky: udp 192.168.1.121:52251 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/default/tumblr.pcap.out b/test/results/flow-captured/default/tumblr.pcap.out index 01d96f8cc..1d06642a7 100644 --- a/test/results/flow-captured/default/tumblr.pcap.out +++ b/test/results/flow-captured/default/tumblr.pcap.out @@ -1,5 +1,4 @@ Flow 6 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:42908 -> 64:ff9b::98c7:1593:443 Flow 9 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43434 -> 64:ff9b::c000:4d28:443 Flow 2 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:48240 -> 64:ff9b::9765:789d:443 -Flow 15 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:51874 -> 64:ff9b::c000:4c03:443 Flow 14 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:56794 -> 64:ff9b::c000:4d03:443 diff --git a/test/results/flow-captured/default/wechat.pcap.out b/test/results/flow-captured/default/wechat.pcap.out index d271fe0bf..b7195fbee 100644 --- a/test/results/flow-captured/default/wechat.pcap.out +++ b/test/results/flow-captured/default/wechat.pcap.out @@ -1,2 +1,2 @@ -Flow 13 midstream: tcp 203.205.151.162:443 -> 192.168.1.103:54058 Flow 25 midstream: tcp 192.168.1.103:40740 -> 203.205.151.211:443 +Flow 13 midstream: tcp 203.205.151.162:443 -> 192.168.1.103:54058 diff --git a/test/results/flow-captured/default/whatsapp_login_call.pcap.out b/test/results/flow-captured/default/whatsapp_login_call.pcap.out index 59c54207f..f7c2494af 100644 --- a/test/results/flow-captured/default/whatsapp_login_call.pcap.out +++ b/test/results/flow-captured/default/whatsapp_login_call.pcap.out @@ -3,6 +3,5 @@ Flow 6 midstream: tcp 192.168.2.4:49172 -> 23.50.148.228:443 Flow 54 risky: udp 192.168.2.4:52794 -> 1.194.90.191:51727 Flow 17 risky: tcp 192.168.2.4:49204 -> 17.173.66.102:443 Flow 57 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443 -Flow 1 midstream: tcp 192.168.2.4:49199 -> 17.172.100.70:993 Flow 13 risky: tcp 192.168.2.4:49201 -> 17.178.104.12:443 Flow 16 midstream: tcp 192.168.2.4:49193 -> 17.110.229.14:5223 diff --git a/test/results/flow-captured/default/zoom.pcap.out b/test/results/flow-captured/default/zoom.pcap.out index ecfd4e855..855c8c8ce 100644 --- a/test/results/flow-captured/default/zoom.pcap.out +++ b/test/results/flow-captured/default/zoom.pcap.out @@ -1,3 +1,2 @@ -Flow 16 midstream: tcp 192.168.1.117:53872 -> 35.186.224.53:443 Flow 9 risky: udp 192.168.1.117:65394 -> 192.168.1.1:53 Flow 30 risky: tcp 192.168.1.117:54871 -> 109.94.160.99:443 diff --git a/test/results/flow-captured/subclassification_disable/anydesk.pcapng.out b/test/results/flow-captured/subclassification_disable/anydesk.pcapng.out index 9f090eeb4..1a681f6b5 100644 --- a/test/results/flow-captured/subclassification_disable/anydesk.pcapng.out +++ b/test/results/flow-captured/subclassification_disable/anydesk.pcapng.out @@ -1,5 +1,3 @@ -Flow 1 risky: tcp 192.168.149.129:36351 -> 51.83.239.144:80 -Flow 1 midstream: tcp 192.168.149.129:36351 -> 51.83.239.144:80 Flow 2 risky: tcp 192.168.149.129:43535 -> 51.83.238.219:80 Flow 5 risky: tcp 192.168.1.187:54164 -> 192.168.1.178:7070 Flow 7 risky: tcp 192.168.1.128:48260 -> 195.181.174.176:443 diff --git a/test/results/flow-captured/zoom_extra_dissection/zoom.pcap.out b/test/results/flow-captured/zoom_extra_dissection/zoom.pcap.out index ecfd4e855..855c8c8ce 100644 --- a/test/results/flow-captured/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/flow-captured/zoom_extra_dissection/zoom.pcap.out @@ -1,3 +1,2 @@ -Flow 16 midstream: tcp 192.168.1.117:53872 -> 35.186.224.53:443 Flow 9 risky: udp 192.168.1.117:65394 -> 192.168.1.1:53 Flow 30 risky: tcp 192.168.1.117:54871 -> 109.94.160.99:443 diff --git a/test/results/flow-info/custom_rules/custom_rules_overwrite_domains.pcap.out b/test/results/flow-info/custom_rules/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..4a4b044ae --- /dev/null +++ b/test/results/flow-info/custom_rules/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,26 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] + detected: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + analyse: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] [TLS.Google][Google][Web][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.061| 0.008| 0.014| 202.873| 3.100] + [PKTLEN......: 52.000| 4471.000| 421.600| 924.400| 854508.300| 3.200] + [BINS(c->s)..: 10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2] + [BINS(s->c)..: 10,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1] + [DIRECTIONS..: 0,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,0,0,0,0,1] + [IATS(ms)....: 22.3,22.4,1.2,0.5,0.0,20.6,0.0,0.0,1.5,0.0,0.0,0.0,0.0,20.4,0.0,0.0,0.7,0.6,20.4,41.1,0.0,0.0,0.0,0.0,60.5,1.4,1.2,4.0,0.7,0.0,23.7] + [PKTLENS.....: 60,60,52,2527,58,4471,52,52,52,1910,114,52,52,83,52,52,52,136,83,52,1452,722,366,341,83,52,91,91,91,76,52,52] + [ENTROPIES...: 4.6,5.2,4.9,7.8,5.0,8.0,5.2,5.1,5.1,7.9,6.2,5.0,5.0,5.7,4.9,4.9,4.9,6.1,5.7,5.1,7.9,7.7,7.3,7.3,5.7,5.0,5.9,5.9,5.9,5.5,5.0,5.0] + new: [.....2] [ip4][..tcp] [..192.168.1.143][46116] -> [..17.253.144.10][..443] + detected: [.....2] [ip4][..tcp] [..192.168.1.143][46116] -> [..17.253.144.10][..443] [TLS.Apple][Apple][Web][Safe][apple.com] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.143][46116] -> [..17.253.144.10][..443] [TLS.Apple][Apple][Web][Safe][apple.com] + new: [.....3] [ip4][..tcp] [..192.168.1.143][43052] -> [...23.60.189.51][..443] + detected: [.....3] [ip4][..tcp] [..192.168.1.143][43052] -> [...23.60.189.51][..443] [TLS.Apple][Akamai][Web][Safe][www.apple.com] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.143][43052] -> [...23.60.189.51][..443] [TLS.Apple][Akamai][Web][Safe][www.apple.com] + idle: [.....3] [ip4][..tcp] [..192.168.1.143][43052] -> [...23.60.189.51][..443] [TLS.Apple][Akamai][Web][Safe] + end: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + end: [.....2] [ip4][..tcp] [..192.168.1.143][46116] -> [..17.253.144.10][..443] [TLS.Apple][Apple][Web][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out index 610c1bd13..5a9b4c05a 100644 --- a/test/results/flow-info/default/1kxun.pcap.out +++ b/test/results/flow-info/default/1kxun.pcap.out @@ -632,7 +632,7 @@ new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Fun][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] - detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] + detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -710,60 +710,60 @@ new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] - detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] + detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] + detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] new: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][cdn.liftoff.io] + detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun][cdn.liftoff.io] new: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] - detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][] RISK: HTTP Susp User-Agent new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] new: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][] new: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [MIDSTREAM] - detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] - detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] new: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [MIDSTREAM] - detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] + detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM] - detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] + detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] - detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] - detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] @@ -771,13 +771,13 @@ idle: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] - idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] - idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] + idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] + idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] + idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] - idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] - idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] - idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] + idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] + idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] idle: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -785,18 +785,18 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] - idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] + idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][www.google-analytics.com] idle: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] - idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] @@ -810,7 +810,7 @@ idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) - idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] @@ -820,9 +820,9 @@ idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] - idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] - idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] + idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] idle: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] RISK: HTTP Susp User-Agent, Error Code idle: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] @@ -831,11 +831,11 @@ idle: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] - idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] - idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] - idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] + idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun] + idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] idle: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/KakaoTalk_chat.pcap.out b/test/results/flow-info/default/KakaoTalk_chat.pcap.out index 764a5c9ce..18de70846 100644 --- a/test/results/flow-info/default/KakaoTalk_chat.pcap.out +++ b/test/results/flow-info/default/KakaoTalk_chat.pcap.out @@ -100,7 +100,7 @@ detection-update: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][developers.facebook.com] RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [MIDSTREAM] - detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe] + detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AWS_EC2][Web][Safe] RISK: Known Proto on Non Std Port analyse: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy @@ -157,13 +157,13 @@ [ENTROPIES...: 4.7,5.0,4.9,5.2,4.7,5.0,6.5,7.1,6.7,4.8,4.9,4.9,6.5,4.9,5.9,4.8,7.7,5.0,5.6,4.8,6.9,7.1,5.0,5.0,5.8,4.9,5.5,4.9,5.6,6.3,5.0,5.0] update: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Unknown][Network][Acceptable] new: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] - detected: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe][] + detected: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS][AWS_EC2][Web][Safe][] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) idle: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-m.talk.kakao.com] idle: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][2.97.252.173.in-addr.arpa] - end: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe] + end: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AWS_EC2][Web][Safe] RISK: Known Proto on Non Std Port - idle: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe] + idle: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS][AWS_EC2][Web][Safe] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) idle: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe] end: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS.KakaoTalk][Unknown][Chat][Acceptable] diff --git a/test/results/flow-info/default/KakaoTalk_talk.pcap.out b/test/results/flow-info/default/KakaoTalk_talk.pcap.out index b0c15e100..82e043d19 100644 --- a/test/results/flow-info/default/KakaoTalk_talk.pcap.out +++ b/test/results/flow-info/default/KakaoTalk_talk.pcap.out @@ -93,7 +93,7 @@ RISK: Obsolete TLS (v1.1 or older) idle: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Unknown][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher - guessed: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + guessed: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [AWS_EC2][AWS_EC2][Cloud][Acceptable] idle: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] idle: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe] end: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkminorshort.weixin.qq.com] diff --git a/test/results/flow-info/default/alexa-app.pcapng.out b/test/results/flow-info/default/alexa-app.pcapng.out index 8494af309..86dc862b2 100644 --- a/test/results/flow-info/default/alexa-app.pcapng.out +++ b/test/results/flow-info/default/alexa-app.pcapng.out @@ -44,11 +44,11 @@ detected: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com] detection-update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com] new: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] - detected: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + detected: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] detected: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mads.amazon-adsystem.com] @@ -81,12 +81,12 @@ detected: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com] detection-update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] - detected: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] - detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] - detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detected: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] - detected: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] - detection-update: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detected: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] detected: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com] detection-update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com] @@ -115,14 +115,14 @@ new: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] new: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] detected: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] - detected: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + detected: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] new: [....39] [ip4][..tcp] [..172.16.42.216][54413] -> [..52.85.209.216][..443] - detected: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - analyse: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] + detected: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + analyse: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.091| 0.022| 0.031| 964.249| 3.600] [PKTLEN......: 52.000| 1500.000| 580.300| 637.000| 405792.100| 4.100] @@ -210,9 +210,9 @@ RISK: Weak TLS Cipher new: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] new: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] - detected: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + detected: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] detected: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] - detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] detection-update: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] analyse: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] min| max| avg| stddev| variance| entropy @@ -253,8 +253,8 @@ detection-update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com] new: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] detection-update: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] - detected: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - detection-update: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + detected: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + detection-update: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] new: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] detected: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][api.amazon.com] detection-update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][api.amazon.com] @@ -265,7 +265,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][api.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] + analyse: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.897| 0.237| 0.560| 313730.662| 2.800] [PKTLEN......: 52.000| 1500.000| 603.100| 665.400| 442821.700| 4.100] @@ -335,9 +335,9 @@ new: [....76] [ip4][..tcp] [..172.16.42.216][49613] -> [..52.94.232.134][...80] detected: [....76] [ip4][..tcp] [..172.16.42.216][49613] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com] new: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] - detected: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] - detection-update: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] - detection-update: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detected: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] new: [....79] [ip4][..tcp] [..172.16.42.216][34054] -> [..54.239.24.186][..443] detected: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] @@ -407,7 +407,7 @@ detection-update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com] new: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] new: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443] - detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] + detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AWS_S3][Cloud][Acceptable][s3-external-2.amazonaws.com] analyse: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.192| 0.160| 0.282| 79548.359| 3.500] @@ -418,8 +418,8 @@ [IATS(ms)....: 214.4,219.1,3.7,1161.8,1191.6,0.1,0.0,75.9,170.4,0.4,119.0,9.7,7.9,105.5,90.0,79.1,135.4,22.4,255.4,0.3,202.3,1.2,199.7,0.1,0.1,204.8,0.0,11.4,221.9,0.1,253.2] [PKTLENS.....: 60,48,40,279,279,46,125,93,40,46,178,40,99,1500,46,206,46,46,1133,1500,254,46,541,1500,270,162,46,46,525,1500,190,46] [ENTROPIES...: 4.7,5.1,4.8,5.9,5.9,4.6,6.1,6.0,4.7,4.6,6.5,4.7,5.9,7.9,4.6,6.9,4.6,4.6,7.8,7.9,7.1,4.6,7.5,7.9,7.2,6.6,4.5,4.6,7.6,7.9,6.8,4.6] - detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] - detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] + detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AWS_S3][Cloud][Acceptable][s3-external-2.amazonaws.com] + detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AWS_S3][Cloud][Acceptable][s3-external-2.amazonaws.com] analyse: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.080| 0.209| 0.303| 92031.574| 3.700] @@ -454,10 +454,10 @@ new: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] new: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] detected: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] - detected: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] + detected: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AWS_S3][Cloud][Acceptable][s3-external-2.amazonaws.com] detection-update: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] - detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] - detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] + detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AWS_S3][Cloud][Acceptable][s3-external-2.amazonaws.com] + detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AWS_S3][Cloud][Acceptable][s3-external-2.amazonaws.com] update: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] new: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] detected: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][skills-store.amazon.com] @@ -568,13 +568,13 @@ new: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] new: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] new: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] - detected: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] + detected: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.295| 0.052| 0.098| 9533.209| 3.000] [PKTLEN......: 52.000| 1500.000| 597.000| 635.800| 404189.900| 4.100] @@ -604,13 +604,13 @@ new: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] new: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] new: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] - detected: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] + detected: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.179| 0.023| 0.044| 1924.322| 3.100] [PKTLEN......: 52.000| 1500.000| 743.400| 681.300| 464196.800| 4.300] @@ -637,7 +637,7 @@ update: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] update: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com] - analyse: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] + analyse: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.511| 0.042| 0.110| 12114.281| 2.500] [PKTLEN......: 52.000| 1500.000| 679.600| 671.900| 451493.000| 4.200] @@ -657,7 +657,7 @@ RISK: Weak TLS Cipher idle: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] idle: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Unknown][Network][Acceptable] - analyse: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] + analyse: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 120.003| 3.968| 21.185| 448816230.695| 0.300] [PKTLEN......: 52.000| 1500.000| 436.500| 570.000| 324877.800| 3.900] @@ -674,7 +674,7 @@ idle: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Unknown][Network][Acceptable] RISK: Susp Entropy end: [....22] [ip4][..tcp] [..172.16.42.216][49572] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com] - end: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] + end: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable] idle: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] idle: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] update: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][skills-store.amazon.com] @@ -718,11 +718,11 @@ RISK: Weak TLS Cipher end: [....45] [ip4][..tcp] [..172.16.42.216][49589] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com] RISK: Error Code - end: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - end: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] - guessed: [....39] [ip4][..tcp] [..172.16.42.216][54413] -> [..52.85.209.216][..443] [TLS][AmazonAWS][Web][Safe] + end: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + end: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] + guessed: [....39] [ip4][..tcp] [..172.16.42.216][54413] -> [..52.85.209.216][..443] [TLS][AWS_Cloudfront][Web][Safe] end: [....39] [ip4][..tcp] [..172.16.42.216][54413] -> [..52.85.209.216][..443] - end: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] + end: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] end: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] end: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] end: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] @@ -730,7 +730,7 @@ guessed: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] RISK: TCP Connection Issues, Probing Attempt end: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080] - end: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] + end: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable] update: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][android-1c1335ec95a27318] update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com] update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][api.amazon.com] @@ -799,9 +799,9 @@ new: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] new: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] detected: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com] - detected: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + detected: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] + detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] detection-update: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com] new: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] detected: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com] @@ -810,7 +810,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] + analyse: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.106| 0.022| 0.031| 964.869| 3.600] [PKTLEN......: 52.000| 1500.000| 525.800| 600.400| 360465.600| 4.100] @@ -826,16 +826,16 @@ new: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] new: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] new: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] - detected: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] - detected: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] - detected: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] + detected: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] + detected: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] + detected: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] new: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] - detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] - detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] - detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] - detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] - detection-update: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] - detection-update: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] detected: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] [TLS][AmazonAWS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] [TLS][AmazonAWS][Web][Safe][] @@ -853,7 +853,7 @@ end: [....74] [ip4][..tcp] [..172.16.42.216][45698] -> [..52.94.232.134][..443] [TLS.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable] RISK: Weak TLS Cipher end: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com] - end: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + end: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] end: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com] update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com] @@ -867,13 +867,13 @@ update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com] update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] - detected: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS][AWS_Cloudfront][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS][AmazonAWS][Web][Safe][] + detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS][AWS_Cloudfront][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][] + detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] + analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.241| 0.031| 0.057| 3274.655| 3.400] [PKTLEN......: 52.000| 1500.000| 620.400| 578.400| 334504.200| 4.300] @@ -885,7 +885,7 @@ [ENTROPIES...: 4.7,5.2,5.1,5.4,5.2,7.0,7.3,7.7,5.0,5.1,5.1,6.6,6.1,7.7,7.7,6.1,5.1,5.2,7.8,7.4,7.1,7.7,7.8,7.5,7.9,6.8,7.6,7.9,7.9,7.9,7.9,7.9] new: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com] - analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] + analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.264| 0.057| 0.086| 7393.244| 3.600] [PKTLEN......: 52.000| 1500.000| 532.200| 595.200| 354289.100| 4.100] @@ -926,10 +926,10 @@ guessed: [...100] [ip4][..tcp] [..172.16.42.216][34073] -> [..54.239.24.186][..443] [TLS][AmazonAWS][Web][Safe] end: [...100] [ip4][..tcp] [..172.16.42.216][34073] -> [..54.239.24.186][..443] end: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] - idle: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] - idle: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] - idle: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] - idle: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + idle: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] + idle: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] + idle: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][images-na.ssl-images-amazon.com] + idle: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] idle: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com] end: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443] [TLS][AmazonAWS][Web][Safe] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher @@ -954,10 +954,10 @@ idle: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher idle: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com] - end: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] - guessed: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443] [TLS][AmazonAWS][Web][Safe] + end: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AWS_S3][Cloud][Acceptable] + guessed: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443] [TLS][AWS_S3][Web][Safe] end: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443] - end: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] + end: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AWS_S3][Cloud][Acceptable] end: [...104] [ip4][..tcp] [..172.16.42.216][40853] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] RISK: Weak TLS Cipher end: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com] @@ -1014,18 +1014,18 @@ idle: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com] idle: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com] idle: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com] - end: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - end: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] + end: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] + end: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AWS_Cloudfront][Web][Acceptable][ecx.images-amazon.com] end: [....76] [ip4][..tcp] [..172.16.42.216][49613] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com] guessed: [....90] [ip4][..tcp] [..172.16.42.216][49627] -> [..52.94.232.134][...80] [HTTP][AmazonAWS][Web][Acceptable][] end: [....90] [ip4][..tcp] [..172.16.42.216][49627] -> [..52.94.232.134][...80] @@ -1036,7 +1036,7 @@ idle: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com] idle: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][ecx.images-amazon.com] idle: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com] - end: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] + end: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable][www.amazon.com] RISK: TLS (probably) Not Carrying HTTPS idle: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com] idle: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com] @@ -1074,7 +1074,7 @@ guessed: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] RISK: TCP Connection Issues, Probing Attempt end: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] - end: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] + end: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AWS_EC2][Cloud][Acceptable] idle: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mads.amazon-adsystem.com] idle: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com] idle: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com] @@ -1085,6 +1085,6 @@ idle: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com] idle: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com] idle: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com] - idle: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] + idle: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AWS_Cloudfront][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/android.pcap.out b/test/results/flow-info/default/android.pcap.out index f332bfd85..412cd5211 100644 --- a/test/results/flow-info/default/android.pcap.out +++ b/test/results/flow-info/default/android.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...95.101.24.53][..443] -> [...192.168.2.17][50677] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [...95.101.24.53][..443] -> [...192.168.2.17][50677] [TLS][Unknown][Web][Safe] + detected: [.....1] [ip4][..tcp] [...95.101.24.53][..443] -> [...192.168.2.17][50677] [TLS][Akamai][Web][Safe] new: [.....2] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50584] [MIDSTREAM] detected: [.....2] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50584] [TLS][Apple][Web][Safe] detection-update: [.....2] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50584] [TLS][Apple][Web][Safe] @@ -241,7 +241,7 @@ idle: [....14] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.16][...68] [DHCP][Unknown][Network][Acceptable] idle: [.....9] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][check.googlezip.net] - idle: [.....1] [ip4][..tcp] [...95.101.24.53][..443] -> [...192.168.2.17][50677] [TLS][Unknown][Web][Safe] + idle: [.....1] [ip4][..tcp] [...95.101.24.53][..443] -> [...192.168.2.17][50677] [TLS][Akamai][Web][Safe] idle: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][clients1.google.com] idle: [.....6] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][semanticlocation-pa.googleapis.com] diff --git a/test/results/flow-info/default/anyconnect-vpn.pcap.out b/test/results/flow-info/default/anyconnect-vpn.pcap.out index 6a1bfe8a8..e1c3ad35e 100644 --- a/test/results/flow-info/default/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/default/anyconnect-vpn.pcap.out @@ -33,9 +33,9 @@ detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [MIDSTREAM] - detected: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS][AmazonAWS][Web][Safe] + detected: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS][AWS_EC2][Web][Safe] new: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [MIDSTREAM] - detected: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [TLS][AmazonAWS][Web][Safe] + detected: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [TLS][AWS_EC2][Web][Safe] new: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] detected: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch @@ -81,8 +81,8 @@ detected: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][slack.com] detection-update: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][slack.com] new: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] - detected: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AmazonAWS][Collaborative][Acceptable][slack.com] - detection-update: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AmazonAWS][Collaborative][Acceptable][slack.com] + detected: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AWS_Cloudfront][Collaborative][Acceptable][slack.com] + detection-update: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AWS_Cloudfront][Collaborative][Acceptable][slack.com] new: [....29] [ip4][..tcp] [.....10.0.0.227][56910] -> [...35.201.124.9][..443] [MIDSTREAM] detected: [....29] [ip4][..tcp] [.....10.0.0.227][56910] -> [...35.201.124.9][..443] [TLS][GoogleCloud][Web][Safe] new: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] @@ -150,12 +150,12 @@ detected: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][mozilla.org] new: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] detected: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][detectportal.firefox.com] - detected: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][Unknown][ConnCheck][Safe][detectportal.firefox.com] - detected: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][Unknown][ConnCheck][Safe][detectportal.firefox.com] + detected: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][Akamai][ConnCheck][Safe][detectportal.firefox.com] + detected: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][Akamai][ConnCheck][Safe][detectportal.firefox.com] detection-update: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][mozilla.org] detection-update: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][detectportal.firefox.com] new: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [MIDSTREAM] - detected: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [TLS][AmazonAWS][Web][Safe] + detected: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [TLS][AWS_EC2][Web][Safe] new: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [MIDSTREAM] new: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] detected: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][www.apple.com] @@ -238,8 +238,8 @@ RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - idle: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [TLS][AmazonAWS][Web][Safe] - idle: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS][AmazonAWS][Web][Safe] + idle: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [TLS][AWS_EC2][Web][Safe] + idle: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS][AWS_EC2][Web][Safe] idle: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] [SSDP][Unknown][System][Acceptable] idle: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] idle: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][apple.com] @@ -273,7 +273,7 @@ RISK: Error Code idle: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][1-courier.sandbox.push.apple.com] idle: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local] - end: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AmazonAWS][Collaborative][Acceptable] + end: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AWS_Cloudfront][Collaborative][Acceptable] idle: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][www.apple.com] idle: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][vco.pandion.viasat.com] idle: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable] @@ -295,13 +295,13 @@ end: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] idle: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250] idle: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][Unknown][System][Acceptable] - idle: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [TLS][AmazonAWS][Web][Safe] + idle: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [TLS][AWS_EC2][Web][Safe] idle: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250] idle: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] [SSDP][Unknown][System][Acceptable] - idle: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][Unknown][ConnCheck][Safe][detectportal.firefox.com] - guessed: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] [HTTP][Unknown][Web][Acceptable][] + idle: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][Akamai][ConnCheck][Safe][detectportal.firefox.com] + guessed: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] [HTTP][Akamai][Web][Acceptable][] end: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] - idle: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][Unknown][ConnCheck][Safe][detectportal.firefox.com] + idle: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][Akamai][ConnCheck][Safe][detectportal.firefox.com] idle: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Unknown][Web][Safe] RISK: Obsolete TLS (v1.1 or older) idle: [.....3] [ip4][..tcp] [.....10.0.0.227][56320] -> [.....10.0.0.149][.8009] [TLS][Unknown][Web][Safe] diff --git a/test/results/flow-info/default/bets.pcapng.out b/test/results/flow-info/default/bets.pcapng.out index 7f39a2222..3ed0705dc 100644 --- a/test/results/flow-info/default/bets.pcapng.out +++ b/test/results/flow-info/default/bets.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] - detected: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] - detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] - analyse: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe] + detected: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AWS_Cloudfront][Web][Safe][www.1084bets10.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AWS_Cloudfront][Web][Safe][www.1084bets10.com] + analyse: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AWS_Cloudfront][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.047| 0.011| 0.018| 331.618| 3.200] [PKTLEN......: 52.000| 1420.000| 286.800| 477.200| 227739.300| 3.600] @@ -14,5 +14,5 @@ [IATS(ms)....: 45.1,45.1,0.7,45.8,1.5,46.5,0.2,0.2,0.4,0.4,0.5,0.0,0.5,2.5,0.0,0.1,0.1,44.5,1.0,0.9,0.0,0.1,43.8,0.2,0.2,0.1,3.0,3.0,1.7,39.8,5.7] [PKTLENS.....: 64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52] [ENTROPIES...: 4.4,5.3,5.1,6.2,5.1,7.8,5.0,7.8,5.2,7.9,5.1,7.8,6.0,5.1,4.9,6.1,6.5,6.1,5.2,5.2,5.2,5.2,6.8,5.1,6.2,5.2,5.6,7.8,5.1,5.0,5.2,5.2] - end: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] + end: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AWS_Cloudfront][Web][Safe][www.1084bets10.com] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/conncheck.pcap.out b/test/results/flow-info/default/conncheck.pcap.out index 6d89814fa..4208ed140 100644 --- a/test/results/flow-info/default/conncheck.pcap.out +++ b/test/results/flow-info/default/conncheck.pcap.out @@ -14,31 +14,37 @@ detected: [.....1] [ip4][..udp] [......10.1.0.60][46571] -> [.......10.1.0.1][...53] [DNS][Unknown][Network][Acceptable][conn-service-eu-04.allawnos.com] detection-update: [.....1] [ip4][..udp] [......10.1.0.60][46571] -> [.......10.1.0.1][...53] [DNS][Unknown][Network][Acceptable][conn-service-eu-04.allawnos.com] new: [.....2] [ip4][..tcp] [......10.1.0.60][49642] -> [142.250.180.163][...80] - detected: [.....2] [ip4][..tcp] [......10.1.0.60][49642] -> [142.250.180.163][...80] [HTTP.Google][Google][ConnCheck][Acceptable][www.google.eu] + detected: [.....2] [ip4][..tcp] [......10.1.0.60][49642] -> [142.250.180.163][...80] [HTTP.Google][Google][Web][Acceptable][www.google.eu] + detection-update: [.....2] [ip4][..tcp] [......10.1.0.60][49642] -> [142.250.180.163][...80] [HTTP.ntop][Google][Network][Safe][www.google.eu] new: [.....3] [ip4][..tcp] [......10.1.0.60][49656] -> [142.250.180.163][...80] - detected: [.....3] [ip4][..tcp] [......10.1.0.60][49656] -> [142.250.180.163][...80] [HTTP.Google][Google][ConnCheck][Acceptable][www.google.eu] + detected: [.....3] [ip4][..tcp] [......10.1.0.60][49656] -> [142.250.180.163][...80] [HTTP.Google][Google][Web][Acceptable][www.google.eu] + detection-update: [.....3] [ip4][..tcp] [......10.1.0.60][49656] -> [142.250.180.163][...80] [HTTP.ntop][Google][Network][Safe][www.google.eu] new: [.....4] [ip4][..tcp] [......10.1.0.60][49658] -> [142.250.180.163][...80] new: [.....5] [ip4][..tcp] [......10.1.0.60][38008] -> [.92.123.101.121][...80] - detected: [.....4] [ip4][..tcp] [......10.1.0.60][49658] -> [142.250.180.163][...80] [HTTP.Google][Google][ConnCheck][Acceptable][www.google.eu] - detected: [.....5] [ip4][..tcp] [......10.1.0.60][38008] -> [.92.123.101.121][...80] [HTTP][Unknown][ConnCheck][Acceptable][conn-service-eu-04.allawnos.com] + detected: [.....4] [ip4][..tcp] [......10.1.0.60][49658] -> [142.250.180.163][...80] [HTTP.Google][Google][Web][Acceptable][www.google.eu] + detection-update: [.....4] [ip4][..tcp] [......10.1.0.60][49658] -> [142.250.180.163][...80] [HTTP.ntop][Google][Network][Safe][www.google.eu] + detected: [.....5] [ip4][..tcp] [......10.1.0.60][38008] -> [.92.123.101.121][...80] [HTTP][Akamai][ConnCheck][Acceptable][conn-service-eu-04.allawnos.com] + detection-update: [.....5] [ip4][..tcp] [......10.1.0.60][38008] -> [.92.123.101.121][...80] [HTTP.ntop][Akamai][Network][Safe][conn-service-eu-04.allawnos.com] new: [.....6] [ip4][..tcp] [......10.1.0.60][49672] -> [142.250.180.163][...80] new: [.....7] [ip4][..tcp] [......10.1.0.60][46980] -> [.92.123.101.153][...80] - detected: [.....6] [ip4][..tcp] [......10.1.0.60][49672] -> [142.250.180.163][...80] [HTTP.Google][Google][ConnCheck][Acceptable][www.google.eu] - detected: [.....7] [ip4][..tcp] [......10.1.0.60][46980] -> [.92.123.101.153][...80] [HTTP][Unknown][ConnCheck][Acceptable][conn-service-eu-04.allawnos.com] + detected: [.....6] [ip4][..tcp] [......10.1.0.60][49672] -> [142.250.180.163][...80] [HTTP.Google][Google][Web][Acceptable][www.google.eu] + detection-update: [.....6] [ip4][..tcp] [......10.1.0.60][49672] -> [142.250.180.163][...80] [HTTP.ntop][Google][Network][Safe][www.google.eu] + detected: [.....7] [ip4][..tcp] [......10.1.0.60][46980] -> [.92.123.101.153][...80] [HTTP][Akamai][ConnCheck][Acceptable][conn-service-eu-04.allawnos.com] + detection-update: [.....7] [ip4][..tcp] [......10.1.0.60][46980] -> [.92.123.101.153][...80] [HTTP.ntop][Akamai][Network][Safe][conn-service-eu-04.allawnos.com] new: [.....8] [ip4][..tcp] [......10.1.0.60][38024] -> [.92.123.101.121][...80] - detected: [.....8] [ip4][..tcp] [......10.1.0.60][38024] -> [.92.123.101.121][...80] [HTTP][Unknown][ConnCheck][Acceptable][conn-service-eu-04.allawnos.com] + detected: [.....8] [ip4][..tcp] [......10.1.0.60][38024] -> [.92.123.101.121][...80] [HTTP][Akamai][ConnCheck][Acceptable][conn-service-eu-04.allawnos.com] new: [.....9] [ip4][..tcp] [......10.1.0.60][49674] -> [142.250.180.163][...80] - detected: [.....9] [ip4][..tcp] [......10.1.0.60][49674] -> [142.250.180.163][...80] [HTTP.Google][Google][ConnCheck][Acceptable][www.google.eu] + detected: [.....9] [ip4][..tcp] [......10.1.0.60][49674] -> [142.250.180.163][...80] [HTTP.Google][Google][Web][Acceptable][www.google.eu] new: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] - detected: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] [HTTP.PlayStore][Google][ConnCheck][Safe][play.googleapis.com] - end: [.....5] [ip4][..tcp] [......10.1.0.60][38008] -> [.92.123.101.121][...80] [HTTP.ntop][Unknown][ConnCheck][Safe][conn-service-eu-04.allawnos.com] - idle: [.....8] [ip4][..tcp] [......10.1.0.60][38024] -> [.92.123.101.121][...80] [HTTP][Unknown][ConnCheck][Acceptable] - end: [.....7] [ip4][..tcp] [......10.1.0.60][46980] -> [.92.123.101.153][...80] [HTTP.ntop][Unknown][ConnCheck][Safe][conn-service-eu-04.allawnos.com] + detected: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.googleapis.com] + end: [.....5] [ip4][..tcp] [......10.1.0.60][38008] -> [.92.123.101.121][...80] [HTTP.ntop][Akamai][Network][Safe][conn-service-eu-04.allawnos.com] + idle: [.....8] [ip4][..tcp] [......10.1.0.60][38024] -> [.92.123.101.121][...80] [HTTP][Akamai][ConnCheck][Acceptable] + end: [.....7] [ip4][..tcp] [......10.1.0.60][46980] -> [.92.123.101.153][...80] [HTTP.ntop][Akamai][Network][Safe][conn-service-eu-04.allawnos.com] idle: [.....1] [ip4][..udp] [......10.1.0.60][46571] -> [.......10.1.0.1][...53] [DNS][Unknown][Network][Acceptable][conn-service-eu-04.allawnos.com] - end: [.....2] [ip4][..tcp] [......10.1.0.60][49642] -> [142.250.180.163][...80] [HTTP.ntop][Google][ConnCheck][Safe][www.google.eu] - end: [.....3] [ip4][..tcp] [......10.1.0.60][49656] -> [142.250.180.163][...80] [HTTP.ntop][Google][ConnCheck][Safe][www.google.eu] - end: [.....4] [ip4][..tcp] [......10.1.0.60][49658] -> [142.250.180.163][...80] [HTTP.ntop][Google][ConnCheck][Safe][www.google.eu] - end: [.....6] [ip4][..tcp] [......10.1.0.60][49672] -> [142.250.180.163][...80] [HTTP.ntop][Google][ConnCheck][Safe][www.google.eu] - idle: [.....9] [ip4][..tcp] [......10.1.0.60][49674] -> [142.250.180.163][...80] [HTTP.Google][Google][ConnCheck][Acceptable] - idle: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] [HTTP.PlayStore][Google][ConnCheck][Safe] + end: [.....2] [ip4][..tcp] [......10.1.0.60][49642] -> [142.250.180.163][...80] [HTTP.ntop][Google][Network][Safe][www.google.eu] + end: [.....3] [ip4][..tcp] [......10.1.0.60][49656] -> [142.250.180.163][...80] [HTTP.ntop][Google][Network][Safe][www.google.eu] + end: [.....4] [ip4][..tcp] [......10.1.0.60][49658] -> [142.250.180.163][...80] [HTTP.ntop][Google][Network][Safe][www.google.eu] + end: [.....6] [ip4][..tcp] [......10.1.0.60][49672] -> [142.250.180.163][...80] [HTTP.ntop][Google][Network][Safe][www.google.eu] + idle: [.....9] [ip4][..tcp] [......10.1.0.60][49674] -> [142.250.180.163][...80] [HTTP.Google][Google][Web][Acceptable] + idle: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_rules_ip.pcapng.out b/test/results/flow-info/default/custom_rules_ip.pcapng.out new file mode 100644 index 000000000..3e458553f --- /dev/null +++ b/test/results/flow-info/default/custom_rules_ip.pcapng.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.126][42176] -> [..213.75.170.11][..443] + new: [.....2] [ip4][..tcp] [..192.168.1.126][41162] -> [...8.248.73.247][..443] + new: [.....3] [ip4][..tcp] [..192.168.1.126][56052] -> [...54.80.47.130][...80] + detected: [.....3] [ip4][..tcp] [..192.168.1.126][56052] -> [...54.80.47.130][...80] [HTTP][AWS_EC2][Web][Acceptable][54.80.47.130] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI + guessed: [.....1] [ip4][..tcp] [..192.168.1.126][42176] -> [..213.75.170.11][..443] [TLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..tcp] [..192.168.1.126][42176] -> [..213.75.170.11][..443] + guessed: [.....2] [ip4][..tcp] [..192.168.1.126][41162] -> [...8.248.73.247][..443] [TLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..tcp] [..192.168.1.126][41162] -> [...8.248.73.247][..443] + end: [.....3] [ip4][..tcp] [..192.168.1.126][56052] -> [...54.80.47.130][...80] [HTTP][AWS_EC2][Web][Acceptable] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_rules_overwrite_domains.pcap.out b/test/results/flow-info/default/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..4a4b044ae --- /dev/null +++ b/test/results/flow-info/default/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,26 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] + detected: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + analyse: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] [TLS.Google][Google][Web][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.061| 0.008| 0.014| 202.873| 3.100] + [PKTLEN......: 52.000| 4471.000| 421.600| 924.400| 854508.300| 3.200] + [BINS(c->s)..: 10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2] + [BINS(s->c)..: 10,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1] + [DIRECTIONS..: 0,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,0,0,0,0,1] + [IATS(ms)....: 22.3,22.4,1.2,0.5,0.0,20.6,0.0,0.0,1.5,0.0,0.0,0.0,0.0,20.4,0.0,0.0,0.7,0.6,20.4,41.1,0.0,0.0,0.0,0.0,60.5,1.4,1.2,4.0,0.7,0.0,23.7] + [PKTLENS.....: 60,60,52,2527,58,4471,52,52,52,1910,114,52,52,83,52,52,52,136,83,52,1452,722,366,341,83,52,91,91,91,76,52,52] + [ENTROPIES...: 4.6,5.2,4.9,7.8,5.0,8.0,5.2,5.1,5.1,7.9,6.2,5.0,5.0,5.7,4.9,4.9,4.9,6.1,5.7,5.1,7.9,7.7,7.3,7.3,5.7,5.0,5.9,5.9,5.9,5.5,5.0,5.0] + new: [.....2] [ip4][..tcp] [..192.168.1.143][46116] -> [..17.253.144.10][..443] + detected: [.....2] [ip4][..tcp] [..192.168.1.143][46116] -> [..17.253.144.10][..443] [TLS.Apple][Apple][Web][Safe][apple.com] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.143][46116] -> [..17.253.144.10][..443] [TLS.Apple][Apple][Web][Safe][apple.com] + new: [.....3] [ip4][..tcp] [..192.168.1.143][43052] -> [...23.60.189.51][..443] + detected: [.....3] [ip4][..tcp] [..192.168.1.143][43052] -> [...23.60.189.51][..443] [TLS.Apple][Akamai][Web][Safe][www.apple.com] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.143][43052] -> [...23.60.189.51][..443] [TLS.Apple][Akamai][Web][Safe][www.apple.com] + idle: [.....3] [ip4][..tcp] [..192.168.1.143][43052] -> [...23.60.189.51][..443] [TLS.Apple][Akamai][Web][Safe] + end: [.....1] [ip4][..tcp] [..192.168.1.143][46326] -> [..64.233.167.84][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + end: [.....2] [ip4][..tcp] [..192.168.1.143][46116] -> [..17.253.144.10][..443] [TLS.Apple][Apple][Web][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dazn.pcapng.out b/test/results/flow-info/default/dazn.pcapng.out index 3e908a710..004cc283b 100644 --- a/test/results/flow-info/default/dazn.pcapng.out +++ b/test/results/flow-info/default/dazn.pcapng.out @@ -2,15 +2,15 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun][www.dazn.com] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun][www.dazn.com] + detected: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun][www.dazn.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun][www.dazn.com] new: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun][user-profile.ar.indazn.com] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun][user-profile.ar.indazn.com] + detected: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun][user-profile.ar.indazn.com] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun][user-profile.ar.indazn.com] new: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] - detected: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun][subscriptions-service.dazn-api.com] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun][subscriptions-service.dazn-api.com] - idle: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun] - idle: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun] - idle: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][AmazonAWS][Streaming][Fun] + detected: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun][subscriptions-service.dazn-api.com] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun][subscriptions-service.dazn-api.com] + idle: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun] + idle: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun] + idle: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][AWS_Cloudfront][Streaming][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/flow-info/default/dnscrypt-v1-and-resolver-pings.pcap.out index b46c54922..2a1a267cf 100644 --- a/test/results/flow-info/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/flow-info/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -185,17 +185,17 @@ new: [....78] [ip4][..udp] [.......10.0.0.1][55822] -> [205.185.116.116][..553] detected: [....78] [ip4][..udp] [.......10.0.0.1][55822] -> [205.185.116.116][..553] [DNScrypt][Unknown][Network][Acceptable] new: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443] - detected: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + detected: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] new: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443] - detected: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + detected: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] new: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443] - detected: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + detected: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] new: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443] - detected: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + detected: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] new: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443] - detected: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + detected: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] new: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443] - detected: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + detected: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] new: [....85] [ip4][..udp] [.......10.0.0.1][38812] -> [....51.15.62.65][..443] detected: [....85] [ip4][..udp] [.......10.0.0.1][38812] -> [....51.15.62.65][..443] [DNScrypt][Unknown][Network][Acceptable] new: [....86] [ip4][..udp] [.......10.0.0.1][45993] -> [....51.15.62.65][..443] @@ -460,7 +460,7 @@ update: [....28] [ip4][..udp] [.......10.0.0.1][37950] -> [.209.250.241.25][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...116] [ip4][..udp] [.......10.0.0.1][55046] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....69] [ip4][..udp] [.......10.0.0.1][41800] -> [..172.104.93.80][.1443] [DNScrypt][Unknown][Network][Acceptable] - update: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + update: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] update: [....53] [ip4][..udp] [.......10.0.0.1][53811] -> [...195.30.94.28][.8443] [DNScrypt][Unknown][Network][Acceptable] update: [...144] [ip4][..udp] [.......10.0.0.1][35903] -> [...142.4.205.47][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....88] [ip4][..udp] [.......10.0.0.1][33521] -> [....51.15.62.65][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -470,9 +470,9 @@ update: [....78] [ip4][..udp] [.......10.0.0.1][55822] -> [205.185.116.116][..553] [DNScrypt][Unknown][Network][Acceptable] update: [...129] [ip4][..udp] [.......10.0.0.1][51589] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...132] [ip4][..udp] [.......10.0.0.1][52069] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] - update: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] - update: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] - update: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + update: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] + update: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] + update: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] update: [...136] [ip4][..udp] [.......10.0.0.1][52040] -> [..151.80.222.79][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....24] [ip4][..udp] [.......10.0.0.1][44491] -> [104.238.186.192][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....19] [ip4][..udp] [.......10.0.0.1][44712] -> [104.238.186.192][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -569,7 +569,7 @@ update: [...127] [ip4][..udp] [.......10.0.0.1][43224] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...120] [ip4][..udp] [.......10.0.0.1][48325] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...125] [ip4][..udp] [.......10.0.0.1][38594] -> [178.216.201.222][.2053] [DNScrypt][Unknown][Network][Acceptable] - update: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + update: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] update: [...130] [ip4][..udp] [.......10.0.0.1][43776] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....13] [ip4][..udp] [.......10.0.0.1][53697] -> [.185.134.196.55][.8443] [DNScrypt][Unknown][Network][Acceptable] update: [...119] [ip4][..udp] [.......10.0.0.1][49008] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -579,7 +579,7 @@ update: [....31] [ip4][..udp] [.......10.0.0.1][43609] -> [....41.79.69.13][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...112] [ip4][..udp] [.......10.0.0.1][56494] -> [..51.158.166.97][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....25] [ip4][..udp] [.......10.0.0.1][32793] -> [.209.250.241.25][..443] [DNScrypt][Unknown][Network][Acceptable] - update: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + update: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] update: [....90] [ip4][..udp] [.......10.0.0.1][60735] -> [....51.15.62.65][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....18] [ip4][..udp] [.......10.0.0.1][55123] -> [.185.134.196.55][.8443] [DNScrypt][Unknown][Network][Acceptable] update: [...108] [ip4][..udp] [.......10.0.0.1][40595] -> [..93.95.226.165][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -765,7 +765,7 @@ idle: [....28] [ip4][..udp] [.......10.0.0.1][37950] -> [.209.250.241.25][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...116] [ip4][..udp] [.......10.0.0.1][55046] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....69] [ip4][..udp] [.......10.0.0.1][41800] -> [..172.104.93.80][.1443] [DNScrypt][Unknown][Network][Acceptable] - idle: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + idle: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] idle: [....53] [ip4][..udp] [.......10.0.0.1][53811] -> [...195.30.94.28][.8443] [DNScrypt][Unknown][Network][Acceptable] idle: [...144] [ip4][..udp] [.......10.0.0.1][35903] -> [...142.4.205.47][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....88] [ip4][..udp] [.......10.0.0.1][33521] -> [....51.15.62.65][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -780,11 +780,11 @@ idle: [...201] [ip4][..udp] [.......10.0.0.1][48237] -> [.144.91.106.227][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...199] [ip4][..udp] [.......10.0.0.1][48300] -> [.144.91.106.227][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...220] [ip4][..udp] [.......10.0.0.1][54920] -> [185.193.127.244][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] - idle: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + idle: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] + idle: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] idle: [.....7] [ip4][..udp] [.......10.0.0.1][51004] -> [..62.210.180.71][.1053] [DNScrypt][Unknown][Network][Acceptable] idle: [...136] [ip4][..udp] [.......10.0.0.1][52040] -> [..151.80.222.79][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + idle: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] idle: [....24] [ip4][..udp] [.......10.0.0.1][44491] -> [104.238.186.192][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....19] [ip4][..udp] [.......10.0.0.1][44712] -> [104.238.186.192][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...186] [ip4][..udp] [.......10.0.0.1][60885] -> [.212.47.228.136][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -943,7 +943,7 @@ idle: [...127] [ip4][..udp] [.......10.0.0.1][43224] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...120] [ip4][..udp] [.......10.0.0.1][48325] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...125] [ip4][..udp] [.......10.0.0.1][38594] -> [178.216.201.222][.2053] [DNScrypt][Unknown][Network][Acceptable] - idle: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + idle: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] idle: [...224] [ip4][..udp] [.......10.0.0.1][46140] -> [...77.66.84.233][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...221] [ip4][..udp] [.......10.0.0.1][46314] -> [185.193.127.244][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...130] [ip4][..udp] [.......10.0.0.1][43776] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -957,7 +957,7 @@ idle: [...112] [ip4][..udp] [.......10.0.0.1][56494] -> [..51.158.166.97][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....25] [ip4][..udp] [.......10.0.0.1][32793] -> [.209.250.241.25][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...183] [ip4][..udp] [.......10.0.0.1][52056] -> [.212.47.228.136][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443] [DNScrypt][AmazonAWS][Network][Acceptable] + idle: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443] [DNScrypt][AWS_EC2][Network][Acceptable] idle: [...200] [ip4][..udp] [.......10.0.0.1][41108] -> [.144.91.106.227][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....90] [ip4][..udp] [.......10.0.0.1][60735] -> [....51.15.62.65][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...222] [ip4][..udp] [.......10.0.0.1][47971] -> [185.193.127.244][..443] [DNScrypt][Unknown][Network][Acceptable] diff --git a/test/results/flow-info/default/dofus.pcap.out b/test/results/flow-info/default/dofus.pcap.out index 4585297aa..b52c6a8ca 100644 --- a/test/results/flow-info/default/dofus.pcap.out +++ b/test/results/flow-info/default/dofus.pcap.out @@ -1,24 +1,24 @@ DAEMON-EVENT: init new: [.....1] [ip4][..tcp] [..192.168.1.204][49684] -> [....18.65.82.75][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.204][49684] -> [....18.65.82.75][..443] [TLS.Dofus][AmazonAWS][Game][Fun][launcher.cdn.ankama.com] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.204][49684] -> [....18.65.82.75][..443] [TLS.Dofus][AmazonAWS][Game][Fun][launcher.cdn.ankama.com] + detected: [.....1] [ip4][..tcp] [..192.168.1.204][49684] -> [....18.65.82.75][..443] [TLS.Dofus][AWS_Cloudfront][Game][Fun][launcher.cdn.ankama.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.204][49684] -> [....18.65.82.75][..443] [TLS.Dofus][AWS_Cloudfront][Game][Fun][launcher.cdn.ankama.com] new: [.....2] [ip4][..tcp] [..192.168.1.204][49715] -> [....75.2.115.63][.5555] detected: [.....2] [ip4][..tcp] [..192.168.1.204][49715] -> [....75.2.115.63][.5555] [Dofus][AmazonAWS][Game][Fun] new: [.....3] [ip4][..tcp] [..192.168.1.204][49716] -> [..46.137.53.123][.5555] - detected: [.....3] [ip4][..tcp] [..192.168.1.204][49716] -> [..46.137.53.123][.5555] [Dofus][AmazonAWS][Game][Fun] + detected: [.....3] [ip4][..tcp] [..192.168.1.204][49716] -> [..46.137.53.123][.5555] [Dofus][AWS_EC2][Game][Fun] DAEMON-EVENT: [Processed: 53 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] - detected: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] [TLS.Dofus][AmazonAWS][Game][Fun][dt-proxy-production-login.ankama-games.com] - detection-update: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] [TLS.Dofus][AmazonAWS][Game][Fun][dt-proxy-production-login.ankama-games.com] - detection-update: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] [TLS.Dofus][AmazonAWS][Game][Fun][dt-proxy-production-login.ankama-games.com] + detected: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] [TLS.Dofus][AWS_EC2][Game][Fun][dt-proxy-production-login.ankama-games.com] + detection-update: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] [TLS.Dofus][AWS_EC2][Game][Fun][dt-proxy-production-login.ankama-games.com] + detection-update: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] [TLS.Dofus][AWS_EC2][Game][Fun][dt-proxy-production-login.ankama-games.com] end: [.....2] [ip4][..tcp] [..192.168.1.204][49715] -> [....75.2.115.63][.5555] [Dofus][AmazonAWS][Game][Fun] - idle: [.....3] [ip4][..tcp] [..192.168.1.204][49716] -> [..46.137.53.123][.5555] [Dofus][AmazonAWS][Game][Fun] - idle: [.....1] [ip4][..tcp] [..192.168.1.204][49684] -> [....18.65.82.75][..443] [TLS.Dofus][AmazonAWS][Game][Fun] + idle: [.....3] [ip4][..tcp] [..192.168.1.204][49716] -> [..46.137.53.123][.5555] [Dofus][AWS_EC2][Game][Fun] + idle: [.....1] [ip4][..tcp] [..192.168.1.204][49684] -> [....18.65.82.75][..443] [TLS.Dofus][AWS_Cloudfront][Game][Fun] new: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] - detected: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] [TLS.Dofus][AmazonAWS][Game][Fun][event-mediator.dofus-touch.com] - detection-update: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] [TLS.Dofus][AmazonAWS][Game][Fun][event-mediator.dofus-touch.com] - detection-update: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] [TLS.Dofus][AmazonAWS][Game][Fun][event-mediator.dofus-touch.com] - idle: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] [TLS.Dofus][AmazonAWS][Game][Fun] - idle: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] [TLS.Dofus][AmazonAWS][Game][Fun] + detected: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] [TLS.Dofus][AWS_EC2][Game][Fun][event-mediator.dofus-touch.com] + detection-update: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] [TLS.Dofus][AWS_EC2][Game][Fun][event-mediator.dofus-touch.com] + detection-update: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] [TLS.Dofus][AWS_EC2][Game][Fun][event-mediator.dofus-touch.com] + idle: [.....4] [ip4][..tcp] [...10.215.173.1][42430] -> [...34.240.68.19][..443] [TLS.Dofus][AWS_EC2][Game][Fun] + idle: [.....5] [ip4][..tcp] [...10.215.173.1][42784] -> [..54.246.120.81][..443] [TLS.Dofus][AWS_EC2][Game][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/epicgames.pcapng.out b/test/results/flow-info/default/epicgames.pcapng.out index ab219f126..5ac9b23d1 100644 --- a/test/results/flow-info/default/epicgames.pcapng.out +++ b/test/results/flow-info/default/epicgames.pcapng.out @@ -3,14 +3,14 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.156][49693] -> [..18.157.15.184][15011] new: [.....2] [ip4][..udp] [.192.168.12.156][47446] -> [..18.157.15.184][15011] - detected: [.....2] [ip4][..udp] [.192.168.12.156][47446] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] - detected: [.....1] [ip4][..udp] [.192.168.12.156][49693] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] + detected: [.....2] [ip4][..udp] [.192.168.12.156][47446] -> [..18.157.15.184][15011] [EpicGames][AWS_EC2][Game][Fun] + detected: [.....1] [ip4][..udp] [.192.168.12.156][49693] -> [..18.157.15.184][15011] [EpicGames][AWS_EC2][Game][Fun] new: [.....3] [ip4][..udp] [.192.168.12.156][39322] -> [..18.157.15.184][.9011] - detected: [.....3] [ip4][..udp] [.192.168.12.156][39322] -> [..18.157.15.184][.9011] [EpicGames][AmazonAWS][Game][Fun] + detected: [.....3] [ip4][..udp] [.192.168.12.156][39322] -> [..18.157.15.184][.9011] [EpicGames][AWS_EC2][Game][Fun] new: [.....4] [ip4][..udp] [.192.168.12.156][37989] -> [..18.157.15.184][15011] - detected: [.....4] [ip4][..udp] [.192.168.12.156][37989] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] - idle: [.....3] [ip4][..udp] [.192.168.12.156][39322] -> [..18.157.15.184][.9011] [EpicGames][AmazonAWS][Game][Fun] - idle: [.....4] [ip4][..udp] [.192.168.12.156][37989] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] - idle: [.....2] [ip4][..udp] [.192.168.12.156][47446] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] - idle: [.....1] [ip4][..udp] [.192.168.12.156][49693] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] + detected: [.....4] [ip4][..udp] [.192.168.12.156][37989] -> [..18.157.15.184][15011] [EpicGames][AWS_EC2][Game][Fun] + idle: [.....3] [ip4][..udp] [.192.168.12.156][39322] -> [..18.157.15.184][.9011] [EpicGames][AWS_EC2][Game][Fun] + idle: [.....4] [ip4][..udp] [.192.168.12.156][37989] -> [..18.157.15.184][15011] [EpicGames][AWS_EC2][Game][Fun] + idle: [.....2] [ip4][..udp] [.192.168.12.156][47446] -> [..18.157.15.184][15011] [EpicGames][AWS_EC2][Game][Fun] + idle: [.....1] [ip4][..udp] [.192.168.12.156][49693] -> [..18.157.15.184][15011] [EpicGames][AWS_EC2][Game][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ethereum.pcap.out b/test/results/flow-info/default/ethereum.pcap.out index f896659c0..86da4e9f1 100644 --- a/test/results/flow-info/default/ethereum.pcap.out +++ b/test/results/flow-info/default/ethereum.pcap.out @@ -6,7 +6,7 @@ new: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] detected: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] - detected: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] new: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] detected: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] new: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] @@ -33,15 +33,15 @@ new: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] new: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] new: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] - detected: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] detected: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] detected: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - detected: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] new: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] detected: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] new: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.063| 0.008| 0.018| 335.828| 2.400] [PKTLEN......: 46.000| 547.000| 91.200| 114.100| 13011.400| 4.400] @@ -70,7 +70,7 @@ detected: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] - analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.070| 0.011| 0.024| 583.849| 2.400] [PKTLEN......: 46.000| 564.000| 90.300| 111.300| 12394.700| 4.400] @@ -102,7 +102,7 @@ new: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] detected: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] new: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] - detected: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] detected: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] @@ -129,7 +129,7 @@ new: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] new: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] new: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] - detected: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] new: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] @@ -170,7 +170,7 @@ [PKTLENS.....: 64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.3,5.1,7.6,5.2,7.5,5.9,5.1,5.2,5.7,5.6,5.1,5.2,5.8,5.1,6.7,5.1,5.4,5.8,5.1,5.1,5.4,5.5,5.0,3.6,3.6,3.6,3.6,3.6,3.6,3.6,3.6] new: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] - detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] detected: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] detected: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] new: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] @@ -213,7 +213,7 @@ detected: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] new: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] - detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.052| 0.010| 0.019| 354.234| 2.800] @@ -294,7 +294,7 @@ [IATS(ms)....: 157.7,157.8,1.6,152.9,8.1,159.4,1.2,0.0,0.1,0.0,0.1,1.9,0.0,0.5,0.0,0.1,0.0,0.1,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.0,0.7,0.4,149.7,0.6] [PKTLENS.....: 64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46] [ENTROPIES...: 4.4,5.3,5.1,7.5,5.2,7.5,5.0,5.9,5.2,6.9,5.2,5.5,5.9,5.2,5.0,5.1,5.3,5.6,5.1,5.0,5.6,5.0,5.7,5.1,5.1,5.3,5.5,5.1,5.2,5.1,5.2,3.8] - analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.131| 0.020| 0.046| 2133.935| 2.400] [PKTLEN......: 46.000| 573.000| 93.000| 122.200| 14931.500| 4.300] @@ -324,7 +324,7 @@ [IATS(ms)....: 300.4,300.4,1.7,253.4,0.7,0.0,252.4,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,252.8,0.0] [PKTLENS.....: 64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,5.0,7.7,5.1,7.4,5.9,5.0,5.0,5.2,5.0,5.3,5.5,5.0,5.0,5.6,5.2,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.8,5.0,5.2,5.3,5.4,5.0,3.7,3.7] - analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.308| 0.045| 0.103| 10532.101| 2.400] [PKTLEN......: 46.000| 523.000| 89.800| 108.100| 11684.800| 4.400] @@ -348,7 +348,7 @@ [IATS(ms)....: 339.2,339.3,1.3,287.2,2.5,288.4,1.0,0.0,1.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.0,0.1,0.6,0.3,285.6,0.0] [PKTLENS.....: 64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46] [ENTROPIES...: 4.5,5.4,5.0,7.6,5.0,7.5,5.1,5.8,5.1,5.0,5.0,5.8,5.0,5.1,5.5,6.7,5.0,5.2,5.0,5.4,5.5,5.0,5.9,5.0,5.1,5.4,5.6,5.1,5.2,5.1,3.7,3.7] - detected: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] new: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] detected: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] detected: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] @@ -422,7 +422,7 @@ [PKTLENS.....: 64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.4,5.1,7.5,5.1,7.5,5.0,5.9,5.0,5.7,5.0,5.6,5.0,5.7,5.1,6.8,5.2,5.4,5.8,5.1,5.1,5.4,5.5,5.1,5.2,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] - analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.194| 0.037| 0.074| 5538.541| 2.700] [PKTLEN......: 52.000| 524.000| 100.200| 109.000| 11872.900| 4.500] @@ -464,7 +464,7 @@ detected: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] detected: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] - detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy @@ -476,16 +476,16 @@ [IATS(ms)....: 40.4,40.4,1.5,40.9,246.5,285.9,40.6,40.6,0.7,0.0,0.1,0.0,0.0,0.4,0.0,0.0,0.0,0.1,39.4,0.2,0.9,0.7,39.7,0.2,0.0,0.0,0.0,0.1,1.1,0.8,0.2] [PKTLENS.....: 64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84] [ENTROPIES...: 4.5,5.3,5.1,7.7,5.2,7.2,5.2,7.4,5.1,5.9,5.2,6.8,5.2,5.6,5.9,5.2,6.2,5.5,5.6,5.3,5.3,5.3,6.4,5.1,5.9,5.2,5.3,5.5,5.6,7.1,5.1,5.9] - end: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] end: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] idle: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] - end: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] idle: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] idle: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - end: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] end: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] @@ -512,7 +512,7 @@ end: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] end: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - idle: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + idle: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] end: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] end: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] @@ -520,7 +520,7 @@ idle: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [ETHEREUM][Tencent][Crypto_Currency][Acceptable] idle: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - end: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] end: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] @@ -529,7 +529,7 @@ end: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] end: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] - guessed: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + guessed: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] RISK: Unidirectional Traffic idle: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] end: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] @@ -545,12 +545,12 @@ idle: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] idle: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] - idle: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] - idle: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + idle: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] + idle: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] idle: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] end: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - idle: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] - end: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + idle: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] + end: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AWS_EC2][Crypto_Currency][Acceptable] idle: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] end: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] guessed: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] diff --git a/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out index 648247965..ed44c053b 100644 --- a/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out @@ -91,7 +91,7 @@ idle: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] idle: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [HTTP][Unknown][Web][Acceptable] RISK: HTTP Susp User-Agent - guessed: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + guessed: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP][AWS_EC2][Web][Acceptable][] RISK: Susp Entropy, Unidirectional Traffic idle: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] guessed: [....15] [ip4][..tcp] [.....172.20.3.5][.2603] -> [.....72.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][] diff --git a/test/results/flow-info/default/gaijin_mobile_mixed.pcap.out b/test/results/flow-info/default/gaijin_mobile_mixed.pcap.out index 33400708a..16cc02687 100644 --- a/test/results/flow-info/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/flow-info/default/gaijin_mobile_mixed.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...10.215.173.1][47666] -> [..54.75.230.133][..443] - detected: [.....1] [ip4][..tcp] [...10.215.173.1][47666] -> [..54.75.230.133][..443] [TLS.GaijinEntertainment][AmazonAWS][Game][Fun][yupmaster.gaijinent.com] - detection-update: [.....1] [ip4][..tcp] [...10.215.173.1][47666] -> [..54.75.230.133][..443] [TLS.GaijinEntertainment][AmazonAWS][Game][Fun][yupmaster.gaijinent.com] + detected: [.....1] [ip4][..tcp] [...10.215.173.1][47666] -> [..54.75.230.133][..443] [TLS.GaijinEntertainment][AWS_EC2][Game][Fun][yupmaster.gaijinent.com] + detection-update: [.....1] [ip4][..tcp] [...10.215.173.1][47666] -> [..54.75.230.133][..443] [TLS.GaijinEntertainment][AWS_EC2][Game][Fun][yupmaster.gaijinent.com] DAEMON-EVENT: [Processed: 7 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....2] [ip4][..tcp] [...10.215.173.1][39314] -> [...81.171.31.37][..443] @@ -16,5 +16,5 @@ idle: [.....2] [ip4][..tcp] [...10.215.173.1][39314] -> [...81.171.31.37][..443] [TLS.GaijinEntertainment][Unknown][Game][Fun] RISK: TLS (probably) Not Carrying HTTPS idle: [.....3] [ip4][..udp] [...10.215.173.1][42424] -> [.95.211.246.178][20011] [GaijinEntertainment][Unknown][Game][Fun] - idle: [.....1] [ip4][..tcp] [...10.215.173.1][47666] -> [..54.75.230.133][..443] [TLS.GaijinEntertainment][AmazonAWS][Game][Fun] + idle: [.....1] [ip4][..tcp] [...10.215.173.1][47666] -> [..54.75.230.133][..443] [TLS.GaijinEntertainment][AWS_EC2][Game][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/gearup_booster.pcap.out b/test/results/flow-info/default/gearup_booster.pcap.out index 3b2c63354..33194758f 100644 --- a/test/results/flow-info/default/gearup_booster.pcap.out +++ b/test/results/flow-info/default/gearup_booster.pcap.out @@ -23,12 +23,12 @@ detected: [.....6] [ip4][..tcp] [...192.168.3.23][45668] -> [.104.16.159.112][..443] [TLS.GearUP_Booster][Cloudflare][VPN][Fun][log.booster.gearupportal.com] detection-update: [.....6] [ip4][..tcp] [...192.168.3.23][45668] -> [.104.16.159.112][..443] [TLS.GearUP_Booster][Cloudflare][VPN][Fun][log.booster.gearupportal.com] new: [.....7] [ip4][..tcp] [...192.168.3.23][43470] -> [...2.19.126.219][..443] - detected: [.....7] [ip4][..tcp] [...192.168.3.23][43470] -> [...2.19.126.219][..443] [TLS.GearUP_Booster][Unknown][VPN][Fun][file.booster.gearupportal.com] - detection-update: [.....7] [ip4][..tcp] [...192.168.3.23][43470] -> [...2.19.126.219][..443] [TLS.GearUP_Booster][Unknown][VPN][Fun][file.booster.gearupportal.com] + detected: [.....7] [ip4][..tcp] [...192.168.3.23][43470] -> [...2.19.126.219][..443] [TLS.GearUP_Booster][Akamai][VPN][Fun][file.booster.gearupportal.com] + detection-update: [.....7] [ip4][..tcp] [...192.168.3.23][43470] -> [...2.19.126.219][..443] [TLS.GearUP_Booster][Akamai][VPN][Fun][file.booster.gearupportal.com] new: [.....8] [ip4][..udp] [...192.168.3.23][49183] -> [.18.162.179.244][.9999] - detected: [.....8] [ip4][..udp] [...192.168.3.23][49183] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [.....8] [ip4][..udp] [...192.168.3.23][49183] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [.....9] [ip4][..udp] [...192.168.3.23][45624] -> [.18.185.151.243][.9999] - detected: [.....9] [ip4][..udp] [...192.168.3.23][45624] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [.....9] [ip4][..udp] [...192.168.3.23][45624] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....10] [ip4][..udp] [...192.168.3.23][41825] -> [.20.237.164.226][.9999] detected: [....10] [ip4][..udp] [...192.168.3.23][41825] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [....11] [ip4][..udp] [...192.168.3.23][42089] -> [..23.90.141.118][.9999] @@ -36,7 +36,7 @@ new: [....12] [ip4][..udp] [...192.168.3.23][49987] -> [....98.98.151.3][.9999] detected: [....12] [ip4][..udp] [...192.168.3.23][49987] -> [....98.98.151.3][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....13] [ip4][..udp] [...192.168.3.23][49995] -> [.18.185.151.243][.9999] - detected: [....13] [ip4][..udp] [...192.168.3.23][49995] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....13] [ip4][..udp] [...192.168.3.23][49995] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....14] [ip4][..udp] [...192.168.3.23][37686] -> [.34.176.100.180][.9999] detected: [....14] [ip4][..udp] [...192.168.3.23][37686] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....15] [ip4][..udp] [...192.168.3.23][44547] -> [..23.90.172.130][.9999] @@ -44,17 +44,17 @@ new: [....16] [ip4][..udp] [...192.168.3.23][44799] -> [...34.88.73.160][.9999] detected: [....16] [ip4][..udp] [...192.168.3.23][44799] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....17] [ip4][..udp] [...192.168.3.23][46763] -> [...52.77.92.200][.9999] - detected: [....17] [ip4][..udp] [...192.168.3.23][46763] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....17] [ip4][..udp] [...192.168.3.23][46763] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....18] [ip4][..udp] [...192.168.3.23][40390] -> [.18.162.179.244][.9999] - detected: [....18] [ip4][..udp] [...192.168.3.23][40390] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....18] [ip4][..udp] [...192.168.3.23][40390] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....19] [ip4][..udp] [...192.168.3.23][40581] -> [..3.114.197.210][.9999] - detected: [....19] [ip4][..udp] [...192.168.3.23][40581] -> [..3.114.197.210][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....19] [ip4][..udp] [...192.168.3.23][40581] -> [..3.114.197.210][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....20] [ip4][..udp] [...192.168.3.23][39478] -> [.129.227.244.38][.9999] detected: [....20] [ip4][..udp] [...192.168.3.23][39478] -> [.129.227.244.38][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....21] [ip4][..udp] [...192.168.3.23][42921] -> [.18.162.179.244][.9999] - detected: [....21] [ip4][..udp] [...192.168.3.23][42921] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....21] [ip4][..udp] [...192.168.3.23][42921] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....22] [ip4][..udp] [...192.168.3.23][45553] -> [...3.24.157.167][.9999] - detected: [....22] [ip4][..udp] [...192.168.3.23][45553] -> [...3.24.157.167][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....22] [ip4][..udp] [...192.168.3.23][45553] -> [...3.24.157.167][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....23] [ip4][..udp] [...192.168.3.23][49487] -> [.194.110.134.13][.9999] detected: [....23] [ip4][..udp] [...192.168.3.23][49487] -> [.194.110.134.13][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....24] [ip4][..udp] [...192.168.3.23][46317] -> [..34.155.128.54][.9999] @@ -64,25 +64,25 @@ new: [....26] [ip4][..udp] [...192.168.3.23][44605] -> [....98.98.151.3][.9999] detected: [....26] [ip4][..udp] [...192.168.3.23][44605] -> [....98.98.151.3][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....27] [ip4][..udp] [...192.168.3.23][47189] -> [.15.181.194.202][.9999] - detected: [....27] [ip4][..udp] [...192.168.3.23][47189] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....27] [ip4][..udp] [...192.168.3.23][47189] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....28] [ip4][..udp] [...192.168.3.23][42764] -> [...101.46.59.21][.9999] detected: [....28] [ip4][..udp] [...192.168.3.23][42764] -> [...101.46.59.21][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....29] [ip4][..udp] [...192.168.3.23][41680] -> [.34.176.100.180][.9999] detected: [....29] [ip4][..udp] [...192.168.3.23][41680] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....30] [ip4][..udp] [...192.168.3.23][45941] -> [...52.77.92.200][.9999] - detected: [....30] [ip4][..udp] [...192.168.3.23][45941] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....30] [ip4][..udp] [...192.168.3.23][45941] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....31] [ip4][..udp] [...192.168.3.23][45045] -> [..34.100.183.43][.9999] detected: [....31] [ip4][..udp] [...192.168.3.23][45045] -> [..34.100.183.43][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....32] [ip4][..udp] [...192.168.3.23][38961] -> [.176.97.192.194][.9999] detected: [....32] [ip4][..udp] [...192.168.3.23][38961] -> [.176.97.192.194][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....33] [ip4][..udp] [...192.168.3.23][37783] -> [.15.181.194.202][.9999] - detected: [....33] [ip4][..udp] [...192.168.3.23][37783] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....33] [ip4][..udp] [...192.168.3.23][37783] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....34] [ip4][..udp] [...192.168.3.23][46392] -> [.35.201.213.182][.9999] detected: [....34] [ip4][..udp] [...192.168.3.23][46392] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....35] [ip4][..udp] [...192.168.3.23][47617] -> [.40.115.242.242][.9999] detected: [....35] [ip4][..udp] [...192.168.3.23][47617] -> [.40.115.242.242][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [....36] [ip4][..udp] [...192.168.3.23][42726] -> [...52.77.92.200][.9999] - detected: [....36] [ip4][..udp] [...192.168.3.23][42726] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....36] [ip4][..udp] [...192.168.3.23][42726] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....37] [ip4][..udp] [...192.168.3.23][39220] -> [.35.201.213.182][.9999] detected: [....37] [ip4][..udp] [...192.168.3.23][39220] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....38] [ip4][..udp] [...192.168.3.23][41692] -> [.20.195.224.215][.9999] @@ -96,9 +96,9 @@ new: [....42] [ip4][..udp] [...192.168.3.23][37131] -> [..80.238.226.80][.9999] detected: [....42] [ip4][..udp] [...192.168.3.23][37131] -> [..80.238.226.80][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....43] [ip4][..udp] [...192.168.3.23][44205] -> [..13.124.213.54][.9999] - detected: [....43] [ip4][..udp] [...192.168.3.23][44205] -> [..13.124.213.54][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....43] [ip4][..udp] [...192.168.3.23][44205] -> [..13.124.213.54][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....44] [ip4][..udp] [...192.168.3.23][37008] -> [.15.181.194.202][.9999] - detected: [....44] [ip4][..udp] [...192.168.3.23][37008] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....44] [ip4][..udp] [...192.168.3.23][37008] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....45] [ip4][..udp] [...192.168.3.23][49429] -> [..103.198.202.8][.9999] detected: [....45] [ip4][..udp] [...192.168.3.23][49429] -> [..103.198.202.8][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....46] [ip4][..udp] [...192.168.3.23][44470] -> [.138.199.41.102][.9999] @@ -116,9 +116,9 @@ new: [....52] [ip4][..udp] [...192.168.3.23][47203] -> [..98.96.251.186][.9999] detected: [....52] [ip4][..udp] [...192.168.3.23][47203] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....53] [ip4][..udp] [...192.168.3.23][38459] -> [.18.162.179.244][.9999] - detected: [....53] [ip4][..udp] [...192.168.3.23][38459] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....53] [ip4][..udp] [...192.168.3.23][38459] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....54] [ip4][..udp] [...192.168.3.23][43552] -> [.18.185.151.243][.9999] - detected: [....54] [ip4][..udp] [...192.168.3.23][43552] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....54] [ip4][..udp] [...192.168.3.23][43552] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....55] [ip4][..udp] [...192.168.3.23][42232] -> [.20.237.164.226][.9999] detected: [....55] [ip4][..udp] [...192.168.3.23][42232] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [....56] [ip4][..udp] [...192.168.3.23][40048] -> [..23.90.141.118][.9999] @@ -128,23 +128,23 @@ new: [....58] [ip4][..udp] [...192.168.3.23][49704] -> [.34.176.100.180][.9999] detected: [....58] [ip4][..udp] [...192.168.3.23][49704] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....59] [ip4][..udp] [...192.168.3.23][46385] -> [.18.185.151.243][.9999] - detected: [....59] [ip4][..udp] [...192.168.3.23][46385] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....59] [ip4][..udp] [...192.168.3.23][46385] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....60] [ip4][..udp] [...192.168.3.23][37678] -> [..23.90.172.130][.9999] detected: [....60] [ip4][..udp] [...192.168.3.23][37678] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....61] [ip4][..udp] [...192.168.3.23][48031] -> [...52.77.92.200][.9999] - detected: [....61] [ip4][..udp] [...192.168.3.23][48031] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....61] [ip4][..udp] [...192.168.3.23][48031] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....62] [ip4][..udp] [...192.168.3.23][38633] -> [...34.88.73.160][.9999] detected: [....62] [ip4][..udp] [...192.168.3.23][38633] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....63] [ip4][..udp] [...192.168.3.23][38761] -> [.18.162.179.244][.9999] - detected: [....63] [ip4][..udp] [...192.168.3.23][38761] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....63] [ip4][..udp] [...192.168.3.23][38761] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....64] [ip4][..udp] [...192.168.3.23][39858] -> [..3.114.197.210][.9999] - detected: [....64] [ip4][..udp] [...192.168.3.23][39858] -> [..3.114.197.210][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....64] [ip4][..udp] [...192.168.3.23][39858] -> [..3.114.197.210][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....65] [ip4][..udp] [...192.168.3.23][46109] -> [.129.227.244.38][.9999] detected: [....65] [ip4][..udp] [...192.168.3.23][46109] -> [.129.227.244.38][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....66] [ip4][..udp] [...192.168.3.23][38313] -> [.18.162.179.244][.9999] - detected: [....66] [ip4][..udp] [...192.168.3.23][38313] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....66] [ip4][..udp] [...192.168.3.23][38313] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....67] [ip4][..udp] [...192.168.3.23][43478] -> [...3.24.157.167][.9999] - detected: [....67] [ip4][..udp] [...192.168.3.23][43478] -> [...3.24.157.167][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....67] [ip4][..udp] [...192.168.3.23][43478] -> [...3.24.157.167][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....68] [ip4][..udp] [...192.168.3.23][39502] -> [.194.110.134.13][.9999] detected: [....68] [ip4][..udp] [...192.168.3.23][39502] -> [.194.110.134.13][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....69] [ip4][..udp] [...192.168.3.23][39470] -> [..34.155.128.54][.9999] @@ -152,11 +152,11 @@ new: [....70] [ip4][..udp] [...192.168.3.23][40513] -> [...34.88.73.160][.9999] detected: [....70] [ip4][..udp] [...192.168.3.23][40513] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....71] [ip4][..udp] [...192.168.3.23][40959] -> [.15.181.194.202][.9999] - detected: [....71] [ip4][..udp] [...192.168.3.23][40959] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....71] [ip4][..udp] [...192.168.3.23][40959] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....72] [ip4][..udp] [...192.168.3.23][49407] -> [...101.46.59.21][.9999] detected: [....72] [ip4][..udp] [...192.168.3.23][49407] -> [...101.46.59.21][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....73] [ip4][..udp] [...192.168.3.23][41578] -> [...52.77.92.200][.9999] - detected: [....73] [ip4][..udp] [...192.168.3.23][41578] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....73] [ip4][..udp] [...192.168.3.23][41578] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....74] [ip4][..udp] [...192.168.3.23][43653] -> [..98.96.251.186][.9999] detected: [....74] [ip4][..udp] [...192.168.3.23][43653] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....75] [ip4][..udp] [...192.168.3.23][44138] -> [..34.100.183.43][.9999] @@ -166,13 +166,13 @@ new: [....77] [ip4][..udp] [...192.168.3.23][45458] -> [.40.115.242.242][.9999] detected: [....77] [ip4][..udp] [...192.168.3.23][45458] -> [.40.115.242.242][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [....78] [ip4][..udp] [...192.168.3.23][49819] -> [.15.181.194.202][.9999] - detected: [....78] [ip4][..udp] [...192.168.3.23][49819] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....78] [ip4][..udp] [...192.168.3.23][49819] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....79] [ip4][..udp] [...192.168.3.23][48217] -> [.35.201.213.182][.9999] detected: [....79] [ip4][..udp] [...192.168.3.23][48217] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....80] [ip4][..udp] [...192.168.3.23][41387] -> [.34.176.100.180][.9999] detected: [....80] [ip4][..udp] [...192.168.3.23][41387] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [....81] [ip4][..udp] [...192.168.3.23][49500] -> [...52.77.92.200][.9999] - detected: [....81] [ip4][..udp] [...192.168.3.23][49500] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....81] [ip4][..udp] [...192.168.3.23][49500] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....82] [ip4][..udp] [...192.168.3.23][45530] -> [195.181.163.225][.9999] detected: [....82] [ip4][..udp] [...192.168.3.23][45530] -> [195.181.163.225][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....83] [ip4][..udp] [...192.168.3.23][45875] -> [.35.201.213.182][.9999] @@ -186,9 +186,9 @@ new: [....87] [ip4][..udp] [...192.168.3.23][40074] -> [.20.195.224.215][.9999] detected: [....87] [ip4][..udp] [...192.168.3.23][40074] -> [.20.195.224.215][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [....88] [ip4][..udp] [...192.168.3.23][39588] -> [..13.124.213.54][.9999] - detected: [....88] [ip4][..udp] [...192.168.3.23][39588] -> [..13.124.213.54][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....88] [ip4][..udp] [...192.168.3.23][39588] -> [..13.124.213.54][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....89] [ip4][..udp] [...192.168.3.23][46825] -> [.15.181.194.202][.9999] - detected: [....89] [ip4][..udp] [...192.168.3.23][46825] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....89] [ip4][..udp] [...192.168.3.23][46825] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [....90] [ip4][..udp] [...192.168.3.23][38354] -> [.....20.249.1.0][.9999] detected: [....90] [ip4][..udp] [...192.168.3.23][38354] -> [.....20.249.1.0][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [....91] [ip4][..udp] [...192.168.3.23][39572] -> [.138.199.41.102][.9999] @@ -208,15 +208,15 @@ new: [....98] [ip4][..udp] [...192.168.3.23][49542] -> [..98.96.251.186][.9999] detected: [....98] [ip4][..udp] [...192.168.3.23][49542] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [....99] [ip4][..udp] [...192.168.3.23][39859] -> [.18.162.179.244][.9999] - detected: [....99] [ip4][..udp] [...192.168.3.23][39859] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [....99] [ip4][..udp] [...192.168.3.23][39859] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...100] [ip4][..udp] [...192.168.3.23][39236] -> [.18.185.151.243][.9999] - detected: [...100] [ip4][..udp] [...192.168.3.23][39236] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...100] [ip4][..udp] [...192.168.3.23][39236] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...101] [ip4][..udp] [...192.168.3.23][41423] -> [.20.237.164.226][.9999] detected: [...101] [ip4][..udp] [...192.168.3.23][41423] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [...102] [ip4][..udp] [...192.168.3.23][38514] -> [..23.90.141.118][.9999] detected: [...102] [ip4][..udp] [...192.168.3.23][38514] -> [..23.90.141.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...103] [ip4][..udp] [...192.168.3.23][39779] -> [.18.185.151.243][.9999] - detected: [...103] [ip4][..udp] [...192.168.3.23][39779] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...103] [ip4][..udp] [...192.168.3.23][39779] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...104] [ip4][..udp] [...192.168.3.23][41897] -> [....98.98.151.3][.9999] detected: [...104] [ip4][..udp] [...192.168.3.23][41897] -> [....98.98.151.3][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...105] [ip4][..udp] [...192.168.3.23][49942] -> [.34.176.100.180][.9999] @@ -226,17 +226,17 @@ new: [...107] [ip4][..udp] [...192.168.3.23][48516] -> [...34.88.73.160][.9999] detected: [...107] [ip4][..udp] [...192.168.3.23][48516] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [...108] [ip4][..udp] [...192.168.3.23][45904] -> [...52.77.92.200][.9999] - detected: [...108] [ip4][..udp] [...192.168.3.23][45904] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...108] [ip4][..udp] [...192.168.3.23][45904] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...109] [ip4][..udp] [...192.168.3.23][49078] -> [.18.162.179.244][.9999] - detected: [...109] [ip4][..udp] [...192.168.3.23][49078] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...109] [ip4][..udp] [...192.168.3.23][49078] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...110] [ip4][..udp] [...192.168.3.23][48164] -> [..3.114.197.210][.9999] - detected: [...110] [ip4][..udp] [...192.168.3.23][48164] -> [..3.114.197.210][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...110] [ip4][..udp] [...192.168.3.23][48164] -> [..3.114.197.210][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...111] [ip4][..udp] [...192.168.3.23][48710] -> [.129.227.244.38][.9999] detected: [...111] [ip4][..udp] [...192.168.3.23][48710] -> [.129.227.244.38][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...112] [ip4][..udp] [...192.168.3.23][40431] -> [.18.162.179.244][.9999] - detected: [...112] [ip4][..udp] [...192.168.3.23][40431] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...112] [ip4][..udp] [...192.168.3.23][40431] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...113] [ip4][..udp] [...192.168.3.23][46332] -> [...3.24.157.167][.9999] - detected: [...113] [ip4][..udp] [...192.168.3.23][46332] -> [...3.24.157.167][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...113] [ip4][..udp] [...192.168.3.23][46332] -> [...3.24.157.167][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...114] [ip4][..udp] [...192.168.3.23][39432] -> [..34.155.128.54][.9999] detected: [...114] [ip4][..udp] [...192.168.3.23][39432] -> [..34.155.128.54][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [...115] [ip4][..udp] [...192.168.3.23][45946] -> [.194.110.134.13][.9999] @@ -247,9 +247,9 @@ new: [...118] [ip4][..udp] [...192.168.3.23][39141] -> [...101.46.59.21][.9999] detected: [...118] [ip4][..udp] [...192.168.3.23][39141] -> [...101.46.59.21][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...119] [ip4][..udp] [...192.168.3.23][45088] -> [.15.181.194.202][.9999] - detected: [...119] [ip4][..udp] [...192.168.3.23][45088] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...119] [ip4][..udp] [...192.168.3.23][45088] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...120] [ip4][..udp] [...192.168.3.23][49928] -> [...52.77.92.200][.9999] - detected: [...120] [ip4][..udp] [...192.168.3.23][49928] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...120] [ip4][..udp] [...192.168.3.23][49928] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...121] [ip4][..udp] [...192.168.3.23][48544] -> [..98.96.251.186][.9999] detected: [...121] [ip4][..udp] [...192.168.3.23][48544] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...122] [ip4][..udp] [...192.168.3.23][49563] -> [..34.100.183.43][.9999] @@ -259,7 +259,7 @@ new: [...124] [ip4][..udp] [...192.168.3.23][37942] -> [.40.115.242.242][.9999] detected: [...124] [ip4][..udp] [...192.168.3.23][37942] -> [.40.115.242.242][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [...125] [ip4][..udp] [...192.168.3.23][44684] -> [.15.181.194.202][.9999] - detected: [...125] [ip4][..udp] [...192.168.3.23][44684] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...125] [ip4][..udp] [...192.168.3.23][44684] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...126] [ip4][..udp] [...192.168.3.23][48644] -> [.35.201.213.182][.9999] detected: [...126] [ip4][..udp] [...192.168.3.23][48644] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [...127] [ip4][..udp] [...192.168.3.23][49395] -> [.34.176.100.180][.9999] @@ -269,7 +269,7 @@ new: [...129] [ip4][..udp] [...192.168.3.23][45104] -> [..65.52.182.211][.9999] detected: [...129] [ip4][..udp] [...192.168.3.23][45104] -> [..65.52.182.211][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [...130] [ip4][..udp] [...192.168.3.23][46201] -> [...52.77.92.200][.9999] - detected: [...130] [ip4][..udp] [...192.168.3.23][46201] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...130] [ip4][..udp] [...192.168.3.23][46201] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...131] [ip4][..udp] [...192.168.3.23][40665] -> [195.181.163.225][.9999] detected: [...131] [ip4][..udp] [...192.168.3.23][40665] -> [195.181.163.225][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...132] [ip4][..udp] [...192.168.3.23][40083] -> [..80.238.226.80][.9999] @@ -279,9 +279,9 @@ new: [...134] [ip4][..udp] [...192.168.3.23][49305] -> [.20.237.164.226][.9999] detected: [...134] [ip4][..udp] [...192.168.3.23][49305] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [...135] [ip4][..udp] [...192.168.3.23][38445] -> [..13.124.213.54][.9999] - detected: [...135] [ip4][..udp] [...192.168.3.23][38445] -> [..13.124.213.54][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...135] [ip4][..udp] [...192.168.3.23][38445] -> [..13.124.213.54][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...136] [ip4][..udp] [...192.168.3.23][39270] -> [.15.181.194.202][.9999] - detected: [...136] [ip4][..udp] [...192.168.3.23][39270] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...136] [ip4][..udp] [...192.168.3.23][39270] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...137] [ip4][..udp] [...192.168.3.23][44304] -> [.138.199.41.102][.9999] detected: [...137] [ip4][..udp] [...192.168.3.23][44304] -> [.138.199.41.102][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...138] [ip4][..udp] [...192.168.3.23][44266] -> [.....20.249.1.0][.9999] @@ -301,9 +301,9 @@ new: [...145] [ip4][..udp] [...192.168.3.23][49873] -> [..98.96.251.186][.9999] detected: [...145] [ip4][..udp] [...192.168.3.23][49873] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...146] [ip4][..udp] [...192.168.3.23][41580] -> [.18.162.179.244][.9999] - detected: [...146] [ip4][..udp] [...192.168.3.23][41580] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...146] [ip4][..udp] [...192.168.3.23][41580] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...147] [ip4][..udp] [...192.168.3.23][49992] -> [.18.185.151.243][.9999] - detected: [...147] [ip4][..udp] [...192.168.3.23][49992] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...147] [ip4][..udp] [...192.168.3.23][49992] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...148] [ip4][..udp] [...192.168.3.23][46619] -> [.20.237.164.226][.9999] detected: [...148] [ip4][..udp] [...192.168.3.23][46619] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [...149] [ip4][..udp] [...192.168.3.23][41457] -> [..23.90.141.118][.9999] @@ -315,21 +315,21 @@ new: [...152] [ip4][..udp] [...192.168.3.23][38821] -> [..23.90.172.130][.9999] detected: [...152] [ip4][..udp] [...192.168.3.23][38821] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...153] [ip4][..udp] [...192.168.3.23][44962] -> [.18.185.151.243][.9999] - detected: [...153] [ip4][..udp] [...192.168.3.23][44962] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...153] [ip4][..udp] [...192.168.3.23][44962] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...154] [ip4][..udp] [...192.168.3.23][39070] -> [...52.77.92.200][.9999] - detected: [...154] [ip4][..udp] [...192.168.3.23][39070] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...154] [ip4][..udp] [...192.168.3.23][39070] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...155] [ip4][..udp] [...192.168.3.23][39075] -> [.18.162.179.244][.9999] - detected: [...155] [ip4][..udp] [...192.168.3.23][39075] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...155] [ip4][..udp] [...192.168.3.23][39075] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...156] [ip4][..udp] [...192.168.3.23][43680] -> [..3.114.197.210][.9999] - detected: [...156] [ip4][..udp] [...192.168.3.23][43680] -> [..3.114.197.210][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...156] [ip4][..udp] [...192.168.3.23][43680] -> [..3.114.197.210][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...157] [ip4][..udp] [...192.168.3.23][37742] -> [.129.227.244.38][.9999] detected: [...157] [ip4][..udp] [...192.168.3.23][37742] -> [.129.227.244.38][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...158] [ip4][..udp] [...192.168.3.23][43812] -> [.18.162.179.244][.9999] - detected: [...158] [ip4][..udp] [...192.168.3.23][43812] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...158] [ip4][..udp] [...192.168.3.23][43812] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...159] [ip4][..udp] [...192.168.3.23][42845] -> [...34.88.73.160][.9999] detected: [...159] [ip4][..udp] [...192.168.3.23][42845] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [...160] [ip4][..udp] [...192.168.3.23][49989] -> [...3.24.157.167][.9999] - detected: [...160] [ip4][..udp] [...192.168.3.23][49989] -> [...3.24.157.167][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...160] [ip4][..udp] [...192.168.3.23][49989] -> [...3.24.157.167][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...161] [ip4][..udp] [...192.168.3.23][37603] -> [.194.110.134.13][.9999] detected: [...161] [ip4][..udp] [...192.168.3.23][37603] -> [.194.110.134.13][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...162] [ip4][..udp] [...192.168.3.23][48196] -> [..34.155.128.54][.9999] @@ -339,7 +339,7 @@ new: [...164] [ip4][..udp] [...192.168.3.23][39693] -> [....98.98.151.3][.9999] detected: [...164] [ip4][..udp] [...192.168.3.23][39693] -> [....98.98.151.3][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...165] [ip4][..udp] [...192.168.3.23][49432] -> [.15.181.194.202][.9999] - detected: [...165] [ip4][..udp] [...192.168.3.23][49432] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...165] [ip4][..udp] [...192.168.3.23][49432] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...166] [ip4][..udp] [...192.168.3.23][43597] -> [..98.96.251.186][.9999] detected: [...166] [ip4][..udp] [...192.168.3.23][43597] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...167] [ip4][..udp] [...192.168.3.23][43985] -> [...101.46.59.21][.9999] @@ -349,9 +349,9 @@ new: [...169] [ip4][..udp] [...192.168.3.23][39594] -> [.176.97.192.194][.9999] detected: [...169] [ip4][..udp] [...192.168.3.23][39594] -> [.176.97.192.194][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...170] [ip4][..udp] [...192.168.3.23][44646] -> [...52.77.92.200][.9999] - detected: [...170] [ip4][..udp] [...192.168.3.23][44646] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...170] [ip4][..udp] [...192.168.3.23][44646] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...171] [ip4][..udp] [...192.168.3.23][44328] -> [.15.181.194.202][.9999] - detected: [...171] [ip4][..udp] [...192.168.3.23][44328] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...171] [ip4][..udp] [...192.168.3.23][44328] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...172] [ip4][..udp] [...192.168.3.23][38002] -> [.35.201.213.182][.9999] detected: [...172] [ip4][..udp] [...192.168.3.23][38002] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] new: [...173] [ip4][..udp] [...192.168.3.23][48611] -> [.40.115.242.242][.9999] @@ -365,7 +365,7 @@ new: [...177] [ip4][..udp] [...192.168.3.23][39623] -> [195.181.163.225][.9999] detected: [...177] [ip4][..udp] [...192.168.3.23][39623] -> [195.181.163.225][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...178] [ip4][..udp] [...192.168.3.23][37972] -> [...52.77.92.200][.9999] - detected: [...178] [ip4][..udp] [...192.168.3.23][37972] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...178] [ip4][..udp] [...192.168.3.23][37972] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...179] [ip4][..udp] [...192.168.3.23][37747] -> [.20.195.224.215][.9999] detected: [...179] [ip4][..udp] [...192.168.3.23][37747] -> [.20.195.224.215][.9999] [GearUP_Booster][Azure][VPN][Acceptable] new: [...180] [ip4][..udp] [...192.168.3.23][46852] -> [.20.237.164.226][.9999] @@ -373,9 +373,9 @@ new: [...181] [ip4][..udp] [...192.168.3.23][48934] -> [..80.238.226.80][.9999] detected: [...181] [ip4][..udp] [...192.168.3.23][48934] -> [..80.238.226.80][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...182] [ip4][..udp] [...192.168.3.23][45605] -> [..13.124.213.54][.9999] - detected: [...182] [ip4][..udp] [...192.168.3.23][45605] -> [..13.124.213.54][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...182] [ip4][..udp] [...192.168.3.23][45605] -> [..13.124.213.54][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...183] [ip4][..udp] [...192.168.3.23][46702] -> [.15.181.194.202][.9999] - detected: [...183] [ip4][..udp] [...192.168.3.23][46702] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + detected: [...183] [ip4][..udp] [...192.168.3.23][46702] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] new: [...184] [ip4][..udp] [...192.168.3.23][37181] -> [.138.199.41.102][.9999] detected: [...184] [ip4][..udp] [...192.168.3.23][37181] -> [.138.199.41.102][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] new: [...185] [ip4][..udp] [...192.168.3.23][39378] -> [.....20.249.1.0][.9999] @@ -398,75 +398,75 @@ idle: [...114] [ip4][..udp] [...192.168.3.23][39432] -> [..34.155.128.54][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [....69] [ip4][..udp] [...192.168.3.23][39470] -> [..34.155.128.54][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...190] [ip4][..udp] [...192.168.3.23][46627] -> [.121.127.42.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....66] [ip4][..udp] [...192.168.3.23][38313] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....66] [ip4][..udp] [...192.168.3.23][38313] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...141] [ip4][..udp] [...192.168.3.23][47274] -> [.121.127.42.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....53] [ip4][..udp] [...192.168.3.23][38459] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....63] [ip4][..udp] [...192.168.3.23][38761] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....53] [ip4][..udp] [...192.168.3.23][38459] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....63] [ip4][..udp] [...192.168.3.23][38761] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...144] [ip4][..udp] [...192.168.3.23][47921] -> [.121.127.42.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...155] [ip4][..udp] [...192.168.3.23][39075] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....99] [ip4][..udp] [...192.168.3.23][39859] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....18] [ip4][..udp] [...192.168.3.23][40390] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...112] [ip4][..udp] [...192.168.3.23][40431] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....67] [ip4][..udp] [...192.168.3.23][43478] -> [...3.24.157.167][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...155] [ip4][..udp] [...192.168.3.23][39075] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....99] [ip4][..udp] [...192.168.3.23][39859] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....18] [ip4][..udp] [...192.168.3.23][40390] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...112] [ip4][..udp] [...192.168.3.23][40431] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....67] [ip4][..udp] [...192.168.3.23][43478] -> [...3.24.157.167][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....14] [ip4][..udp] [...192.168.3.23][37686] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] - idle: [...146] [ip4][..udp] [...192.168.3.23][41580] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...146] [ip4][..udp] [...192.168.3.23][41580] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....95] [ip4][..udp] [...192.168.3.23][42026] -> [...45.33.103.81][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....44] [ip4][..udp] [...192.168.3.23][37008] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....44] [ip4][..udp] [...192.168.3.23][37008] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...118] [ip4][..udp] [...192.168.3.23][39141] -> [...101.46.59.21][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...143] [ip4][..udp] [...192.168.3.23][42677] -> [...45.33.103.81][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....33] [ip4][..udp] [...192.168.3.23][37783] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....33] [ip4][..udp] [...192.168.3.23][37783] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....84] [ip4][..udp] [...192.168.3.23][38070] -> [..65.52.182.211][.9999] [GearUP_Booster][Azure][VPN][Acceptable] - idle: [....21] [ip4][..udp] [...192.168.3.23][42921] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....22] [ip4][..udp] [...192.168.3.23][45553] -> [...3.24.157.167][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...113] [ip4][..udp] [...192.168.3.23][46332] -> [...3.24.157.167][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...158] [ip4][..udp] [...192.168.3.23][43812] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...136] [ip4][..udp] [...192.168.3.23][39270] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....21] [ip4][..udp] [...192.168.3.23][42921] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....22] [ip4][..udp] [...192.168.3.23][45553] -> [...3.24.157.167][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...113] [ip4][..udp] [...192.168.3.23][46332] -> [...3.24.157.167][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...158] [ip4][..udp] [...192.168.3.23][43812] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...136] [ip4][..udp] [...192.168.3.23][39270] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....24] [ip4][..udp] [...192.168.3.23][46317] -> [..34.155.128.54][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...177] [ip4][..udp] [...192.168.3.23][39623] -> [195.181.163.225][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....80] [ip4][..udp] [...192.168.3.23][41387] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] - idle: [...100] [ip4][..udp] [...192.168.3.23][39236] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...100] [ip4][..udp] [...192.168.3.23][39236] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....29] [ip4][..udp] [...192.168.3.23][41680] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...151] [ip4][..udp] [...192.168.3.23][42012] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...188] [ip4][..udp] [...192.168.3.23][45864] -> [...45.33.103.81][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...103] [ip4][..udp] [...192.168.3.23][39779] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...103] [ip4][..udp] [...192.168.3.23][39779] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...131] [ip4][..udp] [...192.168.3.23][40665] -> [195.181.163.225][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....71] [ip4][..udp] [...192.168.3.23][40959] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....71] [ip4][..udp] [...192.168.3.23][40959] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....28] [ip4][..udp] [...192.168.3.23][42764] -> [...101.46.59.21][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...179] [ip4][..udp] [...192.168.3.23][37747] -> [.20.195.224.215][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [...162] [ip4][..udp] [...192.168.3.23][48196] -> [..34.155.128.54][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...184] [ip4][..udp] [...192.168.3.23][37181] -> [.138.199.41.102][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...174] [ip4][..udp] [...192.168.3.23][43498] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...167] [ip4][..udp] [...192.168.3.23][43985] -> [...101.46.59.21][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...160] [ip4][..udp] [...192.168.3.23][49989] -> [...3.24.157.167][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...160] [ip4][..udp] [...192.168.3.23][49989] -> [...3.24.157.167][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...172] [ip4][..udp] [...192.168.3.23][38002] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...186] [ip4][..udp] [...192.168.3.23][38712] -> [..103.198.202.8][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....49] [ip4][..udp] [...192.168.3.23][48276] -> [...45.33.103.81][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....40] [ip4][..udp] [...192.168.3.23][43864] -> [..65.52.182.211][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [....87] [ip4][..udp] [...192.168.3.23][40074] -> [.20.195.224.215][.9999] [GearUP_Booster][Azure][VPN][Acceptable] - idle: [...178] [ip4][..udp] [...192.168.3.23][37972] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...109] [ip4][..udp] [...192.168.3.23][49078] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...178] [ip4][..udp] [...192.168.3.23][37972] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...109] [ip4][..udp] [...192.168.3.23][49078] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....91] [ip4][..udp] [...192.168.3.23][39572] -> [.138.199.41.102][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [.....8] [ip4][..udp] [...192.168.3.23][49183] -> [.18.162.179.244][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...171] [ip4][..udp] [...192.168.3.23][44328] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [.....8] [ip4][..udp] [...192.168.3.23][49183] -> [.18.162.179.244][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...171] [ip4][..udp] [...192.168.3.23][44328] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....37] [ip4][..udp] [...192.168.3.23][39220] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] - idle: [....54] [ip4][..udp] [...192.168.3.23][43552] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...125] [ip4][..udp] [...192.168.3.23][44684] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....54] [ip4][..udp] [...192.168.3.23][43552] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...125] [ip4][..udp] [...192.168.3.23][44684] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...129] [ip4][..udp] [...192.168.3.23][45104] -> [..65.52.182.211][.9999] [GearUP_Booster][Azure][VPN][Acceptable] - idle: [...119] [ip4][..udp] [...192.168.3.23][45088] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...154] [ip4][..udp] [...192.168.3.23][39070] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...119] [ip4][..udp] [...192.168.3.23][45088] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...154] [ip4][..udp] [...192.168.3.23][39070] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....38] [ip4][..udp] [...192.168.3.23][41692] -> [.20.195.224.215][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [....82] [ip4][..udp] [...192.168.3.23][45530] -> [195.181.163.225][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...153] [ip4][..udp] [...192.168.3.23][44962] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [.....9] [ip4][..udp] [...192.168.3.23][45624] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...183] [ip4][..udp] [...192.168.3.23][46702] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....89] [ip4][..udp] [...192.168.3.23][46825] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...153] [ip4][..udp] [...192.168.3.23][44962] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [.....9] [ip4][..udp] [...192.168.3.23][45624] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...183] [ip4][..udp] [...192.168.3.23][46702] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....89] [ip4][..udp] [...192.168.3.23][46825] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...176] [ip4][..udp] [...192.168.3.23][47269] -> [..65.52.182.211][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [....60] [ip4][..udp] [...192.168.3.23][37678] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....27] [ip4][..udp] [...192.168.3.23][47189] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....59] [ip4][..udp] [...192.168.3.23][46385] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....27] [ip4][..udp] [...192.168.3.23][47189] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....59] [ip4][..udp] [...192.168.3.23][46385] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....62] [ip4][..udp] [...192.168.3.23][38633] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [....72] [ip4][..udp] [...192.168.3.23][49407] -> [...101.46.59.21][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....73] [ip4][..udp] [...192.168.3.23][41578] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....73] [ip4][..udp] [...192.168.3.23][41578] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...102] [ip4][..udp] [...192.168.3.23][38514] -> [..23.90.141.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...127] [ip4][..udp] [...192.168.3.23][49395] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...140] [ip4][..udp] [...192.168.3.23][38800] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] @@ -474,28 +474,28 @@ idle: [....58] [ip4][..udp] [...192.168.3.23][49704] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...163] [ip4][..udp] [...192.168.3.23][39684] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...105] [ip4][..udp] [...192.168.3.23][49942] -> [.34.176.100.180][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] - idle: [....36] [ip4][..udp] [...192.168.3.23][42726] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....36] [ip4][..udp] [...192.168.3.23][42726] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....39] [ip4][..udp] [...192.168.3.23][48743] -> [195.181.163.225][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....47] [ip4][..udp] [...192.168.3.23][39515] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...137] [ip4][..udp] [...192.168.3.23][44304] -> [.138.199.41.102][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....46] [ip4][..udp] [...192.168.3.23][44470] -> [.138.199.41.102][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...165] [ip4][..udp] [...192.168.3.23][49432] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...165] [ip4][..udp] [...192.168.3.23][49432] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....70] [ip4][..udp] [...192.168.3.23][40513] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [....56] [ip4][..udp] [...192.168.3.23][40048] -> [..23.90.141.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...142] [ip4][..udp] [...192.168.3.23][39220] -> [...154.93.36.41][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...157] [ip4][..udp] [...192.168.3.23][37742] -> [.129.227.244.38][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....78] [ip4][..udp] [...192.168.3.23][49819] -> [.15.181.194.202][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....78] [ip4][..udp] [...192.168.3.23][49819] -> [.15.181.194.202][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...133] [ip4][..udp] [...192.168.3.23][46603] -> [.20.195.224.215][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [....32] [ip4][..udp] [...192.168.3.23][38961] -> [.176.97.192.194][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...168] [ip4][..udp] [...192.168.3.23][38399] -> [..34.100.183.43][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] - idle: [...170] [ip4][..udp] [...192.168.3.23][44646] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...170] [ip4][..udp] [...192.168.3.23][44646] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...149] [ip4][..udp] [...192.168.3.23][41457] -> [..23.90.141.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [.....3] [ip4][..tcp] [...192.168.3.23][37119] -> [.104.16.159.112][..443] [TLS.GearUP_Booster][Cloudflare][VPN][Fun] idle: [....96] [ip4][..udp] [...192.168.3.23][40633] -> [...154.93.36.41][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....83] [ip4][..udp] [...192.168.3.23][45875] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...169] [ip4][..udp] [...192.168.3.23][39594] -> [.176.97.192.194][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...147] [ip4][..udp] [...192.168.3.23][49992] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....13] [ip4][..udp] [...192.168.3.23][49995] -> [.18.185.151.243][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...147] [ip4][..udp] [...192.168.3.23][49992] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....13] [ip4][..udp] [...192.168.3.23][49995] -> [.18.185.151.243][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...164] [ip4][..udp] [...192.168.3.23][39693] -> [....98.98.151.3][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....20] [ip4][..udp] [...192.168.3.23][39478] -> [.129.227.244.38][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....34] [ip4][..udp] [...192.168.3.23][46392] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] @@ -503,13 +503,13 @@ idle: [....42] [ip4][..udp] [...192.168.3.23][37131] -> [..80.238.226.80][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...159] [ip4][..udp] [...192.168.3.23][42845] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [...139] [ip4][..udp] [...192.168.3.23][47410] -> [..103.198.202.8][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...108] [ip4][..udp] [...192.168.3.23][45904] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....30] [ip4][..udp] [...192.168.3.23][45941] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...108] [ip4][..udp] [...192.168.3.23][45904] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....30] [ip4][..udp] [...192.168.3.23][45941] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...161] [ip4][..udp] [...192.168.3.23][37603] -> [.194.110.134.13][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...130] [ip4][..udp] [...192.168.3.23][46201] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...130] [ip4][..udp] [...192.168.3.23][46201] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...192] [ip4][..udp] [...192.168.3.23][41618] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...175] [ip4][..udp] [...192.168.3.23][47574] -> [.35.201.213.182][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] - idle: [....17] [ip4][..udp] [...192.168.3.23][46763] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....17] [ip4][..udp] [...192.168.3.23][46763] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [.....5] [ip4][..tcp] [...192.168.3.23][38726] -> [..104.18.50.182][..443] [TLS.GearUP_Booster][Cloudflare][VPN][Fun] idle: [...106] [ip4][..udp] [...192.168.3.23][43718] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....92] [ip4][..udp] [...192.168.3.23][48774] -> [..103.198.202.8][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] @@ -524,7 +524,7 @@ idle: [...124] [ip4][..udp] [...192.168.3.23][37942] -> [.40.115.242.242][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [....45] [ip4][..udp] [...192.168.3.23][49429] -> [..103.198.202.8][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....15] [ip4][..udp] [...192.168.3.23][44547] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....61] [ip4][..udp] [...192.168.3.23][48031] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....61] [ip4][..udp] [...192.168.3.23][48031] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....68] [ip4][..udp] [...192.168.3.23][39502] -> [.194.110.134.13][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...166] [ip4][..udp] [...192.168.3.23][43597] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...132] [ip4][..udp] [...192.168.3.23][40083] -> [..80.238.226.80][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] @@ -533,34 +533,34 @@ idle: [....57] [ip4][..udp] [...192.168.3.23][43608] -> [....98.98.151.3][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...189] [ip4][..udp] [...192.168.3.23][45757] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...150] [ip4][..udp] [...192.168.3.23][43795] -> [....98.98.151.3][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [....64] [ip4][..udp] [...192.168.3.23][39858] -> [..3.114.197.210][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [....81] [ip4][..udp] [...192.168.3.23][49500] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....64] [ip4][..udp] [...192.168.3.23][39858] -> [..3.114.197.210][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [....81] [ip4][..udp] [...192.168.3.23][49500] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...101] [ip4][..udp] [...192.168.3.23][41423] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [....90] [ip4][..udp] [...192.168.3.23][38354] -> [.....20.249.1.0][.9999] [GearUP_Booster][Azure][VPN][Acceptable] guessed: [...117] [ip4][..udp] [...192.168.3.23][47302] -> [.142.251.143.54][..443] [QUIC][Google][Web][Acceptable] RISK: Susp Entropy idle: [...117] [ip4][..udp] [...192.168.3.23][47302] -> [.142.251.143.54][..443] - idle: [...120] [ip4][..udp] [...192.168.3.23][49928] -> [...52.77.92.200][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...120] [ip4][..udp] [...192.168.3.23][49928] -> [...52.77.92.200][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....10] [ip4][..udp] [...192.168.3.23][41825] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] - idle: [....19] [ip4][..udp] [...192.168.3.23][40581] -> [..3.114.197.210][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....19] [ip4][..udp] [...192.168.3.23][40581] -> [..3.114.197.210][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....75] [ip4][..udp] [...192.168.3.23][44138] -> [..34.100.183.43][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [....26] [ip4][..udp] [...192.168.3.23][44605] -> [....98.98.151.3][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....55] [ip4][..udp] [...192.168.3.23][42232] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] - idle: [...135] [ip4][..udp] [...192.168.3.23][38445] -> [..13.124.213.54][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...135] [ip4][..udp] [...192.168.3.23][38445] -> [..13.124.213.54][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [...185] [ip4][..udp] [...192.168.3.23][39378] -> [.....20.249.1.0][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [....25] [ip4][..udp] [...192.168.3.23][48039] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [....31] [ip4][..udp] [...192.168.3.23][45045] -> [..34.100.183.43][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [.....4] [ip4][..tcp] [...192.168.3.23][42942] -> [..104.18.53.166][..443] [TLS.GearUP_Booster][Cloudflare][VPN][Fun] idle: [...107] [ip4][..udp] [...192.168.3.23][48516] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] - idle: [....88] [ip4][..udp] [...192.168.3.23][39588] -> [..13.124.213.54][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....88] [ip4][..udp] [...192.168.3.23][39588] -> [..13.124.213.54][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....85] [ip4][..udp] [...192.168.3.23][43221] -> [..80.238.226.80][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [.....7] [ip4][..tcp] [...192.168.3.23][43470] -> [...2.19.126.219][..443] [TLS.GearUP_Booster][Unknown][VPN][Fun] + idle: [.....7] [ip4][..tcp] [...192.168.3.23][43470] -> [...2.19.126.219][..443] [TLS.GearUP_Booster][Akamai][VPN][Fun] idle: [...116] [ip4][..udp] [...192.168.3.23][48995] -> [...34.88.73.160][.9999] [GearUP_Booster][GoogleCloud][VPN][Acceptable] idle: [....65] [ip4][..udp] [...192.168.3.23][46109] -> [.129.227.244.38][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....52] [ip4][..udp] [...192.168.3.23][47203] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....51] [ip4][..udp] [...192.168.3.23][39583] -> [.121.127.42.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....50] [ip4][..udp] [...192.168.3.23][48846] -> [...154.93.36.41][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] - idle: [...156] [ip4][..udp] [...192.168.3.23][43680] -> [..3.114.197.210][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...156] [ip4][..udp] [...192.168.3.23][43680] -> [..3.114.197.210][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....93] [ip4][..udp] [...192.168.3.23][49818] -> [..23.90.172.130][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [.....6] [ip4][..tcp] [...192.168.3.23][45668] -> [.104.16.159.112][..443] [TLS.GearUP_Booster][Cloudflare][VPN][Fun] idle: [...121] [ip4][..udp] [...192.168.3.23][48544] -> [..98.96.251.186][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] @@ -579,11 +579,11 @@ idle: [....48] [ip4][..udp] [...192.168.3.23][43033] -> [.121.127.42.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....94] [ip4][..udp] [...192.168.3.23][43269] -> [.121.127.42.118][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [....41] [ip4][..udp] [...192.168.3.23][48015] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] - idle: [....43] [ip4][..udp] [...192.168.3.23][44205] -> [..13.124.213.54][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [....43] [ip4][..udp] [...192.168.3.23][44205] -> [..13.124.213.54][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....35] [ip4][..udp] [...192.168.3.23][47617] -> [.40.115.242.242][.9999] [GearUP_Booster][Azure][VPN][Acceptable] idle: [...181] [ip4][..udp] [...192.168.3.23][48934] -> [..80.238.226.80][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] idle: [...134] [ip4][..udp] [...192.168.3.23][49305] -> [.20.237.164.226][.9999] [GearUP_Booster][Azure][VPN][Acceptable] - idle: [...110] [ip4][..udp] [...192.168.3.23][48164] -> [..3.114.197.210][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] - idle: [...182] [ip4][..udp] [...192.168.3.23][45605] -> [..13.124.213.54][.9999] [GearUP_Booster][AmazonAWS][VPN][Acceptable] + idle: [...110] [ip4][..udp] [...192.168.3.23][48164] -> [..3.114.197.210][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] + idle: [...182] [ip4][..udp] [...192.168.3.23][45605] -> [..13.124.213.54][.9999] [GearUP_Booster][AWS_EC2][VPN][Acceptable] idle: [....23] [ip4][..udp] [...192.168.3.23][49487] -> [.194.110.134.13][.9999] [GearUP_Booster][Unknown][VPN][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out index c3c8329a4..3536acfc3 100644 --- a/test/results/flow-info/default/gnutella.pcap.out +++ b/test/results/flow-info/default/gnutella.pcap.out @@ -808,7 +808,7 @@ detected: [...324] [ip4][..udp] [......10.0.2.15][28681] -> [.73.250.179.237][20848] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol new: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] - detected: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AmazonAWS][Download][Potentially_Dangerous] + detected: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AWS_EC2][Download][Potentially_Dangerous] RISK: Unsafe Protocol new: [...326] [ip4][..udp] [......10.0.2.15][28681] -> [..100.1.231.138][56558] detected: [...326] [ip4][..udp] [......10.0.2.15][28681] -> [..100.1.231.138][56558] [Gnutella][Unknown][Download][Potentially_Dangerous] @@ -1311,7 +1311,7 @@ RISK: Unsafe Protocol update: [...320] [ip4][..udp] [......10.0.2.15][28681] -> [185.236.200.137][48142] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol - update: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AmazonAWS][Download][Potentially_Dangerous] + update: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AWS_EC2][Download][Potentially_Dangerous] RISK: Unsafe Protocol update: [...330] [ip4][..udp] [......10.0.2.15][28681] -> [....82.64.44.11][.1352] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol @@ -1879,7 +1879,7 @@ RISK: Unsafe Protocol update: [...320] [ip4][..udp] [......10.0.2.15][28681] -> [185.236.200.137][48142] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol - update: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AmazonAWS][Download][Potentially_Dangerous] + update: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AWS_EC2][Download][Potentially_Dangerous] RISK: Unsafe Protocol update: [...330] [ip4][..udp] [......10.0.2.15][28681] -> [....82.64.44.11][.1352] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol @@ -2815,7 +2815,7 @@ RISK: Unsafe Protocol update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol - update: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AmazonAWS][Download][Potentially_Dangerous] + update: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AWS_EC2][Download][Potentially_Dangerous] RISK: Unsafe Protocol update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol @@ -3676,7 +3676,7 @@ RISK: Unsafe Protocol idle: [...314] [ip4][..udp] [......10.0.2.15][28681] -> [..71.237.202.91][16117] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol - idle: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AmazonAWS][Download][Potentially_Dangerous] + idle: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][AWS_EC2][Download][Potentially_Dangerous] RISK: Unsafe Protocol idle: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially_Dangerous] RISK: Unsafe Protocol diff --git a/test/results/flow-info/default/guildwars2.pcapng.out b/test/results/flow-info/default/guildwars2.pcapng.out index b59afb057..96e1e69bf 100644 --- a/test/results/flow-info/default/guildwars2.pcapng.out +++ b/test/results/flow-info/default/guildwars2.pcapng.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.17][33959] -> [....3.64.34.254][.6112] - detected: [.....1] [ip4][..tcp] [...192.168.1.17][33959] -> [....3.64.34.254][.6112] [GuildWars2][AmazonAWS][Game][Fun] - end: [.....1] [ip4][..tcp] [...192.168.1.17][33959] -> [....3.64.34.254][.6112] [GuildWars2][AmazonAWS][Game][Fun] + detected: [.....1] [ip4][..tcp] [...192.168.1.17][33959] -> [....3.64.34.254][.6112] [GuildWars2][AWS_EC2][Game][Fun] + end: [.....1] [ip4][..tcp] [...192.168.1.17][33959] -> [....3.64.34.254][.6112] [GuildWars2][AWS_EC2][Game][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out b/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out index 500c2d185..f5c7b7d5b 100644 --- a/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out @@ -12,12 +12,12 @@ [IATS(ms)....: 50.3,51.1,0.6,51.7,0.1,0.0,0.1,51.3,1.4,0.0,1.9,0.5,0.2,0.2,0.0,51.7,0.0,0.0,0.1,50.1,0.4,8.1,0.0,8.1,85.1,28647.7,0.0,0.1,28613.9,0.0,0.0] [PKTLENS.....: 52,52,42,557,46,153,1500,2960,42,378,49,42,166,145,502,550,160,91,118,46,42,78,439,78,42,46,113,86,1125,46,46,86] [ENTROPIES...: 4.7,4.8,4.7,5.8,4.4,5.8,7.2,7.3,4.7,7.4,4.8,4.7,6.2,6.3,7.6,7.6,6.6,5.4,6.1,4.4,4.7,5.4,7.5,5.4,4.7,4.5,6.0,5.6,7.8,4.4,4.5,5.5] - guessed: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443] [TLS][AWS_EC2][Web][Safe] RISK: Susp Entropy DAEMON-EVENT: [Processed: 63 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [194.226.199.226][34101] -> [..8.247.226.126][...80] - end: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443] [TLS][AmazonAWS][Web][Safe] + end: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443] [TLS][AWS_EC2][Web][Safe] RISK: Susp Entropy new: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443] analyse: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443] @@ -62,12 +62,12 @@ [IATS(ms)....: 9.8,15.3,2065.2,1.8,0.1,2048.2,2.0,1.8,0.8,0.0,2.2,39.4,217.2,216.0,433.2,854.7,2634.8,0.8,114.8,2.4,133.5,0.3,1201.5,0.2,0.0,0.0,0.2,0.1,15.7,0.4,0.9] [PKTLENS.....: 52,52,52,52,42,561,52,52,46,2960,1216,1500,52,46,1500,1500,1500,52,52,42,42,120,138,46,311,327,46,101,71,1500,658,673] [ENTROPIES...: 4.8,5.0,5.0,4.8,4.6,6.8,5.0,5.0,4.6,7.9,7.8,7.9,4.8,5.1,7.9,7.9,7.9,4.9,4.8,4.7,4.8,6.3,6.6,4.6,7.3,7.3,4.6,6.2,5.8,7.9,7.6,7.7] - guessed: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443] [TLS][Unknown][Web][Safe] + guessed: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443] [TLS][Akamai][Web][Safe] RISK: Susp Entropy guessed: [.....4] [ip4][..tcp] [..194.226.199.9][49756] -> [..92.223.106.21][..443] [TLS][Unknown][Web][Safe] RISK: Susp Entropy end: [.....4] [ip4][..tcp] [..194.226.199.9][49756] -> [..92.223.106.21][..443] - idle: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443] [TLS][Unknown][Web][Safe] + idle: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443] [TLS][Akamai][Web][Safe] RISK: Susp Entropy end: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443] [TLS][VK][Web][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http-crash-content-disposition.pcap.out b/test/results/flow-info/default/http-crash-content-disposition.pcap.out index 358b98a09..166194726 100644 --- a/test/results/flow-info/default/http-crash-content-disposition.pcap.out +++ b/test/results/flow-info/default/http-crash-content-disposition.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] - detected: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] [HTTP][AmazonAWS][Web][Acceptable][khu.sh] - idle: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] [HTTP][AmazonAWS][Web][Acceptable][khu.sh] + detected: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] [HTTP][AWS_EC2][Web][Acceptable][khu.sh] + idle: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] [HTTP][AWS_EC2][Web][Acceptable][khu.sh] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http_invalid_server.pcap.out b/test/results/flow-info/default/http_invalid_server.pcap.out index 200990edb..2b70c3602 100644 --- a/test/results/flow-info/default/http_invalid_server.pcap.out +++ b/test/results/flow-info/default/http_invalid_server.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] - detected: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.rootg2.amazontrust.com] + detected: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][ocsp.rootg2.amazontrust.com] RISK: HTTP Susp User-Agent - detection-update: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.rootg2.amazontrust.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AWS_Cloudfront][Network][Safe][ocsp.rootg2.amazontrust.com] RISK: HTTP Susp User-Agent, HTTP Susp Header - end: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.rootg2.amazontrust.com] + end: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AWS_Cloudfront][Network][Safe][ocsp.rootg2.amazontrust.com] RISK: HTTP Susp User-Agent, HTTP Susp Header DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http_ipv6.pcap.out b/test/results/flow-info/default/http_ipv6.pcap.out index 010b2bd21..219661073 100644 --- a/test/results/flow-info/default/http_ipv6.pcap.out +++ b/test/results/flow-info/default/http_ipv6.pcap.out @@ -44,20 +44,20 @@ new: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] [MIDSTREAM] new: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] new: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] - detected: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][s-static.ak.facebook.com] - detected: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][s-static.ak.facebook.com] - detection-update: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][s-static.ak.facebook.com] - detection-update: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][s-static.ak.facebook.com] - detection-update: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][s-static.ak.facebook.com] - idle: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun] - idle: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun] + detected: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Akamai][SocialNetwork][Fun][s-static.ak.facebook.com] + detected: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Akamai][SocialNetwork][Fun][s-static.ak.facebook.com] + detection-update: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Akamai][SocialNetwork][Fun][s-static.ak.facebook.com] + detection-update: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Akamai][SocialNetwork][Fun][s-static.ak.facebook.com] + detection-update: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Akamai][SocialNetwork][Fun][s-static.ak.facebook.com] + idle: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Akamai][SocialNetwork][Fun] + idle: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][Akamai][SocialNetwork][Fun] guessed: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [QUIC][Google][Web][Acceptable] idle: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] guessed: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [TLS][Google][Web][Safe] idle: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] guessed: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] [TLS][Google][Web][Safe] idle: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] - guessed: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] [TLS][Unknown][Web][Safe] + guessed: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] [TLS][Akamai][Web][Safe] idle: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] guessed: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [TLS][Facebook][Web][Safe] idle: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] diff --git a/test/results/flow-info/default/instagram.pcap.out b/test/results/flow-info/default/instagram.pcap.out index 8a666530e..3d0d62854 100644 --- a/test/results/flow-info/default/instagram.pcap.out +++ b/test/results/flow-info/default/instagram.pcap.out @@ -166,7 +166,7 @@ [IATS(ms)....: 0.1,2.1,0.4,3.4,0.0,3.2,2.3,0.4,0.9,1.9,0.2,2.6,1.8,3.8,0.1,3.8,0.2,1.3,1.3,0.4,0.2,0.2,0.3,0.5,0.5,0.9,0.9,2.1,2.1,2.0,0.1] [PKTLENS.....: 1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,1470] [ENTROPIES...: 7.8,5.1,7.8,7.8,5.1,5.1,7.8,5.1,7.8,7.7,5.0,5.1,7.7,5.1,7.7,7.8,5.2,5.1,7.7,5.2,7.8,5.2,7.8,5.2,7.8,5.1,7.8,5.1,7.8,5.1,7.8,7.8] - guessed: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Unknown][Web][Acceptable][] + guessed: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Akamai][Web][Acceptable][] new: [....32] [ip4][..tcp] [...46.33.70.150][...80] -> [..192.168.0.103][40855] update: [.....9] [ip4][..udp] [..192.168.0.106][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable] update: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520] @@ -205,7 +205,7 @@ idle: [....12] [ip4][..tcp] [....31.13.93.52][..443] -> [..192.168.0.103][33934] [TLS][Facebook][Web][Safe] idle: [....13] [ip4][..tcp] [..192.168.0.103][33935] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe] idle: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe] - guessed: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] [HTTP][Unknown][Web][Acceptable][] + guessed: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] [HTTP][Akamai][Web][Acceptable][] idle: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] idle: [....14] [ip4][.icmp] [..192.168.0.103] -> [..192.168.0.103] [ICMP][Unknown][Network][Acceptable] not-detected: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520] [Unknown][Unknown][Unspecified][Unrated] @@ -222,7 +222,7 @@ end: [....16] [ip4][..tcp] [..192.168.0.103][38817] -> [...46.33.70.160][...80] guessed: [....32] [ip4][..tcp] [...46.33.70.150][...80] -> [..192.168.0.103][40855] [HTTP][Unknown][Web][Acceptable][] idle: [....32] [ip4][..tcp] [...46.33.70.150][...80] -> [..192.168.0.103][40855] - idle: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Unknown][Web][Acceptable] + idle: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Akamai][Web][Acceptable] end: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Unknown][Web][Acceptable] RISK: Susp Entropy idle: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-h-a.akamaihd.net] diff --git a/test/results/flow-info/default/iphone.pcap.out b/test/results/flow-info/default/iphone.pcap.out index a82c35bb9..eada9ab5e 100644 --- a/test/results/flow-info/default/iphone.pcap.out +++ b/test/results/flow-info/default/iphone.pcap.out @@ -53,10 +53,10 @@ new: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] detected: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-fmfmobile.icloud.com] detection-update: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mesu.apple.com] - detected: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Unknown][Web][Safe][gspe35-ssl.ls.apple.com] + detected: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Akamai][Web][Safe][gspe35-ssl.ls.apple.com] new: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] new: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] - detection-update: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Unknown][Web][Safe][gspe35-ssl.ls.apple.com] + detection-update: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Akamai][Web][Safe][gspe35-ssl.ls.apple.com] new: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] detected: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gateway.icloud.com] detected: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] [HTTP.Apple][Apple][ConnCheck][Safe][captive.apple.com] @@ -103,11 +103,11 @@ new: [....40] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] detected: [....40] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Unknown][Network][Acceptable] new: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] - detected: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Unknown][Web][Safe][iphone-ld.apple.com] + detected: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Akamai][Web][Safe][iphone-ld.apple.com] detected: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] - detection-update: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Unknown][Web][Safe][iphone-ld.apple.com] - detected: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Unknown][Web][Safe][cl4.apple.com] - detection-update: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Unknown][Web][Safe][cl4.apple.com] + detection-update: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Akamai][Web][Safe][iphone-ld.apple.com] + detected: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Akamai][Web][Safe][cl4.apple.com] + detection-update: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Akamai][Web][Safe][cl4.apple.com] detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] new: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22] @@ -144,8 +144,8 @@ [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1076,424,90,186,424,52,90,52,52,52,52,623,52] [ENTROPIES...: 4.4,5.0,5.0,4.5,4.9,6.7,7.5,7.5,7.3,4.9,4.9,6.0,5.5,6.0,5.0,4.9,5.7,5.6,5.5,7.8,7.4,5.3,6.6,7.4,4.9,5.4,5.0,5.0,4.9,5.1,7.7,5.0] new: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] - detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com] - detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com] + detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][play.itunes.apple.com] + detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][play.itunes.apple.com] analyse: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.655| 0.067| 0.146| 21410.738| 2.900] @@ -156,7 +156,7 @@ [IATS(ms)....: 34.1,36.1,0.1,34.7,1.6,0.1,2.3,0.1,140.2,0.4,7.3,143.3,0.0,33.9,0.1,1.5,0.0,0.0,0.3,0.4,0.0,0.1,34.9,0.0,1.2,0.0,128.2,155.2,168.0,510.7,654.8] [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52] [ENTROPIES...: 4.4,5.2,5.1,4.5,5.1,6.7,7.5,7.5,7.3,4.9,5.0,6.0,5.7,6.0,5.0,5.0,5.7,5.8,5.5,7.8,5.5,7.4,5.5,4.9,5.5,5.0,5.0,4.9,7.7,5.0,4.5,5.1] - analyse: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun] + analyse: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.147| 0.026| 0.045| 1989.449| 3.200] [PKTLEN......: 52.000| 1492.000| 322.100| 461.100| 212650.100| 3.900] @@ -180,8 +180,8 @@ detected: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][sync.itunes.apple.com] detection-update: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][sync.itunes.apple.com] new: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] - detected: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][sync.itunes.apple.com] - detection-update: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][sync.itunes.apple.com] + detected: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][sync.itunes.apple.com] + detection-update: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][sync.itunes.apple.com] idle: [.....2] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac] idle: [....11] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff98:a29c] [ICMPV6][Unknown][Network][Acceptable] idle: [.....6] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun] @@ -199,7 +199,7 @@ idle: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable] idle: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mesu.apple.com] idle: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsp85-ssl.ls.apple.com] - idle: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Unknown][Web][Safe] + idle: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Akamai][Web][Safe] idle: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gspe35-ssl.ls.apple.com] idle: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsa.apple.com] idle: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][cl4.apple.com] @@ -216,8 +216,8 @@ idle: [.....7] [ip4][..udp] [....192.168.2.1][.5351] -> [......224.0.0.1][.5350] idle: [....22] [ip4][..udp] [...192.168.2.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [.....3] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][luca���s imac._odisk._tcp.local] - idle: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Unknown][Web][Safe] - idle: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun] + idle: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Akamai][Web][Safe] + idle: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun] idle: [.....1] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [.....4] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][luca���s imac._odisk._tcp.local] end: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] [HTTP.Apple][Apple][ConnCheck][Safe][captive.apple.com] @@ -226,8 +226,8 @@ idle: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] idle: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com] idle: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable] - idle: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Unknown][Web][Safe] - idle: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com] + idle: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Akamai][Web][Safe] + idle: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][play.itunes.apple.com] end: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe] end: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe] idle: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Apple][Web][Safe] diff --git a/test/results/flow-info/default/lagofast.pcap.out b/test/results/flow-info/default/lagofast.pcap.out index 8b2e33295..7cd4b36dd 100644 --- a/test/results/flow-info/default/lagofast.pcap.out +++ b/test/results/flow-info/default/lagofast.pcap.out @@ -40,7 +40,7 @@ new: [....18] [ip4][..udp] [.40.105.164.193][43932] -> [..99.193.243.15][...53] detected: [....18] [ip4][..udp] [.40.105.164.193][43932] -> [..99.193.243.15][...53] [DNS][Outlook][Network][Acceptable][report.lagofast.com] new: [....19] [ip4][..tcp] [180.239.121.250][44636] -> [...23.200.86.51][..443] [MIDSTREAM] - detected: [....19] [ip4][..tcp] [180.239.121.250][44636] -> [...23.200.86.51][..443] [TLS.LagoFast][Unknown][VPN][Fun][cbs.lagofast.com] + detected: [....19] [ip4][..tcp] [180.239.121.250][44636] -> [...23.200.86.51][..443] [TLS.LagoFast][Akamai][VPN][Fun][cbs.lagofast.com] new: [....20] [ip4][..tcp] [...99.189.94.53][45702] -> [...185.5.215.83][..443] [MIDSTREAM] detected: [....20] [ip4][..tcp] [...99.189.94.53][45702] -> [...185.5.215.83][..443] [TLS.LagoFast][Unknown][VPN][Fun][report.lagofast.com] new: [....21] [ip4][..tcp] [.49.118.157.237][..443] -> [.251.114.223.28][44636] [MIDSTREAM] @@ -88,7 +88,7 @@ idle: [....22] [ip4][..udp] [157.117.212.161][.7725] -> [.124.69.119.132][...53] [DNS][Unknown][Network][Acceptable] idle: [....10] [ip4][..udp] [.38.210.140.253][59607] -> [.248.126.41.103][.8190] [LagoFast][Unknown][VPN][Acceptable] idle: [....24] [ip4][..tcp] [.105.60.130.195][44642] -> [186.249.185.190][..443] [TLS.LagoFast][Unknown][VPN][Fun] - idle: [....19] [ip4][..tcp] [180.239.121.250][44636] -> [...23.200.86.51][..443] [TLS.LagoFast][Unknown][VPN][Fun] + idle: [....19] [ip4][..tcp] [180.239.121.250][44636] -> [...23.200.86.51][..443] [TLS.LagoFast][Akamai][VPN][Fun] idle: [....26] [ip4][..tcp] [...136.238.7.95][..443] -> [231.209.192.237][44640] [TLS][Unknown][Web][Safe] idle: [.....6] [ip4][..udp] [196.228.157.219][59607] -> [..206.16.55.103][.4750] [LagoFast][Unknown][VPN][Acceptable] idle: [....20] [ip4][..tcp] [...99.189.94.53][45702] -> [...185.5.215.83][..443] [TLS.LagoFast][Unknown][VPN][Fun] diff --git a/test/results/flow-info/default/lol_wild_rift_udp.pcap.out b/test/results/flow-info/default/lol_wild_rift_udp.pcap.out index ed46af4e8..93f36c515 100644 --- a/test/results/flow-info/default/lol_wild_rift_udp.pcap.out +++ b/test/results/flow-info/default/lol_wild_rift_udp.pcap.out @@ -2,26 +2,26 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...10.215.173.1][47462] -> [..51.20.230.207][15004] - detected: [.....1] [ip4][..udp] [...10.215.173.1][47462] -> [..51.20.230.207][15004] [LoLWildRift][AmazonAWS][Game][Fun] + detected: [.....1] [ip4][..udp] [...10.215.173.1][47462] -> [..51.20.230.207][15004] [LoLWildRift][AWS_EC2][Game][Fun] DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [...10.215.173.1][43686] -> [..13.51.213.131][15007] - detected: [.....2] [ip4][..udp] [...10.215.173.1][43686] -> [..13.51.213.131][15007] [LoLWildRift][AmazonAWS][Game][Fun] - idle: [.....1] [ip4][..udp] [...10.215.173.1][47462] -> [..51.20.230.207][15004] [LoLWildRift][AmazonAWS][Game][Fun] + detected: [.....2] [ip4][..udp] [...10.215.173.1][43686] -> [..13.51.213.131][15007] [LoLWildRift][AWS_EC2][Game][Fun] + idle: [.....1] [ip4][..udp] [...10.215.173.1][47462] -> [..51.20.230.207][15004] [LoLWildRift][AWS_EC2][Game][Fun] DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..udp] [...10.215.173.1][46702] -> [..51.20.230.207][15007] - detected: [.....3] [ip4][..udp] [...10.215.173.1][46702] -> [..51.20.230.207][15007] [LoLWildRift][AmazonAWS][Game][Fun] - idle: [.....2] [ip4][..udp] [...10.215.173.1][43686] -> [..13.51.213.131][15007] [LoLWildRift][AmazonAWS][Game][Fun] + detected: [.....3] [ip4][..udp] [...10.215.173.1][46702] -> [..51.20.230.207][15007] [LoLWildRift][AWS_EC2][Game][Fun] + idle: [.....2] [ip4][..udp] [...10.215.173.1][43686] -> [..13.51.213.131][15007] [LoLWildRift][AWS_EC2][Game][Fun] DAEMON-EVENT: [Processed: 6 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....4] [ip4][..udp] [...10.215.173.1][44513] -> [....13.53.58.18][18001] - detected: [.....4] [ip4][..udp] [...10.215.173.1][44513] -> [....13.53.58.18][18001] [LoLWildRift][AmazonAWS][Game][Fun] - idle: [.....3] [ip4][..udp] [...10.215.173.1][46702] -> [..51.20.230.207][15007] [LoLWildRift][AmazonAWS][Game][Fun] + detected: [.....4] [ip4][..udp] [...10.215.173.1][44513] -> [....13.53.58.18][18001] [LoLWildRift][AWS_EC2][Game][Fun] + idle: [.....3] [ip4][..udp] [...10.215.173.1][46702] -> [..51.20.230.207][15007] [LoLWildRift][AWS_EC2][Game][Fun] DAEMON-EVENT: [Processed: 7 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..udp] [...10.215.173.1][41440] -> [....13.53.58.18][18001] - detected: [.....5] [ip4][..udp] [...10.215.173.1][41440] -> [....13.53.58.18][18001] [LoLWildRift][AmazonAWS][Game][Fun] - idle: [.....4] [ip4][..udp] [...10.215.173.1][44513] -> [....13.53.58.18][18001] [LoLWildRift][AmazonAWS][Game][Fun] - idle: [.....5] [ip4][..udp] [...10.215.173.1][41440] -> [....13.53.58.18][18001] [LoLWildRift][AmazonAWS][Game][Fun] + detected: [.....5] [ip4][..udp] [...10.215.173.1][41440] -> [....13.53.58.18][18001] [LoLWildRift][AWS_EC2][Game][Fun] + idle: [.....4] [ip4][..udp] [...10.215.173.1][44513] -> [....13.53.58.18][18001] [LoLWildRift][AWS_EC2][Game][Fun] + idle: [.....5] [ip4][..udp] [...10.215.173.1][41440] -> [....13.53.58.18][18001] [LoLWildRift][AWS_EC2][Game][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/matter_onoff.pcapng.out b/test/results/flow-info/default/matter_onoff.pcapng.out new file mode 100644 index 000000000..eb7b2cbdc --- /dev/null +++ b/test/results/flow-info/default/matter_onoff.pcapng.out @@ -0,0 +1,23 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.86.49][.5353] -> [....224.0.0.251][.5353] + detected: [.....1] [ip4][..udp] [..192.168.86.49][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_services._dns-sd._udp.local] + new: [.....2] [ip6][..udp] [..............fe80::9f50:74d7:96c5:1a4f][.5353] -> [...............................ff02::fb][.5353] + detected: [.....2] [ip6][..udp] [..............fe80::9f50:74d7:96c5:1a4f][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_services._dns-sd._udp.local] + new: [.....3] [ip6][..udp] [....fd5e:a43d:fedd::af13:b2b3:fc69:f7e0][.5542] -> [....fd5e:a43d:fedd::af13:b2b3:fc69:f7e0][.5540] + detected: [.....3] [ip6][..udp] [....fd5e:a43d:fedd::af13:b2b3:fc69:f7e0][.5542] -> [....fd5e:a43d:fedd::af13:b2b3:fc69:f7e0][.5540] [Matter][Unknown][IoT-Scada][Acceptable] + analyse: [.....3] [ip6][..udp] [....fd5e:a43d:fedd::af13:b2b3:fc69:f7e0][.5542] -> [....fd5e:a43d:fedd::af13:b2b3:fc69:f7e0][.5540] [Matter][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.007| 0.002| 0.002| 3.671| 4.200] + [PKTLEN......: 66.000| 607.000| 184.800| 162.200| 26323.500| 4.600] + [BINS(c->s)..: 1,11,6,0,0,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,0,4,1,1,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] + [IATS(ms)....: 0.8,1.5,2.5,2.5,1.0,0.5,0.1,0.8,1.1,0.1,1.9,1.8,0.1,1.2,1.1,0.1,1.1,1.0,0.1,2.9,5.2,0.2,4.3,2.7,0.2,2.2,1.0,0.1,7.4,7.3,0.9] + [PKTLENS.....: 118,177,136,171,103,74,114,66,112,117,82,112,107,82,585,107,82,607,139,82,458,139,82,422,344,82,112,604,82,118,82,216] + [ENTROPIES...: 5.7,6.4,6.1,6.6,5.6,4.5,6.0,4.7,5.9,6.0,5.3,6.1,5.9,5.4,7.6,5.8,5.4,7.6,6.3,5.4,7.5,6.3,5.4,7.5,7.2,5.4,6.1,7.5,5.4,6.1,5.3,6.6] + idle: [.....3] [ip6][..udp] [....fd5e:a43d:fedd::af13:b2b3:fc69:f7e0][.5542] -> [....fd5e:a43d:fedd::af13:b2b3:fc69:f7e0][.5540] [Matter][Unknown][IoT-Scada][Acceptable] + idle: [.....1] [ip4][..udp] [..192.168.86.49][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_services._dns-sd._udp.local] + idle: [.....2] [ip6][..udp] [..............fe80::9f50:74d7:96c5:1a4f][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_services._dns-sd._udp.local] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mismatching_hostname.pcap.out b/test/results/flow-info/default/mismatching_hostname.pcap.out new file mode 100644 index 000000000..76bfb1cd6 --- /dev/null +++ b/test/results/flow-info/default/mismatching_hostname.pcap.out @@ -0,0 +1,23 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [....192.168.2.7][35162] -> [....51.38.65.98][..443] + detected: [.....1] [ip4][..tcp] [....192.168.2.7][35162] -> [....51.38.65.98][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][facebook.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [.....1] [ip4][..tcp] [....192.168.2.7][35162] -> [....51.38.65.98][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][facebook.com] + RISK: TLS (probably) Not Carrying HTTPS + analyse: [.....1] [ip4][..tcp] [....192.168.2.7][35162] -> [....51.38.65.98][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.313| 0.043| 0.063| 4023.491| 3.900] + [PKTLEN......: 52.000| 1492.000| 286.900| 411.500| 169326.600| 4.000] + [BINS(c->s)..: 9,2,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 6,1,1,0,0,0,0,3,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0] + [IATS(ms)....: 49.9,53.9,4.4,39.9,2.1,0.1,0.0,39.8,2.5,0.0,2.7,43.0,0.1,36.6,13.3,12.7,24.9,24.9,89.9,89.6,36.0,7.0,87.2,192.3,313.0,76.6,34.7,0.7,36.3,8.7,8.6] + [PKTLENS.....: 60,60,52,306,52,1492,1492,279,52,52,52,116,307,307,87,114,52,1154,1090,52,122,52,574,52,90,52,264,52,142,52,450,52] + [ENTROPIES...: 4.8,5.3,5.1,6.1,5.2,7.9,7.9,7.2,5.2,5.1,5.2,6.0,7.3,7.2,5.8,6.3,5.1,7.8,7.8,5.2,6.4,5.1,7.6,5.2,5.9,5.2,7.1,5.2,6.6,5.2,7.5,5.2] + detection-update: [.....1] [ip4][..tcp] [....192.168.2.7][35162] -> [....51.38.65.98][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][facebook.com] + RISK: TLS (probably) Not Carrying HTTPS, Mismatching Protocol with server IP address + idle: [.....1] [ip4][..tcp] [....192.168.2.7][35162] -> [....51.38.65.98][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][facebook.com] + RISK: TLS (probably) Not Carrying HTTPS, Mismatching Protocol with server IP address + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mpeg-dash.pcap.out b/test/results/flow-info/default/mpeg-dash.pcap.out index 09a930519..972a42e62 100644 --- a/test/results/flow-info/default/mpeg-dash.pcap.out +++ b/test/results/flow-info/default/mpeg-dash.pcap.out @@ -6,15 +6,15 @@ DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] - detected: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][livesim.dashif.org] + detected: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] [HTTP.MpegDash][AWS_EC2][Media][Fun][livesim.dashif.org] new: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][AmazonAWS][Media][Fun][] + detected: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][AWS_EC2][Media][Fun][] RISK: HTTP Susp User-Agent - detection-update: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][AmazonAWS][Media][Fun][livesim.dashif.org] + detection-update: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][AWS_EC2][Media][Fun][livesim.dashif.org] new: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][livesim.dashif.org] - idle: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] - idle: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][AmazonAWS][Media][Fun] - idle: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] + detected: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [HTTP.MpegDash][AWS_EC2][Media][Fun][livesim.dashif.org] + idle: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] [HTTP.MpegDash][AWS_EC2][Media][Fun] + idle: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][AWS_EC2][Media][Fun] + idle: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [HTTP.MpegDash][AWS_EC2][Media][Fun] idle: [.....1] [ip4][..tcp] [.....10.84.1.81][60926] -> [.166.248.152.10][...80] [HTTP.MpegDash][Unknown][Media][Fun][gdl.news-cdn.site] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mudfish.pcap.out b/test/results/flow-info/default/mudfish.pcap.out index 199d52b92..c66228d76 100644 --- a/test/results/flow-info/default/mudfish.pcap.out +++ b/test/results/flow-info/default/mudfish.pcap.out @@ -32,10 +32,10 @@ new: [....10] [ip4][..udp] [..192.168.0.102][60976] -> [.180.149.230.60][10007] detected: [....10] [ip4][..udp] [..192.168.0.102][60976] -> [.180.149.230.60][10007] [Mudfish][Unknown][VPN][Acceptable] new: [....11] [ip4][..udp] [..192.168.0.102][60976] -> [..172.233.67.67][10007] - detected: [....11] [ip4][..udp] [..192.168.0.102][60976] -> [..172.233.67.67][10007] [Mudfish][Unknown][VPN][Acceptable] + detected: [....11] [ip4][..udp] [..192.168.0.102][60976] -> [..172.233.67.67][10007] [Mudfish][Akamai][VPN][Acceptable] idle: [.....6] [ip4][..udp] [..192.168.0.102][60977] -> [..35.201.242.82][10007] [Mudfish][GoogleCloud][VPN][Acceptable] idle: [.....2] [ip4][..udp] [..192.168.0.102][60976] -> [..58.228.231.36][10007] [Mudfish][Unknown][VPN][Acceptable] - idle: [....11] [ip4][..udp] [..192.168.0.102][60976] -> [..172.233.67.67][10007] [Mudfish][Unknown][VPN][Acceptable] + idle: [....11] [ip4][..udp] [..192.168.0.102][60976] -> [..172.233.67.67][10007] [Mudfish][Akamai][VPN][Acceptable] idle: [.....9] [ip4][..udp] [..192.168.0.102][60976] -> [..45.120.157.78][10007] [Mudfish][Unknown][VPN][Acceptable] idle: [.....5] [ip4][..udp] [..192.168.0.102][60976] -> [.211.253.26.155][10007] [Mudfish][Unknown][VPN][Acceptable] idle: [.....8] [ip4][..udp] [..192.168.0.102][60977] -> [.176.10.111.130][10007] [Mudfish][Unknown][VPN][Acceptable] diff --git a/test/results/flow-info/default/naver.pcap.out b/test/results/flow-info/default/naver.pcap.out index c45190567..6923918b6 100644 --- a/test/results/flow-info/default/naver.pcap.out +++ b/test/results/flow-info/default/naver.pcap.out @@ -2,15 +2,15 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...10.215.173.1][40026] -> [...23.52.84.208][..443] - detected: [.....1] [ip4][..tcp] [...10.215.173.1][40026] -> [...23.52.84.208][..443] [TLS.Naver][Unknown][Web][Safe][m.naver.com] - detection-update: [.....1] [ip4][..tcp] [...10.215.173.1][40026] -> [...23.52.84.208][..443] [TLS.Naver][Unknown][Web][Safe][m.naver.com] + detected: [.....1] [ip4][..tcp] [...10.215.173.1][40026] -> [...23.52.84.208][..443] [TLS.Naver][Akamai][Web][Safe][m.naver.com] + detection-update: [.....1] [ip4][..tcp] [...10.215.173.1][40026] -> [...23.52.84.208][..443] [TLS.Naver][Akamai][Web][Safe][m.naver.com] new: [.....2] [ip4][..tcp] [...10.215.173.1][42040] -> [..110.93.157.96][..443] detected: [.....2] [ip4][..tcp] [...10.215.173.1][42040] -> [..110.93.157.96][..443] [TLS.Naver][Unknown][Web][Safe][kr-col-ext.nelo.navercorp.com] detection-update: [.....2] [ip4][..tcp] [...10.215.173.1][42040] -> [..110.93.157.96][..443] [TLS.Naver][Unknown][Web][Safe][kr-col-ext.nelo.navercorp.com] new: [.....3] [ip4][..tcp] [...10.215.173.1][45578] -> [.184.50.200.195][..443] - detected: [.....3] [ip4][..tcp] [...10.215.173.1][45578] -> [.184.50.200.195][..443] [TLS.Naver][Unknown][Web][Safe][dthumb-phinf.pstatic.net] - detection-update: [.....3] [ip4][..tcp] [...10.215.173.1][45578] -> [.184.50.200.195][..443] [TLS.Naver][Unknown][Web][Safe][dthumb-phinf.pstatic.net] - idle: [.....1] [ip4][..tcp] [...10.215.173.1][40026] -> [...23.52.84.208][..443] [TLS.Naver][Unknown][Web][Safe] - idle: [.....3] [ip4][..tcp] [...10.215.173.1][45578] -> [.184.50.200.195][..443] [TLS.Naver][Unknown][Web][Safe] + detected: [.....3] [ip4][..tcp] [...10.215.173.1][45578] -> [.184.50.200.195][..443] [TLS.Naver][Akamai][Web][Safe][dthumb-phinf.pstatic.net] + detection-update: [.....3] [ip4][..tcp] [...10.215.173.1][45578] -> [.184.50.200.195][..443] [TLS.Naver][Akamai][Web][Safe][dthumb-phinf.pstatic.net] + idle: [.....1] [ip4][..tcp] [...10.215.173.1][40026] -> [...23.52.84.208][..443] [TLS.Naver][Akamai][Web][Safe] + idle: [.....3] [ip4][..tcp] [...10.215.173.1][45578] -> [.184.50.200.195][..443] [TLS.Naver][Akamai][Web][Safe] idle: [.....2] [ip4][..tcp] [...10.215.173.1][42040] -> [..110.93.157.96][..443] [TLS.Naver][Unknown][Web][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/nest_log_sink.pcap.out b/test/results/flow-info/default/nest_log_sink.pcap.out index 696959e98..203428d10 100644 --- a/test/results/flow-info/default/nest_log_sink.pcap.out +++ b/test/results/flow-info/default/nest_log_sink.pcap.out @@ -14,7 +14,7 @@ [IATS(ms)....: 60.8,60066.5,60071.0,444.6,512.2,60052.4,60122.1,60064.1,60058.5,139.4,204.1,59876.0,59944.8,60065.8,60071.7,305.5,379.3,59710.1,59782.3,60066.2,60065.0,470.7,541.9,60021.2,60097.0,60072.0,60059.9,163.5,227.3,59834.0,59896.7] [PKTLENS.....: 46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40] [ENTROPIES...: 4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.4,4.9,4.9,4.4,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9] - guessed: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + guessed: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] DAEMON-EVENT: [Processed: 60 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] @@ -33,11 +33,11 @@ [PKTLENS.....: 46,44,46,571,40,719,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495] [ENTROPIES...: 4.3,4.9,4.4,6.9,4.8,7.1,4.5,5.4,5.0,5.9,5.0,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.8,7.5,5.6,7.5,5.7,7.6,5.6,7.6,5.8,4.4,7.5,5.7,7.5] new: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] - detected: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + detected: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] new: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] detected: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] update: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] - analyse: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + analyse: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.007| 60.078| 8.258| 19.898| 395938807.939| 2.400] [PKTLEN......: 40.000| 717.000| 167.000| 184.800| 34140.600| 4.300] @@ -49,7 +49,7 @@ [ENTROPIES...: 4.4,5.0,4.4,7.0,5.0,7.1,4.5,5.5,5.0,7.4,5.0,5.7,6.4,7.7,4.4,6.7,6.7,6.8,6.5,6.8,6.7,4.3,6.7,4.3,7.2,5.8,4.3,4.4,4.9,4.3,4.9,4.9] end: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] end: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] - end: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + end: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] update: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] DAEMON-EVENT: [Processed: 215 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 1|detection-updates: 1|updates: 2] @@ -74,15 +74,15 @@ [PKTLENS.....: 46,44,46,570,40,718,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495] [ENTROPIES...: 4.4,5.0,4.4,6.9,4.8,7.1,4.3,5.4,4.7,5.8,4.7,5.6,7.5,5.7,7.5,5.7,7.5,5.7,7.6,5.7,7.5,5.6,7.5,5.6,7.5,5.7,7.5,5.7,4.4,7.5,5.7,7.6] new: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] - detected: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + detected: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] new: [.....9] [ip4][..tcp] [.192.168.242.15][63347] -> [.35.188.154.186][11095] detected: [.....9] [ip4][..tcp] [.192.168.242.15][63347] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] update: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] end: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] end: [.....9] [ip4][..tcp] [.192.168.242.15][63347] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] - end: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + end: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] update: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] - analyse: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + analyse: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.007| 60.066| 10.038| 21.842| 477077551.710| 2.600] [PKTLEN......: 40.000| 717.000| 162.200| 185.800| 34538.800| 4.300] @@ -113,13 +113,13 @@ [PKTLENS.....: 46,44,46,570,40,718,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495] [ENTROPIES...: 4.4,5.0,4.4,6.9,4.9,7.1,4.5,5.4,5.0,5.9,4.9,5.7,7.5,5.7,7.6,5.7,7.5,5.7,7.5,5.7,7.5,5.6,7.5,5.7,7.5,5.9,7.5,5.7,4.4,7.5,5.7,7.5] new: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] - detected: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + detected: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] end: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] - end: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + end: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] idle: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] - analyse: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + analyse: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.004| 60.116| 15.667| 26.142| 683403720.524| 3.100] [PKTLEN......: 40.000| 718.000| 145.100| 181.000| 32752.900| 4.200] @@ -132,8 +132,8 @@ DAEMON-EVENT: [Processed: 562 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 12|skipped: 0|!detected: 0|guessed: 1|detection-updates: 3|updates: 6] new: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] - detected: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] - end: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + detected: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] + end: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] new: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] detected: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] detection-update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] @@ -150,7 +150,7 @@ [PKTLENS.....: 46,44,46,570,40,719,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495] [ENTROPIES...: 4.3,5.0,4.4,7.0,5.0,7.1,4.5,5.5,5.0,5.8,4.9,5.6,7.6,5.8,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.6,5.7,7.5,5.7,4.3,7.5,5.7,7.5] new: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] - analyse: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + analyse: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 60.156| 9.910| 20.689| 428051338.887| 2.700] [PKTLEN......: 40.000| 717.000| 147.100| 180.100| 32452.700| 4.200] @@ -160,15 +160,15 @@ [IATS(ms)....: 68.6,72.2,634.4,701.9,15.9,150.9,1314.3,1491.3,109.2,71.0,18.0,93.5,70.2,72.1,7.2,80.0,74.1,77.1,76.5,41.6,115.5,208.5,59946.9,60155.8,60057.7,60124.3,30586.0,30652.9,66.9,1.3,68.3] [PKTLENS.....: 46,44,46,571,40,717,46,92,40,244,40,100,162,669,46,220,190,220,201,46,332,102,46,46,40,40,46,102,40,46,46,40] [ENTROPIES...: 4.3,4.9,4.4,6.9,4.9,7.1,4.5,5.3,5.0,6.9,5.0,5.8,6.5,7.7,4.4,6.8,6.5,6.9,6.8,4.5,7.2,5.9,4.5,4.5,5.0,5.0,4.5,5.6,5.0,4.5,4.6,5.0] - detected: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + detected: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] new: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] detected: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] end: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] end: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable] - end: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + end: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable][weave-logsink.nest.com] - analyse: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + analyse: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.005| 60.173| 10.045| 21.954| 481957439.865| 2.600] [PKTLEN......: 40.000| 716.000| 162.200| 185.800| 34529.800| 4.300] @@ -185,5 +185,5 @@ DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 0|guessed: 1|detection-updates: 4|updates: 8] DAEMON-EVENT: [Processed: 773 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 0|guessed: 1|detection-updates: 4|updates: 8] - idle: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] + idle: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][AWS_EC2][Cloud][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/netease_games.pcapng.out b/test/results/flow-info/default/netease_games.pcapng.out index 360f5714c..9fad6b558 100644 --- a/test/results/flow-info/default/netease_games.pcapng.out +++ b/test/results/flow-info/default/netease_games.pcapng.out @@ -6,9 +6,9 @@ detection-update: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS][Unknown][Network][Acceptable][data-detect.nie.easebar.com] detection-update: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS][Unknown][Network][Acceptable][data-detect.nie.easebar.com] new: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443] - detected: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443] [TLS.NetEaseGames][AmazonAWS][Game][Fun][data-detect.nie.easebar.com] + detected: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443] [TLS.NetEaseGames][AWS_EC2][Game][Fun][data-detect.nie.easebar.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443] [TLS.NetEaseGames][AmazonAWS][Game][Fun][data-detect.nie.easebar.com] + detection-update: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443] [TLS.NetEaseGames][AWS_EC2][Game][Fun][data-detect.nie.easebar.com] RISK: TLS (probably) Not Carrying HTTPS DAEMON-EVENT: [Processed: 10 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] @@ -23,7 +23,7 @@ detected: [.....5] [ip4][..udp] [.192.168.88.231][58951] -> [...34.141.75.90][28203] [NetEaseGames][GoogleCloud][Game][Fun] idle: [.....5] [ip4][..udp] [.192.168.88.231][58951] -> [...34.141.75.90][28203] [NetEaseGames][GoogleCloud][Game][Fun] idle: [.....3] [ip4][..udp] [.192.168.88.231][56588] -> [..35.246.207.19][.4513] [NetEaseGames][GoogleCloud][Game][Fun] - idle: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443] [TLS.NetEaseGames][AmazonAWS][Game][Fun] + idle: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443] [TLS.NetEaseGames][AWS_EC2][Game][Fun] RISK: TLS (probably) Not Carrying HTTPS idle: [.....4] [ip4][..udp] [.192.168.88.231][41040] -> [..35.228.32.209][.4170] [NetEaseGames][GoogleCloud][Game][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/netflix.pcap.out b/test/results/flow-info/default/netflix.pcap.out index 07c24bf75..7f6bc096a 100644 --- a/test/results/flow-info/default/netflix.pcap.out +++ b/test/results/flow-info/default/netflix.pcap.out @@ -11,29 +11,29 @@ detection-update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.us-west-2.prodaa.netflix.com] new: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] new: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] - detected: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detected: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] new: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detected: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detected: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] new: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.364| 0.040| 0.082| 6699.630| 3.200] [PKTLEN......: 52.000| 1500.000| 265.200| 396.800| 157454.800| 3.900] @@ -44,15 +44,15 @@ [PKTLENS.....: 64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52] [ENTROPIES...: 4.6,5.3,5.1,5.7,5.2,7.3,7.3,5.1,6.9,5.2,6.4,5.1,6.1,5.2,5.9,5.2,7.5,7.4,5.2,7.8,5.1,6.1,5.1,7.4,7.4,5.2,7.8,6.1,5.8,5.2,5.2,5.1] new: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] - detected: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] + detected: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] new: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] detected: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250] new: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] - detected: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] + detected: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] new: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] detected: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Unknown][Network][Acceptable] new: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] @@ -60,24 +60,24 @@ detection-update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com] new: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] new: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] - detected: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] - detected: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.350| 0.041| 0.077| 5966.970| 3.500] [PKTLEN......: 52.000| 1500.000| 530.200| 630.500| 397553.600| 4.000] @@ -91,10 +91,10 @@ detected: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net] detection-update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net] new: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] - detected: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net] - detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net] - detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net] - analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + detected: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Akamai][Video][Fun][art-s.nflximg.net] + detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Akamai][Video][Fun][art-s.nflximg.net] + detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Akamai][Video][Fun][art-s.nflximg.net] + analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 7.508| 0.502| 1.826| 3335198.867| 1.400] [PKTLEN......: 52.000| 1500.000| 358.800| 520.700| 271128.800| 3.800] @@ -109,16 +109,16 @@ detection-update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][artwork.akam.nflximg.net] new: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] new: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] - detected: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] - detected: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] + detected: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] + detected: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] new: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] - detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] + detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] new: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] detected: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com] detection-update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com] new: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] - detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com] - analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com] + detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][appboot.netflix.com] + analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][appboot.netflix.com] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.187| 0.029| 0.042| 1791.215| 4.000] [PKTLEN......: 52.000| 1500.000| 812.300| 674.900| 455511.900| 4.400] @@ -129,12 +129,12 @@ [PKTLENS.....: 64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64] [ENTROPIES...: 4.5,5.3,5.2,5.7,6.0,6.1,5.3,5.3,5.3,6.0,5.7,5.1,6.1,5.2,5.9,5.0,5.8,5.8,5.2,5.8,5.2,5.8,5.8,5.2,5.8,5.8,5.8,5.8,5.8,5.8,5.8,5.2] new: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] - detected: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] new: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] detected: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a803.dscg.akamai.net] new: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] - analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] + analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300] [PKTLEN......: 52.000| 1500.000| 795.600| 706.600| 499284.200| 4.300] @@ -148,14 +148,14 @@ new: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] detection-update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] new: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] - detected: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun][tp.akam.nflximg.com] - detected: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Akamai][Video][Fun][tp.akam.nflximg.com] + detected: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun][tp.akam.nflximg.com] + detection-update: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Akamai][Video][Fun][tp.akam.nflximg.com] RISK: HTTP Susp Content - detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] detected: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.145] @@ -357,7 +357,7 @@ [IATS(ms)....: 43.9,45.8,13.4,88.6,4.9,81.9,1250.8,92.5,118.4,0.7,544.2,69.2,495.5,501.7,62.9,1143.9,28.6,39.1,4432.0,83.0,87.8,169.9,586.4,795.5,292.9,509.0,501.2,1203.5,55.9,83.0,70.7] [PKTLENS.....: 64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500] [ENTROPIES...: 4.6,5.2,5.0,6.4,5.8,4.5,5.1,5.3,5.3,5.4,5.4,5.3,5.4,5.3,5.3,5.1,5.3,5.3,5.2,4.3,5.0,4.3,5.2,5.2,4.4,5.2,5.2,5.2,4.3,4.3,5.2,4.4] - analyse: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 30.086| 1.958| 7.380| 54461959.504| 1.100] [PKTLEN......: 52.000| 1500.000| 380.000| 556.900| 310128.200| 3.800] @@ -383,7 +383,7 @@ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt) detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.geo.netflix.com] new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] - analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 30.431| 1.003| 5.373| 28867930.620| 0.200] [PKTLEN......: 52.000| 1500.000| 379.500| 557.000| 310204.400| 3.800] @@ -393,22 +393,22 @@ [IATS(ms)....: 44.9,46.3,7.4,58.2,1.8,1.0,55.8,12.1,9.9,9.3,0.3,0.2,60.5,0.1,50.8,11.5,0.5,0.2,72.1,60.9,0.3,50.8,0.4,15.7,16.9,0.1,0.1,82.9,0.3,0.1,30431.5] [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52] [ENTROPIES...: 4.6,5.3,5.1,5.8,5.2,7.2,7.3,5.1,7.0,5.2,6.3,5.1,5.9,5.3,6.1,5.2,7.9,7.9,7.9,5.2,7.9,7.3,5.2,5.3,5.3,7.8,6.2,5.9,5.2,5.2,5.2,5.0] - detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.282| 0.053| 0.058| 3383.537| 4.200] [PKTLEN......: 52.000| 1500.000| 552.500| 629.700| 396553.700| 4.000] @@ -418,7 +418,7 @@ [IATS(ms)....: 50.8,52.1,6.3,61.1,40.7,74.7,170.4,11.8,79.4,67.6,2.0,57.4,55.8,1.7,0.8,0.2,0.2,82.5,79.7,0.2,94.6,127.5,60.6,282.5,10.6,27.6,38.0,39.9,42.9,7.7,0.7] [PKTLENS.....: 64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52] [ENTROPIES...: 4.6,5.4,5.2,4.4,5.2,7.2,7.7,5.2,6.5,6.0,5.1,7.8,6.2,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.4,5.2,5.2,7.8,5.2,7.9,7.9,5.2,6.2,5.2,5.8,5.1] - analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.333| 0.059| 0.083| 6944.879| 3.800] [PKTLEN......: 52.000| 1500.000| 746.100| 703.800| 495333.000| 4.200] @@ -462,37 +462,37 @@ detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] new: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] detected: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com] detection-update: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com] new: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] new: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] - detected: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detected: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detected: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] new: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.141| 0.020| 0.029| 838.464| 3.900] [PKTLEN......: 52.000| 1500.000| 420.800| 506.400| 256458.000| 4.100] @@ -507,9 +507,9 @@ detection-update: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a1907.dscg.akamai.net] new: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] new: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] - detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] - detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] - analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] + detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] + analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.501| 0.064| 0.122| 14766.799| 3.300] [PKTLEN......: 52.000| 1500.000| 442.800| 552.300| 305076.800| 4.000] @@ -519,7 +519,7 @@ [IATS(ms)....: 58.3,61.2,1.8,70.6,2.9,1.0,71.3,11.6,12.3,13.1,0.1,0.1,65.7,0.8,52.3,3.6,0.2,91.6,51.8,0.3,140.2,3.7,3.4,3.9,5.5,6.4,5.0,437.2,0.9,500.9,291.9] [PKTLENS.....: 64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500] [ENTROPIES...: 4.6,5.3,5.2,4.1,5.0,7.3,7.3,5.2,7.0,5.2,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.8,5.2,7.9,7.5,5.2,7.6,5.1,7.7,5.2,6.0,5.2,7.9,7.7,5.0,7.9] - analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] + analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.100| 0.036| 0.022| 464.586| 4.700] [PKTLEN......: 52.000| 1500.000| 1146.700| 613.300| 376142.500| 4.700] @@ -529,7 +529,7 @@ [IATS(ms)....: 16.7,17.7,12.0,38.5,0.5,12.7,40.1,27.1,27.1,58.5,99.8,81.1,33.9,23.7,53.8,53.8,65.1,48.0,65.4,13.9,30.9,13.3,28.7,40.4,54.5,28.8,29.4,29.4,27.5,25.5,25.5] [PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] [ENTROPIES...: 4.5,5.2,5.2,5.9,5.3,7.0,7.5,5.1,7.7,5.1,7.7,5.2,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.9,7.8,7.9,7.9,7.8,7.8] - analyse: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] + analyse: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.416| 0.126| 0.341| 116136.157| 2.600] [PKTLEN......: 52.000| 1500.000| 767.500| 698.900| 488505.900| 4.300] @@ -540,23 +540,23 @@ [PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52] [ENTROPIES...: 4.5,5.2,5.1,5.9,5.3,7.3,7.8,5.2,7.8,5.0,7.8,7.8,5.1,7.8,7.7,5.2,5.8,6.9,7.5,7.8,5.1,5.0,7.8,7.8,5.0,7.9,4.9,7.8,7.8,5.1,7.8,5.1] idle: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250] - guessed: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] [TLS][AWS_EC2][Web][Safe] RISK: Unidirectional Traffic end: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] - end: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] - idle: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] - end: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] - idle: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun][tp.akam.nflximg.com] + end: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] + idle: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] + end: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] + idle: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Akamai][Video][Fun][tp.akam.nflximg.com] RISK: HTTP Susp Content - idle: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] - idle: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] - end: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] - idle: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] - end: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + idle: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] + idle: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] + end: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] + idle: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] + end: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - end: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + end: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - idle: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + idle: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS idle: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] idle: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] @@ -565,37 +565,37 @@ idle: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com] idle: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.us-west-2.prodaa.netflix.com] idle: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] - end: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - idle: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - idle: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + end: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + idle: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + idle: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - idle: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + idle: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS idle: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Unknown][Network][Acceptable] idle: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a1907.dscg.akamai.net] idle: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net] idle: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com] idle: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][artwork.akam.nflximg.net] - end: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + end: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - end: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + end: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - idle: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + idle: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - end: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + end: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - end: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - end: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - end: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] + end: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + end: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + end: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] idle: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.geo.netflix.com] - end: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com] - idle: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun] - end: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - end: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + end: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][appboot.netflix.com] + idle: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Akamai][Video][Fun] + end: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + end: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + end: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + end: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS end: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.145] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt) diff --git a/test/results/flow-info/default/nexon.pcapng.out b/test/results/flow-info/default/nexon.pcapng.out index 9223865ba..dcf904dfc 100644 --- a/test/results/flow-info/default/nexon.pcapng.out +++ b/test/results/flow-info/default/nexon.pcapng.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.12.67][46824] -> [..54.64.252.215][.9995] - detected: [.....1] [ip4][..tcp] [..192.168.12.67][46824] -> [..54.64.252.215][.9995] [Nexon][AmazonAWS][Game][Fun] + detected: [.....1] [ip4][..tcp] [..192.168.12.67][46824] -> [..54.64.252.215][.9995] [Nexon][AWS_EC2][Game][Fun] new: [.....2] [ip4][..tcp] [..192.168.12.67][39908] -> [..18.185.38.147][.7500] - detected: [.....2] [ip4][..tcp] [..192.168.12.67][39908] -> [..18.185.38.147][.7500] [Nexon][AmazonAWS][Game][Fun] - analyse: [.....1] [ip4][..tcp] [..192.168.12.67][46824] -> [..54.64.252.215][.9995] [Nexon][AmazonAWS][Game][Fun] + detected: [.....2] [ip4][..tcp] [..192.168.12.67][39908] -> [..18.185.38.147][.7500] [Nexon][AWS_EC2][Game][Fun] + analyse: [.....1] [ip4][..tcp] [..192.168.12.67][46824] -> [..54.64.252.215][.9995] [Nexon][AWS_EC2][Game][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 43.051| 6.153| 11.571| 133878106.817| 3.300] [PKTLEN......: 52.000| 276.000| 81.100| 43.700| 1910.200| 4.800] @@ -15,6 +15,6 @@ [IATS(ms)....: 263.7,306.1,0.8,306.6,0.0,307.4,0.1,307.2,313.4,2118.5,2477.1,7517.2,7472.4,291.2,291.2,25327.8,25327.9,1611.5,1610.9,265.5,265.4,43050.1,43050.8,266.9,266.5,9059.2,9059.1,289.5,289.5,4522.2,4522.2] [PKTLENS.....: 60,60,52,76,52,60,100,52,80,52,108,52,108,52,108,52,276,52,108,52,116,52,116,52,108,52,108,52,108,52,116,52] [ENTROPIES...: 4.8,5.3,5.2,5.4,5.3,5.1,6.1,5.2,5.7,5.1,6.2,5.3,6.3,5.2,6.2,5.2,7.0,5.2,6.3,5.2,6.3,5.1,6.4,5.2,6.1,5.2,6.2,5.2,6.2,5.2,6.3,5.1] - end: [.....2] [ip4][..tcp] [..192.168.12.67][39908] -> [..18.185.38.147][.7500] [Nexon][AmazonAWS][Game][Fun] - idle: [.....1] [ip4][..tcp] [..192.168.12.67][46824] -> [..54.64.252.215][.9995] [Nexon][AmazonAWS][Game][Fun] + end: [.....2] [ip4][..tcp] [..192.168.12.67][39908] -> [..18.185.38.147][.7500] [Nexon][AWS_EC2][Game][Fun] + idle: [.....1] [ip4][..tcp] [..192.168.12.67][46824] -> [..54.64.252.215][.9995] [Nexon][AWS_EC2][Game][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/nintendo.pcap.out b/test/results/flow-info/default/nintendo.pcap.out index 36eb9803b..8f50cfd73 100644 --- a/test/results/flow-info/default/nintendo.pcap.out +++ b/test/results/flow-info/default/nintendo.pcap.out @@ -8,9 +8,9 @@ new: [.....3] [ip4][..udp] [.192.168.12.114][52119] -> [..109.21.255.11][50251] detected: [.....3] [ip4][..udp] [.192.168.12.114][52119] -> [..109.21.255.11][50251] [Nintendo][Unknown][Game][Fun] new: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AmazonAWS][Web][Safe] + detected: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AWS_EC2][Web][Safe] new: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] - detected: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AmazonAWS][Game][Fun] + detected: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AWS_EC2][Game][Fun] analyse: [.....1] [ip4][..udp] [.192.168.12.114][52119] -> [....91.8.243.35][49432] [Nintendo][Unknown][Game][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.730| 0.194| 0.332| 110172.324| 3.600] @@ -26,11 +26,11 @@ detected: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] detection-update: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] new: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] - detected: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + detected: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AWS_Cloudfront][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + detection-update: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AWS_Cloudfront][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + detection-update: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AWS_Cloudfront][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....9] [ip4][..tcp] [.192.168.12.114][11534] -> [..54.146.242.74][..443] [MIDSTREAM] new: [....10] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33334] @@ -46,13 +46,13 @@ detected: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] detection-update: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] new: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] - detected: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + detected: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AWS_Cloudfront][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AWS_Cloudfront][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AWS_Cloudfront][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AmazonAWS][Web][Safe] + analyse: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AWS_EC2][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 14.019| 1.263| 3.443| 11853821.379| 2.400] [PKTLEN......: 52.000| 457.000| 120.200| 98.400| 9678.600| 4.600] @@ -102,37 +102,37 @@ [IATS(ms)....: 0.3,0.4,313.5,0.3,0.3,284.3,0.1,0.4,629.4,5.2,43.7,5.3,61.4,0.1,131.6,65.4,7.9,0.2,0.8,31.1,0.4,67.6,2.9,0.5,7.5,105.9,5.7,103.3,9.8,549.4,649.3] [PKTLENS.....: 104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,104,104,88,104,104,872,88,872,88,104,104,88] [ENTROPIES...: 6.1,6.1,6.1,6.0,6.2,6.2,6.2,6.2,6.1,6.0,6.1,6.1,6.1,6.1,6.1,6.7,6.0,6.1,6.2,6.8,6.2,6.2,5.9,6.2,6.2,5.5,5.9,5.6,6.0,6.2,6.1,6.0] - guessed: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + guessed: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343] [AWS_EC2][AWS_EC2][Cloud][Acceptable] RISK: Susp Entropy, Unidirectional Traffic idle: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343] idle: [....20] [ip4][..udp] [.192.168.12.114][55915] -> [..81.61.158.138][51769] [Nintendo][Unknown][Game][Fun] - end: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AmazonAWS][Game][Fun] + end: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AWS_Cloudfront][Game][Fun] RISK: TLS (probably) Not Carrying HTTPS - guessed: [....14] [ip4][..udp] [.192.168.12.114][55915] -> [..52.10.205.177][34343] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + guessed: [....14] [ip4][..udp] [.192.168.12.114][55915] -> [..52.10.205.177][34343] [AWS_EC2][AWS_EC2][Cloud][Acceptable] RISK: Susp Entropy, Unidirectional Traffic idle: [....14] [ip4][..udp] [.192.168.12.114][55915] -> [..52.10.205.177][34343] - idle: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AmazonAWS][Game][Fun] + idle: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AWS_EC2][Game][Fun] idle: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] idle: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - idle: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AmazonAWS][Web][Safe] - guessed: [....10] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33334] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + idle: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AWS_EC2][Web][Safe] + guessed: [....10] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33334] [AWS_EC2][AWS_EC2][Cloud][Acceptable] RISK: Unidirectional Traffic idle: [....10] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33334] - guessed: [....12] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33335] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + guessed: [....12] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33335] [AWS_EC2][AWS_EC2][Cloud][Acceptable] RISK: Unidirectional Traffic idle: [....12] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33335] idle: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114] [ICMP][Unknown][Network][Acceptable] idle: [....18] [ip4][.icmp] [..151.6.184.100] -> [.192.168.12.114] [ICMP][Unknown][Network][Acceptable] idle: [.....1] [ip4][..udp] [.192.168.12.114][52119] -> [....91.8.243.35][49432] [Nintendo][Unknown][Game][Fun] - guessed: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + guessed: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025] [AWS_EC2][AWS_EC2][Cloud][Acceptable] idle: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025] idle: [....19] [ip4][..udp] [.192.168.12.114][55915] -> [.93.237.131.235][56066] [Nintendo][Unknown][Game][Fun] idle: [.....3] [ip4][..udp] [.192.168.12.114][52119] -> [..109.21.255.11][50251] [Nintendo][Unknown][Game][Fun] idle: [.....2] [ip4][..udp] [.192.168.12.114][52119] -> [...134.3.248.25][56955] [Nintendo][Unknown][Game][Fun] - end: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AmazonAWS][Game][Fun] + end: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AWS_Cloudfront][Game][Fun] RISK: TLS (probably) Not Carrying HTTPS idle: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] [Nintendo][Unknown][Game][Fun] - guessed: [.....9] [ip4][..tcp] [.192.168.12.114][11534] -> [..54.146.242.74][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [.....9] [ip4][..tcp] [.192.168.12.114][11534] -> [..54.146.242.74][..443] [TLS][AWS_EC2][Web][Safe] idle: [.....9] [ip4][..tcp] [.192.168.12.114][11534] -> [..54.146.242.74][..443] idle: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][g2df33d01-lp1.p.srv.nintendo.net] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ocs.pcap.out b/test/results/flow-info/default/ocs.pcap.out index 2e525df7b..f1c4216aa 100644 --- a/test/results/flow-info/default/ocs.pcap.out +++ b/test/results/flow-info/default/ocs.pcap.out @@ -22,7 +22,7 @@ new: [....10] [ip4][..tcp] [..192.168.180.2][41223] -> [..216.58.208.46][..443] detected: [....10] [ip4][..tcp] [..192.168.180.2][41223] -> [..216.58.208.46][..443] [TLS][Google][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detected: [.....6] [ip4][..tcp] [..192.168.180.2][39263] -> [..23.21.230.199][..443] [TLS.Crashlytics][AmazonAWS][DataTransfer][Acceptable][settings.crashlytics.com] + detected: [.....6] [ip4][..tcp] [..192.168.180.2][39263] -> [..23.21.230.199][..443] [TLS.Crashlytics][AWS_EC2][DataTransfer][Acceptable][settings.crashlytics.com] RISK: Obsolete TLS (v1.1 or older) new: [....11] [ip4][..udp] [..192.168.180.2][.3621] -> [........8.8.8.8][...53] detected: [....11] [ip4][..udp] [..192.168.180.2][.3621] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][xmpp.device06.eu01.capptain.com] @@ -96,7 +96,7 @@ idle: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable] idle: [....18] [ip4][..tcp] [..192.168.180.2][47803] -> [..64.233.166.95][..443] [TLS][Google][Web][Safe] RISK: Obsolete TLS (v1.1 or older) - end: [.....6] [ip4][..tcp] [..192.168.180.2][39263] -> [..23.21.230.199][..443] [TLS.Crashlytics][AmazonAWS][DataTransfer][Acceptable] + end: [.....6] [ip4][..tcp] [..192.168.180.2][39263] -> [..23.21.230.199][..443] [TLS.Crashlytics][AWS_EC2][DataTransfer][Acceptable] RISK: Obsolete TLS (v1.1 or older) idle: [.....5] [ip4][..tcp] [..192.168.180.2][48250] -> [.178.248.208.54][...80] [HTTP.OCS][OCS][Media][Fun] idle: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable] diff --git a/test/results/flow-info/default/ocsp.pcapng.out b/test/results/flow-info/default/ocsp.pcapng.out index c21666ee9..456b5b030 100644 --- a/test/results/flow-info/default/ocsp.pcapng.out +++ b/test/results/flow-info/default/ocsp.pcapng.out @@ -10,7 +10,7 @@ detected: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Google][Network][Safe][ocsp.pki.goog] end: [.....1] [ip4][..tcp] [..192.168.1.227][49813] -> [.109.70.240.130][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp07.actalis.it] new: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] - detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe][r3.o.lencr.org] + detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Akamai][Network][Safe][r3.o.lencr.org] analyse: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Google][Network][Safe][ocsp.pki.goog] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.243| 7.287| 4.408| 19431782.613| 4.500] @@ -21,7 +21,7 @@ [IATS(ms)....: 3.4,7.0,0.0,7.4,103.0,109.3,10007.8,10013.0,10151.7,10152.0,10240.5,10240.6,10243.1,10242.9,10236.1,10235.9,10239.9,10240.5,10239.9,10239.5,5617.7,5617.9,102.9,109.3,10148.8,10155.0,10236.1,10236.1,10239.8,10239.7,10240.0] [PKTLENS.....: 112,112,104,498,104,806,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,498,104,806,104,104,104,104,104,104,104,104] [ENTROPIES...: 3.9,4.3,4.0,6.2,4.4,7.1,4.5,4.4,4.3,4.3,4.4,4.4,4.3,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,6.2,4.4,7.0,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4] - analyse: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe][r3.o.lencr.org] + analyse: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Akamai][Network][Safe][r3.o.lencr.org] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 10.244| 7.440| 4.399| 19348030.751| 4.500] [PKTLEN......: 104.000| 993.000| 184.200| 228.700| 52281.300| 4.400] @@ -35,7 +35,7 @@ detected: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe][geant.ocsp.sectigo.com] new: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] detected: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.usertrust.com] - end: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe][r3.o.lencr.org] + end: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Akamai][Network][Safe][r3.o.lencr.org] end: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Google][Network][Safe][ocsp.pki.goog] DAEMON-EVENT: [Processed: 157 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] @@ -56,7 +56,7 @@ DAEMON-EVENT: [Processed: 207 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] - detected: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.sca1b.amazontrust.com] + detected: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AWS_Cloudfront][Network][Safe][ocsp.sca1b.amazontrust.com] new: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] detected: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.globalsign.com] end: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Edgecast][Network][Safe][ocsp.digicert.com] @@ -70,7 +70,7 @@ [IATS(ms)....: 3.4,7.4,0.9,8.1,0.6,0.0,9.1,0.0,10126.9,10134.8,10240.4,10240.5,10239.2,10239.6,10239.9,10239.7,10239.9,10239.5,10239.9,10240.2,10239.9,10240.1,10240.6,10240.2,10239.6,10239.4,10239.5,10240.0,10240.0,10240.0,2594.9] [PKTLENS.....: 112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104] [ENTROPIES...: 3.8,4.2,4.1,6.2,4.4,6.9,7.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4] - analyse: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.sca1b.amazontrust.com] + analyse: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AWS_Cloudfront][Network][Safe][ocsp.sca1b.amazontrust.com] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 10.241| 7.462| 4.365| 19049033.499| 4.600] [PKTLEN......: 104.000| 1110.000| 148.300| 185.900| 34567.000| 4.500] @@ -84,12 +84,12 @@ DAEMON-EVENT: [Flows][active: 2 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] detected: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp09.actalis.it] - end: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.sca1b.amazontrust.com] + end: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AWS_Cloudfront][Network][Safe][ocsp.sca1b.amazontrust.com] end: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.globalsign.com] new: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] - detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.entrust.net] + detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Akamai][Network][Safe][ocsp.entrust.net] end: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp09.actalis.it] - analyse: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.entrust.net] + analyse: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Akamai][Network][Safe][ocsp.entrust.net] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.241| 3.776| 4.797| 23012529.144| 3.600] [PKTLEN......: 104.000| 1552.000| 324.200| 431.700| 186386.900| 4.100] @@ -99,5 +99,5 @@ [IATS(ms)....: 12.2,16.6,0.5,17.8,3.4,0.0,21.7,0.0,1169.7,1186.8,9.8,0.0,24.7,0.0,1031.5,1046.7,2.5,0.0,19.0,0.0,10158.4,10174.4,10240.2,10240.5,10240.7,10240.4,10239.9,10239.9,10238.7,10240.1,10241.2] [PKTLENS.....: 112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104] [ENTROPIES...: 3.9,4.2,4.0,6.3,4.3,7.0,7.2,4.4,4.4,6.3,4.3,7.0,7.2,4.3,4.3,6.2,4.4,7.0,7.2,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4] - end: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.entrust.net] + end: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Akamai][Network][Safe][ocsp.entrust.net] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/openvpn.pcap.out b/test/results/flow-info/default/openvpn.pcap.out index 2bac74317..ef7b13946 100644 --- a/test/results/flow-info/default/openvpn.pcap.out +++ b/test/results/flow-info/default/openvpn.pcap.out @@ -76,8 +76,8 @@ DAEMON-EVENT: [Processed: 514 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] - detected: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] - analyse: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + detected: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AWS_EC2][VPN][Acceptable] + analyse: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AWS_EC2][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.241| 0.219| 0.513| 263196.672| 2.800] [PKTLEN......: 46.000| 1228.000| 227.900| 364.900| 133184.400| 3.900] @@ -104,7 +104,7 @@ [IATS(ms)....: 22.2,22.3,1.2,1.5,24.4,24.6,0.4,0.6,0.2,0.1,221.4,221.5,0.8,1.0,0.1,0.1,0.2,0.2,52.3,56.4,4.2,2.7,0.1,2.8,0.1,0.1,0.0,22.2,65.6,62.0,18.8] [PKTLENS.....: 60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40] [ENTROPIES...: 4.4,4.4,4.3,5.8,3.9,5.9,4.4,5.9,4.0,7.4,3.9,7.8,4.3,5.8,7.8,4.3,4.0,5.9,4.0,7.8,5.9,4.0,7.8,7.9,4.0,7.8,4.0,3.9,5.7,4.2,7.6,4.3] - idle: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + idle: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AWS_EC2][VPN][Acceptable] DAEMON-EVENT: [Processed: 660 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....9] [ip4][..udp] [.192.168.12.156][41133] -> [.107.161.86.131][..443] diff --git a/test/results/flow-info/default/openvpn_nohmac.pcapng.out b/test/results/flow-info/default/openvpn_nohmac.pcapng.out index 4cb59b6ef..264834011 100644 --- a/test/results/flow-info/default/openvpn_nohmac.pcapng.out +++ b/test/results/flow-info/default/openvpn_nohmac.pcapng.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] - detected: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] - analyse: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + detected: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AWS_EC2][VPN][Acceptable] + analyse: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AWS_EC2][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.241| 0.219| 0.513| 263196.672| 2.800] [PKTLEN......: 46.000| 1228.000| 227.900| 364.900| 133184.400| 3.900] @@ -13,6 +13,6 @@ [IATS(ms)....: 216.1,332.2,5.8,3.4,337.9,58.0,0.1,0.1,0.1,307.1,10.0,20.5,1960.2,1.5,0.6,2241.1,1.7,0.7,299.0,1.5,2.3,0.2,300.0,2.0,1.3,0.7,338.5,1.2,1.5,0.3,340.9] [PKTLENS.....: 46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50] [ENTROPIES...: 4.7,4.8,5.0,5.3,4.5,5.1,7.4,6.7,7.7,7.6,5.0,5.1,5.1,5.4,5.5,5.6,5.1,5.1,5.1,5.7,5.7,5.9,5.8,5.1,5.2,5.1,5.1,6.5,6.6,5.9,6.1,5.1] - update: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] - idle: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + update: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AWS_EC2][VPN][Acceptable] + idle: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AWS_EC2][VPN][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/paltalk.pcapng.out b/test/results/flow-info/default/paltalk.pcapng.out index 29b5c5340..32cc172cf 100644 --- a/test/results/flow-info/default/paltalk.pcapng.out +++ b/test/results/flow-info/default/paltalk.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.88.208][51807] -> [...3.162.112.93][..443] - detected: [.....1] [ip4][..tcp] [.192.168.88.208][51807] -> [...3.162.112.93][..443] [TLS.Paltalk][AmazonAWS][Chat][Acceptable][paltalk.com] + detected: [.....1] [ip4][..tcp] [.192.168.88.208][51807] -> [...3.162.112.93][..443] [TLS.Paltalk][AWS_Cloudfront][Chat][Acceptable][paltalk.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [.192.168.88.208][51807] -> [...3.162.112.93][..443] [TLS.Paltalk][AmazonAWS][Chat][Acceptable][paltalk.com] + detection-update: [.....1] [ip4][..tcp] [.192.168.88.208][51807] -> [...3.162.112.93][..443] [TLS.Paltalk][AWS_Cloudfront][Chat][Acceptable][paltalk.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....2] [ip4][..tcp] [.158.69.169.104][.6845] -> [.192.168.88.208][51887] detected: [.....2] [ip4][..tcp] [.158.69.169.104][.6845] -> [.192.168.88.208][51887] [Paltalk][Unknown][Chat][Acceptable] @@ -13,10 +13,10 @@ new: [.....3] [ip4][..tcp] [.192.168.88.208][50728] -> [...84.17.44.229][.7970] detected: [.....3] [ip4][..tcp] [.192.168.88.208][50728] -> [...84.17.44.229][.7970] [Paltalk][Unknown][Chat][Acceptable] new: [.....4] [ip4][..tcp] [.192.168.88.208][51825] -> [.44.194.181.195][...80] - detected: [.....4] [ip4][..tcp] [.192.168.88.208][51825] -> [.44.194.181.195][...80] [HTTP.Paltalk][AmazonAWS][Chat][Acceptable][qos.paltalkconnect.com] - idle: [.....1] [ip4][..tcp] [.192.168.88.208][51807] -> [...3.162.112.93][..443] [TLS.Paltalk][AmazonAWS][Chat][Acceptable] + detected: [.....4] [ip4][..tcp] [.192.168.88.208][51825] -> [.44.194.181.195][...80] [HTTP.Paltalk][AWS_EC2][Chat][Acceptable][qos.paltalkconnect.com] + idle: [.....1] [ip4][..tcp] [.192.168.88.208][51807] -> [...3.162.112.93][..443] [TLS.Paltalk][AWS_Cloudfront][Chat][Acceptable] RISK: TLS (probably) Not Carrying HTTPS idle: [.....3] [ip4][..tcp] [.192.168.88.208][50728] -> [...84.17.44.229][.7970] [Paltalk][Unknown][Chat][Acceptable] - idle: [.....4] [ip4][..tcp] [.192.168.88.208][51825] -> [.44.194.181.195][...80] [HTTP.Paltalk][AmazonAWS][Chat][Acceptable] + idle: [.....4] [ip4][..tcp] [.192.168.88.208][51825] -> [.44.194.181.195][...80] [HTTP.Paltalk][AWS_EC2][Chat][Acceptable] idle: [.....2] [ip4][..tcp] [.158.69.169.104][.6845] -> [.192.168.88.208][51887] [Paltalk][Unknown][Chat][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/pluralsight.pcap.out b/test/results/flow-info/default/pluralsight.pcap.out index 71f95d928..be3d867ff 100644 --- a/test/results/flow-info/default/pluralsight.pcap.out +++ b/test/results/flow-info/default/pluralsight.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][pluralsight.com] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][pluralsight.com] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][pluralsight.com] + detected: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][pluralsight.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][pluralsight.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][pluralsight.com] new: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] new: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] detected: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun][pluralsight2.imgix.net] @@ -14,17 +14,17 @@ detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun][pluralsight.imgix.net] detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun][pluralsight.imgix.net] new: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] - detected: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][stt.pluralsight.com] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][stt.pluralsight.com] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][stt.pluralsight.com] + detected: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][stt.pluralsight.com] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][stt.pluralsight.com] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][stt.pluralsight.com] new: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] detected: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][www.pluralsight.com] detection-update: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][www.pluralsight.com] new: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] detected: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com] detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com] - idle: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun] - idle: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun] + idle: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun] + idle: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun] idle: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun] idle: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun] idle: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun] diff --git a/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 7d2dbcd74..473a04268 100644 --- a/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -5,55 +5,74 @@ detected: [.....1] [ip4][..udp] [.133.205.75.230][56528] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] new: [.....2] [ip4][..udp] [..147.196.90.42][61647] -> [..177.86.46.206][..443] detected: [.....2] [ip4][..udp] [..147.196.90.42][61647] -> [..177.86.46.206][..443] [QUIC.Google][Unknown][Web][Acceptable][sb-ssl.google.com] + RISK: Mismatching Protocol with server IP address idle: [.....1] [ip4][..udp] [.133.205.75.230][56528] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] detected: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address new: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] detected: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address new: [.....5] [ip4][..udp] [...168.144.64.5][55844] -> [..112.1.105.138][..443] detected: [.....5] [ip4][..udp] [...168.144.64.5][55844] -> [..112.1.105.138][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] new: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] detected: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][www.googleadservices.com] + RISK: Mismatching Protocol with server IP address idle: [.....2] [ip4][..udp] [..147.196.90.42][61647] -> [..177.86.46.206][..443] [QUIC.Google][Unknown][Web][Acceptable][sb-ssl.google.com] + RISK: Mismatching Protocol with server IP address new: [.....7] [ip4][..udp] [...168.144.64.5][51053] -> [241.138.147.133][..443] detected: [.....7] [ip4][..udp] [...168.144.64.5][51053] -> [241.138.147.133][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] update: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address update: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][www.googleadservices.com] + RISK: Mismatching Protocol with server IP address update: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address update: [.....5] [ip4][..udp] [...168.144.64.5][55844] -> [..112.1.105.138][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] DAEMON-EVENT: [Processed: 17 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 5 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 4] new: [.....8] [ip4][..udp] [..10.117.78.100][44252] -> [.251.236.18.198][..443] detected: [.....8] [ip4][..udp] [..10.117.78.100][44252] -> [.251.236.18.198][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address idle: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address idle: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][www.googleadservices.com] + RISK: Mismatching Protocol with server IP address idle: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address idle: [.....7] [ip4][..udp] [...168.144.64.5][51053] -> [241.138.147.133][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] idle: [.....5] [ip4][..udp] [...168.144.64.5][55844] -> [..112.1.105.138][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] new: [.....9] [ip4][..udp] [..10.117.78.100][55273] -> [202.152.155.121][..443] detected: [.....9] [ip4][..udp] [..10.117.78.100][55273] -> [202.152.155.121][..443] [QUIC.Google][Unknown][Web][Acceptable][clients4.google.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 19 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 4] new: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] detected: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] new: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] detected: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address new: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] detected: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Unknown][Media][Fun][yt3.ggpht.com] new: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] detected: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address new: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] detected: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] idle: [.....8] [ip4][..udp] [..10.117.78.100][44252] -> [.251.236.18.198][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address idle: [.....9] [ip4][..udp] [..10.117.78.100][55273] -> [202.152.155.121][..443] [QUIC.Google][Unknown][Web][Acceptable][clients4.google.com] + RISK: Mismatching Protocol with server IP address new: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] detected: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] update: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Unknown][Media][Fun][yt3.ggpht.com] update: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] update: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address update: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] new: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] detected: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] @@ -61,54 +80,73 @@ detected: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] new: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] detected: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] detected: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address update: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] update: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] update: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Unknown][Media][Fun][yt3.ggpht.com] update: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] update: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address update: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] new: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] detected: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] detected: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] [QUIC.YouTube][Unknown][Media][Fun][www.youtube.com] idle: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address idle: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] update: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] update: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] update: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Unknown][Media][Fun][yt3.ggpht.com] update: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] update: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address new: [....22] [ip4][..udp] [...168.144.64.5][49153] -> [...153.98.28.78][..443] detected: [....22] [ip4][..udp] [...168.144.64.5][49153] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] idle: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address idle: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Unknown][Media][Fun][yt3.ggpht.com] idle: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] update: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....23] [ip4][..udp] [...168.144.64.5][51296] -> [...128.248.24.1][..443] detected: [....23] [ip4][..udp] [...168.144.64.5][51296] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][update.googleapis.com] idle: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] idle: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....22] [ip4][..udp] [...168.144.64.5][49153] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] [QUIC.YouTube][Unknown][Media][Fun][www.youtube.com] update: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address update: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] detected: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] [QUIC.YouTube][Unknown][Media][Fun][r11---sn-vh5ouxa-hjuk.googlevideo.com] idle: [....22] [ip4][..udp] [...168.144.64.5][49153] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] idle: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] [QUIC.YouTube][Unknown][Media][Fun][www.youtube.com] idle: [....23] [ip4][..udp] [...168.144.64.5][51296] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address idle: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] detected: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Unknown][Media][Fun][r4---sn-vh5ouxa-hjud.googlevideo.com] new: [....26] [ip4][..udp] [...168.144.64.5][52273] -> [244.214.160.219][..443] @@ -148,6 +186,7 @@ detected: [....33] [ip4][..udp] [...168.144.64.5][55637] -> [.169.81.163.225][..443] [QUIC.YouTube][Unknown][Media][Fun][r3---sn-hju7enel.googlevideo.com] new: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] detected: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address idle: [....31] [ip4][..udp] [...168.144.64.5][50540] -> [...99.45.60.254][..443] [QUIC.YouTube][Unknown][Media][Fun][i.ytimg.com] idle: [....30] [ip4][..udp] [...168.144.64.5][61209] -> [..35.194.157.47][..443] [QUIC.Google][GoogleCloud][Advertisement][Tracker_Ads][www.googleadservices.com] idle: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] [QUIC.YouTube][Unknown][Media][Fun][r1---sn-hju7enel.googlevideo.com] @@ -158,9 +197,12 @@ idle: [....33] [ip4][..udp] [...168.144.64.5][55637] -> [.169.81.163.225][..443] [QUIC.YouTube][Unknown][Media][Fun][r3---sn-hju7enel.googlevideo.com] idle: [....32] [ip4][..udp] [...168.144.64.5][60809] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] update: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address new: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] detected: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address idle: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address update: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] [QUIC.YouTube][Unknown][Media][Fun][r3---sn-vh5ouxa-hjud.googlevideo.com] new: [....37] [ip4][..udp] [.192.168.254.11][38331] -> [.93.100.151.221][..443] detected: [....37] [ip4][..udp] [.192.168.254.11][38331] -> [.93.100.151.221][..443] [QUIC.DataSaver][Unknown][Web][Acceptable][litepages.googlezip.net] @@ -172,6 +214,7 @@ detected: [....40] [ip4][..udp] [.192.168.254.11][54692] -> [.171.182.169.23][..443] [QUIC][Unknown][Web][Acceptable][www.freearabianporn.com] update: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] [QUIC.YouTube][Unknown][Media][Fun][r3---sn-vh5ouxa-hjud.googlevideo.com] update: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address new: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] detected: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] [QUIC][Unknown][Web][Acceptable][s-img.adskeeper.co.uk] idle: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] [QUIC.YouTube][Unknown][Media][Fun][r3---sn-vh5ouxa-hjud.googlevideo.com] @@ -180,11 +223,15 @@ update: [....40] [ip4][..udp] [.192.168.254.11][54692] -> [.171.182.169.23][..443] [QUIC][Unknown][Web][Acceptable][www.freearabianporn.com] update: [....39] [ip4][..udp] [.192.168.254.11][43427] -> [..98.251.203.81][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][optimizationguide-pa.googleapis.com] update: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address new: [....42] [ip4][..udp] [.192.168.254.11][51075] -> [.117.148.117.30][..443] detected: [....42] [ip4][..udp] [.192.168.254.11][51075] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address new: [....43] [ip4][..udp] [.192.168.254.11][49689] -> [.87.179.155.149][..443] detected: [....43] [ip4][..udp] [.192.168.254.11][49689] -> [.87.179.155.149][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address idle: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] [QUIC.Google][Unknown][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address update: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] [QUIC][Unknown][Web][Acceptable][s-img.adskeeper.co.uk] update: [....38] [ip4][..udp] [.192.168.254.11][45652] -> [.170.196.90.126][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] update: [....37] [ip4][..udp] [.192.168.254.11][38331] -> [.93.100.151.221][..443] [QUIC.DataSaver][Unknown][Web][Acceptable][litepages.googlezip.net] @@ -205,85 +252,114 @@ idle: [....44] [ip4][..udp] [...168.144.64.5][62818] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] idle: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] [QUIC][Unknown][Web][Acceptable][s-img.adskeeper.co.uk] idle: [....42] [ip4][..udp] [.192.168.254.11][51075] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address idle: [....43] [ip4][..udp] [.192.168.254.11][49689] -> [.87.179.155.149][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address update: [....45] [ip4][..udp] [...168.144.64.5][56425] -> [..125.136.204.4][..443] [QUIC.YouTube][Unknown][Media][Fun][r1---sn-vh5ouxa-hjuk.googlevideo.com] new: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] detected: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....45] [ip4][..udp] [...168.144.64.5][56425] -> [..125.136.204.4][..443] [QUIC.YouTube][Unknown][Media][Fun][r1---sn-vh5ouxa-hjuk.googlevideo.com] new: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] detected: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address new: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] detected: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address new: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] detected: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Unknown][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] new: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] detected: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address update: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address new: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] detected: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Unknown][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] idle: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] idle: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address update: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Unknown][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] update: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address new: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] detected: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] update: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Unknown][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] update: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address update: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Unknown][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] new: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] detected: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] [QUIC.YouTube][Unknown][Media][Fun][r1---sn-vh5ouxa-hju6.googlevideo.com] idle: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] new: [....55] [ip4][..udp] [...168.144.64.5][64693] -> [113.250.137.243][..443] detected: [....55] [ip4][..udp] [...168.144.64.5][64693] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address idle: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Unknown][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] idle: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address update: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] [QUIC.YouTube][Unknown][Media][Fun][r1---sn-vh5ouxa-hju6.googlevideo.com] update: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] update: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Unknown][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] new: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] detected: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address idle: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] [QUIC.YouTube][Unknown][Media][Fun][r1---sn-vh5ouxa-hju6.googlevideo.com] idle: [....55] [ip4][..udp] [...168.144.64.5][64693] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address idle: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] idle: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Unknown][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] new: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] detected: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Unknown][Media][Fun][r2---sn-vh5ouxa-hjuk.googlevideo.com] new: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] detected: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 70 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 58|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 75] new: [....59] [ip4][..udp] [...168.144.64.5][49860] -> [113.250.137.243][..443] detected: [....59] [ip4][..udp] [...168.144.64.5][49860] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address update: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address update: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Unknown][Media][Fun][r2---sn-vh5ouxa-hjuk.googlevideo.com] new: [....60] [ip4][..udp] [...168.144.64.5][60949] -> [185.186.183.185][..443] detected: [....60] [ip4][..udp] [...168.144.64.5][60949] -> [185.186.183.185][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] update: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address update: [....59] [ip4][..udp] [...168.144.64.5][49860] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address update: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Unknown][Media][Fun][r2---sn-vh5ouxa-hjuk.googlevideo.com] new: [....61] [ip4][..udp] [...168.144.64.5][57735] -> [..137.238.249.2][..443] detected: [....61] [ip4][..udp] [...168.144.64.5][57735] -> [..137.238.249.2][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][ade.googlesyndication.com] + RISK: Mismatching Protocol with server IP address idle: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address idle: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address idle: [....60] [ip4][..udp] [...168.144.64.5][60949] -> [185.186.183.185][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] idle: [....59] [ip4][..udp] [...168.144.64.5][49860] -> [113.250.137.243][..443] [QUIC.Google][Unknown][Cloud][Acceptable][b1.nel.goog] + RISK: Mismatching Protocol with server IP address idle: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Unknown][Media][Fun][r2---sn-vh5ouxa-hjuk.googlevideo.com] DAEMON-EVENT: [Processed: 73 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 61|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 82] new: [....62] [ip4][..udp] [..52.187.20.175][50588] -> [.208.229.157.81][..443] detected: [....62] [ip4][..udp] [..52.187.20.175][50588] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][update.googleapis.com] idle: [....61] [ip4][..udp] [...168.144.64.5][57735] -> [..137.238.249.2][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][ade.googlesyndication.com] + RISK: Mismatching Protocol with server IP address new: [....63] [ip4][..udp] [..52.187.20.175][61089] -> [..99.42.133.245][..443] detected: [....63] [ip4][..udp] [..52.187.20.175][61089] -> [..99.42.133.245][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][clientservices.googleapis.com] update: [....62] [ip4][..udp] [..52.187.20.175][50588] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][update.googleapis.com] @@ -305,20 +381,26 @@ DAEMON-EVENT: [Flows][active: 1 / 66|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 83] new: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] detected: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] [QUIC.Google][Tencent][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address new: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] detected: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] [QUIC.Google][Azure][Web][Acceptable][clients2.googleusercontent.com] + RISK: Mismatching Protocol with server IP address idle: [....66] [ip4][..udp] [159.117.176.124][49867] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] new: [....69] [ip4][..udp] [..52.187.20.175][57066] -> [108.171.138.182][..443] detected: [....69] [ip4][..udp] [..52.187.20.175][57066] -> [108.171.138.182][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][clientservices.googleapis.com] update: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] [QUIC.Google][Azure][Web][Acceptable][clients2.googleusercontent.com] + RISK: Mismatching Protocol with server IP address update: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] [QUIC.Google][Tencent][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 102 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 69|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 85] new: [....70] [ip4][..udp] [..52.187.20.175][52512] -> [..196.245.61.64][..443] detected: [....70] [ip4][..udp] [..52.187.20.175][52512] -> [..196.245.61.64][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][safebrowsing.googleapis.com] idle: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] [QUIC.Google][Azure][Web][Acceptable][clients2.googleusercontent.com] + RISK: Mismatching Protocol with server IP address idle: [....69] [ip4][..udp] [..52.187.20.175][57066] -> [108.171.138.182][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][clientservices.googleapis.com] idle: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] [QUIC.Google][Tencent][Web][Acceptable][accounts.google.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 106 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 70|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 85] new: [....71] [ip4][..udp] [..52.187.20.175][51619] -> [.208.229.157.81][..443] @@ -330,93 +412,147 @@ detected: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] new: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] detected: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address new: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] detected: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][adservice.google.com] + RISK: Mismatching Protocol with server IP address new: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] detected: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address new: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] detected: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address new: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] detected: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address idle: [....71] [ip4][..udp] [..52.187.20.175][51619] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][clientservices.googleapis.com] new: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] detected: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] update: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address update: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][adservice.google.com] + RISK: Mismatching Protocol with server IP address update: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] update: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address new: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] detected: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....80] [ip4][..udp] [...168.144.64.5][59785] -> [...128.248.24.1][..443] detected: [....80] [ip4][..udp] [...168.144.64.5][59785] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....81] [ip4][..udp] [...168.144.64.5][59327] -> [...153.98.28.78][..443] detected: [....81] [ip4][..udp] [...168.144.64.5][59327] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] new: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] detected: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons2.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address update: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][adservice.google.com] + RISK: Mismatching Protocol with server IP address update: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] update: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address update: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] update: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....83] [ip4][..udp] [...168.144.64.5][49926] -> [.103.179.40.184][..443] detected: [....83] [ip4][..udp] [...168.144.64.5][49926] -> [.103.179.40.184][..443] [QUIC.YouTube][Unknown][Media][Fun][r5---sn-vh5ouxa-hju6.googlevideo.com] new: [....84] [ip4][..udp] [...168.144.64.5][56384] -> [.117.148.117.30][..443] detected: [....84] [ip4][..udp] [...168.144.64.5][56384] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address new: [....85] [ip4][..udp] [...168.144.64.5][57398] -> [..137.238.249.2][..443] detected: [....85] [ip4][..udp] [...168.144.64.5][57398] -> [..137.238.249.2][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][www.googleadservices.com] + RISK: Mismatching Protocol with server IP address update: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address update: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][adservice.google.com] + RISK: Mismatching Protocol with server IP address update: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address update: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] update: [....81] [ip4][..udp] [...168.144.64.5][59327] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address update: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] update: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons2.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....80] [ip4][..udp] [...168.144.64.5][59785] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] detected: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address idle: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address idle: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][adservice.google.com] + RISK: Mismatching Protocol with server IP address idle: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][static.doubleclick.net] + RISK: Mismatching Protocol with server IP address idle: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] idle: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][fonts.gstatic.com] + RISK: Mismatching Protocol with server IP address new: [....87] [ip4][..udp] [...168.144.64.5][55572] -> [.117.148.117.30][..443] detected: [....87] [ip4][..udp] [...168.144.64.5][55572] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address new: [....88] [ip4][..udp] [...168.144.64.5][58956] -> [...128.248.24.1][..443] detected: [....88] [ip4][..udp] [...168.144.64.5][58956] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address new: [....89] [ip4][..udp] [...168.144.64.5][54449] -> [102.194.207.179][..443] detected: [....89] [ip4][..udp] [...168.144.64.5][54449] -> [102.194.207.179][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons3.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][clientservices.googleapis.com] idle: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....84] [ip4][..udp] [...168.144.64.5][56384] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address update: [....83] [ip4][..udp] [...168.144.64.5][49926] -> [.103.179.40.184][..443] [QUIC.YouTube][Unknown][Media][Fun][r5---sn-vh5ouxa-hju6.googlevideo.com] update: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....81] [ip4][..udp] [...168.144.64.5][59327] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] update: [....85] [ip4][..udp] [...168.144.64.5][57398] -> [..137.238.249.2][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][www.googleadservices.com] + RISK: Mismatching Protocol with server IP address update: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons2.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....88] [ip4][..udp] [...168.144.64.5][58956] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....80] [ip4][..udp] [...168.144.64.5][59785] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address update: [....87] [ip4][..udp] [...168.144.64.5][55572] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address new: [....90] [ip4][..udp] [...168.144.64.5][60342] -> [.93.100.151.221][..443] detected: [....90] [ip4][..udp] [...168.144.64.5][60342] -> [.93.100.151.221][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] idle: [....84] [ip4][..udp] [...168.144.64.5][56384] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] + RISK: Mismatching Protocol with server IP address idle: [....83] [ip4][..udp] [...168.144.64.5][49926] -> [.103.179.40.184][..443] [QUIC.YouTube][Unknown][Media][Fun][r5---sn-vh5ouxa-hju6.googlevideo.com] idle: [....89] [ip4][..udp] [...168.144.64.5][54449] -> [102.194.207.179][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons3.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....81] [ip4][..udp] [...168.144.64.5][59327] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] idle: [....85] [ip4][..udp] [...168.144.64.5][57398] -> [..137.238.249.2][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][www.googleadservices.com] + RISK: Mismatching Protocol with server IP address idle: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons2.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....88] [ip4][..udp] [...168.144.64.5][58956] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....80] [ip4][..udp] [...168.144.64.5][59785] -> [...128.248.24.1][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons.gcp.gvt2.com] + RISK: Mismatching Protocol with server IP address idle: [....87] [ip4][..udp] [...168.144.64.5][55572] -> [.117.148.117.30][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 129 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 90|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 119] new: [....91] [ip4][..udp] [...168.144.64.5][65186] -> [...9.65.169.252][..443] @@ -424,10 +560,12 @@ idle: [....90] [ip4][..udp] [...168.144.64.5][60342] -> [.93.100.151.221][..443] [QUIC.YouTube][Unknown][Media][Fun][suggestqueries-clients6.youtube.com] new: [....92] [ip4][..udp] [...168.144.64.5][52942] -> [.93.100.151.221][..443] detected: [....92] [ip4][..udp] [...168.144.64.5][52942] -> [.93.100.151.221][..443] [QUIC.Google][Unknown][Web][Acceptable][clients2.google.com] + RISK: Mismatching Protocol with server IP address idle: [....91] [ip4][..udp] [...168.144.64.5][65186] -> [...9.65.169.252][..443] [QUIC.YouTube][Unknown][Media][Fun][www.youtube.com] new: [....93] [ip4][..udp] [..52.187.20.175][62114] -> [...198.74.29.79][..443] detected: [....93] [ip4][..udp] [..52.187.20.175][62114] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][safebrowsing.googleapis.com] idle: [....92] [ip4][..udp] [...168.144.64.5][52942] -> [.93.100.151.221][..443] [QUIC.Google][Unknown][Web][Acceptable][clients2.google.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 135 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 93|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 119] new: [....94] [ip4][..udp] [...168.144.64.5][55561] -> [..35.194.157.47][..443] @@ -461,23 +599,30 @@ update: [....99] [ip4][..udp] [..52.187.20.175][53260] -> [102.194.207.179][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][clientservices.googleapis.com] new: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] detected: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address idle: [...100] [ip4][..udp] [...168.144.64.5][50023] -> [..76.231.104.92][..443] [QUIC.YouTube][Unknown][Media][Fun][www.youtube.com] idle: [....99] [ip4][..udp] [..52.187.20.175][53260] -> [102.194.207.179][..443] [QUIC.GoogleServices][Azure][Web][Acceptable][clientservices.googleapis.com] new: [...102] [ip4][..udp] [159.117.176.124][64134] -> [..207.121.63.92][..443] detected: [...102] [ip4][..udp] [159.117.176.124][64134] -> [..207.121.63.92][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address new: [...103] [ip4][..udp] [..52.187.20.175][61484] -> [202.152.155.121][..443] detected: [...103] [ip4][..udp] [..52.187.20.175][61484] -> [202.152.155.121][..443] [QUIC.Google][Azure][Web][Acceptable][ogs.google.com] + RISK: Mismatching Protocol with server IP address update: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address new: [...104] [ip4][..udp] [159.117.176.124][51856] -> [.16.205.123.234][..443] detected: [...104] [ip4][..udp] [159.117.176.124][51856] -> [.16.205.123.234][..443] [QUIC.WhatsAppFiles][Unknown][Download][Acceptable][media.fmct2-1.fna.whatsapp.net] idle: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][googleads.g.doubleclick.net] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 164 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 104|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 123] new: [...105] [ip4][..udp] [...168.144.64.5][54120] -> [...153.98.28.78][..443] detected: [...105] [ip4][..udp] [...168.144.64.5][54120] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] idle: [...104] [ip4][..udp] [159.117.176.124][51856] -> [.16.205.123.234][..443] [QUIC.WhatsAppFiles][Unknown][Download][Acceptable][media.fmct2-1.fna.whatsapp.net] idle: [...103] [ip4][..udp] [..52.187.20.175][61484] -> [202.152.155.121][..443] [QUIC.Google][Azure][Web][Acceptable][ogs.google.com] + RISK: Mismatching Protocol with server IP address idle: [...102] [ip4][..udp] [159.117.176.124][64134] -> [..207.121.63.92][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 165 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 105|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 123] new: [...106] [ip4][..udp] [...168.144.64.5][52396] -> [...153.98.28.78][..443] @@ -489,24 +634,34 @@ detected: [...107] [ip4][..udp] [...168.144.64.5][50224] -> [....126.3.93.89][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][www.googleapis.com] new: [...108] [ip4][..udp] [...168.144.64.5][62719] -> [..31.219.210.96][..443] detected: [...108] [ip4][..udp] [...168.144.64.5][62719] -> [..31.219.210.96][..443] [QUIC.Google][Unknown][Web][Acceptable][lh4.googleusercontent.com] + RISK: Mismatching Protocol with server IP address idle: [...106] [ip4][..udp] [...168.144.64.5][52396] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.google] new: [...109] [ip4][..udp] [...168.144.64.5][58351] -> [.193.68.169.100][..443] detected: [...109] [ip4][..udp] [...168.144.64.5][58351] -> [.193.68.169.100][..443] [QUIC.Google][Unknown][Web][Acceptable][www.gstatic.com] + RISK: Mismatching Protocol with server IP address new: [...110] [ip4][..udp] [...168.144.64.5][57319] -> [....7.71.118.27][..443] detected: [...110] [ip4][..udp] [...168.144.64.5][57319] -> [....7.71.118.27][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] new: [...111] [ip4][..udp] [...168.144.64.5][60919] -> [.53.101.228.200][..443] detected: [...111] [ip4][..udp] [...168.144.64.5][60919] -> [.53.101.228.200][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][adservice.google.com] + RISK: Mismatching Protocol with server IP address new: [...112] [ip4][..udp] [...168.144.64.5][50423] -> [.144.237.113.58][..443] detected: [...112] [ip4][..udp] [...168.144.64.5][50423] -> [.144.237.113.58][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address idle: [...110] [ip4][..udp] [...168.144.64.5][57319] -> [....7.71.118.27][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][android.clients.google.com] idle: [...109] [ip4][..udp] [...168.144.64.5][58351] -> [.193.68.169.100][..443] [QUIC.Google][Unknown][Web][Acceptable][www.gstatic.com] + RISK: Mismatching Protocol with server IP address idle: [...107] [ip4][..udp] [...168.144.64.5][50224] -> [....126.3.93.89][..443] [QUIC.GoogleServices][Unknown][Web][Acceptable][www.googleapis.com] idle: [...108] [ip4][..udp] [...168.144.64.5][62719] -> [..31.219.210.96][..443] [QUIC.Google][Unknown][Web][Acceptable][lh4.googleusercontent.com] + RISK: Mismatching Protocol with server IP address idle: [...111] [ip4][..udp] [...168.144.64.5][60919] -> [.53.101.228.200][..443] [QUIC.Google][Unknown][Advertisement][Tracker_Ads][adservice.google.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: [Processed: 178 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 112|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 123] new: [...113] [ip4][..udp] [...168.144.64.5][59206] -> [..76.231.104.92][..443] detected: [...113] [ip4][..udp] [...168.144.64.5][59206] -> [..76.231.104.92][..443] [QUIC.Google][Unknown][Web][Acceptable][ogs.google.com] + RISK: Mismatching Protocol with server IP address idle: [...112] [ip4][..udp] [...168.144.64.5][50423] -> [.144.237.113.58][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address idle: [...113] [ip4][..udp] [...168.144.64.5][59206] -> [..76.231.104.92][..443] [QUIC.Google][Unknown][Web][Acceptable][ogs.google.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic_interop_V.pcapng.out b/test/results/flow-info/default/quic_interop_V.pcapng.out index 73b6be48d..81280ee89 100644 --- a/test/results/flow-info/default/quic_interop_V.pcapng.out +++ b/test/results/flow-info/default/quic_interop_V.pcapng.out @@ -6,11 +6,11 @@ new: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] detected: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] [QUIC][Unknown][Web][Acceptable] new: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] - detected: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][AmazonAWS][Web][Acceptable] + detected: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][AWS_EC2][Web][Acceptable] new: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] detected: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] [QUIC][Unknown][Web][Acceptable] new: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] - detected: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] [QUIC][AmazonAWS][Web][Acceptable] + detected: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] [QUIC][AWS_EC2][Web][Acceptable] new: [.....6] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][48707] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][..443] detected: [.....6] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][48707] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][..443] [QUIC][Unknown][Web][Acceptable] new: [.....7] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60346] -> [..................2001:bc8:47a4:1c25::1][..443] @@ -24,13 +24,13 @@ detected: [....10] [ip4][..udp] [..192.168.1.128][38366] -> [.202.238.220.92][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] - detected: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] [ICMP][AmazonAWS][Network][Acceptable] + detected: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy new: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] detected: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] - detected: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....14] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51185] -> [..................2001:bc8:47a4:1c25::1][.4433] detected: [....14] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51185] -> [..................2001:bc8:47a4:1c25::1][.4433] [QUIC][Unknown][Web][Acceptable] @@ -40,13 +40,13 @@ new: [....16] [ip4][..udp] [..192.168.1.128][51887] -> [..51.158.105.98][..443] detected: [....16] [ip4][..udp] [..192.168.1.128][51887] -> [..51.158.105.98][..443] [QUIC][Unknown][Web][Acceptable] new: [....17] [ip4][..udp] [..192.168.1.128][43475] -> [..18.189.84.245][.4433] - detected: [....17] [ip4][..udp] [..192.168.1.128][43475] -> [..18.189.84.245][.4433] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....17] [ip4][..udp] [..192.168.1.128][43475] -> [..18.189.84.245][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....18] [ip4][..udp] [..192.168.1.128][49151] -> [133.242.206.244][.4433] detected: [....18] [ip4][..udp] [..192.168.1.128][49151] -> [133.242.206.244][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] - detected: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] detected: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] [QUIC][Unknown][Web][Acceptable] @@ -60,7 +60,7 @@ detected: [....23] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56213] -> [.........2400:8902::f03c:91ff:fe69:a454][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] - detected: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] detected: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] [QUIC][Unknown][Web][Acceptable] @@ -103,7 +103,7 @@ detected: [....39] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49270] -> [..................2001:bc8:47a4:1c25::1][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....40] [ip4][..udp] [..192.168.1.128][34903] -> [..18.189.84.245][..443] - detected: [....40] [ip4][..udp] [..192.168.1.128][34903] -> [..18.189.84.245][..443] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....40] [ip4][..udp] [..192.168.1.128][34903] -> [..18.189.84.245][..443] [QUIC][AWS_EC2][Web][Acceptable] new: [....41] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][45852] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4433] detected: [....41] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][45852] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port @@ -124,7 +124,7 @@ detected: [....46] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49788] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] - detected: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AWS_EC2][Web][Acceptable] new: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] detected: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port @@ -134,7 +134,7 @@ detected: [....49] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44243] -> [......................2001:19f0:4:34::1][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] - detected: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port detection-update: [....10] [ip4][..udp] [..192.168.1.128][38366] -> [.202.238.220.92][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic @@ -148,10 +148,10 @@ new: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] detected: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] [QUIC][DigitalOcean][Web][Acceptable] RISK: Known Proto on Non Std Port - detection-update: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AmazonAWS][Web][Acceptable] + detection-update: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....54] [ip4][..udp] [..192.168.1.128][54570] -> [..18.189.84.245][.4434] - detected: [....54] [ip4][..udp] [..192.168.1.128][54570] -> [..18.189.84.245][.4434] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....54] [ip4][..udp] [..192.168.1.128][54570] -> [..18.189.84.245][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....55] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44924] -> [.........2400:8902::f03c:91ff:fe69:a454][.4434] detected: [....55] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44924] -> [.........2400:8902::f03c:91ff:fe69:a454][.4434] [QUIC][Unknown][Web][Acceptable] @@ -190,7 +190,7 @@ detection-update: [....26] [ip4][..udp] [..192.168.1.128][37784] -> [..140.227.52.92][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic new: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] - detected: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port detection-update: [....28] [ip4][..udp] [..192.168.1.128][49658] -> [..193.190.10.98][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic @@ -214,7 +214,7 @@ detection-update: [....31] [ip4][..udp] [..192.168.1.128][38933] -> [.202.238.220.92][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic new: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] - detected: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][AmazonAWS][Web][Acceptable] + detected: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port detection-update: [....36] [ip4][..udp] [..192.168.1.128][42456] -> [133.242.206.244][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic @@ -230,11 +230,11 @@ detection-update: [....45] [ip4][..udp] [..192.168.1.128][59515] -> [..193.190.10.98][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....72] [ip4][.icmp] [..18.189.84.245] -> [..192.168.1.128] - detected: [....72] [ip4][.icmp] [..18.189.84.245] -> [..192.168.1.128] [ICMP][AmazonAWS][Network][Acceptable] + detected: [....72] [ip4][.icmp] [..18.189.84.245] -> [..192.168.1.128] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy detection-update: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AmazonAWS][Web][Acceptable] + detection-update: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AWS_EC2][Web][Acceptable] RISK: Unidirectional Traffic new: [....73] [ip6][icmp6] [............2604:a880:800:a1::1279:3001] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] detected: [....73] [ip6][icmp6] [............2604:a880:800:a1::1279:3001] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][DigitalOcean][Network][Acceptable] @@ -255,7 +255,7 @@ RISK: Susp Entropy detection-update: [....62] [ip4][..udp] [..192.168.1.128][42468] -> [.138.91.188.147][.4433] [QUIC][Azure][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] [QUIC][AmazonAWS][Web][Acceptable] + detection-update: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [....66] [ip4][..udp] [..192.168.1.128][57926] -> [..140.227.52.92][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic @@ -266,7 +266,7 @@ idle: [....60] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][43645] -> [......................2001:19f0:4:34::1][..443] [QUIC][Unknown][Web][Acceptable] idle: [....69] [ip4][..udp] [..192.168.1.128][43735] -> [..51.158.105.98][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port - idle: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....77] [ip4][.icmp] [..192.168.1.128] -> [.138.91.188.147] [ICMP][Azure][Network][Acceptable] idle: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] [QUIC][Unknown][Web][Acceptable] @@ -274,7 +274,7 @@ idle: [....35] [ip4][..udp] [..192.168.1.128][45250] -> [..51.158.105.98][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....76] [ip4][.icmp] [..192.168.1.128] -> [..140.227.52.92] [ICMP][Unknown][Network][Acceptable] - idle: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AWS_EC2][Web][Acceptable] RISK: Unidirectional Traffic idle: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic @@ -292,20 +292,20 @@ idle: [....61] [ip4][..udp] [..192.168.1.128][48644] -> [.131.159.24.198][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....74] [ip4][.icmp] [..192.168.1.128] -> [..40.112.191.60] [ICMP][Azure][Network][Acceptable] - idle: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][AmazonAWS][Web][Acceptable] + idle: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][AWS_EC2][Web][Acceptable] idle: [....41] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][45852] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....75] [ip4][.icmp] [133.242.206.244] -> [..192.168.1.128] [ICMP][Unknown][Network][Acceptable] RISK: Susp Entropy idle: [....46] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49788] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port - idle: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....17] [ip4][..udp] [..192.168.1.128][43475] -> [..18.189.84.245][.4433] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....17] [ip4][..udp] [..192.168.1.128][43475] -> [..18.189.84.245][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....26] [ip4][..udp] [..192.168.1.128][37784] -> [..140.227.52.92][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic - idle: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] [ICMP][AmazonAWS][Network][Acceptable] + idle: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy idle: [....56] [ip4][..udp] [..192.168.1.128][39975] -> [.138.91.188.147][..443] [QUIC][Azure][Web][Acceptable] RISK: Unidirectional Traffic @@ -323,13 +323,13 @@ RISK: Unidirectional Traffic idle: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] [QUIC][DigitalOcean][Web][Acceptable] RISK: Known Proto on Non Std Port - idle: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....52] [ip4][..udp] [..192.168.1.128][35263] -> [.202.238.220.92][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....27] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60983] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port - idle: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][DigitalOcean][Web][Acceptable] idle: [....62] [ip4][..udp] [..192.168.1.128][42468] -> [.138.91.188.147][.4433] [QUIC][Azure][Web][Acceptable] @@ -341,7 +341,7 @@ idle: [....36] [ip4][..udp] [..192.168.1.128][42456] -> [133.242.206.244][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic idle: [.....7] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60346] -> [..................2001:bc8:47a4:1c25::1][..443] [QUIC][Unknown][Web][Acceptable] - idle: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....30] [ip4][.icmp] [..51.158.105.98] -> [..192.168.1.128] [ICMP][Unknown][Network][Acceptable] RISK: Susp Entropy @@ -351,7 +351,7 @@ RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....54] [ip4][..udp] [..192.168.1.128][54570] -> [..18.189.84.245][.4434] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....54] [ip4][..udp] [..192.168.1.128][54570] -> [..18.189.84.245][.4434] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....37] [ip6][icmp6] [.2001:4800:7817:101:be76:4eff:fe04:631d] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] idle: [.....9] [ip4][..udp] [..192.168.1.128][46334] -> [..40.112.191.60][..443] [QUIC][Azure][Web][Acceptable] @@ -364,7 +364,7 @@ idle: [....68] [ip6][icmp6] [......................2001:19f0:4:34::1] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] idle: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] idle: [....73] [ip6][icmp6] [............2604:a880:800:a1::1279:3001] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][DigitalOcean][Network][Acceptable] - idle: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] [QUIC][AmazonAWS][Web][Acceptable] + idle: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] [QUIC][AWS_EC2][Web][Acceptable] idle: [....57] [ip4][..udp] [..192.168.1.128][50705] -> [.138.91.188.147][.4434] [QUIC][Azure][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....42] [ip4][..udp] [..192.168.1.128][45855] -> [133.242.206.244][.4434] [QUIC][Unknown][Web][Acceptable] @@ -375,13 +375,13 @@ RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....45] [ip4][..udp] [..192.168.1.128][59515] -> [..193.190.10.98][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....72] [ip4][.icmp] [..18.189.84.245] -> [..192.168.1.128] [ICMP][AmazonAWS][Network][Acceptable] + idle: [....72] [ip4][.icmp] [..18.189.84.245] -> [..192.168.1.128] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy idle: [....18] [ip4][..udp] [..192.168.1.128][49151] -> [133.242.206.244][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....40] [ip4][..udp] [..192.168.1.128][34903] -> [..18.189.84.245][..443] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....40] [ip4][..udp] [..192.168.1.128][34903] -> [..18.189.84.245][..443] [QUIC][AWS_EC2][Web][Acceptable] idle: [....22] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][35643] -> [......................2001:19f0:4:34::1][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] [QUIC][Unknown][Web][Acceptable] @@ -394,7 +394,7 @@ RISK: Known Proto on Non Std Port idle: [....23] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56213] -> [.........2400:8902::f03c:91ff:fe69:a454][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][AmazonAWS][Web][Acceptable] + idle: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][AWS_EC2][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....66] [ip4][..udp] [..192.168.1.128][57926] -> [..140.227.52.92][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic diff --git a/test/results/flow-info/default/quic_sh.pcap.out b/test/results/flow-info/default/quic_sh.pcap.out index 9aefaf614..bd914dd5c 100644 --- a/test/results/flow-info/default/quic_sh.pcap.out +++ b/test/results/flow-info/default/quic_sh.pcap.out @@ -8,9 +8,9 @@ detected: [.....2] [ip6][..udp] [...............2a00:1450:4002:411::200e][..443] -> [...2001:b07:a3d:c112:91b7:b97e:6e2:fad8][33144] [QUIC][Google][Web][Acceptable] RISK: Susp Entropy new: [.....3] [ip4][..udp] [..192.168.1.245][40408] -> [..13.226.175.53][..443] - detected: [.....3] [ip4][..udp] [..192.168.1.245][40408] -> [..13.226.175.53][..443] [QUIC][AmazonAWS][Web][Acceptable] + detected: [.....3] [ip4][..udp] [..192.168.1.245][40408] -> [..13.226.175.53][..443] [QUIC][AWS_Cloudfront][Web][Acceptable] RISK: Unidirectional Traffic - idle: [.....3] [ip4][..udp] [..192.168.1.245][40408] -> [..13.226.175.53][..443] [QUIC][AmazonAWS][Web][Acceptable] + idle: [.....3] [ip4][..udp] [..192.168.1.245][40408] -> [..13.226.175.53][..443] [QUIC][AWS_Cloudfront][Web][Acceptable] RISK: Unidirectional Traffic idle: [.....2] [ip6][..udp] [...............2a00:1450:4002:411::200e][..443] -> [...2001:b07:a3d:c112:91b7:b97e:6e2:fad8][33144] [QUIC][Google][Web][Acceptable] RISK: Susp Entropy diff --git a/test/results/flow-info/default/quic_t51.pcap.out b/test/results/flow-info/default/quic_t51.pcap.out index 7cc8e6817..c4551bf29 100644 --- a/test/results/flow-info/default/quic_t51.pcap.out +++ b/test/results/flow-info/default/quic_t51.pcap.out @@ -3,5 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] detected: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address idle: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com] + RISK: Mismatching Protocol with server IP address DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quickplay.pcap.out b/test/results/flow-info/default/quickplay.pcap.out index 30d476e5d..3acf8e87e 100644 --- a/test/results/flow-info/default/quickplay.pcap.out +++ b/test/results/flow-info/default/quickplay.pcap.out @@ -12,7 +12,9 @@ new: [.....5] [ip4][..tcp] [..10.54.169.250][52288] -> [..173.252.74.22][...80] [MIDSTREAM] detected: [.....5] [ip4][..tcp] [..10.54.169.250][52288] -> [..173.252.74.22][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com] new: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [MIDSTREAM] - detected: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Unknown][ConnCheck][Acceptable][clients3.google.com] + detected: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Unknown][Web][Acceptable][clients3.google.com] + detection-update: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Unknown][Web][Acceptable][clients3.google.com] + RISK: Mismatching Protocol with server IP address new: [.....7] [ip4][..tcp] [..10.54.169.250][44793] -> [....31.13.68.49][...80] [MIDSTREAM] detected: [.....7] [ip4][..tcp] [..10.54.169.250][44793] -> [....31.13.68.49][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com] new: [.....8] [ip4][..tcp] [..10.54.169.250][44256] -> [....120.28.5.41][...80] [MIDSTREAM] @@ -55,7 +57,7 @@ detection-update: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkminorshort.weixin.qq.com] RISK: Known Proto on Non Std Port, Binary File/Data Transfer (Attempt) new: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [MIDSTREAM] - detected: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AmazonAWS][Web][Fun][api.account.xiaomi.com] + detected: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AWS_EC2][Web][Fun][api.account.xiaomi.com] new: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [MIDSTREAM] detected: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Fun][vod-singtelhawk.quickplay.com] end: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Download][Fun][hkextshort.weixin.qq.com] @@ -83,9 +85,10 @@ RISK: Known Proto on Non Std Port, Binary File/Data Transfer (Attempt) idle: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkextshort.weixin.qq.com] RISK: Known Proto on Non Std Port, Binary File/Data Transfer (Attempt) - idle: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AmazonAWS][Web][Fun][api.account.xiaomi.com] + idle: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AWS_EC2][Web][Fun][api.account.xiaomi.com] idle: [.....3] [ip4][..tcp] [..10.54.169.250][33064] -> [....120.28.5.18][...80] [HTTP][Unknown][Streaming][Fun] - idle: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Unknown][ConnCheck][Acceptable][clients3.google.com] + idle: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Unknown][Web][Acceptable][clients3.google.com] + RISK: Mismatching Protocol with server IP address idle: [....10] [ip4][..tcp] [..10.54.169.250][54883] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Chat][Fun] RISK: Known Proto on Non Std Port idle: [.....7] [ip4][..tcp] [..10.54.169.250][44793] -> [....31.13.68.49][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com] diff --git a/test/results/flow-info/default/reddit.pcap.out b/test/results/flow-info/default/reddit.pcap.out index 625966fd9..cd9d75afa 100644 --- a/test/results/flow-info/default/reddit.pcap.out +++ b/test/results/flow-info/default/reddit.pcap.out @@ -197,10 +197,10 @@ new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] detected: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads][ad.doubleclick.net] detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads][ad.doubleclick.net] - detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AmazonAWS][Web][Safe][rules.quantcount.com] + detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AWS_Cloudfront][Web][Safe][rules.quantcount.com] detection-update: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads][ad.doubleclick.net] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads][ad.doubleclick.net] - detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AmazonAWS][Web][Safe][rules.quantcount.com] + detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AWS_Cloudfront][Web][Safe][rules.quantcount.com] analyse: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.043| 0.011| 0.015| 223.794| 3.600] @@ -211,6 +211,8 @@ [IATS(ms)....: 41.1,41.1,0.2,31.9,11.0,42.7,0.5,0.0,0.5,0.0,2.8,1.3,0.1,34.2,10.2,0.0,40.2,0.5,1.5,0.0,0.9,16.6,0.0,0.0,16.5,0.0,0.0,4.4,0.3,12.7,24.5] [PKTLENS.....: 80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72] [ENTROPIES...: 4.9,5.3,5.3,4.5,5.1,7.8,5.3,7.9,6.5,5.3,5.3,6.1,6.5,7.4,5.2,7.6,5.1,5.3,5.9,5.1,5.8,5.3,7.7,5.7,6.0,5.3,5.3,5.3,6.1,5.9,7.1,5.2] + detection-update: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads][ad.doubleclick.net] + RISK: Mismatching Protocol with server IP address analyse: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.217| 0.047| 0.068| 4568.099| 3.600] @@ -296,9 +298,7 @@ detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.fr] detection-update: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Advertisement][Tracker_Ads][adservice.google.com] detected: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Tracker_Ads][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] - RISK: Non-Printable/Invalid Chars Detected, Possible Exploit Attempt detection-update: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Tracker_Ads][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] - RISK: Non-Printable/Invalid Chars Detected, Possible Exploit Attempt detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS][Unknown][Advertisement][Tracker_Ads][aax-eu.amazon-adsystem.com] detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS][Unknown][Advertisement][Tracker_Ads][aax-eu.amazon-adsystem.com] analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Advertisement][Tracker_Ads] @@ -377,12 +377,11 @@ detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Unknown][Web][Safe][d9.flashtalking.com] detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Unknown][Web][Safe][d9.flashtalking.com] idle: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] - idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AmazonAWS][Web][Safe] + idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AWS_Cloudfront][Web][Safe] idle: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun][yt3.ggpht.com] idle: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] [TLS][Unknown][Web][Safe] idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Advertisement][Tracker_Ads][adservice.google.com] idle: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Tracker_Ads][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] - RISK: Non-Printable/Invalid Chars Detected, Possible Exploit Attempt idle: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com] idle: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Unknown][Web][Safe] idle: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Unknown][Web][Safe] @@ -404,6 +403,7 @@ idle: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun] idle: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads] idle: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads][ad.doubleclick.net] + RISK: Mismatching Protocol with server IP address end: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Tracker_Ads] idle: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable] end: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable] diff --git a/test/results/flow-info/default/riot.pcapng.out b/test/results/flow-info/default/riot.pcapng.out index b6a5a4c76..c984ef240 100644 --- a/test/results/flow-info/default/riot.pcapng.out +++ b/test/results/flow-info/default/riot.pcapng.out @@ -5,7 +5,7 @@ new: [.....2] [ip4][..tcp] [..35.234.85.218][..443] -> [..192.168.26.22][51949] [MIDSTREAM] detected: [.....2] [ip4][..tcp] [..35.234.85.218][..443] -> [..192.168.26.22][51949] [TLS][GoogleCloud][Web][Safe] detection-update: [.....2] [ip4][..tcp] [..35.234.85.218][..443] -> [..192.168.26.22][51949] [TLS.RiotGames][GoogleCloud][Game][Fun] - guessed: [.....1] [ip4][..tcp] [..52.41.135.135][..443] -> [..192.168.26.22][51817] [TLS][AmazonAWS][Web][Safe] + guessed: [.....1] [ip4][..tcp] [..52.41.135.135][..443] -> [..192.168.26.22][51817] [TLS][AWS_EC2][Web][Safe] RISK: Susp Entropy, Unidirectional Traffic idle: [.....1] [ip4][..tcp] [..52.41.135.135][..443] -> [..192.168.26.22][51817] idle: [.....2] [ip4][..tcp] [..35.234.85.218][..443] -> [..192.168.26.22][51949] [TLS.RiotGames][GoogleCloud][Game][Fun] diff --git a/test/results/flow-info/default/ripe_atlas.pcap.out b/test/results/flow-info/default/ripe_atlas.pcap.out index 3e416008d..947ea1abd 100644 --- a/test/results/flow-info/default/ripe_atlas.pcap.out +++ b/test/results/flow-info/default/ripe_atlas.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [.207.246.88.254][56857] -> [..96.78.208.202][29195] detected: [.....1] [ip4][..udp] [.207.246.88.254][56857] -> [..96.78.208.202][29195] [RipeAtlas][Unknown][Network][Acceptable] new: [.....2] [ip4][..udp] [...23.57.157.60][36137] -> [152.246.227.169][.4712] - detected: [.....2] [ip4][..udp] [...23.57.157.60][36137] -> [152.246.227.169][.4712] [RipeAtlas][Unknown][Network][Acceptable] + detected: [.....2] [ip4][..udp] [...23.57.157.60][36137] -> [152.246.227.169][.4712] [RipeAtlas][Akamai][Network][Acceptable] idle: [.....1] [ip4][..udp] [.207.246.88.254][56857] -> [..96.78.208.202][29195] [RipeAtlas][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..udp] [168.139.124.224][11476] -> [..19.132.223.32][36467] detected: [.....3] [ip4][..udp] [168.139.124.224][11476] -> [..19.132.223.32][36467] [RipeAtlas][Unknown][Network][Acceptable] - idle: [.....2] [ip4][..udp] [...23.57.157.60][36137] -> [152.246.227.169][.4712] [RipeAtlas][Unknown][Network][Acceptable] + idle: [.....2] [ip4][..udp] [...23.57.157.60][36137] -> [152.246.227.169][.4712] [RipeAtlas][Akamai][Network][Acceptable] DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....4] [ip4][..udp] [...9.160.203.32][41059] -> [....68.90.0.255][38409] diff --git a/test/results/flow-info/default/rmcp.pcap.out b/test/results/flow-info/default/rmcp.pcap.out index 3fc0dc62f..1cbcc26b8 100644 --- a/test/results/flow-info/default/rmcp.pcap.out +++ b/test/results/flow-info/default/rmcp.pcap.out @@ -6,7 +6,7 @@ DAEMON-EVENT: [Processed: 1 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] - detected: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] [RMCP][AmazonAWS][System][Safe] + detected: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] [RMCP][AWS_EC2][System][Safe] new: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] detected: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] [RMCP][Unknown][System][Safe] idle: [.....1] [ip4][..udp] [.123.212.25.229][49531] -> [..171.47.173.23][..623] [RMCP][Unknown][System][Safe] @@ -14,7 +14,7 @@ DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....4] [ip4][..udp] [.129.222.153.30][58065] -> [190.219.142.148][..623] detected: [.....4] [ip4][..udp] [.129.222.153.30][58065] -> [190.219.142.148][..623] [RMCP][Unknown][System][Safe] - idle: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] [RMCP][AmazonAWS][System][Safe] + idle: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] [RMCP][AWS_EC2][System][Safe] idle: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] [RMCP][Unknown][System][Safe] new: [.....5] [ip4][..udp] [..64.240.55.240][57984] -> [...30.144.16.67][..623] detected: [.....5] [ip4][..udp] [..64.240.55.240][57984] -> [...30.144.16.67][..623] [RMCP][Unknown][System][Safe] diff --git a/test/results/flow-info/default/rockstar_games.pcapng.out b/test/results/flow-info/default/rockstar_games.pcapng.out index f801e7a91..bc7dd1b3c 100644 --- a/test/results/flow-info/default/rockstar_games.pcapng.out +++ b/test/results/flow-info/default/rockstar_games.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.23][50624] -> [.92.123.164.188][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.23][50624] -> [.92.123.164.188][..443] [TLS.RockstarGames][Unknown][Game][Fun][gamedownloads.rockstargames.com] + detected: [.....1] [ip4][..tcp] [...192.168.1.23][50624] -> [.92.123.164.188][..443] [TLS.RockstarGames][Akamai][Game][Fun][gamedownloads.rockstargames.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [...192.168.1.23][50624] -> [.92.123.164.188][..443] [TLS.RockstarGames][Unknown][Game][Fun][gamedownloads.rockstargames.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.23][50624] -> [.92.123.164.188][..443] [TLS.RockstarGames][Akamai][Game][Fun][gamedownloads.rockstargames.com] RISK: TLS (probably) Not Carrying HTTPS DAEMON-EVENT: [Processed: 6 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] @@ -12,9 +12,9 @@ detected: [.....2] [ip4][..tcp] [...192.168.1.27][64057] -> [.104.255.105.53][..443] [TLS.RockstarGames][Unknown][Game][Fun][rgl.rockstargames.com] detection-update: [.....2] [ip4][..tcp] [...192.168.1.27][64057] -> [.104.255.105.53][..443] [TLS.RockstarGames][Unknown][Game][Fun][rgl.rockstargames.com] new: [.....3] [ip4][..tcp] [...192.168.1.23][50630] -> [....23.38.18.80][..443] - detected: [.....3] [ip4][..tcp] [...192.168.1.23][50630] -> [....23.38.18.80][..443] [TLS.RockstarGames][Unknown][Game][Fun][s.rsg.sc] - detection-update: [.....3] [ip4][..tcp] [...192.168.1.23][50630] -> [....23.38.18.80][..443] [TLS.RockstarGames][Unknown][Game][Fun][s.rsg.sc] - idle: [.....1] [ip4][..tcp] [...192.168.1.23][50624] -> [.92.123.164.188][..443] [TLS.RockstarGames][Unknown][Game][Fun] + detected: [.....3] [ip4][..tcp] [...192.168.1.23][50630] -> [....23.38.18.80][..443] [TLS.RockstarGames][Akamai][Game][Fun][s.rsg.sc] + detection-update: [.....3] [ip4][..tcp] [...192.168.1.23][50630] -> [....23.38.18.80][..443] [TLS.RockstarGames][Akamai][Game][Fun][s.rsg.sc] + idle: [.....1] [ip4][..tcp] [...192.168.1.23][50624] -> [.92.123.164.188][..443] [TLS.RockstarGames][Akamai][Game][Fun] RISK: TLS (probably) Not Carrying HTTPS DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] @@ -23,7 +23,7 @@ RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [.....4] [ip4][..udp] [...192.168.1.42][59487] -> [.192.81.241.191][61457] [DTLS.RockstarGames][Unknown][Game][Fun] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - idle: [.....3] [ip4][..tcp] [...192.168.1.23][50630] -> [....23.38.18.80][..443] [TLS.RockstarGames][Unknown][Game][Fun] + idle: [.....3] [ip4][..tcp] [...192.168.1.23][50630] -> [....23.38.18.80][..443] [TLS.RockstarGames][Akamai][Game][Fun] idle: [.....2] [ip4][..tcp] [...192.168.1.27][64057] -> [.104.255.105.53][..443] [TLS.RockstarGames][Unknown][Game][Fun] idle: [.....4] [ip4][..udp] [...192.168.1.42][59487] -> [.192.81.241.191][61457] [DTLS.RockstarGames][Unknown][Game][Fun] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn diff --git a/test/results/flow-info/default/signal.pcap.out b/test/results/flow-info/default/signal.pcap.out index b30125d25..877f8e2e3 100644 --- a/test/results/flow-info/default/signal.pcap.out +++ b/test/results/flow-info/default/signal.pcap.out @@ -11,14 +11,14 @@ new: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] new: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] detection-update: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e673.dsce9.akamaiedge.net] - detected: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][itunes.apple.com] - detection-update: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][itunes.apple.com] - detected: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + detected: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][itunes.apple.com] + detection-update: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][itunes.apple.com] + detected: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detected: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detected: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - analyse: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun] + detected: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detected: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detected: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + analyse: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.052| 0.012| 0.020| 399.390| 3.200] [PKTLEN......: 52.000| 1492.000| 413.300| 522.500| 272968.600| 4.000] @@ -28,22 +28,22 @@ [IATS(ms)....: 44.2,46.0,0.1,45.6,0.8,0.2,0.3,0.2,47.8,0.0,0.1,46.0,44.7,7.8,1.7,0.1,0.4,0.1,52.3,0.0,1.1,0.0,42.6,0.1,0.7,0.5,0.1,0.9,0.1,0.4,0.0] [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,1492,52,52,52,659,52,132,98,95,87,193,323,323,52,122,52,52,52,52,83,1098,1098,1492,413] [ENTROPIES...: 4.5,5.3,5.1,4.4,5.2,7.8,7.9,7.8,7.9,5.1,5.1,5.0,7.6,5.2,6.3,5.8,5.9,5.8,6.9,7.3,7.4,5.1,6.4,5.1,5.1,5.0,5.0,5.6,7.8,7.8,7.9,7.5] - detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] new: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [MIDSTREAM] detected: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS][Apple][Web][Safe] detection-update: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS][Apple][Web][Safe] RISK: Unidirectional Traffic new: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [MIDSTREAM] - detected: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [TLS][Unknown][Web][Safe] + detected: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [TLS][Akamai][Web][Safe] new: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] new: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] new: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] @@ -54,14 +54,14 @@ detection-update: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][textsecure-service.whispersystems.org] new: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] detected: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Unknown][Network][Acceptable] - detected: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][itunes.apple.com] - detection-update: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][itunes.apple.com] - detected: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + detected: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][itunes.apple.com] + detection-update: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][itunes.apple.com] + detected: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detected: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detected: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detected: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - analyse: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun] + detected: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detected: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detected: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + analyse: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.101| 0.015| 0.025| 625.062| 3.300] [PKTLEN......: 52.000| 1492.000| 431.700| 520.400| 270842.400| 4.100] @@ -71,21 +71,21 @@ [IATS(ms)....: 34.9,37.7,0.1,37.4,0.8,0.2,0.3,0.2,37.0,0.2,34.8,100.7,83.3,17.6,1.1,2.5,0.1,0.4,0.1,36.0,0.0,31.6,0.5,2.4,0.0,0.5,2.2,1.1,0.2,0.2,0.0] [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,1492,52,52,659,52,659,64,132,98,95,87,193,323,323,52,52,52,122,52,52,1098,1098,1492,413] [ENTROPIES...: 4.5,5.2,5.1,4.4,5.2,7.9,7.9,7.8,7.9,5.1,5.1,7.7,5.1,7.7,5.0,6.4,6.0,5.9,5.8,6.8,7.3,7.3,5.2,5.1,5.2,6.3,5.1,5.1,7.8,7.8,7.9,7.5] - detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] new: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] - detected: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] - analyse: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] + detected: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] + analyse: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.115| 0.033| 0.050| 2490.513| 3.300] [PKTLEN......: 52.000| 1492.000| 519.200| 606.200| 367455.800| 4.100] @@ -96,12 +96,12 @@ [PKTLENS.....: 64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52] [ENTROPIES...: 4.4,5.2,5.1,4.6,5.2,7.1,7.7,5.0,6.5,5.8,6.4,5.1,5.7,5.6,5.6,7.1,7.9,7.9,7.9,7.4,5.2,5.9,7.7,5.1,5.1,7.9,7.9,7.9,7.9,6.1,5.2,5.0] new: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [MIDSTREAM] - detected: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [TLS][Unknown][Web][Safe] + detected: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [TLS][Akamai][Web][Safe] new: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] - detected: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][cdn.signal.org] - detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][cdn.signal.org] - detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][cdn.signal.org] - analyse: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] + detected: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AWS_Cloudfront][Chat][Acceptable][cdn.signal.org] + detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AWS_Cloudfront][Chat][Acceptable][cdn.signal.org] + detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AWS_Cloudfront][Chat][Acceptable][cdn.signal.org] + analyse: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AWS_Cloudfront][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.043| 0.012| 0.016| 257.340| 3.700] [PKTLEN......: 52.000| 1492.000| 498.200| 608.000| 369644.200| 4.000] @@ -114,23 +114,23 @@ idle: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac] end: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS][Apple][Web][Safe] RISK: Unidirectional Traffic - idle: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] + idle: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] RISK: TLS (probably) Not Carrying HTTPS - end: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [TLS][Unknown][Web][Safe] - idle: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][cdn.signal.org] + end: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [TLS][Akamai][Web][Safe] + idle: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AWS_Cloudfront][Chat][Acceptable][cdn.signal.org] idle: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][textsecure-service.whispersystems.org] - idle: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] - idle: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] - idle: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] - idle: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable][textsecure-service.whispersystems.org] + idle: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] + idle: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] + idle: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] + idle: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable][textsecure-service.whispersystems.org] idle: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e673.dsce9.akamaiedge.net] - end: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [TLS][Unknown][Web][Safe] - end: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][itunes.apple.com] - end: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][itunes.apple.com] - end: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] + end: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [TLS][Akamai][Web][Safe] + end: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][itunes.apple.com] + end: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][itunes.apple.com] + end: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] RISK: TLS (probably) Not Carrying HTTPS idle: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Unknown][Network][Acceptable] - end: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] - end: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] - end: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Acceptable] + end: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] + end: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] + end: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AWS_EC2][Chat][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/sites.pcapng.out b/test/results/flow-info/default/sites.pcapng.out index ddfed28f8..e2729a500 100644 --- a/test/results/flow-info/default/sites.pcapng.out +++ b/test/results/flow-info/default/sites.pcapng.out @@ -7,16 +7,16 @@ DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][Unknown][SocialNetwork][Fun][vcs-va.tiktokv.com] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][Unknown][SocialNetwork][Fun][vcs-va.tiktokv.com] + detected: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][Akamai][SocialNetwork][Fun][vcs-va.tiktokv.com] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][Akamai][SocialNetwork][Fun][vcs-va.tiktokv.com] idle: [.....1] [ip4][..tcp] [.192.168.12.169][46160] -> [..69.171.250.20][..443] [TLS.FacebookMessenger][Facebook][Chat][Acceptable] DAEMON-EVENT: [Processed: 35 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] new: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] - detected: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AmazonAWS][VoIP][Acceptable][presence.fuze.com] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AmazonAWS][VoIP][Acceptable][presence.fuze.com] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AmazonAWS][VoIP][Acceptable][presence.fuze.com] - end: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][Unknown][SocialNetwork][Fun] + detected: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AWS_EC2][VoIP][Acceptable][presence.fuze.com] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AWS_EC2][VoIP][Acceptable][presence.fuze.com] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AWS_EC2][VoIP][Acceptable][presence.fuze.com] + end: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][Akamai][SocialNetwork][Fun] DAEMON-EVENT: [Processed: 66 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] new: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] @@ -32,7 +32,7 @@ [IATS(ms)....: 46.8,50.1,2.2,52.9,0.2,0.0,0.0,0.0,52.2,0.0,0.0,0.0,1.5,0.6,2.4,52.4,0.0,0.8,3.1,0.0,0.2,0.0,0.0,0.0,0.0,0.0,0.2,47.9,0.0,0.0,0.2] [PKTLENS.....: 60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83] [ENTROPIES...: 4.7,5.2,5.0,5.4,5.1,7.8,7.9,7.8,6.5,5.0,5.0,5.1,5.1,6.3,6.9,7.1,7.4,6.0,5.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.4,5.1,5.0,5.1,5.6] - end: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AmazonAWS][VoIP][Acceptable] + end: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AWS_EC2][VoIP][Acceptable] DAEMON-EVENT: [Processed: 118 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 0] new: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] @@ -58,20 +58,20 @@ DAEMON-EVENT: [Processed: 255 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] - detected: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AmazonAWS][Streaming][Fun][prod-static.disney-plus.net] - detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AmazonAWS][Streaming][Fun][prod-static.disney-plus.net] + detected: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AWS_Cloudfront][Streaming][Fun][prod-static.disney-plus.net] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AWS_Cloudfront][Streaming][Fun][prod-static.disney-plus.net] end: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Unknown][Streaming][Fun] DAEMON-EVENT: [Processed: 284 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 8|updates: 0] new: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] - detected: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Unknown][Web][Fun][api.accuweather.com] - detection-update: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Unknown][Web][Fun][api.accuweather.com] - end: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AmazonAWS][Streaming][Fun] + detected: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Akamai][Web][Fun][api.accuweather.com] + detection-update: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Akamai][Web][Fun][api.accuweather.com] + end: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AWS_Cloudfront][Streaming][Fun] DAEMON-EVENT: [Processed: 314 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 9|updates: 0] new: [.....9] [ip4][..udp] [..192.168.1.123][59102] -> [..216.58.209.46][..443] detected: [.....9] [ip4][..udp] [..192.168.1.123][59102] -> [..216.58.209.46][..443] [QUIC.GoogleClassroom][Google][Collaborative][Acceptable][classroom.google.com] - end: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Unknown][Web][Fun] + end: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Akamai][Web][Fun] DAEMON-EVENT: [Processed: 315 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 9|updates: 0] new: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] @@ -82,28 +82,28 @@ detected: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] [TLS.GitLab][Cloudflare][Collaborative][Acceptable][www.gitlab.com] detection-update: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] [TLS.GitLab][Cloudflare][Collaborative][Acceptable][www.gitlab.com] new: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] - detected: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Unknown][Game][Fun][www.activision.com] - detection-update: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Unknown][Game][Fun][www.activision.com] - detection-update: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Unknown][Game][Fun][www.activision.com] + detected: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Akamai][Game][Fun][www.activision.com] + detection-update: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Akamai][Game][Fun][www.activision.com] + detection-update: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Akamai][Game][Fun][www.activision.com] new: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] detected: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] [TLS.Twitch][Unknown][Video][Fun][gql.twitch.tv] detection-update: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] [TLS.Twitch][Unknown][Video][Fun][gql.twitch.tv] new: [....14] [ip4][..tcp] [..192.168.1.128][45936] -> [..208.85.40.158][...80] new: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] - detected: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][AmazonAWS][Music][Fun][soundcloud.com] - detection-update: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][AmazonAWS][Music][Fun][soundcloud.com] + detected: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][AWS_Cloudfront][Music][Fun][soundcloud.com] + detection-update: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][AWS_Cloudfront][Music][Fun][soundcloud.com] new: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] - detected: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Unknown][Web][Safe][cdn.cnn.com] - detection-update: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Unknown][Web][Safe][cdn.cnn.com] + detected: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Akamai][Web][Safe][cdn.cnn.com] + detection-update: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Akamai][Web][Safe][cdn.cnn.com] new: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] - detected: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Unknown][Shopping][Safe][www.ebay.com] - detection-update: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Unknown][Shopping][Safe][www.ebay.com] + detected: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Akamai][Shopping][Safe][www.ebay.com] + detection-update: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Akamai][Shopping][Safe][www.ebay.com] new: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] detected: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.Canonical][Canonical][Cloud][Acceptable][assets.ubuntu.com] detection-update: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.Canonical][Canonical][Cloud][Acceptable][assets.ubuntu.com] new: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] - detected: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Unknown][Streaming][Fun][hulu.com] - detection-update: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Unknown][Streaming][Fun][hulu.com] + detected: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Akamai][Streaming][Fun][hulu.com] + detection-update: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Akamai][Streaming][Fun][hulu.com] new: [....20] [ip4][..tcp] [..192.168.1.128][44954] -> [..34.96.123.111][...80] new: [....21] [ip4][..tcp] [..192.168.1.128][47122] -> [.35.201.112.136][..443] detected: [....21] [ip4][..tcp] [..192.168.1.128][47122] -> [.35.201.112.136][..443] [TLS.LastFM][GoogleCloud][Music][Fun][kerve.last.fm] @@ -114,8 +114,8 @@ detection-update: [....23] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Unknown][Cloud][Safe][www.bloomberg.com] detection-update: [....23] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Unknown][Cloud][Safe][www.bloomberg.com] new: [....24] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] - detected: [....24] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][AmazonAWS][Cloud][Safe][sourcepointcmp.bloomberg.com] - detection-update: [....24] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][AmazonAWS][Cloud][Safe][sourcepointcmp.bloomberg.com] + detected: [....24] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][AWS_Cloudfront][Cloud][Safe][sourcepointcmp.bloomberg.com] + detection-update: [....24] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][AWS_Cloudfront][Cloud][Safe][sourcepointcmp.bloomberg.com] new: [....25] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] detected: [....25] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] [TLS.LinkedIn][Azure][SocialNetwork][Fun][www.linkedin.com] detection-update: [....25] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] [TLS.LinkedIn][Azure][SocialNetwork][Fun][www.linkedin.com] @@ -125,44 +125,44 @@ detection-update: [....26] [ip4][..tcp] [..192.168.1.128][39934] -> [..104.23.98.190][..443] [TLS.Pastebin][Cloudflare][Download][Potentially_Dangerous][pastebin.com] RISK: Unsafe Protocol new: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] - detected: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Unknown][Game][Fun][www.playstation.com] - detection-update: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Unknown][Game][Fun][www.playstation.com] - detection-update: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Unknown][Game][Fun][www.playstation.com] + detected: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Akamai][Game][Fun][www.playstation.com] + detection-update: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Akamai][Game][Fun][www.playstation.com] + detection-update: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Akamai][Game][Fun][www.playstation.com] new: [....28] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] - detected: [....28] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Unknown][Game][Fun][static.playstation.com] - detection-update: [....28] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Unknown][Game][Fun][static.playstation.com] + detected: [....28] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Akamai][Game][Fun][static.playstation.com] + detection-update: [....28] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Akamai][Game][Fun][static.playstation.com] new: [....29] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] - detected: [....29] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][AmazonAWS][Music][Fun][deezer.com] - detection-update: [....29] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][AmazonAWS][Music][Fun][deezer.com] + detected: [....29] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][AWS_Cloudfront][Music][Fun][deezer.com] + detection-update: [....29] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][AWS_Cloudfront][Music][Fun][deezer.com] new: [....30] [ip4][..tcp] [..192.168.1.128][52070] -> [....18.65.82.67][...80] new: [....31] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] detected: [....31] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] [TLS.GoogleMaps][Google][Web][Safe][maps.google.com] detection-update: [....31] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] [TLS.GoogleMaps][Google][Web][Safe][maps.google.com] new: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] - detected: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Unknown][Game][Fun][account.xbox.com] - detection-update: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Unknown][Game][Fun][account.xbox.com] + detected: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Akamai][Game][Fun][account.xbox.com] + detection-update: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Akamai][Game][Fun][account.xbox.com] new: [....33] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] detected: [....33] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Outlook][Outlook][Email][Acceptable][outlook.com] detection-update: [....33] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Outlook][Outlook][Email][Acceptable][outlook.com] DAEMON-EVENT: [Processed: 433 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 24 / 33|skipped: 0|!detected: 0|guessed: 0|detection-updates: 32|updates: 0] new: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] - detected: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable][guzzoni.apple.com] - detection-update: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable][guzzoni.apple.com] + detected: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AWS_EC2][VirtAssistant][Acceptable][guzzoni.apple.com] + detection-update: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AWS_EC2][VirtAssistant][Acceptable][guzzoni.apple.com] guessed: [....22] [ip4][..tcp] [..192.168.1.128][39036] -> [..69.191.252.15][...80] [HTTP][Bloomberg][Web][Acceptable][] idle: [....22] [ip4][..tcp] [..192.168.1.128][39036] -> [..69.191.252.15][...80] - idle: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Unknown][Game][Fun] + idle: [....27] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Akamai][Game][Fun] idle: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] [TLS.Badoo][Badoo][SocialNetwork][Fun] - idle: [....28] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Unknown][Game][Fun] - idle: [....24] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][AmazonAWS][Cloud][Safe] + idle: [....28] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Akamai][Game][Fun] + idle: [....24] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][AWS_Cloudfront][Cloud][Safe] idle: [....33] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Outlook][Outlook][Email][Acceptable] idle: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] [TLS.Twitch][Unknown][Video][Fun] idle: [....21] [ip4][..tcp] [..192.168.1.128][47122] -> [.35.201.112.136][..443] [TLS.LastFM][GoogleCloud][Music][Fun] guessed: [....14] [ip4][..tcp] [..192.168.1.128][45936] -> [..208.85.40.158][...80] [HTTP][Unknown][Web][Acceptable][] idle: [....14] [ip4][..tcp] [..192.168.1.128][45936] -> [..208.85.40.158][...80] - guessed: [....30] [ip4][..tcp] [..192.168.1.128][52070] -> [....18.65.82.67][...80] [HTTP][AmazonAWS][Web][Acceptable][] + guessed: [....30] [ip4][..tcp] [..192.168.1.128][52070] -> [....18.65.82.67][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][] idle: [....30] [ip4][..tcp] [..192.168.1.128][52070] -> [....18.65.82.67][...80] - idle: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][AmazonAWS][Music][Fun] + idle: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][AWS_Cloudfront][Music][Fun] guessed: [....20] [ip4][..tcp] [..192.168.1.128][44954] -> [..34.96.123.111][...80] [HTTP][GoogleCloud][Web][Acceptable][] idle: [....20] [ip4][..tcp] [..192.168.1.128][44954] -> [..34.96.123.111][...80] idle: [....23] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Unknown][Cloud][Safe] @@ -170,20 +170,20 @@ idle: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] [TLS.GitLab][Cloudflare][Collaborative][Acceptable] idle: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.Canonical][Canonical][Cloud][Acceptable] idle: [....25] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] [TLS.LinkedIn][Azure][SocialNetwork][Fun] - idle: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Unknown][Streaming][Fun] - idle: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Unknown][Shopping][Safe] - idle: [....29] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][AmazonAWS][Music][Fun] + idle: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Akamai][Streaming][Fun] + idle: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Akamai][Shopping][Safe] + idle: [....29] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][AWS_Cloudfront][Music][Fun] idle: [....26] [ip4][..tcp] [..192.168.1.128][39934] -> [..104.23.98.190][..443] [TLS.Pastebin][Cloudflare][Download][Potentially_Dangerous] RISK: Unsafe Protocol - idle: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Unknown][Game][Fun] - idle: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Unknown][Web][Safe] - idle: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Unknown][Game][Fun] + idle: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Akamai][Game][Fun] + idle: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Akamai][Web][Safe] + idle: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Akamai][Game][Fun] new: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] detected: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable][teams.office.com] detection-update: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable][teams.office.com] new: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] - detected: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun][www.primevideo.com] - detection-update: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun][www.primevideo.com] + detected: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AWS_Cloudfront][Video][Fun][www.primevideo.com] + detection-update: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AWS_Cloudfront][Video][Fun][www.primevideo.com] new: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] detected: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable][drive.google.com] detection-update: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable][drive.google.com] @@ -213,14 +213,14 @@ detection-update: [....44] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Unknown][Streaming][Fun][pandora.com] idle: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable] idle: [....43] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] [QUIC.Google][Google][Web][Acceptable][plus.google.com] - idle: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun] + idle: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AWS_Cloudfront][Video][Fun] idle: [....40] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Tencent][Video][Fun] idle: [....42] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS][Google][Web][Safe] idle: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable] idle: [....41] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Google][Web][Acceptable][hangouts.google.com] idle: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable] idle: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable] - idle: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable] + idle: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AWS_EC2][VirtAssistant][Acceptable] DAEMON-EVENT: [Processed: 496 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 44|skipped: 0|!detected: 0|guessed: 4|detection-updates: 43|updates: 1] new: [....45] [ip4][..tcp] [.192.168.88.231][33920] -> [..185.5.161.203][..443] @@ -243,8 +243,8 @@ detected: [....48] [ip4][..tcp] [..192.168.1.245][49558] -> [..80.158.42.215][..443] [TLS.HuaweiCloud][Unknown][Cloud][Acceptable][id7.cloud.huawei.com] detection-update: [....48] [ip4][..tcp] [..192.168.1.245][49558] -> [..80.158.42.215][..443] [TLS.HuaweiCloud][Unknown][Cloud][Acceptable][id7.cloud.huawei.com] new: [....49] [ip6][..tcp] [...2001:b07:a3d:c112:c044:a6d4:80d:5d55][39970] -> [...2600:9000:25ea:1200:1:12d8:5a00:93a1][..443] - detected: [....49] [ip6][..tcp] [...2001:b07:a3d:c112:c044:a6d4:80d:5d55][39970] -> [...2600:9000:25ea:1200:1:12d8:5a00:93a1][..443] [TLS.HuaweiCloud][AmazonAWS][Cloud][Acceptable][contentcenter-dre.dbankcdn.com] - detection-update: [....49] [ip6][..tcp] [...2001:b07:a3d:c112:c044:a6d4:80d:5d55][39970] -> [...2600:9000:25ea:1200:1:12d8:5a00:93a1][..443] [TLS.HuaweiCloud][AmazonAWS][Cloud][Acceptable][contentcenter-dre.dbankcdn.com] + detected: [....49] [ip6][..tcp] [...2001:b07:a3d:c112:c044:a6d4:80d:5d55][39970] -> [...2600:9000:25ea:1200:1:12d8:5a00:93a1][..443] [TLS.HuaweiCloud][AWS_Cloudfront][Cloud][Acceptable][contentcenter-dre.dbankcdn.com] + detection-update: [....49] [ip6][..tcp] [...2001:b07:a3d:c112:c044:a6d4:80d:5d55][39970] -> [...2600:9000:25ea:1200:1:12d8:5a00:93a1][..443] [TLS.HuaweiCloud][AWS_Cloudfront][Cloud][Acceptable][contentcenter-dre.dbankcdn.com] idle: [....46] [ip4][..tcp] [.192.168.88.231][49950] -> [159.153.191.240][..443] [TLS.ElectronicArts][Unknown][Game][Fun] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [....45] [ip4][..tcp] [.192.168.88.231][33920] -> [..185.5.161.203][..443] [TLS.ElectronicArts][Unknown][Game][Fun] @@ -262,7 +262,7 @@ detection-update: [....52] [ip6][..tcp] [..2001:b07:a3d:c112:9a00:ba78:86b1:e177][48624] -> [...................2001:67c:4e8:f004::9][..443] [TLS.Telegram][Telegram][Chat][Acceptable][telegram.me] end: [....48] [ip4][..tcp] [..192.168.1.245][49558] -> [..80.158.42.215][..443] [TLS.HuaweiCloud][Unknown][Cloud][Acceptable] idle: [....47] [ip4][..tcp] [..192.168.1.245][54690] -> [.160.44.196.198][..443] [TLS.HuaweiCloud][Unknown][Cloud][Acceptable] - idle: [....49] [ip6][..tcp] [...2001:b07:a3d:c112:c044:a6d4:80d:5d55][39970] -> [...2600:9000:25ea:1200:1:12d8:5a00:93a1][..443] [TLS.HuaweiCloud][AmazonAWS][Cloud][Acceptable] + idle: [....49] [ip6][..tcp] [...2001:b07:a3d:c112:c044:a6d4:80d:5d55][39970] -> [...2600:9000:25ea:1200:1:12d8:5a00:93a1][..443] [TLS.HuaweiCloud][AWS_Cloudfront][Cloud][Acceptable] DAEMON-EVENT: [Processed: 584 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 52|skipped: 0|!detected: 0|guessed: 4|detection-updates: 51|updates: 1] new: [....53] [ip4][..tcp] [..192.168.1.245][46174] -> [.....5.61.23.30][..443] @@ -277,8 +277,8 @@ detected: [....54] [ip4][..tcp] [.192.168.88.171][55272] -> [116.211.202.129][..443] [TLS.iQIYI][Unknown][Streaming][Fun][opportunarch.iqiyi.com] detection-update: [....54] [ip4][..tcp] [.192.168.88.171][55272] -> [116.211.202.129][..443] [TLS.iQIYI][Unknown][Streaming][Fun][opportunarch.iqiyi.com] new: [....55] [ip4][..tcp] [.192.168.88.171][55468] -> [...184.86.2.194][..443] - detected: [....55] [ip4][..tcp] [.192.168.88.171][55468] -> [...184.86.2.194][..443] [TLS.iQIYI][Unknown][Streaming][Fun][stc.iqiyipic.com] - detection-update: [....55] [ip4][..tcp] [.192.168.88.171][55468] -> [...184.86.2.194][..443] [TLS.iQIYI][Unknown][Streaming][Fun][stc.iqiyipic.com] + detected: [....55] [ip4][..tcp] [.192.168.88.171][55468] -> [...184.86.2.194][..443] [TLS.iQIYI][Akamai][Streaming][Fun][stc.iqiyipic.com] + detection-update: [....55] [ip4][..tcp] [.192.168.88.171][55468] -> [...184.86.2.194][..443] [TLS.iQIYI][Akamai][Streaming][Fun][stc.iqiyipic.com] new: [....56] [ip4][..tcp] [.192.168.88.171][55280] -> [.124.237.225.21][..443] detected: [....56] [ip4][..tcp] [.192.168.88.171][55280] -> [.124.237.225.21][..443] [TLS.iQIYI][Unknown][Streaming][Fun][msg.qy.net] detection-update: [....56] [ip4][..tcp] [.192.168.88.171][55280] -> [.124.237.225.21][..443] [TLS.iQIYI][Unknown][Streaming][Fun][msg.qy.net] @@ -286,23 +286,23 @@ DAEMON-EVENT: [Processed: 623 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 56|skipped: 0|!detected: 0|guessed: 4|detection-updates: 55|updates: 1] new: [....57] [ip4][..tcp] [.192.168.88.171][49217] -> [.54.208.106.218][..443] - detected: [....57] [ip4][..tcp] [.192.168.88.171][49217] -> [.54.208.106.218][..443] [TLS.AdobeConnect][AmazonAWS][Video][Acceptable][meet27083742.adobeconnect.com] - detection-update: [....57] [ip4][..tcp] [.192.168.88.171][49217] -> [.54.208.106.218][..443] [TLS.AdobeConnect][AmazonAWS][Video][Acceptable][meet27083742.adobeconnect.com] + detected: [....57] [ip4][..tcp] [.192.168.88.171][49217] -> [.54.208.106.218][..443] [TLS.AdobeConnect][AWS_EC2][Video][Acceptable][meet27083742.adobeconnect.com] + detection-update: [....57] [ip4][..tcp] [.192.168.88.171][49217] -> [.54.208.106.218][..443] [TLS.AdobeConnect][AWS_EC2][Video][Acceptable][meet27083742.adobeconnect.com] idle: [....54] [ip4][..tcp] [.192.168.88.171][55272] -> [116.211.202.129][..443] [TLS.iQIYI][Unknown][Streaming][Fun] - idle: [....55] [ip4][..tcp] [.192.168.88.171][55468] -> [...184.86.2.194][..443] [TLS.iQIYI][Unknown][Streaming][Fun] + idle: [....55] [ip4][..tcp] [.192.168.88.171][55468] -> [...184.86.2.194][..443] [TLS.iQIYI][Akamai][Streaming][Fun] idle: [....56] [ip4][..tcp] [.192.168.88.171][55280] -> [.124.237.225.21][..443] [TLS.iQIYI][Unknown][Streaming][Fun] DAEMON-EVENT: [Processed: 629 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 57|skipped: 0|!detected: 0|guessed: 4|detection-updates: 56|updates: 1] new: [....58] [ip4][..tcp] [..192.168.1.245][50142] -> [...3.136.49.254][..443] - detected: [....58] [ip4][..tcp] [..192.168.1.245][50142] -> [...3.136.49.254][..443] [TLS.Bluesky][AmazonAWS][SocialNetwork][Fun][bsky.app] - detection-update: [....58] [ip4][..tcp] [..192.168.1.245][50142] -> [...3.136.49.254][..443] [TLS.Bluesky][AmazonAWS][SocialNetwork][Fun][bsky.app] + detected: [....58] [ip4][..tcp] [..192.168.1.245][50142] -> [...3.136.49.254][..443] [TLS.Bluesky][AWS_EC2][SocialNetwork][Fun][bsky.app] + detection-update: [....58] [ip4][..tcp] [..192.168.1.245][50142] -> [...3.136.49.254][..443] [TLS.Bluesky][AWS_EC2][SocialNetwork][Fun][bsky.app] new: [....59] [ip4][..tcp] [..192.168.1.245][55362] -> [....44.218.3.81][..443] - detected: [....59] [ip4][..tcp] [..192.168.1.245][55362] -> [....44.218.3.81][..443] [TLS.Bluesky][AmazonAWS][SocialNetwork][Fun][bsky.social] - detection-update: [....59] [ip4][..tcp] [..192.168.1.245][55362] -> [....44.218.3.81][..443] [TLS.Bluesky][AmazonAWS][SocialNetwork][Fun][bsky.social] + detected: [....59] [ip4][..tcp] [..192.168.1.245][55362] -> [....44.218.3.81][..443] [TLS.Bluesky][AWS_EC2][SocialNetwork][Fun][bsky.social] + detection-update: [....59] [ip4][..tcp] [..192.168.1.245][55362] -> [....44.218.3.81][..443] [TLS.Bluesky][AWS_EC2][SocialNetwork][Fun][bsky.social] new: [....60] [ip4][..tcp] [..192.168.1.245][33212] -> [..15.204.197.32][..443] detected: [....60] [ip4][..tcp] [..192.168.1.245][33212] -> [..15.204.197.32][..443] [TLS.Bluesky][Unknown][SocialNetwork][Fun][enoki.us-east.host.bsky.network] detection-update: [....60] [ip4][..tcp] [..192.168.1.245][33212] -> [..15.204.197.32][..443] [TLS.Bluesky][Unknown][SocialNetwork][Fun][enoki.us-east.host.bsky.network] - idle: [....57] [ip4][..tcp] [.192.168.88.171][49217] -> [.54.208.106.218][..443] [TLS.AdobeConnect][AmazonAWS][Video][Acceptable] + idle: [....57] [ip4][..tcp] [.192.168.88.171][49217] -> [.54.208.106.218][..443] [TLS.AdobeConnect][AWS_EC2][Video][Acceptable] new: [....61] [ip6][..tcp] [...2001:b07:a3d:c112:6ea5:ab52:9230:ba5][35968] -> [.....................2a04:4e42:c00::347][..443] detected: [....61] [ip6][..tcp] [...2001:b07:a3d:c112:6ea5:ab52:9230:ba5][35968] -> [.....................2a04:4e42:c00::347][..443] [TLS.Mastodon][Unknown][SocialNetwork][Fun][mastodon.social] detection-update: [....61] [ip6][..tcp] [...2001:b07:a3d:c112:6ea5:ab52:9230:ba5][35968] -> [.....................2a04:4e42:c00::347][..443] [TLS.Mastodon][Unknown][SocialNetwork][Fun][mastodon.social] @@ -317,8 +317,8 @@ detection-update: [....63] [ip4][..tcp] [..192.168.1.245][58624] -> [.104.16.156.111][..443] [TLS.NordVPN][Cloudflare][VPN][Acceptable][s1.nordcdn.com] idle: [....62] [ip6][..udp] [...2001:b07:a3d:c112:6ea5:ab52:9230:ba5][41590] -> [......2a03:2880:f208:c4:face:b00c::43fe][..443] [QUIC.Threads][Facebook][SocialNetwork][Fun][www.threads.net] idle: [....61] [ip6][..tcp] [...2001:b07:a3d:c112:6ea5:ab52:9230:ba5][35968] -> [.....................2a04:4e42:c00::347][..443] [TLS.Mastodon][Unknown][SocialNetwork][Fun] - idle: [....59] [ip4][..tcp] [..192.168.1.245][55362] -> [....44.218.3.81][..443] [TLS.Bluesky][AmazonAWS][SocialNetwork][Fun] - idle: [....58] [ip4][..tcp] [..192.168.1.245][50142] -> [...3.136.49.254][..443] [TLS.Bluesky][AmazonAWS][SocialNetwork][Fun] + idle: [....59] [ip4][..tcp] [..192.168.1.245][55362] -> [....44.218.3.81][..443] [TLS.Bluesky][AWS_EC2][SocialNetwork][Fun] + idle: [....58] [ip4][..tcp] [..192.168.1.245][50142] -> [...3.136.49.254][..443] [TLS.Bluesky][AWS_EC2][SocialNetwork][Fun] idle: [....60] [ip4][..tcp] [..192.168.1.245][33212] -> [..15.204.197.32][..443] [TLS.Bluesky][Unknown][SocialNetwork][Fun] DAEMON-EVENT: [Processed: 678 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 63|skipped: 0|!detected: 0|guessed: 4|detection-updates: 61|updates: 1] @@ -345,19 +345,19 @@ DAEMON-EVENT: [Processed: 798 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 65|skipped: 0|!detected: 0|guessed: 4|detection-updates: 63|updates: 1] new: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] - detected: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AmazonAWS][Network][Safe][www.ui.com] - detection-update: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AmazonAWS][Network][Safe][www.ui.com] + detected: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AWS_Cloudfront][Network][Safe][www.ui.com] + detection-update: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AWS_Cloudfront][Network][Safe][www.ui.com] end: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun][rutube.ru] DAEMON-EVENT: [Processed: 816 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 66|skipped: 0|!detected: 0|guessed: 4|detection-updates: 64|updates: 1] new: [....67] [ip4][..tcp] [...192.168.1.31][50095] -> [..176.112.173.3][..443] detected: [....67] [ip4][..tcp] [...192.168.1.31][50095] -> [..176.112.173.3][..443] [TLS.VK][VK][SocialNetwork][Fun][pubsub.live.vkvideo.ru] - idle: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AmazonAWS][Network][Safe] + idle: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AWS_Cloudfront][Network][Safe] DAEMON-EVENT: [Processed: 820 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 67|skipped: 0|!detected: 0|guessed: 4|detection-updates: 64|updates: 1] new: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] - detected: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC][AmazonAWS][Web][Acceptable] - detection-update: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC.Kick][AmazonAWS][Video][Fun][clips.kick.com] + detected: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC][AWS_Cloudfront][Web][Acceptable] + detection-update: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC.Kick][AWS_Cloudfront][Video][Fun][clips.kick.com] RISK: Unidirectional Traffic new: [....69] [ip4][..tcp] [...192.168.1.17][55956] -> [.188.114.99.224][..443] detected: [....69] [ip4][..tcp] [...192.168.1.17][55956] -> [.188.114.99.224][..443] [TLS.Kick][Cloudflare][Video][Fun][kick.com] @@ -366,7 +366,7 @@ DAEMON-EVENT: [Flows][active: 2 / 69|skipped: 0|!detected: 0|guessed: 4|detection-updates: 65|updates: 1] new: [....70] [ip4][..tcp] [...192.168.1.17][55718] -> [213.180.204.183][...80] detected: [....70] [ip4][..tcp] [...192.168.1.17][55718] -> [213.180.204.183][...80] [HTTP.Canonical][Yandex][Cloud][Acceptable][ru.archive.ubuntu.com] - idle: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC.Kick][AmazonAWS][Video][Fun][clips.kick.com] + idle: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC.Kick][AWS_Cloudfront][Video][Fun][clips.kick.com] RISK: Unidirectional Traffic idle: [....69] [ip4][..tcp] [...192.168.1.17][55956] -> [.188.114.99.224][..443] [TLS.Kick][Cloudflare][Video][Fun] new: [....71] [ip4][..tcp] [...192.168.1.17][60888] -> [.185.125.188.54][..443] diff --git a/test/results/flow-info/default/sites2.pcapng.out b/test/results/flow-info/default/sites2.pcapng.out index 99345cb9b..9d2d3ad88 100644 --- a/test/results/flow-info/default/sites2.pcapng.out +++ b/test/results/flow-info/default/sites2.pcapng.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.12.67][46892] -> [...2.23.155.106][..443] - detected: [.....1] [ip4][..tcp] [..192.168.12.67][46892] -> [...2.23.155.106][..443] [TLS.Shein][Unknown][Shopping][Acceptable][img.shein.com] - detection-update: [.....1] [ip4][..tcp] [..192.168.12.67][46892] -> [...2.23.155.106][..443] [TLS.Shein][Unknown][Shopping][Acceptable][img.shein.com] + detected: [.....1] [ip4][..tcp] [..192.168.12.67][46892] -> [...2.23.155.106][..443] [TLS.Shein][Akamai][Shopping][Acceptable][img.shein.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.12.67][46892] -> [...2.23.155.106][..443] [TLS.Shein][Akamai][Shopping][Acceptable][img.shein.com] DAEMON-EVENT: [Processed: 13 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....2] [ip4][..tcp] [..192.168.12.67][47694] -> [......20.15.0.9][..443] @@ -19,11 +19,11 @@ detected: [.....4] [ip4][..tcp] [..192.168.12.67][39974] -> [..151.101.1.233][..443] [TLS.ParamountPlus][Unknown][Streaming][Fun][vod-gcs-cedexis.cbsaavideo.com] idle: [.....3] [ip4][..tcp] [..192.168.12.67][43446] -> [..59.82.122.224][..443] [TLS.Taobao][Alibaba][Shopping][Acceptable] idle: [.....2] [ip4][..tcp] [..192.168.12.67][47694] -> [......20.15.0.9][..443] [TLS.Temu][Azure][Shopping][Acceptable] - idle: [.....1] [ip4][..tcp] [..192.168.12.67][46892] -> [...2.23.155.106][..443] [TLS.Shein][Unknown][Shopping][Acceptable] + idle: [.....1] [ip4][..tcp] [..192.168.12.67][46892] -> [...2.23.155.106][..443] [TLS.Shein][Akamai][Shopping][Acceptable] DAEMON-EVENT: [Processed: 52 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] new: [.....5] [ip4][..tcp] [..192.168.0.100][52124] -> [..213.180.193.9][...80] - detected: [.....5] [ip4][..tcp] [..192.168.0.100][52124] -> [..213.180.193.9][...80] [HTTP.YandexAlice][Yandex][ConnCheck][Acceptable][scbh.yandex.net] - end: [.....5] [ip4][..tcp] [..192.168.0.100][52124] -> [..213.180.193.9][...80] [HTTP.YandexAlice][Yandex][ConnCheck][Acceptable][scbh.yandex.net] + detected: [.....5] [ip4][..tcp] [..192.168.0.100][52124] -> [..213.180.193.9][...80] [HTTP.YandexAlice][Yandex][VirtAssistant][Acceptable][scbh.yandex.net] + end: [.....5] [ip4][..tcp] [..192.168.0.100][52124] -> [..213.180.193.9][...80] [HTTP.YandexAlice][Yandex][VirtAssistant][Acceptable][scbh.yandex.net] idle: [.....4] [ip4][..tcp] [..192.168.12.67][39974] -> [..151.101.1.233][..443] [TLS.ParamountPlus][Unknown][Streaming][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/sites3.pcapng.out b/test/results/flow-info/default/sites3.pcapng.out index 23c17b1b9..d7712434b 100644 --- a/test/results/flow-info/default/sites3.pcapng.out +++ b/test/results/flow-info/default/sites3.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] - detected: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] [TLS.Blacknut][AmazonAWS][Game][Fun][www.blacknut.com] - detection-update: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] [TLS.Blacknut][AmazonAWS][Game][Fun][www.blacknut.com] - analyse: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] [TLS.Blacknut][AmazonAWS][Game][Fun] + detected: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] [TLS.Blacknut][AWS_EC2][Game][Fun][www.blacknut.com] + detection-update: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] [TLS.Blacknut][AWS_EC2][Game][Fun][www.blacknut.com] + analyse: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] [TLS.Blacknut][AWS_EC2][Game][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.490| 0.112| 0.136| 18380.933| 3.800] [PKTLEN......: 40.000| 1400.000| 558.900| 594.500| 353482.700| 4.100] @@ -30,7 +30,13 @@ [IATS(ms)....: 167.8,168.0,1.6,0.0,340.8,516.3,0.0,0.1,0.0,0.0,174.0,2.2,0.0,2.3,4.8,3.6,108.7,11.3,765.2,0.3,0.0,876.9,504.4,711.6,113.4,364.0,171.8,1.0,0.0,0.0,0.0] [PKTLENS.....: 52,52,40,1400,410,1400,40,40,1400,1400,841,40,52,841,52,104,665,40,40,1044,181,67,40,697,40,578,40,1400,71,1400,71,1400] [ENTROPIES...: 4.7,4.9,4.8,7.8,6.9,7.7,4.8,4.8,7.8,7.9,7.8,4.9,4.8,7.8,4.8,5.9,7.7,4.8,4.8,7.8,6.8,5.6,4.9,7.7,4.8,7.7,4.7,7.9,5.7,7.8,5.6,7.9] + DAEMON-EVENT: [Processed: 150 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 3 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] + new: [.....4] [ip4][..tcp] [..192.168.1.126][52752] -> [...3.124.173.63][..443] + detected: [.....4] [ip4][..tcp] [..192.168.1.126][52752] -> [...3.124.173.63][..443] [TLS.Espn][AWS_EC2][Streaming][Fun][dcf.espn.com] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.126][52752] -> [...3.124.173.63][..443] [TLS.Espn][AWS_EC2][Streaming][Fun][dcf.espn.com] end: [.....3] [ip4][..tcp] [.192.168.43.159][19191] -> [...172.67.42.21][..443] [TLS.Boosteroid][Cloudflare][Game][Fun][cloud.boosteroid.com] - end: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] [TLS.Blacknut][AmazonAWS][Game][Fun][www.blacknut.com] + end: [.....1] [ip4][..tcp] [.192.168.43.159][19127] -> [.52.215.125.151][..443] [TLS.Blacknut][AWS_EC2][Game][Fun][www.blacknut.com] end: [.....2] [ip4][..tcp] [.192.168.43.159][19180] -> [..172.98.56.177][..443] [TLS.Rumble][Unknown][Streaming][Fun] + idle: [.....4] [ip4][..tcp] [..192.168.1.126][52752] -> [...3.124.173.63][..443] [TLS.Espn][AWS_EC2][Streaming][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/snapchat_call.pcapng.out b/test/results/flow-info/default/snapchat_call.pcapng.out index f5be6eec3..b0bc80ea4 100644 --- a/test/results/flow-info/default/snapchat_call.pcapng.out +++ b/test/results/flow-info/default/snapchat_call.pcapng.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] - detected: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC][AmazonAWS][Web][Acceptable] + detected: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC][AWS_EC2][Web][Acceptable] RISK: Missing SNI TLS Extn - detection-update: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable] + detection-update: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][AWS_EC2][VoIP][Acceptable] RISK: Missing SNI TLS Extn - analyse: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable] + analyse: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][AWS_EC2][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.447| 0.221| 0.397| 157833.134| 3.200] [PKTLEN......: 48.000| 1378.000| 331.900| 468.500| 219532.900| 3.900] @@ -16,6 +16,6 @@ [IATS(ms)....: 16.8,0.1,30.4,0.1,24.2,5.1,0.0,0.0,20.3,29.1,5.5,0.1,0.0,0.2,2.1,54.4,0.0,0.0,507.6,1447.3,48.7,53.5,57.9,1172.7,3.3,7.5,379.7,803.5,440.1,1155.7,589.8] [PKTLENS.....: 1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72] [ENTROPIES...: 2.2,7.7,4.7,4.0,7.7,5.2,7.8,5.4,7.4,5.4,5.7,5.6,5.7,5.6,6.8,6.0,5.3,5.3,5.2,5.5,7.4,7.2,7.4,7.2,5.6,5.4,5.3,5.7,5.1,5.6,5.6,5.7] - idle: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][AWS_EC2][VoIP][Acceptable] RISK: Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/snapchat_call_v1.pcapng.out b/test/results/flow-info/default/snapchat_call_v1.pcapng.out index 2b71cf977..54415ba10 100644 --- a/test/results/flow-info/default/snapchat_call_v1.pcapng.out +++ b/test/results/flow-info/default/snapchat_call_v1.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] - detected: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.Snapchat][AmazonAWS][SocialNetwork][Fun][str1-euwest1-34-246-231-140.addlive.io] - detection-update: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable][str1-euwest1-34-246-231-140.addlive.io] - analyse: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable][str1-euwest1-34-246-231-140.addlive.io] + detected: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.Snapchat][AWS_EC2][SocialNetwork][Fun][str1-euwest1-34-246-231-140.addlive.io] + detection-update: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.SnapchatCall][AWS_EC2][VoIP][Acceptable][str1-euwest1-34-246-231-140.addlive.io] + analyse: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.SnapchatCall][AWS_EC2][VoIP][Acceptable][str1-euwest1-34-246-231-140.addlive.io] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.284| 0.040| 0.070| 4893.651| 3.500] [PKTLEN......: 53.000| 1228.000| 476.600| 428.300| 183471.500| 4.400] @@ -14,5 +14,5 @@ [IATS(ms)....: 43.8,0.0,0.0,47.2,5.9,7.2,49.2,0.1,34.7,7.9,33.2,29.7,120.5,284.3,0.7,11.8,262.1,35.2,126.4,0.3,9.4,12.6,6.5,7.1,102.9,0.0,6.2,0.3,1.3,2.4,3.1] [PKTLENS.....: 1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525] [ENTROPIES...: 7.8,7.8,7.8,7.5,7.8,6.4,7.7,7.5,6.2,5.8,7.4,5.6,6.1,5.5,6.0,5.7,6.9,5.4,5.4,5.9,7.8,7.8,7.8,7.7,7.6,5.7,6.2,7.6,7.6,7.6,7.6,7.6] - idle: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable][str1-euwest1-34-246-231-140.addlive.io] + idle: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.SnapchatCall][AWS_EC2][VoIP][Acceptable][str1-euwest1-34-246-231-140.addlive.io] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/snmp.pcap.out b/test/results/flow-info/default/snmp.pcap.out index 018b92593..1a8ccff67 100644 --- a/test/results/flow-info/default/snmp.pcap.out +++ b/test/results/flow-info/default/snmp.pcap.out @@ -5,31 +5,31 @@ detected: [.....1] [ip4][..udp] [..176.211.60.43][43015] -> [...97.0.115.163][..161] [SNMP][Unknown][Network][Acceptable] detection-update: [.....1] [ip4][..udp] [..176.211.60.43][43015] -> [...97.0.115.163][..161] [SNMP][Unknown][Network][Acceptable] new: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] - detected: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] [SNMP][AmazonAWS][Network][Acceptable] - detection-update: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] [SNMP][AmazonAWS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] [SNMP][AWS_EC2][Network][Acceptable] + detection-update: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] [SNMP][AWS_EC2][Network][Acceptable] new: [.....3] [ip4][..udp] [..176.211.60.43][37224] -> [...97.0.115.163][..161] detected: [.....3] [ip4][..udp] [..176.211.60.43][37224] -> [...97.0.115.163][..161] [SNMP][Unknown][Network][Acceptable] detection-update: [.....3] [ip4][..udp] [..176.211.60.43][37224] -> [...97.0.115.163][..161] [SNMP][Unknown][Network][Acceptable] new: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] - detected: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] [SNMP][AmazonAWS][Network][Acceptable] - detection-update: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] [SNMP][AmazonAWS][Network][Acceptable] + detected: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] [SNMP][AWS_EC2][Network][Acceptable] + detection-update: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] [SNMP][AWS_EC2][Network][Acceptable] update: [.....1] [ip4][..udp] [..176.211.60.43][43015] -> [...97.0.115.163][..161] [SNMP][Unknown][Network][Acceptable] new: [.....5] [ip4][..udp] [..30.54.142.240][56251] -> [..250.58.112.87][..161] detected: [.....5] [ip4][..udp] [..30.54.142.240][56251] -> [..250.58.112.87][..161] [SNMP][Unknown][Network][Acceptable] new: [.....6] [ip4][..udp] [..30.54.142.240][52435] -> [..250.58.112.87][..161] detected: [.....6] [ip4][..udp] [..30.54.142.240][52435] -> [..250.58.112.87][..161] [SNMP][Unknown][Network][Acceptable] - update: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] [SNMP][AmazonAWS][Network][Acceptable] - update: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] [SNMP][AmazonAWS][Network][Acceptable] + update: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] [SNMP][AWS_EC2][Network][Acceptable] + update: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] [SNMP][AWS_EC2][Network][Acceptable] update: [.....3] [ip4][..udp] [..176.211.60.43][37224] -> [...97.0.115.163][..161] [SNMP][Unknown][Network][Acceptable] update: [.....1] [ip4][..udp] [..176.211.60.43][43015] -> [...97.0.115.163][..161] [SNMP][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 28 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 6 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 5] new: [.....7] [ip4][..udp] [..35.95.158.217][60440] -> [...30.79.214.36][..161] - detected: [.....7] [ip4][..udp] [..35.95.158.217][60440] -> [...30.79.214.36][..161] [SNMP][AmazonAWS][Network][Acceptable] + detected: [.....7] [ip4][..udp] [..35.95.158.217][60440] -> [...30.79.214.36][..161] [SNMP][AWS_EC2][Network][Acceptable] new: [.....8] [ip4][..udp] [..35.95.158.217][49306] -> [...30.79.214.36][..161] - detected: [.....8] [ip4][..udp] [..35.95.158.217][49306] -> [...30.79.214.36][..161] [SNMP][AmazonAWS][Network][Acceptable] - idle: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] [SNMP][AmazonAWS][Network][Acceptable] - idle: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] [SNMP][AmazonAWS][Network][Acceptable] + detected: [.....8] [ip4][..udp] [..35.95.158.217][49306] -> [...30.79.214.36][..161] [SNMP][AWS_EC2][Network][Acceptable] + idle: [.....4] [ip4][..udp] [...65.2.162.193][58433] -> [.130.70.149.185][..161] [SNMP][AWS_EC2][Network][Acceptable] + idle: [.....2] [ip4][..udp] [...65.2.162.193][59988] -> [.130.70.149.185][..161] [SNMP][AWS_EC2][Network][Acceptable] idle: [.....6] [ip4][..udp] [..30.54.142.240][52435] -> [..250.58.112.87][..161] [SNMP][Unknown][Network][Acceptable] idle: [.....5] [ip4][..udp] [..30.54.142.240][56251] -> [..250.58.112.87][..161] [SNMP][Unknown][Network][Acceptable] idle: [.....3] [ip4][..udp] [..176.211.60.43][37224] -> [...97.0.115.163][..161] [SNMP][Unknown][Network][Acceptable] @@ -38,16 +38,16 @@ detected: [.....9] [ip4][..udp] [.131.179.49.165][60694] -> [..254.158.1.169][..161] [SNMP][Unknown][Network][Acceptable] new: [....10] [ip4][..udp] [.131.179.49.165][35970] -> [..254.158.1.169][..161] detected: [....10] [ip4][..udp] [.131.179.49.165][35970] -> [..254.158.1.169][..161] [SNMP][Unknown][Network][Acceptable] - update: [.....7] [ip4][..udp] [..35.95.158.217][60440] -> [...30.79.214.36][..161] [SNMP][AmazonAWS][Network][Acceptable] - update: [.....8] [ip4][..udp] [..35.95.158.217][49306] -> [...30.79.214.36][..161] [SNMP][AmazonAWS][Network][Acceptable] + update: [.....7] [ip4][..udp] [..35.95.158.217][60440] -> [...30.79.214.36][..161] [SNMP][AWS_EC2][Network][Acceptable] + update: [.....8] [ip4][..udp] [..35.95.158.217][49306] -> [...30.79.214.36][..161] [SNMP][AWS_EC2][Network][Acceptable] DAEMON-EVENT: [Processed: 52 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 10|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 7] new: [....11] [ip4][..udp] [..92.135.15.240][54318] -> [.137.49.110.186][..162] detected: [....11] [ip4][..udp] [..92.135.15.240][54318] -> [.137.49.110.186][..162] [SNMP][Unknown][Network][Acceptable] - idle: [.....7] [ip4][..udp] [..35.95.158.217][60440] -> [...30.79.214.36][..161] [SNMP][AmazonAWS][Network][Acceptable] + idle: [.....7] [ip4][..udp] [..35.95.158.217][60440] -> [...30.79.214.36][..161] [SNMP][AWS_EC2][Network][Acceptable] idle: [.....9] [ip4][..udp] [.131.179.49.165][60694] -> [..254.158.1.169][..161] [SNMP][Unknown][Network][Acceptable] idle: [....10] [ip4][..udp] [.131.179.49.165][35970] -> [..254.158.1.169][..161] [SNMP][Unknown][Network][Acceptable] - idle: [.....8] [ip4][..udp] [..35.95.158.217][49306] -> [...30.79.214.36][..161] [SNMP][AmazonAWS][Network][Acceptable] + idle: [.....8] [ip4][..udp] [..35.95.158.217][49306] -> [...30.79.214.36][..161] [SNMP][AWS_EC2][Network][Acceptable] new: [....12] [ip4][..udp] [.200.76.132.137][54318] -> [189.111.255.214][..162] detected: [....12] [ip4][..udp] [.200.76.132.137][54318] -> [189.111.255.214][..162] [SNMP][Unknown][Network][Acceptable] idle: [....11] [ip4][..udp] [..92.135.15.240][54318] -> [.137.49.110.186][..162] [SNMP][Unknown][Network][Acceptable] diff --git a/test/results/flow-info/default/soap.pcap.out b/test/results/flow-info/default/soap.pcap.out index bfef43f48..ca508d14f 100644 --- a/test/results/flow-info/default/soap.pcap.out +++ b/test/results/flow-info/default/soap.pcap.out @@ -2,16 +2,16 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] - detected: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Unknown][RPC][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Akamai][RPC][Acceptable] new: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Collaborative][Acceptable][go.microsoft.com] + detected: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Akamai][Collaborative][Acceptable][go.microsoft.com] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] detected: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] idle: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] - end: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Unknown][RPC][Acceptable] - idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Collaborative][Acceptable] + end: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Akamai][RPC][Acceptable] + idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Akamai][Collaborative][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/srvloc-v1.pcapng.out b/test/results/flow-info/default/srvloc-v1.pcapng.out index 91ebd5445..914d6b10e 100644 --- a/test/results/flow-info/default/srvloc-v1.pcapng.out +++ b/test/results/flow-info/default/srvloc-v1.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.23.220.116.175][..427] -> [.192.168.199.71][57782] - detected: [.....1] [ip4][..udp] [.23.220.116.175][..427] -> [.192.168.199.71][57782] [Service_Location_Protocol][Unknown][RPC][Acceptable] + detected: [.....1] [ip4][..udp] [.23.220.116.175][..427] -> [.192.168.199.71][57782] [Service_Location_Protocol][Akamai][RPC][Acceptable] new: [.....2] [ip4][..udp] [..250.83.105.78][51708] -> [.172.30.246.115][..427] detected: [.....2] [ip4][..udp] [..250.83.105.78][51708] -> [.172.30.246.115][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [.....2] [ip4][..udp] [..250.83.105.78][51708] -> [.172.30.246.115][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [.....1] [ip4][..udp] [.23.220.116.175][..427] -> [.192.168.199.71][57782] [Service_Location_Protocol][Unknown][RPC][Acceptable] + idle: [.....1] [ip4][..udp] [.23.220.116.175][..427] -> [.192.168.199.71][57782] [Service_Location_Protocol][Akamai][RPC][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/srvloc.pcap.out b/test/results/flow-info/default/srvloc.pcap.out index d1fc9ab93..3e3c35c15 100644 --- a/test/results/flow-info/default/srvloc.pcap.out +++ b/test/results/flow-info/default/srvloc.pcap.out @@ -290,13 +290,13 @@ DAEMON-EVENT: [Processed: 68 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 65|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 14] new: [....66] [ip4][..udp] [172.237.152.209][51708] -> [..165.144.84.62][..427] - detected: [....66] [ip4][..udp] [172.237.152.209][51708] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] + detected: [....66] [ip4][..udp] [172.237.152.209][51708] -> [..165.144.84.62][..427] [Service_Location_Protocol][Akamai][RPC][Acceptable] idle: [....65] [ip4][..udp] [.70.232.230.229][51197] -> [...85.111.52.57][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] DAEMON-EVENT: [Processed: 69 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 66|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 14] new: [....67] [ip4][..udp] [...58.36.157.61][53238] -> [..74.111.203.55][..427] detected: [....67] [ip4][..udp] [...58.36.157.61][53238] -> [..74.111.203.55][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [....66] [ip4][..udp] [172.237.152.209][51708] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] + idle: [....66] [ip4][..udp] [172.237.152.209][51708] -> [..165.144.84.62][..427] [Service_Location_Protocol][Akamai][RPC][Acceptable] DAEMON-EVENT: [Processed: 70 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 67|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 14] new: [....68] [ip4][..udp] [.227.134.81.212][37207] -> [...85.111.52.57][..427] @@ -463,13 +463,13 @@ detected: [...104] [ip4][..udp] [...87.0.217.242][54220] -> [...85.111.52.57][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...103] [ip4][..udp] [.70.193.198.250][29011] -> [..69.109.187.54][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] new: [...105] [ip4][..udp] [.54.251.198.222][40998] -> [..165.144.84.62][..427] - detected: [...105] [ip4][..udp] [.54.251.198.222][40998] -> [..165.144.84.62][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...105] [ip4][..udp] [.54.251.198.222][40998] -> [..165.144.84.62][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] idle: [...104] [ip4][..udp] [...87.0.217.242][54220] -> [...85.111.52.57][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] DAEMON-EVENT: [Processed: 108 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 105|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 20] new: [...106] [ip4][..udp] [...87.39.57.211][42486] -> [...90.141.37.56][..427] detected: [...106] [ip4][..udp] [...87.39.57.211][42486] -> [...90.141.37.56][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...105] [ip4][..udp] [.54.251.198.222][40998] -> [..165.144.84.62][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...105] [ip4][..udp] [.54.251.198.222][40998] -> [..165.144.84.62][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] new: [...107] [ip4][..udp] [..88.219.46.235][.7636] -> [..90.147.171.51][..427] detected: [...107] [ip4][..udp] [..88.219.46.235][.7636] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...106] [ip4][..udp] [...87.39.57.211][42486] -> [...90.141.37.56][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] @@ -601,7 +601,7 @@ new: [...136] [ip4][..udp] [..64.63.219.226][10207] -> [...90.141.37.56][..427] detected: [...136] [ip4][..udp] [..64.63.219.226][10207] -> [...90.141.37.56][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] new: [...137] [ip4][..udp] [.161.193.58.225][64776] -> [.186.112.202.53][..427] - detected: [...137] [ip4][..udp] [.161.193.58.225][64776] -> [.186.112.202.53][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...137] [ip4][..udp] [.161.193.58.225][64776] -> [.186.112.202.53][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] idle: [...134] [ip4][..udp] [..64.71.218.224][20366] -> [...85.111.52.57][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...136] [ip4][..udp] [..64.63.219.226][10207] -> [...90.141.37.56][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...135] [ip4][..udp] [...64.65.52.246][10179] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] @@ -609,7 +609,7 @@ DAEMON-EVENT: [Flows][active: 1 / 137|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 28] new: [...138] [ip4][..udp] [..65.62.197.248][45675] -> [..69.109.187.54][..427] detected: [...138] [ip4][..udp] [..65.62.197.248][45675] -> [..69.109.187.54][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...137] [ip4][..udp] [.161.193.58.225][64776] -> [.186.112.202.53][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...137] [ip4][..udp] [.161.193.58.225][64776] -> [.186.112.202.53][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] DAEMON-EVENT: [Processed: 141 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 138|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 28] new: [...139] [ip4][..udp] [..16.99.147.146][48728] -> [..165.144.84.62][..427] @@ -742,13 +742,13 @@ DAEMON-EVENT: [Processed: 170 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 167|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 32] new: [...168] [ip4][..udp] [.100.56.155.112][.1724] -> [..90.147.171.51][..427] - detected: [...168] [ip4][..udp] [.100.56.155.112][.1724] -> [..90.147.171.51][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...168] [ip4][..udp] [.100.56.155.112][.1724] -> [..90.147.171.51][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] idle: [...167] [ip4][..udp] [...81.24.43.106][58836] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] DAEMON-EVENT: [Processed: 171 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 168|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 32] new: [...169] [ip4][..udp] [.227.134.81.212][10457] -> [..74.111.203.55][..427] detected: [...169] [ip4][..udp] [.227.134.81.212][10457] -> [..74.111.203.55][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...168] [ip4][..udp] [.100.56.155.112][.1724] -> [..90.147.171.51][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...168] [ip4][..udp] [.100.56.155.112][.1724] -> [..90.147.171.51][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] DAEMON-EVENT: [Processed: 172 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 169|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 32] new: [...170] [ip4][..udp] [.75.137.134.242][.6448] -> [..74.111.203.55][..427] @@ -853,13 +853,13 @@ DAEMON-EVENT: [Processed: 195 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 192|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 34] new: [...193] [ip4][..udp] [...44.239.95.30][56105] -> [..74.111.203.55][..427] - detected: [...193] [ip4][..udp] [...44.239.95.30][56105] -> [..74.111.203.55][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...193] [ip4][..udp] [...44.239.95.30][56105] -> [..74.111.203.55][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] idle: [...192] [ip4][..udp] [..69.36.231.230][53489] -> [..90.111.212.50][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] DAEMON-EVENT: [Processed: 196 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 193|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 34] new: [...194] [ip4][..udp] [....80.16.0.251][49389] -> [..165.144.84.62][..427] detected: [...194] [ip4][..udp] [....80.16.0.251][49389] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...193] [ip4][..udp] [...44.239.95.30][56105] -> [..74.111.203.55][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...193] [ip4][..udp] [...44.239.95.30][56105] -> [..74.111.203.55][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] DAEMON-EVENT: [Processed: 197 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 194|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 34] new: [...195] [ip4][..udp] [...165.37.39.94][49159] -> [..69.109.187.54][..427] @@ -957,14 +957,14 @@ detected: [...215] [ip4][..udp] [.103.71.146.222][64387] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...214] [ip4][..udp] [.103.71.146.222][26355] -> [...90.141.37.56][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] new: [...216] [ip4][..udp] [.100.56.155.112][53130] -> [..90.111.212.50][..427] - detected: [...216] [ip4][..udp] [.100.56.155.112][53130] -> [..90.111.212.50][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...216] [ip4][..udp] [.100.56.155.112][53130] -> [..90.111.212.50][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] update: [...215] [ip4][..udp] [.103.71.146.222][64387] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] DAEMON-EVENT: [Processed: 219 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 216|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 38] new: [...217] [ip4][..udp] [...186.27.5.237][51315] -> [..90.147.171.51][..427] detected: [...217] [ip4][..udp] [...186.27.5.237][51315] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...215] [ip4][..udp] [.103.71.146.222][64387] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...216] [ip4][..udp] [.100.56.155.112][53130] -> [..90.111.212.50][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...216] [ip4][..udp] [.100.56.155.112][53130] -> [..90.111.212.50][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] new: [...218] [ip4][..udp] [..167.7.154.125][.8220] -> [...85.111.52.57][..427] detected: [...218] [ip4][..udp] [..167.7.154.125][.8220] -> [...85.111.52.57][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] update: [...217] [ip4][..udp] [...186.27.5.237][51315] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] @@ -987,13 +987,13 @@ DAEMON-EVENT: [Processed: 224 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 221|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 39] new: [...222] [ip4][..udp] [....34.220.38.0][54720] -> [.186.112.202.53][..427] - detected: [...222] [ip4][..udp] [....34.220.38.0][54720] -> [.186.112.202.53][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...222] [ip4][..udp] [....34.220.38.0][54720] -> [.186.112.202.53][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] idle: [...221] [ip4][..udp] [..67.159.16.150][35856] -> [..69.109.187.54][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] DAEMON-EVENT: [Processed: 225 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 222|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 39] new: [...223] [ip4][..udp] [..173.49.159.50][54834] -> [..74.111.203.55][..427] detected: [...223] [ip4][..udp] [..173.49.159.50][54834] -> [..74.111.203.55][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...222] [ip4][..udp] [....34.220.38.0][54720] -> [.186.112.202.53][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...222] [ip4][..udp] [....34.220.38.0][54720] -> [.186.112.202.53][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] DAEMON-EVENT: [Processed: 226 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 223|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 39] new: [...224] [ip4][..udp] [.206.17.216.171][53625] -> [..69.109.187.54][..427] @@ -1622,7 +1622,7 @@ DAEMON-EVENT: [Processed: 369 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 363|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 60] new: [...364] [ip4][..udp] [.100.56.155.112][12751] -> [...90.141.37.56][..427] - detected: [...364] [ip4][..udp] [.100.56.155.112][12751] -> [...90.141.37.56][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...364] [ip4][..udp] [.100.56.155.112][12751] -> [...90.141.37.56][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] idle: [...363] [ip4][..udp] [...185.211.4.13][55127] -> [..90.111.212.50][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...361] [ip4][..udp] [..166.191.37.51][27637] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...362] [ip4][..udp] [...166.65.42.37][37412] -> [...90.141.37.56][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] @@ -1630,7 +1630,7 @@ DAEMON-EVENT: [Flows][active: 1 / 364|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 60] new: [...365] [ip4][..udp] [.227.199.90.122][44046] -> [..90.111.212.50][..427] detected: [...365] [ip4][..udp] [.227.199.90.122][44046] -> [..90.111.212.50][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...364] [ip4][..udp] [.100.56.155.112][12751] -> [...90.141.37.56][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...364] [ip4][..udp] [.100.56.155.112][12751] -> [...90.141.37.56][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] DAEMON-EVENT: [Processed: 371 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 365|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 60] new: [...366] [ip4][..udp] [200.180.144.114][47863] -> [..90.147.171.51][..427] @@ -1745,7 +1745,7 @@ DAEMON-EVENT: [Processed: 396 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 7 / 390|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 78] new: [...391] [ip4][..udp] [..44.242.231.77][50261] -> [.186.112.202.53][..427] - detected: [...391] [ip4][..udp] [..44.242.231.77][50261] -> [.186.112.202.53][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...391] [ip4][..udp] [..44.242.231.77][50261] -> [.186.112.202.53][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] idle: [...384] [ip4][..udp] [.215.48.253.201][50630] -> [...90.141.37.56][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...386] [ip4][..udp] [.215.48.253.201][39194] -> [..69.109.187.54][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] idle: [...390] [ip4][..udp] [.215.48.253.201][49672] -> [.186.112.202.53][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] @@ -1755,7 +1755,7 @@ idle: [...387] [ip4][..udp] [.215.48.253.201][46653] -> [..90.145.180.58][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] new: [...392] [ip4][..udp] [..37.234.100.32][56813] -> [..90.145.180.58][..427] detected: [...392] [ip4][..udp] [..37.234.100.32][56813] -> [..90.145.180.58][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...391] [ip4][..udp] [..44.242.231.77][50261] -> [.186.112.202.53][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...391] [ip4][..udp] [..44.242.231.77][50261] -> [.186.112.202.53][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] DAEMON-EVENT: [Processed: 398 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 392|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 78] new: [...393] [ip4][..udp] [.27.134.169.220][44054] -> [...90.141.37.56][..427] @@ -1957,13 +1957,13 @@ DAEMON-EVENT: [Processed: 443 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 437|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 81] new: [...438] [ip4][..udp] [172.237.152.209][53093] -> [..90.147.171.51][..427] - detected: [...438] [ip4][..udp] [172.237.152.209][53093] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] + detected: [...438] [ip4][..udp] [172.237.152.209][53093] -> [..90.147.171.51][..427] [Service_Location_Protocol][Akamai][RPC][Acceptable] idle: [...437] [ip4][..udp] [..66.228.166.55][51471] -> [..69.109.187.54][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] DAEMON-EVENT: [Processed: 444 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 438|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 81] new: [...439] [ip4][..udp] [...82.19.88.220][49990] -> [.186.112.202.53][..427] detected: [...439] [ip4][..udp] [...82.19.88.220][49990] -> [.186.112.202.53][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...438] [ip4][..udp] [172.237.152.209][53093] -> [..90.147.171.51][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] + idle: [...438] [ip4][..udp] [172.237.152.209][53093] -> [..90.147.171.51][..427] [Service_Location_Protocol][Akamai][RPC][Acceptable] DAEMON-EVENT: [Processed: 445 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 439|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 81] new: [...440] [ip4][..udp] [..167.7.154.125][.2538] -> [...90.141.37.56][..427] @@ -2617,13 +2617,13 @@ DAEMON-EVENT: [Processed: 594 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 586|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 100] new: [...587] [ip4][..udp] [.34.214.128.211][50699] -> [..74.111.203.55][..427] - detected: [...587] [ip4][..udp] [.34.214.128.211][50699] -> [..74.111.203.55][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + detected: [...587] [ip4][..udp] [.34.214.128.211][50699] -> [..74.111.203.55][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] idle: [...586] [ip4][..udp] [..227.7.178.223][63301] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] DAEMON-EVENT: [Processed: 595 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 587|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 100] new: [...588] [ip4][..udp] [..67.159.16.150][44047] -> [...85.111.52.57][..427] detected: [...588] [ip4][..udp] [..67.159.16.150][44047] -> [...85.111.52.57][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] - idle: [...587] [ip4][..udp] [.34.214.128.211][50699] -> [..74.111.203.55][..427] [Service_Location_Protocol][AmazonAWS][RPC][Acceptable] + idle: [...587] [ip4][..udp] [.34.214.128.211][50699] -> [..74.111.203.55][..427] [Service_Location_Protocol][AWS_EC2][RPC][Acceptable] DAEMON-EVENT: [Processed: 596 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 588|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 100] new: [...589] [ip4][..udp] [231.223.121.213][38016] -> [..74.111.203.55][..427] diff --git a/test/results/flow-info/default/steam.pcapng.out b/test/results/flow-info/default/steam.pcapng.out index 2e0f7e878..383c7ac07 100644 --- a/test/results/flow-info/default/steam.pcapng.out +++ b/test/results/flow-info/default/steam.pcapng.out @@ -4,27 +4,27 @@ new: [.....1] [ip4][..udp] [.192.168.88.231][27036] -> [.192.168.88.255][27036] detected: [.....1] [ip4][..udp] [.192.168.88.231][27036] -> [.192.168.88.255][27036] [Steam][Unknown][Game][Fun] new: [.....2] [ip4][..tcp] [.192.168.88.231][59739] -> [....2.20.254.25][...80] - detected: [.....2] [ip4][..tcp] [.192.168.88.231][59739] -> [....2.20.254.25][...80] [HTTP.Steam][Unknown][Game][Fun][test.steampowered.com] + detected: [.....2] [ip4][..tcp] [.192.168.88.231][59739] -> [....2.20.254.25][...80] [HTTP.Steam][Akamai][Game][Fun][test.steampowered.com] new: [.....3] [ip4][..tcp] [.192.168.88.231][54243] -> [.188.114.98.224][..443] detected: [.....3] [ip4][..tcp] [.192.168.88.231][54243] -> [.188.114.98.224][..443] [TLS.Dota2][Cloudflare][Game][Fun][www.dota2.com] detection-update: [.....3] [ip4][..tcp] [.192.168.88.231][54243] -> [.188.114.98.224][..443] [TLS.Dota2][Cloudflare][Game][Fun][www.dota2.com] new: [.....4] [ip4][..udp] [.192.168.88.231][46604] -> [.155.133.252.86][27045] detected: [.....4] [ip4][..udp] [.192.168.88.231][46604] -> [.155.133.252.86][27045] [SteamDatagramRelay][Steam][Game][Fun] new: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] - detected: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Unknown][Game][Fun][api.steampowered.com] - detection-update: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Unknown][Game][Fun][api.steampowered.com] + detected: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Akamai][Game][Fun][api.steampowered.com] + detection-update: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Akamai][Game][Fun][api.steampowered.com] new: [.....6] [ip4][..tcp] [.162.254.198.46][27038] -> [.192.168.88.231][50983] detected: [.....6] [ip4][..tcp] [.162.254.198.46][27038] -> [.192.168.88.231][50983] [TLS.Steam][Steam][Game][Fun][ext3-sto1.steamserver.net] RISK: Known Proto on Non Std Port detection-update: [.....6] [ip4][..tcp] [.162.254.198.46][27038] -> [.192.168.88.231][50983] [TLS.Steam][Steam][Game][Fun][ext3-sto1.steamserver.net] RISK: Known Proto on Non Std Port new: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] - detected: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Unknown][Game][Fun][store.steampowered.com] - detection-update: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Unknown][Game][Fun][store.steampowered.com] + detected: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Akamai][Game][Fun][store.steampowered.com] + detection-update: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Akamai][Game][Fun][store.steampowered.com] idle: [.....1] [ip4][..udp] [.192.168.88.231][27036] -> [.192.168.88.255][27036] [Steam][Unknown][Game][Fun] - end: [.....2] [ip4][..tcp] [.192.168.88.231][59739] -> [....2.20.254.25][...80] [HTTP.Steam][Unknown][Game][Fun][test.steampowered.com] - idle: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Unknown][Game][Fun] - idle: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Unknown][Game][Fun] + end: [.....2] [ip4][..tcp] [.192.168.88.231][59739] -> [....2.20.254.25][...80] [HTTP.Steam][Akamai][Game][Fun][test.steampowered.com] + idle: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Akamai][Game][Fun] + idle: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Akamai][Game][Fun] idle: [.....4] [ip4][..udp] [.192.168.88.231][46604] -> [.155.133.252.86][27045] [SteamDatagramRelay][Steam][Game][Fun] idle: [.....6] [ip4][..tcp] [.162.254.198.46][27038] -> [.192.168.88.231][50983] [TLS.Steam][Steam][Game][Fun] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/default/stun_signal.pcapng.out b/test/results/flow-info/default/stun_signal.pcapng.out index 11a61e708..7b5e8f485 100644 --- a/test/results/flow-info/default/stun_signal.pcapng.out +++ b/test/results/flow-info/default/stun_signal.pcapng.out @@ -6,48 +6,48 @@ new: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] detected: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] new: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] - detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AWS_EC2][Network][Acceptable][] new: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] - detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN][AmazonAWS][Network][Acceptable][] + detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN][AWS_EC2][Network][Acceptable][] new: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] - detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN][AmazonAWS][Network][Acceptable][] + detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN][AWS_EC2][Network][Acceptable][] new: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] - detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN][AWS_EC2][Network][Acceptable][] new: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] - detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - detection-update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + detection-update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] - detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] - detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] - detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] new: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] new: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] - detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] - detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detection-update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + detection-update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] - detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.679| 0.149| 0.201| 40331.911| 3.900] [PKTLEN......: 56.000| 132.000| 91.900| 24.900| 621.500| 4.900] @@ -57,9 +57,9 @@ [IATS(ms)....: 83.9,0.0,92.5,7.8,46.1,91.4,0.0,37.9,40.0,9.1,41.9,367.7,0.1,441.0,0.0,600.8,610.2,117.9,49.9,49.8,64.2,212.9,679.4,8.7,0.0,503.8,102.9,201.0,101.8,9.3,62.2] [PKTLENS.....: 124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84] [ENTROPIES...: 5.8,5.8,5.9,5.8,5.7,5.6,5.9,5.9,5.8,5.8,5.9,5.8,5.7,5.1,5.8,5.3,5.9,5.8,5.8,5.7,5.9,5.8,5.1,5.8,5.2,5.2,5.1,5.8,5.8,5.6,5.1,5.8] - update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 17.079| 1.597| 3.547| 12584568.750| 2.800] [PKTLEN......: 76.000| 124.000| 81.500| 11.600| 133.800| 5.000] @@ -69,40 +69,40 @@ [IATS(ms)....: 4.1,63.0,0.0,180.8,3.5,1499.2,2002.8,0.0,4842.0,0.1,17079.4,30.0,28.1,10.0,178.6,30.7,1472.4,2000.5,31.0,3968.8,29.9,37.3,7.8,7927.3,28.5,35.4,6.5,7931.2,29.2,34.6,5.1] [PKTLENS.....: 76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84] [ENTROPIES...: 5.0,5.2,5.1,5.0,5.1,5.1,5.0,5.0,5.1,5.5,5.7,5.0,5.0,5.0,5.0,4.9,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.1,5.1,5.0,5.0,5.0,5.0,5.1] - update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] new: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] new: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] new: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] - detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] - detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] - detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] - detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] - detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] - detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] - detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.665| 0.153| 0.189| 35784.253| 4.000] [PKTLEN......: 56.000| 132.000| 94.200| 24.600| 605.900| 4.900] @@ -112,46 +112,46 @@ [IATS(ms)....: 68.5,0.1,70.3,29.3,44.7,113.4,0.0,43.2,26.5,8.5,31.0,313.6,0.3,410.7,0.0,665.0,630.5,122.5,190.5,61.6,378.1,7.9,325.5,42.2,76.0,424.9,96.8,5.4,434.3,47.7,66.2] [PKTLENS.....: 124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92] [ENTROPIES...: 5.9,5.8,5.9,5.7,5.9,5.8,5.8,6.0,5.8,5.8,5.9,5.8,5.8,5.2,5.7,5.1,5.8,5.8,5.9,5.7,5.7,5.9,5.2,5.1,5.1,5.8,5.9,5.8,5.1,5.8,5.8,5.8] - update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] - idle: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] + idle: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - idle: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] idle: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - idle: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + idle: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - idle: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + idle: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] - idle: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] + idle: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tailscale.pcap.out b/test/results/flow-info/default/tailscale.pcap.out index 1fd2d926a..b09f8f645 100644 --- a/test/results/flow-info/default/tailscale.pcap.out +++ b/test/results/flow-info/default/tailscale.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] - detected: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] [Tailscale][AmazonAWS][VPN][Acceptable] - analyse: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] [Tailscale][AmazonAWS][VPN][Acceptable] + detected: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] [Tailscale][AWS_EC2][VPN][Acceptable] + analyse: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] [Tailscale][AWS_EC2][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.000| 0.610| 0.605| 366311.899| 4.200] [PKTLEN......: 120.000| 156.000| 140.200| 15.400| 237.900| 5.000] @@ -13,5 +13,5 @@ [IATS(ms)....: 1831.6,1832.9,459.3,0.0,0.0,851.2,689.3,1999.7,305.0,1197.5,993.3,17.7,0.0,118.1,686.1,686.1,167.2,28.5,268.4,28.6,1001.5,1709.9,809.4,161.6,38.7,229.1,33.6,39.3,1000.9,1009.9,706.4] [PKTLENS.....: 120,120,138,156,156,156,156,120,138,156,120,138,156,120,138,120,138,120,156,138,156,156,120,138,120,156,156,138,156,156,156,120] [ENTROPIES...: 6.3,6.3,6.6,6.3,6.3,6.4,6.3,6.4,6.6,6.4,6.5,6.5,6.4,6.3,6.5,6.3,6.6,6.5,6.5,6.6,6.4,6.4,6.4,6.5,6.5,6.6,6.5,6.5,6.4,6.5,6.3,6.3] - idle: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] [Tailscale][AmazonAWS][VPN][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] [Tailscale][AWS_EC2][VPN][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/telegram_videocall.pcapng.out b/test/results/flow-info/default/telegram_videocall.pcapng.out index 75bca1718..825d17818 100644 --- a/test/results/flow-info/default/telegram_videocall.pcapng.out +++ b/test/results/flow-info/default/telegram_videocall.pcapng.out @@ -133,15 +133,15 @@ detected: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy new: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [MIDSTREAM] - detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] - end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] + detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AWS_EC2][Web][Safe] + end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AWS_EC2][Web][Safe] idle: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy idle: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy idle: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy - guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AWS_EC2][AWS_EC2][Cloud][Acceptable] idle: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/telnet.pcap.out b/test/results/flow-info/default/telnet.pcap.out index 64d6454eb..90ce3e407 100644 --- a/test/results/flow-info/default/telnet.pcap.out +++ b/test/results/flow-info/default/telnet.pcap.out @@ -18,6 +18,61 @@ [IATS(ms)....: 2.5,2.6,1.6,147.8,146.2,0.2,1.6,1.7,3.3,1.3,0.6,1.8,1.1,2.4,3.6,0.6,1.2,22.3,20.4,1.2,13.8,15.0,1.2,0.8,12.8,12.2,20.0,1107.3,1100.0,1232.8,1.4] [PKTLENS.....: 60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52] [ENTROPIES...: 4.3,4.8,4.8,5.0,4.8,4.8,4.9,4.7,5.1,5.3,4.6,5.0,5.0,4.8,4.8,4.8,5.6,4.9,4.9,4.9,4.8,4.9,4.9,4.7,4.9,4.8,5.5,4.8,5.0,4.7,5.0,4.8] + DAEMON-EVENT: [Processed: 92 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + new: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] + detected: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + detection-update: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials + analyse: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000|< 0.001|< 0.001|< 0.001|< 0.001| 1.000] + [PKTLEN......: 52.000| 1427.000| 97.800| 238.800| 57014.500| 3.700] + [BINS(c->s)..: 25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] + [PKTLENS.....: 56,56,52,67,58,59,73,53,53,53,53,53,53,53,53,53,62,53,53,53,53,53,53,53,53,53,54,53,53,53,1427,52] + [ENTROPIES...: 4.7,5.2,5.1,5.2,5.1,5.3,5.3,5.1,5.2,5.0,5.2,5.1,5.1,5.1,5.1,5.1,5.4,5.2,5.1,5.1,5.2,5.1,5.2,5.2,5.1,5.1,5.0,5.1,5.1,5.1,3.4,5.1] + end: [.....2] [ip4][..tcp] [..10.17.167.141][.5355] -> [...20.1.178.225][...23] [Telnet][Azure][RemoteAccess][Unsafe] + RISK: Unsafe Protocol, Clear-Text Credentials end: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][Unknown][RemoteAccess][Unsafe] RISK: Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls_certificate_too_long.pcap.out b/test/results/flow-info/default/tls_certificate_too_long.pcap.out index 77fa147e0..1c1f96daa 100644 --- a/test/results/flow-info/default/tls_certificate_too_long.pcap.out +++ b/test/results/flow-info/default/tls_certificate_too_long.pcap.out @@ -50,13 +50,13 @@ detection-update: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net] new: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] detection-update: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com] - detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Web][Acceptable][www.microsoft.com] + detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Akamai][Web][Acceptable][www.microsoft.com] detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net] - detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Acceptable][www.microsoft.com] + detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Akamai][Download][Acceptable][www.microsoft.com] RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt) new: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] - detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Web][Acceptable][www.microsoft.com] - detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Acceptable][www.microsoft.com] + detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Akamai][Web][Acceptable][www.microsoft.com] + detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Akamai][Download][Acceptable][www.microsoft.com] RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt) new: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [MIDSTREAM] new: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] @@ -133,9 +133,9 @@ idle: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net] guessed: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443] [TLS][Azure][Web][Safe] idle: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443] - end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Acceptable][www.microsoft.com] + end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Akamai][Download][Acceptable][www.microsoft.com] RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt) - end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Acceptable][www.microsoft.com] + end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Akamai][Download][Acceptable][www.microsoft.com] RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt) idle: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com] idle: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable] diff --git a/test/results/flow-info/default/tls_long_cert.pcap.out b/test/results/flow-info/default/tls_long_cert.pcap.out index 96ae9c9b8..11f6e06db 100644 --- a/test/results/flow-info/default/tls_long_cert.pcap.out +++ b/test/results/flow-info/default/tls_long_cert.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] - detected: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Unknown][Web][Safe][www.repubblica.it] - detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Unknown][Web][Safe][www.repubblica.it] - detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Unknown][Web][Safe][www.repubblica.it] - analyse: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Unknown][Web][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Akamai][Web][Safe][www.repubblica.it] + detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Akamai][Web][Safe][www.repubblica.it] + detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Akamai][Web][Safe][www.repubblica.it] + analyse: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Akamai][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.034| 0.008| 0.011| 130.013| 3.600] [PKTLEN......: 52.000| 1500.000| 532.900| 584.900| 342142.300| 4.100] @@ -15,5 +15,5 @@ [IATS(ms)....: 25.2,25.3,0.3,30.1,3.3,1.1,34.2,0.8,0.7,1.9,1.9,0.8,8.4,0.4,28.1,18.6,6.5,0.6,7.1,0.1,26.0,0.0,0.0,25.9,0.0,0.1,0.2,0.2,0.7,0.0,0.0] [PKTLENS.....: 64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500] [ENTROPIES...: 4.5,5.4,5.1,4.4,5.2,6.5,6.8,5.1,7.3,5.1,7.7,5.2,6.4,6.2,7.7,7.1,5.2,5.3,6.4,5.2,5.5,7.8,7.8,7.9,5.2,5.2,5.0,7.7,5.2,7.9,7.9,7.9] - end: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Unknown][Web][Safe][www.repubblica.it] + end: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Akamai][Web][Safe][www.repubblica.it] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/flow-info/default/tls_multiple_synack_different_seq.pcapng.out index 34da420c3..71c4d9929 100644 --- a/test/results/flow-info/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/flow-info/default/tls_multiple_synack_different_seq.pcapng.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] - detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Unknown][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] - detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Unknown][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] - detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Unknown][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] - idle: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Unknown][Cloud][Acceptable] + detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AWS_S3][Unknown][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] + detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AWS_S3][Unknown][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] + detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AWS_S3][Unknown][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] + idle: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AWS_S3][Unknown][Cloud][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/viber.pcap.out b/test/results/flow-info/default/viber.pcap.out index cd0be9feb..de55337e7 100644 --- a/test/results/flow-info/default/viber.pcap.out +++ b/test/results/flow-info/default/viber.pcap.out @@ -12,26 +12,26 @@ detected: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][mapi.apptimize.com] detection-update: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][mapi.apptimize.com] new: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] - detected: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe][mapi.apptimize.com] - detection-update: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe][mapi.apptimize.com] - detection-update: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe][mapi.apptimize.com] + detected: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AWS_EC2][Web][Safe][mapi.apptimize.com] + detection-update: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AWS_EC2][Web][Safe][mapi.apptimize.com] + detection-update: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AWS_EC2][Web][Safe][mapi.apptimize.com] new: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] - detected: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe][mapi.apptimize.com] + detected: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS][AWS_EC2][Web][Safe][mapi.apptimize.com] new: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] detected: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][media.cdn.viber.com] detection-update: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][media.cdn.viber.com] new: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] - detected: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AmazonAWS][Chat][Fun][media.cdn.viber.com] - detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AmazonAWS][Chat][Fun][media.cdn.viber.com] - detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AmazonAWS][Chat][Fun][media.cdn.viber.com] + detected: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun][media.cdn.viber.com] + detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun][media.cdn.viber.com] + detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun][media.cdn.viber.com] new: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] detected: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][dl-media.viber.com] detection-update: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][dl-media.viber.com] new: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] - detected: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com] - detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com] - detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com] - analyse: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun] + detected: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun][dl-media.viber.com] + detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun][dl-media.viber.com] + detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun][dl-media.viber.com] + analyse: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.048| 0.009| 0.015| 217.133| 3.300] [PKTLEN......: 52.000| 1500.000| 714.100| 673.400| 453425.200| 4.300] @@ -72,14 +72,14 @@ RISK: Susp Entropy new: [....18] [ip4][..tcp] [...192.168.0.17][45424] -> [....18.201.4.32][..443] new: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] - detected: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][AmazonAWS][Chat][Fun] + detected: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][AWS_EC2][Chat][Fun] new: [....20] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7987] - detected: [....20] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7987] [Viber][AmazonAWS][Chat][Fun] + detected: [....20] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7987] [Viber][AWS_EC2][Chat][Fun] new: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] - detected: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AmazonAWS][Web][Safe][brahe.apptimize.com] - detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AmazonAWS][Web][Safe][brahe.apptimize.com] - detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AmazonAWS][Web][Safe][brahe.apptimize.com] - analyse: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][AmazonAWS][Chat][Fun] + detected: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AWS_EC2][Web][Safe][brahe.apptimize.com] + detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AWS_EC2][Web][Safe][brahe.apptimize.com] + detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AWS_EC2][Web][Safe][brahe.apptimize.com] + analyse: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][AWS_EC2][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.525| 0.329| 0.210| 44226.417| 4.600] [PKTLEN......: 48.000| 285.000| 149.200| 100.400| 10086.100| 4.700] @@ -91,11 +91,11 @@ [ENTROPIES...: 6.4,5.1,3.4,6.5,3.5,5.1,6.5,4.0,3.5,6.5,3.5,5.1,4.0,6.4,3.5,6.5,3.4,5.0,4.0,6.4,3.5,6.4,3.5,5.1,4.0,6.5,3.5,6.4,3.5,5.1,4.0,6.5] new: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] new: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] - detected: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][AmazonAWS][Chat][Fun] + detected: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][AWS_EC2][Chat][Fun] new: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] - detected: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] [Viber][AmazonAWS][Chat][Fun] + detected: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] [Viber][AWS_EC2][Chat][Fun] update: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] - analyse: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][AmazonAWS][Chat][Fun] + analyse: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][AWS_EC2][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.531| 0.262| 0.245| 59968.385| 4.100] [PKTLEN......: 40.000| 285.000| 129.800| 99.700| 9932.100| 4.600] @@ -118,35 +118,35 @@ DAEMON-EVENT: [Flows][active: 26 / 26|skipped: 0|!detected: 0|guessed: 1|detection-updates: 18|updates: 4] new: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244] detected: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244] [Viber][Viber][Chat][Fun] - end: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe] - end: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe][mapi.apptimize.com] + end: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AWS_EC2][Web][Safe] + end: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS][AWS_EC2][Web][Safe][mapi.apptimize.com] idle: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][graph.facebook.com] idle: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] idle: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][www.google.com] - guessed: [....18] [ip4][..tcp] [...192.168.0.17][45424] -> [....18.201.4.32][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [....18] [ip4][..tcp] [...192.168.0.17][45424] -> [....18.201.4.32][..443] [TLS][AWS_EC2][Web][Safe] end: [....18] [ip4][..tcp] [...192.168.0.17][45424] -> [....18.201.4.32][..443] - end: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AmazonAWS][Web][Safe] - idle: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][AmazonAWS][Chat][Fun] - idle: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] [Viber][AmazonAWS][Chat][Fun] + end: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AWS_EC2][Web][Safe] + idle: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][AWS_EC2][Chat][Fun] + idle: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] [Viber][AWS_EC2][Chat][Fun] guessed: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] [QUIC][Google][Web][Acceptable] idle: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] idle: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443] [TLS.Google][Google][Web][Acceptable] idle: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [Viber][Viber][Chat][Fun] RISK: Susp Entropy idle: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][mapi.apptimize.com] - idle: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][AmazonAWS][Chat][Fun] - idle: [....20] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7987] [Viber][AmazonAWS][Chat][Fun] + idle: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][AWS_EC2][Chat][Fun] + idle: [....20] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7987] [Viber][AWS_EC2][Chat][Fun] idle: [....26] [ip4][.icmp] [...192.168.0.17] -> [...192.168.0.15] [ICMP][Unknown][Network][Acceptable] RISK: Susp Entropy idle: [....14] [ip4][..udp] [...192.168.0.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app.adjust.com] idle: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app-measurement.com] - idle: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com] + idle: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun][dl-media.viber.com] idle: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][media.cdn.viber.com] idle: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Unknown][Web][Safe][venetia.iad.appboy.com] idle: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][dl-media.viber.com] - idle: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AmazonAWS][Chat][Fun] - guessed: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] [TLS][AmazonAWS][Web][Safe] + idle: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AWS_Cloudfront][Chat][Fun] + guessed: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] [TLS][AWS_EC2][Web][Safe] end: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] idle: [....16] [ip4][..udp] [...192.168.0.17][44376] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][venetia.iad.appboy.com] DAEMON-EVENT: [Processed: 435 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -156,7 +156,7 @@ DAEMON-EVENT: [Processed: 446 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 28|skipped: 0|!detected: 0|guessed: 4|detection-updates: 18|updates: 4] new: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [MIDSTREAM] - detected: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AmazonAWS][Chat][Fun] + detected: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AWS_EC2][Chat][Fun] end: [....28] [ip4][..tcp] [..192.168.2.100][41184] -> [.....52.0.252.2][.5242] [Viber][Viber][Chat][Fun] idle: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244] [Viber][Viber][Chat][Fun] DAEMON-EVENT: [Processed: 447 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -165,5 +165,5 @@ detected: [....30] [ip4][..udp] [.192.168.12.156][40482] -> [...18.195.4.121][..443] [STUN][Viber][Network][Acceptable][] detection-update: [....30] [ip4][..udp] [.192.168.12.156][40482] -> [...18.195.4.121][..443] [STUN.ViberVoip][Viber][VoIP][Acceptable][viber.com] idle: [....30] [ip4][..udp] [.192.168.12.156][40482] -> [...18.195.4.121][..443] [STUN.ViberVoip][Viber][VoIP][Acceptable][viber.com] - idle: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AmazonAWS][Chat][Fun] + idle: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AWS_EC2][Chat][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/waze.pcap.out b/test/results/flow-info/default/waze.pcap.out index 7f94d3908..a48539176 100644 --- a/test/results/flow-info/default/waze.pcap.out +++ b/test/results/flow-info/default/waze.pcap.out @@ -9,54 +9,54 @@ new: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] new: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] new: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] - detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][roadshields.waze.com] + detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][roadshields.waze.com] new: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] - detected: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detected: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS][Google][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detected: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS][Google][Web][Safe][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] - detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] + detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Unknown][Download][Acceptable][xtra1.gpsonextra.net] RISK: Binary File/Data Transfer (Attempt) new: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] new: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] - detected: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - detected: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][roadshields.waze.com] + detected: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] + detected: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][roadshields.waze.com] new: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] new: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] new: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] new: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] new: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] - detected: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detected: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detected: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detected: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detected: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] + detected: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] new: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] - detected: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] + detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] + detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] - detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] + detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] analyse: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Unknown][Download][Acceptable][xtra1.gpsonextra.net] min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 3.681| 0.340| 0.885| 782653.260| 2.800] @@ -67,7 +67,7 @@ [IATS(ms)....: 3.7,3.9,21.8,22.4,3678.0,3680.6,286.1,284.3,338.9,393.5,330.3,329.4,54.6,2.0,179.3,179.5,2.6,51.2,50.7,3.1,28.5,76.3,51.1,51.3,122.7,73.5,10.2,59.1,52.6,58.3,56.5] [PKTLENS.....: 60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40] [ENTROPIES...: 4.4,4.7,4.7,5.5,4.6,7.0,4.6,6.9,4.6,5.6,4.7,6.8,4.7,7.0,4.6,3.0,4.6,7.0,4.7,6.2,4.7,6.6,4.7,1.7,4.7,1.7,4.7,1.4,4.6,1.7,4.7,4.7] - analyse: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + analyse: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.659| 0.289| 0.505| 255075.107| 3.300] [PKTLEN......: 40.000| 5501.000| 553.800| 1270.800| 1615041.000| 3.000] @@ -77,39 +77,39 @@ [IATS(ms)....: 1.2,10.9,357.2,367.1,474.4,475.3,8.1,9.0,265.9,317.7,52.0,0.9,0.6,0.3,0.3,1430.1,1483.3,119.5,172.8,51.4,51.9,1.4,0.9,0.5,0.4,0.3,0.4,1601.9,1658.8,0.2,57.1] [PKTLENS.....: 60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40] [ENTROPIES...: 4.3,4.7,4.7,5.2,4.7,7.4,4.6,7.3,4.7,7.0,6.9,4.6,7.6,4.7,6.1,4.6,8.0,4.7,6.8,4.6,7.6,4.6,7.7,4.6,7.6,4.7,6.2,4.7,8.0,4.6,6.8,4.6] - detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] + detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] - detected: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] - detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS][AmazonAWS][Web][Safe][] + detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] - detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS][AmazonAWS][Web][Safe][] + detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] - detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS][AmazonAWS][Web][Safe][] + detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] [MIDSTREAM] new: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [MIDSTREAM] @@ -120,7 +120,7 @@ new: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80] [MIDSTREAM] new: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443] [MIDSTREAM] new: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [MIDSTREAM] - analyse: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + analyse: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.416| 0.170| 0.135| 18249.146| 4.400] [PKTLEN......: 40.000| 21928.000| 1824.800| 4660.800| 21723256.000| 2.600] @@ -130,7 +130,7 @@ [IATS(ms)....: 1.3,1.6,226.9,227.5,336.5,387.2,51.3,1.2,297.2,297.8,252.5,309.4,358.7,415.9,0.8,0.5,0.5,0.6,254.3,305.5,51.8,52.5,211.3,161.3,248.0,249.1,81.3,79.5,208.7,209.7,0.6] [PKTLENS.....: 60,40,40,222,40,1408,40,2163,40,174,40,274,40,189,40,576,40,63,40,1408,40,12352,40,5512,40,21928,40,11345,40,40,40,40] [ENTROPIES...: 4.4,4.8,4.7,5.3,4.7,7.2,4.7,7.6,4.7,6.5,4.8,7.1,4.7,6.9,4.8,7.6,4.7,5.6,4.7,7.9,4.7,8.0,4.7,8.0,4.6,8.0,4.7,8.0,4.7,4.7,4.7,4.7] - analyse: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + analyse: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.449| 0.192| 0.280| 78147.936| 3.800] [PKTLEN......: 40.000| 11172.000| 1380.300| 2994.000| 8963944.000| 2.900] @@ -140,7 +140,7 @@ [IATS(ms)....: 2.4,2.8,291.8,292.5,279.8,332.4,52.7,50.7,425.1,475.7,259.9,310.7,0.7,51.4,0.6,0.7,0.5,0.3,293.9,546.0,252.8,1.5,20.2,21.2,56.9,56.8,156.2,205.9,52.7,4.2,1449.2] [PKTLENS.....: 60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40] [ENTROPIES...: 4.4,4.8,4.8,5.2,4.7,7.0,4.8,7.6,4.6,6.6,4.7,7.0,4.7,7.6,4.8,7.4,4.7,5.7,4.7,8.0,4.8,8.0,4.7,7.8,4.7,8.0,4.8,7.8,4.8,8.0,4.7,4.8] - analyse: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + analyse: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 5.891| 1.026| 1.779| 3164212.036| 3.400] [PKTLEN......: 40.000| 3646.000| 352.100| 731.900| 535720.000| 3.400] @@ -151,18 +151,18 @@ [PKTLENS.....: 60,40,40,222,40,1052,40,2175,40,366,40,274,40,221,40,541,40,93,40,1052,40,3646,40,189,40,301,40,317,40,77,40,40] [ENTROPIES...: 4.3,4.7,4.7,5.2,4.6,7.0,4.7,7.5,4.6,7.3,4.7,7.0,4.7,7.0,4.7,7.5,4.7,6.1,4.7,7.8,4.7,7.9,4.7,6.8,4.7,7.2,4.7,7.3,4.7,5.7,4.6,4.7] new: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] - detected: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443] detected: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443] [WhatsApp][Unknown][Chat][Acceptable] new: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] - detected: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] + detected: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] + detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS][AWS_EC2][Web][Safe][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] + detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher guessed: [....26] [ip4][..tcp] [...10.16.37.157][52953] -> [...200.160.4.49][...80] [HTTP][Unknown][Web][Acceptable][] end: [....26] [ip4][..tcp] [...10.16.37.157][52953] -> [...200.160.4.49][...80] @@ -173,30 +173,30 @@ guessed: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [TLS][Unknown][Web][Safe] end: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] idle: [.....2] [ip4][..udp] [.......10.8.0.1][46214] -> [..200.89.75.198][..123] [NTP][Unknown][System][Acceptable] - end: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][roadshields.waze.com] - end: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - end: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - end: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][roadshields.waze.com] - end: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - end: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - end: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - end: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][roadshields.waze.com] + end: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] + end: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] + end: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][roadshields.waze.com] + end: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] + end: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] + end: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][AWS_Cloudfront][Web][Acceptable][cres.waze.com] + end: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) - end: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) - end: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) - end: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) - end: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) - end: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - end: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - end: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - end: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher guessed: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443] [TLS][Unknown][Web][Safe] end: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443] @@ -212,11 +212,11 @@ end: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] not-detected: [.....1] [ip4][..tcp] [...10.16.37.157][42256] -> [..174.37.231.81][.5222] [Unknown][Unknown][Unspecified][Unrated] end: [.....1] [ip4][..tcp] [...10.16.37.157][42256] -> [..174.37.231.81][.5222] - end: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) - end: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) - end: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] + end: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.Waze][AWS_EC2][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) idle: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443] [WhatsApp][Unknown][Chat][Acceptable] guessed: [....27] [ip4][..tcp] [...10.16.37.157][52746] -> [...200.160.4.49][...80] [HTTP][Unknown][Web][Acceptable][] diff --git a/test/results/flow-info/default/webex.pcap.out b/test/results/flow-info/default/webex.pcap.out index c17cf08d2..2cc094580 100644 --- a/test/results/flow-info/default/webex.pcap.out +++ b/test/results/flow-info/default/webex.pcap.out @@ -49,9 +49,9 @@ detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] - detected: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS][Unknown][Web][Safe][] + detected: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS][Akamai][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Unknown][VoIP][Acceptable][] + detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Akamai][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] detected: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS][Webex][Web][Safe][] @@ -232,7 +232,7 @@ detected: [....43] [ip4][..tcp] [.......10.8.0.1][51839] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] - detected: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + detected: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AWS_EC2][Web][Safe][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older) new: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] new: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] @@ -242,9 +242,9 @@ RISK: HTTP Obsolete Server detection-update: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable][cp.pushwoosh.com] RISK: HTTP Obsolete Server - detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AWS_EC2][Web][Safe][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AWS_EC2][Web][Safe][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] detected: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] @@ -300,7 +300,7 @@ detection-update: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher update: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][Unknown][VoIP][Acceptable] - guessed: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [TLS][AWS_EC2][Web][Safe] end: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] end: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher @@ -321,7 +321,7 @@ RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - end: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe] + end: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AWS_EC2][Web][Safe] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] RISK: Obsolete TLS (v1.1 or older) @@ -409,7 +409,7 @@ RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....28] [ip4][..tcp] [.......10.8.0.1][51676] -> [..114.29.204.49][..443] [TLS][Webex][Web][Safe] RISK: Obsolete TLS (v1.1 or older) - end: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Unknown][VoIP][Acceptable] + end: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Akamai][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out index 97ffe0ef4..d1182cab3 100644 --- a/test/results/flow-info/default/wechat.pcap.out +++ b/test/results/flow-info/default/wechat.pcap.out @@ -595,27 +595,27 @@ detected: [...109] [ip4][..udp] [..192.168.1.103][53515] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com.lan] idle: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable] idle: [....84] [ip4][..udp] [..192.168.1.103][37578] -> [193.204.114.233][..123] [NTP][Unknown][System][Acceptable] - guessed: [....83] [ip4][..tcp] [..192.168.1.103][34981] -> [...95.101.34.33][...80] [HTTP][Unknown][Web][Acceptable][] + guessed: [....83] [ip4][..tcp] [..192.168.1.103][34981] -> [...95.101.34.33][...80] [HTTP][Akamai][Web][Acceptable][] RISK: Unidirectional Traffic end: [....83] [ip4][..tcp] [..192.168.1.103][34981] -> [...95.101.34.33][...80] - guessed: [....79] [ip4][..tcp] [..192.168.1.103][34996] -> [...95.101.34.33][...80] [HTTP][Unknown][Web][Acceptable][] + guessed: [....79] [ip4][..tcp] [..192.168.1.103][34996] -> [...95.101.34.33][...80] [HTTP][Akamai][Web][Acceptable][] RISK: Unidirectional Traffic end: [....79] [ip4][..tcp] [..192.168.1.103][34996] -> [...95.101.34.33][...80] - guessed: [....80] [ip4][..tcp] [..192.168.1.103][34999] -> [...95.101.34.33][...80] [HTTP][Unknown][Web][Acceptable][] + guessed: [....80] [ip4][..tcp] [..192.168.1.103][34999] -> [...95.101.34.33][...80] [HTTP][Akamai][Web][Acceptable][] RISK: Unidirectional Traffic end: [....80] [ip4][..tcp] [..192.168.1.103][34999] -> [...95.101.34.33][...80] - guessed: [....81] [ip4][..tcp] [..192.168.1.103][35000] -> [...95.101.34.33][...80] [HTTP][Unknown][Web][Acceptable][] + guessed: [....81] [ip4][..tcp] [..192.168.1.103][35000] -> [...95.101.34.33][...80] [HTTP][Akamai][Web][Acceptable][] RISK: Unidirectional Traffic end: [....81] [ip4][..tcp] [..192.168.1.103][35000] -> [...95.101.34.33][...80] idle: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Google][Web][Acceptable][safebrowsing.googleusercontent.com] idle: [...109] [ip4][..udp] [..192.168.1.103][53515] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable] - guessed: [....86] [ip4][..tcp] [..192.168.1.103][39195] -> [...95.101.34.34][...80] [HTTP][Unknown][Web][Acceptable][] + guessed: [....86] [ip4][..tcp] [..192.168.1.103][39195] -> [...95.101.34.34][...80] [HTTP][Akamai][Web][Acceptable][] RISK: Unidirectional Traffic end: [....86] [ip4][..tcp] [..192.168.1.103][39195] -> [...95.101.34.34][...80] - guessed: [....78] [ip4][..tcp] [..192.168.1.103][39207] -> [...95.101.34.34][...80] [HTTP][Unknown][Web][Acceptable][] + guessed: [....78] [ip4][..tcp] [..192.168.1.103][39207] -> [...95.101.34.34][...80] [HTTP][Akamai][Web][Acceptable][] RISK: Unidirectional Traffic end: [....78] [ip4][..tcp] [..192.168.1.103][39207] -> [...95.101.34.34][...80] - guessed: [....82] [ip4][..tcp] [..192.168.1.103][39231] -> [...95.101.34.34][...80] [HTTP][Unknown][Web][Acceptable][] + guessed: [....82] [ip4][..tcp] [..192.168.1.103][39231] -> [...95.101.34.34][...80] [HTTP][Akamai][Web][Acceptable][] RISK: Unidirectional Traffic end: [....82] [ip4][..tcp] [..192.168.1.103][39231] -> [...95.101.34.34][...80] guessed: [....21] [ip4][..tcp] [..192.168.1.103][49787] -> [.216.58.205.142][..443] [TLS][Google][Web][Safe] @@ -636,7 +636,7 @@ idle: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] idle: [....97] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable] - guessed: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] [HTTP][Unknown][Web][Acceptable][] + guessed: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] [HTTP][Akamai][Web][Acceptable][] RISK: Unidirectional Traffic end: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] guessed: [....75] [ip4][..tcp] [..192.168.1.103][58043] -> [203.205.147.171][..443] [TLS][Tencent][Web][Safe] diff --git a/test/results/flow-info/default/weibo.pcap.out b/test/results/flow-info/default/weibo.pcap.out index 258930a6f..151aeda20 100644 --- a/test/results/flow-info/default/weibo.pcap.out +++ b/test/results/flow-info/default/weibo.pcap.out @@ -171,7 +171,7 @@ RISK: Susp Entropy idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] idle: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][weibo.com] - guessed: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [TLS][AWS_EC2][Web][Safe] idle: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun][www.weibo.com] guessed: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443] [TLS][Alibaba][Web][Safe] diff --git a/test/results/flow-info/default/whatsapp_login_call.pcap.out b/test/results/flow-info/default/whatsapp_login_call.pcap.out index d31c4a508..d85d06553 100644 --- a/test/results/flow-info/default/whatsapp_login_call.pcap.out +++ b/test/results/flow-info/default/whatsapp_login_call.pcap.out @@ -9,7 +9,7 @@ new: [.....5] [ip4][..tcp] [....192.168.2.4][49173] -> [..93.186.135.82][...80] [MIDSTREAM] new: [.....6] [ip4][..tcp] [....192.168.2.4][49172] -> [..23.50.148.228][..443] [MIDSTREAM] new: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] [MIDSTREAM] - detected: [.....6] [ip4][..tcp] [....192.168.2.4][49172] -> [..23.50.148.228][..443] [TLS][Unknown][Web][Safe] + detected: [.....6] [ip4][..tcp] [....192.168.2.4][49172] -> [..23.50.148.228][..443] [TLS][Akamai][Web][Safe] new: [.....8] [ip4][..tcp] [....192.168.2.4][49175] -> [..17.172.100.53][..443] [MIDSTREAM] new: [.....9] [ip4][..tcp] [....192.168.2.4][49165] -> [..17.172.100.55][..443] [MIDSTREAM] new: [....10] [ip4][..tcp] [....192.168.2.4][49176] -> [..17.130.137.77][..443] [MIDSTREAM] @@ -223,7 +223,7 @@ end: [.....4] [ip4][..tcp] [....192.168.2.4][49169] -> [..17.173.66.102][..443] guessed: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] [HTTP][Unknown][Web][Acceptable][] end: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] - end: [.....6] [ip4][..tcp] [....192.168.2.4][49172] -> [..23.50.148.228][..443] [TLS][Unknown][Web][Safe] + end: [.....6] [ip4][..tcp] [....192.168.2.4][49172] -> [..23.50.148.228][..443] [TLS][Akamai][Web][Safe] guessed: [....15] [ip4][..tcp] [....192.168.2.4][49203] -> [..17.178.104.14][..443] [TLS][Apple][Web][Safe] RISK: TCP Connection Issues, Probing Attempt end: [....15] [ip4][..tcp] [....192.168.2.4][49203] -> [..17.178.104.14][..443] diff --git a/test/results/flow-info/default/windowsupdate_over_http.pcap.out b/test/results/flow-info/default/windowsupdate_over_http.pcap.out index 53d0330f1..7ab5abedc 100644 --- a/test/results/flow-info/default/windowsupdate_over_http.pcap.out +++ b/test/results/flow-info/default/windowsupdate_over_http.pcap.out @@ -2,8 +2,6 @@ new: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] detected: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][SoftwareUpdate][Safe][151.99.72.125] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI - detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][Download][Safe][151.99.72.125] - RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt) - idle: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][Download][Safe][151.99.72.125] - RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt) + idle: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][SoftwareUpdate][Safe][151.99.72.125] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/xiaomi.pcap.out b/test/results/flow-info/default/xiaomi.pcap.out index d3addbe04..d2d53aad5 100644 --- a/test/results/flow-info/default/xiaomi.pcap.out +++ b/test/results/flow-info/default/xiaomi.pcap.out @@ -18,7 +18,7 @@ DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] - detected: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] [Xiaomi][AmazonAWS][Web][Acceptable][fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com] + detected: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] [Xiaomi][AWS_EC2][Web][Acceptable][fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com] RISK: Susp Entropy idle: [.....2] [ip4][..tcp] [.115.164.74.232][.5222] -> [192.168.244.219][45904] [Xiaomi][Unknown][Web][Acceptable][47.241.35.73] RISK: Susp Entropy @@ -29,16 +29,16 @@ DAEMON-EVENT: [Processed: 33 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] - detected: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][AmazonAWS][Web][Acceptable][fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com] + detected: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][AWS_EC2][Web][Acceptable][fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com] RISK: Susp Entropy - idle: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] [Xiaomi][AmazonAWS][Web][Acceptable][fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com] + idle: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] [Xiaomi][AWS_EC2][Web][Acceptable][fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com] RISK: Susp Entropy DAEMON-EVENT: [Processed: 48 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] detected: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] [HTTP.Xiaomi][Alibaba][Web][Acceptable][203.107.1.65] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI - idle: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][AmazonAWS][Web][Acceptable][fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com] + idle: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][AWS_EC2][Web][Acceptable][fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com] RISK: Susp Entropy idle: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] [HTTP.Xiaomi][Alibaba][Web][Acceptable] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI diff --git a/test/results/flow-info/default/zoom.pcap.out b/test/results/flow-info/default/zoom.pcap.out index 6bc0b3535..317551bed 100644 --- a/test/results/flow-info/default/zoom.pcap.out +++ b/test/results/flow-info/default/zoom.pcap.out @@ -29,11 +29,11 @@ new: [....10] [ip4][.icmp] [..192.168.1.117] -> [....192.168.1.1] detected: [....10] [ip4][.icmp] [..192.168.1.117] -> [....192.168.1.1] [ICMP][Unknown][Network][Acceptable] new: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [MIDSTREAM] - detected: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][log.zoom.us] + detected: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][log.zoom.us] new: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] detected: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] - detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][log.zoom.us] - detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][log.zoom.us] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][log.zoom.us] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][log.zoom.us] new: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] detected: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] new: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] @@ -51,13 +51,13 @@ detected: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us] detection-update: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us] new: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] - detected: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][zoom.us] - detected: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][www3.zoom.us] - detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][zoom.us] - detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][zoom.us] - detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][www3.zoom.us] - detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][www3.zoom.us] - analyse: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable] + detected: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][zoom.us] + detected: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][www3.zoom.us] + detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][zoom.us] + detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][zoom.us] + detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][www3.zoom.us] + detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][www3.zoom.us] + analyse: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.211| 0.038| 0.059| 3527.760| 3.300] [PKTLEN......: 40.000| 1492.000| 663.000| 660.100| 435695.100| 4.200] @@ -196,9 +196,9 @@ idle: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] idle: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfr85zc.zoom.us] idle: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us] - idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable] - idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable] - idle: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][www3.zoom.us] + idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable] + idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable] + idle: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][www3.zoom.us] idle: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][log.zoom.us] idle: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][local] RISK: Error Code @@ -209,7 +209,7 @@ RISK: Obsolete TLS (v1.1 or older) idle: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Unknown][Video][Acceptable][zoomfrn99mmr.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - guessed: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [TLS][AWS_Cloudfront][Web][Safe] RISK: TCP Connection Issues, Probing Attempt end: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] end: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] diff --git a/test/results/flow-info/disable_protocols/pluralsight.pcap.out b/test/results/flow-info/disable_protocols/pluralsight.pcap.out index 71f95d928..be3d867ff 100644 --- a/test/results/flow-info/disable_protocols/pluralsight.pcap.out +++ b/test/results/flow-info/disable_protocols/pluralsight.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][pluralsight.com] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][pluralsight.com] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][pluralsight.com] + detected: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][pluralsight.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][pluralsight.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][pluralsight.com] new: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] new: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] detected: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun][pluralsight2.imgix.net] @@ -14,17 +14,17 @@ detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun][pluralsight.imgix.net] detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun][pluralsight.imgix.net] new: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] - detected: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][stt.pluralsight.com] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][stt.pluralsight.com] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun][stt.pluralsight.com] + detected: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][stt.pluralsight.com] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][stt.pluralsight.com] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun][stt.pluralsight.com] new: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] detected: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][www.pluralsight.com] detection-update: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][www.pluralsight.com] new: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] detected: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com] detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com] - idle: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun] - idle: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun] + idle: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun] + idle: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AWS_EC2][Streaming][Fun] idle: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun] idle: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun] idle: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun] diff --git a/test/results/flow-info/disable_protocols/soap.pcap.out b/test/results/flow-info/disable_protocols/soap.pcap.out index bfef43f48..ca508d14f 100644 --- a/test/results/flow-info/disable_protocols/soap.pcap.out +++ b/test/results/flow-info/disable_protocols/soap.pcap.out @@ -2,16 +2,16 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] - detected: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Unknown][RPC][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Akamai][RPC][Acceptable] new: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Collaborative][Acceptable][go.microsoft.com] + detected: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Akamai][Collaborative][Acceptable][go.microsoft.com] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] detected: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] idle: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] - end: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Unknown][RPC][Acceptable] - idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Collaborative][Acceptable] + end: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Akamai][RPC][Acceptable] + idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Akamai][Collaborative][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_use_client_port/iphone.pcap.out b/test/results/flow-info/disable_use_client_port/iphone.pcap.out index 65d0bb16f..213717171 100644 --- a/test/results/flow-info/disable_use_client_port/iphone.pcap.out +++ b/test/results/flow-info/disable_use_client_port/iphone.pcap.out @@ -53,10 +53,10 @@ new: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] detected: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-fmfmobile.icloud.com] detection-update: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mesu.apple.com] - detected: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Unknown][Web][Safe][gspe35-ssl.ls.apple.com] + detected: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Akamai][Web][Safe][gspe35-ssl.ls.apple.com] new: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] new: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] - detection-update: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Unknown][Web][Safe][gspe35-ssl.ls.apple.com] + detection-update: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Akamai][Web][Safe][gspe35-ssl.ls.apple.com] new: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] detected: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gateway.icloud.com] detected: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] [HTTP.Apple][Apple][ConnCheck][Safe][captive.apple.com] @@ -103,11 +103,11 @@ new: [....40] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] detected: [....40] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Unknown][Network][Acceptable] new: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] - detected: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Unknown][Web][Safe][iphone-ld.apple.com] + detected: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Akamai][Web][Safe][iphone-ld.apple.com] detected: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] - detection-update: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Unknown][Web][Safe][iphone-ld.apple.com] - detected: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Unknown][Web][Safe][cl4.apple.com] - detection-update: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Unknown][Web][Safe][cl4.apple.com] + detection-update: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Akamai][Web][Safe][iphone-ld.apple.com] + detected: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Akamai][Web][Safe][cl4.apple.com] + detection-update: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Akamai][Web][Safe][cl4.apple.com] detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] new: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22] @@ -144,8 +144,8 @@ [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1076,424,90,186,424,52,90,52,52,52,52,623,52] [ENTROPIES...: 4.4,5.0,5.0,4.5,4.9,6.7,7.5,7.5,7.3,4.9,4.9,6.0,5.5,6.0,5.0,4.9,5.7,5.6,5.5,7.8,7.4,5.3,6.6,7.4,4.9,5.4,5.0,5.0,4.9,5.1,7.7,5.0] new: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] - detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com] - detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com] + detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][play.itunes.apple.com] + detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][play.itunes.apple.com] analyse: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.655| 0.067| 0.146| 21410.738| 2.900] @@ -156,7 +156,7 @@ [IATS(ms)....: 34.1,36.1,0.1,34.7,1.6,0.1,2.3,0.1,140.2,0.4,7.3,143.3,0.0,33.9,0.1,1.5,0.0,0.0,0.3,0.4,0.0,0.1,34.9,0.0,1.2,0.0,128.2,155.2,168.0,510.7,654.8] [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52] [ENTROPIES...: 4.4,5.2,5.1,4.5,5.1,6.7,7.5,7.5,7.3,4.9,5.0,6.0,5.7,6.0,5.0,5.0,5.7,5.8,5.5,7.8,5.5,7.4,5.5,4.9,5.5,5.0,5.0,4.9,7.7,5.0,4.5,5.1] - analyse: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun] + analyse: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.147| 0.026| 0.045| 1989.449| 3.200] [PKTLEN......: 52.000| 1492.000| 322.100| 461.100| 212650.100| 3.900] @@ -180,8 +180,8 @@ detected: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][sync.itunes.apple.com] detection-update: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][sync.itunes.apple.com] new: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] - detected: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][sync.itunes.apple.com] - detection-update: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][sync.itunes.apple.com] + detected: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][sync.itunes.apple.com] + detection-update: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][sync.itunes.apple.com] idle: [.....2] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac] idle: [....11] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff98:a29c] [ICMPV6][Unknown][Network][Acceptable] idle: [.....6] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun] @@ -199,7 +199,7 @@ idle: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable] idle: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mesu.apple.com] idle: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsp85-ssl.ls.apple.com] - idle: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Unknown][Web][Safe] + idle: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Akamai][Web][Safe] idle: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gspe35-ssl.ls.apple.com] idle: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsa.apple.com] idle: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][cl4.apple.com] @@ -216,8 +216,8 @@ idle: [.....7] [ip4][..udp] [....192.168.2.1][.5351] -> [......224.0.0.1][.5350] idle: [....22] [ip4][..udp] [...192.168.2.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [.....3] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][luca���s imac._odisk._tcp.local] - idle: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Unknown][Web][Safe] - idle: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun] + idle: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Akamai][Web][Safe] + idle: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun] idle: [.....1] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [.....4] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][luca���s imac._odisk._tcp.local] end: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] [HTTP.Apple][Apple][ConnCheck][Safe][captive.apple.com] @@ -226,8 +226,8 @@ idle: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] idle: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com] idle: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable] - idle: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Unknown][Web][Safe] - idle: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com] + idle: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Akamai][Web][Safe] + idle: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Akamai][Streaming][Fun][play.itunes.apple.com] end: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe] end: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe] idle: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Apple][Web][Safe] diff --git a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out index 610c1bd13..5a9b4c05a 100644 --- a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out +++ b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out @@ -632,7 +632,7 @@ new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Fun][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] - detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] + detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -710,60 +710,60 @@ new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] - detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] + detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] + detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] new: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][cdn.liftoff.io] + detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun][cdn.liftoff.io] new: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] - detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][] RISK: HTTP Susp User-Agent new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] new: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][] new: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [MIDSTREAM] - detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] - detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] new: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [MIDSTREAM] - detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] + detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM] - detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] + detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] - detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] - detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] @@ -771,13 +771,13 @@ idle: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] - idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] - idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] + idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] + idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] + idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] - idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] - idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] - idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] + idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] + idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] idle: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -785,18 +785,18 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] - idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] + idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][www.google-analytics.com] idle: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] - idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] @@ -810,7 +810,7 @@ idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) - idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] @@ -820,9 +820,9 @@ idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] - idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] - idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] + idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] idle: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] RISK: HTTP Susp User-Agent, Error Code idle: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] @@ -831,11 +831,11 @@ idle: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] - idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] - idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] - idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] + idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun] + idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] idle: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/flow_risk_infos_disabled/http_invalid_server.pcap.out b/test/results/flow-info/flow_risk_infos_disabled/http_invalid_server.pcap.out index 200990edb..2b70c3602 100644 --- a/test/results/flow-info/flow_risk_infos_disabled/http_invalid_server.pcap.out +++ b/test/results/flow-info/flow_risk_infos_disabled/http_invalid_server.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] - detected: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.rootg2.amazontrust.com] + detected: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][ocsp.rootg2.amazontrust.com] RISK: HTTP Susp User-Agent - detection-update: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.rootg2.amazontrust.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AWS_Cloudfront][Network][Safe][ocsp.rootg2.amazontrust.com] RISK: HTTP Susp User-Agent, HTTP Susp Header - end: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.rootg2.amazontrust.com] + end: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AWS_Cloudfront][Network][Safe][ocsp.rootg2.amazontrust.com] RISK: HTTP Susp User-Agent, HTTP Susp Header DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/fpc/1kxun.pcap.out b/test/results/flow-info/fpc/1kxun.pcap.out index 610c1bd13..5a9b4c05a 100644 --- a/test/results/flow-info/fpc/1kxun.pcap.out +++ b/test/results/flow-info/fpc/1kxun.pcap.out @@ -632,7 +632,7 @@ new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Fun][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] - detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] + detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -710,60 +710,60 @@ new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] - detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] + detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] + detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] new: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][cdn.liftoff.io] + detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun][cdn.liftoff.io] new: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] - detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][] RISK: HTTP Susp User-Agent new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] new: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][] new: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [MIDSTREAM] - detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] - detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] new: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [MIDSTREAM] - detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] + detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM] - detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] + detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] - detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] - detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] @@ -771,13 +771,13 @@ idle: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] - idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] - idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] + idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] + idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] + idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] - idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] - idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] - idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] + idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] + idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] idle: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -785,18 +785,18 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] - idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] + idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][www.google-analytics.com] idle: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] - idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] @@ -810,7 +810,7 @@ idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) - idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] @@ -820,9 +820,9 @@ idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] - idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] - idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] + idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] idle: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] RISK: HTTP Susp User-Agent, Error Code idle: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] @@ -831,11 +831,11 @@ idle: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] - idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] - idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] - idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] + idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun] + idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] idle: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/flow-info/guess_ip_before_port_enabled/1kxun.pcap.out index 610c1bd13..5a9b4c05a 100644 --- a/test/results/flow-info/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/flow-info/guess_ip_before_port_enabled/1kxun.pcap.out @@ -632,7 +632,7 @@ new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Fun][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] - detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] + detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -710,60 +710,60 @@ new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] - detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] + detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] + detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] new: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][cdn.liftoff.io] + detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun][cdn.liftoff.io] new: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] - detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][] RISK: HTTP Susp User-Agent new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] new: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][] new: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [MIDSTREAM] - detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] - detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] new: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [MIDSTREAM] - detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] + detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM] - detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] + detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] - detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] - detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] @@ -771,13 +771,13 @@ idle: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] - idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] - idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] + idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] + idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] + idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] - idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] - idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] - idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] + idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] + idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] idle: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -785,18 +785,18 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] - idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] + idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][www.google-analytics.com] idle: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] - idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] @@ -810,7 +810,7 @@ idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) - idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] @@ -820,9 +820,9 @@ idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] - idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] - idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] + idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] idle: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] RISK: HTTP Susp User-Agent, Error Code idle: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] @@ -831,11 +831,11 @@ idle: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] - idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] - idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] - idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] + idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun] + idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] idle: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/guessing_disable/webex.pcap.out b/test/results/flow-info/guessing_disable/webex.pcap.out index c17cf08d2..2cc094580 100644 --- a/test/results/flow-info/guessing_disable/webex.pcap.out +++ b/test/results/flow-info/guessing_disable/webex.pcap.out @@ -49,9 +49,9 @@ detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] - detected: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS][Unknown][Web][Safe][] + detected: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS][Akamai][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Unknown][VoIP][Acceptable][] + detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Akamai][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] detected: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS][Webex][Web][Safe][] @@ -232,7 +232,7 @@ detected: [....43] [ip4][..tcp] [.......10.8.0.1][51839] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] - detected: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + detected: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AWS_EC2][Web][Safe][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older) new: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] new: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] @@ -242,9 +242,9 @@ RISK: HTTP Obsolete Server detection-update: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable][cp.pushwoosh.com] RISK: HTTP Obsolete Server - detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AWS_EC2][Web][Safe][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AWS_EC2][Web][Safe][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] detected: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] @@ -300,7 +300,7 @@ detection-update: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher update: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][Unknown][VoIP][Acceptable] - guessed: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [TLS][AWS_EC2][Web][Safe] end: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] end: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher @@ -321,7 +321,7 @@ RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - end: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe] + end: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AWS_EC2][Web][Safe] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] RISK: Obsolete TLS (v1.1 or older) @@ -409,7 +409,7 @@ RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....28] [ip4][..tcp] [.......10.8.0.1][51676] -> [..114.29.204.49][..443] [TLS][Webex][Web][Safe] RISK: Obsolete TLS (v1.1 or older) - end: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Unknown][VoIP][Acceptable] + end: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Akamai][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher diff --git a/test/results/flow-info/hostname_dns_check/netflix.pcap.out b/test/results/flow-info/hostname_dns_check/netflix.pcap.out index 07c24bf75..7f6bc096a 100644 --- a/test/results/flow-info/hostname_dns_check/netflix.pcap.out +++ b/test/results/flow-info/hostname_dns_check/netflix.pcap.out @@ -11,29 +11,29 @@ detection-update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.us-west-2.prodaa.netflix.com] new: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] new: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] - detected: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detected: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] new: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detected: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detected: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] new: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.364| 0.040| 0.082| 6699.630| 3.200] [PKTLEN......: 52.000| 1500.000| 265.200| 396.800| 157454.800| 3.900] @@ -44,15 +44,15 @@ [PKTLENS.....: 64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52] [ENTROPIES...: 4.6,5.3,5.1,5.7,5.2,7.3,7.3,5.1,6.9,5.2,6.4,5.1,6.1,5.2,5.9,5.2,7.5,7.4,5.2,7.8,5.1,6.1,5.1,7.4,7.4,5.2,7.8,6.1,5.8,5.2,5.2,5.1] new: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] - detected: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] + detected: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] new: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] detected: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250] new: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] - detected: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] + detected: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] new: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] detected: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Unknown][Network][Acceptable] new: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] @@ -60,24 +60,24 @@ detection-update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com] new: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] new: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] - detected: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] - detected: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.350| 0.041| 0.077| 5966.970| 3.500] [PKTLEN......: 52.000| 1500.000| 530.200| 630.500| 397553.600| 4.000] @@ -91,10 +91,10 @@ detected: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net] detection-update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net] new: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] - detected: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net] - detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net] - detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net] - analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + detected: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Akamai][Video][Fun][art-s.nflximg.net] + detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Akamai][Video][Fun][art-s.nflximg.net] + detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Akamai][Video][Fun][art-s.nflximg.net] + analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 7.508| 0.502| 1.826| 3335198.867| 1.400] [PKTLEN......: 52.000| 1500.000| 358.800| 520.700| 271128.800| 3.800] @@ -109,16 +109,16 @@ detection-update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][artwork.akam.nflximg.net] new: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] new: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] - detected: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] - detected: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] + detected: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] + detected: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] new: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] - detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] + detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] new: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] detected: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com] detection-update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com] new: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] - detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com] - analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com] + detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][appboot.netflix.com] + analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][appboot.netflix.com] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.187| 0.029| 0.042| 1791.215| 4.000] [PKTLEN......: 52.000| 1500.000| 812.300| 674.900| 455511.900| 4.400] @@ -129,12 +129,12 @@ [PKTLENS.....: 64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64] [ENTROPIES...: 4.5,5.3,5.2,5.7,6.0,6.1,5.3,5.3,5.3,6.0,5.7,5.1,6.1,5.2,5.9,5.0,5.8,5.8,5.2,5.8,5.2,5.8,5.8,5.2,5.8,5.8,5.8,5.8,5.8,5.8,5.8,5.2] new: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] - detected: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] new: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] detected: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a803.dscg.akamai.net] new: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] - analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] + analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300] [PKTLEN......: 52.000| 1500.000| 795.600| 706.600| 499284.200| 4.300] @@ -148,14 +148,14 @@ new: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] detection-update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] new: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] - detected: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun][tp.akam.nflximg.com] - detected: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Akamai][Video][Fun][tp.akam.nflximg.com] + detected: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun][tp.akam.nflximg.com] + detection-update: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Akamai][Video][Fun][tp.akam.nflximg.com] RISK: HTTP Susp Content - detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] detected: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.145] @@ -357,7 +357,7 @@ [IATS(ms)....: 43.9,45.8,13.4,88.6,4.9,81.9,1250.8,92.5,118.4,0.7,544.2,69.2,495.5,501.7,62.9,1143.9,28.6,39.1,4432.0,83.0,87.8,169.9,586.4,795.5,292.9,509.0,501.2,1203.5,55.9,83.0,70.7] [PKTLENS.....: 64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500] [ENTROPIES...: 4.6,5.2,5.0,6.4,5.8,4.5,5.1,5.3,5.3,5.4,5.4,5.3,5.4,5.3,5.3,5.1,5.3,5.3,5.2,4.3,5.0,4.3,5.2,5.2,4.4,5.2,5.2,5.2,4.3,4.3,5.2,4.4] - analyse: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 30.086| 1.958| 7.380| 54461959.504| 1.100] [PKTLEN......: 52.000| 1500.000| 380.000| 556.900| 310128.200| 3.800] @@ -383,7 +383,7 @@ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt) detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.geo.netflix.com] new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] - analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 30.431| 1.003| 5.373| 28867930.620| 0.200] [PKTLEN......: 52.000| 1500.000| 379.500| 557.000| 310204.400| 3.800] @@ -393,22 +393,22 @@ [IATS(ms)....: 44.9,46.3,7.4,58.2,1.8,1.0,55.8,12.1,9.9,9.3,0.3,0.2,60.5,0.1,50.8,11.5,0.5,0.2,72.1,60.9,0.3,50.8,0.4,15.7,16.9,0.1,0.1,82.9,0.3,0.1,30431.5] [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52] [ENTROPIES...: 4.6,5.3,5.1,5.8,5.2,7.2,7.3,5.1,7.0,5.2,6.3,5.1,5.9,5.3,6.1,5.2,7.9,7.9,7.9,5.2,7.9,7.3,5.2,5.3,5.3,7.8,6.2,5.9,5.2,5.2,5.2,5.0] - detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.282| 0.053| 0.058| 3383.537| 4.200] [PKTLEN......: 52.000| 1500.000| 552.500| 629.700| 396553.700| 4.000] @@ -418,7 +418,7 @@ [IATS(ms)....: 50.8,52.1,6.3,61.1,40.7,74.7,170.4,11.8,79.4,67.6,2.0,57.4,55.8,1.7,0.8,0.2,0.2,82.5,79.7,0.2,94.6,127.5,60.6,282.5,10.6,27.6,38.0,39.9,42.9,7.7,0.7] [PKTLENS.....: 64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52] [ENTROPIES...: 4.6,5.4,5.2,4.4,5.2,7.2,7.7,5.2,6.5,6.0,5.1,7.8,6.2,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.4,5.2,5.2,7.8,5.2,7.9,7.9,5.2,6.2,5.2,5.8,5.1] - analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.333| 0.059| 0.083| 6944.879| 3.800] [PKTLEN......: 52.000| 1500.000| 746.100| 703.800| 495333.000| 4.200] @@ -462,37 +462,37 @@ detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] new: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] detected: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com] detection-update: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com] new: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] new: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] - detected: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detected: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detected: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detected: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] new: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detected: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.141| 0.020| 0.029| 838.464| 3.900] [PKTLEN......: 52.000| 1500.000| 420.800| 506.400| 256458.000| 4.100] @@ -507,9 +507,9 @@ detection-update: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a1907.dscg.akamai.net] new: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] new: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] - detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] - detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] - analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] + detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] + analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.501| 0.064| 0.122| 14766.799| 3.300] [PKTLEN......: 52.000| 1500.000| 442.800| 552.300| 305076.800| 4.000] @@ -519,7 +519,7 @@ [IATS(ms)....: 58.3,61.2,1.8,70.6,2.9,1.0,71.3,11.6,12.3,13.1,0.1,0.1,65.7,0.8,52.3,3.6,0.2,91.6,51.8,0.3,140.2,3.7,3.4,3.9,5.5,6.4,5.0,437.2,0.9,500.9,291.9] [PKTLENS.....: 64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500] [ENTROPIES...: 4.6,5.3,5.2,4.1,5.0,7.3,7.3,5.2,7.0,5.2,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.8,5.2,7.9,7.5,5.2,7.6,5.1,7.7,5.2,6.0,5.2,7.9,7.7,5.0,7.9] - analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] + analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.100| 0.036| 0.022| 464.586| 4.700] [PKTLEN......: 52.000| 1500.000| 1146.700| 613.300| 376142.500| 4.700] @@ -529,7 +529,7 @@ [IATS(ms)....: 16.7,17.7,12.0,38.5,0.5,12.7,40.1,27.1,27.1,58.5,99.8,81.1,33.9,23.7,53.8,53.8,65.1,48.0,65.4,13.9,30.9,13.3,28.7,40.4,54.5,28.8,29.4,29.4,27.5,25.5,25.5] [PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] [ENTROPIES...: 4.5,5.2,5.2,5.9,5.3,7.0,7.5,5.1,7.7,5.1,7.7,5.2,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.9,7.8,7.9,7.9,7.8,7.8] - analyse: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] + analyse: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.416| 0.126| 0.341| 116136.157| 2.600] [PKTLEN......: 52.000| 1500.000| 767.500| 698.900| 488505.900| 4.300] @@ -540,23 +540,23 @@ [PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52] [ENTROPIES...: 4.5,5.2,5.1,5.9,5.3,7.3,7.8,5.2,7.8,5.0,7.8,7.8,5.1,7.8,7.7,5.2,5.8,6.9,7.5,7.8,5.1,5.0,7.8,7.8,5.0,7.9,4.9,7.8,7.8,5.1,7.8,5.1] idle: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250] - guessed: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] [TLS][AWS_EC2][Web][Safe] RISK: Unidirectional Traffic end: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] - end: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] - idle: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] - end: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net] - idle: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun][tp.akam.nflximg.com] + end: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] + idle: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] + end: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-2.nflximg.net] + idle: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Akamai][Video][Fun][tp.akam.nflximg.com] RISK: HTTP Susp Content - idle: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] - idle: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net] - end: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] - idle: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] - end: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + idle: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] + idle: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Akamai][Video][Fun][art-1.nflximg.net] + end: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] + idle: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] + end: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - end: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + end: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - idle: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + idle: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS idle: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] idle: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] @@ -565,37 +565,37 @@ idle: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com] idle: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.us-west-2.prodaa.netflix.com] idle: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com] - end: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - idle: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - idle: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + end: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + idle: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + idle: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - idle: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + idle: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS idle: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Unknown][Network][Acceptable] idle: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a1907.dscg.akamai.net] idle: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net] idle: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com] idle: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][artwork.akam.nflximg.net] - end: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + end: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - end: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + end: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - idle: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + idle: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS - end: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] + end: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - end: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - end: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] - end: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] + end: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + end: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] + end: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][ichnaea.netflix.com] idle: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.geo.netflix.com] - end: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com] - idle: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun] - end: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - end: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + end: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][appboot.netflix.com] + idle: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Akamai][Video][Fun] + end: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] + end: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] + end: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] + end: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AWS_EC2][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS end: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.145] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt) diff --git a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out index 610c1bd13..5a9b4c05a 100644 --- a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out +++ b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out @@ -632,7 +632,7 @@ new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Fun][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] - detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] + detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -710,60 +710,60 @@ new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] - detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] + detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] new: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] new: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [MIDSTREAM] detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] new: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] + detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] new: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][cdn.liftoff.io] + detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun][cdn.liftoff.io] new: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] - detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][] RISK: HTTP Susp User-Agent new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] new: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][] new: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [MIDSTREAM] - detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] - detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] new: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [MIDSTREAM] - detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] + detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM] - detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] + detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] - detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] - detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] @@ -771,13 +771,13 @@ idle: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] - idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] - idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] + idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Akamai][Web][Acceptable][m.vpon.com] + idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][google.open-js.com] + idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] - idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] - idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] - idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] + idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] + idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AWS_EC2][Web][Acceptable][click.liftoff.io] idle: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] idle: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -785,18 +785,18 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] - idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AWS_EC2][Web][Acceptable][adexp.liftoff.io] + idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][www.google-analytics.com] idle: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Tracker_Ads][pagead2.googlesyndication.com] idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] - idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] - idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] + idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AWS_EC2][Web][Acceptable][setting.rayjump.com] idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] @@ -810,7 +810,7 @@ idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com] idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) - idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AWS_EC2][Web][Acceptable][adx-tk.rayjump.com] idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] @@ -820,9 +820,9 @@ idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] - idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] - idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] - idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AWS_EC2][Web][Acceptable][impression-east.liftoff.io] + idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] + idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AWS_EC2][Web][Acceptable][de01.rayjump.com] idle: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] RISK: HTTP Susp User-Agent, Error Code idle: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] @@ -831,11 +831,11 @@ idle: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] idle: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] - idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] - idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] - idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] - idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][cdn.liftoff.io] + idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AWS_Cloudfront][Media][Fun] + idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable][hybird.rayjump.com] + idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AWS_Cloudfront][Web][Acceptable] idle: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monitoring/stun_signal.pcapng.out b/test/results/flow-info/monitoring/stun_signal.pcapng.out index 11a61e708..7b5e8f485 100644 --- a/test/results/flow-info/monitoring/stun_signal.pcapng.out +++ b/test/results/flow-info/monitoring/stun_signal.pcapng.out @@ -6,48 +6,48 @@ new: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] detected: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] new: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] - detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AWS_EC2][Network][Acceptable][] new: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] - detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN][AmazonAWS][Network][Acceptable][] + detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN][AWS_EC2][Network][Acceptable][] new: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] - detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN][AmazonAWS][Network][Acceptable][] + detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN][AWS_EC2][Network][Acceptable][] new: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] - detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN][AWS_EC2][Network][Acceptable][] new: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] - detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - detection-update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + detection-update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] - detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] - detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] - detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] new: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] new: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] - detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] - detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detection-update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + detection-update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] - detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.679| 0.149| 0.201| 40331.911| 3.900] [PKTLEN......: 56.000| 132.000| 91.900| 24.900| 621.500| 4.900] @@ -57,9 +57,9 @@ [IATS(ms)....: 83.9,0.0,92.5,7.8,46.1,91.4,0.0,37.9,40.0,9.1,41.9,367.7,0.1,441.0,0.0,600.8,610.2,117.9,49.9,49.8,64.2,212.9,679.4,8.7,0.0,503.8,102.9,201.0,101.8,9.3,62.2] [PKTLENS.....: 124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84] [ENTROPIES...: 5.8,5.8,5.9,5.8,5.7,5.6,5.9,5.9,5.8,5.8,5.9,5.8,5.7,5.1,5.8,5.3,5.9,5.8,5.8,5.7,5.9,5.8,5.1,5.8,5.2,5.2,5.1,5.8,5.8,5.6,5.1,5.8] - update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 17.079| 1.597| 3.547| 12584568.750| 2.800] [PKTLEN......: 76.000| 124.000| 81.500| 11.600| 133.800| 5.000] @@ -69,40 +69,40 @@ [IATS(ms)....: 4.1,63.0,0.0,180.8,3.5,1499.2,2002.8,0.0,4842.0,0.1,17079.4,30.0,28.1,10.0,178.6,30.7,1472.4,2000.5,31.0,3968.8,29.9,37.3,7.8,7927.3,28.5,35.4,6.5,7931.2,29.2,34.6,5.1] [PKTLENS.....: 76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84] [ENTROPIES...: 5.0,5.2,5.1,5.0,5.1,5.1,5.0,5.0,5.1,5.5,5.7,5.0,5.0,5.0,5.0,4.9,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.1,5.1,5.0,5.0,5.0,5.0,5.1] - update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] new: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] new: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] new: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] - detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] - detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] - detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] - detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] - detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] - detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] new: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] - detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] + detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][] RISK: Unidirectional Traffic - analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.665| 0.153| 0.189| 35784.253| 4.000] [PKTLEN......: 56.000| 132.000| 94.200| 24.600| 605.900| 4.900] @@ -112,46 +112,46 @@ [IATS(ms)....: 68.5,0.1,70.3,29.3,44.7,113.4,0.0,43.2,26.5,8.5,31.0,313.6,0.3,410.7,0.0,665.0,630.5,122.5,190.5,61.6,378.1,7.9,325.5,42.2,76.0,424.9,96.8,5.4,434.3,47.7,66.2] [PKTLENS.....: 124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92] [ENTROPIES...: 5.9,5.8,5.9,5.7,5.9,5.8,5.8,6.0,5.8,5.8,5.9,5.8,5.8,5.2,5.7,5.1,5.8,5.8,5.9,5.7,5.7,5.9,5.2,5.1,5.1,5.8,5.9,5.8,5.1,5.8,5.8,5.8] - update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] - idle: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] + idle: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - idle: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] idle: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] - idle: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + idle: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - idle: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] + idle: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AWS_EC2][Network][Acceptable] RISK: Susp Entropy - idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] + idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] - idle: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable] + idle: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AWS_EC2][VoIP][Acceptable][signal.org] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monitoring/telegram_videocall.pcapng.out b/test/results/flow-info/monitoring/telegram_videocall.pcapng.out index 75bca1718..825d17818 100644 --- a/test/results/flow-info/monitoring/telegram_videocall.pcapng.out +++ b/test/results/flow-info/monitoring/telegram_videocall.pcapng.out @@ -133,15 +133,15 @@ detected: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy new: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [MIDSTREAM] - detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] - end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] + detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AWS_EC2][Web][Safe] + end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AWS_EC2][Web][Safe] idle: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy idle: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy idle: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy - guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AWS_EC2][AWS_EC2][Cloud][Acceptable] idle: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index 75bca1718..825d17818 100644 --- a/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -133,15 +133,15 @@ detected: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy new: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [MIDSTREAM] - detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] - end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] + detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AWS_EC2][Web][Safe] + end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AWS_EC2][Web][Safe] idle: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy idle: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy idle: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable] RISK: Susp Entropy - guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AWS_EC2][AWS_EC2][Cloud][Acceptable] idle: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/zoom_extra_dissection/zoom.pcap.out b/test/results/flow-info/zoom_extra_dissection/zoom.pcap.out index 6bc0b3535..317551bed 100644 --- a/test/results/flow-info/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/flow-info/zoom_extra_dissection/zoom.pcap.out @@ -29,11 +29,11 @@ new: [....10] [ip4][.icmp] [..192.168.1.117] -> [....192.168.1.1] detected: [....10] [ip4][.icmp] [..192.168.1.117] -> [....192.168.1.1] [ICMP][Unknown][Network][Acceptable] new: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [MIDSTREAM] - detected: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][log.zoom.us] + detected: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][log.zoom.us] new: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] detected: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] - detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][log.zoom.us] - detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][log.zoom.us] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][log.zoom.us] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][log.zoom.us] new: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] detected: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] new: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] @@ -51,13 +51,13 @@ detected: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us] detection-update: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us] new: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] - detected: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][zoom.us] - detected: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][www3.zoom.us] - detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][zoom.us] - detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][zoom.us] - detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][www3.zoom.us] - detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][www3.zoom.us] - analyse: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable] + detected: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][zoom.us] + detected: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][www3.zoom.us] + detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][zoom.us] + detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][zoom.us] + detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][www3.zoom.us] + detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][www3.zoom.us] + analyse: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.211| 0.038| 0.059| 3527.760| 3.300] [PKTLEN......: 40.000| 1492.000| 663.000| 660.100| 435695.100| 4.200] @@ -196,9 +196,9 @@ idle: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] idle: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfr85zc.zoom.us] idle: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us] - idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable] - idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable] - idle: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AmazonAWS][Video][Acceptable][www3.zoom.us] + idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable] + idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable] + idle: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][AWS_EC2][Video][Acceptable][www3.zoom.us] idle: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][log.zoom.us] idle: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][local] RISK: Error Code @@ -209,7 +209,7 @@ RISK: Obsolete TLS (v1.1 or older) idle: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Unknown][Video][Acceptable][zoomfrn99mmr.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - guessed: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [TLS][AmazonAWS][Web][Safe] + guessed: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [TLS][AWS_Cloudfront][Web][Safe] RISK: TCP Connection Issues, Probing Attempt end: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] end: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] diff --git a/test/results/flow_risk_infos_disabled/http_invalid_server.pcap.out b/test/results/flow_risk_infos_disabled/http_invalid_server.pcap.out index 64c85e76a..6dc277e2e 100644 --- a/test/results/flow_risk_infos_disabled/http_invalid_server.pcap.out +++ b/test/results/flow_risk_infos_disabled/http_invalid_server.pcap.out @@ -1,15 +1,15 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610492040,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1689351610492040,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdj8wOt8lQAFD6kEYtAAAAALAC\/\/9gewAAAgQFtAEDAwYBAQgKTnqLxQAAAAAEAgAA"} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1689351610504245,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAAPIGKHOPzA63wKgBHQBQyVB61nu9+pBGLqAS\/\/+ARwAAAgQFoAQCCAoTAnk8TnqLxQEDAwk="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1689351610504338,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610504338,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdj8wOt8lQAFD6kEYuetZ7voAQCARgbwAAAQEICk56i9ETAnk8"} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1689351610504451,"pkt":"EBMx8Tl2nFg8p+7MCABFAACGAABAAEAGAADAqAEdj8wOt8lQAFD6kEYuetZ7voAYCARgwQAAAQEICk56i9ETAnk8R0VUIC8gSFRUUC8xLjENCkhvc3Q6IG9jc3Aucm9vdGcyLmFtYXpvbnRydXN0LmNvbQ0KVXNlci1BZ2VudDogKioNCkFjY2VwdDogKi8qDQoNCg=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610504451,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":0,"content_type":"","user_agent":"**"}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610504451,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":0,"content_type":"","user_agent":"**"}}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610516723,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA07CcAAPIGfFOPzA63wKgBHQBQyVB61nu++pBGgIAQAICuFwAAAQEIChMCeUhOeovR"} -01403{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":402,"midstream":0,"thread_ts_usec":1689351610516826,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":200,"content_type":"application\/ocsp-response","user_agent":"**"}}} -01271{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610530140,"flow_dst_last_pkt_time":1689351610529997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":407,"midstream":0,"thread_ts_usec":1689351610530140,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} +01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":402,"midstream":0,"thread_ts_usec":1689351610516826,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":200,"content_type":"application\/ocsp-response","user_agent":"**"}}} +01276{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610530140,"flow_dst_last_pkt_time":1689351610529997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":407,"midstream":0,"thread_ts_usec":1689351610530140,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.rootg2.amazontrust.com"}} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645336 bytes -~~ total memory freed........: 8645336 bytes -~~ total allocations/frees...: 140552/140552 +~~ total memory allocated....: 9409710 bytes +~~ total memory freed........: 9409710 bytes +~~ total allocations/frees...: 154518/154518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars -~~ json message max len.......: 1408 chars -~~ json message avg len.......: 975 chars +~~ json message max len.......: 1413 chars +~~ json message avg len.......: 976 chars diff --git a/test/results/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out b/test/results/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out index acfab4bea..6c39e9100 100644 --- a/test/results/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out +++ b/test/results/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702228308364885} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702228308364885} 00839{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308364885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702228308364885,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308364885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1702228308364885,"pkt":"ILAB4IZiNObXAhsnht1gBp8UACgGQCABCwcKPcESlyb2Q6g4sMQqABRQQAIEFAAAAAAAACATnWYBu84tckQAAAAAoAL\/KH9nAAACBAWMBAIICukUG0AAAAAAAQMDBw=="} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308367897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1702228308367897,"pkt":"NObXAhsnILAB4IZiht1gDMV9ACgGeioAFFBAAgQUAAAAAAAAIBMgAQsHCj3BEpcm9kOoOLDEAbudZrVQLe3OLXJFoBL\/\/4e2AAACBATEBAIICnEgCajpFBtAAQMDCA=="} @@ -10,7 +10,7 @@ 01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308398326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1702228308398326,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 01515{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308398348,"flow_dst_last_pkt_time":1702228308398561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":4628,"midstream":0,"thread_ts_usec":1702228308398561,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","server_names":"www.prbtest.dev","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1D4","subjectDN":"CN=www.prbtest.dev","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:DB:34:F8:75:63:2C:7E:1E:C0:9D:75:82:7F:82:D2:33:6D:FE:B6","blocks":0}}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308484038,"flow_dst_last_pkt_time":1702228308437375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":4762,"midstream":0,"thread_ts_usec":1702228308484038,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1702228308484038} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/flow_risk_infos_disabled\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1702228308484038} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8656612 bytes -~~ total memory freed........: 8656612 bytes -~~ total allocations/frees...: 140564/140564 +~~ total memory allocated....: 9420986 bytes +~~ total memory freed........: 9420986 bytes +~~ total allocations/frees...: 154530/154530 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 604 chars ~~ json message max len.......: 1520 chars diff --git a/test/results/flow_risk_list_disable/flow_risk_lists.pcapng.out b/test/results/flow_risk_list_disable/flow_risk_lists.pcapng.out index a06eab946..2bd0d82ac 100644 --- a/test/results/flow_risk_list_disable/flow_risk_lists.pcapng.out +++ b/test/results/flow_risk_list_disable/flow_risk_lists.pcapng.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748453775522485} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1748453775522485} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453775522485,"flow_src_last_pkt_time":1748453775522485,"flow_dst_last_pkt_time":1748453775522485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453775522485,"l3_proto":"ip4","src_ip":"23.98.142.176","dst_ip":"8.8.8.8","src_port":53684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1748453775522485,"flow_dst_last_pkt_time":1748453775522485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1748453775522485,"pkt":"8tRBrmcJ8rX5LmCzCABFAAA8q89AAEAG2MoXYo6wCAgICNG0AFDQ4reOAAAAAKAC+vC\/EwAAAgQFtAQCCArWgqbhAAAAAAEDAwc="} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453778016680,"flow_src_last_pkt_time":1748453778016680,"flow_dst_last_pkt_time":1748453778016680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453778016680,"l3_proto":"ip6","src_ip":"2a02:26f7:d198:400::1","dst_ip":"2001:db8:200::1","src_port":44878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -8,7 +8,7 @@ 00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453778016680,"flow_src_last_pkt_time":1748453778016680,"flow_dst_last_pkt_time":1748453778016680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453778016680,"l3_proto":"ip6","src_ip":"2a02:26f7:d198:400::1","dst_ip":"2001:db8:200::1","src_port":44878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01210{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453775522485,"flow_src_last_pkt_time":1748453775522485,"flow_dst_last_pkt_time":1748453775522485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453778016680,"l3_proto":"ip4","src_ip":"23.98.142.176","dst_ip":"8.8.8.8","src_port":53684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1748453775522485,"flow_src_last_pkt_time":1748453775522485,"flow_dst_last_pkt_time":1748453775522485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1748453778016680,"l3_proto":"ip4","src_ip":"23.98.142.176","dst_ip":"8.8.8.8","src_port":53684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1748453778016680} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_list_disable\/pcap\/flow_risk_lists.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1748453778016680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8647384 bytes -~~ total memory freed........: 8647384 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9411790 bytes +~~ total memory freed........: 9411790 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 1215 chars diff --git a/test/results/fpc/1kxun.pcap.out b/test/results/fpc/1kxun.pcap.out index 35fc932f5..efe189864 100644 --- a/test/results/fpc/1kxun.pcap.out +++ b/test/results/fpc/1kxun.pcap.out @@ -1,5 +1,5 @@ -00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00799{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00799{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -687,7 +687,7 @@ 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01142{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01493{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -959,7 +959,7 @@ 02868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01112{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1086,27 +1086,27 @@ 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120591,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPtAADcGHEesaXlSwKgCfgBQlawVUngs+Pyij4AQAOvjqQAAAQEICsmibePytblgupUqqNl16+S0Pz2Eh252smBlVkADDp1rpWh885p2i36jktrhwQI+Nu8uV5x\/h60qcXO6Whaq0m\/wsIFVFwkjNhQQQMHPpn\/PFJJrQFfmeliOSIMA0uQzNkgA8fSpst3ub05uLstkKkSu5ijB2\/xlx396cIq9lsE21Dmmx5ZI2YNtbGAV7nPb\/Gpm4x31OdNtJrQ6jwV8Evjb8R9Pk8Q\/Df4MeMNe09WKNf6J4Zu7uJTuClN8SFc7mAIzkZHrUKrGOqdmbrDYqrTvGDavul\/Wx2erfsMftuaR4bHjTU\/2Pfidb6Zgme\/k8E3oXjuw8vcB74xUyxEU9wjl+OjBydN26adTyy8muI3Nnd28sU8LssqSRlGjYcFGVuQQeMEAit\/atpHFCmqU5J6f5lbyQ6iQqzfNz8vFJR57Pc9KOIjFcm1ydIJAwyoXnJXGDnFdUaMr3OSc4u6TJoVMauCoyx4IHA+grX2WrdtTgqwUmrO5O2mEqZmDKY8HZtxuz6d6znSdrs51XcGkupWkhIlEJjlOBkBR3rmlJxZ0wqrl03HwxtuLxxBQo\/eB+\/FbUnJy0K57e63dsUSJHFskQb1PY\/55q4zUWJt3vHYYZopJhuiU54cdAaUpKUkxxhPl91jQ0rk7ZRwvRCeT\/SplJrbYrkUI3f4n66a74A1CbVbmRrmM5nJMbSHn6nHH1962WIVj8xeWTnUlJvq\/zMPUNHl01haX9oyMR8rZyGHYj29xU8zkrozqYd0nyyVjKvLSN0AeULt+5t7+3NbQ2TZyVaUXYxL\/AEh5GK+dyysAxj6e3HetVJLY86eHvJnO3trGsmY1O2Pk9Tu9smtlM4HTipWGuI2jjcF0KEoCsWcg9uen4CpuaOMOW4huYYoltyxORwpG3Pt+NBfMoqzILy7VpZmVlJ3qFbIwwI747g8cVpFmFRtN29CtNYzFGknI3Md25c4Ue5547Vakck8M9W\/kYuosXT7MVjXyT8ofO1h6\/T3rRGDcnKzWxRntp4GZrmIhvvIhByAQPXpSbuaJKO5Qni+0r5ogUKuCzDJGOvfr6U1I0hzXuZVxGHQtsbJUnOCce+Pyo5kdNN6mZeWiRgKkm9uvFS\/I7Kc5a3NH4cfCH4pfGLxJD4V+FPw71zxLfSvtS00XTpLghsZ+ZlBVB6liAK56tanSdpOx7OAy7H5jJU8LTcm+yPrT4Ff8EBv2wfiz9g1L4vahoXgDTbmQm6tr+X7bqUUY6MsEXyBjngNIMY5xXnVc1oxbUFfzP0HLPDzNaqi8RJU79NXK3ov80fQtt\/wTm\/4I6fsKRWg\/au+K1p4j1owF5U8V6xtjDRbS2yxs+QSSAI335GRzg1xPF42u\/cWnl\/mfVw4d4UyZJ4qSct\/edv8AyWN9eyZ9GfsO\/tofsjftC6D4o8JfsjeCbzw34c8FXVtbzXyeFI7CyuXmzs8mOP5t3B++oOOcYzjnq0atKV6j1fzPoMrzLLcxpOGCTUIeSSd\/Tr66nwh\/wWM\/4KyftM+DP2rtY\/Zv\/Zp+LmoeEtD8H2kVjrN3pVtEtzfam6b5iZmVmWNFeNF2bfmDHJ4x34HCUatPnqL0Pl+J+Icbgca8JhJ8vLpJ9b9bPyPzk8Z\/EHx98TfEL+Jvij471jxJqMhy99r2pS3coJOcbpWO3r2r14U4Q+FWPgMTi8VinzVJtvzZl3sQMarxuZec+h9K0aj0OSm3fU\/cr\/gk5e2n7VH\/AARuHwa1m4ine10PXvB1zGyZ8vAlMO4e0c0RH0FfL4mPssW35o\/ashq\/2hkEYS\/llD5WuvzPwcvLW5sh9ju1IuIGMcwIPDKdp\/UGvoU+aN0flUouFWUezIGXEYcxgkHkAcmn01KUtbXHRQyYdm3RYIGO7D0HvUq4cxoiP7GjXsRKSRoDGzAnKkcj8cVWzujmbVX3"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_usec":1654385181857708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 01858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1654385181897114,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_usec":1654385183491860,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01762{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01760{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_usec":1654385183495868,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01749{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01747{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_usec":1654385183496601,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01743{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01741{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01080{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183514792,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 01078{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183517888,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 02774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_usec":1654385183520039,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_usec":1654385183618295,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01782{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01780{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1654385183642352,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_usec":1654385184096708,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -02081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1654385184117986,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} 01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} @@ -1114,7 +1114,7 @@ 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385184139299,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_usec":1654385184174078,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01523{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01528{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385184282680,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184845262,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} @@ -1124,22 +1124,22 @@ 02039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1584,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1654385184927393,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1654385184928623,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01002{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1654385184938285,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1654385184942273,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184942885,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} 04395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184943456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184943456,"pkt":"nLbQ0+MztKXvZygQCABFAAtciZ0AAPgGVjwSQgJawKgCfgBQi1Aw2KNaFQTlKYAYAIPjEAAAAQEICjG9uf4hNwYeQbsg9lrR\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCBQQQQKCUoJSgl8UFMqwlOyqPJLvJdD+U1NwRaJQ9yFWVy9j1ThsgYSZISdQTt7l0aOvfT7dnp7HxLU284nmrcovuRmbDuSYNebaPA77D5r1NHcRbmk\/k\/UTXZeKaPTqRmff1hp2aMrV+EOMsYM9L0e0be9d+nq1vx6vxXifgO42Uzav3qe7AhwINvqWvS8SEAfEquFoA\/wTCUObxKBzaJEGEWuIuiMHMehQxCPN5qyC4I1VUYZfKeZsQwKpBY8y07j343HSyzvpVtHL2PC\/GNx4ff7s5r6w3\/ADHhlHmfLLMQoh33N5mO6g+C8rX0sxNZ7w\/d7zbaPieyjX0o7\/8AzDl0kT4pXxPbZzDykFeXMY4l+AvWa2ms94QGqhRMiMpmhET2TDRFcotAsgmaPK6spMItCqr3b5w64e1GKCOvxUOhpSQWR7OkH9gVLWfRPK\/kXW30V3O8+7p+kes\/8Q7Fl7AqWgpGQU8DIImjRrRa\/vWczl9n2Ww2+z0o0tCsVrHszFPE1gs1oAUOxUsEBBMBZAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEEqAgICAgICAgICClPTxSts9ov42Qx7tO4gZDw3HKVxlhbHMAeSeNtnA+amLYflfMHlLYeL6c9dcX9Jju4VnbK2J5aq+yrIi6F5+9zNHdd+grSJy+AeP+Wt74LrdOvX7s9rek\/wDVglbL88fNIEPoqRAlRCYylUpSuI8UWQ0soyJSdwpWqzWRMK+6OKB723jiNzpolYe14Nsf0jXzPaHR66rhwzDHzusA1tmjxVpnEZfvdxudPZbadSfTs5tX1UlbXyVUriS46LktOXy3ca9tzrTq39VC\/moUFECBUpwg33qqUbmymOwXTCIQv5pKS\/mmBEGzU9B7LV39gCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBBA7IIIJUEh2QS+KmBLZQPI9l0P5ShKVMJS9dUwslKhMTlVw6sqaGcTU0hY4HodCrVtNZzDfQ3Gpo26qThvmUs2Utc00tcGskdoQ4dx679HdRPFn67w7xnS1o+Hq8TP8JU81ZGpq5hq8GcI5j3jETo73L09Lc+lu3u5PFPLGnrxOrtOJ9v+HPq+lqaGpdT1kLopG9HDddsYtGYfhtbb6u3vNNWuJW7iBqkQzqXUYEL+ajCfREHQ3KnBga7QpgwA26oYA64RGEebS3ROEYdB4E4q909Rgs7+4Wl8YPQhcW6piOqH7nybvbTa+0tPE8wxHE6kZSZomDGBoeAbea8LXjF5w4PH9GNLeWiI7teYFi8RM0aIqnaEVyjbogi0IqmaPBFZdK4R5E7fs8YxaElpINPA4b\/viqXt6Q+qeSvJvxOnfb6vHetZ\/rP9nY8OomQsBcBzAaADRoWT7DWIrGIXjRdEooCCLeqCKAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBAQEBAQEBAQEBAAFrEXCDA5vy\/RYvhktLUwtkie3Yi5afEKYnDzvE\/C9t4ltrbfcVzE\/yeduIWVKzLGKGKQOfSyH7zNbQ+R81rE5h\/Nvmby1uPBdzNLRnTn8Nv8A56teBurPzMJUIxKHihhLdFoS+ajslAlMLVKaJ9RUNijF3PNgkNdLTte0Vj1dRyjhbMMw1senORd7lpEcPo3heyrttGK+vq1vPuKmsrvVYnfe4z06rDUtmcQ\/J+YfEZ3Ov8Gk\/dhgSbCw6LF4UcIX1QEECowmEQdLqUiK55E6U5R+pEpR1UcCF\/NMQPZyu\/sAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQSoCCVBKghZBIQgkI6qw8klbP5RSkeCJhIrJiUqrMJhKi2Uut7jceCJiWx5SzfV4W9sVSXTU48T3m\/Fb6evan0e54d41q7eem\/Nf5t65MBzfhtpQyRxGjxo9i9HQ3OOaT+T9RfT2Hi2l9\/n5+sNBzjkXE8F5qilBqqTcPbqR7wvU0d1TU47S\/EeK+W9zs5m9PvU94aoCLkG4I6FdGH5+PaT3KMJzkB3UYEA4oDXJgwc3RRBjhMD4KTDc+BFDJVZyM7bhlPG4uPwXJvLRGm\/T+T9tOr4h1+lYld8ai05kFt+TVfn9f8Tr80TE7vhpzQsH5lOwboqi0eCKpmjwQTMGiKtx4QZXON4t63Ux3pKZwuCNJHeCracP23kjy5\/2luvj60f4dJ\/jPs73hFKyCIEsANrNsNgsX3ytYrWKx2Xg1RZM3QICANUEyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQQOyCCDW8\/ZepcZwaajmYCyRvdJGrHdCFMTh5HjfhOh4psr7fVjvHHyn3eacxYXUYPi8+H1LSHxOsDb2h0K2ieH8u+KeHa3h27vttWOaz\/GPdYnRQ4EqsJb7qI7LJSdCnPqJfykwtVtPDfCnS1JrpG9xmjbjdWrD9N4Bsptf41o4hs+bsSGG4UWg\/fJRYDwS9sQ97xnfxs9rMR+KXPy4uc57jdzjdcsy+dVzMzae8pTayhcvpa6junADcb3UpEVTMN1MRkFbCpbqmCJFEwtHKVVTlDrqiXs9Wf2AICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBAoIdEEqCUhBJZB5II6Low\/lFKglI0QSEWRaJQROUp0CJS28kMq+GV1Vh9QJ6OZ0bx1HVTEzHZ0aG51NC3VScS6Jk3P0FQ0U2KgRuOhcfYf7wuvT3GeLP2PhvmGl4+HuOP6Su81ZCwfMMLqzCXspqpwuAw9xxXpaO9tTi3MNPEPLe030Tqbeem0\/wAJcuzJgOK4DWGnxGmeyxsHgd0jxuvW0tWmrXNZfP8AfeGbrZak01q4Yy4IuFfDgiRVmEwgbphICRuoxkRLrA\/JT0jtvBDBDg2UJMSqm8ktcbi\/Rq8be6sX1OmO0PqPlTw\/9D2E69+Jv\/RzrPmIDEczVMzHczQ7lafcvHvbqtl+M8X3P6RvL2ieGIYN1m8tOiJRA1RWUzOqIV8NppaytjpYQXSSvDW\/FGu22+puNaujSObTiHo3h9gcOE4NBRxtAEbQXm27lhM5l\/THgfhmn4bsabekdo5+c+rZRsoeumaEBBFougiNEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01207{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385184944474,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01467{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01472{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1654385184944791,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 06316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184945955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184945955,"pkt":"nLbQ0+MztKXvZygQCABFABDwiZ8AAPgGUKYSQgJawKgCfgBQi1Aw2K6CFQTlKYAYAIPopAAAAQEICjG9uf4hNwYeEBAQEBAQEEqAgICAgICAgICAgIIFBBBJI1r2Fjtig5B6QuWjNRjFYIwZabSSw1c1XrPo+U\/aV4D+kbeN9pR96vf6OMA2V3wyEvmphdBQJCiYVcOgdVVscDBcucArVdG30p1dSKR6uqYPTRUGGNZYNZEzVXjh9J2ujTbaGPSIaJmvEjiOLPeCezYbNC572zL5\/wCK72d5upt6Qxt1k4UGk2Q4L2CLDSiqZl1aIRKYbaK8QrMpraKcK8oW0TCcpTuVWYWiUvxVJ7rVQULVe0FZ\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBBKghZBLZBLZB5IGxK6e7+UIS9FCUpCCVWEpCqnKUhT3XQI8lAltuhlLY9FYZvKuacTwWRojldJCDrE46K1NS1Z4etsPF9xtJxE5j2dMy\/mnAM00PqOKRxOLhYxS2uPcV1aWtic0nEv2m08W2PiWl8LXiJ+U\/2a9nLhMJGOrcszh7Tqad2\/wXraHiX+nVj83ieJ+S8xOpspzHt6ubYrhuI4ZUOgr6OWF4P0mr1KWpeM1l+H19pr7e801azErS48Vboc2S48UwROeze+EuQavHKuPE8SidDhsTg67h+F9y4N3vK6UTWv4n63y75b1d7qRr60Y04\/m3ji7mKDCcHGGURa2WRnIxrfoM2K\/O6l5iJj1l+r8xeKU2u3+Bpd5jEfKHHm3JJOpK5nzSZmeZTMCImU30UVRYiqZgsg3\/gLgorMakxOVt2Uw5WXG7iqXn0fRPs68Jjcby27vHFOI+rulFH2cAFtTqVk+4KzeqCKCLRdBFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBA7IIICAgICAgICAgICAglQEEqDF5noo63D5I5GhzXtLXaJE4c+729NzoX0rxxMPL2b8NdhOYKqgcDaOQ8n5p2W0S\/lPxrw+dhv9Xbz2iePp6MUeqnu8yEPsUpSlVWjltfDLDWyzPrZB7Gjbq9X6jy9tIvadafRnc+Yj6lhXq8brSS7+5Re2Iep5h336PtvhVn70tBGg13OpK534OkYL3uFVZC\/VFi90RCManCEzSALkq9YUm2IZHBcHr8SJMERDB9Ky0iHZsvDN1vJzp14XdZljFKaMvDS8NHRWw6dfy\/vtGs2xmGH1Di1ws4aEKuHjxM5xPdKdvNVleEh+CpK0IbhQl7RR\/YQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBA6IJUELIJbIPI9l1P5PSnQbIsgdQokSkeagSkaWSolI0QS21RMShqiUtkTlC3khmEY3PY8OY4tI1BBslUxaazmG25R4gYvhAbFM71iIflHULWurMcS\/Q+H+Y91tfu2nqhv+F5xylmOnEWLQQF5FiJmgEfFbaevNfwTh+s0fG\/C\/EK9O4rGfmg3JPDqu5nxMYOb8h+y66+I7iPVWPAfAdbMx\/IZlHh1g16idkZLdW9o7dL+Ibi0Yzg\/7F8B2kdd4\/isc3cS8Po6T1PBI2vLBys5RZjFwzqYzPq5fEfNOhpafwtrGcdvaHLMUrqnEq6Srq5TJJIbklYTOZfgNzudTcak6mpOZlQaFDnTt2uio3X4IiUzPZRCZgJ0A1RV6B4PYO3Dsr0kZaA+Udq8+N9Vjacy\/o3yb4bGx8J06zH3rcz+bdlV+pTN0CANUEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQEEqB0QS9EFOZvPE5niEHAvSLwxsGORV7BYSjlebdVpTs+Efad4fGnvabmv+riXNlo+YJfHVR6FSJpkeGNFy42ClrSvVOIdUynRtpMIiZygEM5nK0Q+k+GbeNHbx8oy0rOVc6uxp9\/ZiNgFjecy\/CeM7udzvLe0MTdZS8+Et1CUL+aJhFtvFWqlMzxVohSWTynhj8VxJrOU9k32itKxl2+F7C2+3MV\/0x3dBqZaTCMOJHLHDENTtdacPo9p0tno9NOKwky9i1NilOZaZ3My9nApE5Rs95TXrms5hqXEKgZR4sJom8rJdbfWqy\/DeZNjXbbvrpHFmvuKzmHhVUzZZrwgiXtJH9hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBCyCCCFkHkZdD+TsoW1RKWyH1QABuUTEpbeSHZC2iGUtkTE+iUjdEwlsiaoKcAmCpYKAbobhERMwq09VUxfg53t9zlMNK62pTtYqKqpn\/DTPf73JlF9bUv+KcqYHiowzRaNUVTAXREo28AohCLR4KVUw1RWV7l6mNXjNNTDeWVo+1HZ4bt53G809KPWYemsuQNhpGtbs1oA8li\/qTbacaelWkdohkm9VVsigi3qgigICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBAQEBAQEBAQEBAQEEqCB2QSnZBKUHL\/SNoTLlx0rYweyeHX8Fand85+0nazq+F9cR+GXBzday\/n+qUkXKlMMhlGlFZjLIydGjm+0fpUer0vDNGNbcRWfq6fiDhS4NO8G3KwgFXfQt1aNHZ3t8nK5HF8j5HG5cb3WMvlUTNrTaUg6rOWiBKiIT6DT4KThFouFMRlEqtHC+oqGU8QJc820V4hWlL61406d5dPy1hcWEYWIwB2rhd58FpWMPp3hnh9Nht4rH4p7tC4n48aupOH0z\/AL1Ge+R9IqJnL834zv8A4tvg0niGQ4KCTsKkfR5gkOzy5nFl5xYBD6e40IUuTzhmLabTyVSX5KvZKTqqS0qh5Kpw9po\/sIQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBCyCCAghZBBB5G3XQ\/k1BE8IOCEIEInKUhWKoWVVkv9iCWyIygQiapbeSBYIFvJTyIWTIWUVRlFo8ERlEDRBFoREpkQDVEZTNGiIRaBZFWycKKMVec6ZpvaMl\/1KtuIfp\/J22jX8Y0on05\/g9F4W0NpbDqsX9HVjEYhdN0CJEEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBAQEBAQEBAQEBAQEDoglQQKCUoJSg1XitRtrMr1UbjvEbHzU17vB8zbWu58K1qT7S8xuHK5zfA2W7+WLRiZhIShDMZALRmAc2xZb+kFFfm9nwPEbqM+394dGzJAZcvVDRe4BOil+48T0vibDUhysNs0g9CqYfKtPthJ4qkw2ieEG3UYSAdEwI7Dz6BWhS04hvnDPAewgOJ1bO+fYafmtKw\/beWPCfh1\/StWOfRNxLx\/7nUDqeF4M8wtp9EJl3+M+I\/ApNaz96XKnuc9xe4kucbkqH4aZmeZdH4KMd9z6gkaFwsph+w8t1n4dplV4vFwfTNtpb9KlxecJnq04aYVm\/IQlvuqroKMD2oof2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCVAQEHkXYFdD+TUN+qCCCBQQROUqnKULKExKHkiMpQgW3RZCyIhDlRJyoqNHggAeSGUQPNEZlFECIyiBa6IlNpbzRVEbIN84AQtfmmSVzb8kRsq37PoX2b6VbeJ2vMdod3ohaBvuWL7oqoDd0EyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggUEEBAQEBAQEBAQEBAQOiCVBAoJSglKDAcRP2sVLvBhUw8rxv8AZ2r9HluuaWVkrSNQ4rd\/KmvWa6ton3UVX5MoVcMndTVrJmm1nC\/1qcujbak6WpFodhwqRmIYQCCCJo7fFS+pbe1dxtsf7oc0zJhs2G4nKyRh5C7Q2TD5d4jstTZ7i1bRwx3LcabKkw5azwlA8AownIAALlIhHVhsPD3L8mK14qp2EU8Rve2hVoh73l\/wm291viXj7kN7zFiNPhOGumeQ1rG2Y3xU5fvt5udPbaWe0R2cXx3EJcTxKSqlN+Y6DwCS+b7vc219WdSyyPioc2XT+CTXHCprjTnFkftvLMT8KVDjBIfunDEQbAfpU8vJ84Xn9JrX0agToqy\/LRCUa3VMLCYHtRVf2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAghZBBB5FXQ\/k1A3Vkd0FVIpwIWUZRlAjyU5SgRuoMpbItHbKCnkyW0UYEN0C\/kERygiREdxEdho8EEQPNBECyKot2RVFAUxA6H6PQ\/yvVu8GD5qmp2fS\/szj\/xmrPyh3OAWhb+aFi+1pkEW9UEUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBKgICAgICAgICAgICAgdEEqCBQSlBKUFhjcLJqUNlAczmF2nY+9WZ6mlXUjF+Y9nlXNFhmSvAAAFTIAB07xWkdn8m+LRjxDXiP91v6yx520VnBCVVWhuXDPMDYZPUKqTla78G4nS\/gpy\/WeX\/E4pPwdSceze6yioMXpTDVxt5iNHBInD9fr7Xbb\/TnT1o592g5lyhiGHTudTsMsJ1BHgrRy+eeJ+XN3s9SZ046qsA6CoabGB99vZKYeFNNWJxNZ\/gy+WMr1+LVTTJE6OAHvOItooxh7Hhnge53upGa4r6ulMZR4PhPZMLY4YW953ioy+mU09DZbf4dOKw5JxBzC\/GK90cTj6vGe6PFS\/AeL+JTutSa1\/DDW\/wApRh4xqeqhPzdV4IRv+4sjneyXCyP3flis\/AmZWPGcuGNRAjQDRHiecM\/pdYlpzttEflqpVVYvdMD2ss39hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg"} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184953988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184953988,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} 02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184956858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184956858,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} @@ -1155,7 +1155,7 @@ 02479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184973564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184973564,"pkt":"nLbQ0+MztKXvZygQCABFAAXIKLQAAPgGV\/cSQGcewKgCfgBQjy5+eJ1f0XpgIYAYAIMAzwAAAQEICvuAHVOcUadRJQJEMyhfWzk4c69t8VudXr6pn+znDQ0VEhQPPcyGS61d5+1zHyZ4kw8InhkhW68pyvvrnzX5t\/H39maFxWc2r\/jFxwq\/hEVoXAiKHiLMU4\/KyHs5sV1wD559f9zcFztWUj0ihMMgtggEDfMxXUM9dFGV6JcgarAA5KIX8Rhx4KKjXR5FenSf6ir4Wu45nkDFW59zYej9BmKhpdMb8rY8eNPnAfGmIQzij55nkq\/uWJQgPv88G0x6gqY4XOyV9k8a+qsSfYKU5lLVQEUHepnWRDQfUc+335Q9qXuFH7f+8ng\/aQrf84kI7WaO+SnxnLQouz0Cv9v8f3lE+4owCfP1Cz8OEYnQkhXEehYZgVia7bxcHiv6v4xaanozJ5rmOorquwr9GrpFyxLzcpsLlUqzK+KacyS7QwJS\/Ky0\/PTcIlt8ZLwU7TL\/\/o1pr2hLdfT095T4mmP+2+1ddHU48Byxr3aLa3WT\/jG\/C3X6ePA0eanW9XpA7VJvL\/6JmLlix5z9hSS3OqzNKQTjBUM3s7KkvCOkhFHfw0EXJwWgoKSWmSsy5BrLZEfkM0FV7a+ikWpLo3uxdOw31fp7dfTjbB4kd6HRjhDkihmhg3Fxj9HXloHyHwvckfdTCsRiouxlgct7lNCoCgpUmfTu6Yyx7kf\/6aih8KzpyyqkP02jZkyX6OCTx82lz89o7u9CyGfsWhKD\/7BBbiMdXaKK4TysUCFlwE9GGF2seEuicF8r6CTuiOZsrl8ro7A0wal1282SC8UewlAVeiOv42DSkeq4dNBmW50TVjG35t+WUxNn4Q3p5nPJnsGwNKxtQn\/XWWm1U5Gt7+GDvLGqhGlz\/Ki8pfJccVYEawTw7SCN4wp\/3ocQ6vkT4Dpx9fSRTemmYi6pENOZS6VuARnHqwYSWl4t6yJoHK9sCfi9ST8HVXbqDXWFZ2q3BJnFLL2KjKRKEQ6cwz09MaWHVSAOYMFLPRa1P4jAx3PdtEcA6Suw\/o0nBxQpA1VcK\/L5h29Se6TnnwGGwNCLWwcEJVFxaxhV\/90VokUL7AtF\/O2q\/1vhOGyiX6EkZzZs6nexDcqCRxLporgd6yB4OIQ\/K5UvGbYe6+Sm7lH6OGAMK4UMwjkq9mCtaTHr7mvhnhxRuW7uj2lidYSV8hOTyPermC3rpaeQy2urqLgBbyapxA5Pobg8dWmnSefHpRew8i1Lo7xZJ2SpCdkX1yUKisC8EMEhExSgxRoJO6lJwnDpHM5WJ36k3Ry+3q9OcgN6NLQRO5pRs8nhTf4nqy7lt5uTY1pqNSduEscx56wTi21bJStBpnuJ8UvGJx\/R+YeP8QzcFQlKJycJlPLg6eX96ULPBZxzLMetvK3n66CoeI4YwUg4QxFhrIktxxA1moIwNkkn6SE2PJvny3Cxi6Q7lkUmD0rurnBMt9ApEb3z5XFrSDnmX6QwTGHURMLAjPSQ1rzsHHaLMjENdwshfdWaIsx0\/C+jJ4udEOtxA9Fm0BuIFf8jWdfxwPFpB7wf1zLIyaPgXgtem4PL4uFnUr\/LL8Mi6yuMoLm28awieMUxVDrx8BpEilb9smuibdWhYybgbrhRDSVz2VcvfeF7S52u5dohgrnorV7VIGu4Fbfjcdt5eZr90iPKqeLRmae8arWdU6pk0+036XKkyixVdtPL96eMfve4A6Zh9TvzUvY2yZhS+fWayDF170ogtacHtunN1Y8fbumfzzXBlbMPAxKwloCcANStnnowf0vhV+lwOAC5eJ0wwfBbE\/fZdlz+fa+lDBSbIFzwquAzceoahA\/CkYEf4Il0qBgoQR8xij74ARiwygmvlhBcVhebT1T8Wht+RIpph7wDNRWhIpJICJTvhB4xG3THeUUikIIY59QcKEF+mfeRHq7zWxIrV0MxaCgpfmHu"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1654385184982489,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} 04514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1654385185015695,"pkt":"nLbQ0+MztKXvZygQCABFAAEvXw0AAPgGJjcSQGcewKgCfgBQjzQ\/gIf3GAA7E4AYAIPMaQAAAQEICgAnDeicUad2d33ytWgxPP549E8++kcL03\/7Z00U1zPvd5U\/\/8YR2M0q4PPBMJux8PPglf8nf+J\/WlmA7T+B3oKJaxaPsyxAjo+gp2JAZ5f+d\/QE\/X16KoYvHYEq954+vunj+e3Gw9PlfRI7wGV\/Kcwu++3HT+gdRAlPuP4TwL+\/wXgPgV3QrzI7kWKnsqsRSgE4+UMeBH71hw57f63nFza\/qSLL\/OFoiNQfOuTbteZRPb6e0QR0tTv7ifp0lPj6fqAJqv05gqzIACaWCLm2CQJ3YQLH5hDxubHvodkW5lBnhujgmuZOB8zInqMh0Ahg+Dnl\/wXDsfHrS4oAAA0KMA0KDQo="} @@ -1163,32 +1163,32 @@ 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1654385185942149,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229374771,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} -01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229374794,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_usec":1654385229375778,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -02258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1654385229376461,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01036{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +01034{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229377895,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} -00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} +00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229377922,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_usec":1654385229378645,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -02258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1654385229379534,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01031{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +01029{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229398934,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1654385229399980,"pkt":"nLbQ0+MztKXvZygQCABFAACbqYhAAPUGMt80HbGxwKgCfgBQkOxILxECXvClqIAYAIBoGAAAAQEICvNkXe4Ae5ZkSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229406775,"pkt":"nLbQ0+MztKXvZygQCABFAADQbSRAAPUGBTQjnCwNwKgCfgBQpkaCxYqTe31v0oAYAHWAFwAAAQEICg9XxG0ZZxH8SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_usec":1654385229413001,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385229450708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01441{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01439{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_usec":1654385229460595,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01692{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01690{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1654385229557713,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":5,"flow_src_last_pkt_time":1654385229559611,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229559611,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkxAAEAGHePAqAJ+NB2xsZDsAFBe8KWoSC8RaYAQAfauuwAAAQEICgB7lxvzZF3uR0VUIC9pbXByZXNzaW9uP29wcmk9TmpJNVltVmhNakJqTkdNM05HTXdNUDViZFE5Xy1NY0ZjdngyeWc9PSZyaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWto"} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1654385229568829,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} @@ -1200,7 +1200,7 @@ 01573{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1654385232057407,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} 01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385232085154,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1214,19 +1214,19 @@ 01345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":4,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385234239203,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5RAAPUGSvIDer5GwKgCfgBQgRKT0VmtkWAGsYAYAHiq\/QAAAQEICk9CoLuWJXANSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjE0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPVpJSGdqdXNlZGg5Yk5qVWRLZ3BSZUsySU93alRKTnloV0psZHkvdUZiNUNYdnVnektUYnNkQWtqS2QvOHVSa1dDL0JlUnVJd2k0QWtueG9LeUJQcWVvTjBid2VRZnpFeWJZR0crVFdwdDBQL3NIQUpqUmdOdXVpWXUrOSs7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxNCBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1aSUhnanVzZWRoOWJOalVkS2dwUmVLMklPd2pUSk55aFdKbGR5L3VGYjVDWHZ1Z3pLVGJzZEFraktkLzh1UmtXQy9CZVJ1SXdpNEFrbnhvS3lCUHFlb04wYndlUWZ6RXliWUdHK1RXcHQwUC9zSEFKalJnTnV1aVl1KzkrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTQgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02185{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_usec":1654385235892637,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -02178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385236487007,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119358297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385120216027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} -01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} +01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} -00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} +00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385185166661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":6082,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} @@ -1234,18 +1234,18 @@ 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} -00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":12,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142861550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":27563,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":12,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385137088135,"flow_dst_last_pkt_time":1654385137795021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":37440,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":124042,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":8,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385145113565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":8192,"flow_src_tot_l4_payload_len":1183,"flow_dst_tot_l4_payload_len":18456,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} @@ -1257,7 +1257,7 @@ 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} -01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385129190022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":817,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":817,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi"}} @@ -1267,9 +1267,9 @@ 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385157162185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":508,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":508,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385157178524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":680,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":680,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":1950,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} -01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} -00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} -00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} +00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} 01215{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":19,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385146051643,"flow_dst_last_pkt_time":1654385146257351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":51980,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146481114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":4320,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":7485,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} @@ -1277,14 +1277,14 @@ 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385147163604,"flow_dst_last_pkt_time":1654385147585918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":97896,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":28,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385147363303,"flow_dst_last_pkt_time":1654385147935185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1578,"flow_dst_tot_l4_payload_len":131729,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":23,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385147316212,"flow_dst_last_pkt_time":1654385147926816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":126758,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} -00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 @@ -1293,9 +1293,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9257069 bytes -~~ total memory freed........: 9257069 bytes -~~ total allocations/frees...: 145272/145272 +~~ total memory allocated....: 10027715 bytes +~~ total memory freed........: 10027715 bytes +~~ total allocations/frees...: 159238/159238 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 525 chars ~~ json message max len.......: 11848 chars diff --git a/test/results/fpc/signal_videocall.pcapng.out b/test/results/fpc/signal_videocall.pcapng.out index 484d9876e..b23fd5a79 100644 --- a/test/results/fpc/signal_videocall.pcapng.out +++ b/test/results/fpc/signal_videocall.pcapng.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} 01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -28,7 +28,7 @@ 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1732024444862357} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1732024444862357} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 334/334 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659316 bytes -~~ total memory freed........: 8659316 bytes -~~ total allocations/frees...: 140886/140886 +~~ total memory allocated....: 9423754 bytes +~~ total memory freed........: 9423754 bytes +~~ total allocations/frees...: 154852/154852 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 2251 chars diff --git a/test/results/fpc_disabled/teams.pcap.out b/test/results/fpc_disabled/teams.pcap.out index 479a51e62..40f35dba2 100644 --- a/test/results/fpc_disabled/teams.pcap.out +++ b/test/results/fpc_disabled/teams.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00808{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -658,7 +658,7 @@ 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -667,9 +667,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10085540 bytes -~~ total memory freed........: 10085540 bytes -~~ total allocations/frees...: 143355/143355 +~~ total memory allocated....: 10852868 bytes +~~ total memory freed........: 10852868 bytes +~~ total allocations/frees...: 157331/157331 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 300 chars ~~ json message max len.......: 2506 chars diff --git a/test/results/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/guess_ip_before_port_enabled/1kxun.pcap.out index df9aa5d0d..c5ab6e934 100644 --- a/test/results/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/guess_ip_before_port_enabled/1kxun.pcap.out @@ -1,5 +1,5 @@ -00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00824{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -687,7 +687,7 @@ 01030{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 01023{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01167{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01288{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01518{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -959,7 +959,7 @@ 02893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1086,27 +1086,27 @@ 02529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120591,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPtAADcGHEesaXlSwKgCfgBQlawVUngs+Pyij4AQAOvjqQAAAQEICsmibePytblgupUqqNl16+S0Pz2Eh252smBlVkADDp1rpWh885p2i36jktrhwQI+Nu8uV5x\/h60qcXO6Whaq0m\/wsIFVFwkjNhQQQMHPpn\/PFJJrQFfmeliOSIMA0uQzNkgA8fSpst3ub05uLstkKkSu5ijB2\/xlx396cIq9lsE21Dmmx5ZI2YNtbGAV7nPb\/Gpm4x31OdNtJrQ6jwV8Evjb8R9Pk8Q\/Df4MeMNe09WKNf6J4Zu7uJTuClN8SFc7mAIzkZHrUKrGOqdmbrDYqrTvGDavul\/Wx2erfsMftuaR4bHjTU\/2Pfidb6Zgme\/k8E3oXjuw8vcB74xUyxEU9wjl+OjBydN26adTyy8muI3Nnd28sU8LssqSRlGjYcFGVuQQeMEAit\/atpHFCmqU5J6f5lbyQ6iQqzfNz8vFJR57Pc9KOIjFcm1ydIJAwyoXnJXGDnFdUaMr3OSc4u6TJoVMauCoyx4IHA+grX2WrdtTgqwUmrO5O2mEqZmDKY8HZtxuz6d6znSdrs51XcGkupWkhIlEJjlOBkBR3rmlJxZ0wqrl03HwxtuLxxBQo\/eB+\/FbUnJy0K57e63dsUSJHFskQb1PY\/55q4zUWJt3vHYYZopJhuiU54cdAaUpKUkxxhPl91jQ0rk7ZRwvRCeT\/SplJrbYrkUI3f4n66a74A1CbVbmRrmM5nJMbSHn6nHH1962WIVj8xeWTnUlJvq\/zMPUNHl01haX9oyMR8rZyGHYj29xU8zkrozqYd0nyyVjKvLSN0AeULt+5t7+3NbQ2TZyVaUXYxL\/AEh5GK+dyysAxj6e3HetVJLY86eHvJnO3trGsmY1O2Pk9Tu9smtlM4HTipWGuI2jjcF0KEoCsWcg9uen4CpuaOMOW4huYYoltyxORwpG3Pt+NBfMoqzILy7VpZmVlJ3qFbIwwI747g8cVpFmFRtN29CtNYzFGknI3Md25c4Ue5547Vakck8M9W\/kYuosXT7MVjXyT8ofO1h6\/T3rRGDcnKzWxRntp4GZrmIhvvIhByAQPXpSbuaJKO5Qni+0r5ogUKuCzDJGOvfr6U1I0hzXuZVxGHQtsbJUnOCce+Pyo5kdNN6mZeWiRgKkm9uvFS\/I7Kc5a3NH4cfCH4pfGLxJD4V+FPw71zxLfSvtS00XTpLghsZ+ZlBVB6liAK56tanSdpOx7OAy7H5jJU8LTcm+yPrT4Ff8EBv2wfiz9g1L4vahoXgDTbmQm6tr+X7bqUUY6MsEXyBjngNIMY5xXnVc1oxbUFfzP0HLPDzNaqi8RJU79NXK3ov80fQtt\/wTm\/4I6fsKRWg\/au+K1p4j1owF5U8V6xtjDRbS2yxs+QSSAI335GRzg1xPF42u\/cWnl\/mfVw4d4UyZJ4qSct\/edv8AyWN9eyZ9GfsO\/tofsjftC6D4o8JfsjeCbzw34c8FXVtbzXyeFI7CyuXmzs8mOP5t3B++oOOcYzjnq0atKV6j1fzPoMrzLLcxpOGCTUIeSSd\/Tr66nwh\/wWM\/4KyftM+DP2rtY\/Zv\/Zp+LmoeEtD8H2kVjrN3pVtEtzfam6b5iZmVmWNFeNF2bfmDHJ4x34HCUatPnqL0Pl+J+Icbgca8JhJ8vLpJ9b9bPyPzk8Z\/EHx98TfEL+Jvij471jxJqMhy99r2pS3coJOcbpWO3r2r14U4Q+FWPgMTi8VinzVJtvzZl3sQMarxuZec+h9K0aj0OSm3fU\/cr\/gk5e2n7VH\/AARuHwa1m4ine10PXvB1zGyZ8vAlMO4e0c0RH0FfL4mPssW35o\/ashq\/2hkEYS\/llD5WuvzPwcvLW5sh9ju1IuIGMcwIPDKdp\/UGvoU+aN0flUouFWUezIGXEYcxgkHkAcmn01KUtbXHRQyYdm3RYIGO7D0HvUq4cxoiP7GjXsRKSRoDGzAnKkcj8cVWzujmbVX3"} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_usec":1654385181857708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 01883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1654385181897114,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_usec":1654385183491860,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01787{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01785{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_usec":1654385183495868,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01774{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01772{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_usec":1654385183496601,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01768{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01766{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01105{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183514792,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 01103{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183517888,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 02799{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_usec":1654385183520039,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_usec":1654385183618295,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01807{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01805{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1654385183642352,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02082{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_usec":1654385184096708,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -02106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1654385184117986,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} 01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} @@ -1114,7 +1114,7 @@ 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385184139299,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_usec":1654385184174078,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01548{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01553{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385184282680,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184845262,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} @@ -1124,22 +1124,22 @@ 02064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1584,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1654385184927393,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1654385184928623,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1654385184938285,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1654385184942273,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184942885,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} 04420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184943456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184943456,"pkt":"nLbQ0+MztKXvZygQCABFAAtciZ0AAPgGVjwSQgJawKgCfgBQi1Aw2KNaFQTlKYAYAIPjEAAAAQEICjG9uf4hNwYeQbsg9lrR\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCBQQQQKCUoJSgl8UFMqwlOyqPJLvJdD+U1NwRaJQ9yFWVy9j1ThsgYSZISdQTt7l0aOvfT7dnp7HxLU284nmrcovuRmbDuSYNebaPA77D5r1NHcRbmk\/k\/UTXZeKaPTqRmff1hp2aMrV+EOMsYM9L0e0be9d+nq1vx6vxXifgO42Uzav3qe7AhwINvqWvS8SEAfEquFoA\/wTCUObxKBzaJEGEWuIuiMHMehQxCPN5qyC4I1VUYZfKeZsQwKpBY8y07j343HSyzvpVtHL2PC\/GNx4ff7s5r6w3\/ADHhlHmfLLMQoh33N5mO6g+C8rX0sxNZ7w\/d7zbaPieyjX0o7\/8AzDl0kT4pXxPbZzDykFeXMY4l+AvWa2ms94QGqhRMiMpmhET2TDRFcotAsgmaPK6spMItCqr3b5w64e1GKCOvxUOhpSQWR7OkH9gVLWfRPK\/kXW30V3O8+7p+kes\/8Q7Fl7AqWgpGQU8DIImjRrRa\/vWczl9n2Ww2+z0o0tCsVrHszFPE1gs1oAUOxUsEBBMBZAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEEqAgICAgICAgICClPTxSts9ov42Qx7tO4gZDw3HKVxlhbHMAeSeNtnA+amLYflfMHlLYeL6c9dcX9Jju4VnbK2J5aq+yrIi6F5+9zNHdd+grSJy+AeP+Wt74LrdOvX7s9rek\/wDVglbL88fNIEPoqRAlRCYylUpSuI8UWQ0soyJSdwpWqzWRMK+6OKB723jiNzpolYe14Nsf0jXzPaHR66rhwzDHzusA1tmjxVpnEZfvdxudPZbadSfTs5tX1UlbXyVUriS46LktOXy3ca9tzrTq39VC\/moUFECBUpwg33qqUbmymOwXTCIQv5pKS\/mmBEGzU9B7LV39gCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBBA7IIIJUEh2QS+KmBLZQPI9l0P5ShKVMJS9dUwslKhMTlVw6sqaGcTU0hY4HodCrVtNZzDfQ3Gpo26qThvmUs2Utc00tcGskdoQ4dx679HdRPFn67w7xnS1o+Hq8TP8JU81ZGpq5hq8GcI5j3jETo73L09Lc+lu3u5PFPLGnrxOrtOJ9v+HPq+lqaGpdT1kLopG9HDddsYtGYfhtbb6u3vNNWuJW7iBqkQzqXUYEL+ajCfREHQ3KnBga7QpgwA26oYA64RGEebS3ROEYdB4E4q909Rgs7+4Wl8YPQhcW6piOqH7nybvbTa+0tPE8wxHE6kZSZomDGBoeAbea8LXjF5w4PH9GNLeWiI7teYFi8RM0aIqnaEVyjbogi0IqmaPBFZdK4R5E7fs8YxaElpINPA4b\/viqXt6Q+qeSvJvxOnfb6vHetZ\/rP9nY8OomQsBcBzAaADRoWT7DWIrGIXjRdEooCCLeqCKAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBAQEBAQEBAQEBAAFrEXCDA5vy\/RYvhktLUwtkie3Yi5afEKYnDzvE\/C9t4ltrbfcVzE\/yeduIWVKzLGKGKQOfSyH7zNbQ+R81rE5h\/Nvmby1uPBdzNLRnTn8Nv8A56teBurPzMJUIxKHihhLdFoS+ajslAlMLVKaJ9RUNijF3PNgkNdLTte0Vj1dRyjhbMMw1senORd7lpEcPo3heyrttGK+vq1vPuKmsrvVYnfe4z06rDUtmcQ\/J+YfEZ3Ov8Gk\/dhgSbCw6LF4UcIX1QEECowmEQdLqUiK55E6U5R+pEpR1UcCF\/NMQPZyu\/sAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQSoCCVBKghZBIQgkI6qw8klbP5RSkeCJhIrJiUqrMJhKi2Uut7jceCJiWx5SzfV4W9sVSXTU48T3m\/Fb6evan0e54d41q7eem\/Nf5t65MBzfhtpQyRxGjxo9i9HQ3OOaT+T9RfT2Hi2l9\/n5+sNBzjkXE8F5qilBqqTcPbqR7wvU0d1TU47S\/EeK+W9zs5m9PvU94aoCLkG4I6FdGH5+PaT3KMJzkB3UYEA4oDXJgwc3RRBjhMD4KTDc+BFDJVZyM7bhlPG4uPwXJvLRGm\/T+T9tOr4h1+lYld8ai05kFt+TVfn9f8Tr80TE7vhpzQsH5lOwboqi0eCKpmjwQTMGiKtx4QZXON4t63Ux3pKZwuCNJHeCracP23kjy5\/2luvj60f4dJ\/jPs73hFKyCIEsANrNsNgsX3ytYrWKx2Xg1RZM3QICANUEyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQQOyCCDW8\/ZepcZwaajmYCyRvdJGrHdCFMTh5HjfhOh4psr7fVjvHHyn3eacxYXUYPi8+H1LSHxOsDb2h0K2ieH8u+KeHa3h27vttWOaz\/GPdYnRQ4EqsJb7qI7LJSdCnPqJfykwtVtPDfCnS1JrpG9xmjbjdWrD9N4Bsptf41o4hs+bsSGG4UWg\/fJRYDwS9sQ97xnfxs9rMR+KXPy4uc57jdzjdcsy+dVzMzae8pTayhcvpa6junADcb3UpEVTMN1MRkFbCpbqmCJFEwtHKVVTlDrqiXs9Wf2AICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBAoIdEEqCUhBJZB5II6Low\/lFKglI0QSEWRaJQROUp0CJS28kMq+GV1Vh9QJ6OZ0bx1HVTEzHZ0aG51NC3VScS6Jk3P0FQ0U2KgRuOhcfYf7wuvT3GeLP2PhvmGl4+HuOP6Su81ZCwfMMLqzCXspqpwuAw9xxXpaO9tTi3MNPEPLe030Tqbeem0\/wAJcuzJgOK4DWGnxGmeyxsHgd0jxuvW0tWmrXNZfP8AfeGbrZak01q4Yy4IuFfDgiRVmEwgbphICRuoxkRLrA\/JT0jtvBDBDg2UJMSqm8ktcbi\/Rq8be6sX1OmO0PqPlTw\/9D2E69+Jv\/RzrPmIDEczVMzHczQ7lafcvHvbqtl+M8X3P6RvL2ieGIYN1m8tOiJRA1RWUzOqIV8NppaytjpYQXSSvDW\/FGu22+puNaujSObTiHo3h9gcOE4NBRxtAEbQXm27lhM5l\/THgfhmn4bsabekdo5+c+rZRsoeumaEBBFougiNEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ"} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385184944474,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01492{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01497{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1654385184944791,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 06341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184945955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184945955,"pkt":"nLbQ0+MztKXvZygQCABFABDwiZ8AAPgGUKYSQgJawKgCfgBQi1Aw2K6CFQTlKYAYAIPopAAAAQEICjG9uf4hNwYeEBAQEBAQEEqAgICAgICAgICAgIIFBBBJI1r2Fjtig5B6QuWjNRjFYIwZabSSw1c1XrPo+U\/aV4D+kbeN9pR96vf6OMA2V3wyEvmphdBQJCiYVcOgdVVscDBcucArVdG30p1dSKR6uqYPTRUGGNZYNZEzVXjh9J2ujTbaGPSIaJmvEjiOLPeCezYbNC572zL5\/wCK72d5upt6Qxt1k4UGk2Q4L2CLDSiqZl1aIRKYbaK8QrMpraKcK8oW0TCcpTuVWYWiUvxVJ7rVQULVe0FZ\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBBKghZBLZBLZB5IGxK6e7+UIS9FCUpCCVWEpCqnKUhT3XQI8lAltuhlLY9FYZvKuacTwWRojldJCDrE46K1NS1Z4etsPF9xtJxE5j2dMy\/mnAM00PqOKRxOLhYxS2uPcV1aWtic0nEv2m08W2PiWl8LXiJ+U\/2a9nLhMJGOrcszh7Tqad2\/wXraHiX+nVj83ieJ+S8xOpspzHt6ubYrhuI4ZUOgr6OWF4P0mr1KWpeM1l+H19pr7e801azErS48Vboc2S48UwROeze+EuQavHKuPE8SidDhsTg67h+F9y4N3vK6UTWv4n63y75b1d7qRr60Y04\/m3ji7mKDCcHGGURa2WRnIxrfoM2K\/O6l5iJj1l+r8xeKU2u3+Bpd5jEfKHHm3JJOpK5nzSZmeZTMCImU30UVRYiqZgsg3\/gLgorMakxOVt2Uw5WXG7iqXn0fRPs68Jjcby27vHFOI+rulFH2cAFtTqVk+4KzeqCKCLRdBFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBA7IIICAgICAgICAgICAglQEEqDF5noo63D5I5GhzXtLXaJE4c+729NzoX0rxxMPL2b8NdhOYKqgcDaOQ8n5p2W0S\/lPxrw+dhv9Xbz2iePp6MUeqnu8yEPsUpSlVWjltfDLDWyzPrZB7Gjbq9X6jy9tIvadafRnc+Yj6lhXq8brSS7+5Re2Iep5h336PtvhVn70tBGg13OpK534OkYL3uFVZC\/VFi90RCManCEzSALkq9YUm2IZHBcHr8SJMERDB9Ky0iHZsvDN1vJzp14XdZljFKaMvDS8NHRWw6dfy\/vtGs2xmGH1Di1ws4aEKuHjxM5xPdKdvNVleEh+CpK0IbhQl7RR\/YQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBA6IJUELIJbIPI9l1P5PSnQbIsgdQokSkeagSkaWSolI0QS21RMShqiUtkTlC3khmEY3PY8OY4tI1BBslUxaazmG25R4gYvhAbFM71iIflHULWurMcS\/Q+H+Y91tfu2nqhv+F5xylmOnEWLQQF5FiJmgEfFbaevNfwTh+s0fG\/C\/EK9O4rGfmg3JPDqu5nxMYOb8h+y66+I7iPVWPAfAdbMx\/IZlHh1g16idkZLdW9o7dL+Ibi0Yzg\/7F8B2kdd4\/isc3cS8Po6T1PBI2vLBys5RZjFwzqYzPq5fEfNOhpafwtrGcdvaHLMUrqnEq6Srq5TJJIbklYTOZfgNzudTcak6mpOZlQaFDnTt2uio3X4IiUzPZRCZgJ0A1RV6B4PYO3Dsr0kZaA+Udq8+N9Vjacy\/o3yb4bGx8J06zH3rcz+bdlV+pTN0CANUEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQEEqB0QS9EFOZvPE5niEHAvSLwxsGORV7BYSjlebdVpTs+Efad4fGnvabmv+riXNlo+YJfHVR6FSJpkeGNFy42ClrSvVOIdUynRtpMIiZygEM5nK0Q+k+GbeNHbx8oy0rOVc6uxp9\/ZiNgFjecy\/CeM7udzvLe0MTdZS8+Et1CUL+aJhFtvFWqlMzxVohSWTynhj8VxJrOU9k32itKxl2+F7C2+3MV\/0x3dBqZaTCMOJHLHDENTtdacPo9p0tno9NOKwky9i1NilOZaZ3My9nApE5Rs95TXrms5hqXEKgZR4sJom8rJdbfWqy\/DeZNjXbbvrpHFmvuKzmHhVUzZZrwgiXtJH9hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBCyCCCFkHkZdD+TsoW1RKWyH1QABuUTEpbeSHZC2iGUtkTE+iUjdEwlsiaoKcAmCpYKAbobhERMwq09VUxfg53t9zlMNK62pTtYqKqpn\/DTPf73JlF9bUv+KcqYHiowzRaNUVTAXREo28AohCLR4KVUw1RWV7l6mNXjNNTDeWVo+1HZ4bt53G809KPWYemsuQNhpGtbs1oA8li\/qTbacaelWkdohkm9VVsigi3qgigICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBAQEBAQEBAQEBAQEEqCB2QSnZBKUHL\/SNoTLlx0rYweyeHX8Fand85+0nazq+F9cR+GXBzday\/n+qUkXKlMMhlGlFZjLIydGjm+0fpUer0vDNGNbcRWfq6fiDhS4NO8G3KwgFXfQt1aNHZ3t8nK5HF8j5HG5cb3WMvlUTNrTaUg6rOWiBKiIT6DT4KThFouFMRlEqtHC+oqGU8QJc820V4hWlL61406d5dPy1hcWEYWIwB2rhd58FpWMPp3hnh9Nht4rH4p7tC4n48aupOH0z\/AL1Ge+R9IqJnL834zv8A4tvg0niGQ4KCTsKkfR5gkOzy5nFl5xYBD6e40IUuTzhmLabTyVSX5KvZKTqqS0qh5Kpw9po\/sIQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBCyCCAghZBBB5G3XQ\/k1BE8IOCEIEInKUhWKoWVVkv9iCWyIygQiapbeSBYIFvJTyIWTIWUVRlFo8ERlEDRBFoREpkQDVEZTNGiIRaBZFWycKKMVec6ZpvaMl\/1KtuIfp\/J22jX8Y0on05\/g9F4W0NpbDqsX9HVjEYhdN0CJEEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBAQEBAQEBAQEBAQEDoglQQKCUoJSg1XitRtrMr1UbjvEbHzU17vB8zbWu58K1qT7S8xuHK5zfA2W7+WLRiZhIShDMZALRmAc2xZb+kFFfm9nwPEbqM+394dGzJAZcvVDRe4BOil+48T0vibDUhysNs0g9CqYfKtPthJ4qkw2ieEG3UYSAdEwI7Dz6BWhS04hvnDPAewgOJ1bO+fYafmtKw\/beWPCfh1\/StWOfRNxLx\/7nUDqeF4M8wtp9EJl3+M+I\/ApNaz96XKnuc9xe4kucbkqH4aZmeZdH4KMd9z6gkaFwsph+w8t1n4dplV4vFwfTNtpb9KlxecJnq04aYVm\/IQlvuqroKMD2oof2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCVAQEHkXYFdD+TUN+qCCCBQQROUqnKULKExKHkiMpQgW3RZCyIhDlRJyoqNHggAeSGUQPNEZlFECIyiBa6IlNpbzRVEbIN84AQtfmmSVzb8kRsq37PoX2b6VbeJ2vMdod3ohaBvuWL7oqoDd0EyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggUEEBAQEBAQEBAQEBAQOiCVBAoJSglKDAcRP2sVLvBhUw8rxv8AZ2r9HluuaWVkrSNQ4rd\/KmvWa6ton3UVX5MoVcMndTVrJmm1nC\/1qcujbak6WpFodhwqRmIYQCCCJo7fFS+pbe1dxtsf7oc0zJhs2G4nKyRh5C7Q2TD5d4jstTZ7i1bRwx3LcabKkw5azwlA8AownIAALlIhHVhsPD3L8mK14qp2EU8Rve2hVoh73l\/wm291viXj7kN7zFiNPhOGumeQ1rG2Y3xU5fvt5udPbaWe0R2cXx3EJcTxKSqlN+Y6DwCS+b7vc219WdSyyPioc2XT+CTXHCprjTnFkftvLMT8KVDjBIfunDEQbAfpU8vJ84Xn9JrX0agToqy\/LRCUa3VMLCYHtRVf2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAghZBBB5FXQ\/k1A3Vkd0FVIpwIWUZRlAjyU5SgRuoMpbItHbKCnkyW0UYEN0C\/kERygiREdxEdho8EEQPNBECyKot2RVFAUxA6H6PQ\/yvVu8GD5qmp2fS\/szj\/xmrPyh3OAWhb+aFi+1pkEW9UEUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBKgICAgICAgICAgICAgdEEqCBQSlBKUFhjcLJqUNlAczmF2nY+9WZ6mlXUjF+Y9nlXNFhmSvAAAFTIAB07xWkdn8m+LRjxDXiP91v6yx520VnBCVVWhuXDPMDYZPUKqTla78G4nS\/gpy\/WeX\/E4pPwdSceze6yioMXpTDVxt5iNHBInD9fr7Xbb\/TnT1o592g5lyhiGHTudTsMsJ1BHgrRy+eeJ+XN3s9SZ046qsA6CoabGB99vZKYeFNNWJxNZ\/gy+WMr1+LVTTJE6OAHvOItooxh7Hhnge53upGa4r6ulMZR4PhPZMLY4YW953ioy+mU09DZbf4dOKw5JxBzC\/GK90cTj6vGe6PFS\/AeL+JTutSa1\/DDW\/wApRh4xqeqhPzdV4IRv+4sjneyXCyP3flis\/AmZWPGcuGNRAjQDRHiecM\/pdYlpzttEflqpVVYvdMD2ss39hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg"} 02513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184953988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184953988,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184956858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184956858,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} @@ -1155,7 +1155,7 @@ 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184973564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184973564,"pkt":"nLbQ0+MztKXvZygQCABFAAXIKLQAAPgGV\/cSQGcewKgCfgBQjy5+eJ1f0XpgIYAYAIMAzwAAAQEICvuAHVOcUadRJQJEMyhfWzk4c69t8VudXr6pn+znDQ0VEhQPPcyGS61d5+1zHyZ4kw8InhkhW68pyvvrnzX5t\/H39maFxWc2r\/jFxwq\/hEVoXAiKHiLMU4\/KyHs5sV1wD559f9zcFztWUj0ihMMgtggEDfMxXUM9dFGV6JcgarAA5KIX8Rhx4KKjXR5FenSf6ir4Wu45nkDFW59zYej9BmKhpdMb8rY8eNPnAfGmIQzij55nkq\/uWJQgPv88G0x6gqY4XOyV9k8a+qsSfYKU5lLVQEUHepnWRDQfUc+335Q9qXuFH7f+8ng\/aQrf84kI7WaO+SnxnLQouz0Cv9v8f3lE+4owCfP1Cz8OEYnQkhXEehYZgVia7bxcHiv6v4xaanozJ5rmOorquwr9GrpFyxLzcpsLlUqzK+KacyS7QwJS\/Ky0\/PTcIlt8ZLwU7TL\/\/o1pr2hLdfT095T4mmP+2+1ddHU48Byxr3aLa3WT\/jG\/C3X6ePA0eanW9XpA7VJvL\/6JmLlix5z9hSS3OqzNKQTjBUM3s7KkvCOkhFHfw0EXJwWgoKSWmSsy5BrLZEfkM0FV7a+ikWpLo3uxdOw31fp7dfTjbB4kd6HRjhDkihmhg3Fxj9HXloHyHwvckfdTCsRiouxlgct7lNCoCgpUmfTu6Yyx7kf\/6aih8KzpyyqkP02jZkyX6OCTx82lz89o7u9CyGfsWhKD\/7BBbiMdXaKK4TysUCFlwE9GGF2seEuicF8r6CTuiOZsrl8ro7A0wal1282SC8UewlAVeiOv42DSkeq4dNBmW50TVjG35t+WUxNn4Q3p5nPJnsGwNKxtQn\/XWWm1U5Gt7+GDvLGqhGlz\/Ki8pfJccVYEawTw7SCN4wp\/3ocQ6vkT4Dpx9fSRTemmYi6pENOZS6VuARnHqwYSWl4t6yJoHK9sCfi9ST8HVXbqDXWFZ2q3BJnFLL2KjKRKEQ6cwz09MaWHVSAOYMFLPRa1P4jAx3PdtEcA6Suw\/o0nBxQpA1VcK\/L5h29Se6TnnwGGwNCLWwcEJVFxaxhV\/90VokUL7AtF\/O2q\/1vhOGyiX6EkZzZs6nexDcqCRxLporgd6yB4OIQ\/K5UvGbYe6+Sm7lH6OGAMK4UMwjkq9mCtaTHr7mvhnhxRuW7uj2lidYSV8hOTyPermC3rpaeQy2urqLgBbyapxA5Pobg8dWmnSefHpRew8i1Lo7xZJ2SpCdkX1yUKisC8EMEhExSgxRoJO6lJwnDpHM5WJ36k3Ry+3q9OcgN6NLQRO5pRs8nhTf4nqy7lt5uTY1pqNSduEscx56wTi21bJStBpnuJ8UvGJx\/R+YeP8QzcFQlKJycJlPLg6eX96ULPBZxzLMetvK3n66CoeI4YwUg4QxFhrIktxxA1moIwNkkn6SE2PJvny3Cxi6Q7lkUmD0rurnBMt9ApEb3z5XFrSDnmX6QwTGHURMLAjPSQ1rzsHHaLMjENdwshfdWaIsx0\/C+jJ4udEOtxA9Fm0BuIFf8jWdfxwPFpB7wf1zLIyaPgXgtem4PL4uFnUr\/LL8Mi6yuMoLm28awieMUxVDrx8BpEilb9smuibdWhYybgbrhRDSVz2VcvfeF7S52u5dohgrnorV7VIGu4Fbfjcdt5eZr90iPKqeLRmae8arWdU6pk0+036XKkyixVdtPL96eMfve4A6Zh9TvzUvY2yZhS+fWayDF170ogtacHtunN1Y8fbumfzzXBlbMPAxKwloCcANStnnowf0vhV+lwOAC5eJ0wwfBbE\/fZdlz+fa+lDBSbIFzwquAzceoahA\/CkYEf4Il0qBgoQR8xij74ARiwygmvlhBcVhebT1T8Wht+RIpph7wDNRWhIpJICJTvhB4xG3THeUUikIIY59QcKEF+mfeRHq7zWxIrV0MxaCgpfmHu"} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1654385184982489,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} 04539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1654385185015695,"pkt":"nLbQ0+MztKXvZygQCABFAAEvXw0AAPgGJjcSQGcewKgCfgBQjzQ\/gIf3GAA7E4AYAIPMaQAAAQEICgAnDeicUad2d33ytWgxPP549E8++kcL03\/7Z00U1zPvd5U\/\/8YR2M0q4PPBMJux8PPglf8nf+J\/WlmA7T+B3oKJaxaPsyxAjo+gp2JAZ5f+d\/QE\/X16KoYvHYEq954+vunj+e3Gw9PlfRI7wGV\/Kcwu++3HT+gdRAlPuP4TwL+\/wXgPgV3QrzI7kWKnsqsRSgE4+UMeBH71hw57f63nFza\/qSLL\/OFoiNQfOuTbteZRPb6e0QR0tTv7ifp0lPj6fqAJqv05gqzIACaWCLm2CQJ3YQLH5hDxubHvodkW5lBnhujgmuZOB8zInqMh0Ahg+Dnl\/wXDsfHrS4oAAA0KMA0KDQo="} @@ -1163,32 +1163,32 @@ 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1654385185942149,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229374771,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229374794,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_usec":1654385229375778,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -02283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1654385229376461,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01061{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +01059{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229377895,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} -01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} +01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229377922,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_usec":1654385229378645,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -02283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1654385229379534,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +01054{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229398934,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1654385229399980,"pkt":"nLbQ0+MztKXvZygQCABFAACbqYhAAPUGMt80HbGxwKgCfgBQkOxILxECXvClqIAYAIBoGAAAAQEICvNkXe4Ae5ZkSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229406775,"pkt":"nLbQ0+MztKXvZygQCABFAADQbSRAAPUGBTQjnCwNwKgCfgBQpkaCxYqTe31v0oAYAHWAFwAAAQEICg9XxG0ZZxH8SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_usec":1654385229413001,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385229450708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01466{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01464{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_usec":1654385229460595,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01717{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01715{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1654385229557713,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":5,"flow_src_last_pkt_time":1654385229559611,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229559611,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkxAAEAGHePAqAJ+NB2xsZDsAFBe8KWoSC8RaYAQAfauuwAAAQEICgB7lxvzZF3uR0VUIC9pbXByZXNzaW9uP29wcmk9TmpJNVltVmhNakJqTkdNM05HTXdNUDViZFE5Xy1NY0ZjdngyeWc9PSZyaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWto"} 00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1654385229568829,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} @@ -1200,7 +1200,7 @@ 01598{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1654385232057407,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} 01369{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385232085154,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1214,19 +1214,19 @@ 01370{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":4,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385234239203,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5RAAPUGSvIDer5GwKgCfgBQgRKT0VmtkWAGsYAYAHiq\/QAAAQEICk9CoLuWJXANSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjE0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPVpJSGdqdXNlZGg5Yk5qVWRLZ3BSZUsySU93alRKTnloV0psZHkvdUZiNUNYdnVnektUYnNkQWtqS2QvOHVSa1dDL0JlUnVJd2k0QWtueG9LeUJQcWVvTjBid2VRZnpFeWJZR0crVFdwdDBQL3NIQUpqUmdOdXVpWXUrOSs7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxNCBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1aSUhnanVzZWRoOWJOalVkS2dwUmVLMklPd2pUSk55aFdKbGR5L3VGYjVDWHZ1Z3pLVGJzZEFraktkLzh1UmtXQy9CZVJ1SXdpNEFrbnhvS3lCUHFlb04wYndlUWZ6RXliWUdHK1RXcHQwUC9zSEFKalJnTnV1aVl1KzkrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTQgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_usec":1654385235892637,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -02203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385236487007,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119358297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385120216027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} -01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} +01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385185166661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":6082,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} @@ -1234,18 +1234,18 @@ 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} -01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} -01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} +01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01058{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} 01062{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":12,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142861550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":27563,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":12,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385137088135,"flow_dst_last_pkt_time":1654385137795021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":37440,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":124042,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} 01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":8,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385145113565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":8192,"flow_src_tot_l4_payload_len":1183,"flow_dst_tot_l4_payload_len":18456,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} @@ -1257,7 +1257,7 @@ 01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} 01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com"}} 01173{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} -01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} +01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385129190022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":817,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":817,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi"}} @@ -1267,9 +1267,9 @@ 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385157162185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":508,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":508,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385157178524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":680,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":680,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":1950,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} -01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} -01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} 01240{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com"}} 01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":19,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385146051643,"flow_dst_last_pkt_time":1654385146257351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":51980,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146481114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":4320,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":7485,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} @@ -1277,14 +1277,14 @@ 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385147163604,"flow_dst_last_pkt_time":1654385147585918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":97896,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":28,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385147363303,"flow_dst_last_pkt_time":1654385147935185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1578,"flow_dst_tot_l4_payload_len":131729,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":23,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385147316212,"flow_dst_last_pkt_time":1654385147926816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":126758,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} -01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 @@ -1293,9 +1293,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9257069 bytes -~~ total memory freed........: 9257069 bytes -~~ total allocations/frees...: 145272/145272 +~~ total memory allocated....: 10027715 bytes +~~ total memory freed........: 10027715 bytes +~~ total allocations/frees...: 159238/159238 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 11873 chars diff --git a/test/results/guessing_disable/webex.pcap.out b/test/results/guessing_disable/webex.pcap.out index 8e435abbb..db90ebee4 100644 --- a/test/results/guessing_disable/webex.pcap.out +++ b/test/results/guessing_disable/webex.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624853841,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570624853841,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860347,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} @@ -55,9 +55,9 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1444570632436109,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632439585,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1444570632470387,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632470387,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570632470550,"pkt":"ABoRAAACABoRAAABCABFAABnE6NAAEAGB8YKCAABFyz987+YAbs3etLYyIUtKVAYOQiFHgAAFgMBADoBAAA2AwGEmq+NZP+kc3ErHq1IRgxSv+RZnIPy+ZyIImU+XVBptwAABAA1AP8BAAAJACMAAAAPAAEB"} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632470550,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632470550,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632470778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632470778,"pkt":"ABoRAAACABoRAAABCABFAAAoAWxAABAGSjwXLP3zCggAAQG7v5jIhS0pN3rTF1AQ\/\/\/PFwAA"} -02165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632591660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":2903,"midstream":0,"thread_ts_usec":1444570632591660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD","blocks":0}}} +02166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632591660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":2903,"midstream":0,"thread_ts_usec":1444570632591660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633357298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570633357298,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633357298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570633357298,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570633360351,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"} @@ -334,7 +334,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1444570699074033,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699077509,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1444570699077833,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699077833,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570699079240,"pkt":"ABoRAAACABoRAAABCABFAAEAOjxAAEAGnrQKCAABNvEgDrSDAbvRQeFILr4euVAYOQhpTwAAFgMBANMBAADPAwFWGmZLJysQyU55el0fA2qHtq46\/QtJIPLxFEGaenjG8gAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABgAAAAGAAWAAATYXBpLmNyaXR0ZXJjaXNtLmNvbQALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":818,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699079240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":818,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699079240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699079481,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699079481,"pkt":"ABoRAAACABoRAAABCABFAAAoA2ZAABAGBmM28SAOCggAAQG7tIMuvh650UHiIFAQ\/\/+XtAAA"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699096723,"flow_src_last_pkt_time":1444570699096723,"flow_dst_last_pkt_time":1444570699096723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699096723,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699096723,"flow_dst_last_pkt_time":1444570699096723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699096723,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} @@ -352,8 +352,8 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699212081,"flow_dst_last_pkt_time":1444570699212387,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699212387,"pkt":"ABoRAAACABoRAAABCABFAAAoA2tAABAGIdNOLu1bCggAAQBQ6W3tNUJ0Esq+21AQ\/\/9\/NAAA"} 01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":832,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570699096723,"flow_src_last_pkt_time":1444570699202178,"flow_dst_last_pkt_time":1444570699445643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1444570699445643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cp.pushwoosh.com","domainame":"cp.pushwoosh.com","http": {"url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":200,"content_type":"application\/json","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)","request_content_type":"application\/json"}}} 01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":834,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699101872,"flow_src_last_pkt_time":1444570699212081,"flow_dst_last_pkt_time":1444570699469003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1444570699469003,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cp.pushwoosh.com","domainame":"cp.pushwoosh.com","http": {"url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":200,"content_type":"application\/json","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)","request_content_type":"application\/json"}}} -01417{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":836,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699636393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1382,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1382,"midstream":0,"thread_ts_usec":1444570699636393,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -01756{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":844,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699643521,"flow_dst_last_pkt_time":1444570699643969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":5496,"midstream":0,"thread_ts_usec":1444570699643969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","server_names":"*.crittercism.com,crittercism.com","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18","blocks":0}}} +01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":836,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699636393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1382,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1382,"midstream":0,"thread_ts_usec":1444570699636393,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01754{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":844,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699643521,"flow_dst_last_pkt_time":1444570699643969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":5496,"midstream":0,"thread_ts_usec":1444570699643969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","server_names":"*.crittercism.com,crittercism.com","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699916083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699916083,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699916083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699916083,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699917636,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"} @@ -436,7 +436,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738426631,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738426631,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/JAABAGPfA+beB4CggAAQG7x\/s\/nm3LwGGSdVAQ\/\/+87gAA"} 01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1092,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570740300724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570740300724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10i020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1109,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570733113725,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570741466310,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01215{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570639259000,"flow_dst_last_pkt_time":1444570638211110,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6157,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570639256495,"flow_dst_last_pkt_time":1444570638203525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":5352,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -449,7 +449,7 @@ 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570640345761,"flow_dst_last_pkt_time":1444570639251010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636961710,"flow_dst_last_pkt_time":1444570636898687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6221,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570639257331,"flow_dst_last_pkt_time":1444570638211737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6157,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01201{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570740247303,"flow_dst_last_pkt_time":1444570705689183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":6828,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01199{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570740247303,"flow_dst_last_pkt_time":1444570705689183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":6828,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640330424,"flow_src_last_pkt_time":1444570670369848,"flow_dst_last_pkt_time":1444570670371970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640338595,"flow_src_last_pkt_time":1444570670373481,"flow_dst_last_pkt_time":1444570670373944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":50,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570738301094,"flow_dst_last_pkt_time":1444570704270773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":9593,"flow_dst_tot_l4_payload_len":4003,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -495,9 +495,9 @@ 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570673280105,"flow_dst_last_pkt_time":1444570673246494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570639261747,"flow_dst_last_pkt_time":1444570638236049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":3966,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01084{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640298584,"flow_src_last_pkt_time":1444570645703037,"flow_dst_last_pkt_time":1444570645704812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570633205058,"flow_dst_last_pkt_time":1444570633137443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":3643,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570633205058,"flow_dst_last_pkt_time":1444570633137443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":3643,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570639255598,"flow_dst_last_pkt_time":1444570638202080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6168,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1110,"packets-processed":1110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":500,"global_ts_usec":1444570742172121} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1110,"packets-processed":1110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":500,"global_ts_usec":1444570742172121} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1110/1110 ~~ skipped flows.............: 0 @@ -506,9 +506,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9712274 bytes -~~ total memory freed........: 9712274 bytes -~~ total allocations/frees...: 142639/142639 +~~ total memory allocated....: 10478605 bytes +~~ total memory freed........: 10478605 bytes +~~ total allocations/frees...: 156610/156610 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2467 chars diff --git a/test/results/hostname_dns_check/netflix.pcap.out b/test/results/hostname_dns_check/netflix.pcap.out index 6725fa8c4..1428c6c01 100644 --- a/test/results/hostname_dns_check/netflix.pcap.out +++ b/test/results/hostname_dns_check/netflix.pcap.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484319030789585} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484319030789585} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319030789585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319030789585,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032865799,"flow_dst_last_pkt_time":1484319032865799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032865799,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -22,53 +22,53 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032888907,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319032934932,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z3E0MsEbiRiohKASReqX9AAAAgQFtAQCCAqFp0\/bH2S4KwEDAwg="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1484319032937482,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032937482,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mxZAAEAG2sfAqAEHNkXM8c9xAbuJGKiENDLBHIAQEBX8aAAAAQEICh9kuFmFp0\/b"} 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319032938079,"pkt":"gCqoTGHM5JjWH70UCABFAAEElg9AAEAG3v7AqAEHNkXM8c9xAbuJGKiENDLBHIAYEBXrWQAAAQEICh9kuFqFp0\/bFgMBAMsBAADHAwNYeOk4DbsWWYY8cJvWjkCo5DadBeFv01+sAqDDmGng8gAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAeAAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQABsAGQhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032938079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032938079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032896759,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319032943560,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z3pSqS+duzQzMqASOJAFFAAAAgQFtAQCCAqtijmlH2S4MgEDAwg="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1484319032944993,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032944993,"pkt":"gCqoTGHM5JjWH70UCABFAAA0cYhAAEAGv5rAqAEHNr8RM896Abu7NDMyUqkvnoAQEBVcLgAAAQEICh9kuGCtijml"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319032959853,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KnhAAEAGBKbAqAEHNr8RM896Abu7NDMyUqkvnoAYEBUG0wAAAQEICh9kuG6tijmlFgMBAgABAAH8AwPIzq7iU2TICMXjbnaJ8nYAFVnlxMLpFZucgYzvL7X8EAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032959853,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032959853,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319032984566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032984566,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319032984566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319032984566,"pkt":"gCqoTGHM5JjWH70UCABFAABAh8JAAEAG+QHAqAEHNCDEJM97AbvHy0puAAAAALAC\/\/\/BrQAAAgQFtAEDAwUBAQgKH2S4hgAAAAAEAgAA"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319032986624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032986624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319032986624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319032986624,"pkt":"gCqoTGHM5JjWH70UCABFAABAdf5AAEAGCsbAqAEHNCDEJM98AbvweU0rAAAAALAC\/\/+WPwAAAgQFtAEDAwUBAQgKH2S4iAAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032988935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032988935,"pkt":"5JjWH70UgCqoTGHMCABFIAA0jvtAACkG\/cI2RczxwKgBBwG7z3E0MsEciRipVIAQAEsLVQAAAQEICoWnT+gfZLha"} -01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032990546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319032990546,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032991535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319032991535,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032990546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319032990546,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01695{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032991535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319032991535,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909s1_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033007001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033007001,"pkt":"5JjWH70UgCqoTGHMCABFIAA0Fi9AACkGMdQ2vxEzwKgBBwG7z3pSqS+euzQ1N4AQAD1p4wAAAQEICq2KObUfZLhu"} -01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033008803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033008803,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01695{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033017833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319033017833,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01353{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033008803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033008803,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01693{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033017833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319033017833,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033029291,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGl6g0IMQkwKgBBwG7z3ve3c1cx8tKb6ASRepkbwAAAgQFtAQCCAq2m8VuH2S4hgEDAwg="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033032121,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z3xLWYWT8HlNLKASReoUTgAAAgQFtAQCCAq2m8VvH2S4iAEDAwg="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033032720,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033032720,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rMBAAEAG1A\/AqAEHNCDEJM97AbvHy0pv3t3NXYAQEBXI5wAAAQEICh9kuLC2m8Vu"} 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"thread_ts_usec":1484319033033170,"pkt":"gCqoTGHM5JjWH70UCABFAAEc3y1AAEAGoLrAqAEHNCDEJM97AbvHy0pv3t3NXYAYEBXi\/gAAAQEICh9kuLK2m8VuFgMBAOMBAADfAwNYeOk5dpq52Q92jK0dByt7moyBAevty9H6iponk2lhXQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAkAAAABsAGQAAFmFwaS1nbG9iYWwubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033033170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033033170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033038452,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033038452,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iIJAAEAG+E3AqAEHNCDEJM98AbvweU0sS1mFlIAQEBV4xgAAAQEICh9kuLK2m8Vv"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"thread_ts_usec":1484319033038729,"pkt":"gCqoTGHM5JjWH70UCABFAAEcC4pAAEAGdF7AqAEHNCDEJM98AbvweU0sS1mFlIAYEBVXdAAAAQEICh9kuLS2m8VvFgMBAOMBAADfAwNYeOk5CCoWDbSK0ezQ7KNuUeOfkDpWv85W1iHK1VuIfQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAkAAAABsAGQAAFmFwaS1nbG9iYWwubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033038729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033038729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033084527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033084527,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CCZAACkGj4o0IMQkwKgBBwG7z3ve3c1dx8tLV4AQAEvXuQAAAQEICrabxXwfZLiy"} -01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033086430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033086430,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033087423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033087423,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033086430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033086430,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01748{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033087423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033087423,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033098473,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QOhAACoGVcg0IMQkwKgBBwG7z3xLWYWU8HlOFIAQAEuHmAAAAQEICrabxX0fZLi0"} -01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033098983,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033112752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033112752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033098983,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01748{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033112752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033112752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033206431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033206431,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033206431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319033206431,"pkt":"gCqoTGHM5JjWH70UCABFAABAagpAAEAGFrrAqAEHNCDEJM99AbszkZRgAAAAALAC\/\/8LKQAAAgQFtAEDAwUBAQgKH2S5UQAAAAAEAgAA"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033258390,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z33SmoRGM5GUYaASReoDCgAAAgQFtAQCCAq2m8WoH2S5UQEDAwg="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033259678,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033259678,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319033261891,"pkt":"gCqoTGHM5JjWH70UCABFAAEEjf5AAEAG8gHAqAEHNCDEJM99AbszkZRh0pqER4AYEBXfdQAAAQEICh9kuYe2m8WoFgMBAMsBAADHAwNYeOk5L\/hvHF8lhL712a\/A3K+7eM0TUzNDC5BydZXwIiBWLEL7mQRMMcaBC1F+lWnOx+fqhp3XmUAyc5sg8zTJFwAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033261891,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033261891,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033311591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033311591,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QfNAACoGVL00IMQkwKgBBwG7z33SmoRHM5GVMYAQAEt2YwAAAQEICrabxbUfZLmH"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033312558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319033312558,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319033506287,"flow_dst_last_pkt_time":1484319033504279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5139,"midstream":0,"thread_ts_usec":1484319033506287,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":39766.2,"max":363670,"stddev":81851.3,"var":6699630080.0,"ent":3.2,"data": [46025,48575,597,54003,1611,989,54938,11050,13463,9437,301,377,58747,4648,50832,1878,237,59545,562,62143,8477,4734,310931,590,363670,5842,131,72,58058,152,137]},"pktlen": {"min":52,"avg":265.2,"max":1500,"stddev":396.8,"var":157454.8,"ent":3.9,"data": [64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.566831589,5.323234081,5.131024837,5.723237514,5.246409416,7.251158237,7.324303627,5.131024837,6.880544662,5.169486523,6.374709129,5.113821983,6.051860332,5.246409416,5.890006065,5.169486523,7.472100735,7.415780067,5.176993370,7.832669258,5.131024837,6.117320061,5.131024361,7.427300930,7.397639751,5.246409416,7.802502632,6.080207348,5.833016396,5.207947731,5.207947731,5.131024361]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033312558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319033312558,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02179{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319033506287,"flow_dst_last_pkt_time":1484319033504279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5139,"midstream":0,"thread_ts_usec":1484319033506287,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":39766.2,"max":363670,"stddev":81851.3,"var":6699630080.0,"ent":3.2,"data": [46025,48575,597,54003,1611,989,54938,11050,13463,9437,301,377,58747,4648,50832,1878,237,59545,562,62143,8477,4734,310931,590,363670,5842,131,72,58058,152,137]},"pktlen": {"min":52,"avg":265.2,"max":1500,"stddev":396.8,"var":157454.8,"ent":3.9,"data": [64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.566831589,5.323234081,5.131024837,5.723237514,5.246409416,7.251158237,7.324303627,5.131024837,6.880544662,5.169486523,6.374709129,5.113821983,6.051860332,5.246409416,5.890006065,5.169486523,7.472100735,7.415780067,5.176993370,7.832669258,5.131024837,6.117320061,5.131024361,7.427300930,7.397639751,5.246409416,7.802502632,6.080207348,5.833016396,5.207947731,5.207947731,5.131024361]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033631945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033631945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033631945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319033631945,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033678956,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGi7Y2RczxwKgBBwG7z36\/HDHnz76qQaASRepQUQAAAgQFtAQCCAqFp1CVH2S67gEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033680304,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033680304,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/p1AAEAGd0DAqAEHNkXM8c9+AbvPvqpBvxwx6IAQEBW0wwAAAQEICh9kux6Fp1CV"} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319033681980,"pkt":"gCqoTGHM5JjWH70UCABFAAEZsrxAAEAGwjzAqAEHNkXM8c9+AbvPvqpBvxwx6IAYEBWxNAAAAQEICh9kux+Fp1CVFgMBAOABAADcAwNYeOk5uUi+rD99Z+Le1911L3kiB9I95LIt9NFo8L\/pTgAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033681980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033681980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033732036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033732036,"pkt":"5JjWH70UgCqoTGHMCABFIAA0YUhAACoGKnY2RczxwKgBBwG7z36\/HDHoz76rJoAQAEvDmgAAAQEICoWnUKIfZLsf"} -01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033734598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033734598,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01719{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033735587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033735587,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033734598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033734598,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01717{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033735587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033735587,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033886061,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319033886061,"pkt":"AQBef\/\/65JjWH70UCABFAACWfwIAAAERiKvAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033886061,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250","domainame":"239.255.255.250","ssdp": {"METHOD":"M-SEARCH","MAN":"\"ssdp:discover\"","MX":"2","ST":": urn:mdx-netflix-com:service:target:0"}}} @@ -78,10 +78,10 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033990083,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033990083,"pkt":"gCqoTGHM5JjWH70UCABFAAA0N8lAAEAGPhXAqAEHNkXM8c9\/Abtb3TwXSCXhKoAQEBVdDAAAAQEICh9kvEiFp1Di"} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033993988,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1484319033993988,"pkt":"AQBef\/\/65JjWH70UCABFAACZ8KEAAAERFwnAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319033997529,"pkt":"gCqoTGHM5JjWH70UCABFAAEZ\/SBAAEAGd9jAqAEHNkXM8c9\/Abtb3TwXSCXhKoAYEBWh7QAAAQEICh9kvE+Fp1DiFgMBAOABAADcAwNYeOk6Kk2knMSNhioRrvxRb2utqcQBAlus3bTpE7nGoQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033997529,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033997529,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034046936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319034046936,"pkt":"5JjWH70UgCqoTGHMCABFIAA0scVAACkG2vg2RczxwKgBBwG7z39IJeEqW908\/IAQAEtr2wAAAQEICoWnUPEfZLxP"} -01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034048780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319034048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01720{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":162,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034049759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319034049759,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034048780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319034048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01718{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":162,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034049759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319034049759,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319034890998,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_usec":1484319034890998,"pkt":"AQBef\/\/65JjWH70UCABGAAAgKLUAAAECSnnAqAEH7\/\/\/+pQEAAAWAPoE7\/\/\/+gAAAAAAAAAAAAAAAAAA"} 00900{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319034890998,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -99,24 +99,24 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1484319035080111,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319035130944,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGNAk0WSeLwKgBBwG7z40HBfk7mRgRP6ASReoSOAAAAgQFtAQCCAqtiMj8H2TAbgEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035132214,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035132214,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YNFAAEAGvF\/AqAEHNFkni8+NAbuZGBE\/BwX5PIAQEBV2pwAAAQEICh9kwKGtiMj8"} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035134770,"pkt":"gCqoTGHM5JjWH70UCABFAAEEsStAAEAGazXAqAEHNFkni8+MAbsc0sO15elB0YAYEBWGUAAAAQEICh9kwKOtiMj8FgMBAMsBAADHAwNYeOk76erORdznXBXvPSpQVtkmxHNGba3wUCSzaRztoSCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035134770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035134770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035136106,"pkt":"gCqoTGHM5JjWH70UCABFAAEEDNVAAEAGD4zAqAEHNFkni8+NAbuZGBE\/BwX5PIAYEBWJrgAAAQEICh9kwKStiMj8FgMBAMsBAADHAwNYeOk7lPRrg34Uu\/Y+HzZqHJ9SINdd1V+d8fl0kU8rKiCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035136106,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035136106,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035183349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035183349,"pkt":"5JjWH70UgCqoTGHMCABFIAA0iNlAACoGqjc0WSeLwKgBBwG7z4zl6UHRHNLEhYAQAEsn6gAAAQEICq2IyQkfZMCj"} -01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035185788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035185788,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01818{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035186784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035186784,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035185788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035185788,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01816{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035186784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035186784,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035199804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035199804,"pkt":"5JjWH70UgCqoTGHMCABFIAA0MDRAACkGA900WSeLwKgBBwG7z40HBfk8mRgSD4AQAEuFjwAAAQEICq2IyQsfZMCk"} -01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035200353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035200353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01818{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035215028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035215028,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035200353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035200353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01816{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035215028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035215028,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035342783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035342783,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035342783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319035342783,"pkt":"gCqoTGHM5JjWH70UCABFAABA3CdAAEAGQP3AqAEHNFkni8+OAbvRf5R9AAAAALAC\/\/8BVgAAAgQFtAEDAwUBAQgKH2TBaAAAAAAEAgAA"} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319035397916,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z47YAyXj0X+UfqASRepXrQAAAgQFtAQCCAqtiMk\/H2TBaAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035399304,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035399304,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035401110,"pkt":"gCqoTGHM5JjWH70UCABFAAEE6LNAAEAGM63AqAEHNFkni8+OAbvRf5R+2AMl5IAYEBVXjgAAAQEICh9kwZ6tiMk\/FgMBAMsBAADHAwNYeOk7vNJQcIWTHxOYmxRdvE73iLawThqSAEUf4RBG+yAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035401110,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035401110,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035449002,"pkt":"5JjWH70UgCqoTGHMCABFIAA07K5AACoGRmI0WSeLwKgBBwG7z47YAyXk0X+VToAQAEvLBgAAAQEICq2IyUwfZMGe"} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319035449894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":267,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035720714,"flow_dst_last_pkt_time":1484319035719060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2402,"flow_dst_tot_l4_payload_len":12882,"midstream":0,"thread_ts_usec":1484319035720714,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":143,"avg":41275.9,"max":350146,"stddev":77246.2,"var":5966969856.0,"ent":3.5,"data": [50833,52103,3892,68860,549,14675,80527,16948,16635,16128,355,222,66675,773,50716,3176,284,61420,291182,143,350146,11846,12750,24110,12460,12309,13854,13662,2679,13302,16338]},"pktlen": {"min":52,"avg":530.2,"max":1500,"stddev":630.5,"var":397553.6,"ent":4.0,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0],"entropies": [4.598081589,5.235815525,5.131024837,6.023412704,5.154969215,7.255973339,7.303249359,5.092563152,7.001137733,5.056022167,6.255658627,5.007929802,6.001976490,5.169486523,5.942530632,5.054101467,7.891292572,7.683557510,5.169486523,7.859122753,7.883965492,5.131024837,7.876591682,7.866814137,5.092563152,7.900776386,4.979098797,7.052536488,5.054101467,7.870380402,7.793371201,5.131024361]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319035449894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":267,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035720714,"flow_dst_last_pkt_time":1484319035719060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2402,"flow_dst_tot_l4_payload_len":12882,"midstream":0,"thread_ts_usec":1484319035720714,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":143,"avg":41275.9,"max":350146,"stddev":77246.2,"var":5966969856.0,"ent":3.5,"data": [50833,52103,3892,68860,549,14675,80527,16948,16635,16128,355,222,66675,773,50716,3176,284,61420,291182,143,350146,11846,12750,24110,12460,12309,13854,13662,2679,13302,16338]},"pktlen": {"min":52,"avg":530.2,"max":1500,"stddev":630.5,"var":397553.6,"ent":4.0,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0],"entropies": [4.598081589,5.235815525,5.131024837,6.023412704,5.154969215,7.255973339,7.303249359,5.092563152,7.001137733,5.056022167,6.255658627,5.007929802,6.001976490,5.169486523,5.942530632,5.054101467,7.891292572,7.683557510,5.169486523,7.859122753,7.883965492,5.131024837,7.876591682,7.866814137,5.092563152,7.900776386,4.979098797,7.052536488,5.054101467,7.870380402,7.793371201,5.131024361]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035889509,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319035889509,"pkt":"AQBef\/\/65JjWH70UCABFAACW0KMAAAERNwrAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035997063,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1484319035997063,"pkt":"AQBef\/\/65JjWH70UCABFAACZwp8AAAERRQvAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036827113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036827113,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -129,12 +129,12 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1484319036854344,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319036865722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwGsuNoVmGzwKgBBwG7z5WR\/xaXFztVhKAScSAP4QAAAgQFtAQCCAoCM2vSH2THJwEDAwU="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1484319036868771,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319036868771,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UCJAAEAGXunAqAEHaFZhs8+VAbsXO1WEkf8WmIAQEBWfqAAAAQEICh9kxzUCM2vS"} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1484319036870445,"pkt":"gCqoTGHM5JjWH70UCABFAAEXqU5AAEAGBNrAqAEHaFZhs8+VAbsXO1WEkf8WmIAYEBU64wAAAQEICh9kxzYCM2vSFgMBAN4BAADaAwNYeOk8NZkQnOsfGkUHC3oH4Rk0tFCgXSVuPClH26lOAAAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAiwAAABYAFAAAEWFydC1zLm5mbHhpbWcubmV0AAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAzN0AAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAUABQEAAAAAABIAAAAXAAA="} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036870445,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036870445,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036886851,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319036886851,"pkt":"5JjWH70UgCqoTGHMCABFIAA0fX9AADwGNWxoVmGzwKgBBwG7z5WR\/xaYFztWZ4AQA6urGQAAAQEICgIza+cfZMc2"} -01305{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036889708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319036889708,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01735{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":294,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036894463,"flow_dst_last_pkt_time":1484319036900382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1484319036900382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26","blocks":0}}} +01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036889708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319036889708,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01736{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":294,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036894463,"flow_dst_last_pkt_time":1484319036900382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1484319036900382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26","blocks":0}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1484319037897807,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319037897807,"pkt":"AQBef\/\/65JjWH70UCABFAACWcF0AAAERl1DAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} -02335{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":324,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":147,"avg":501615.3,"max":7507819,"stddev":1826252.6,"var":3335198867456.0,"ent":1.4,"data": [49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":520.7,"var":271128.8,"ent":3.8,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474]},"bins": {"c_to_s": [10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1],"entropies": [4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02333{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":324,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":147,"avg":501615.3,"max":7507819,"stddev":1826252.6,"var":3335198867456.0,"ent":1.4,"data": [49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":520.7,"var":271128.8,"ent":3.8,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474]},"bins": {"c_to_s": [10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1],"entropies": [4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1484319042988806,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"} 01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"artwork.akam.nflximg.net","domainame":"artwork.akam.nflximg.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -149,9 +149,9 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043041595,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043041595,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043042140,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043042140,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1484319043068353,"pkt":"gCqoTGHM5JjWH70UCABFAAEq43RAAEAGEHfAqAEHuBnMGc+cAFC2IFmDcAwqOIAYEBUNzAAAAQEICh9k3rv\/\/DsdR0VUIC9hZjdhNS8zNjI2NDM0MjRlNzc1ZDAzOTNkZGI0NmUxNDVjMjM3NTM2N2FmN2E1LndlYnAgSFRUUC8xLjENCkhvc3Q6IGFydC0yLm5mbHhpbWcubmV0DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUztxPTENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85LjEuMCAoaVBob25lOyBpT1MgMTAuMjsgU2NhbGUvMi4wMCkNCg0K"} -01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043068353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043068353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319043078953,"pkt":"gCqoTGHM5JjWH70UCABFAAEp\/qdAAEAG9UTAqAEHuBnMGc+dAFDU44WS0JNnRYAYEBWe1gAAAQEICh9k3rz\/\/DsiR0VUIC81NzU4Yy9iYjYzNmU0NGI4N2VmODU0YzMzMWVkN2I3YjZlMTU3ZTQ5NDU3NThjLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="} -01178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043078953,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043078953,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043092808,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043092808,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EWZAADwG51u4GcwZwKgBBwBQz5xwDCo4tiBaeYAQA6t46QAAAQEICv\/8O14fZN67"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043106058,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043106058,"pkt":"5JjWH70UgCqoTGHMCABFIAA0XCxAADwGnJW4GcwZwKgBBwBQz53Qk2dF1OOGh4AQA6uQdgAAAQEICv\/8O2kfZN68"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043665565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043665565,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -159,7 +159,7 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043688511,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043689999,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043689999,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319043691581,"pkt":"gCqoTGHM5JjWH70UCABFAAEpIqVAAEAG0UfAqAEHuBnMGc+eAFByPGEI7uw0L4AYEBW0VgAAAQEICh9k4SL\/\/D2rR0VUIC84N2IzMy9iZWQxMjIzYTAwNDBmZGM5N2JhYzRlOTA2MzMyZTQ2MmM2ZTg3YjMzLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="} -01178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043691581,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043691581,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","domainame":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043731268,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043731268,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CfxAADwG7sW4GcwZwKgBBwBQz57u7DQvcjxh\/YAQA6snlAAAAQEICv\/8PdMfZOEi"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484319044993872,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048757894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -172,15 +172,15 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319048824981,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1484319048826457,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319048826457,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"} 00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1484319048830359,"pkt":"gCqoTGHM5JjWH70UCABFAAFtxNtAAEAGvLLAqAEHNsm\/hM+fAFA6e8d7bYFvxoAYEBUtNAAAAQEICh9k9LRXXrqDUE9TVCAvYXBwYm9vdC9ORkFQUEwtMDItIEhUVFAvMS4xDQpIb3N0OiBhcHBib290Lm5ldGZsaXguY29tDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpYLU5ldGZsaXguQVBJQWN0aW9uOiBhcHBib290DQpDb250ZW50LUxlbmd0aDogMjI5OQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQoNCg=="} -01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048830359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com","domainame":"appboot.netflix.com","http": {"url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048830359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com","domainame":"appboot.netflix.com","http": {"url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1484319048841019,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1484319048841019,"pkt":"gCqoTGHM5JjWH70UCABFAAXc5GhAAEAGmLbAqAEHNsm\/hM+fAFA6e8i0bYFvxoAQEBWdRQAAAQEICh9k9LVXXrqDeyJlbnRpdHlhdXRoZGF0YSI6eyJhdXRoZGF0YSI6eyJpZGVudGl0eSI6Ik5GQVBQTC0wMi1JUEhPTkU2PTEtODc1OUZDM0NFMDgzNjA2M0MyMTA3RDZBMDM1QUY3M0QyMzU2NzlBQ0Q2OUNBOTg4N0JGNjQ1NzBFQTJERkQ5OCJ9LCJzY2hlbWUiOiJNR0sifSwiaGVhZGVyZGF0YSI6ImV5SmphWEJvWlhKMFpYaDBJam9pVUVkVlp6Rk1OazE0TldkVlpXeDRhM2QxU2tkRFpUSmxObFY2Y0N0NUswWjNkVU41WVVKbVJHTnllblZZTVdkTldXcENTVEJ2U2xWVFRUVXZOamM0UldGcWJXVTRUelY0U21oQ01ubE9PWGcwTTJaTlQwNVJSRUkxYzAwME9IUlBRbU5KU2xab1dFWktORFl4TlZsclNsZGtlRVZaVFhSblNVcGtVVm9yWmtaMWQxcHpjek5JTTFJeFREYzRjWGcxU2s5d09IZFVORGRZWjFJMFIyb3lWVVJGZUZObVozRk9TalkwVHpKSE9IRktSVFJaYldGUmFGVnZkbTB4VGxremEyTnVPU3QyVnpGT0t6QjZVR1p1V2pCR1kwdEpSbkZSYjBKVmJDdGlWSFJaTms5dE55dDBRV3cxYUd0SE4xaFNVak5oUldsYVltSm5kMmMyUlhVd1JteHBSSHB2U0U5WFlYVmlkRGdyUmtnMlYyb3phWHBDYVc5bVYwRmhTREI0VkRJNGRuSkJXbW8zTlRsM1dHZHhWamhVVDFndmNFRXZObWtyZEZoSWQwOVpPVlZHUW14UVkxVlRaSFZXU3l0VWQzSTNVMGRqVVRkT1owZE1lRVp5YjFoQ1dHbzRibEl6ZVRGbFYzZHhVMlJVTm0xWllWUkJSbEZRVG1GaGVETmpiM0pSVGxoUFl6ZEtNbVV6VTJwdGVrbElhRlJ6YTBacldsSlNZa1p6ZWxCSFRFNWhMMVZZYnpGWWRtdGxjRnBhWTBzNFEyNHpaVzVCYlVGdk5EWjRMM1ZDYWxoUU5qZFFlR3RpVWtjMmJVOVJSMDlIVVdsSlZqSlRWbHBWTDFkS1NEUk1TbXRyZG1Wd2QwUXZhRmc0ZURKaFVFeDBRVkZPVDFBMVFtNUdiR2d4WmpOWVlVbG1OWG95U0VkRFFUTjVOMDVoYUVaNVZFWjZkV3RhU2tSYVZHc3pSME5KV21wamJrVkNkekJXZUZsbFVETjJhVWh3UzBwT1JTdHhiMWhFVFROb2VFMXdNalIwV25kRk0xbHdSSE42WTA5bWRIWlNOMnMxVTFoalVFZFFjV3ROY1c5YVIyVkNkM2hrVkRCWlNXVnlhR0ZFVEhsRFltRnROa3htTkhKTWVrbFdVbFZhU3pWYVpHWjFSbWMwY1d4dE9VRTlQU0lzSW1sMklqb2laWEZvVFZaak5VaFFiV1ZSZFZSUFYxZHJZemwxZHowOUlpd2lhMlY1YVdRaU9pSk9Sa0ZRVUV3dE1ESXRTVkJJVDA1Rk5qMHhMVGczTlRsR1F6TkRSVEE0TXpZd05qTkRNakV3TjBRMlFUQXpOVUZHTnpORU1qTTFOamM1UVVORU5qbERRVGs0T0RkQ1JqWTBOVGN3UlVFeVJFWkVPVGdpTENKemFHRXlOVFlpT2lKQlFUMDlJbjA9Iiwic2lnbmF0dXJlIjoieWZ5ZkVRQjVpTjVkeCttb1YyU0FhWnliK1NLMDdPVDVjazhPNE9VdjlZWT0ifXsicGF5bG9hZCI6ImV5SmphWEJvWlhKMFpYaDBJam9pUWpSS056SjFXRzQ1VUhRNVJqUmtRbk5ETUhsWVdWVlVRV3hYUVZwb1ptOURURWRETmpWMmJEaFNhbXhhTVZOUGMycDVhVGwwTmxaNVJsVXlNVUZOTWxOVGRVMVlWVXQ="} -02261{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":441,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319049236027,"flow_dst_last_pkt_time":1484319049229808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":21687,"midstream":0,"thread_ts_usec":1484319049236027,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":29165.1,"max":187154,"stddev":42322.7,"var":1791214592.0,"ent":4.0,"data": [44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463]},"pktlen": {"min":52,"avg":812.3,"max":1500,"stddev":674.9,"var":455511.9,"ent":4.4,"data": [64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0],"entropies": [4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com"}} +02259{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":441,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319049236027,"flow_dst_last_pkt_time":1484319049229808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":21687,"midstream":0,"thread_ts_usec":1484319049236027,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":29165.1,"max":187154,"stddev":42322.7,"var":1791214592.0,"ent":4.0,"data": [44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463]},"pktlen": {"min":52,"avg":812.3,"max":1500,"stddev":674.9,"var":455511.9,"ent":4.4,"data": [64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0],"entropies": [4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049465573,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049465573,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049510947,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049516159,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049516159,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"} 01426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":715,"pkt_l4_len":681,"thread_ts_usec":1484319049518619,"pkt":"gCqoTGHM5JjWH70UCABFAAK9sclAAEAGaN7AqAEHNFkni8+gAFCVL\/Ajgv2MUYAYEBXtIwAAAQEICh9k91StiNcHUE9TVCAvbXNsL25yZGpzLzIuMS4yIEhUVFAvMS4xDQpIb3N0OiBhcGktZ2xvYmFsLm5ldGZsaXguY29tDQpYLUdpYmJvbi1DYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXB0OiAqLyoNClgtTmV0ZmxpeC5yZXF1ZXN0LmV4cGlyeS50aW1lb3V0OiAxNTAwMA0KWC1BbGxvd0NvbXByZXNzaW9uOiBmYWxzZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KWC1OZXRmbGl4LnJlcXVlc3QuYXR0ZW1wdDogMQ0KQ29udGVudC1MZW5ndGg6IDg0MTYNClgtQ2xpZW50LVJlcXVlc3QtSWQ6IDE4NDQ2MzU2MTMzMDg2MjYxNjEyDQpVc2VyLUFnZW50OiBBcmdvLzkwMCBDRk5ldHdvcmsvODA4LjIuMTYgRGFyd2luLzE2LjMuMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ29va2llOiBtZW1jbGlkPTcwMWFkMzEyLTQ4MDEtNDdlNy1hYzAwLWNiMzdhZTJmNGFmZjsgbmZ2ZGlkPUJRRm1BQUVCRUpYJTJGOEFodHlLbFRicmt0TUhUSWRITkFYbUJNMFpuUEY2NDJwZW5HVEhPaXQzeDlyVTBwTG0wS0s3ZDhtb0J5ZDFROW9Fc2FRT1UwNXkxJTJGT1RRWWRPODZVVDFZVlVOTGpxVUR1WEU2V3MzVTdRJTNEJTNEDQoNCg=="} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":649,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049518619,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","http": {"url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":649,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049518619,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","http": {"url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}} 02494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049529760,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1484319049529760,"pkt":"gCqoTGHM5JjWH70UCABFAAXcGHxAAEAG\/wzAqAEHNFkni8+gAFCVL\/Ksgv2MUYAQEBU48AAAAQEICh9k91StiNcHeyJoZWFkZXJkYXRhIjoiZXlKamFYQm9aWEowWlhoMElqb2labkJwTWprNE1IVlpRbThyZDNkSlNYQnNjMWhMS3paQ1ZFaERhM2RrYTFOU09XbFVUbWx3TVVZMU9XVlRiV3BUYVd4VVRta3ZORlJQYnpSeFFsUk1ZVmh4VlZkUmFFNUtjQ3RaUzA5VVkyVlJVVkJVYVZWbmFVOVRaM1F5YmpjeWNFOVdhRlZhVW5GMWJuVm9TMmRZVHpaSWRqVkJWamR0ZVRZcmFWUnROVUZvU2t4TFZsTmtWMDFYVkd3eGRTOUJjbTR4ZUdSTFZtaHBjSGsxT0hSeVdrRnZlaXRDY3pKSVR6ZFJWVEJvZW0xWk9ERnRjR1JNZUcxYWFUSjZWSGhNYzNWd0wxWlVTRWhNT0hNNGIwNDJjVkpwWW5sWGNuVk9kRkV4Y21adVNsTndlbkp1UzJSck1VdHBLMWxVYmxOMFNqWTVkMEk1VUhBd2RpdHVObmhKZW5wRlMwTlRaRkpHVVdwNE56ZFZVbGRWYTI1VVZGUTBjWFpEY25BMlUwNXFOMGhaTjB0YWVpOTFUV3BKT1ZscU4xSlJZMWx3T0hKMU0xUTRjMDFEY2pCU2EzRm1SVVV2VHpCVU5VWlRPRFpyUTJkcVJXZFNSVlJFV1d0UmMzZE1jSGxCYW5ZdlYxZEtNazl3U0U5eE9HRk5iM3BMZERRd1Rqa3JaMnhyTnpSTU1UbGtkbUpQTXpOdlRFWnNNRUpEU1hadU5ISnhhaXRST1VGb1VtWndaMFZqWldoRFZWTllPV3RVZUZsMlduRmhTMHBzUkdVNFFUSjFUV0UwYjNaNlkwMWxhMEozWlRkc1JIazFNa042ZDBGR1NtWlhlbVl6YWxWUlZVMXllalZFUjJkWWVXRlJhVlp5UjFOaGREVnRSek4xUmtVMksyeHhaVEEwT1ZSUFVqaEZLMGRRV1d4eFptcGFiRTl5Vm0xQk1sTldlVWhLZGpkMVYwVkVNV1lyTTFWa00wNVBXamQzTVZWV2NYTTNaaTlpUTNnNWRuRjVVbGhWV0M4cmMwRjJNMUp1TkRNM2IzZHdlV0phY2pWSFFWZFRNRWhTYUhGemNtSXpURGxSY0VjNFIyNXFSamxOWTBwT1owMU9aVEZvSzNSb1JtcElaRzVZT0hsb1VrNXlVVmhDUWxoRFZXUk1aVnByU1dkR01qUkJia3RDUlc1RWFtazVWRTF6YTBwalpuUldWMWhOYUVWVlprdFZNV0o1ZGk5RFdXTlhVWFpEWVdSNFUzQlJOR1JQY2tkV1NVMUhWME4xWm5SalVrOTJWV1pPZFZRM01taG1SMFZ3UldaVVJrc3JaV3d5VkRoTFVFcHliMWRNYlVoeVVrdE5SM0ZYZGxSV1REaHdabGhrZG1OcGFVSldRMmhOZDNGTWEzRm5PV1UyVjNsWVZWRXJibWs1T1hGc2NHWkZkbWMyYXl0MUsyeDZjRXcxWVVOcFUwZHlaMHgwV0VkNlNXVk9OMWt2V1Vwc01VeFJhMWhYYW5oTlkzRXZNMFkyUlV0eE9GTnFkakJ6UzJkMWVuaG1URkJpWVVkd1FuSmFXV1pKZFZGWmR6RXlVMlJVU1dsNFZHSmtjbEZaWVVsRk9HMVlXRE5rTXk5UFNVcEZSM2xxZVRaeE9FVkdXWHBIS3pkM2NVODVZa1F5YkdkSlNEQnVXV3hEYm01MmIyWnZlamsxYzNBek9WUnRXbnAwZGpsMFRFbzNPVWRTTjNCeWJYTlpZemhRVGpseWJHNTZPRWgzVGpKMGRUZzNhVmhsZDFWbU1qQjBkRVJVU1ZWNFF6WnVTMWRIVEZBcmVrSmxPRUoxVjFVMU1VTjNjbE5DYjBseFp6RnRPVU12WVhkaVZXRmhUVlE1ZGtseFltRlpjR1V3Um5sRlE="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049641053,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049641053,"pkt":"gCqoTGHM5JjWH70UCABFAABCJHQAAP8RE97AqAEHwKgBAcoQADUALkrZBBoBAAABAAAAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAE="} @@ -188,7 +188,7 @@ 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049645637,"pkt":"gCqoTGHM5JjWH70UCABFAABCunsAAEARPNfAqAEHwKgBAcx7ADUALmwlX+cBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="} 01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} -02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":466,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319049640319,"flow_dst_last_pkt_time":1484319049653906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":23168,"midstream":0,"thread_ts_usec":1484319049653906,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":590,"avg":428029.7,"max":6030936,"stddev":1231580.9,"var":1516791529472.0,"ent":2.3,"data": [22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068]},"pktlen": {"min":52,"avg":795.6,"max":1500,"stddev":706.6,"var":499284.2,"ent":4.3,"data": [64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1],"entropies": [4.570159912,5.187539101,5.118428230,5.866323471,5.308815956,7.539054394,7.823310852,5.094483852,7.811959267,5.038779736,7.799767494,7.796337128,5.156889439,7.762200832,7.778352737,7.834424973,7.823929787,7.799146652,7.830269337,7.869925976,7.880800724,7.877037048,5.357215405,5.224027157,5.307214737,5.376956940,5.259624004,5.233813286,5.195351601,5.825244904,7.190491676,7.824782848]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} +02273{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":466,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319049640319,"flow_dst_last_pkt_time":1484319049653906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":23168,"midstream":0,"thread_ts_usec":1484319049653906,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":590,"avg":428029.7,"max":6030936,"stddev":1231580.9,"var":1516791529472.0,"ent":2.3,"data": [22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068]},"pktlen": {"min":52,"avg":795.6,"max":1500,"stddev":706.6,"var":499284.2,"ent":4.3,"data": [64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1],"entropies": [4.570159912,5.187539101,5.118428230,5.866323471,5.308815956,7.539054394,7.823310852,5.094483852,7.811959267,5.038779736,7.799767494,7.796337128,5.156889439,7.762200832,7.778352737,7.834424973,7.823929787,7.799146652,7.830269337,7.869925976,7.880800724,7.877037048,5.357215405,5.224027157,5.307214737,5.376956940,5.259624004,5.233813286,5.195351601,5.825244904,7.190491676,7.824782848]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1484319049665892,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="} 01155{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":468,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319049665892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net","domainame":"a803.dscg.akamai.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["184.25.204.24,ttl=12","184.25.204.40,ttl=12"]}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049672494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049672494,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -200,16 +200,16 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049697401,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049700208,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049700208,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1484319049703194,"pkt":"gCqoTGHM5JjWH70UCABFAAEMARZAAEAG8vTAqAEHuBnMGM+hAFBgKjK1ldAXCYAYEBWbUgAAAQEICh9k+AP\/\/IQ4R0VUIC90cGEzLzYxNi8yMDQxNzc5NjE2LmJpZiBIVFRQLzEuMQ0KSG9zdDogdHAuYWthbS5uZmx4aW1nLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCg0K"} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049703194,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} +01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049703194,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049725869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049725869,"pkt":"5JjWH70UgCqoTGHMCABFIAA0k1dAADwGZWu4GcwYwKgBBwBQz6GV0BcJYCozjYAQA6uA6gAAAQEICv\/8hF4fZPgD"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049740377,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049743556,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049743556,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"} 01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319049748048,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KeBAAEAGBT7AqAEHNr8RM8+qAbupwyRbcKY8y4AYEBVJ9gAAAQEICh9k+C6tikoKFgMBAgABAAH8AwPYXvBe7OTKRo\/HluRIJZi3JSt\/Gg\/Ui4yLFjBV5BYvDAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049748048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049753726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049753726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} +01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049748048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049753726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049753726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049807153,"pkt":"5JjWH70UgCqoTGHMCABFIAA0dtFAACoG0DE2vxEzwKgBBwG7z6pwpjzLqcMmYIAQAD0OrAAAAQEICq2KShofZPgu"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":497,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049807663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049850914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319049850914,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":497,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049807663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01695{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049850914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319049850914,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050652467,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319050652467,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319050677236,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="} @@ -335,7 +335,7 @@ 02530{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1058,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319061706774,"flow_dst_last_pkt_time":1484319061794702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061794702,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":240,"avg":355944.2,"max":3546297,"stddev":682699.4,"var":466078498816.0,"ent":3.5,"data": [43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168]},"pktlen": {"min":52,"avg":493.2,"max":1500,"stddev":638.4,"var":407523.4,"ent":3.9,"data": [64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1],"entropies": [4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} 02529{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1131,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319062638948,"flow_dst_last_pkt_time":1484319062680623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319062680623,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":414504.9,"max":4457097,"stddev":811357.3,"var":658300731392.0,"ent":3.6,"data": [41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793]},"pktlen": {"min":52,"avg":538.1,"max":1500,"stddev":656.8,"var":431419.8,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} 02524{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1162,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319062946776,"flow_dst_last_pkt_time":1484319063015567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":10653,"midstream":0,"thread_ts_usec":1484319063015567,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":682,"avg":435375.1,"max":4431980,"stddev":814478.7,"var":663375511552.0,"ent":3.6,"data": [43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669]},"pktlen": {"min":52,"avg":404.2,"max":1500,"stddev":589.2,"var":347103.4,"ent":3.7,"data": [64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500]},"bins": {"c_to_s": [22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1],"entropies": [4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} -02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1269,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":136,"avg":1958267.8,"max":30086001,"stddev":7379834.5,"var":54461959503872.0,"ent":1.1,"data": [47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822]},"pktlen": {"min":52,"avg":380.0,"max":1500,"stddev":556.9,"var":310128.2,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1],"entropies": [4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1269,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":136,"avg":1958267.8,"max":30086001,"stddev":7379834.5,"var":54461959503872.0,"ent":1.1,"data": [47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822]},"pktlen": {"min":52,"avg":380.0,"max":1500,"stddev":556.9,"var":310128.2,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1],"entropies": [4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064590230,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064590230,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1295,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319064593980,"flow_dst_last_pkt_time":1484319064593980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064593980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -363,30 +363,30 @@ 01208{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319064699948,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com","domainame":"ichnaea.geo.netflix.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.37.36.252,ttl=22","52.43.102.20,ttl=22","52.34.255.169,ttl=22","52.24.110.210,ttl=22"]}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064711690,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064711690,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"} -02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1317,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":1003326.9,"max":30431499,"stddev":5372888.5,"var":28867930619904.0,"ent":0.2,"data": [44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499]},"pktlen": {"min":52,"avg":379.5,"max":1500,"stddev":557.0,"var":310204.4,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52]},"bins": {"c_to_s": [10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0],"entropies": [4.598081589,5.256567001,5.131024837,5.819132805,5.246409416,7.227420330,7.332920074,5.092563152,6.984497547,5.169486046,6.274277210,5.113821983,5.948767662,5.284871101,6.050486565,5.246409416,7.870395660,7.873335838,7.867392540,5.246409416,7.876014709,7.339691162,5.169486046,5.284871101,5.284871101,7.775086403,6.215628147,5.873826027,5.246409416,5.169486046,5.154969215,5.003043175]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1317,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":1003326.9,"max":30431499,"stddev":5372888.5,"var":28867930619904.0,"ent":0.2,"data": [44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499]},"pktlen": {"min":52,"avg":379.5,"max":1500,"stddev":557.0,"var":310204.4,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52]},"bins": {"c_to_s": [10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0],"entropies": [4.598081589,5.256567001,5.131024837,5.819132805,5.246409416,7.227420330,7.332920074,5.092563152,6.984497547,5.169486046,6.274277210,5.113821983,5.948767662,5.284871101,6.050486565,5.246409416,7.870395660,7.873335838,7.867392540,5.246409416,7.876014709,7.339691162,5.169486046,5.284871101,5.284871101,7.775086403,6.215628147,5.873826027,5.246409416,5.169486046,5.154969215,5.003043175]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722112,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722814,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064723412,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064723412,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064724096,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064724096,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"} 01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064728551,"pkt":"gCqoTGHM5JjWH70UCABFAAI52vZAAEAGVCfAqAEHNr8RM8\/JAbsptVYeqmuNy4AYEBU\/AQAAAQEICh9lMBGtilitFgMBAgABAAH8AwOssLX4r6P7GP1cyM+\/QL5jcos5eemrJxEB7qfdYiVRRQAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064728551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064728551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064729673,"pkt":"gCqoTGHM5JjWH70UCABFAAI526xAAEAGU3HAqAEHNr8RM8\/SAbtTxg2VXDZIdIAYEBX36QAAAQEICh9lMBOtilitFgMBAgABAAH8AwM\/Ud3IJ+zS9aVmySryI5irQf+M2+tqC0+UPSJWqvpDqAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064729673,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064729673,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064781140,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1333,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064782652,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064782652,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1334,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064783171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064783171,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EM5AACoGNjU2vxEzwKgBBwG7z9JcNkh0U8YPmoAQAD09hgAAAQEICq2KWL0fZTAT"} 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1337,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319064785302,"pkt":"gCqoTGHM5JjWH70UCABFAAEZfjdAAEAGoNfAqAEHNCUk\/M\/TAbvE99WTX4M6HoAYEBXgSwAAAQEICh9lMEiFpSALFgMBAOABAADcAwNYeOlYxBLS5gM2ky3bQNFyoxLviT91lQxxEizDalFYdwAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1337,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064785302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1337,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064785302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064796538,"pkt":"5JjWH70UgCqoTGHMCABFIAA01XFAACkGcpE2vxEzwKgBBwG7z8mqa43LKbVYI4AQAD2LiwAAAQEICq2KWL4fZTAR"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1341,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064796989,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1342,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064823890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064823890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1341,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064796989,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1342,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064823890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064823890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064836708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064836708,"pkt":"5JjWH70UgCqoTGHMCABFIAA0GgVAACoGG880JST8wKgBBwG7z9NfgzoexPfWeIAQAEtfkAAAAQEICoWlIB4fZTBI"} -01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1344,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064850606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064850606,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} -01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1348,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1349,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} -01720{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} -02349{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1408,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":182,"avg":52521.9,"max":282465,"stddev":58168.2,"var":3383536896.0,"ent":4.2,"data": [50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723]},"pktlen": {"min":52,"avg":552.5,"max":1500,"stddev":629.7,"var":396553.7,"ent":4.0,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52]},"bins": {"c_to_s": [10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0],"entropies": [4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1428,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":59431.0,"max":332646,"stddev":83335.9,"var":6944879104.0,"ent":3.8,"data": [69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549]},"pktlen": {"min":52,"avg":746.1,"max":1500,"stddev":703.8,"var":495333.0,"ent":4.2,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500]},"bins": {"c_to_s": [6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0],"s_to_c": [6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0],"entropies": [4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1344,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064850606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064850606,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1348,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1349,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01718{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +02347{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1408,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":182,"avg":52521.9,"max":282465,"stddev":58168.2,"var":3383536896.0,"ent":4.2,"data": [50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723]},"pktlen": {"min":52,"avg":552.5,"max":1500,"stddev":629.7,"var":396553.7,"ent":4.0,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52]},"bins": {"c_to_s": [10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0],"entropies": [4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1428,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":59431.0,"max":332646,"stddev":83335.9,"var":6944879104.0,"ent":3.8,"data": [69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549]},"pktlen": {"min":52,"avg":746.1,"max":1500,"stddev":703.8,"var":495333.0,"ent":4.2,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500]},"bins": {"c_to_s": [6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0],"s_to_c": [6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0],"entropies": [4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 02523{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1450,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5292,"avg":101928.1,"max":730898,"stddev":155663.8,"var":24231225344.0,"ent":4.0,"data": [30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720]},"pktlen": {"min":52,"avg":648.3,"max":1500,"stddev":653.4,"var":426995.3,"ent":4.2,"data": [64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0],"entropies": [4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070636683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319070636683,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"} @@ -426,10 +426,10 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319114455348,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1484319114457327,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114457327,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"} 01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319114464321,"pkt":"gCqoTGHM5JjWH70UCABFAAI5Y7ZAAEAGyGPAqAEHNCAW1s\/2Abt+TgYKSUprD4AYEBXEQwAAAQEICh9l6gK2sSMxFgMBAgABAAH8AwPYD50dwaa6SBFM+FER3hNsABrlY\/SCFZdiIuSkbU7v5QAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1541,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114464321,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1541,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114464321,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114523056,"pkt":"5JjWH70UgCqoTGHMCABFIAA0SDFAACkG\/M00IBbWwKgBBwG7z\/ZJSmsPfk4ID4AQAD16GQAAAQEICraxIz8fZeoC"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1543,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319114523585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114556754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319114556754,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1543,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319114523585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114556754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319114556754,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1565,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1484319117511945,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="} 01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1565,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com","domainame":"api-global.latency.prodaa.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -442,17 +442,17 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117664151,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117667082,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117667082,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"} 01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117668880,"pkt":"gCqoTGHM5JjWH70UCABFAAI59gxAAEAGLtXAqAEHNCkeBc\/3Abv7qhZUzpmKroAYEBUUlAAAAQEICh9l9feh\/Yo1FgMBAgABAAH8AwNYeOmNAe5Q0hcaTI2Ej50ifhjlODvil\/8YZ4JhR3RxkSAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAAGNAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMzdAAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQAFAAUBAAAAAAASAAAAFwAAABUA+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117668880,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117668880,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117703150,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117704525,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117704525,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"} 01252{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117713351,"pkt":"gCqoTGHM5JjWH70UCABFAAI5taBAAEAGdnnAqAEHNCAW1tAAAbtmeMEhXwOe+oAYEBXylgAAAQEICh9l9hq2sSZcFgMBAgABAAH8AwN8q\/ZLhsSOm12ptnIT0OvNxxjn3f9+RlJ5hY7lfSkXAAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117713351,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117713351,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117734717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117734717,"pkt":"5JjWH70UgCqoTGHMCABFIAA0AOhAACkGPN80KR4FwKgBBwG7z\/fOmYqu+6oYWYAQAD3iAQAAAQEICqH9ikcfZfX3"} -01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117737656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117737656,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01751{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1581,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117738672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319117738672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117737656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117737656,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1581,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117738672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319117738672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117767728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117767728,"pkt":"5JjWH70UgCqoTGHMCABFIAA0uJNAACkGjGs0IBbWwKgBBwG70ABfA576ZnjDJoAQAD194wAAAQEICraxJm0fZfYa"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1589,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117770085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117770085,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1590,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117771052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319117771052,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1589,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117770085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117770085,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1590,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117771052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319117771052,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117826887,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117826887,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1599,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117827967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117827967,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -460,16 +460,16 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117879588,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117881117,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117881117,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117885772,"pkt":"gCqoTGHM5JjWH70UCABFAAEEKuFAAEAG+zXAqAEHNCkeBdABAbshc+wiWjzIs4AYEBUAlAAAAQEICh9l9sOh\/YpsFgMBAMsBAADHAwNYeOmNxGxgi8I9EIqk5oJkWnJI9VweKmO\/JyQkao7GaCDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1605,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117885772,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1605,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117885772,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117886937,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117890575,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117890575,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117892631,"pkt":"gCqoTGHM5JjWH70UCABFAAEEuTxAAEAGbNrAqAEHNCkeBdACAbuRqNIG4ZYSCoAYEBUMGAAAAQEICh9l9seh\/YptFgMBAMsBAADHAwNYeOmNE5tkHrD0G2XjxlOstOMmL3TKkSrM+b+7cNSu7CDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1608,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1608,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117929656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117929656,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QsRAACoG+gI0KR4FwKgBBwG70AFaPMizIXPs8oAQAD0c8QAAAQEICqH9ingfZfbD"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1615,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1615,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117941532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117941532,"pkt":"5JjWH70UgCqoTGHMCABFIAA0mHNAACkGpVM0KR4FwKgBBwG70ALhlhIKkajS1oAQAD32HgAAAQEICqH9insfZfbH"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1622,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02329{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1669,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":140,"avg":20407.3,"max":141407,"stddev":28956.2,"var":838464256.0,"ent":3.9,"data": [52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840]},"pktlen": {"min":52,"avg":420.8,"max":1500,"stddev":506.4,"var":256458.0,"ent":4.1,"data": [64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707]},"bins": {"c_to_s": [12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1622,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1669,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":140,"avg":20407.3,"max":141407,"stddev":28956.2,"var":838464256.0,"ent":3.9,"data": [52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840]},"pktlen": {"min":52,"avg":420.8,"max":1500,"stddev":506.4,"var":256458.0,"ent":4.1,"data": [64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707]},"bins": {"c_to_s": [12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1484319118629811,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net","domainame":"a1907.dscg.akamai.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -484,28 +484,28 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1484319118658049,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319118674728,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1699,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1484319118675789,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118675789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1700,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319118676250,"pkt":"gCqoTGHM5JjWH70UCABFAAEppeRAAEAGThfAqAEHuBnMCtADAFAmSxL+8j0E\/YAYEBUliAAAAQEICh9l+cH\/\/WqNR0VUIC80ZTM2ZC82Mjg5ODg5MDIwZDZjYzZkZmIzMDM4YzM1NTY0YTQxZTFjYTRlMzZkLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="} -01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1700,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118676250,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","domainame":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1700,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118676250,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","domainame":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319118687774,"pkt":"gCqoTGHM5JjWH70UCABFAAEp1+JAAEAGHBnAqAEHuBnMCtAEAFDFgkYiq+D9DIAYEBXuKgAAAQEICh9l+cj\/\/WqNR0VUIC84YjFmYS9lYWExYjc4Y2Q3MmNhNGRiZGNhYjUyNzY5MWQyZmNhYjM3YzhiMWZhLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="} -01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1702,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118687774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","domainame":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1702,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118687774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","domainame":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118700093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118700093,"pkt":"5JjWH70UgCqoTGHMCABFIAA0blRAADwGiny4GcwKwKgBBwBQ0APyPQT9JksT84AQA6unowAAAQEICv\/9aqkfZfnB"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1707,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118713206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118713206,"pkt":"5JjWH70UgCqoTGHMCABFIAA0l79AADwGYRG4GcwKwKgBBwBQ0ASr4P0MxYJHF4AQA6sjgwAAAQEICv\/9arMfZfnI"} -02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1715,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":95,"avg":63539.0,"max":500942,"stddev":121518.7,"var":14766798848.0,"ent":3.3,"data": [58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945]},"pktlen": {"min":52,"avg":442.8,"max":1500,"stddev":552.3,"var":305076.8,"ent":4.0,"data": [64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500]},"bins": {"c_to_s": [10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -02271{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1759,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118854817,"flow_dst_last_pkt_time":1484319119584735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":34752,"midstream":0,"thread_ts_usec":1484319119584735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":508,"avg":36240.5,"max":99830,"stddev":21554.2,"var":464585632.0,"ent":4.7,"data": [16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489]},"pktlen": {"min":52,"avg":1146.7,"max":1500,"stddev":613.3,"var":376142.5,"ent":4.7,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} -02263{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1784,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120611345,"flow_dst_last_pkt_time":1484319120609765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":22387,"midstream":0,"thread_ts_usec":1484319120611345,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":241,"avg":126007.9,"max":1416280,"stddev":340787.6,"var":116136157184.0,"ent":2.6,"data": [15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156]},"pktlen": {"min":52,"avg":767.5,"max":1500,"stddev":698.9,"var":488505.9,"ent":4.3,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} +02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1715,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":95,"avg":63539.0,"max":500942,"stddev":121518.7,"var":14766798848.0,"ent":3.3,"data": [58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945]},"pktlen": {"min":52,"avg":442.8,"max":1500,"stddev":552.3,"var":305076.8,"ent":4.0,"data": [64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500]},"bins": {"c_to_s": [10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1759,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118854817,"flow_dst_last_pkt_time":1484319119584735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":34752,"midstream":0,"thread_ts_usec":1484319119584735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":508,"avg":36240.5,"max":99830,"stddev":21554.2,"var":464585632.0,"ent":4.7,"data": [16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489]},"pktlen": {"min":52,"avg":1146.7,"max":1500,"stddev":613.3,"var":376142.5,"ent":4.7,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} +02264{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1784,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120611345,"flow_dst_last_pkt_time":1484319120609765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":22387,"midstream":0,"thread_ts_usec":1484319120611345,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":241,"avg":126007.9,"max":1416280,"stddev":340787.6,"var":116136157184.0,"ent":2.6,"data": [15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156]},"pktlen": {"min":52,"avg":767.5,"max":1500,"stddev":698.9,"var":488505.9,"ent":4.3,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319113019284,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1976,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} -01058{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01019{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":32,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319085476120,"flow_dst_last_pkt_time":1484319085460132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":41992,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":10,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043232639,"flow_dst_last_pkt_time":1484319043341642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} -01019{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319075730913,"flow_dst_last_pkt_time":1484319075722109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} -01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":13,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049930810,"flow_dst_last_pkt_time":1484319050538865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":15928,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com"}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":25,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120726362,"flow_dst_last_pkt_time":1484319120717893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":31755,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":29,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319120053813,"flow_dst_last_pkt_time":1484319119662360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":39096,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} -00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319063913670,"flow_dst_last_pkt_time":1484319063911664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":4205,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033206251,"flow_dst_last_pkt_time":1484319033328231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2482,"flow_dst_tot_l4_payload_len":6399,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319063914824,"flow_dst_last_pkt_time":1484319063913042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":923,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":1187,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01125{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319117555613,"flow_dst_last_pkt_time":1484319117553842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":4474,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117994811,"flow_dst_last_pkt_time":1484319117992103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4361,"flow_dst_tot_l4_payload_len":4406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01020{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":32,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319085476120,"flow_dst_last_pkt_time":1484319085460132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":41992,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} +01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":10,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043232639,"flow_dst_last_pkt_time":1484319043341642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} +01020{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319075730913,"flow_dst_last_pkt_time":1484319075722109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net"}} +01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":13,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049930810,"flow_dst_last_pkt_time":1484319050538865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":15928,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":25,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120726362,"flow_dst_last_pkt_time":1484319120717893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":31755,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":29,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319120053813,"flow_dst_last_pkt_time":1484319119662360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":39096,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net"}} +00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319063913670,"flow_dst_last_pkt_time":1484319063911664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":4205,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033206251,"flow_dst_last_pkt_time":1484319033328231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2482,"flow_dst_tot_l4_payload_len":6399,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319063914824,"flow_dst_last_pkt_time":1484319063913042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":923,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":1187,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319117555613,"flow_dst_last_pkt_time":1484319117553842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":4474,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117994811,"flow_dst_last_pkt_time":1484319117992103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4361,"flow_dst_tot_l4_payload_len":4406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032866374,"flow_dst_last_pkt_time":1484319032884052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114400480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net"}} @@ -513,29 +513,29 @@ 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319032882949,"flow_src_last_pkt_time":1484319032882949,"flow_dst_last_pkt_time":1484319032884500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ichnaea.us-west-2.prodaa.netflix.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com"}} -01027{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":17,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319096924088,"flow_dst_last_pkt_time":1484319096921856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20856,"flow_dst_tot_l4_payload_len":4094,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} -01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319119338372,"flow_dst_last_pkt_time":1484319119162139,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":21553,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01165{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":27,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118687018,"flow_dst_last_pkt_time":1484319118675176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4272,"flow_dst_tot_l4_payload_len":18162,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319118041692,"flow_dst_last_pkt_time":1484319118040132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1384,"flow_dst_max_l4_payload_len":1000,"flow_src_tot_l4_payload_len":2158,"flow_dst_tot_l4_payload_len":2014,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":17,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319096924088,"flow_dst_last_pkt_time":1484319096921856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20856,"flow_dst_tot_l4_payload_len":4094,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} +01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319119338372,"flow_dst_last_pkt_time":1484319119162139,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":21553,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":27,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118687018,"flow_dst_last_pkt_time":1484319118675176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4272,"flow_dst_tot_l4_payload_len":18162,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319118041692,"flow_dst_last_pkt_time":1484319118040132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1384,"flow_dst_max_l4_payload_len":1000,"flow_src_tot_l4_payload_len":2158,"flow_dst_tot_l4_payload_len":2014,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036847572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sha2.san.akam.nflximg.net"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"appboot.netflix.com"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"artwork.akam.nflximg.net"}} -01124{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319033215216,"flow_dst_last_pkt_time":1484319033213209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2185,"flow_dst_tot_l4_payload_len":4385,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01125{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319050696784,"flow_dst_last_pkt_time":1484319050693641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4473,"flow_dst_tot_l4_payload_len":8193,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064982710,"flow_dst_last_pkt_time":1484319064978926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4531,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01163{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065592399,"flow_dst_last_pkt_time":1484319065588591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6786,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com"}} -01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319063911876,"flow_dst_last_pkt_time":1484319063910283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5170,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} -01026{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319064012018,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} -01027{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064790823,"flow_dst_last_pkt_time":1484319064782569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4171,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} +01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319033215216,"flow_dst_last_pkt_time":1484319033213209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2185,"flow_dst_tot_l4_payload_len":4385,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319050696784,"flow_dst_last_pkt_time":1484319050693641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4473,"flow_dst_tot_l4_payload_len":8193,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064982710,"flow_dst_last_pkt_time":1484319064978926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4531,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01161{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065592399,"flow_dst_last_pkt_time":1484319065588591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6786,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com"}} +01023{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319063911876,"flow_dst_last_pkt_time":1484319063910283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5170,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} +01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319064012018,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} +01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064790823,"flow_dst_last_pkt_time":1484319064782569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4171,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com"}} -01028{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":26,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319080085510,"flow_dst_last_pkt_time":1484319080083748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":27820,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com"}} -00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":8,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036977437,"flow_dst_last_pkt_time":1484319036976156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1090,"flow_dst_tot_l4_payload_len":3533,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -01028{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319081182418,"flow_dst_last_pkt_time":1484319081180537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9065,"flow_dst_tot_l4_payload_len":5638,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01165{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":18,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319073564849,"flow_dst_last_pkt_time":1484319073562707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":6263,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01166{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":39,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319073578996,"flow_dst_last_pkt_time":1484319073576827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4348,"flow_dst_tot_l4_payload_len":35028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} -01125{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319066108619,"flow_dst_last_pkt_time":1484319066106464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2624,"flow_dst_tot_l4_payload_len":3919,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01026{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":26,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319080085510,"flow_dst_last_pkt_time":1484319080083748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":27820,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":8,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036977437,"flow_dst_last_pkt_time":1484319036976156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1090,"flow_dst_tot_l4_payload_len":3533,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} +01026{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319081182418,"flow_dst_last_pkt_time":1484319081180537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9065,"flow_dst_tot_l4_payload_len":5638,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01163{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":18,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319073564849,"flow_dst_last_pkt_time":1484319073562707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":6263,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01164{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":39,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319073578996,"flow_dst_last_pkt_time":1484319073576827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4348,"flow_dst_tot_l4_payload_len":35028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com"}} +01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319066108619,"flow_dst_last_pkt_time":1484319066106464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2624,"flow_dst_tot_l4_payload_len":3919,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 01282{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":32,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319052229556,"flow_dst_last_pkt_time":1484319052226562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":41059,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.145"}} 01280{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052292468,"flow_dst_last_pkt_time":1484319052290715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":4860,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.10.139"}} 01280{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":34,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319056189450,"flow_dst_last_pkt_time":1484319056186291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":42887,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140"}} @@ -554,7 +554,7 @@ 01283{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319065147554,"flow_dst_last_pkt_time":1484319065269365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":10445,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} 01281{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070825326,"flow_dst_last_pkt_time":1484319070905880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":8954,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133"}} 01284{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":18,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091498293,"flow_dst_last_pkt_time":1484319091694942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":22028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1793,"packets-processed":1793,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":69,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1484319120726362} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/hostname_dns_check\/pcap\/netflix.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1793,"packets-processed":1793,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":69,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1484319120726362} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1793/1793 ~~ skipped flows.............: 0 @@ -563,9 +563,9 @@ ~~ total active/idle flows...: 61/61 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9402682 bytes -~~ total memory freed........: 9402682 bytes -~~ total allocations/frees...: 143511/143511 +~~ total memory allocated....: 10169273 bytes +~~ total memory freed........: 10169273 bytes +~~ total allocations/frees...: 157486/157486 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2550 chars diff --git a/test/results/http_process_response_disable/http.pcapng.out b/test/results/http_process_response_disable/http.pcapng.out index 7fbc1c24b..ba8477d7e 100644 --- a/test/results/http_process_response_disable/http.pcapng.out +++ b/test/results/http_process_response_disable/http.pcapng.out @@ -1,5 +1,5 @@ -00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} +00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441023341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441023341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8mDFAAEAGN5nAqAGA2DrQjqS6AFARiJzNAAAAAKAC+vCG+AAAAgQFtAQCCArCG0WpAAAAAAEDAwc="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441030591,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8NRsAAHgGoi\/YOtCOwKgBgABQpLoKOrN\/EYiczqAS\/\/9o0gAAAgQFlgQCCArUwoamwhtFqQEDAwg="} @@ -8,7 +8,7 @@ 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441030691,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com","domainame":"google.com","http": {"url":"google.com\/","code":0,"content_type":"","user_agent":"curl\/7.68.0"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441038384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643129441038384,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA0NSMAAHgGoi\/YOtCOwKgBgABQpLoKOrOAEYidGIAQAQCWKAAAAQEICtTChq7CG0Ww"} 01019{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441065505,"flow_dst_last_pkt_time":1643129441065458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":528,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1643129441065505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645177 bytes -~~ total memory freed........: 8645177 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9409551 bytes +~~ total memory freed........: 9409551 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 567 chars ~~ json message max len.......: 1092 chars diff --git a/test/results/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/http_process_response_disable/http_asymmetric.pcapng.out index 983a5ba03..857c83871 100644 --- a/test/results/http_process_response_disable/http_asymmetric.pcapng.out +++ b/test/results/http_process_response_disable/http_asymmetric.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394414,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631378210394414,"pkt":"AAwpnvCVKBao9vgDCABFAAA0WexAAIAGAADAqAABCgoKAQQUAFAzLWQXAAAAAIAC+vADxAAAAgQFtAEDAwgBAQQC"} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210394789,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394789,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -18,7 +18,7 @@ 01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210504093,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210504093,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 01161{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378215504662,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local"}} 01425{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1631378215504945} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1631378215504945} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648820 bytes -~~ total memory freed........: 8648820 bytes -~~ total allocations/frees...: 140593/140593 +~~ total memory allocated....: 9413226 bytes +~~ total memory freed........: 9413226 bytes +~~ total allocations/frees...: 154559/154559 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 2542 chars diff --git a/test/results/huge_number_of_custom_protocols/synscan.pcap.out b/test/results/huge_number_of_custom_protocols/synscan.pcap.out index a3ce9655f..46986527f 100644 --- a/test/results/huge_number_of_custom_protocols/synscan.pcap.out +++ b/test/results/huge_number_of_custom_protocols/synscan.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278275056274870} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278275056274870} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056274870,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056274870,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1278275056274870,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056276409,"flow_src_last_pkt_time":1278275056276409,"flow_dst_last_pkt_time":1278275056276409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056276409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -7993,7 +7993,7 @@ 00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060746505,"flow_src_last_pkt_time":1278275060746505,"flow_dst_last_pkt_time":1278275060746505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01056{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060850680,"flow_src_last_pkt_time":1278275060850680,"flow_dst_last_pkt_time":1278275060850680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060850680,"flow_src_last_pkt_time":1278275060850680,"flow_dst_last_pkt_time":1278275060850680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":2011,"packets-processed":2011,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1850,"total-guessed-flows":144,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/huge_number_of_custom_protocols\/pcap\/synscan.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":2011,"packets-processed":2011,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1850,"total-guessed-flows":144,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2011/2011 ~~ skipped flows.............: 0 @@ -8002,9 +8002,9 @@ ~~ total active/idle flows...: 1994/1994 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 13604007 bytes -~~ total memory freed........: 13604007 bytes -~~ total allocations/frees...: 166465/166465 +~~ total memory allocated....: 14432157 bytes +~~ total memory freed........: 14432157 bytes +~~ total allocations/frees...: 180431/180431 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 1270 chars diff --git a/test/results/influxd/custom_rules/custom_rules_overwrite_domains.pcap.out b/test/results/influxd/custom_rules/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..f312b6d81 --- /dev/null +++ b/test/results/influxd/custom_rules/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,11 @@ +general json_lines=31,json_bytes=36410,flow_src_total_bytes=12994,flow_dst_total_bytes=6376 +events flow_new_count=3,flow_end_count=2,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=2,flow_state_finished=1 +breed flow_breed_safe_count=2,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/1kxun.pcap.out b/test/results/influxd/default/1kxun.pcap.out index ee3f481b7..fcaa18ff1 100644 --- a/test/results/influxd/default/1kxun.pcap.out +++ b/test/results/influxd/default/1kxun.pcap.out @@ -1,4 +1,4 @@ -general json_lines=1287,json_bytes=1538832,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +general json_lines=1287,json_bytes=1538878,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=17,flow_not_detected_count=9,flow_risky_count=24,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=26,flow_state_finished=171 breed flow_breed_safe_count=7,flow_breed_acceptable_count=122,flow_breed_fun_count=49,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/KakaoTalk_chat.pcap.out b/test/results/influxd/default/KakaoTalk_chat.pcap.out index c10b90e65..42ff617ec 100644 --- a/test/results/influxd/default/KakaoTalk_chat.pcap.out +++ b/test/results/influxd/default/KakaoTalk_chat.pcap.out @@ -1,4 +1,4 @@ -general json_lines=269,json_bytes=238703,flow_src_total_bytes=15862,flow_dst_total_bytes=36150 +general json_lines=269,json_bytes=238695,flow_src_total_bytes=15862,flow_dst_total_bytes=36150 events flow_new_count=38,flow_end_count=8,flow_idle_count=30,flow_update_count=1,flow_analyse_count=3,flow_guessed_count=5,flow_detected_count=33,flow_detection_update_count=32,flow_not_detected_count=0,flow_risky_count=10,packet_count=0,packet_flow_count=116,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=12,flow_state_finished=26 breed flow_breed_safe_count=9,flow_breed_acceptable_count=19,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/KakaoTalk_talk.pcap.out b/test/results/influxd/default/KakaoTalk_talk.pcap.out index 4d048fae3..c5701a513 100644 --- a/test/results/influxd/default/KakaoTalk_talk.pcap.out +++ b/test/results/influxd/default/KakaoTalk_talk.pcap.out @@ -1,4 +1,4 @@ -general json_lines=145,json_bytes=122797,flow_src_total_bytes=146910,flow_dst_total_bytes=144494 +general json_lines=145,json_bytes=122793,flow_src_total_bytes=146910,flow_dst_total_bytes=144494 events flow_new_count=20,flow_end_count=6,flow_idle_count=14,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=9,flow_detected_count=11,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=73,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=11,flow_state_finished=9 breed flow_breed_safe_count=5,flow_breed_acceptable_count=5,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/alexa-app.pcapng.out b/test/results/influxd/default/alexa-app.pcapng.out index b0838af59..65399a9de 100644 --- a/test/results/influxd/default/alexa-app.pcapng.out +++ b/test/results/influxd/default/alexa-app.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=1415,json_bytes=1279539,flow_src_total_bytes=399153,flow_dst_total_bytes=588052 +general json_lines=1415,json_bytes=1279850,flow_src_total_bytes=399153,flow_dst_total_bytes=588052 events flow_new_count=160,flow_end_count=104,flow_idle_count=56,flow_update_count=77,flow_analyse_count=23,flow_guessed_count=14,flow_detected_count=146,flow_detection_update_count=143,flow_not_detected_count=0,flow_risky_count=62,packet_count=5,packet_flow_count=679,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=5,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=82,flow_state_finished=78 breed flow_breed_safe_count=7,flow_breed_acceptable_count=138,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/android.pcap.out b/test/results/influxd/default/android.pcap.out index 87b826dff..a6322df35 100644 --- a/test/results/influxd/default/android.pcap.out +++ b/test/results/influxd/default/android.pcap.out @@ -1,4 +1,4 @@ -general json_lines=436,json_bytes=376508,flow_src_total_bytes=25482,flow_dst_total_bytes=76498 +general json_lines=436,json_bytes=376510,flow_src_total_bytes=25482,flow_dst_total_bytes=76498 events flow_new_count=63,flow_end_count=9,flow_idle_count=54,flow_update_count=3,flow_analyse_count=1,flow_guessed_count=3,flow_detected_count=60,flow_detection_update_count=44,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=196,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=22,flow_state_finished=41 breed flow_breed_safe_count=9,flow_breed_acceptable_count=50,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/anyconnect-vpn.pcap.out b/test/results/influxd/default/anyconnect-vpn.pcap.out index d697c695c..127da087a 100644 --- a/test/results/influxd/default/anyconnect-vpn.pcap.out +++ b/test/results/influxd/default/anyconnect-vpn.pcap.out @@ -1,6 +1,6 @@ -general json_lines=457,json_bytes=391173,flow_src_total_bytes=38688,flow_dst_total_bytes=56727 +general json_lines=457,json_bytes=391177,flow_src_total_bytes=38688,flow_dst_total_bytes=56727 events flow_new_count=69,flow_end_count=10,flow_idle_count=59,flow_update_count=3,flow_analyse_count=3,flow_guessed_count=6,flow_detected_count=61,flow_detection_update_count=34,flow_not_detected_count=2,flow_risky_count=17,packet_count=0,packet_flow_count=207,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=16,flow_state_finished=53 +state flow_state_info=17,flow_state_finished=52 breed flow_breed_safe_count=13,flow_breed_acceptable_count=48,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=13,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=35,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=10,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=2,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=61,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 diff --git a/test/results/influxd/default/anydesk.pcapng.out b/test/results/influxd/default/anydesk.pcapng.out index 9ba7dcf4c..034e5eb41 100644 --- a/test/results/influxd/default/anydesk.pcapng.out +++ b/test/results/influxd/default/anydesk.pcapng.out @@ -1,6 +1,6 @@ -general json_lines=66,json_bytes=66126,flow_src_total_bytes=19883,flow_dst_total_bytes=15955 +general json_lines=66,json_bytes=66122,flow_src_total_bytes=19883,flow_dst_total_bytes=15955 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=1,flow_state_finished=6 +state flow_state_info=2,flow_state_finished=5 breed flow_breed_safe_count=4,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 diff --git a/test/results/influxd/default/bets.pcapng.out b/test/results/influxd/default/bets.pcapng.out index 369e64da4..16683fb81 100644 --- a/test/results/influxd/default/bets.pcapng.out +++ b/test/results/influxd/default/bets.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=13,json_bytes=11804,flow_src_total_bytes=573,flow_dst_total_bytes=6919 +general json_lines=13,json_bytes=11824,flow_src_total_bytes=573,flow_dst_total_bytes=6919 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/conncheck.pcap.out b/test/results/influxd/default/conncheck.pcap.out index 0cb73afc2..9d81193e0 100644 --- a/test/results/influxd/default/conncheck.pcap.out +++ b/test/results/influxd/default/conncheck.pcap.out @@ -1,8 +1,8 @@ -general json_lines=96,json_bytes=74463,flow_src_total_bytes=5724,flow_dst_total_bytes=5222 -events flow_new_count=10,flow_end_count=6,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=7,packet_flow_count=47,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=7,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=102,json_bytes=81994,flow_src_total_bytes=5724,flow_dst_total_bytes=5222 +events flow_new_count=10,flow_end_count=6,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=0,packet_count=7,packet_flow_count=47,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=7,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=7 breed flow_breed_safe_count=1,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=9,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=3,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/custom_rules_ip.pcapng.out b/test/results/influxd/default/custom_rules_ip.pcapng.out new file mode 100644 index 000000000..cac8be948 --- /dev/null +++ b/test/results/influxd/default/custom_rules_ip.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=21,json_bytes=15912,flow_src_total_bytes=75,flow_dst_total_bytes=0 +events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=2,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=9,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=3,flow_state_finished=0 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=1,flow_guessed_count=2,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=1,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/custom_rules_overwrite_domains.pcap.out b/test/results/influxd/default/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..a400ca035 --- /dev/null +++ b/test/results/influxd/default/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,11 @@ +general json_lines=31,json_bytes=36255,flow_src_total_bytes=12994,flow_dst_total_bytes=6376 +events flow_new_count=3,flow_end_count=2,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=2,flow_state_finished=1 +breed flow_breed_safe_count=2,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/dazn.pcapng.out b/test/results/influxd/default/dazn.pcapng.out index e3132a4f0..2f5cdfa6f 100644 --- a/test/results/influxd/default/dazn.pcapng.out +++ b/test/results/influxd/default/dazn.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=27,json_bytes=29731,flow_src_total_bytes=1551,flow_dst_total_bytes=4284 +general json_lines=27,json_bytes=29776,flow_src_total_bytes=1551,flow_dst_total_bytes=4284 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out index 42af3ce06..a74864663 100644 --- a/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,4 +1,4 @@ -general json_lines=1539,json_bytes=1581778,flow_src_total_bytes=244416,flow_dst_total_bytes=44650 +general json_lines=1539,json_bytes=1581742,flow_src_total_bytes=244416,flow_dst_total_bytes=44650 events flow_new_count=245,flow_end_count=0,flow_idle_count=245,flow_update_count=200,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=245,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=56,packet_flow_count=488,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=56,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=245 breed flow_breed_safe_count=0,flow_breed_acceptable_count=245,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/dofus.pcap.out b/test/results/influxd/default/dofus.pcap.out index 90ebe949c..9cd9936bf 100644 --- a/test/results/influxd/default/dofus.pcap.out +++ b/test/results/influxd/default/dofus.pcap.out @@ -1,4 +1,4 @@ -general json_lines=48,json_bytes=39241,flow_src_total_bytes=2216,flow_dst_total_bytes=20930 +general json_lines=48,json_bytes=39236,flow_src_total_bytes=2216,flow_dst_total_bytes=20930 events flow_new_count=5,flow_end_count=1,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/epicgames.pcapng.out b/test/results/influxd/default/epicgames.pcapng.out index 77595e7bb..dfa1d4662 100644 --- a/test/results/influxd/default/epicgames.pcapng.out +++ b/test/results/influxd/default/epicgames.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=35,json_bytes=25120,flow_src_total_bytes=5959,flow_dst_total_bytes=1825 +general json_lines=35,json_bytes=25104,flow_src_total_bytes=5959,flow_dst_total_bytes=1825 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/ethereum.pcap.out b/test/results/influxd/default/ethereum.pcap.out index 271a6f224..85a61fc05 100644 --- a/test/results/influxd/default/ethereum.pcap.out +++ b/test/results/influxd/default/ethereum.pcap.out @@ -1,4 +1,4 @@ -general json_lines=573,json_bytes=509768,flow_src_total_bytes=43570,flow_dst_total_bytes=43398 +general json_lines=573,json_bytes=509720,flow_src_total_bytes=43570,flow_dst_total_bytes=43398 events flow_new_count=74,flow_end_count=47,flow_idle_count=27,flow_update_count=0,flow_analyse_count=33,flow_guessed_count=3,flow_detected_count=71,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=315,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=71 breed flow_breed_safe_count=0,flow_breed_acceptable_count=71,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out b/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out index 484b75878..8d150d2f2 100644 --- a/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out @@ -1,4 +1,4 @@ -general json_lines=218,json_bytes=192174,flow_src_total_bytes=14756,flow_dst_total_bytes=10874 +general json_lines=218,json_bytes=192172,flow_src_total_bytes=14756,flow_dst_total_bytes=10874 events flow_new_count=39,flow_end_count=12,flow_idle_count=27,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=22,flow_detected_count=13,flow_detection_update_count=0,flow_not_detected_count=4,flow_risky_count=11,packet_count=8,packet_flow_count=82,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=2,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=6,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=34,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/gaijin_mobile_mixed.pcap.out b/test/results/influxd/default/gaijin_mobile_mixed.pcap.out index 9ad0b212e..d3a5e7de6 100644 --- a/test/results/influxd/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/influxd/default/gaijin_mobile_mixed.pcap.out @@ -1,4 +1,4 @@ -general json_lines=30,json_bytes=25454,flow_src_total_bytes=1542,flow_dst_total_bytes=8296 +general json_lines=30,json_bytes=25448,flow_src_total_bytes=1542,flow_dst_total_bytes=8296 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/gearup_booster.pcap.out b/test/results/influxd/default/gearup_booster.pcap.out index dbecfe252..a781db4c9 100644 --- a/test/results/influxd/default/gearup_booster.pcap.out +++ b/test/results/influxd/default/gearup_booster.pcap.out @@ -1,4 +1,4 @@ -general json_lines=971,json_bytes=751526,flow_src_total_bytes=5730,flow_dst_total_bytes=16706 +general json_lines=971,json_bytes=751305,flow_src_total_bytes=5730,flow_dst_total_bytes=16706 events flow_new_count=192,flow_end_count=0,flow_idle_count=192,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=191,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=385,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=6,flow_state_finished=186 breed flow_breed_safe_count=0,flow_breed_acceptable_count=186,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/gnutella.pcap.out b/test/results/influxd/default/gnutella.pcap.out index debdac908..8c1f00c20 100644 --- a/test/results/influxd/default/gnutella.pcap.out +++ b/test/results/influxd/default/gnutella.pcap.out @@ -1,4 +1,4 @@ -general json_lines=6866,json_bytes=6215505,flow_src_total_bytes=149308,flow_dst_total_bytes=234286 +general json_lines=6866,json_bytes=6215495,flow_src_total_bytes=149308,flow_dst_total_bytes=234286 events flow_new_count=801,flow_end_count=66,flow_idle_count=735,flow_update_count=2519,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=712,flow_detection_update_count=5,flow_not_detected_count=89,flow_risky_count=672,packet_count=1,packet_flow_count=1928,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=1,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=94,flow_state_finished=707 breed flow_breed_safe_count=1,flow_breed_acceptable_count=42,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=667,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/guildwars2.pcapng.out b/test/results/influxd/default/guildwars2.pcapng.out index 525cdb8aa..725bec3a6 100644 --- a/test/results/influxd/default/guildwars2.pcapng.out +++ b/test/results/influxd/default/guildwars2.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=11,json_bytes=8149,flow_src_total_bytes=800,flow_dst_total_bytes=1231 +general json_lines=11,json_bytes=8145,flow_src_total_bytes=800,flow_dst_total_bytes=1231 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out b/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out index 90456855e..4cba0d0e0 100644 --- a/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out @@ -1,4 +1,4 @@ -general json_lines=57,json_bytes=47694,flow_src_total_bytes=14860,flow_dst_total_bytes=81741 +general json_lines=57,json_bytes=47692,flow_src_total_bytes=14860,flow_dst_total_bytes=81741 events flow_new_count=6,flow_end_count=5,flow_idle_count=1,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=6,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/http-crash-content-disposition.pcap.out b/test/results/influxd/default/http-crash-content-disposition.pcap.out index 8bd80764a..22a278776 100644 --- a/test/results/influxd/default/http-crash-content-disposition.pcap.out +++ b/test/results/influxd/default/http-crash-content-disposition.pcap.out @@ -1,4 +1,4 @@ -general json_lines=11,json_bytes=8745,flow_src_total_bytes=475,flow_dst_total_bytes=2369 +general json_lines=11,json_bytes=8741,flow_src_total_bytes=475,flow_dst_total_bytes=2369 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/http_invalid_server.pcap.out b/test/results/influxd/default/http_invalid_server.pcap.out index e864381c8..ff90e752a 100644 --- a/test/results/influxd/default/http_invalid_server.pcap.out +++ b/test/results/influxd/default/http_invalid_server.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=9931,flow_src_total_bytes=82,flow_dst_total_bytes=407 +general json_lines=12,json_bytes=9939,flow_src_total_bytes=82,flow_dst_total_bytes=407 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_ipv6.pcap.out b/test/results/influxd/default/http_ipv6.pcap.out index 6d5df37b0..3f44683f7 100644 --- a/test/results/influxd/default/http_ipv6.pcap.out +++ b/test/results/influxd/default/http_ipv6.pcap.out @@ -1,4 +1,4 @@ -general json_lines=115,json_bytes=104362,flow_src_total_bytes=10659,flow_dst_total_bytes=40534 +general json_lines=115,json_bytes=104370,flow_src_total_bytes=10659,flow_dst_total_bytes=40534 events flow_new_count=15,flow_end_count=3,flow_idle_count=12,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=7,flow_detected_count=8,flow_detection_update_count=11,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=55,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=14,flow_state_finished=1 breed flow_breed_safe_count=5,flow_breed_acceptable_count=1,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/instagram.pcap.out b/test/results/influxd/default/instagram.pcap.out index d7c4113e1..c0a239da3 100644 --- a/test/results/influxd/default/instagram.pcap.out +++ b/test/results/influxd/default/instagram.pcap.out @@ -1,4 +1,4 @@ -general json_lines=299,json_bytes=322254,flow_src_total_bytes=116573,flow_dst_total_bytes=413697 +general json_lines=299,json_bytes=322257,flow_src_total_bytes=116573,flow_dst_total_bytes=413697 events flow_new_count=38,flow_end_count=6,flow_idle_count=32,flow_update_count=4,flow_analyse_count=9,flow_guessed_count=7,flow_detected_count=30,flow_detection_update_count=18,flow_not_detected_count=1,flow_risky_count=5,packet_count=0,packet_flow_count=150,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=22,flow_state_finished=16 breed flow_breed_safe_count=5,flow_breed_acceptable_count=7,flow_breed_fun_count=18,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/iphone.pcap.out b/test/results/influxd/default/iphone.pcap.out index dd92c4e56..691f820f6 100644 --- a/test/results/influxd/default/iphone.pcap.out +++ b/test/results/influxd/default/iphone.pcap.out @@ -1,4 +1,4 @@ -general json_lines=356,json_bytes=326907,flow_src_total_bytes=99351,flow_dst_total_bytes=91009 +general json_lines=356,json_bytes=326923,flow_src_total_bytes=99351,flow_dst_total_bytes=91009 events flow_new_count=51,flow_end_count=3,flow_idle_count=48,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=1,flow_detected_count=50,flow_detection_update_count=40,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=156,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=13,flow_state_finished=38 breed flow_breed_safe_count=8,flow_breed_acceptable_count=39,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/lagofast.pcap.out b/test/results/influxd/default/lagofast.pcap.out index e521b35bd..932c68344 100644 --- a/test/results/influxd/default/lagofast.pcap.out +++ b/test/results/influxd/default/lagofast.pcap.out @@ -1,4 +1,4 @@ -general json_lines=124,json_bytes=118492,flow_src_total_bytes=10830,flow_dst_total_bytes=0 +general json_lines=124,json_bytes=118494,flow_src_total_bytes=10830,flow_dst_total_bytes=0 events flow_new_count=30,flow_end_count=0,flow_idle_count=30,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=30,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=17,flow_state_finished=13 breed flow_breed_safe_count=5,flow_breed_acceptable_count=17,flow_breed_fun_count=8,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/line.pcap.out b/test/results/influxd/default/line.pcap.out index 9d75abb56..ecae96cad 100644 --- a/test/results/influxd/default/line.pcap.out +++ b/test/results/influxd/default/line.pcap.out @@ -1,4 +1,4 @@ -general json_lines=51,json_bytes=52756,flow_src_total_bytes=25568,flow_dst_total_bytes=23936 +general json_lines=51,json_bytes=52752,flow_src_total_bytes=25568,flow_dst_total_bytes=23936 events flow_new_count=5,flow_end_count=1,flow_idle_count=4,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=1,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/lol_wild_rift_udp.pcap.out b/test/results/influxd/default/lol_wild_rift_udp.pcap.out index 7ab48e875..29281c80e 100644 --- a/test/results/influxd/default/lol_wild_rift_udp.pcap.out +++ b/test/results/influxd/default/lol_wild_rift_udp.pcap.out @@ -1,4 +1,4 @@ -general json_lines=30,json_bytes=25139,flow_src_total_bytes=251,flow_dst_total_bytes=1077 +general json_lines=30,json_bytes=25119,flow_src_total_bytes=251,flow_dst_total_bytes=1077 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/matter_onoff.pcapng.out b/test/results/influxd/default/matter_onoff.pcapng.out new file mode 100644 index 000000000..59fae70d3 --- /dev/null +++ b/test/results/influxd/default/matter_onoff.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=28,json_bytes=28103,flow_src_total_bytes=13317,flow_dst_total_bytes=3242 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=3 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=2,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=3,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/mismatching_hostname.pcap.out b/test/results/influxd/default/mismatching_hostname.pcap.out new file mode 100644 index 000000000..61c707978 --- /dev/null +++ b/test/results/influxd/default/mismatching_hostname.pcap.out @@ -0,0 +1,11 @@ +general json_lines=14,json_bytes=14139,flow_src_total_bytes=6859,flow_dst_total_bytes=26473 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=3,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=1,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/mpeg-dash.pcap.out b/test/results/influxd/default/mpeg-dash.pcap.out index 91f290a8c..3d445093c 100644 --- a/test/results/influxd/default/mpeg-dash.pcap.out +++ b/test/results/influxd/default/mpeg-dash.pcap.out @@ -1,4 +1,4 @@ -general json_lines=30,json_bytes=28565,flow_src_total_bytes=2220,flow_dst_total_bytes=1591 +general json_lines=30,json_bytes=28551,flow_src_total_bytes=2220,flow_dst_total_bytes=1591 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=13,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/mudfish.pcap.out b/test/results/influxd/default/mudfish.pcap.out index c2e15b8e1..f07618a54 100644 --- a/test/results/influxd/default/mudfish.pcap.out +++ b/test/results/influxd/default/mudfish.pcap.out @@ -1,4 +1,4 @@ -general json_lines=64,json_bytes=48488,flow_src_total_bytes=18,flow_dst_total_bytes=72814 +general json_lines=64,json_bytes=48490,flow_src_total_bytes=18,flow_dst_total_bytes=72814 events flow_new_count=11,flow_end_count=1,flow_idle_count=10,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=11,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=27,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=11 breed flow_breed_safe_count=0,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/naver.pcap.out b/test/results/influxd/default/naver.pcap.out index 6bfeb6c9d..9f24f0cfb 100644 --- a/test/results/influxd/default/naver.pcap.out +++ b/test/results/influxd/default/naver.pcap.out @@ -1,4 +1,4 @@ -general json_lines=30,json_bytes=26093,flow_src_total_bytes=1551,flow_dst_total_bytes=10972 +general json_lines=30,json_bytes=26099,flow_src_total_bytes=1551,flow_dst_total_bytes=10972 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=3,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/nest_log_sink.pcap.out b/test/results/influxd/default/nest_log_sink.pcap.out index 9f271c847..57d07bbc3 100644 --- a/test/results/influxd/default/nest_log_sink.pcap.out +++ b/test/results/influxd/default/nest_log_sink.pcap.out @@ -1,4 +1,4 @@ -general json_lines=167,json_bytes=148313,flow_src_total_bytes=55213,flow_dst_total_bytes=20167 +general json_lines=167,json_bytes=148279,flow_src_total_bytes=55213,flow_dst_total_bytes=20167 events flow_new_count=17,flow_end_count=12,flow_idle_count=5,flow_update_count=8,flow_analyse_count=10,flow_guessed_count=1,flow_detected_count=16,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=80,init_count=1,reconnect_count=0,shutdown_count=1,status_count=12,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=17 breed flow_breed_safe_count=0,flow_breed_acceptable_count=16,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/netease_games.pcapng.out b/test/results/influxd/default/netease_games.pcapng.out index b777cc619..57ff0575a 100644 --- a/test/results/influxd/default/netease_games.pcapng.out +++ b/test/results/influxd/default/netease_games.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=42,json_bytes=34275,flow_src_total_bytes=874,flow_dst_total_bytes=782 +general json_lines=42,json_bytes=34269,flow_src_total_bytes=874,flow_dst_total_bytes=782 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/netflix.pcap.out b/test/results/influxd/default/netflix.pcap.out index f8bee2b62..b8d19818b 100644 --- a/test/results/influxd/default/netflix.pcap.out +++ b/test/results/influxd/default/netflix.pcap.out @@ -1,4 +1,4 @@ -general json_lines=557,json_bytes=562420,flow_src_total_bytes=117204,flow_dst_total_bytes=768140 +general json_lines=557,json_bytes=562266,flow_src_total_bytes=117204,flow_dst_total_bytes=768140 events flow_new_count=61,flow_end_count=31,flow_idle_count=30,flow_update_count=9,flow_analyse_count=27,flow_guessed_count=1,flow_detected_count=60,flow_detection_update_count=69,flow_not_detected_count=0,flow_risky_count=31,packet_count=0,packet_flow_count=266,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=12,flow_state_finished=49 breed flow_breed_safe_count=0,flow_breed_acceptable_count=32,flow_breed_fun_count=28,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/nexon.pcapng.out b/test/results/influxd/default/nexon.pcapng.out index 1ad6349a3..40fc2d332 100644 --- a/test/results/influxd/default/nexon.pcapng.out +++ b/test/results/influxd/default/nexon.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=20,json_bytes=15479,flow_src_total_bytes=4489,flow_dst_total_bytes=1115 +general json_lines=20,json_bytes=15469,flow_src_total_bytes=4489,flow_dst_total_bytes=1115 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/nintendo.pcap.out b/test/results/influxd/default/nintendo.pcap.out index 85e6363a2..06727b9d6 100644 --- a/test/results/influxd/default/nintendo.pcap.out +++ b/test/results/influxd/default/nintendo.pcap.out @@ -1,4 +1,4 @@ -general json_lines=164,json_bytes=136859,flow_src_total_bytes=151475,flow_dst_total_bytes=137750 +general json_lines=164,json_bytes=136863,flow_src_total_bytes=151475,flow_dst_total_bytes=137750 events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=6,flow_detected_count=15,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=84,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=8,flow_state_finished=13 breed flow_breed_safe_count=1,flow_breed_acceptable_count=5,flow_breed_fun_count=9,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/ocs.pcap.out b/test/results/influxd/default/ocs.pcap.out index f3315b1d2..2658b5517 100644 --- a/test/results/influxd/default/ocs.pcap.out +++ b/test/results/influxd/default/ocs.pcap.out @@ -1,4 +1,4 @@ -general json_lines=139,json_bytes=114810,flow_src_total_bytes=12361,flow_dst_total_bytes=0 +general json_lines=139,json_bytes=114806,flow_src_total_bytes=12361,flow_dst_total_bytes=0 events flow_new_count=20,flow_end_count=5,flow_idle_count=15,flow_update_count=7,flow_analyse_count=2,flow_guessed_count=2,flow_detected_count=18,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=9,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=18,flow_state_finished=2 breed flow_breed_safe_count=2,flow_breed_acceptable_count=12,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/ocsp.pcapng.out b/test/results/influxd/default/ocsp.pcapng.out index 45c99ef6c..7ee482c98 100644 --- a/test/results/influxd/default/ocsp.pcapng.out +++ b/test/results/influxd/default/ocsp.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=94,json_bytes=87776,flow_src_total_bytes=6995,flow_dst_total_bytes=26118 +general json_lines=94,json_bytes=87797,flow_src_total_bytes=6995,flow_dst_total_bytes=26118 events flow_new_count=10,flow_end_count=10,flow_idle_count=0,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=10 breed flow_breed_safe_count=9,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/openvpn.pcap.out b/test/results/influxd/default/openvpn.pcap.out index 8d6f909ae..e2ebce463 100644 --- a/test/results/influxd/default/openvpn.pcap.out +++ b/test/results/influxd/default/openvpn.pcap.out @@ -1,4 +1,4 @@ -general json_lines=96,json_bytes=91694,flow_src_total_bytes=49021,flow_dst_total_bytes=52809 +general json_lines=96,json_bytes=91688,flow_src_total_bytes=49021,flow_dst_total_bytes=52809 events flow_new_count=10,flow_end_count=1,flow_idle_count=9,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=10 breed flow_breed_safe_count=0,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/openvpn_nohmac.pcapng.out b/test/results/influxd/default/openvpn_nohmac.pcapng.out index 78a45ba9b..1426bbc28 100644 --- a/test/results/influxd/default/openvpn_nohmac.pcapng.out +++ b/test/results/influxd/default/openvpn_nohmac.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=13,json_bytes=11196,flow_src_total_bytes=113447,flow_dst_total_bytes=150832 +general json_lines=13,json_bytes=11188,flow_src_total_bytes=113447,flow_dst_total_bytes=150832 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/paltalk.pcapng.out b/test/results/influxd/default/paltalk.pcapng.out index f776ef984..6ecaff279 100644 --- a/test/results/influxd/default/paltalk.pcapng.out +++ b/test/results/influxd/default/paltalk.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=33,json_bytes=26120,flow_src_total_bytes=1047,flow_dst_total_bytes=1460 +general json_lines=33,json_bytes=26131,flow_src_total_bytes=1047,flow_dst_total_bytes=1460 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/pinterest.pcap.out b/test/results/influxd/default/pinterest.pcap.out index 73155f33c..f0cd24c36 100644 --- a/test/results/influxd/default/pinterest.pcap.out +++ b/test/results/influxd/default/pinterest.pcap.out @@ -1,4 +1,4 @@ -general json_lines=295,json_bytes=296022,flow_src_total_bytes=30054,flow_dst_total_bytes=337815 +general json_lines=295,json_bytes=296018,flow_src_total_bytes=30054,flow_dst_total_bytes=337815 events flow_new_count=37,flow_end_count=5,flow_idle_count=32,flow_update_count=0,flow_analyse_count=13,flow_guessed_count=16,flow_detected_count=21,flow_detection_update_count=31,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=137,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=24,flow_state_finished=13 breed flow_breed_safe_count=3,flow_breed_acceptable_count=5,flow_breed_fun_count=11,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/pluralsight.pcap.out b/test/results/influxd/default/pluralsight.pcap.out index 8141e3cf1..89ce036d5 100644 --- a/test/results/influxd/default/pluralsight.pcap.out +++ b/test/results/influxd/default/pluralsight.pcap.out @@ -1,4 +1,4 @@ -general json_lines=59,json_bytes=73866,flow_src_total_bytes=3540,flow_dst_total_bytes=23176 +general json_lines=59,json_bytes=73850,flow_src_total_bytes=3540,flow_dst_total_bytes=23176 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=28,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=6,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index a2d7f585e..9836ef01d 100644 --- a/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,11 +1,11 @@ -general json_lines=667,json_bytes=947214,flow_src_total_bytes=241650,flow_dst_total_bytes=0 -events flow_new_count=113,flow_end_count=0,flow_idle_count=113,flow_update_count=123,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=113,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=179,init_count=1,reconnect_count=0,shutdown_count=1,status_count=24,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=667,json_bytes=969999,flow_src_total_bytes=241650,flow_dst_total_bytes=0 +events flow_new_count=113,flow_end_count=0,flow_idle_count=113,flow_update_count=123,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=113,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=49,packet_count=0,packet_flow_count=179,init_count=1,reconnect_count=0,shutdown_count=1,status_count=24,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=113 breed flow_breed_safe_count=3,flow_breed_acceptable_count=72,flow_breed_fun_count=21,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=17,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=21,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=59,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=5,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=3,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=17,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=113,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=49,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=113,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=113,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=113,flow_detected_count=113,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=49,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/quic_interop_V.pcapng.out b/test/results/influxd/default/quic_interop_V.pcapng.out index c79f90882..7fe120451 100644 --- a/test/results/influxd/default/quic_interop_V.pcapng.out +++ b/test/results/influxd/default/quic_interop_V.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=471,json_bytes=631779,flow_src_total_bytes=229418,flow_dst_total_bytes=1702 +general json_lines=471,json_bytes=631717,flow_src_total_bytes=229418,flow_dst_total_bytes=1702 events flow_new_count=77,flow_end_count=0,flow_idle_count=77,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=77,flow_detection_update_count=30,flow_not_detected_count=0,flow_risky_count=58,packet_count=0,packet_flow_count=207,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=33,flow_state_finished=44 breed flow_breed_safe_count=0,flow_breed_acceptable_count=77,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/quic_sh.pcap.out b/test/results/influxd/default/quic_sh.pcap.out index 36fa2130c..3e49b3e46 100644 --- a/test/results/influxd/default/quic_sh.pcap.out +++ b/test/results/influxd/default/quic_sh.pcap.out @@ -1,4 +1,4 @@ -general json_lines=27,json_bytes=27189,flow_src_total_bytes=4124,flow_dst_total_bytes=16771 +general json_lines=27,json_bytes=27199,flow_src_total_bytes=4124,flow_dst_total_bytes=16771 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/quic_t51.pcap.out b/test/results/influxd/default/quic_t51.pcap.out index a2b2c42a0..b2fd98e84 100644 --- a/test/results/influxd/default/quic_t51.pcap.out +++ b/test/results/influxd/default/quic_t51.pcap.out @@ -1,11 +1,11 @@ -general json_lines=11,json_bytes=17054,flow_src_total_bytes=2888,flow_dst_total_bytes=5904 -events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=11,json_bytes=17348,flow_src_total_bytes=2888,flow_dst_total_bytes=5904 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=1,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/quickplay.pcap.out b/test/results/influxd/default/quickplay.pcap.out index 36a9acd91..3707556ba 100644 --- a/test/results/influxd/default/quickplay.pcap.out +++ b/test/results/influxd/default/quickplay.pcap.out @@ -1,11 +1,11 @@ -general json_lines=139,json_bytes=163455,flow_src_total_bytes=37682,flow_dst_total_bytes=58185 -events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=21,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=68,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=140,json_bytes=164920,flow_src_total_bytes=37682,flow_dst_total_bytes=58185 +events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=21,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=68,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=8,flow_state_finished=13 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=20,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=3,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=11,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=3,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=11,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=13,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=13,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=21,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=21,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=21,flow_detected_count=21,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=9,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=4,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=9,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=1,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=4,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/reddit.pcap.out b/test/results/influxd/default/reddit.pcap.out index 6b5168e70..6ad17e16e 100644 --- a/test/results/influxd/default/reddit.pcap.out +++ b/test/results/influxd/default/reddit.pcap.out @@ -1,11 +1,11 @@ -general json_lines=582,json_bytes=567198,flow_src_total_bytes=64920,flow_dst_total_bytes=481968 -events flow_new_count=60,flow_end_count=23,flow_idle_count=37,flow_update_count=0,flow_analyse_count=17,flow_guessed_count=1,flow_detected_count=59,flow_detection_update_count=84,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=298,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=583,json_bytes=567830,flow_src_total_bytes=64920,flow_dst_total_bytes=481968 +events flow_new_count=60,flow_end_count=23,flow_idle_count=37,flow_update_count=0,flow_analyse_count=17,flow_guessed_count=1,flow_detected_count=59,flow_detection_update_count=85,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=298,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=43,flow_state_finished=17 breed flow_breed_safe_count=6,flow_breed_acceptable_count=14,flow_breed_fun_count=26,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=13,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=3,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=20,flow_category_social_network_count=23,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=13,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=59,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=2,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=60,flow_l3_other_count=0 layer4 flow_l4_tcp_count=60,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=60,flow_detected_count=59,flow_guessed_count=1,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=2,flow_risk_40_count=2,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=1,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/riot.pcapng.out b/test/results/influxd/default/riot.pcapng.out index e931cb18b..a622c7f78 100644 --- a/test/results/influxd/default/riot.pcapng.out +++ b/test/results/influxd/default/riot.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=17,json_bytes=24145,flow_src_total_bytes=8202,flow_dst_total_bytes=0 +general json_lines=17,json_bytes=24143,flow_src_total_bytes=8202,flow_dst_total_bytes=0 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/ripe_atlas.pcap.out b/test/results/influxd/default/ripe_atlas.pcap.out index 616ebf381..f4429d8b3 100644 --- a/test/results/influxd/default/ripe_atlas.pcap.out +++ b/test/results/influxd/default/ripe_atlas.pcap.out @@ -1,4 +1,4 @@ -general json_lines=35,json_bytes=28468,flow_src_total_bytes=175,flow_dst_total_bytes=0 +general json_lines=35,json_bytes=28470,flow_src_total_bytes=175,flow_dst_total_bytes=0 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/rmcp.pcap.out b/test/results/influxd/default/rmcp.pcap.out index 51675f7db..1e3864b0b 100644 --- a/test/results/influxd/default/rmcp.pcap.out +++ b/test/results/influxd/default/rmcp.pcap.out @@ -1,4 +1,4 @@ -general json_lines=29,json_bytes=23177,flow_src_total_bytes=116,flow_dst_total_bytes=0 +general json_lines=29,json_bytes=23173,flow_src_total_bytes=116,flow_dst_total_bytes=0 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=6 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/rockstar_games.pcapng.out b/test/results/influxd/default/rockstar_games.pcapng.out index b0a028199..00e5dd736 100644 --- a/test/results/influxd/default/rockstar_games.pcapng.out +++ b/test/results/influxd/default/rockstar_games.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=41,json_bytes=37390,flow_src_total_bytes=2169,flow_dst_total_bytes=5443 +general json_lines=41,json_bytes=37396,flow_src_total_bytes=2169,flow_dst_total_bytes=5443 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/signal.pcap.out b/test/results/influxd/default/signal.pcap.out index 0a804d088..00b525641 100644 --- a/test/results/influxd/default/signal.pcap.out +++ b/test/results/influxd/default/signal.pcap.out @@ -1,4 +1,4 @@ -general json_lines=173,json_bytes=160587,flow_src_total_bytes=219449,flow_dst_total_bytes=54393 +general json_lines=173,json_bytes=160550,flow_src_total_bytes=219449,flow_dst_total_bytes=54393 events flow_new_count=19,flow_end_count=9,flow_idle_count=10,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=19,flow_detection_update_count=25,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=84,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=9,flow_state_finished=10 breed flow_breed_safe_count=3,flow_breed_acceptable_count=14,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/sites.pcapng.out b/test/results/influxd/default/sites.pcapng.out index 41d877dc2..02c0e97fc 100644 --- a/test/results/influxd/default/sites.pcapng.out +++ b/test/results/influxd/default/sites.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=625,json_bytes=661720,flow_src_total_bytes=77223,flow_dst_total_bytes=365096 +general json_lines=625,json_bytes=661845,flow_src_total_bytes=77223,flow_dst_total_bytes=365096 events flow_new_count=72,flow_end_count=10,flow_idle_count=62,flow_update_count=1,flow_analyse_count=3,flow_guessed_count=4,flow_detected_count=68,flow_detection_update_count=65,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=311,init_count=1,reconnect_count=0,shutdown_count=1,status_count=27,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=64,flow_state_finished=8 breed flow_breed_safe_count=11,flow_breed_acceptable_count=24,flow_breed_fun_count=32,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=1,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/sites2.pcapng.out b/test/results/influxd/default/sites2.pcapng.out index 26292680c..7927925be 100644 --- a/test/results/influxd/default/sites2.pcapng.out +++ b/test/results/influxd/default/sites2.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=49,json_bytes=42531,flow_src_total_bytes=4931,flow_dst_total_bytes=12452 +general json_lines=49,json_bytes=42542,flow_src_total_bytes=4931,flow_dst_total_bytes=12452 events flow_new_count=5,flow_end_count=1,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=24,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=1,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=3,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=1,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=3,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=1,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sites3.pcapng.out b/test/results/influxd/default/sites3.pcapng.out index b735faf7a..148fbf999 100644 --- a/test/results/influxd/default/sites3.pcapng.out +++ b/test/results/influxd/default/sites3.pcapng.out @@ -1,11 +1,11 @@ -general json_lines=32,json_bytes=35526,flow_src_total_bytes=18386,flow_dst_total_bytes=67079 -events flow_new_count=3,flow_end_count=3,flow_idle_count=0,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=1,flow_state_finished=2 -breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=1,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +general json_lines=42,json_bytes=45969,flow_src_total_bytes=20455,flow_dst_total_bytes=72868 +events flow_new_count=4,flow_end_count=3,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=2,flow_state_finished=2 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=2,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=4,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=4,flow_detected_count=4,flow_guessed_count=0,flow_not_detected_count=0 risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/snapchat_call.pcapng.out b/test/results/influxd/default/snapchat_call.pcapng.out index fc6c3e44e..be22d0594 100644 --- a/test/results/influxd/default/snapchat_call.pcapng.out +++ b/test/results/influxd/default/snapchat_call.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=13,json_bytes=19499,flow_src_total_bytes=4245,flow_dst_total_bytes=6427 +general json_lines=13,json_bytes=19491,flow_src_total_bytes=4245,flow_dst_total_bytes=6427 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/snapchat_call_v1.pcapng.out b/test/results/influxd/default/snapchat_call_v1.pcapng.out index 60a2cddda..e375e2ab3 100644 --- a/test/results/influxd/default/snapchat_call_v1.pcapng.out +++ b/test/results/influxd/default/snapchat_call_v1.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=13,json_bytes=18770,flow_src_total_bytes=337357,flow_dst_total_bytes=7923 +general json_lines=13,json_bytes=18762,flow_src_total_bytes=337357,flow_dst_total_bytes=7923 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/snmp.pcap.out b/test/results/influxd/default/snmp.pcap.out index a8281b3dd..10c695807 100644 --- a/test/results/influxd/default/snmp.pcap.out +++ b/test/results/influxd/default/snmp.pcap.out @@ -1,4 +1,4 @@ -general json_lines=137,json_bytes=113942,flow_src_total_bytes=7241,flow_dst_total_bytes=4130 +general json_lines=137,json_bytes=113914,flow_src_total_bytes=7241,flow_dst_total_bytes=4130 events flow_new_count=17,flow_end_count=0,flow_idle_count=17,flow_update_count=10,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=15 breed flow_breed_safe_count=0,flow_breed_acceptable_count=17,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/soap.pcap.out b/test/results/influxd/default/soap.pcap.out index 3dd50b6d1..3b90cce9c 100644 --- a/test/results/influxd/default/soap.pcap.out +++ b/test/results/influxd/default/soap.pcap.out @@ -1,4 +1,4 @@ -general json_lines=24,json_bytes=28432,flow_src_total_bytes=8109,flow_dst_total_bytes=1637 +general json_lines=24,json_bytes=28436,flow_src_total_bytes=8109,flow_dst_total_bytes=1637 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/srvloc-v1.pcapng.out b/test/results/influxd/default/srvloc-v1.pcapng.out index eb0750f34..d2dc7b8af 100644 --- a/test/results/influxd/default/srvloc-v1.pcapng.out +++ b/test/results/influxd/default/srvloc-v1.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=11,json_bytes=9334,flow_src_total_bytes=406,flow_dst_total_bytes=0 +general json_lines=11,json_bytes=9336,flow_src_total_bytes=406,flow_dst_total_bytes=0 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/srvloc.pcap.out b/test/results/influxd/default/srvloc.pcap.out index d22faf348..e02c9cc08 100644 --- a/test/results/influxd/default/srvloc.pcap.out +++ b/test/results/influxd/default/srvloc.pcap.out @@ -1,4 +1,4 @@ -general json_lines=3001,json_bytes=2512361,flow_src_total_bytes=30707,flow_dst_total_bytes=0 +general json_lines=3001,json_bytes=2512329,flow_src_total_bytes=30707,flow_dst_total_bytes=0 events flow_new_count=621,flow_end_count=0,flow_idle_count=621,flow_update_count=103,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=621,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=629,init_count=1,reconnect_count=0,shutdown_count=1,status_count=404,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=621 breed flow_breed_safe_count=0,flow_breed_acceptable_count=621,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/steam.pcapng.out b/test/results/influxd/default/steam.pcapng.out index 2c8eab00a..a0c9904ec 100644 --- a/test/results/influxd/default/steam.pcapng.out +++ b/test/results/influxd/default/steam.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=59,json_bytes=51184,flow_src_total_bytes=5134,flow_dst_total_bytes=4588 +general json_lines=59,json_bytes=51192,flow_src_total_bytes=5134,flow_dst_total_bytes=4588 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/stun_signal.pcapng.out b/test/results/influxd/default/stun_signal.pcapng.out index 8b0a2c3fb..b2cd47b8a 100644 --- a/test/results/influxd/default/stun_signal.pcapng.out +++ b/test/results/influxd/default/stun_signal.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=220,json_bytes=177427,flow_src_total_bytes=13408,flow_dst_total_bytes=16192 +general json_lines=220,json_bytes=177301,flow_src_total_bytes=13408,flow_dst_total_bytes=16192 events flow_new_count=23,flow_end_count=0,flow_idle_count=23,flow_update_count=15,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=23,flow_detection_update_count=17,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=113,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=20 breed flow_breed_safe_count=0,flow_breed_acceptable_count=23,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/tailscale.pcap.out b/test/results/influxd/default/tailscale.pcap.out index 9c400edab..bf8c2437b 100644 --- a/test/results/influxd/default/tailscale.pcap.out +++ b/test/results/influxd/default/tailscale.pcap.out @@ -1,4 +1,4 @@ -general json_lines=12,json_bytes=10574,flow_src_total_bytes=5700,flow_dst_total_bytes=6322 +general json_lines=12,json_bytes=10568,flow_src_total_bytes=5700,flow_dst_total_bytes=6322 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/telegram_videocall.pcapng.out b/test/results/influxd/default/telegram_videocall.pcapng.out index 05acb79d6..ce2b03bfe 100644 --- a/test/results/influxd/default/telegram_videocall.pcapng.out +++ b/test/results/influxd/default/telegram_videocall.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=258,json_bytes=214644,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 +general json_lines=258,json_bytes=214636,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 events flow_new_count=34,flow_end_count=6,flow_idle_count=28,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=2,flow_detected_count=32,flow_detection_update_count=14,flow_not_detected_count=0,flow_risky_count=12,packet_count=0,packet_flow_count=134,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=14,flow_state_finished=20 breed flow_breed_safe_count=1,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/telnet.pcap.out b/test/results/influxd/default/telnet.pcap.out index d5583b429..2a1fc77f0 100644 --- a/test/results/influxd/default/telnet.pcap.out +++ b/test/results/influxd/default/telnet.pcap.out @@ -1,11 +1,11 @@ -general json_lines=14,json_bytes=12489,flow_src_total_bytes=289,flow_dst_total_bytes=1371 -events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=3,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +general json_lines=43,json_bytes=44750,flow_src_total_bytes=336,flow_dst_total_bytes=2786 +events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=21,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=2 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=2,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=2,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=2,flow_detected_count=2,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=8,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=3,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/tls_certificate_too_long.pcap.out b/test/results/influxd/default/tls_certificate_too_long.pcap.out index 911db8cc6..4dc3b3499 100644 --- a/test/results/influxd/default/tls_certificate_too_long.pcap.out +++ b/test/results/influxd/default/tls_certificate_too_long.pcap.out @@ -1,4 +1,4 @@ -general json_lines=250,json_bytes=252922,flow_src_total_bytes=37396,flow_dst_total_bytes=58312 +general json_lines=250,json_bytes=252920,flow_src_total_bytes=37396,flow_dst_total_bytes=58312 events flow_new_count=35,flow_end_count=11,flow_idle_count=24,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=33,flow_detection_update_count=24,flow_not_detected_count=1,flow_risky_count=11,packet_count=0,packet_flow_count=116,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=13,flow_state_finished=22 breed flow_breed_safe_count=4,flow_breed_acceptable_count=29,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/tls_long_cert.pcap.out b/test/results/influxd/default/tls_long_cert.pcap.out index 215895de4..0fd41d0ef 100644 --- a/test/results/influxd/default/tls_long_cert.pcap.out +++ b/test/results/influxd/default/tls_long_cert.pcap.out @@ -1,4 +1,4 @@ -general json_lines=14,json_bytes=15086,flow_src_total_bytes=2858,flow_dst_total_bytes=102711 +general json_lines=14,json_bytes=15091,flow_src_total_bytes=2858,flow_dst_total_bytes=102711 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out index 5092fdd62..fd2626d3f 100644 --- a/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=13,json_bytes=12561,flow_src_total_bytes=5427,flow_dst_total_bytes=517 +general json_lines=13,json_bytes=12549,flow_src_total_bytes=5427,flow_dst_total_bytes=517 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/tumblr.pcap.out b/test/results/influxd/default/tumblr.pcap.out index 1e769e435..76a2ce629 100644 --- a/test/results/influxd/default/tumblr.pcap.out +++ b/test/results/influxd/default/tumblr.pcap.out @@ -1,6 +1,6 @@ -general json_lines=314,json_bytes=268572,flow_src_total_bytes=19532,flow_dst_total_bytes=275102 +general json_lines=314,json_bytes=268564,flow_src_total_bytes=19532,flow_dst_total_bytes=275102 events flow_new_count=47,flow_end_count=1,flow_idle_count=46,flow_update_count=0,flow_analyse_count=9,flow_guessed_count=28,flow_detected_count=19,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=151,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=37,flow_state_finished=10 +state flow_state_info=38,flow_state_finished=9 breed flow_breed_safe_count=13,flow_breed_acceptable_count=2,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=15,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=19,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 diff --git a/test/results/influxd/default/viber.pcap.out b/test/results/influxd/default/viber.pcap.out index e62c59615..9946915ba 100644 --- a/test/results/influxd/default/viber.pcap.out +++ b/test/results/influxd/default/viber.pcap.out @@ -1,4 +1,4 @@ -general json_lines=231,json_bytes=195639,flow_src_total_bytes=26457,flow_dst_total_bytes=101364 +general json_lines=231,json_bytes=195636,flow_src_total_bytes=26457,flow_dst_total_bytes=101364 events flow_new_count=30,flow_end_count=6,flow_idle_count=24,flow_update_count=4,flow_analyse_count=4,flow_guessed_count=4,flow_detected_count=26,flow_detection_update_count=19,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=107,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=8,flow_state_finished=22 breed flow_breed_safe_count=4,flow_breed_acceptable_count=13,flow_breed_fun_count=9,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/waze.pcap.out b/test/results/influxd/default/waze.pcap.out index cd36b6e47..92e96e2ec 100644 --- a/test/results/influxd/default/waze.pcap.out +++ b/test/results/influxd/default/waze.pcap.out @@ -1,4 +1,4 @@ -general json_lines=282,json_bytes=229781,flow_src_total_bytes=19999,flow_dst_total_bytes=306184 +general json_lines=282,json_bytes=229755,flow_src_total_bytes=19999,flow_dst_total_bytes=306184 events flow_new_count=33,flow_end_count=30,flow_idle_count=3,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=9,flow_detected_count=23,flow_detection_update_count=22,flow_not_detected_count=1,flow_risky_count=14,packet_count=0,packet_flow_count=153,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=19,flow_state_finished=14 breed flow_breed_safe_count=13,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/webex.pcap.out b/test/results/influxd/default/webex.pcap.out index c3855a167..bd62aa0ef 100644 --- a/test/results/influxd/default/webex.pcap.out +++ b/test/results/influxd/default/webex.pcap.out @@ -1,4 +1,4 @@ -general json_lines=500,json_bytes=425084,flow_src_total_bytes=67701,flow_dst_total_bytes=426653 +general json_lines=500,json_bytes=425077,flow_src_total_bytes=67701,flow_dst_total_bytes=426653 events flow_new_count=57,flow_end_count=45,flow_idle_count=12,flow_update_count=2,flow_analyse_count=6,flow_guessed_count=4,flow_detected_count=53,flow_detection_update_count=39,flow_not_detected_count=0,flow_risky_count=51,packet_count=0,packet_flow_count=279,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=47,flow_state_finished=10 breed flow_breed_safe_count=45,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/wechat.pcap.out b/test/results/influxd/default/wechat.pcap.out index 2887754f7..676eedf65 100644 --- a/test/results/influxd/default/wechat.pcap.out +++ b/test/results/influxd/default/wechat.pcap.out @@ -1,4 +1,4 @@ -general json_lines=883,json_bytes=770847,flow_src_total_bytes=184490,flow_dst_total_bytes=376782 +general json_lines=883,json_bytes=770851,flow_src_total_bytes=184490,flow_dst_total_bytes=376782 events flow_new_count=109,flow_end_count=52,flow_idle_count=57,flow_update_count=77,flow_analyse_count=17,flow_guessed_count=25,flow_detected_count=84,flow_detection_update_count=64,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=394,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=59,flow_state_finished=50 breed flow_breed_safe_count=6,flow_breed_acceptable_count=49,flow_breed_fun_count=27,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/weibo.pcap.out b/test/results/influxd/default/weibo.pcap.out index cb6844984..546f681bc 100644 --- a/test/results/influxd/default/weibo.pcap.out +++ b/test/results/influxd/default/weibo.pcap.out @@ -1,4 +1,4 @@ -general json_lines=267,json_bytes=223165,flow_src_total_bytes=9449,flow_dst_total_bytes=225426 +general json_lines=267,json_bytes=223163,flow_src_total_bytes=9449,flow_dst_total_bytes=225426 events flow_new_count=44,flow_end_count=1,flow_idle_count=43,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=21,flow_detected_count=23,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=117,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=27,flow_state_finished=17 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=10,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/whatsapp_login_call.pcap.out b/test/results/influxd/default/whatsapp_login_call.pcap.out index f4091df6e..c6b29db62 100644 --- a/test/results/influxd/default/whatsapp_login_call.pcap.out +++ b/test/results/influxd/default/whatsapp_login_call.pcap.out @@ -1,6 +1,6 @@ -general json_lines=464,json_bytes=383702,flow_src_total_bytes=81240,flow_dst_total_bytes=51420 +general json_lines=464,json_bytes=383700,flow_src_total_bytes=81240,flow_dst_total_bytes=51420 events flow_new_count=57,flow_end_count=24,flow_idle_count=33,flow_update_count=45,flow_analyse_count=6,flow_guessed_count=20,flow_detected_count=37,flow_detection_update_count=13,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=226,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=34,flow_state_finished=23 +state flow_state_info=35,flow_state_finished=22 breed flow_breed_safe_count=5,flow_breed_acceptable_count=31,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=2,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=33,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 diff --git a/test/results/influxd/default/whatsapp_login_chat.pcap.out b/test/results/influxd/default/whatsapp_login_chat.pcap.out index 0f30ec413..3a43558f6 100644 --- a/test/results/influxd/default/whatsapp_login_chat.pcap.out +++ b/test/results/influxd/default/whatsapp_login_chat.pcap.out @@ -1,4 +1,4 @@ -general json_lines=60,json_bytes=56657,flow_src_total_bytes=19160,flow_dst_total_bytes=5639 +general json_lines=60,json_bytes=56653,flow_src_total_bytes=19160,flow_dst_total_bytes=5639 events flow_new_count=9,flow_end_count=2,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=27,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=7 breed flow_breed_safe_count=2,flow_breed_acceptable_count=6,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/windowsupdate_over_http.pcap.out b/test/results/influxd/default/windowsupdate_over_http.pcap.out index fcabdd9a4..82fa5034c 100644 --- a/test/results/influxd/default/windowsupdate_over_http.pcap.out +++ b/test/results/influxd/default/windowsupdate_over_http.pcap.out @@ -1,11 +1,11 @@ -general json_lines=11,json_bytes=9953,flow_src_total_bytes=479,flow_dst_total_bytes=14400 -events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=10,json_bytes=8163,flow_src_total_bytes=479,flow_dst_total_bytes=14400 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=1,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/xiaomi.pcap.out b/test/results/influxd/default/xiaomi.pcap.out index 7543a373b..09f6892fd 100644 --- a/test/results/influxd/default/xiaomi.pcap.out +++ b/test/results/influxd/default/xiaomi.pcap.out @@ -1,4 +1,4 @@ -general json_lines=58,json_bytes=50035,flow_src_total_bytes=3913,flow_dst_total_bytes=4078 +general json_lines=58,json_bytes=50027,flow_src_total_bytes=3913,flow_dst_total_bytes=4078 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/zoom.pcap.out b/test/results/influxd/default/zoom.pcap.out index b986ed45f..4c77f2622 100644 --- a/test/results/influxd/default/zoom.pcap.out +++ b/test/results/influxd/default/zoom.pcap.out @@ -1,6 +1,6 @@ -general json_lines=314,json_bytes=241150,flow_src_total_bytes=69672,flow_dst_total_bytes=259806 +general json_lines=314,json_bytes=241125,flow_src_total_bytes=69672,flow_dst_total_bytes=259806 events flow_new_count=33,flow_end_count=6,flow_idle_count=27,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=2,flow_detected_count=31,flow_detection_update_count=23,flow_not_detected_count=0,flow_risky_count=8,packet_count=35,packet_flow_count=115,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=12,flow_state_finished=21 +state flow_state_info=13,flow_state_finished=20 breed flow_breed_safe_count=3,flow_breed_acceptable_count=27,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=11,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=14,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=31,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 diff --git a/test/results/influxd/disable_protocols/pluralsight.pcap.out b/test/results/influxd/disable_protocols/pluralsight.pcap.out index 479521b4e..6a53a40e3 100644 --- a/test/results/influxd/disable_protocols/pluralsight.pcap.out +++ b/test/results/influxd/disable_protocols/pluralsight.pcap.out @@ -1,4 +1,4 @@ -general json_lines=59,json_bytes=74456,flow_src_total_bytes=3540,flow_dst_total_bytes=23176 +general json_lines=59,json_bytes=74440,flow_src_total_bytes=3540,flow_dst_total_bytes=23176 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=28,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=6,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/disable_protocols/soap.pcap.out b/test/results/influxd/disable_protocols/soap.pcap.out index 5a6c37023..0bd2a47db 100644 --- a/test/results/influxd/disable_protocols/soap.pcap.out +++ b/test/results/influxd/disable_protocols/soap.pcap.out @@ -1,4 +1,4 @@ -general json_lines=24,json_bytes=28672,flow_src_total_bytes=8109,flow_dst_total_bytes=1637 +general json_lines=24,json_bytes=28676,flow_src_total_bytes=8109,flow_dst_total_bytes=1637 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/disable_use_client_port/iphone.pcap.out b/test/results/influxd/disable_use_client_port/iphone.pcap.out index 3bb6e35cf..9ae376e68 100644 --- a/test/results/influxd/disable_use_client_port/iphone.pcap.out +++ b/test/results/influxd/disable_use_client_port/iphone.pcap.out @@ -1,4 +1,4 @@ -general json_lines=356,json_bytes=332482,flow_src_total_bytes=99351,flow_dst_total_bytes=91009 +general json_lines=356,json_bytes=332498,flow_src_total_bytes=99351,flow_dst_total_bytes=91009 events flow_new_count=51,flow_end_count=3,flow_idle_count=48,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=50,flow_detection_update_count=40,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=156,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=13,flow_state_finished=38 breed flow_breed_safe_count=8,flow_breed_acceptable_count=39,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/enable_payload_stat/1kxun.pcap.out b/test/results/influxd/enable_payload_stat/1kxun.pcap.out index ca2ebee5a..b790a8b20 100644 --- a/test/results/influxd/enable_payload_stat/1kxun.pcap.out +++ b/test/results/influxd/enable_payload_stat/1kxun.pcap.out @@ -1,4 +1,4 @@ -general json_lines=1287,json_bytes=1554276,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +general json_lines=1287,json_bytes=1554322,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=17,flow_not_detected_count=9,flow_risky_count=24,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=26,flow_state_finished=171 breed flow_breed_safe_count=7,flow_breed_acceptable_count=122,flow_breed_fun_count=49,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/flow_risk_infos_disabled/http_invalid_server.pcap.out b/test/results/influxd/flow_risk_infos_disabled/http_invalid_server.pcap.out index 01bd25ca6..b2f2a6bf8 100644 --- a/test/results/influxd/flow_risk_infos_disabled/http_invalid_server.pcap.out +++ b/test/results/influxd/flow_risk_infos_disabled/http_invalid_server.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=10135,flow_src_total_bytes=82,flow_dst_total_bytes=407 +general json_lines=12,json_bytes=10143,flow_src_total_bytes=82,flow_dst_total_bytes=407 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/fpc/1kxun.pcap.out b/test/results/influxd/fpc/1kxun.pcap.out index b4236eab1..4abc07453 100644 --- a/test/results/influxd/fpc/1kxun.pcap.out +++ b/test/results/influxd/fpc/1kxun.pcap.out @@ -1,4 +1,4 @@ -general json_lines=1287,json_bytes=1533684,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +general json_lines=1287,json_bytes=1533730,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=17,flow_not_detected_count=9,flow_risky_count=24,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=26,flow_state_finished=171 breed flow_breed_safe_count=7,flow_breed_acceptable_count=122,flow_breed_fun_count=49,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/influxd/guess_ip_before_port_enabled/1kxun.pcap.out index fc74af727..1b31ab83d 100644 --- a/test/results/influxd/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/influxd/guess_ip_before_port_enabled/1kxun.pcap.out @@ -1,4 +1,4 @@ -general json_lines=1287,json_bytes=1565859,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +general json_lines=1287,json_bytes=1565905,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=17,flow_not_detected_count=9,flow_risky_count=24,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=26,flow_state_finished=171 breed flow_breed_safe_count=7,flow_breed_acceptable_count=122,flow_breed_fun_count=49,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/guessing_disable/webex.pcap.out b/test/results/influxd/guessing_disable/webex.pcap.out index 2d684fadd..916646aa6 100644 --- a/test/results/influxd/guessing_disable/webex.pcap.out +++ b/test/results/influxd/guessing_disable/webex.pcap.out @@ -1,4 +1,4 @@ -general json_lines=500,json_bytes=429584,flow_src_total_bytes=67701,flow_dst_total_bytes=426653 +general json_lines=500,json_bytes=429577,flow_src_total_bytes=67701,flow_dst_total_bytes=426653 events flow_new_count=57,flow_end_count=45,flow_idle_count=12,flow_update_count=2,flow_analyse_count=6,flow_guessed_count=4,flow_detected_count=53,flow_detection_update_count=39,flow_not_detected_count=0,flow_risky_count=51,packet_count=0,packet_flow_count=279,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=47,flow_state_finished=10 breed flow_breed_safe_count=45,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/hostname_dns_check/netflix.pcap.out b/test/results/influxd/hostname_dns_check/netflix.pcap.out index cf6c5fac2..b5291279e 100644 --- a/test/results/influxd/hostname_dns_check/netflix.pcap.out +++ b/test/results/influxd/hostname_dns_check/netflix.pcap.out @@ -1,4 +1,4 @@ -general json_lines=557,json_bytes=568547,flow_src_total_bytes=117204,flow_dst_total_bytes=768140 +general json_lines=557,json_bytes=568393,flow_src_total_bytes=117204,flow_dst_total_bytes=768140 events flow_new_count=61,flow_end_count=31,flow_idle_count=30,flow_update_count=9,flow_analyse_count=27,flow_guessed_count=1,flow_detected_count=60,flow_detection_update_count=69,flow_not_detected_count=0,flow_risky_count=31,packet_count=0,packet_flow_count=266,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=12,flow_state_finished=49 breed flow_breed_safe_count=0,flow_breed_acceptable_count=32,flow_breed_fun_count=28,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/ip_lists_disable/1kxun.pcap.out b/test/results/influxd/ip_lists_disable/1kxun.pcap.out index c19eccb3f..3599d7ace 100644 --- a/test/results/influxd/ip_lists_disable/1kxun.pcap.out +++ b/test/results/influxd/ip_lists_disable/1kxun.pcap.out @@ -1,4 +1,4 @@ -general json_lines=1287,json_bytes=1550415,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +general json_lines=1287,json_bytes=1550461,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=17,flow_not_detected_count=9,flow_risky_count=24,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=26,flow_state_finished=171 breed flow_breed_safe_count=7,flow_breed_acceptable_count=122,flow_breed_fun_count=49,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/monitoring/stun_signal.pcapng.out b/test/results/influxd/monitoring/stun_signal.pcapng.out index 3dd97b703..e67b53fc5 100644 --- a/test/results/influxd/monitoring/stun_signal.pcapng.out +++ b/test/results/influxd/monitoring/stun_signal.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=220,json_bytes=178087,flow_src_total_bytes=13408,flow_dst_total_bytes=16192 +general json_lines=220,json_bytes=177961,flow_src_total_bytes=13408,flow_dst_total_bytes=16192 events flow_new_count=23,flow_end_count=0,flow_idle_count=23,flow_update_count=15,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=23,flow_detection_update_count=17,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=113,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=20 breed flow_breed_safe_count=0,flow_breed_acceptable_count=23,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/monitoring/telegram_videocall.pcapng.out b/test/results/influxd/monitoring/telegram_videocall.pcapng.out index fe4339ace..5e15678e1 100644 --- a/test/results/influxd/monitoring/telegram_videocall.pcapng.out +++ b/test/results/influxd/monitoring/telegram_videocall.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=258,json_bytes=215418,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 +general json_lines=258,json_bytes=215410,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 events flow_new_count=34,flow_end_count=6,flow_idle_count=28,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=2,flow_detected_count=32,flow_detection_update_count=14,flow_not_detected_count=0,flow_risky_count=12,packet_count=0,packet_flow_count=134,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=14,flow_state_finished=20 breed flow_breed_safe_count=1,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/influxd/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index c9f966ccb..86923f0d1 100644 --- a/test/results/influxd/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/influxd/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=258,json_bytes=220578,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 +general json_lines=258,json_bytes=220570,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 events flow_new_count=34,flow_end_count=6,flow_idle_count=28,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=2,flow_detected_count=32,flow_detection_update_count=14,flow_not_detected_count=0,flow_risky_count=12,packet_count=0,packet_flow_count=134,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=14,flow_state_finished=20 breed flow_breed_safe_count=1,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/subclassification_disable/anydesk.pcapng.out b/test/results/influxd/subclassification_disable/anydesk.pcapng.out index 57286d0a6..c5738df8f 100644 --- a/test/results/influxd/subclassification_disable/anydesk.pcapng.out +++ b/test/results/influxd/subclassification_disable/anydesk.pcapng.out @@ -1,6 +1,6 @@ -general json_lines=66,json_bytes=67314,flow_src_total_bytes=19883,flow_dst_total_bytes=15955 +general json_lines=66,json_bytes=67310,flow_src_total_bytes=19883,flow_dst_total_bytes=15955 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=1,flow_state_finished=6 +state flow_state_info=2,flow_state_finished=5 breed flow_breed_safe_count=4,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 diff --git a/test/results/influxd/zoom_extra_dissection/zoom.pcap.out b/test/results/influxd/zoom_extra_dissection/zoom.pcap.out index 91768c7f9..04b7e8744 100644 --- a/test/results/influxd/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/influxd/zoom_extra_dissection/zoom.pcap.out @@ -1,6 +1,6 @@ -general json_lines=314,json_bytes=245546,flow_src_total_bytes=69672,flow_dst_total_bytes=259806 +general json_lines=314,json_bytes=245521,flow_src_total_bytes=69672,flow_dst_total_bytes=259806 events flow_new_count=33,flow_end_count=6,flow_idle_count=27,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=2,flow_detected_count=31,flow_detection_update_count=23,flow_not_detected_count=0,flow_risky_count=8,packet_count=35,packet_flow_count=115,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=12,flow_state_finished=21 +state flow_state_info=13,flow_state_finished=20 breed flow_breed_safe_count=3,flow_breed_acceptable_count=27,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=11,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=14,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_ai_count=0,flow_category_finance_count=0,flow_category_news_count=0,flow_category_sport_count=0,flow_category_business_count=0,flow_category_internet_count=0,flow_category_blockchain_count=0,flow_category_blog_count=0,flow_category_gov_count=0,flow_category_edu_count=0,flow_category_cdn_count=0,flow_category_hwsw_count=0,flow_category_dating_count=0,flow_category_travel_count=0,flow_category_food_count=0,flow_category_bots_count=0,flow_category_scanners_count=0,flow_category_hosting_count=0,flow_category_art_count=0,flow_category_fashion_count=0,flow_category_books_count=0,flow_category_science_count=0,flow_category_maps_count=0,flow_category_login_count=0,flow_category_legal_count=0,flow_category_envsrv_count=0,flow_category_culture_count=0,flow_category_housing_count=0,flow_category_telecom_count=0,flow_category_transport_count=0,flow_category_design_count=0,flow_category_employ_count=0,flow_category_events_count=0,flow_category_weather_count=0,flow_category_lifestyle_count=0,flow_category_real_count=0,flow_category_security_count=0,flow_category_env_count=0,flow_category_hobby_count=0,flow_category_comp_count=0,flow_category_const_count=0,flow_category_eng_count=0,flow_category_reli_count=0,flow_category_enter_count=0,flow_category_agri_count=0,flow_category_tech_count=0,flow_category_beauty_count=0,flow_category_history_count=0,flow_category_polit_count=0,flow_category_vehi_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=31,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 diff --git a/test/results/ip_lists_disable/1kxun.pcap.out b/test/results/ip_lists_disable/1kxun.pcap.out index b6ada6705..3cb79132f 100644 --- a/test/results/ip_lists_disable/1kxun.pcap.out +++ b/test/results/ip_lists_disable/1kxun.pcap.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -687,7 +687,7 @@ 01018{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}} 01155{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":12,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":690,"global_ts_usec":1654385119050609} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01506{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -959,7 +959,7 @@ 02881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1086,27 +1086,27 @@ 02517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120591,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPtAADcGHEesaXlSwKgCfgBQlawVUngs+Pyij4AQAOvjqQAAAQEICsmibePytblgupUqqNl16+S0Pz2Eh252smBlVkADDp1rpWh885p2i36jktrhwQI+Nu8uV5x\/h60qcXO6Whaq0m\/wsIFVFwkjNhQQQMHPpn\/PFJJrQFfmeliOSIMA0uQzNkgA8fSpst3ub05uLstkKkSu5ijB2\/xlx396cIq9lsE21Dmmx5ZI2YNtbGAV7nPb\/Gpm4x31OdNtJrQ6jwV8Evjb8R9Pk8Q\/Df4MeMNe09WKNf6J4Zu7uJTuClN8SFc7mAIzkZHrUKrGOqdmbrDYqrTvGDavul\/Wx2erfsMftuaR4bHjTU\/2Pfidb6Zgme\/k8E3oXjuw8vcB74xUyxEU9wjl+OjBydN26adTyy8muI3Nnd28sU8LssqSRlGjYcFGVuQQeMEAit\/atpHFCmqU5J6f5lbyQ6iQqzfNz8vFJR57Pc9KOIjFcm1ydIJAwyoXnJXGDnFdUaMr3OSc4u6TJoVMauCoyx4IHA+grX2WrdtTgqwUmrO5O2mEqZmDKY8HZtxuz6d6znSdrs51XcGkupWkhIlEJjlOBkBR3rmlJxZ0wqrl03HwxtuLxxBQo\/eB+\/FbUnJy0K57e63dsUSJHFskQb1PY\/55q4zUWJt3vHYYZopJhuiU54cdAaUpKUkxxhPl91jQ0rk7ZRwvRCeT\/SplJrbYrkUI3f4n66a74A1CbVbmRrmM5nJMbSHn6nHH1962WIVj8xeWTnUlJvq\/zMPUNHl01haX9oyMR8rZyGHYj29xU8zkrozqYd0nyyVjKvLSN0AeULt+5t7+3NbQ2TZyVaUXYxL\/AEh5GK+dyysAxj6e3HetVJLY86eHvJnO3trGsmY1O2Pk9Tu9smtlM4HTipWGuI2jjcF0KEoCsWcg9uen4CpuaOMOW4huYYoltyxORwpG3Pt+NBfMoqzILy7VpZmVlJ3qFbIwwI747g8cVpFmFRtN29CtNYzFGknI3Md25c4Ue5547Vakck8M9W\/kYuosXT7MVjXyT8ofO1h6\/T3rRGDcnKzWxRntp4GZrmIhvvIhByAQPXpSbuaJKO5Qni+0r5ogUKuCzDJGOvfr6U1I0hzXuZVxGHQtsbJUnOCce+Pyo5kdNN6mZeWiRgKkm9uvFS\/I7Kc5a3NH4cfCH4pfGLxJD4V+FPw71zxLfSvtS00XTpLghsZ+ZlBVB6liAK56tanSdpOx7OAy7H5jJU8LTcm+yPrT4Ff8EBv2wfiz9g1L4vahoXgDTbmQm6tr+X7bqUUY6MsEXyBjngNIMY5xXnVc1oxbUFfzP0HLPDzNaqi8RJU79NXK3ov80fQtt\/wTm\/4I6fsKRWg\/au+K1p4j1owF5U8V6xtjDRbS2yxs+QSSAI335GRzg1xPF42u\/cWnl\/mfVw4d4UyZJ4qSct\/edv8AyWN9eyZ9GfsO\/tofsjftC6D4o8JfsjeCbzw34c8FXVtbzXyeFI7CyuXmzs8mOP5t3B++oOOcYzjnq0atKV6j1fzPoMrzLLcxpOGCTUIeSSd\/Tr66nwh\/wWM\/4KyftM+DP2rtY\/Zv\/Zp+LmoeEtD8H2kVjrN3pVtEtzfam6b5iZmVmWNFeNF2bfmDHJ4x34HCUatPnqL0Pl+J+Icbgca8JhJ8vLpJ9b9bPyPzk8Z\/EHx98TfEL+Jvij471jxJqMhy99r2pS3coJOcbpWO3r2r14U4Q+FWPgMTi8VinzVJtvzZl3sQMarxuZec+h9K0aj0OSm3fU\/cr\/gk5e2n7VH\/AARuHwa1m4ine10PXvB1zGyZ8vAlMO4e0c0RH0FfL4mPssW35o\/ashq\/2hkEYS\/llD5WuvzPwcvLW5sh9ju1IuIGMcwIPDKdp\/UGvoU+aN0flUouFWUezIGXEYcxgkHkAcmn01KUtbXHRQyYdm3RYIGO7D0HvUq4cxoiP7GjXsRKSRoDGzAnKkcj8cVWzujmbVX3"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01103{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_usec":1654385181857708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 01871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1654385181897114,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_usec":1654385183491860,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01775{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01773{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_usec":1654385183495868,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01762{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01760{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_usec":1654385183496601,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01756{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01754{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183514792,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 01091{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183517888,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 02787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_usec":1654385183520039,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_usec":1654385183618295,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01795{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01793{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1654385183642352,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_usec":1654385184096708,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -02094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1654385184117986,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} 01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} @@ -1114,7 +1114,7 @@ 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385184139299,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_usec":1654385184174078,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01536{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01541{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385184282680,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184845262,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} @@ -1124,22 +1124,22 @@ 02052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1584,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00799{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1654385184927393,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} -01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1654385184928623,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1654385184938285,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1654385184942273,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184942885,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} 04408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184943456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184943456,"pkt":"nLbQ0+MztKXvZygQCABFAAtciZ0AAPgGVjwSQgJawKgCfgBQi1Aw2KNaFQTlKYAYAIPjEAAAAQEICjG9uf4hNwYeQbsg9lrR\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCBQQQQKCUoJSgl8UFMqwlOyqPJLvJdD+U1NwRaJQ9yFWVy9j1ThsgYSZISdQTt7l0aOvfT7dnp7HxLU284nmrcovuRmbDuSYNebaPA77D5r1NHcRbmk\/k\/UTXZeKaPTqRmff1hp2aMrV+EOMsYM9L0e0be9d+nq1vx6vxXifgO42Uzav3qe7AhwINvqWvS8SEAfEquFoA\/wTCUObxKBzaJEGEWuIuiMHMehQxCPN5qyC4I1VUYZfKeZsQwKpBY8y07j343HSyzvpVtHL2PC\/GNx4ff7s5r6w3\/ADHhlHmfLLMQoh33N5mO6g+C8rX0sxNZ7w\/d7zbaPieyjX0o7\/8AzDl0kT4pXxPbZzDykFeXMY4l+AvWa2ms94QGqhRMiMpmhET2TDRFcotAsgmaPK6spMItCqr3b5w64e1GKCOvxUOhpSQWR7OkH9gVLWfRPK\/kXW30V3O8+7p+kes\/8Q7Fl7AqWgpGQU8DIImjRrRa\/vWczl9n2Ww2+z0o0tCsVrHszFPE1gs1oAUOxUsEBBMBZAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEEqAgICAgICAgICClPTxSts9ov42Qx7tO4gZDw3HKVxlhbHMAeSeNtnA+amLYflfMHlLYeL6c9dcX9Jju4VnbK2J5aq+yrIi6F5+9zNHdd+grSJy+AeP+Wt74LrdOvX7s9rek\/wDVglbL88fNIEPoqRAlRCYylUpSuI8UWQ0soyJSdwpWqzWRMK+6OKB723jiNzpolYe14Nsf0jXzPaHR66rhwzDHzusA1tmjxVpnEZfvdxudPZbadSfTs5tX1UlbXyVUriS46LktOXy3ca9tzrTq39VC\/moUFECBUpwg33qqUbmymOwXTCIQv5pKS\/mmBEGzU9B7LV39gCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBBA7IIIJUEh2QS+KmBLZQPI9l0P5ShKVMJS9dUwslKhMTlVw6sqaGcTU0hY4HodCrVtNZzDfQ3Gpo26qThvmUs2Utc00tcGskdoQ4dx679HdRPFn67w7xnS1o+Hq8TP8JU81ZGpq5hq8GcI5j3jETo73L09Lc+lu3u5PFPLGnrxOrtOJ9v+HPq+lqaGpdT1kLopG9HDddsYtGYfhtbb6u3vNNWuJW7iBqkQzqXUYEL+ajCfREHQ3KnBga7QpgwA26oYA64RGEebS3ROEYdB4E4q909Rgs7+4Wl8YPQhcW6piOqH7nybvbTa+0tPE8wxHE6kZSZomDGBoeAbea8LXjF5w4PH9GNLeWiI7teYFi8RM0aIqnaEVyjbogi0IqmaPBFZdK4R5E7fs8YxaElpINPA4b\/viqXt6Q+qeSvJvxOnfb6vHetZ\/rP9nY8OomQsBcBzAaADRoWT7DWIrGIXjRdEooCCLeqCKAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBAQEBAQEBAQEBAAFrEXCDA5vy\/RYvhktLUwtkie3Yi5afEKYnDzvE\/C9t4ltrbfcVzE\/yeduIWVKzLGKGKQOfSyH7zNbQ+R81rE5h\/Nvmby1uPBdzNLRnTn8Nv8A56teBurPzMJUIxKHihhLdFoS+ajslAlMLVKaJ9RUNijF3PNgkNdLTte0Vj1dRyjhbMMw1senORd7lpEcPo3heyrttGK+vq1vPuKmsrvVYnfe4z06rDUtmcQ\/J+YfEZ3Ov8Gk\/dhgSbCw6LF4UcIX1QEECowmEQdLqUiK55E6U5R+pEpR1UcCF\/NMQPZyu\/sAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQSoCCVBKghZBIQgkI6qw8klbP5RSkeCJhIrJiUqrMJhKi2Uut7jceCJiWx5SzfV4W9sVSXTU48T3m\/Fb6evan0e54d41q7eem\/Nf5t65MBzfhtpQyRxGjxo9i9HQ3OOaT+T9RfT2Hi2l9\/n5+sNBzjkXE8F5qilBqqTcPbqR7wvU0d1TU47S\/EeK+W9zs5m9PvU94aoCLkG4I6FdGH5+PaT3KMJzkB3UYEA4oDXJgwc3RRBjhMD4KTDc+BFDJVZyM7bhlPG4uPwXJvLRGm\/T+T9tOr4h1+lYld8ai05kFt+TVfn9f8Tr80TE7vhpzQsH5lOwboqi0eCKpmjwQTMGiKtx4QZXON4t63Ux3pKZwuCNJHeCracP23kjy5\/2luvj60f4dJ\/jPs73hFKyCIEsANrNsNgsX3ytYrWKx2Xg1RZM3QICANUEyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQQOyCCDW8\/ZepcZwaajmYCyRvdJGrHdCFMTh5HjfhOh4psr7fVjvHHyn3eacxYXUYPi8+H1LSHxOsDb2h0K2ieH8u+KeHa3h27vttWOaz\/GPdYnRQ4EqsJb7qI7LJSdCnPqJfykwtVtPDfCnS1JrpG9xmjbjdWrD9N4Bsptf41o4hs+bsSGG4UWg\/fJRYDwS9sQ97xnfxs9rMR+KXPy4uc57jdzjdcsy+dVzMzae8pTayhcvpa6junADcb3UpEVTMN1MRkFbCpbqmCJFEwtHKVVTlDrqiXs9Wf2AICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBAoIdEEqCUhBJZB5II6Low\/lFKglI0QSEWRaJQROUp0CJS28kMq+GV1Vh9QJ6OZ0bx1HVTEzHZ0aG51NC3VScS6Jk3P0FQ0U2KgRuOhcfYf7wuvT3GeLP2PhvmGl4+HuOP6Su81ZCwfMMLqzCXspqpwuAw9xxXpaO9tTi3MNPEPLe030Tqbeem0\/wAJcuzJgOK4DWGnxGmeyxsHgd0jxuvW0tWmrXNZfP8AfeGbrZak01q4Yy4IuFfDgiRVmEwgbphICRuoxkRLrA\/JT0jtvBDBDg2UJMSqm8ktcbi\/Rq8be6sX1OmO0PqPlTw\/9D2E69+Jv\/RzrPmIDEczVMzHczQ7lafcvHvbqtl+M8X3P6RvL2ieGIYN1m8tOiJRA1RWUzOqIV8NppaytjpYQXSSvDW\/FGu22+puNaujSObTiHo3h9gcOE4NBRxtAEbQXm27lhM5l\/THgfhmn4bsabekdo5+c+rZRsoeumaEBBFougiNEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ"} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385184944474,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01480{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01485{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1654385184944791,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 06329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184945955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184945955,"pkt":"nLbQ0+MztKXvZygQCABFABDwiZ8AAPgGUKYSQgJawKgCfgBQi1Aw2K6CFQTlKYAYAIPopAAAAQEICjG9uf4hNwYeEBAQEBAQEEqAgICAgICAgICAgIIFBBBJI1r2Fjtig5B6QuWjNRjFYIwZabSSw1c1XrPo+U\/aV4D+kbeN9pR96vf6OMA2V3wyEvmphdBQJCiYVcOgdVVscDBcucArVdG30p1dSKR6uqYPTRUGGNZYNZEzVXjh9J2ujTbaGPSIaJmvEjiOLPeCezYbNC572zL5\/wCK72d5upt6Qxt1k4UGk2Q4L2CLDSiqZl1aIRKYbaK8QrMpraKcK8oW0TCcpTuVWYWiUvxVJ7rVQULVe0FZ\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBBKghZBLZBLZB5IGxK6e7+UIS9FCUpCCVWEpCqnKUhT3XQI8lAltuhlLY9FYZvKuacTwWRojldJCDrE46K1NS1Z4etsPF9xtJxE5j2dMy\/mnAM00PqOKRxOLhYxS2uPcV1aWtic0nEv2m08W2PiWl8LXiJ+U\/2a9nLhMJGOrcszh7Tqad2\/wXraHiX+nVj83ieJ+S8xOpspzHt6ubYrhuI4ZUOgr6OWF4P0mr1KWpeM1l+H19pr7e801azErS48Vboc2S48UwROeze+EuQavHKuPE8SidDhsTg67h+F9y4N3vK6UTWv4n63y75b1d7qRr60Y04\/m3ji7mKDCcHGGURa2WRnIxrfoM2K\/O6l5iJj1l+r8xeKU2u3+Bpd5jEfKHHm3JJOpK5nzSZmeZTMCImU30UVRYiqZgsg3\/gLgorMakxOVt2Uw5WXG7iqXn0fRPs68Jjcby27vHFOI+rulFH2cAFtTqVk+4KzeqCKCLRdBFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBA7IIICAgICAgICAgICAglQEEqDF5noo63D5I5GhzXtLXaJE4c+729NzoX0rxxMPL2b8NdhOYKqgcDaOQ8n5p2W0S\/lPxrw+dhv9Xbz2iePp6MUeqnu8yEPsUpSlVWjltfDLDWyzPrZB7Gjbq9X6jy9tIvadafRnc+Yj6lhXq8brSS7+5Re2Iep5h336PtvhVn70tBGg13OpK534OkYL3uFVZC\/VFi90RCManCEzSALkq9YUm2IZHBcHr8SJMERDB9Ky0iHZsvDN1vJzp14XdZljFKaMvDS8NHRWw6dfy\/vtGs2xmGH1Di1ws4aEKuHjxM5xPdKdvNVleEh+CpK0IbhQl7RR\/YQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBA6IJUELIJbIPI9l1P5PSnQbIsgdQokSkeagSkaWSolI0QS21RMShqiUtkTlC3khmEY3PY8OY4tI1BBslUxaazmG25R4gYvhAbFM71iIflHULWurMcS\/Q+H+Y91tfu2nqhv+F5xylmOnEWLQQF5FiJmgEfFbaevNfwTh+s0fG\/C\/EK9O4rGfmg3JPDqu5nxMYOb8h+y66+I7iPVWPAfAdbMx\/IZlHh1g16idkZLdW9o7dL+Ibi0Yzg\/7F8B2kdd4\/isc3cS8Po6T1PBI2vLBys5RZjFwzqYzPq5fEfNOhpafwtrGcdvaHLMUrqnEq6Srq5TJJIbklYTOZfgNzudTcak6mpOZlQaFDnTt2uio3X4IiUzPZRCZgJ0A1RV6B4PYO3Dsr0kZaA+Udq8+N9Vjacy\/o3yb4bGx8J06zH3rcz+bdlV+pTN0CANUEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQEEqB0QS9EFOZvPE5niEHAvSLwxsGORV7BYSjlebdVpTs+Efad4fGnvabmv+riXNlo+YJfHVR6FSJpkeGNFy42ClrSvVOIdUynRtpMIiZygEM5nK0Q+k+GbeNHbx8oy0rOVc6uxp9\/ZiNgFjecy\/CeM7udzvLe0MTdZS8+Et1CUL+aJhFtvFWqlMzxVohSWTynhj8VxJrOU9k32itKxl2+F7C2+3MV\/0x3dBqZaTCMOJHLHDENTtdacPo9p0tno9NOKwky9i1NilOZaZ3My9nApE5Rs95TXrms5hqXEKgZR4sJom8rJdbfWqy\/DeZNjXbbvrpHFmvuKzmHhVUzZZrwgiXtJH9hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBCyCCCFkHkZdD+TsoW1RKWyH1QABuUTEpbeSHZC2iGUtkTE+iUjdEwlsiaoKcAmCpYKAbobhERMwq09VUxfg53t9zlMNK62pTtYqKqpn\/DTPf73JlF9bUv+KcqYHiowzRaNUVTAXREo28AohCLR4KVUw1RWV7l6mNXjNNTDeWVo+1HZ4bt53G809KPWYemsuQNhpGtbs1oA8li\/qTbacaelWkdohkm9VVsigi3qgigICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBAQEBAQEBAQEBAQEEqCB2QSnZBKUHL\/SNoTLlx0rYweyeHX8Fand85+0nazq+F9cR+GXBzday\/n+qUkXKlMMhlGlFZjLIydGjm+0fpUer0vDNGNbcRWfq6fiDhS4NO8G3KwgFXfQt1aNHZ3t8nK5HF8j5HG5cb3WMvlUTNrTaUg6rOWiBKiIT6DT4KThFouFMRlEqtHC+oqGU8QJc820V4hWlL61406d5dPy1hcWEYWIwB2rhd58FpWMPp3hnh9Nht4rH4p7tC4n48aupOH0z\/AL1Ge+R9IqJnL834zv8A4tvg0niGQ4KCTsKkfR5gkOzy5nFl5xYBD6e40IUuTzhmLabTyVSX5KvZKTqqS0qh5Kpw9po\/sIQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBCyCCAghZBBB5G3XQ\/k1BE8IOCEIEInKUhWKoWVVkv9iCWyIygQiapbeSBYIFvJTyIWTIWUVRlFo8ERlEDRBFoREpkQDVEZTNGiIRaBZFWycKKMVec6ZpvaMl\/1KtuIfp\/J22jX8Y0on05\/g9F4W0NpbDqsX9HVjEYhdN0CJEEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBAQEBAQEBAQEBAQEDoglQQKCUoJSg1XitRtrMr1UbjvEbHzU17vB8zbWu58K1qT7S8xuHK5zfA2W7+WLRiZhIShDMZALRmAc2xZb+kFFfm9nwPEbqM+394dGzJAZcvVDRe4BOil+48T0vibDUhysNs0g9CqYfKtPthJ4qkw2ieEG3UYSAdEwI7Dz6BWhS04hvnDPAewgOJ1bO+fYafmtKw\/beWPCfh1\/StWOfRNxLx\/7nUDqeF4M8wtp9EJl3+M+I\/ApNaz96XKnuc9xe4kucbkqH4aZmeZdH4KMd9z6gkaFwsph+w8t1n4dplV4vFwfTNtpb9KlxecJnq04aYVm\/IQlvuqroKMD2oof2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCVAQEHkXYFdD+TUN+qCCCBQQROUqnKULKExKHkiMpQgW3RZCyIhDlRJyoqNHggAeSGUQPNEZlFECIyiBa6IlNpbzRVEbIN84AQtfmmSVzb8kRsq37PoX2b6VbeJ2vMdod3ohaBvuWL7oqoDd0EyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggUEEBAQEBAQEBAQEBAQOiCVBAoJSglKDAcRP2sVLvBhUw8rxv8AZ2r9HluuaWVkrSNQ4rd\/KmvWa6ton3UVX5MoVcMndTVrJmm1nC\/1qcujbak6WpFodhwqRmIYQCCCJo7fFS+pbe1dxtsf7oc0zJhs2G4nKyRh5C7Q2TD5d4jstTZ7i1bRwx3LcabKkw5azwlA8AownIAALlIhHVhsPD3L8mK14qp2EU8Rve2hVoh73l\/wm291viXj7kN7zFiNPhOGumeQ1rG2Y3xU5fvt5udPbaWe0R2cXx3EJcTxKSqlN+Y6DwCS+b7vc219WdSyyPioc2XT+CTXHCprjTnFkftvLMT8KVDjBIfunDEQbAfpU8vJ84Xn9JrX0agToqy\/LRCUa3VMLCYHtRVf2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAghZBBB5FXQ\/k1A3Vkd0FVIpwIWUZRlAjyU5SgRuoMpbItHbKCnkyW0UYEN0C\/kERygiREdxEdho8EEQPNBECyKot2RVFAUxA6H6PQ\/yvVu8GD5qmp2fS\/szj\/xmrPyh3OAWhb+aFi+1pkEW9UEUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBKgICAgICAgICAgICAgdEEqCBQSlBKUFhjcLJqUNlAczmF2nY+9WZ6mlXUjF+Y9nlXNFhmSvAAAFTIAB07xWkdn8m+LRjxDXiP91v6yx520VnBCVVWhuXDPMDYZPUKqTla78G4nS\/gpy\/WeX\/E4pPwdSceze6yioMXpTDVxt5iNHBInD9fr7Xbb\/TnT1o592g5lyhiGHTudTsMsJ1BHgrRy+eeJ+XN3s9SZ046qsA6CoabGB99vZKYeFNNWJxNZ\/gy+WMr1+LVTTJE6OAHvOItooxh7Hhnge53upGa4r6ulMZR4PhPZMLY4YW953ioy+mU09DZbf4dOKw5JxBzC\/GK90cTj6vGe6PFS\/AeL+JTutSa1\/DDW\/wApRh4xqeqhPzdV4IRv+4sjneyXCyP3flis\/AmZWPGcuGNRAjQDRHiecM\/pdYlpzttEflqpVVYvdMD2ss39hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg"} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184953988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184953988,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184956858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184956858,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} @@ -1155,7 +1155,7 @@ 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184973564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184973564,"pkt":"nLbQ0+MztKXvZygQCABFAAXIKLQAAPgGV\/cSQGcewKgCfgBQjy5+eJ1f0XpgIYAYAIMAzwAAAQEICvuAHVOcUadRJQJEMyhfWzk4c69t8VudXr6pn+znDQ0VEhQPPcyGS61d5+1zHyZ4kw8InhkhW68pyvvrnzX5t\/H39maFxWc2r\/jFxwq\/hEVoXAiKHiLMU4\/KyHs5sV1wD559f9zcFztWUj0ihMMgtggEDfMxXUM9dFGV6JcgarAA5KIX8Rhx4KKjXR5FenSf6ir4Wu45nkDFW59zYej9BmKhpdMb8rY8eNPnAfGmIQzij55nkq\/uWJQgPv88G0x6gqY4XOyV9k8a+qsSfYKU5lLVQEUHepnWRDQfUc+335Q9qXuFH7f+8ng\/aQrf84kI7WaO+SnxnLQouz0Cv9v8f3lE+4owCfP1Cz8OEYnQkhXEehYZgVia7bxcHiv6v4xaanozJ5rmOorquwr9GrpFyxLzcpsLlUqzK+KacyS7QwJS\/Ky0\/PTcIlt8ZLwU7TL\/\/o1pr2hLdfT095T4mmP+2+1ddHU48Byxr3aLa3WT\/jG\/C3X6ePA0eanW9XpA7VJvL\/6JmLlix5z9hSS3OqzNKQTjBUM3s7KkvCOkhFHfw0EXJwWgoKSWmSsy5BrLZEfkM0FV7a+ikWpLo3uxdOw31fp7dfTjbB4kd6HRjhDkihmhg3Fxj9HXloHyHwvckfdTCsRiouxlgct7lNCoCgpUmfTu6Yyx7kf\/6aih8KzpyyqkP02jZkyX6OCTx82lz89o7u9CyGfsWhKD\/7BBbiMdXaKK4TysUCFlwE9GGF2seEuicF8r6CTuiOZsrl8ro7A0wal1282SC8UewlAVeiOv42DSkeq4dNBmW50TVjG35t+WUxNn4Q3p5nPJnsGwNKxtQn\/XWWm1U5Gt7+GDvLGqhGlz\/Ki8pfJccVYEawTw7SCN4wp\/3ocQ6vkT4Dpx9fSRTemmYi6pENOZS6VuARnHqwYSWl4t6yJoHK9sCfi9ST8HVXbqDXWFZ2q3BJnFLL2KjKRKEQ6cwz09MaWHVSAOYMFLPRa1P4jAx3PdtEcA6Suw\/o0nBxQpA1VcK\/L5h29Se6TnnwGGwNCLWwcEJVFxaxhV\/90VokUL7AtF\/O2q\/1vhOGyiX6EkZzZs6nexDcqCRxLporgd6yB4OIQ\/K5UvGbYe6+Sm7lH6OGAMK4UMwjkq9mCtaTHr7mvhnhxRuW7uj2lidYSV8hOTyPermC3rpaeQy2urqLgBbyapxA5Pobg8dWmnSefHpRew8i1Lo7xZJ2SpCdkX1yUKisC8EMEhExSgxRoJO6lJwnDpHM5WJ36k3Ry+3q9OcgN6NLQRO5pRs8nhTf4nqy7lt5uTY1pqNSduEscx56wTi21bJStBpnuJ8UvGJx\/R+YeP8QzcFQlKJycJlPLg6eX96ULPBZxzLMetvK3n66CoeI4YwUg4QxFhrIktxxA1moIwNkkn6SE2PJvny3Cxi6Q7lkUmD0rurnBMt9ApEb3z5XFrSDnmX6QwTGHURMLAjPSQ1rzsHHaLMjENdwshfdWaIsx0\/C+jJ4udEOtxA9Fm0BuIFf8jWdfxwPFpB7wf1zLIyaPgXgtem4PL4uFnUr\/LL8Mi6yuMoLm28awieMUxVDrx8BpEilb9smuibdWhYybgbrhRDSVz2VcvfeF7S52u5dohgrnorV7VIGu4Fbfjcdt5eZr90iPKqeLRmae8arWdU6pk0+036XKkyixVdtPL96eMfve4A6Zh9TvzUvY2yZhS+fWayDF170ogtacHtunN1Y8fbumfzzXBlbMPAxKwloCcANStnnowf0vhV+lwOAC5eJ0wwfBbE\/fZdlz+fa+lDBSbIFzwquAzceoahA\/CkYEf4Il0qBgoQR8xij74ARiwygmvlhBcVhebT1T8Wht+RIpph7wDNRWhIpJICJTvhB4xG3THeUUikIIY59QcKEF+mfeRHq7zWxIrV0MxaCgpfmHu"} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1654385184982489,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} 04527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1654385185015695,"pkt":"nLbQ0+MztKXvZygQCABFAAEvXw0AAPgGJjcSQGcewKgCfgBQjzQ\/gIf3GAA7E4AYAIPMaQAAAQEICgAnDeicUad2d33ytWgxPP549E8++kcL03\/7Z00U1zPvd5U\/\/8YR2M0q4PPBMJux8PPglf8nf+J\/WlmA7T+B3oKJaxaPsyxAjo+gp2JAZ5f+d\/QE\/X16KoYvHYEq954+vunj+e3Gw9PlfRI7wGV\/Kcwu++3HT+gdRAlPuP4TwL+\/wXgPgV3QrzI7kWKnsqsRSgE4+UMeBH71hw57f63nFza\/qSLL\/OFoiNQfOuTbteZRPb6e0QR0tTv7ifp0lPj6fqAJqv05gqzIACaWCLm2CQJ3YQLH5hDxubHvodkW5lBnhujgmuZOB8zInqMh0Ahg+Dnl\/wXDsfHrS4oAAA0KMA0KDQo="} @@ -1163,32 +1163,32 @@ 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1654385185942149,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229374771,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} -01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229374794,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_usec":1654385229375778,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -02271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1654385229376461,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +01047{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229377895,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} -01006{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} +01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229377922,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_usec":1654385229378645,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -02271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1654385229379534,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01044{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229398934,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1654385229399980,"pkt":"nLbQ0+MztKXvZygQCABFAACbqYhAAPUGMt80HbGxwKgCfgBQkOxILxECXvClqIAYAIBoGAAAAQEICvNkXe4Ae5ZkSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229406775,"pkt":"nLbQ0+MztKXvZygQCABFAADQbSRAAPUGBTQjnCwNwKgCfgBQpkaCxYqTe31v0oAYAHWAFwAAAQEICg9XxG0ZZxH8SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 01028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_usec":1654385229413001,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385229450708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01454{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_usec":1654385229460595,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01705{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01703{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1654385229557713,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":5,"flow_src_last_pkt_time":1654385229559611,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229559611,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkxAAEAGHePAqAJ+NB2xsZDsAFBe8KWoSC8RaYAQAfauuwAAAQEICgB7lxvzZF3uR0VUIC9pbXByZXNzaW9uP29wcmk9TmpJNVltVmhNakJqTkdNM05HTXdNUDViZFE5Xy1NY0ZjdngyeWc9PSZyaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWto"} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1654385229568829,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} @@ -1200,7 +1200,7 @@ 01586{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1654385232057407,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385232085154,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1214,19 +1214,19 @@ 01358{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":4,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385234239203,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5RAAPUGSvIDer5GwKgCfgBQgRKT0VmtkWAGsYAYAHiq\/QAAAQEICk9CoLuWJXANSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjE0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPVpJSGdqdXNlZGg5Yk5qVWRLZ3BSZUsySU93alRKTnloV0psZHkvdUZiNUNYdnVnektUYnNkQWtqS2QvOHVSa1dDL0JlUnVJd2k0QWtueG9LeUJQcWVvTjBid2VRZnpFeWJZR0crVFdwdDBQL3NIQUpqUmdOdXVpWXUrOSs7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxNCBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1aSUhnanVzZWRoOWJOalVkS2dwUmVLMklPd2pUSk55aFdKbGR5L3VGYjVDWHZ1Z3pLVGJzZEFraktkLzh1UmtXQy9CZVJ1SXdpNEFrbnhvS3lCUHFlb04wYndlUWZ6RXliWUdHK1RXcHQwUC9zSEFKalJnTnV1aVl1KzkrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTQgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_usec":1654385235892637,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -02191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385236487007,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119358297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385120216027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} -01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} -01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Akamai","proto_by_ip_id":467,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} +01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} -01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385185166661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":6082,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} @@ -1234,18 +1234,18 @@ 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} 01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} -01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} +01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":12,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142861550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":27563,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Tracker_Ads","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":12,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385137088135,"flow_dst_last_pkt_time":1654385137795021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":37440,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":124042,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} -01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":8,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385145113565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":8192,"flow_src_tot_l4_payload_len":1183,"flow_dst_tot_l4_payload_len":18456,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} @@ -1257,7 +1257,7 @@ 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PlayStore","proto_id":"7.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"play.google.com"}} 01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} -01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385129190022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":817,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":817,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi"}} @@ -1267,9 +1267,9 @@ 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385157162185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":508,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":508,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385157178524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":680,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":680,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":1950,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} 01228{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":19,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385146051643,"flow_dst_last_pkt_time":1654385146257351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":51980,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146481114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":4320,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":7485,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} @@ -1277,14 +1277,14 @@ 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385147163604,"flow_dst_last_pkt_time":1654385147585918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":97896,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":28,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385147363303,"flow_dst_last_pkt_time":1654385147935185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1578,"flow_dst_tot_l4_payload_len":131729,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":23,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385147316212,"flow_dst_last_pkt_time":1654385147926816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":126758,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} -01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} -00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} -00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":17,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1287,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 @@ -1293,9 +1293,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9257069 bytes -~~ total memory freed........: 9257069 bytes -~~ total allocations/frees...: 145272/145272 +~~ total memory allocated....: 10027715 bytes +~~ total memory freed........: 10027715 bytes +~~ total allocations/frees...: 159238/159238 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 11861 chars diff --git a/test/results/monitoring/signal_audiocall.pcapng.out b/test/results/monitoring/signal_audiocall.pcapng.out index 59923d2f6..fa7a0686f 100644 --- a/test/results/monitoring/signal_audiocall.pcapng.out +++ b/test/results/monitoring/signal_audiocall.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024252560352} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024252560352} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024252560352,"pkt":"dNo47VMyYhO2esBpCABFAAAwRWRAAEARGavAqAxDI9jq6rFrDZYAHHVvAAEAACESpEJXWklqc1dDeWlGaWU="} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -37,7 +37,7 @@ 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024262578771,"flow_dst_last_pkt_time":1732024262586393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":29,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024271632164,"flow_dst_last_pkt_time":1732024271627708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":2352,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1732024255310800,"flow_src_last_pkt_time":1732024270121601,"flow_dst_last_pkt_time":1732024270117593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":992,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":12261,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":268,"packets-processed":268,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1732024271658206} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":268,"packets-processed":268,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1732024271658206} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 268/268 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659810 bytes -~~ total memory freed........: 8659810 bytes -~~ total allocations/frees...: 140830/140830 +~~ total memory allocated....: 9424280 bytes +~~ total memory freed........: 9424280 bytes +~~ total allocations/frees...: 154796/154796 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2265 chars diff --git a/test/results/monitoring/signal_videocall.pcapng.out b/test/results/monitoring/signal_videocall.pcapng.out index f38d65790..28ea49d89 100644 --- a/test/results/monitoring/signal_videocall.pcapng.out +++ b/test/results/monitoring/signal_videocall.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -28,7 +28,7 @@ 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1732024444862357} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1732024444862357} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 334/334 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659316 bytes -~~ total memory freed........: 8659316 bytes -~~ total allocations/frees...: 140886/140886 +~~ total memory allocated....: 9423754 bytes +~~ total memory freed........: 9423754 bytes +~~ total allocations/frees...: 154852/154852 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2258 chars diff --git a/test/results/monitoring/signal_videocall_multiparty.pcapng.out b/test/results/monitoring/signal_videocall_multiparty.pcapng.out index 27302c1d7..d77281d59 100644 --- a/test/results/monitoring/signal_videocall_multiparty.pcapng.out +++ b/test/results/monitoring/signal_videocall_multiparty.pcapng.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247515941563} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247515941563} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247515941563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247515941563,"pkt":"ILAB4IZiSKRyNpegCABFAACAiykAAIARhhPAqAF1I89DROg2JxAAbAzQAAEAUCESpEI1NEg2QU95UTMyRVAABgAJMWFMNTpRTVhDAAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAUcpt5C\/\/iaNePSUPaFGAUyh6\/HmKAKAAEM0IRaA=="} 01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247515941563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -11,7 +11,7 @@ 01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515990690,"flow_dst_last_pkt_time":1733247516018904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1733247516018904,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 02243{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247521000514,"flow_dst_last_pkt_time":1733247521314176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":1239,"flow_dst_tot_l4_payload_len":830,"midstream":0,"thread_ts_usec":1733247521314176,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":300,"avg":336502.1,"max":1071142,"stddev":395522.0,"var":156437676032.0,"ent":3.9,"data": [32884,48827,300,44457,50533,44084,223767,385,25289,800734,1030880,20622,201493,673,800784,981685,21273,210614,756,118515,13444,1043663,879515,925,1071142,1007160,651,274470,390884,400116,691039]},"pktlen": {"min":56,"avg":92.7,"max":128,"stddev":28.2,"var":793.4,"ent":4.9,"data": [128,128,64,128,128,128,128,83,64,64,128,74,128,83,64,128,74,128,83,64,76,56,74,83,64,74,83,64,128,128,64,74]},"bins": {"c_to_s": [1,14,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,1,0,1],"entropies": [5.630286694,5.730687141,5.077819824,5.651809216,5.741195202,5.841376781,5.766547680,5.757154465,5.171569824,5.046569824,5.753524780,5.387711525,5.789052010,5.652456284,5.077819824,5.626456738,5.428714275,5.731467724,5.790346146,5.060848236,5.754378796,5.151015759,5.367309570,5.684864521,5.159774780,5.404538155,5.853539467,5.171569824,5.637804031,5.766547680,5.049053192,5.377511024]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":68,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247533917504,"flow_dst_last_pkt_time":1733247533913543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1184,"flow_src_tot_l4_payload_len":67701,"flow_dst_tot_l4_payload_len":18298,"midstream":0,"thread_ts_usec":1733247533917504,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1733247533917504} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1733247533917504} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 260/260 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652354 bytes -~~ total memory freed........: 8652354 bytes -~~ total allocations/frees...: 140792/140792 +~~ total memory allocated....: 9416728 bytes +~~ total memory freed........: 9416728 bytes +~~ total allocations/frees...: 154758/154758 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 2248 chars diff --git a/test/results/monitoring/stun.pcap.out b/test/results/monitoring/stun.pcap.out index acb4e6908..e80ee340b 100644 --- a/test/results/monitoring/stun.pcap.out +++ b/test/results/monitoring/stun.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="} @@ -7,7 +7,7 @@ 01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1595356443140497,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwL+tAAEAR+4LAqAypSn33gKgIDZYAHBBnAAEAACESpEJTSGtoRjhvZHdneVY="} 01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -20,7 +20,7 @@ 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1595356444494918,"pkt":"CL6sCxdumt9Y+uvcCABFwABs98MAAEABcr7AqAypSn33gAMDDJoAAAAARQAAUAEJAABmEURFSn33gMCoDKkNlqgIADx61wEEACAhEqRCamF6aTYyTmZVRDV3AA0ABAAAAAAACAAUCDrQbj\/HZPzecgDWKnOqyyksqcs="} 01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.279952}} 00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1614938022295727} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1614938022295727} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="} 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -34,7 +34,7 @@ 01022{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":49,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938123200754,"flow_dst_last_pkt_time":1614938123207596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1614938123207596,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02311{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938163424247,"flow_dst_last_pkt_time":1614938163431063,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":704,"midstream":0,"thread_ts_usec":1614938163431063,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2867,"avg":9105286.0,"max":10358549,"stddev":2980037.5,"var":8880623976448.0,"ent":4.8,"data": [6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259]},"pktlen": {"min":68,"avg":80.0,"max":92,"stddev":12.0,"var":144.0,"ent":5.0,"data": [68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01022{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938173452831,"flow_dst_last_pkt_time":1614938173459694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1614938173459694,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1629291451242856} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1629291451242856} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1629291451242856,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} 01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -45,7 +45,7 @@ 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="} 02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1643626018009166} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1643626018009166} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} @@ -55,7 +55,7 @@ 01036{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","domainame":"apps-host.com","stun": {"multimedia_flow_types":"Unknown"}}} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1647958145472010} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1647958145472010} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"} 01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -67,7 +67,7 @@ 01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2i110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8"}}} 02213{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":193,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":70,"global_ts_usec":1661169535535091} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":70,"global_ts_usec":1661169535535091} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"} 01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -76,7 +76,7 @@ 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535657522,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZk0RAAEAR2S7AqCuphuBab77WImEAxZayFv7\/AAAAAAAAAAEAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} 01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc"}}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":6,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1697468908358667} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":6,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1697468908358667} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1697468908358667,"pkt":"eq+3+1HBILAB4IZiht1mBDreADwROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gA87sUBCQAgIRKkQktkZmJkWjJhZlo4bAAIABRFsDl4oh6bf+GLBENYf43S4VSdWIAoAASacRNB"} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -84,7 +84,7 @@ 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468913582927,"pkt":"eq+3+1HBILAB4IZiht1mBDreAIQROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gCET3oBAQBoIRKkQjdxNnArS0o3QlNDMAAgABQAAprMAROvRT1M92Jj6lqjUHRrLgABABQAArveIAELBwo9wRJIoRCUEicoHoArABQAAg2WJgAZAEFgWZkAAAAZAAAAAIAsABQAAgBQJgAZAEFgWZkAAAAZAAAAAIAoAATOYQFM"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":201,"packets-processed":201,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":6,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1697468913582927} +00818{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":201,"packets-processed":201,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":6,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1697468913582927} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 201/201 ~~ skipped flows.............: 0 @@ -93,9 +93,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8672109 bytes -~~ total memory freed........: 8672109 bytes -~~ total allocations/frees...: 140821/140821 +~~ total memory allocated....: 9436739 bytes +~~ total memory freed........: 9436739 bytes +~~ total allocations/frees...: 154787/154787 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 2316 chars diff --git a/test/results/monitoring/stun_google_meet.pcapng.out b/test/results/monitoring/stun_google_meet.pcapng.out index 5eaa232cf..3a779a651 100644 --- a/test/results/monitoring/stun_google_meet.pcapng.out +++ b/test/results/monitoring/stun_google_meet.pcapng.out @@ -1,5 +1,5 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00819{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250009,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFppAAEARi+LAqAycSn2Af5UIS2YAHMbcAAEAACESpEJrQUdOTnp2SE5INTk="} 01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -54,7 +54,7 @@ 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1697468935898948} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1697468935898948} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468935898948,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIQRQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCETH0AAQBoIRKkQmtPaTNJMjc0OHB2QQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACQABG5\/KP\/AWQACAAEAAAAIABSaw7PkfELbyrRWbnt+uUO3nio4h4AoAAQFm42R"} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -72,7 +72,7 @@ 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":6,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1697468936608486} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":6,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1697468936608486} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 362/362 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8669907 bytes -~~ total memory freed........: 8669907 bytes -~~ total allocations/frees...: 140961/140961 +~~ total memory allocated....: 9434440 bytes +~~ total memory freed........: 9434440 bytes +~~ total allocations/frees...: 154926/154926 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2280 chars diff --git a/test/results/monitoring/stun_signal.pcapng.out b/test/results/monitoring/stun_signal.pcapng.out index 91033782d..0c4daac1b 100644 --- a/test/results/monitoring/stun_signal.pcapng.out +++ b/test/results/monitoring/stun_signal.pcapng.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00814{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040353,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} 01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -8,19 +8,19 @@ 01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936065479,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU1AAEAR9NjAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070153,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU5AAEAR9NfAqAypI563p7hkDZYAHPweAAEAACESpEJjaDExN25ZQXk2MTA="} -01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070262,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU9AAEAR9NbAqAypI563p5peDZYAHOX3AAEAACESpEJkOSt6R0JMc3JIbis="} -01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936083692,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} -01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} +01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087734,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLztAAOARwqojnrenwKgMqQ2WuGQAXLAaAQEAQCESpEJjaDExN25ZQXk2MTAAIAAIAAEPY3w9RVEAAQAIAAEucV0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAATCHshI"} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936087776,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936087776,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq4AAOABw2sjnrenwKgMqQMDpcEAAAAARQAAMJ1QQAAdERfWwKgMqSOet6eaXgG7AByKqgABAAAhEqRCWmZiNGRVd21Ycno1"} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087800,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"} @@ -28,23 +28,23 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135326,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135836,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936138159,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Lz5AAOMRv58jnrenwKgMqQ2Wml4AZJPmARMASCESpEI3Q1lCTmVMaEVzcmUACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjOGY3M2M5NzZiMDJiOWM4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABHmTjPc="} -01172{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11888","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11888","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936144242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} -01159{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01157{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936144585,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936144585,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVZAAEAR9G\/AqAypI563p5peDZYAfGxHAAMAYCESpEJTREg5Z3IrK1V4dm0AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGM4ZjczYzk3NmIwMmI5YzgACAAUVADVyCcFlHpNR6\/JlEM11GK82Wc="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936150779,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150779,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936150821,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150821,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbroAAOABw1cjnrenwKgMqQMDpckAAAAARQAAOJ1UQAAdERfKwKgMqSOet6eaXgG7ACT1pAADAAghEqRCSktITllCRzRleVZKABkABBEAAAA="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936160415,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4L0JAAOARwpsjnrenwKgMqQ2WuGQAZP9bARMASCESpEIwWE1VcCtxUS9rUlMACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NTNlMjE2ZTYwMmRiMDdlABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBFo+J8="} -01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936160415,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01178{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936160415,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936185855,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936185855,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVhAAEAR9G3AqAypI563p7hkDZYAfGwXAAMAYCESpEJMbjdHYmN5WG5rbm4AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDk1M2UyMTZlNjAyZGIwN2UACAAUIW2HvRLiM2\/Mn2aCV9BfzE1X65g="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292139,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} 01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292790,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} 01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292790,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936316455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936320168,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936331596,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936331596,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbuUAAOABwzQjnrenwKgMqQMDpcEAAAAARQAAMJ1iQAAgERTEwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936385688,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936385688,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWRAAEAR9LnAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936386031,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936386031,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWVAAEAR9LjAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} @@ -54,14 +54,14 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936667023,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TocAACURUtys\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936817391,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936817391,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWZAAEAR9L\/AqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936821517,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936821517,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWdAAEAR9L7AqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901937818802,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901937818802,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901937822688,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901937822688,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901937818802,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901937818802,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901937822688,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901937822688,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956886692,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956899977,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956900169,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} 01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -71,20 +71,20 @@ 01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956929987,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956930390,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} -01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956969064,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuhAAEAR8zXAqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956971552,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nulAAEAR8zTAqAypI563p6g8DZYAJNbdAAMACCESpEJQZE0rWTlGNXNyQ3EAGQAEEQAAAA=="} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956977270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7RAAOQRrikjnrenwKgMqQ2WnA4AZNRVARMASCESpEJuWjVNSmNUejZrc3YACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlM2Q3MGU4YTI4NzhlYWI4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABPdDwsE="} -01181{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956977270,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11911","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956977270,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11911","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956982713,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956982713,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnupAAEAR8tvAqAypI563p5wODZYAfID0AAMAYCESpEJoVnBuRlhEMWd5a3MAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGUzZDcwZThhMjg3OGVhYjgACAAUhea72wHPPgTdSOnBEkAPMzKPAD4="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956988183,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7VAAOARsigjnrenwKgMqQ2WqDwAZD47ARMASCESpEJQZE0rWTlGNXNyQ3EACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyYzViYWNlMTgyOWQyNjllABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBNbgMs="} -01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956988183,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11910","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} +01178{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956988183,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11910","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956989826,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956989826,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnutAAEAR8trAqAypI563p6g8DZYAfJbSAAMAYCESpEJELzRSL1I0ZVdVN0kAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDJjNWJhY2UxODI5ZDI2OWUACAAUvJldU9tsWUvBCpl53HMUEVhvq8k="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957149857,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957149857,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvtAAEAR8yrAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957151010,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevNAAEARy\/vAqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} @@ -100,24 +100,24 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957680781,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957680781,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxZAAEAR8w\/AqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958294242,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} -01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958378136,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958378173,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1636901958386718,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958386718,"pkt":"CL6sCxdumt9Y+uvcCABFAABcaztAAEARa7LAqAypEsODj6g87uQASCG+AQEALCESpEJ2dFg5dWZIQUdCakMAIAAIAAHP9jPRJ80ACAAUJmmebdkZZFSwkh7L8yz62k564LmAKAAEReD9tw=="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1636901958394511,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636901958394511,"pkt":"CL6sCxdumt9Y+uvcCABFAACEazxAAEARa4nAqAypEsODj6g87uQAcJERAAEAVCESpEJwNFQrb1h3aGNEZzcABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UDAAQAEAAAAAQAkAARufx7\/AAgAFAU5PfclhugC7DGLkMWmAbOXS5FggCgABGgSKPI="} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901958650809,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958650809,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901958683157,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958683157,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -02216{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901960601813,"flow_dst_last_pkt_time":1636901960620966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1636901960620966,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":149493.4,"max":679364,"stddev":200828.1,"var":40331911168.0,"ent":3.9,"data": [83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177]},"pktlen": {"min":56,"avg":91.9,"max":132,"stddev":24.9,"var":621.5,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84]},"bins": {"c_to_s": [4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1],"entropies": [5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901964741654,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901966826937,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901958650809,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958650809,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901958683157,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958683157,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901960601813,"flow_dst_last_pkt_time":1636901960620966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1636901960620966,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":149493.4,"max":679364,"stddev":200828.1,"var":40331911168.0,"ent":3.9,"data": [83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177]},"pktlen": {"min":56,"avg":91.9,"max":132,"stddev":24.9,"var":621.5,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84]},"bins": {"c_to_s": [4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1],"entropies": [5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01072{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901964741654,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901966826937,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967279945,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967279945,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCFAAEARys3AqAyprP15f6g8S2YAHDMFAAEAACESpEI4KzdNdk9qTHloVm0="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967305260,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967305260,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCRAAEARysrAqAyprP15f5wOS2YAHCjCAAEAACESpEJCTndzakJKdHNsVHY="} -02290{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01130{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02288{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01128{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01001{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01033{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01031{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01001{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01130{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01025{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01128{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01023{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} 01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -126,32 +126,32 @@ 01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637207,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EhAAEAR8rHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} -01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998642149,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43ElAAEAR8qjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998644152,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43EpAAEAR8qfAqAypI55607qXDZYAJM8KAAMACCESpEJRck1mY3NySEUrbG4AGQAEEQAAAA=="} -01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998644452,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EtAAEAR8q7AqAypI55605RSDZYAHOlfAAEAACESpEJTRld4cWpibUxkeFo="} -01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998645824,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3ExAAEAR8q3AqAypI55607qXDZYAHAfgAAEAACESpEJsR1ZDTTdDN1dMVEo="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998654073,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654623,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} -01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} +01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} -01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} +01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660651,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9ktAAOMRNU4jnnrTwKgMqQ2WupcAXFiiAQEAQCESpEJsR1ZDTTdDN1dMVEoAIAAIAAEPinw9RVEAAQAIAAEumF0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAAR90ekp"} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998662264,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998662264,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3E5AAEAR8k\/AqAypI55607qXDZYAeBRYAAMAXCESpEJIUGFhU0tWSmtQRG4AGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNGE5ZjU5Y2ZmZTg5NDRhOQAIABRI+uTzM7nII\/sVpvC6uyZXC+3v6w=="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998669539,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49kxAAOQRNEUjnnrTwKgMqQ2WlFIAZMvXARMASCESpEJOTG9MWFNjWDdLU3cACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2MzExMjRhZWUxZDEzNDUwABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABOHlRAQ="} -01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901998669539,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80","multimedia_flow_types":"Unknown"}}} +01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901998669539,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80","multimedia_flow_types":"Unknown"}}} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998676426,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998676426,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVYAAOMBFpAjnnrTwKgMqQMDaPUAAAAARQAAONxPQAAgERKjwKgMqSOeetOUUgG7ACS3UAADAAghEqRCcXF0MnJ1Mk16MmtvABkABBEAAAA="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998684473,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998684473,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3FFAAEAR8kzAqAypI55605RSDZYAeCtfAAMAXCESpEJzQVJaQW1IdkdKV0kAGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNjMxMTI0YWVlMWQxMzQ1MAAIABSPAYmQd4zQiPDDbTAeeOez+Voceg=="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} @@ -169,10 +169,10 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386783,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386783,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3H1AAEAR8nzAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000024715,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000073738,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000102078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000102078,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000107063,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000114802,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000114802,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/RAAEARXvnAqAypEsODj7qX0yYASLB3AQEALCESpEJBbDNpSTF1eStSR1UAIAAIAAHyNDPRJ80ACAAUTu361RDreRFUJBDgnwLv4nPGjjiAKAAENi4ivw=="} @@ -181,43 +181,43 @@ 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000142270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8w7dAAAYRTRYSw4OPwKgMqfA6upcAaP5PAAEATCESpEIwbFM2UjdmdjFzOTMABgAJN2tzczoxRVpzAAAAwFcABAADA4SAKQAIiflXHs5q0dMAJAAEbn8g\/wAIABT+u0FmMYg2qxKb1bY78Qe06uM1KoAoAAQrkPMA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000144041,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000144041,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/ZAAEARXvfAqAypEsODj7qX8DoASAMeAQEALCESpEIwbFM2UjdmdjFzOTMAIAAIAAHRKDPRJ80ACAAUI\/bFSLNMUitVQi8z7dVLO\/aQEHmAKAAEAVoedw=="} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1636902000173314,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636902000173314,"pkt":"CL6sCxdumt9Y+uvcCABFAACEd\/dAAEARXs7AqAypEsODj7qX8DoAcOfaAAEAVCESpEJYdGpHMEQ4MEppTE0ABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9DAAQAEAAAAAgAkAARufx7\/AAgAFM7+Ft2Y0101jZUj75NnkTl5UB7JgCgABNI9yPM="} -01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":363,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902000387029,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000387029,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902000387320,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000387320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} -02221{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":363,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902000387029,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000387029,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902000387320,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000387320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02219{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01014{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01008{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01008{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01131{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01036{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01130{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01038{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01072{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01129{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01034{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01128{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01036{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008969021,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008969021,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhaxAAEARwULAqAyprP15f5RSS2YAHHeOAAEAACESpEJORW10V0g4dmFhQnE="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008970187,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008970187,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwha1AAEARwUHAqAyprP15f7qXS2YAHGY1AAEAACESpEI5bGJNUnBSbytQbnU="} -01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":2,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636902014432732,"flow_dst_last_pkt_time":1636902021384737,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":460,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":17,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1636902021384737} +01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":2,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636902014432732,"flow_dst_last_pkt_time":1636902021384737,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":460,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":17,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1636902021384737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 ~~ skipped flows.............: 0 @@ -226,10 +226,10 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8711412 bytes -~~ total memory freed........: 8711412 bytes -~~ total allocations/frees...: 141222/141222 +~~ total memory allocated....: 9476490 bytes +~~ total memory freed........: 9476490 bytes +~~ total allocations/frees...: 155188/155188 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars -~~ json message max len.......: 2295 chars -~~ json message avg len.......: 1422 chars +~~ json message max len.......: 2293 chars +~~ json message avg len.......: 1421 chars diff --git a/test/results/monitoring/stun_wa_call.pcapng.out b/test/results/monitoring/stun_wa_call.pcapng.out index f313cbdcb..cfa961bd5 100644 --- a/test/results/monitoring/stun_wa_call.pcapng.out +++ b/test/results/monitoring/stun_wa_call.pcapng.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} @@ -109,7 +109,7 @@ 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":2,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":112,"global_ts_usec":1676660035303048} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":2,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":112,"global_ts_usec":1676660035303048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 591/591 ~~ skipped flows.............: 0 @@ -118,9 +118,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8690934 bytes -~~ total memory freed........: 8690934 bytes -~~ total allocations/frees...: 141246/141246 +~~ total memory allocated....: 9455692 bytes +~~ total memory freed........: 9455692 bytes +~~ total allocations/frees...: 155212/155212 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 2214 chars diff --git a/test/results/monitoring/stun_zoom.pcapng.out b/test/results/monitoring/stun_zoom.pcapng.out index 1e084f44a..8d0d787d8 100644 --- a/test/results/monitoring/stun_zoom.pcapng.out +++ b/test/results/monitoring/stun_zoom.pcapng.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00812{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"} 01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -21,7 +21,7 @@ 02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1661169536805680} +00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1661169536805680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8660561 bytes -~~ total memory freed........: 8660561 bytes -~~ total allocations/frees...: 140623/140623 +~~ total memory allocated....: 9424967 bytes +~~ total memory freed........: 9424967 bytes +~~ total allocations/frees...: 154589/154589 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 596 chars ~~ json message max len.......: 2194 chars diff --git a/test/results/monitoring/teams.pcap.out b/test/results/monitoring/teams.pcap.out index 22cecaf50..656506ce3 100644 --- a/test/results/monitoring/teams.pcap.out +++ b/test/results/monitoring/teams.pcap.out @@ -1,5 +1,5 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00806{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -658,7 +658,7 @@ 00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":44,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -667,9 +667,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10085540 bytes -~~ total memory freed........: 10085540 bytes -~~ total allocations/frees...: 143355/143355 +~~ total memory allocated....: 10852868 bytes +~~ total memory freed........: 10852868 bytes +~~ total allocations/frees...: 157331/157331 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 298 chars ~~ json message max len.......: 2504 chars diff --git a/test/results/monitoring/telegram_videocall.pcapng.out b/test/results/monitoring/telegram_videocall.pcapng.out index 7dbbfee36..ee0fd4df7 100644 --- a/test/results/monitoring/telegram_videocall.pcapng.out +++ b/test/results/monitoring/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ -00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} +00600{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00821{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -215,15 +215,15 @@ 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367885663,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8pokAAEABmXjAqAypW2wRAgMDNxoAAAAARQAAYGk1QAAwEaeYW2wRAsCoDKkFeJJEAEylPgEEADAhEqRCS0hPaXJyRlRDcUV6AA0ABAAAAACAIgAETm9uZQAIABTZOmmRI5FcQW+rAa8g\/fpFll3GzoAoAASHsPRA"} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1648032373241368,"pkt":"mt9Y+uvcCL6sCxduCABFAABT6ldAAOsGItsSw6JdwKgMqQG7mCy7WPtHxPlC24AYAHtr3AAAAQEICnkLeDpCTgbkFQMDABr+u10WYqqjSVLzlRa1hyPjBkG+M0x+dgZKjg=="} -00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032373315177,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tt9AAEAGAXPAqAypEsOiXZgsAbvE+ULbu1j7ZoAQAMhy4gAAAQEICkJO9JB5C3g6"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378245645,"pkt":"mt9Y+uvcCL6sCxduCABFAAA06lhAAOsGIvkSw6JdwKgMqQG7mCy7WPtmxPlC24ARAHtfogAAAQEICnkLi8ZCTvSQ"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378336597,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tuBAAEAGAXLAqAypEsOiXZgsAbvE+ULbu1j7Z4AQAMhLuAAAAQEICkJPCC15C4vG"} -00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367764744,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00961{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00957{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032367501855,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032367002740,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -255,7 +255,7 @@ 01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 889/887 ~~ skipped flows.............: 0 @@ -264,9 +264,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8769230 bytes -~~ total memory freed........: 8769230 bytes -~~ total allocations/frees...: 141785/141785 +~~ total memory allocated....: 9534627 bytes +~~ total memory freed........: 9534627 bytes +~~ total allocations/frees...: 155750/155750 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2330 chars diff --git a/test/results/monitoring/telegram_videocall_2.pcapng.out b/test/results/monitoring/telegram_videocall_2.pcapng.out index e7bb9b986..0ada8749a 100644 --- a/test/results/monitoring/telegram_videocall_2.pcapng.out +++ b/test/results/monitoring/telegram_videocall_2.pcapng.out @@ -1,5 +1,5 @@ -00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731946730424347} +00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731946730424347} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731946730424347,"pkt":"AQBeAAD7dNo47VMyCABFAABJz2FAAP8R\/pzAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} 01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} @@ -60,7 +60,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946742234615,"flow_dst_last_pkt_time":1731946742577561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":118015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1731946743383191} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":118015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1731946743383191} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 315/315 ~~ skipped flows.............: 0 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8670805 bytes -~~ total memory freed........: 8670805 bytes -~~ total allocations/frees...: 140917/140917 +~~ total memory allocated....: 9435403 bytes +~~ total memory freed........: 9435403 bytes +~~ total allocations/frees...: 154883/154883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 570 chars ~~ json message max len.......: 2260 chars diff --git a/test/results/monitoring/telegram_voice.pcapng.out b/test/results/monitoring/telegram_voice.pcapng.out index d716ba648..1553eec11 100644 --- a/test/results/monitoring/telegram_voice.pcapng.out +++ b/test/results/monitoring/telegram_voice.pcapng.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731945706423652} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731945706423652} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731945706423652,"pkt":"AQBeAAD7dNo47VMyCABFAABJO\/ZAAP8RkgjAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} 01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} @@ -77,7 +77,7 @@ 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945738970403,"flow_dst_last_pkt_time":1731945739117008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":870,"packets-processed":868,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1731945742490274} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":870,"packets-processed":868,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1731945742490274} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 870/868 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8691726 bytes -~~ total memory freed........: 8691726 bytes -~~ total allocations/frees...: 141492/141492 +~~ total memory allocated....: 9456388 bytes +~~ total memory freed........: 9456388 bytes +~~ total allocations/frees...: 155458/155458 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 564 chars ~~ json message max len.......: 2252 chars diff --git a/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out index 6ee18d3aa..d8375b48b 100644 --- a/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out +++ b/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722427237865123,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237865123,"pkt":"CL6sCxduJjb1W8R1CABFAAA8G7tAAEAGftnAqAycuYAZY5RYAdHRRTx5AAAAAKAC\/\/8WmQAAAgQFtAQCCApRg5vRAAAAAAEDAwk="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237885149,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGqZS5gBljwKgMnAHRlFgui1zd0UU8eqAS\/\/\/GVwAAAgQFtAQCCApg+GPPUYOb0QEDAwk="} @@ -14,7 +14,7 @@ 01047{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401921409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1722427401924227,"pkt":"CL6sCxduJjb1W8R1CABFAAGT2SFAAEARDyHAqAyclWbubLgYBL4Bf+BaVEX2eYIGWZW97B\/uBFKid6MSV9\/02W2\/W+o36cuQNVtmMhAJHTAcbDg7XCMFAl0xHCYeGhojEQ07YGRoa2JiGBURHRlLEx04EAUBFg8EBB4VCR8QQxUVFBYoJyUjKnU9F0geFD5NHRwpDR0JMwQHEBgXGRgREREWHu32uP3s3BELEBsZDBEMEQcEDlgJDwQeFxCIEBhHyxRzBjPkcOAZKQXaF+N3ATvcOcpmAyzAL96OHmPUM\/K30LS6xKT6al3NNNxMChsDEA8uCd46WfS1aCsMHMuFvhUjOGTIBxpU3v\/Hxw6s\/CgKCqKhIJpNENIN2+tGFOfxS7QuGoPC52Q7v9u+NPw8b3vfvXXBBwc5DBYQNxUEGwYXFhEnO2pMT+yE7o8cNhkQEQM5pmcMCREEcDf7xzLpHLLsNx\/zRQ7DT7GnNBoJH96PWo0gzSL9g2Dar\/34qx5dEYO9\/DG3QzVndkG9w4jcVbkhUFWSERwvvUItAJ\/89A5z"} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1722427401934060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB6OL1AADURu56VZu5swKgMnAS+uBgAZvhOXG8GfZrUgA1YMzkxNWQxAbNSOT0tNIAP9idCl\/rehm7YfSBAKj59k9UPRPKVaW0LUqQgzFOtLHumhFDN1Y5hbY3tlOPyWvfVkw6K7l+x6eqyqyRV8MQse1pU+6KRqg=="} 02048{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722427401934161,"pkt":"Jjb1W8R1CL6sCxduCABFAAR4OL5AADURt5+VZu5swKgMnAS+uBgEZLQzVLAa0ZHTWfav3aQ6aDiNoVBwHdfIrsumF\/Xi771+6seFvgsgbkxRKAqi+llZx7z81zilj97CxWRsx93kXlTmVZH1P80KGnxXlR7BiJM18BLjNISj+gZaL0RMsbZ\/\/0UWwTMg0BMD+RgWYRcd61hmbZABZnpzMi\/LZRSE50mWCxH9dHqopm4Rzi4Sn7KxkjSWm8BiRUowB\/370WD0qx\/g9JW5UIxB92Ud6V1iTPjtmCgTxngrFqv4udp8FTsD8KNaHIzqNRUDWeNKhdBfywJxLoo8\/p1OGrSOuC\/yUWCOVPBEG0DdNlHBPyeW8SDwcnP4DcidmrJfxLHUg1HGh4+RWLkSFQsr+4W5z29yC41XpvCOCfc\/hn+EAz73kSY1DzJL59r2AXH8G5Rea\/RbEUrobun9NGOeVKCIzmD8Trl96OaqJhX8xal6pdV0sAV5Vo9xPebYVgEG80YaI0ek\/7yknL8W9IBQ2aLOpnFDXpCbdgYsosJ1y5dt6ib8aNJ+M\/xKRCussfhzl6cYKdrj1skMpL6bcbwUuhNt0cz28hf9enP7WBDH0Fxp5kwD+hH3G30EyEpxKuMziqSt\/e4UQR1duSa5VhMDOC98xMmGl0fj5OxMkG6xFP+PlFxbfRIMxgHsORiw87u6+g8HDPXiXIvJH4NZ7GvAgKGx6vPzRzY1kJ62bLlLPsnFFe6u5Lu3S820EMsOgXAFuSfj3yV3Evd+WLk737aUMZpoycfdzpgL1pvr4w3GxN\/TLg48jWGBKotX5zgnS6rvI88rGnHjRpaeOQ9CGYvCXVgO6n0MG2pCKs14CRjfcLqndxUDz5CE0mpW+jUfNJ4ux57J42zD3C+R4ZvY0UqADXZgvIZieAaKP2Qftw4pNwvuYOvK1OYGPbD+e89LxaNtpqyRB1MKVrBbdwgLG5kjU0ZoQUZJ2JOassNku+llFLRYPlNIJdOPFe8lNwX6hfJGdRMMmb4N9pCq8zoPySjjHjxjcpVsIj21jIi6qDUjUIvYwHaz3y0G7hXahyVVr7iDXUaXJGHIL0N4eAIJwH2sxv5+E4rQX5KXSJTnQN0IUM9\/AywsX9qhuZUo9Ozj\/8opy6hdWDTnxIrSvYZ63LEWGZ6GbZq9Um2Ln9uD7D+\/BgaPsoCfTlvt4+mz8wj6pNzsVkxsrWn6iEtKp70qWQsP\/gFGe2Df51awxTQYITw6LzU6Lndgr4Qxly7lJIUUP46pn4P+TJ+8+3QoYuNOQEyg9SneVXtmcVB8Vnt2enN1DntXWXR5brdGfJSMHDslO+anlwsJFXTtGhgL4dS2wSKBjgYjFobKFroyEjVAyw7y9kntCrZphbXffdx2X4Zb1huMN30p83ks9\/SzOTk5Tj82bgcyZR09O24Tj2g3MTAMKUrvJnigQgCd7TGqBAQ2acAFhpTV62J2y9r8nx3tIE\/jhWhChZNaqTMjhHxlENJxKzeOMmtRIMpACoJ6fPzVRSJ+VFr38ZOo"} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705590754656,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705590754656,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADMGuFNroVaDwKgMnAG7u8glbqt9M+JifKAS\/\/9LzQAAAgQFtAQCCApqqi2Uyg3lpAEDAwI="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590856725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722705590856725,"pkt":"CL6sCxduJjb1W8R1CABFAAA0KexAAEAGgW\/AqAyca6FWg7vIAbsz4mJ8JW6rfoAQAKx48wAAAQEICsoN5plqqi2U"} @@ -27,7 +27,7 @@ 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239577895,"flow_dst_last_pkt_time":1722427239598141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5488,"flow_dst_tot_l4_payload_len":7758,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01091{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"NordVPN","proto_id":"426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659010 bytes -~~ total memory freed........: 8659010 bytes -~~ total allocations/frees...: 140736/140736 +~~ total memory allocated....: 9423448 bytes +~~ total memory freed........: 9423448 bytes +~~ total allocations/frees...: 154702/154702 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 2053 chars diff --git a/test/results/ndpireader_conf_file/shadowsocks.pcap.out b/test/results/ndpireader_conf_file/shadowsocks.pcap.out index 89f030c34..847005ea7 100644 --- a/test/results/ndpireader_conf_file/shadowsocks.pcap.out +++ b/test/results/ndpireader_conf_file/shadowsocks.pcap.out @@ -1,5 +1,5 @@ -00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690018458225809} +00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690018458225809} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690018458225809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225809,"pkt":"AAAAAAAAAAAAAAAACABFAAA8OlVAAEAGAmV\/AAABfwAAAZQQBDjOLDYWAAAAAKAC\/9f+MAAAAgT\/1wQCCApvLCb4AAAAAAEDAwc="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225829,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQQ4lBAtEiM8ziw2F6AS\/8v+MAAAAgT\/1wQCCApvLCb4bywm+AEDAwc="} @@ -16,7 +16,7 @@ 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018459714485,"flow_dst_last_pkt_time":1690018459714444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":16384,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":67329,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00926{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":44,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1690018459714642} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/ndpireader_conf_file\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1690018459714642} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8652785 bytes -~~ total memory freed........: 8652785 bytes -~~ total allocations/frees...: 140594/140594 +~~ total memory allocated....: 9417191 bytes +~~ total memory freed........: 9417191 bytes +~~ total allocations/frees...: 154560/154560 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 563 chars ~~ json message max len.......: 986 chars diff --git a/test/results/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/ndpireader_conf_file/signal_videocall.pcapng.out index 957433569..0345de9f2 100644 --- a/test/results/ndpireader_conf_file/signal_videocall.pcapng.out +++ b/test/results/ndpireader_conf_file/signal_videocall.pcapng.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} 01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -28,7 +28,7 @@ 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1732024444862357} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1732024444862357} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 334/334 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659316 bytes -~~ total memory freed........: 8659316 bytes -~~ total allocations/frees...: 140886/140886 +~~ total memory allocated....: 9423754 bytes +~~ total memory freed........: 9423754 bytes +~~ total allocations/frees...: 154852/154852 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 564 chars ~~ json message max len.......: 2268 chars diff --git a/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out index 231b3eefc..ad974dd6f 100644 --- a/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out +++ b/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out @@ -1,5 +1,5 @@ -00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247378288841} +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247378288841} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247378288841,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378288841,"pkt":"ILAB4IZiSKRyNpegCABFAAA0B4lAAIAGELDAqAF1I9v8kshgAFBbKS1nAAAAAIAC+vBAUwAAAgQFtAEDAwgBAQQC"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378293937,"pkt":"SKRyNpegILAB4IZiCABFAAA0AABAADoGXjkj2\/ySwKgBdQBQyGCXmzc3WyktaIASf5Ts8QAAAgQFjAEBBAIBAwMK"} @@ -10,7 +10,7 @@ 01069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378307859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1733247378307859,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} 02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378757373,"flow_dst_last_pkt_time":1733247378756881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":248,"flow_src_tot_l4_payload_len":1352,"flow_dst_tot_l4_payload_len":880,"midstream":0,"thread_ts_usec":1733247378757373,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":30212.0,"max":286751,"stddev":67983.4,"var":4621743104.0,"ent":3.1,"data": [5096,5226,1289,6488,7434,14695,6967,5300,207,220,218,169,5360,2561,0,6632,276631,286751,49627,44757,3676,9298,19816,40131,25233,48588,51212,0,2689,9892,409]},"pktlen": {"min":40,"avg":111.6,"max":288,"stddev":62.1,"var":3852.6,"ent":4.8,"data": [52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140]},"bins": {"c_to_s": [6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0],"entropies": [4.662476063,4.931210041,4.834183693,5.192451000,4.390829086,5.849559307,5.878578663,5.821106911,4.611769199,5.746960163,5.817604542,5.914802551,5.855510235,5.723954678,5.775637627,6.138474941,4.834183693,6.134611607,4.772925377,6.067693710,4.729446888,6.405649662,5.903401375,4.816403389,6.032229424,4.772924900,6.072082520,5.918906689,4.756514549,5.916465759,4.784183979,5.873402596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":274,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247395709690,"flow_dst_last_pkt_time":1733247395702394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":1420,"flow_src_tot_l4_payload_len":58588,"flow_dst_tot_l4_payload_len":27476,"midstream":0,"thread_ts_usec":1733247395709690,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":500,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733247395709690} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":500,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733247395709690} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/500 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8661387 bytes -~~ total memory freed........: 8661387 bytes -~~ total allocations/frees...: 141034/141034 +~~ total memory allocated....: 9425761 bytes +~~ total memory freed........: 9425761 bytes +~~ total allocations/frees...: 155000/155000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2230 chars diff --git a/test/results/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out b/test/results/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out index 42f5a899c..f2835229b 100644 --- a/test/results/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out +++ b/test/results/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722427237865123,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237865123,"pkt":"CL6sCxduJjb1W8R1CABFAAA8G7tAAEAGftnAqAycuYAZY5RYAdHRRTx5AAAAAKAC\/\/8WmQAAAgQFtAQCCApRg5vRAAAAAAEDAwk="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237885149,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGqZS5gBljwKgMnAHRlFgui1zd0UU8eqAS\/\/\/GVwAAAgQFtAQCCApg+GPPUYOb0QEDAwk="} @@ -14,7 +14,7 @@ 01052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401921409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1722427401924227,"pkt":"CL6sCxduJjb1W8R1CABFAAGT2SFAAEARDyHAqAyclWbubLgYBL4Bf+BaVEX2eYIGWZW97B\/uBFKid6MSV9\/02W2\/W+o36cuQNVtmMhAJHTAcbDg7XCMFAl0xHCYeGhojEQ07YGRoa2JiGBURHRlLEx04EAUBFg8EBB4VCR8QQxUVFBYoJyUjKnU9F0geFD5NHRwpDR0JMwQHEBgXGRgREREWHu32uP3s3BELEBsZDBEMEQcEDlgJDwQeFxCIEBhHyxRzBjPkcOAZKQXaF+N3ATvcOcpmAyzAL96OHmPUM\/K30LS6xKT6al3NNNxMChsDEA8uCd46WfS1aCsMHMuFvhUjOGTIBxpU3v\/Hxw6s\/CgKCqKhIJpNENIN2+tGFOfxS7QuGoPC52Q7v9u+NPw8b3vfvXXBBwc5DBYQNxUEGwYXFhEnO2pMT+yE7o8cNhkQEQM5pmcMCREEcDf7xzLpHLLsNx\/zRQ7DT7GnNBoJH96PWo0gzSL9g2Dar\/34qx5dEYO9\/DG3QzVndkG9w4jcVbkhUFWSERwvvUItAJ\/89A5z"} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1722427401934060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB6OL1AADURu56VZu5swKgMnAS+uBgAZvhOXG8GfZrUgA1YMzkxNWQxAbNSOT0tNIAP9idCl\/rehm7YfSBAKj59k9UPRPKVaW0LUqQgzFOtLHumhFDN1Y5hbY3tlOPyWvfVkw6K7l+x6eqyqyRV8MQse1pU+6KRqg=="} 02053{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722427401934161,"pkt":"Jjb1W8R1CL6sCxduCABFAAR4OL5AADURt5+VZu5swKgMnAS+uBgEZLQzVLAa0ZHTWfav3aQ6aDiNoVBwHdfIrsumF\/Xi771+6seFvgsgbkxRKAqi+llZx7z81zilj97CxWRsx93kXlTmVZH1P80KGnxXlR7BiJM18BLjNISj+gZaL0RMsbZ\/\/0UWwTMg0BMD+RgWYRcd61hmbZABZnpzMi\/LZRSE50mWCxH9dHqopm4Rzi4Sn7KxkjSWm8BiRUowB\/370WD0qx\/g9JW5UIxB92Ud6V1iTPjtmCgTxngrFqv4udp8FTsD8KNaHIzqNRUDWeNKhdBfywJxLoo8\/p1OGrSOuC\/yUWCOVPBEG0DdNlHBPyeW8SDwcnP4DcidmrJfxLHUg1HGh4+RWLkSFQsr+4W5z29yC41XpvCOCfc\/hn+EAz73kSY1DzJL59r2AXH8G5Rea\/RbEUrobun9NGOeVKCIzmD8Trl96OaqJhX8xal6pdV0sAV5Vo9xPebYVgEG80YaI0ek\/7yknL8W9IBQ2aLOpnFDXpCbdgYsosJ1y5dt6ib8aNJ+M\/xKRCussfhzl6cYKdrj1skMpL6bcbwUuhNt0cz28hf9enP7WBDH0Fxp5kwD+hH3G30EyEpxKuMziqSt\/e4UQR1duSa5VhMDOC98xMmGl0fj5OxMkG6xFP+PlFxbfRIMxgHsORiw87u6+g8HDPXiXIvJH4NZ7GvAgKGx6vPzRzY1kJ62bLlLPsnFFe6u5Lu3S820EMsOgXAFuSfj3yV3Evd+WLk737aUMZpoycfdzpgL1pvr4w3GxN\/TLg48jWGBKotX5zgnS6rvI88rGnHjRpaeOQ9CGYvCXVgO6n0MG2pCKs14CRjfcLqndxUDz5CE0mpW+jUfNJ4ux57J42zD3C+R4ZvY0UqADXZgvIZieAaKP2Qftw4pNwvuYOvK1OYGPbD+e89LxaNtpqyRB1MKVrBbdwgLG5kjU0ZoQUZJ2JOassNku+llFLRYPlNIJdOPFe8lNwX6hfJGdRMMmb4N9pCq8zoPySjjHjxjcpVsIj21jIi6qDUjUIvYwHaz3y0G7hXahyVVr7iDXUaXJGHIL0N4eAIJwH2sxv5+E4rQX5KXSJTnQN0IUM9\/AywsX9qhuZUo9Ozj\/8opy6hdWDTnxIrSvYZ63LEWGZ6GbZq9Um2Ln9uD7D+\/BgaPsoCfTlvt4+mz8wj6pNzsVkxsrWn6iEtKp70qWQsP\/gFGe2Df51awxTQYITw6LzU6Lndgr4Qxly7lJIUUP46pn4P+TJ+8+3QoYuNOQEyg9SneVXtmcVB8Vnt2enN1DntXWXR5brdGfJSMHDslO+anlwsJFXTtGhgL4dS2wSKBjgYjFobKFroyEjVAyw7y9kntCrZphbXffdx2X4Zb1huMN30p83ks9\/SzOTk5Tj82bgcyZR09O24Tj2g3MTAMKUrvJnigQgCd7TGqBAQ2acAFhpTV62J2y9r8nx3tIE\/jhWhChZNaqTMjhHxlENJxKzeOMmtRIMpACoJ6fPzVRSJ+VFr38ZOo"} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705590754656,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705590754656,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADMGuFNroVaDwKgMnAG7u8glbqt9M+JifKAS\/\/9LzQAAAgQFtAQCCApqqi2Uyg3lpAEDAwI="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590856725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722705590856725,"pkt":"CL6sCxduJjb1W8R1CABFAAA0KexAAEAGgW\/AqAyca6FWg7vIAbsz4mJ8JW6rfoAQAKx48wAAAQEICsoN5plqqi2U"} @@ -27,7 +27,7 @@ 01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239577895,"flow_dst_last_pkt_time":1722427239598141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5488,"flow_dst_tot_l4_payload_len":7758,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01096{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"NordVPN","proto_id":"426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8659010 bytes -~~ total memory freed........: 8659010 bytes -~~ total allocations/frees...: 140736/140736 +~~ total memory allocated....: 9423448 bytes +~~ total memory freed........: 9423448 bytes +~~ total allocations/frees...: 154702/154702 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars ~~ json message max len.......: 2058 chars diff --git a/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out index eb1aa9bd6..ff3c8b0d2 100644 --- a/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out +++ b/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} @@ -11,7 +11,7 @@ 03997{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h1_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} 01054{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8847130 bytes -~~ total memory freed........: 8847130 bytes -~~ total allocations/frees...: 140724/140724 +~~ total memory allocated....: 9611537 bytes +~~ total memory freed........: 9611537 bytes +~~ total allocations/frees...: 154691/154691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 577 chars ~~ json message max len.......: 4002 chars diff --git a/test/results/stats/custom_rules/custom_rules_overwrite_domains.pcap.out b/test/results/stats/custom_rules/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..23d706ef9 --- /dev/null +++ b/test/results/stats/custom_rules/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,222 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:31 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:36410 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:12994 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:6376 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_ai_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_finance_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_news_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_sport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_business_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_internet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blockchain_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blog_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gov_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_edu_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cdn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hwsw_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_dating_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_travel_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_food_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_bots_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_scanners_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hosting_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_art_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_fashion_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_books_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_science_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_maps_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_login_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_legal_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_envsrv_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_culture_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_housing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_telecom_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_transport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_design_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_employ_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_events_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_weather_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_lifestyle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_real_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_security_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_env_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hobby_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_comp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_const_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_eng_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_reli_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_enter_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_agri_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_tech_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_beauty_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_history_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_polit_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vehi_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/1kxun.pcap.out b/test/results/stats/default/1kxun.pcap.out index d35a720d3..348a5c9a5 100644 --- a/test/results/stats/default/1kxun.pcap.out +++ b/test/results/stats/default/1kxun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1287 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1538832 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1538878 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 diff --git a/test/results/stats/default/KakaoTalk_chat.pcap.out b/test/results/stats/default/KakaoTalk_chat.pcap.out index f57cf10ef..7d10d6c59 100644 --- a/test/results/stats/default/KakaoTalk_chat.pcap.out +++ b/test/results/stats/default/KakaoTalk_chat.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:269 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:238703 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:238695 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:38 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:30 diff --git a/test/results/stats/default/KakaoTalk_talk.pcap.out b/test/results/stats/default/KakaoTalk_talk.pcap.out index 0d55c4c59..0f396a0d3 100644 --- a/test/results/stats/default/KakaoTalk_talk.pcap.out +++ b/test/results/stats/default/KakaoTalk_talk.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:145 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:122797 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:122793 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:14 diff --git a/test/results/stats/default/alexa-app.pcapng.out b/test/results/stats/default/alexa-app.pcapng.out index 9d52098df..0796e7e82 100644 --- a/test/results/stats/default/alexa-app.pcapng.out +++ b/test/results/stats/default/alexa-app.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1415 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1279539 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1279850 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:160 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:104 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:56 diff --git a/test/results/stats/default/android.pcap.out b/test/results/stats/default/android.pcap.out index 3e3555193..4c5931224 100644 --- a/test/results/stats/default/android.pcap.out +++ b/test/results/stats/default/android.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:436 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:376508 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:376510 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:63 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:54 diff --git a/test/results/stats/default/anyconnect-vpn.pcap.out b/test/results/stats/default/anyconnect-vpn.pcap.out index bca7c85a0..78f7ac88a 100644 --- a/test/results/stats/default/anyconnect-vpn.pcap.out +++ b/test/results/stats/default/anyconnect-vpn.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:457 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:391173 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:391177 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:69 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:59 diff --git a/test/results/stats/default/anydesk.pcapng.out b/test/results/stats/default/anydesk.pcapng.out index 8c9196523..a242e69d2 100644 --- a/test/results/stats/default/anydesk.pcapng.out +++ b/test/results/stats/default/anydesk.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:66 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:66126 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:66122 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 diff --git a/test/results/stats/default/bets.pcapng.out b/test/results/stats/default/bets.pcapng.out index 846a418d1..458eca022 100644 --- a/test/results/stats/default/bets.pcapng.out +++ b/test/results/stats/default/bets.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11804 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11824 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 diff --git a/test/results/stats/default/conncheck.pcap.out b/test/results/stats/default/conncheck.pcap.out index 9cbb97e6c..526585d03 100644 --- a/test/results/stats/default/conncheck.pcap.out +++ b/test/results/stats/default/conncheck.pcap.out @@ -1,5 +1,5 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:96 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:74463 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:102 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:81994 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:5724 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:5222 @@ -49,7 +49,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 @@ -63,13 +63,13 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interva PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 diff --git a/test/results/stats/default/custom_rules_ip.pcapng.out b/test/results/stats/default/custom_rules_ip.pcapng.out new file mode 100644 index 000000000..069ffd5d1 --- /dev/null +++ b/test/results/stats/default/custom_rules_ip.pcapng.out @@ -0,0 +1,222 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15912 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:75 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_ai_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_finance_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_news_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_sport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_business_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_internet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blockchain_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blog_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gov_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_edu_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cdn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hwsw_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_dating_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_travel_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_food_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_bots_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_scanners_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hosting_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_art_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_fashion_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_books_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_science_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_maps_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_login_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_legal_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_envsrv_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_culture_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_housing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_telecom_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_transport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_design_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_employ_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_events_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_weather_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_lifestyle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_real_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_security_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_env_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hobby_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_comp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_const_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_eng_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_reli_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_enter_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_agri_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_tech_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_beauty_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_history_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_polit_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vehi_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/custom_rules_overwrite_domains.pcap.out b/test/results/stats/default/custom_rules_overwrite_domains.pcap.out new file mode 100644 index 000000000..764f85b7d --- /dev/null +++ b/test/results/stats/default/custom_rules_overwrite_domains.pcap.out @@ -0,0 +1,222 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:31 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:36255 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:12994 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:6376 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_ai_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_finance_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_news_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_sport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_business_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_internet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blockchain_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blog_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gov_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_edu_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cdn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hwsw_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_dating_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_travel_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_food_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_bots_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_scanners_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hosting_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_art_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_fashion_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_books_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_science_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_maps_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_login_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_legal_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_envsrv_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_culture_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_housing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_telecom_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_transport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_design_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_employ_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_events_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_weather_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_lifestyle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_real_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_security_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_env_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hobby_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_comp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_const_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_eng_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_reli_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_enter_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_agri_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_tech_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_beauty_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_history_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_polit_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vehi_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/dazn.pcapng.out b/test/results/stats/default/dazn.pcapng.out index c554a3087..09cb64e69 100644 --- a/test/results/stats/default/dazn.pcapng.out +++ b/test/results/stats/default/dazn.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29731 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29776 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 diff --git a/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out index 66ecd614a..9bd97a2e2 100644 --- a/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1539 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1581778 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1581742 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:245 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:245 diff --git a/test/results/stats/default/dofus.pcap.out b/test/results/stats/default/dofus.pcap.out index f0aad4445..f4b7e61c3 100644 --- a/test/results/stats/default/dofus.pcap.out +++ b/test/results/stats/default/dofus.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:48 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39241 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39236 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/epicgames.pcapng.out b/test/results/stats/default/epicgames.pcapng.out index 76f0c63ee..da049e319 100644 --- a/test/results/stats/default/epicgames.pcapng.out +++ b/test/results/stats/default/epicgames.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:35 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25120 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25104 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/ethereum.pcap.out b/test/results/stats/default/ethereum.pcap.out index ecddfceaf..0561b9a1b 100644 --- a/test/results/stats/default/ethereum.pcap.out +++ b/test/results/stats/default/ethereum.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:573 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:509768 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:509720 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:74 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:47 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27 diff --git a/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out b/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out index c69e9d2d1..7a4006d32 100644 --- a/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:218 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:192174 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:192172 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:39 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27 diff --git a/test/results/stats/default/gaijin_mobile_mixed.pcap.out b/test/results/stats/default/gaijin_mobile_mixed.pcap.out index ed6d1b4f3..a1b519bac 100644 --- a/test/results/stats/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/stats/default/gaijin_mobile_mixed.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25454 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25448 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 diff --git a/test/results/stats/default/gearup_booster.pcap.out b/test/results/stats/default/gearup_booster.pcap.out index a74a9247b..dcd58267d 100644 --- a/test/results/stats/default/gearup_booster.pcap.out +++ b/test/results/stats/default/gearup_booster.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:971 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:751526 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:751305 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:192 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:192 diff --git a/test/results/stats/default/gnutella.pcap.out b/test/results/stats/default/gnutella.pcap.out index 0da2306f2..64a50f7b1 100644 --- a/test/results/stats/default/gnutella.pcap.out +++ b/test/results/stats/default/gnutella.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:6866 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6215505 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6215495 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:801 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:66 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:735 diff --git a/test/results/stats/default/guildwars2.pcapng.out b/test/results/stats/default/guildwars2.pcapng.out index f69b1b11b..7eede14be 100644 --- a/test/results/stats/default/guildwars2.pcapng.out +++ b/test/results/stats/default/guildwars2.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8149 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8145 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 diff --git a/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out b/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out index 0a64c0795..170073bb8 100644 --- a/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:57 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:47694 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:47692 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/http-crash-content-disposition.pcap.out b/test/results/stats/default/http-crash-content-disposition.pcap.out index 4e357ac53..c5d05c6ac 100644 --- a/test/results/stats/default/http-crash-content-disposition.pcap.out +++ b/test/results/stats/default/http-crash-content-disposition.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8745 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8741 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/http_invalid_server.pcap.out b/test/results/stats/default/http_invalid_server.pcap.out index 0721574c4..28db14820 100644 --- a/test/results/stats/default/http_invalid_server.pcap.out +++ b/test/results/stats/default/http_invalid_server.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9931 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9939 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -49,7 +49,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 @@ -58,7 +58,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 diff --git a/test/results/stats/default/http_ipv6.pcap.out b/test/results/stats/default/http_ipv6.pcap.out index 4f1c0fddc..11e478471 100644 --- a/test/results/stats/default/http_ipv6.pcap.out +++ b/test/results/stats/default/http_ipv6.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:115 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:104362 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:104370 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:15 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 diff --git a/test/results/stats/default/instagram.pcap.out b/test/results/stats/default/instagram.pcap.out index 72abe02d9..63bc1417f 100644 --- a/test/results/stats/default/instagram.pcap.out +++ b/test/results/stats/default/instagram.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:299 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:322254 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:322257 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:38 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:32 diff --git a/test/results/stats/default/iphone.pcap.out b/test/results/stats/default/iphone.pcap.out index 4fa34f6b9..e63400aae 100644 --- a/test/results/stats/default/iphone.pcap.out +++ b/test/results/stats/default/iphone.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:356 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:326907 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:326923 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:51 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:48 diff --git a/test/results/stats/default/lagofast.pcap.out b/test/results/stats/default/lagofast.pcap.out index f83b861aa..aac0783b4 100644 --- a/test/results/stats/default/lagofast.pcap.out +++ b/test/results/stats/default/lagofast.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:124 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:118492 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:118494 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:30 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:30 diff --git a/test/results/stats/default/line.pcap.out b/test/results/stats/default/line.pcap.out index cd6f5414a..b8aa587d6 100644 --- a/test/results/stats/default/line.pcap.out +++ b/test/results/stats/default/line.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:51 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52756 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52752 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/lol_wild_rift_udp.pcap.out b/test/results/stats/default/lol_wild_rift_udp.pcap.out index 693503f86..748aa5515 100644 --- a/test/results/stats/default/lol_wild_rift_udp.pcap.out +++ b/test/results/stats/default/lol_wild_rift_udp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25139 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25119 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 diff --git a/test/results/stats/default/matter_onoff.pcapng.out b/test/results/stats/default/matter_onoff.pcapng.out new file mode 100644 index 000000000..b2c256dd4 --- /dev/null +++ b/test/results/stats/default/matter_onoff.pcapng.out @@ -0,0 +1,222 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28103 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:13317 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:3242 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_ai_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_finance_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_news_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_sport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_business_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_internet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blockchain_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blog_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gov_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_edu_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cdn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hwsw_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_dating_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_travel_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_food_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_bots_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_scanners_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hosting_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_art_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_fashion_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_books_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_science_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_maps_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_login_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_legal_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_envsrv_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_culture_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_housing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_telecom_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_transport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_design_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_employ_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_events_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_weather_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_lifestyle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_real_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_security_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_env_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hobby_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_comp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_const_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_eng_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_reli_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_enter_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_agri_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_tech_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_beauty_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_history_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_polit_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vehi_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/mismatching_hostname.pcap.out b/test/results/stats/default/mismatching_hostname.pcap.out new file mode 100644 index 000000000..0590a9a4f --- /dev/null +++ b/test/results/stats/default/mismatching_hostname.pcap.out @@ -0,0 +1,222 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14139 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:6859 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:26473 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_ai_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_finance_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_news_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_sport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_business_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_internet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blockchain_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_blog_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gov_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_edu_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cdn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hwsw_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_dating_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_travel_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_food_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_bots_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_scanners_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hosting_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_art_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_fashion_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_books_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_science_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_maps_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_login_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_legal_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_envsrv_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_culture_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_housing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_telecom_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_transport_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_design_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_employ_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_events_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_weather_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_lifestyle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_real_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_security_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_env_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_hobby_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_comp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_const_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_eng_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_reli_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_enter_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_agri_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_tech_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_beauty_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_history_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_polit_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vehi_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/mpeg-dash.pcap.out b/test/results/stats/default/mpeg-dash.pcap.out index 3d5eb81c1..acfe484bf 100644 --- a/test/results/stats/default/mpeg-dash.pcap.out +++ b/test/results/stats/default/mpeg-dash.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28565 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28551 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/mudfish.pcap.out b/test/results/stats/default/mudfish.pcap.out index 5c3c14512..953fb681b 100644 --- a/test/results/stats/default/mudfish.pcap.out +++ b/test/results/stats/default/mudfish.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:64 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48488 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48490 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 diff --git a/test/results/stats/default/naver.pcap.out b/test/results/stats/default/naver.pcap.out index a7a5ce74c..04e27bb89 100644 --- a/test/results/stats/default/naver.pcap.out +++ b/test/results/stats/default/naver.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26093 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26099 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 diff --git a/test/results/stats/default/nest_log_sink.pcap.out b/test/results/stats/default/nest_log_sink.pcap.out index 2b13913d4..28b14e298 100644 --- a/test/results/stats/default/nest_log_sink.pcap.out +++ b/test/results/stats/default/nest_log_sink.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:167 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:148313 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:148279 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 diff --git a/test/results/stats/default/netease_games.pcapng.out b/test/results/stats/default/netease_games.pcapng.out index 4b05aaa4f..22660073c 100644 --- a/test/results/stats/default/netease_games.pcapng.out +++ b/test/results/stats/default/netease_games.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:42 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34275 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34269 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 diff --git a/test/results/stats/default/netflix.pcap.out b/test/results/stats/default/netflix.pcap.out index 9b4bd9e13..af173f322 100644 --- a/test/results/stats/default/netflix.pcap.out +++ b/test/results/stats/default/netflix.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:557 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:562420 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:562266 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:61 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:31 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:30 diff --git a/test/results/stats/default/nexon.pcapng.out b/test/results/stats/default/nexon.pcapng.out index ac18d9be0..b9979658c 100644 --- a/test/results/stats/default/nexon.pcapng.out +++ b/test/results/stats/default/nexon.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15479 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15469 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/nintendo.pcap.out b/test/results/stats/default/nintendo.pcap.out index 858f2606f..459da73e4 100644 --- a/test/results/stats/default/nintendo.pcap.out +++ b/test/results/stats/default/nintendo.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:164 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:136859 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:136863 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:19 diff --git a/test/results/stats/default/ocs.pcap.out b/test/results/stats/default/ocs.pcap.out index a6743a5ab..01b07c8a5 100644 --- a/test/results/stats/default/ocs.pcap.out +++ b/test/results/stats/default/ocs.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:139 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:114810 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:114806 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:15 diff --git a/test/results/stats/default/ocsp.pcapng.out b/test/results/stats/default/ocsp.pcapng.out index 8ce4bf135..c8524f149 100644 --- a/test/results/stats/default/ocsp.pcapng.out +++ b/test/results/stats/default/ocsp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:94 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:87776 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:87797 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 diff --git a/test/results/stats/default/openvpn.pcap.out b/test/results/stats/default/openvpn.pcap.out index 35716a5ab..80bccff62 100644 --- a/test/results/stats/default/openvpn.pcap.out +++ b/test/results/stats/default/openvpn.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:96 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:91694 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:91688 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9 diff --git a/test/results/stats/default/openvpn_nohmac.pcapng.out b/test/results/stats/default/openvpn_nohmac.pcapng.out index c9b2bacf2..727ebb662 100644 --- a/test/results/stats/default/openvpn_nohmac.pcapng.out +++ b/test/results/stats/default/openvpn_nohmac.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11196 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11188 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/paltalk.pcapng.out b/test/results/stats/default/paltalk.pcapng.out index dcf23b557..c19b4ba93 100644 --- a/test/results/stats/default/paltalk.pcapng.out +++ b/test/results/stats/default/paltalk.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:33 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26120 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26131 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/pinterest.pcap.out b/test/results/stats/default/pinterest.pcap.out index 8916d2b7a..c473ab509 100644 --- a/test/results/stats/default/pinterest.pcap.out +++ b/test/results/stats/default/pinterest.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:295 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:296022 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:296018 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:37 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:32 diff --git a/test/results/stats/default/pluralsight.pcap.out b/test/results/stats/default/pluralsight.pcap.out index 0905fd9c4..cb9579b35 100644 --- a/test/results/stats/default/pluralsight.pcap.out +++ b/test/results/stats/default/pluralsight.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73866 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73850 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 diff --git a/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index dee50ecd1..4da4816f8 100644 --- a/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:667 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:947214 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:969999 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:113 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:113 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:241650 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:49 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:179 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -147,7 +147,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:49 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -184,7 +184,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:49 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_interop_V.pcapng.out b/test/results/stats/default/quic_interop_V.pcapng.out index 6d5027000..162db3336 100644 --- a/test/results/stats/default/quic_interop_V.pcapng.out +++ b/test/results/stats/default/quic_interop_V.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:471 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:631779 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:631717 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:77 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:77 diff --git a/test/results/stats/default/quic_sh.pcap.out b/test/results/stats/default/quic_sh.pcap.out index 0e25e4a9e..1e9e8f303 100644 --- a/test/results/stats/default/quic_sh.pcap.out +++ b/test/results/stats/default/quic_sh.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27189 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27199 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 diff --git a/test/results/stats/default/quic_t51.pcap.out b/test/results/stats/default/quic_t51.pcap.out index 1ef708d38..37f7d27d4 100644 --- a/test/results/stats/default/quic_t51.pcap.out +++ b/test/results/stats/default/quic_t51.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17054 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17348 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:2888 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:5904 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -147,7 +147,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -184,7 +184,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 diff --git a/test/results/stats/default/quickplay.pcap.out b/test/results/stats/default/quickplay.pcap.out index 14b696eca..715c725c5 100644 --- a/test/results/stats/default/quickplay.pcap.out +++ b/test/results/stats/default/quickplay.pcap.out @@ -1,5 +1,5 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:139 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:163455 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:140 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:164920 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:19 @@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:21 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:37682 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:58185 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:68 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -49,7 +49,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 @@ -69,7 +69,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 @@ -147,7 +147,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -184,7 +184,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 diff --git a/test/results/stats/default/reddit.pcap.out b/test/results/stats/default/reddit.pcap.out index 1b6b2abab..2bf3ca501 100644 --- a/test/results/stats/default/reddit.pcap.out +++ b/test/results/stats/default/reddit.pcap.out @@ -1,5 +1,5 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:582 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:567198 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:583 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:567830 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:37 @@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:84 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:85 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:64920 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:481968 @@ -147,8 +147,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 @@ -184,7 +184,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 @@ -202,8 +202,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 diff --git a/test/results/stats/default/riot.pcapng.out b/test/results/stats/default/riot.pcapng.out index a9df4707f..559201ecc 100644 --- a/test/results/stats/default/riot.pcapng.out +++ b/test/results/stats/default/riot.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24145 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24143 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/ripe_atlas.pcap.out b/test/results/stats/default/ripe_atlas.pcap.out index c1f4c845f..dcb1b4e85 100644 --- a/test/results/stats/default/ripe_atlas.pcap.out +++ b/test/results/stats/default/ripe_atlas.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:35 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28468 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28470 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 diff --git a/test/results/stats/default/rmcp.pcap.out b/test/results/stats/default/rmcp.pcap.out index e5cd119e8..37eaf1de0 100644 --- a/test/results/stats/default/rmcp.pcap.out +++ b/test/results/stats/default/rmcp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:29 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23177 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23173 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 diff --git a/test/results/stats/default/rockstar_games.pcapng.out b/test/results/stats/default/rockstar_games.pcapng.out index d10754dc2..3c0031474 100644 --- a/test/results/stats/default/rockstar_games.pcapng.out +++ b/test/results/stats/default/rockstar_games.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:41 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:37390 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:37396 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/signal.pcap.out b/test/results/stats/default/signal.pcap.out index 417e9da27..c2c4d3fa6 100644 --- a/test/results/stats/default/signal.pcap.out +++ b/test/results/stats/default/signal.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:173 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:160587 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:160550 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:19 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 diff --git a/test/results/stats/default/sites.pcapng.out b/test/results/stats/default/sites.pcapng.out index 783322267..1a43c36bc 100644 --- a/test/results/stats/default/sites.pcapng.out +++ b/test/results/stats/default/sites.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:625 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:661720 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:661845 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:72 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:62 diff --git a/test/results/stats/default/sites2.pcapng.out b/test/results/stats/default/sites2.pcapng.out index f302998c6..4dd1d80ab 100644 --- a/test/results/stats/default/sites2.pcapng.out +++ b/test/results/stats/default/sites2.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:49 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42531 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42542 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -69,9 +69,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 diff --git a/test/results/stats/default/sites3.pcapng.out b/test/results/stats/default/sites3.pcapng.out index 7ea027949..c794b0fc8 100644 --- a/test/results/stats/default/sites3.pcapng.out +++ b/test/results/stats/default/sites3.pcapng.out @@ -1,23 +1,23 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:32 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:35526 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:42 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:45969 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:18386 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:67079 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:20455 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:72868 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 @@ -37,7 +37,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N: PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 @@ -61,7 +61,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 @@ -139,7 +139,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 @@ -152,16 +152,16 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 diff --git a/test/results/stats/default/snapchat_call.pcapng.out b/test/results/stats/default/snapchat_call.pcapng.out index a047db5e7..4bd447e61 100644 --- a/test/results/stats/default/snapchat_call.pcapng.out +++ b/test/results/stats/default/snapchat_call.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19499 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19491 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/snapchat_call_v1.pcapng.out b/test/results/stats/default/snapchat_call_v1.pcapng.out index 6a2b65d55..60f40b435 100644 --- a/test/results/stats/default/snapchat_call_v1.pcapng.out +++ b/test/results/stats/default/snapchat_call_v1.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18770 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18762 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/snmp.pcap.out b/test/results/stats/default/snmp.pcap.out index 8c51e4d5a..7cc189566 100644 --- a/test/results/stats/default/snmp.pcap.out +++ b/test/results/stats/default/snmp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:137 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:113942 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:113914 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:17 diff --git a/test/results/stats/default/soap.pcap.out b/test/results/stats/default/soap.pcap.out index 3d627b35b..02c7b2130 100644 --- a/test/results/stats/default/soap.pcap.out +++ b/test/results/stats/default/soap.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28432 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28436 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/srvloc-v1.pcapng.out b/test/results/stats/default/srvloc-v1.pcapng.out index 73197f1cf..0bb032cd8 100644 --- a/test/results/stats/default/srvloc-v1.pcapng.out +++ b/test/results/stats/default/srvloc-v1.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9334 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9336 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/srvloc.pcap.out b/test/results/stats/default/srvloc.pcap.out index d7334a73f..fca8b2c8d 100644 --- a/test/results/stats/default/srvloc.pcap.out +++ b/test/results/stats/default/srvloc.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:3001 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:2512361 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:2512329 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:621 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:621 diff --git a/test/results/stats/default/steam.pcapng.out b/test/results/stats/default/steam.pcapng.out index e41cc34db..894e619a5 100644 --- a/test/results/stats/default/steam.pcapng.out +++ b/test/results/stats/default/steam.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:51184 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:51192 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 diff --git a/test/results/stats/default/stun_signal.pcapng.out b/test/results/stats/default/stun_signal.pcapng.out index 0ea3404fa..6d6716d12 100644 --- a/test/results/stats/default/stun_signal.pcapng.out +++ b/test/results/stats/default/stun_signal.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:220 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:177427 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:177301 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:23 diff --git a/test/results/stats/default/tailscale.pcap.out b/test/results/stats/default/tailscale.pcap.out index b57c0be80..ae9f1a9be 100644 --- a/test/results/stats/default/tailscale.pcap.out +++ b/test/results/stats/default/tailscale.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10574 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10568 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/telegram_videocall.pcapng.out b/test/results/stats/default/telegram_videocall.pcapng.out index a6599e140..138c9380d 100644 --- a/test/results/stats/default/telegram_videocall.pcapng.out +++ b/test/results/stats/default/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:258 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:214644 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:214636 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:28 diff --git a/test/results/stats/default/telnet.pcap.out b/test/results/stats/default/telnet.pcap.out index 71c09d0cb..7d00d2797 100644 --- a/test/results/stats/default/telnet.pcap.out +++ b/test/results/stats/default/telnet.pcap.out @@ -1,23 +1,23 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12489 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:43 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44750 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:21 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:289 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:1371 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:336 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:2786 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 @@ -38,7 +38,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 @@ -56,7 +56,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 @@ -139,29 +139,29 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 @@ -185,7 +185,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 @@ -199,7 +199,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_certificate_too_long.pcap.out b/test/results/stats/default/tls_certificate_too_long.pcap.out index 4ebe10f11..387e93bcf 100644 --- a/test/results/stats/default/tls_certificate_too_long.pcap.out +++ b/test/results/stats/default/tls_certificate_too_long.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:250 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:252922 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:252920 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:35 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:24 diff --git a/test/results/stats/default/tls_long_cert.pcap.out b/test/results/stats/default/tls_long_cert.pcap.out index f244ccb57..5b7eec71c 100644 --- a/test/results/stats/default/tls_long_cert.pcap.out +++ b/test/results/stats/default/tls_long_cert.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15086 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15091 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out index bdeb850c9..8252ff834 100644 --- a/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12561 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12549 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/tumblr.pcap.out b/test/results/stats/default/tumblr.pcap.out index 1ad568c21..8328d8eec 100644 --- a/test/results/stats/default/tumblr.pcap.out +++ b/test/results/stats/default/tumblr.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:314 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:268572 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:268564 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:47 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:46 diff --git a/test/results/stats/default/viber.pcap.out b/test/results/stats/default/viber.pcap.out index bcf7d4ae3..e2bb2cbd9 100644 --- a/test/results/stats/default/viber.pcap.out +++ b/test/results/stats/default/viber.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:231 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:195639 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:195636 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:30 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:24 diff --git a/test/results/stats/default/waze.pcap.out b/test/results/stats/default/waze.pcap.out index 88c5f3653..c0eb38fda 100644 --- a/test/results/stats/default/waze.pcap.out +++ b/test/results/stats/default/waze.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:282 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:229781 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:229755 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:30 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 diff --git a/test/results/stats/default/webex.pcap.out b/test/results/stats/default/webex.pcap.out index 56d2e0e20..87c1c55b0 100644 --- a/test/results/stats/default/webex.pcap.out +++ b/test/results/stats/default/webex.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:500 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:425084 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:425077 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:45 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 diff --git a/test/results/stats/default/wechat.pcap.out b/test/results/stats/default/wechat.pcap.out index 99dac8e96..7cd7b0a1a 100644 --- a/test/results/stats/default/wechat.pcap.out +++ b/test/results/stats/default/wechat.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:883 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:770847 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:770851 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:109 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:52 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:57 diff --git a/test/results/stats/default/weibo.pcap.out b/test/results/stats/default/weibo.pcap.out index 9857f2d25..9ab718aa9 100644 --- a/test/results/stats/default/weibo.pcap.out +++ b/test/results/stats/default/weibo.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:267 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:223165 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:223163 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:44 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:43 diff --git a/test/results/stats/default/whatsapp_login_call.pcap.out b/test/results/stats/default/whatsapp_login_call.pcap.out index c8a2a1a13..48e005f03 100644 --- a/test/results/stats/default/whatsapp_login_call.pcap.out +++ b/test/results/stats/default/whatsapp_login_call.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:464 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:383702 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:383700 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:33 diff --git a/test/results/stats/default/whatsapp_login_chat.pcap.out b/test/results/stats/default/whatsapp_login_chat.pcap.out index a070b12fa..0452f07f1 100644 --- a/test/results/stats/default/whatsapp_login_chat.pcap.out +++ b/test/results/stats/default/whatsapp_login_chat.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:60 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:56657 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:56653 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 diff --git a/test/results/stats/default/windowsupdate_over_http.pcap.out b/test/results/stats/default/windowsupdate_over_http.pcap.out index 22b2568d4..f1abb74d9 100644 --- a/test/results/stats/default/windowsupdate_over_http.pcap.out +++ b/test/results/stats/default/windowsupdate_over_http.pcap.out @@ -1,5 +1,5 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9953 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8163 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:479 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:14400 @@ -145,8 +145,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 @@ -175,7 +175,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 @@ -217,6 +217,6 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/xiaomi.pcap.out b/test/results/stats/default/xiaomi.pcap.out index 5eb825905..76439bd9d 100644 --- a/test/results/stats/default/xiaomi.pcap.out +++ b/test/results/stats/default/xiaomi.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:58 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50035 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50027 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 diff --git a/test/results/stats/default/zoom.pcap.out b/test/results/stats/default/zoom.pcap.out index 5c6ad7794..e5760704d 100644 --- a/test/results/stats/default/zoom.pcap.out +++ b/test/results/stats/default/zoom.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:314 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:241150 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:241125 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27 diff --git a/test/results/stats/disable_protocols/pluralsight.pcap.out b/test/results/stats/disable_protocols/pluralsight.pcap.out index 2e27a89d1..bfd587657 100644 --- a/test/results/stats/disable_protocols/pluralsight.pcap.out +++ b/test/results/stats/disable_protocols/pluralsight.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:74456 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:74440 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 diff --git a/test/results/stats/disable_protocols/soap.pcap.out b/test/results/stats/disable_protocols/soap.pcap.out index f7a2c388f..daa5664b7 100644 --- a/test/results/stats/disable_protocols/soap.pcap.out +++ b/test/results/stats/disable_protocols/soap.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28672 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28676 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/disable_use_client_port/iphone.pcap.out b/test/results/stats/disable_use_client_port/iphone.pcap.out index 18dd09a66..836f9f8dc 100644 --- a/test/results/stats/disable_use_client_port/iphone.pcap.out +++ b/test/results/stats/disable_use_client_port/iphone.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:356 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:332482 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:332498 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:51 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:48 diff --git a/test/results/stats/enable_payload_stat/1kxun.pcap.out b/test/results/stats/enable_payload_stat/1kxun.pcap.out index 3eef405b3..5d6a1928a 100644 --- a/test/results/stats/enable_payload_stat/1kxun.pcap.out +++ b/test/results/stats/enable_payload_stat/1kxun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1287 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1554276 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1554322 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 diff --git a/test/results/stats/flow_risk_infos_disabled/http_invalid_server.pcap.out b/test/results/stats/flow_risk_infos_disabled/http_invalid_server.pcap.out index 88fa34419..6c2ef8678 100644 --- a/test/results/stats/flow_risk_infos_disabled/http_invalid_server.pcap.out +++ b/test/results/stats/flow_risk_infos_disabled/http_invalid_server.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10135 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10143 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -49,7 +49,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 @@ -58,7 +58,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 diff --git a/test/results/stats/fpc/1kxun.pcap.out b/test/results/stats/fpc/1kxun.pcap.out index f1a9c92c0..d4a17662c 100644 --- a/test/results/stats/fpc/1kxun.pcap.out +++ b/test/results/stats/fpc/1kxun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1287 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1533684 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1533730 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 diff --git a/test/results/stats/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/stats/guess_ip_before_port_enabled/1kxun.pcap.out index 813276e36..1350416e6 100644 --- a/test/results/stats/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/stats/guess_ip_before_port_enabled/1kxun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1287 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1565859 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1565905 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 diff --git a/test/results/stats/guessing_disable/webex.pcap.out b/test/results/stats/guessing_disable/webex.pcap.out index 970240a55..dfd720207 100644 --- a/test/results/stats/guessing_disable/webex.pcap.out +++ b/test/results/stats/guessing_disable/webex.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:500 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:429584 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:429577 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:45 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 diff --git a/test/results/stats/hostname_dns_check/netflix.pcap.out b/test/results/stats/hostname_dns_check/netflix.pcap.out index 0b1e756a7..1bec05af7 100644 --- a/test/results/stats/hostname_dns_check/netflix.pcap.out +++ b/test/results/stats/hostname_dns_check/netflix.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:557 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:568547 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:568393 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:61 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:31 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:30 diff --git a/test/results/stats/ip_lists_disable/1kxun.pcap.out b/test/results/stats/ip_lists_disable/1kxun.pcap.out index 1c8eeeac0..58ec91290 100644 --- a/test/results/stats/ip_lists_disable/1kxun.pcap.out +++ b/test/results/stats/ip_lists_disable/1kxun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1287 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1550415 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1550461 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 diff --git a/test/results/stats/monitoring/stun_signal.pcapng.out b/test/results/stats/monitoring/stun_signal.pcapng.out index 9256f1b3f..7ff3b220e 100644 --- a/test/results/stats/monitoring/stun_signal.pcapng.out +++ b/test/results/stats/monitoring/stun_signal.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:220 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:178087 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:177961 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:23 diff --git a/test/results/stats/monitoring/telegram_videocall.pcapng.out b/test/results/stats/monitoring/telegram_videocall.pcapng.out index 12cc553e7..5aca8c0d4 100644 --- a/test/results/stats/monitoring/telegram_videocall.pcapng.out +++ b/test/results/stats/monitoring/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:258 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:215418 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:215410 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:28 diff --git a/test/results/stats/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/stats/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index 0198bada1..7c1519d2a 100644 --- a/test/results/stats/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/stats/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:258 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:220578 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:220570 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:28 diff --git a/test/results/stats/subclassification_disable/anydesk.pcapng.out b/test/results/stats/subclassification_disable/anydesk.pcapng.out index f26c7811d..06b8541c8 100644 --- a/test/results/stats/subclassification_disable/anydesk.pcapng.out +++ b/test/results/stats/subclassification_disable/anydesk.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:66 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:67314 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:67310 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 diff --git a/test/results/stats/zoom_extra_dissection/zoom.pcap.out b/test/results/stats/zoom_extra_dissection/zoom.pcap.out index f1927f5bd..c437bd7ac 100644 --- a/test/results/stats/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/stats/zoom_extra_dissection/zoom.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:314 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:245546 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:245521 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27 diff --git a/test/results/stun_extra_dissection/lru_ipv6_caches.pcapng.out b/test/results/stun_extra_dissection/lru_ipv6_caches.pcapng.out index 5e62e4342..7669bd111 100644 --- a/test/results/stun_extra_dissection/lru_ipv6_caches.pcapng.out +++ b/test/results/stun_extra_dissection/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} 00849{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} @@ -84,7 +84,7 @@ 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1639052981556623} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1639052981556623} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -93,9 +93,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8688775 bytes -~~ total memory freed........: 8688775 bytes -~~ total allocations/frees...: 140760/140760 +~~ total memory allocated....: 9453501 bytes +~~ total memory freed........: 9453501 bytes +~~ total allocations/frees...: 154726/154726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 2415 chars diff --git a/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out b/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out index dcd27c6b8..4b5c243bb 100644 --- a/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out +++ b/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out @@ -1,5 +1,5 @@ -00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266} +00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1669989925164266,"pkt":"CL6sCxduJjb1W8R1CABFAACQVjZAAEARNZzAqAycjvpSTJRPS2kAfJZwAAEAYCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAkAARufx7\/AAgAFFXMCO6dEOYzzYk4Nclzw7fn\/+udgCgABEyaSoM="} 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -10,7 +10,7 @@ 01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":1303,"midstream":0,"thread_ts_usec":1669989925246353,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2i110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"AF:DD:BF:F5:59:23:0C:D1:B0:9F:B1:04:2E:89:DF:4C:1B:AB:BE:CC"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1669989925331729,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1669989925331729,"pkt":"CL6sCxduJjb1W8R1CABFAACUVj1AAEARNZHAqAycjvpSTJRPS2kAgIetAAEAZCESpEJHeElSOVZ4WXVGUjkABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAlAAAAJAAEbn8e\/wAIABRPuZAhjSuP3zBrIerigzXVUm4nSYAoAAQ65t8C"} 02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925844909,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2558,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1669989925844909,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":43515.6,"max":258068,"stddev":58201.4,"var":3387401984.0,"ent":4.0,"data": [23454,57152,58633,110311,426,107899,55,29,31904,33185,42585,42763,84060,83239,24775,643,393,2519,24830,54,50,34247,28143,7940,22933,203231,6659,19573,19853,258068,19379]},"pktlen": {"min":68,"avg":221.2,"max":1231,"stddev":244.4,"var":59721.8,"ent":4.4,"data": [144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112]},"bins": {"c_to_s": [0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0],"entropies": [5.970281124,5.844405174,4.975852966,7.376402378,5.926150799,6.767900467,5.873587608,5.727212906,7.417241573,6.742666721,7.399977684,5.666547298,6.284676552,5.878243446,6.278099537,5.456246376,6.045804977,5.932724476,5.656750679,5.431894302,5.443003178,5.773984909,5.547308922,5.480338573,5.456245899,5.525803089,6.089138508,6.235580444,6.295892239,6.029528141,7.452062130,6.164150715]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657055887,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657055887,"pkt":"CL6sCxduSKRyNpegCABFAAA08+VAAIAGV4zAqAy2jvpS+cQtDZbxQLjKAAAAAIAC+vBI\/gAAAgQFtAEDAwgBAQQC"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657058869,"pkt":"SKRyNpegCL6sCxduCABFgAA0AABAAG8GW\/KO+lL5wKgMtg2WxC3d8CUA8UC4y4AS\/\/9BHQAAAgQFhAEBBAIBAwMI"} @@ -22,7 +22,7 @@ 02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657765266,"flow_dst_last_pkt_time":1710679657791909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":656,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":1924,"midstream":0,"thread_ts_usec":1710679657791909,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46625.8,"max":509459,"stddev":117745.2,"var":13863926784.0,"ent":2.8,"data": [2982,4724,277,207,4964,15,4148,4126,3916,466724,509459,1184,218,46646,1080,55404,53567,7433,0,8588,49659,55453,222,48997,10062,51393,4524,8018,5673,16613,19125]},"pktlen": {"min":40,"avg":142.1,"max":696,"stddev":150.7,"var":22704.0,"ent":4.4,"data": [52,52,40,40,68,40,120,192,116,40,180,196,148,172,84,40,40,140,204,236,40,172,40,696,40,172,140,648,40,160,40,160]},"bins": {"c_to_s": [8,0,0,2,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1],"entropies": [4.776611805,5.000318050,4.831686974,4.834183693,5.321198940,4.834183693,5.795867443,6.212464809,5.776382446,4.784183979,5.991631985,6.163437843,5.951478004,6.109816074,5.892313004,4.981687069,4.881687641,6.144776344,6.237818718,5.382826805,5.031687260,6.101328850,5.031687260,6.564705849,4.881687164,6.057666779,5.976850510,7.406529903,4.784183979,5.974988937,4.981687069,5.932507992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989926044388,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657948817,"flow_dst_last_pkt_time":1710679657936697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1108,"flow_src_tot_l4_payload_len":1968,"flow_dst_tot_l4_payload_len":12540,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650262 bytes -~~ total memory freed........: 8650262 bytes -~~ total allocations/frees...: 140648/140648 +~~ total memory allocated....: 9414668 bytes +~~ total memory freed........: 9414668 bytes +~~ total allocations/frees...: 154614/154614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2243 chars diff --git a/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out index 4bc07b61b..762cf242e 100644 --- a/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497255265,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL58AAIAR9v8KCgABCgEAA\/7K4YIALFAqAAMAECESpELECsSOsFxxIrqIIMwAGQAEEQAAAIAoAATGrBhE"} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -18,7 +18,7 @@ 01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497496659,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497496659,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","peer_address":"10.0.0.147:60770","relayed_address":"10.1.0.3:60815","multimedia_flow_types":"Unknown"}}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812504427110,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812504413713,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3924,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 43/43 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8648525 bytes -~~ total memory freed........: 8648525 bytes -~~ total allocations/frees...: 140587/140587 +~~ total memory allocated....: 9412931 bytes +~~ total memory freed........: 9412931 bytes +~~ total allocations/frees...: 154553/154553 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 1263 chars diff --git a/test/results/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/stun_extra_dissection/stun_zoom.pcapng.out index 340503498..08ac8b2fb 100644 --- a/test/results/stun_extra_dissection/stun_zoom.pcapng.out +++ b/test/results/stun_extra_dissection/stun_zoom.pcapng.out @@ -1,5 +1,5 @@ -00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} +00602{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"} 01021{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -21,7 +21,7 @@ 02200{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1661169536805680} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1661169536805680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8660561 bytes -~~ total memory freed........: 8660561 bytes -~~ total allocations/frees...: 140623/140623 +~~ total memory allocated....: 9424967 bytes +~~ total memory freed........: 9424967 bytes +~~ total allocations/frees...: 154589/154589 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 607 chars ~~ json message max len.......: 2205 chars diff --git a/test/results/stun_only_peer_address_enabled/stun_wa_call.pcapng.out b/test/results/stun_only_peer_address_enabled/stun_wa_call.pcapng.out index 7a618cf1b..0d4cbe909 100644 --- a/test/results/stun_only_peer_address_enabled/stun_wa_call.pcapng.out +++ b/test/results/stun_only_peer_address_enabled/stun_wa_call.pcapng.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} 01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} @@ -109,7 +109,7 @@ 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":2,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":112,"global_ts_usec":1676660035303048} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":2,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":112,"global_ts_usec":1676660035303048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 591/591 ~~ skipped flows.............: 0 @@ -118,9 +118,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8690934 bytes -~~ total memory freed........: 8690934 bytes -~~ total allocations/frees...: 141246/141246 +~~ total memory allocated....: 9455692 bytes +~~ total memory freed........: 9455692 bytes +~~ total allocations/frees...: 155212/155212 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 605 chars ~~ json message max len.......: 2234 chars diff --git a/test/results/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index ac17d5415..f0ae8a837 100644 --- a/test/results/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -215,15 +215,15 @@ 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367885663,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8pokAAEABmXjAqAypW2wRAgMDNxoAAAAARQAAYGk1QAAwEaeYW2wRAsCoDKkFeJJEAEylPgEEADAhEqRCS0hPaXJyRlRDcUV6AA0ABAAAAACAIgAETm9uZQAIABTZOmmRI5FcQW+rAa8g\/fpFll3GzoAoAASHsPRA"} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1648032373241368,"pkt":"mt9Y+uvcCL6sCxduCABFAABT6ldAAOsGItsSw6JdwKgMqQG7mCy7WPtHxPlC24AYAHtr3AAAAQEICnkLeDpCTgbkFQMDABr+u10WYqqjSVLzlRa1hyPjBkG+M0x+dgZKjg=="} -00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032373315177,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tt9AAEAGAXPAqAypEsOiXZgsAbvE+ULbu1j7ZoAQAMhy4gAAAQEICkJO9JB5C3g6"} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378245645,"pkt":"mt9Y+uvcCL6sCxduCABFAAA06lhAAOsGIvkSw6JdwKgMqQG7mCy7WPtmxPlC24ARAHtfogAAAQEICnkLi8ZCTvSQ"} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378336597,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tuBAAEAGAXLAqAypEsOiXZgsAbvE+ULbu1j7Z4AQAMhLuAAAAQEICkJPCC15C4vG"} -00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367764744,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00981{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00977{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AWS_EC2","proto_id":"461","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032367501855,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032367002740,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -255,7 +255,7 @@ 01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01138{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 889/887 ~~ skipped flows.............: 0 @@ -264,9 +264,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8769230 bytes -~~ total memory freed........: 8769230 bytes -~~ total allocations/frees...: 141785/141785 +~~ total memory allocated....: 9534627 bytes +~~ total memory freed........: 9534627 bytes +~~ total allocations/frees...: 155750/155750 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars ~~ json message max len.......: 2350 chars diff --git a/test/results/subclassification_disable/anydesk.pcapng.out b/test/results/subclassification_disable/anydesk.pcapng.out index 15319ca7b..97bc1947b 100644 --- a/test/results/subclassification_disable/anydesk.pcapng.out +++ b/test/results/subclassification_disable/anydesk.pcapng.out @@ -1,5 +1,5 @@ -00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} +00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1591342198821353,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -17,7 +17,7 @@ 01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199532111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1591342199532111,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12i640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 01883{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12i640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} 02684{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":176540.0,"max":1602919,"stddev":394272.9,"var":155451113472.0,"ent":2.8,"data": [164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62]},"pktlen": {"min":40,"avg":392.7,"max":1500,"stddev":555.2,"var":308238.0,"ent":3.8,"data": [60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180]},"bins": {"c_to_s": [8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1],"entropies": [4.772595406,4.903359890,4.834184170,5.369554996,4.390828609,7.460080147,4.834184170,7.770876408,4.834184170,4.609350204,4.734183788,7.619944096,4.390829086,5.750715733,4.765311718,5.803060055,4.765311718,6.743920803,4.390828609,6.830827713,4.834184170,6.275036812,4.434307098,6.390825272,7.863389492,7.871673107,7.811679363,4.390829086,4.390829086,4.390829086,7.887207985,7.841894150]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1613977585247036} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1613977585247036} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585247036,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"} 01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","domainame":"relay-3185a847.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -28,7 +28,7 @@ 01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585542630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585542630,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com","domainame":"relay-9b6827f2.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1613977585553797,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="} 01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com","domainame":"relay-9b6827f2.net.anydesk.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["138.199.36.115,ttl=27996"]}}} -01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342244652502,"flow_dst_last_pkt_time":1591342244652493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":159,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":355,"midstream":1,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342244652502,"flow_dst_last_pkt_time":1591342244652493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":159,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":355,"midstream":1,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342209805588,"flow_dst_last_pkt_time":1591342209768308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5797,"flow_dst_tot_l4_payload_len":7915,"midstream":0,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595379986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595379986,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595379986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595379986,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"} @@ -47,7 +47,7 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595463648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595463648,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"} 01898{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","ja4":"t12i640500_9197985d2161_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E","blocks":0}}} 02686{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977601740964,"flow_dst_last_pkt_time":1613977601737415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5712,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1613977601740964,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":410271.2,"max":3021750,"stddev":825943.1,"var":682181918720.0,"ent":2.9,"data": [491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006]},"pktlen": {"min":40,"avg":306.3,"max":3966,"stddev":747.4,"var":558552.1,"ent":3.1,"data": [52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]},"bins": {"c_to_s": [6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1],"s_to_c": [11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0],"entropies": [4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1663090549161771} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1663090549161771} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="} @@ -63,7 +63,7 @@ 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com"}} 01489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977602672535,"flow_dst_last_pkt_time":1613977601741457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6286,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01361{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090607968067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":3063,"midstream":0,"thread_ts_usec":1663090607968067,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":174,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1663090607968067} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":174,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1663090607968067} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 174/174 ~~ skipped flows.............: 0 @@ -72,9 +72,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8722457 bytes -~~ total memory freed........: 8722457 bytes -~~ total allocations/frees...: 140815/140815 +~~ total memory allocated....: 9487089 bytes +~~ total memory freed........: 9487089 bytes +~~ total allocations/frees...: 154783/154783 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2691 chars diff --git a/test/results/subclassification_disable/dns.pcap.out b/test/results/subclassification_disable/dns.pcap.out index 1345a9e61..8f65197ca 100644 --- a/test/results/subclassification_disable/dns.pcap.out +++ b/test/results/subclassification_disable/dns.pcap.out @@ -1,4 +1,4 @@ -00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":15458020,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":371,"pkt_l4_len":317,"thread_ts_usec":15458020,"pkt":"MzMAAAD7CAAns+Yuht1gDvfuAT0R\/\/6AAAAAAAAACgAn\/\/6z5i7\/AgAAAAAAAAAAAAAAAAD7FOkU6QE94YsAAIQAAAAABgAAAAMBRQEyATYBRQEzAUIBRQFGAUYBRgE3ATIBMAEwAUEBMAEwATABMAEwATABMAEwATABMAEwATABMAEwATgBRQFGA2lwNgRhcnBhAAAMgAEAAAB4AA8HQW5kcm9pZAVsb2NhbAAQYWRiLXVuaWRlbnRpZmllZARfYWRiBF90Y3DAaAAQgAEAABGUAAEACV9zZXJ2aWNlcwdfZG5zLXNkBF91ZHDAaAAMAAEAABGUAALAgMCAAAwAAQAAEZQAAsBvwGAAHIABAAAAeAAQ\/oAAAAAAAAAKACf\/\/rPmLsBvACGAAQAAAHgACAAAAAAVs8BgwAwAL4ABAAAAeAAGwAwAAgAIwG8AL4ABAAARlAAJwG8ABQAAgABAwGAAL4ABAAAAeAAIwGAABAAAAAg="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":15458020,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","domainame":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","mdns": {}}} @@ -11,7 +11,7 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":69520583,"flow_dst_last_pkt_time":69520924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_usec":69520924,"pkt":"CAAnOk7TILAB4IZiht1gAAAAABQGQCABCwcKPcESAAAAAAAAAAEgAQsHCj3BErgxpz95dOYEADXCbjRYwBs5t9KvUBABfj89AAA="} 01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":69519720,"flow_src_last_pkt_time":69520583,"flow_dst_last_pkt_time":69526637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":69526637,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b831:a73f:7974:e604","dst_ip":"2001:b07:a3d:c112::1","src_port":49774,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"opentracker.io","domainame":"opentracker.io","dns": {"num_queries":1,"num_answers":23,"reply_code":0,"query_type":255,"rsp_type":43,"rsp_addr": ["45.9.60.30,ttl=1347"]}}} 01043{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":15458020,"flow_src_last_pkt_time":15458020,"flow_dst_last_pkt_time":15458020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":69527477,"l3_proto":"ip6","src_ip":"fe80::a00:27ff:feb3:e62e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1112172654366527} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1112172654366527} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","domainame":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} @@ -21,13 +21,13 @@ 01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695204348,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.example.com","domainame":"www.example.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} 01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.example.com","domainame":"www.example.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} -00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1484673025972667} +00826{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1484673025972667} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":16,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667} 00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":17,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144} 00599{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":17,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1484673025976144} +00828{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":17,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1484673025976144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/15 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8650089 bytes -~~ total memory freed........: 8650089 bytes -~~ total allocations/frees...: 140568/140568 +~~ total memory allocated....: 9414527 bytes +~~ total memory freed........: 9414527 bytes +~~ total allocations/frees...: 154534/154534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 315 chars ~~ json message max len.......: 1135 chars diff --git a/test/results/subclassification_disable/http.pcapng.out b/test/results/subclassification_disable/http.pcapng.out index 9e081f16e..ef35d2898 100644 --- a/test/results/subclassification_disable/http.pcapng.out +++ b/test/results/subclassification_disable/http.pcapng.out @@ -1,5 +1,5 @@ -00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} +00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441023341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441023341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8mDFAAEAGN5nAqAGA2DrQjqS6AFARiJzNAAAAAKAC+vCG+AAAAgQFtAQCCArCG0WpAAAAAAEDAwc="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441030591,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8NRsAAHgGoi\/YOtCOwKgBgABQpLoKOrN\/EYiczqAS\/\/9o0gAAAgQFlgQCCArUwoamwhtFqQEDAwg="} @@ -8,7 +8,7 @@ 01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441030691,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com","domainame":"google.com","http": {"url":"google.com\/","code":0,"content_type":"","user_agent":"curl\/7.68.0"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441038384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643129441038384,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA0NSMAAHgGoi\/YOtCOwKgBgABQpLoKOrOAEYidGIAQAQCWKAAAAQEICtTChq7CG0Ww"} 01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441065505,"flow_dst_last_pkt_time":1643129441065458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":528,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1643129441065505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8645177 bytes -~~ total memory freed........: 8645177 bytes -~~ total allocations/frees...: 140548/140548 +~~ total memory allocated....: 9409551 bytes +~~ total memory freed........: 9409551 bytes +~~ total allocations/frees...: 154514/154514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 563 chars ~~ json message max len.......: 1088 chars diff --git a/test/results/subclassification_disable/quic-mvfst-27.pcapng.out b/test/results/subclassification_disable/quic-mvfst-27.pcapng.out index e95c2dd91..6a69bd2bb 100644 --- a/test/results/subclassification_disable/quic-mvfst-27.pcapng.out +++ b/test/results/subclassification_disable/quic-mvfst-27.pcapng.out @@ -1,4 +1,4 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} 01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0108h5_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} @@ -7,7 +7,7 @@ 02286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} 02288{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} -00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} +00832{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8655566 bytes -~~ total memory freed........: 8655566 bytes -~~ total allocations/frees...: 140575/140575 +~~ total memory allocated....: 9419940 bytes +~~ total memory freed........: 9419940 bytes +~~ total allocations/frees...: 154541/154541 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 2293 chars diff --git a/test/results/subclassification_disable/tls_ech.pcapng.out b/test/results/subclassification_disable/tls_ech.pcapng.out index b0ae0daf5..7aedf03ba 100644 --- a/test/results/subclassification_disable/tls_ech.pcapng.out +++ b/test/results/subclassification_disable/tls_ech.pcapng.out @@ -1,5 +1,5 @@ -00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} +00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00825{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412679858,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412679858,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqoAAAAAoAL\/KDqPAAACBAWMBAIICnfjZxIAAAAAAQMDBw=="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412684172,"pkt":"NObXAhsnILAB4IZiht1gBxYjACgGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJksyaT6roBL8wPi1AAACBATEBAIICk7TX8p342cSAQMDDQ=="} @@ -9,7 +9,7 @@ 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412688931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412688931,"pkt":"NObXAhsnILAB4IZiht1gBxYjACAGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJkwyaUDzgBAAByECAAABAQgKTtNfznfjZxY="} 01362{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412746874,"flow_dst_last_pkt_time":1688191412700618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":2702,"midstream":0,"thread_ts_usec":1688191412746874,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8654010 bytes -~~ total memory freed........: 8654010 bytes -~~ total allocations/frees...: 140549/140549 +~~ total memory allocated....: 9418384 bytes +~~ total memory freed........: 9418384 bytes +~~ total allocations/frees...: 154515/154515 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 1386 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out index 4ec66c069..863ae92b3 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298253624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253624,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADypskAAQAaTB38AAAF\/AAABrYgEOPrjCTkAAAAAoAL\/1\/4wAAACBP\/XBAIICoJ3H6YAAAAAAQMDBw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253646,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253646,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDitiFpVj4z64wk6oBL\/y\/4wAAACBP\/XBAIICoJ3H6aCdx+mAQMDBw=="} @@ -35,7 +35,7 @@ 00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298432715,"flow_dst_last_pkt_time":1725100298432675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":636,"flow_dst_max_l4_payload_len":7428,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":20131,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298407018,"flow_dst_last_pkt_time":1725100298407002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":9887,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18427,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298432922,"flow_dst_last_pkt_time":1725100298432653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":31703,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8811869 bytes -~~ total memory freed........: 8811869 bytes -~~ total allocations/frees...: 140688/140688 +~~ total memory allocated....: 9576372 bytes +~~ total memory freed........: 9576372 bytes +~~ total allocations/frees...: 154655/154655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 2223 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out index 1cbbe926c..2178fe9a6 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999181087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181087,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADzyHEAAQAZKnX8AAAF\/AAAB7O4EOOE3LPkAAAAAoAL\/1\/4wAAACBP\/XBAIICrEoZggAAAAAAQMDBw=="} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181104,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181104,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDjs7jONTa3hNyz6oBL\/y\/4wAAACBP\/XBAIICrEoZgixKGYIAQMDBw=="} @@ -72,7 +72,7 @@ 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999228105,"flow_src_last_pkt_time":1725367999228105,"flow_dst_last_pkt_time":1725367999228906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":38613,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999227989,"flow_src_last_pkt_time":1725367999227989,"flow_dst_last_pkt_time":1725367999228682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":39434,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999367164,"flow_dst_last_pkt_time":1725367999322863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7292,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8806301 bytes -~~ total memory freed........: 8806301 bytes -~~ total allocations/frees...: 140755/140755 +~~ total memory allocated....: 9570996 bytes +~~ total memory freed........: 9570996 bytes +~~ total allocations/frees...: 154722/154722 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 2184 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out index 229dcafa3..5e4eb144d 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050807636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807636,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwowkAAQAYT+H8AAAF\/AAABnMgEOHy9vSYAAAAAoAL68P4wAAACBAW0BAIICoRbnDUAAAAAAQMDBw=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807653,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807653,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDicyAJPxIx8vb0noBL+iP4wAAACBAW0BAIICoRbnDWEW5w1AQMDBw=="} @@ -71,7 +71,7 @@ 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050978467,"flow_dst_last_pkt_time":1725132050978462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2070,"flow_src_tot_l4_payload_len":1405,"flow_dst_tot_l4_payload_len":10691,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050814218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -80,9 +80,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8878447 bytes -~~ total memory freed........: 8878447 bytes -~~ total allocations/frees...: 140758/140758 +~~ total memory allocated....: 9643109 bytes +~~ total memory freed........: 9643109 bytes +~~ total allocations/frees...: 154724/154724 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 1394 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out index ba3b9b9f5..68d5f9fdf 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604542518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542518,"pkt":"AAADBAAGAAAAAAAAClUIAEUAADwueUAAQAYOQX8AAAF\/AAABkWIEOC0ia0MAAAAAoAL\/1\/4wAAACBP\/XBAIICoL13hcAAAAAAQMDBw=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542542,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542542,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDiRYncsq\/stImtEoBL\/y\/4wAAACBP\/XBAIICoL13heC9d4XAQMDBw=="} @@ -35,7 +35,7 @@ 00941{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}} 00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606831814,"flow_dst_last_pkt_time":1725108606831771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":20846,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8765423 bytes -~~ total memory freed........: 8765423 bytes -~~ total allocations/frees...: 140687/140687 +~~ total memory allocated....: 9529926 bytes +~~ total memory freed........: 9529926 bytes +~~ total allocations/frees...: 154654/154654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 581 chars ~~ json message max len.......: 2236 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out index e8a751b0d..17fb93402 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711295335,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295335,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwSqkAAQAYqEH8AAAF\/AAABrfQEOJ96Es4AAAAAoAL\/1\/4wAAACBP\/XBAIICtChiqgAAAAAAQMDBw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295427,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295427,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDit9LL9yaKfehLPoBL\/y\/4wAAACBP\/XBAIICtChiqjQoYqoAQMDBw=="} @@ -35,7 +35,7 @@ 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469639,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":17,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711492259,"flow_dst_last_pkt_time":1725278711492259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":21168,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8839074 bytes -~~ total memory freed........: 8839074 bytes -~~ total allocations/frees...: 140689/140689 +~~ total memory allocated....: 9603544 bytes +~~ total memory freed........: 9603544 bytes +~~ total allocations/frees...: 154655/154655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 2466 chars diff --git a/test/results/zoom_extra_dissection/zoom.pcap.out b/test/results/zoom_extra_dissection/zoom.pcap.out index f584d7cfb..87fdfc7e7 100644 --- a/test/results/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/zoom_extra_dissection/zoom.pcap.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520466080774,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} @@ -48,15 +48,15 @@ 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469081864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469081864,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469081864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520469081864,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"} 01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520469090576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvbAqAF1NMo+7tZQAbuf1vAclW0+lVAYIABOFwAAFgMBAgABAAH8AwOmdJtxNFfMjcfLUUPitDEoY1B0Di2UTNnlfk3BbUb8gQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEAAOAAALbG9nLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEzdAAAABAACwAJCGh0dHAvMS4xABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469090576,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469090576,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469116573,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469189810,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469198772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469198772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAomZxAAO4GvV00yj7uwKgBdQG71lCVbT6Vn9byIVAQAAc78QAAAAAAAAAA"} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469200030,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469200030,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01561{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469210161,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469221116,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} @@ -108,19 +108,19 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469950703,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470060882,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470061040,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520470061040,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"} 01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520470086807,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAyDAqAF1NMo+xNZRAbvXiDKJch71hFAYIACSLwAAFgMBAgABAAH8AwM713rsHGfD7mJ354PwCuGZwTjUqrrL0CuQ4TzCSd+cxAAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAADAAKAAAHem9vbS51cwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABATN0AAAAEAALAAkIaHR0cC8xLjEAFQC7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470086807,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470086807,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470022260,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470134646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470134790,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520470134790,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"} 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520470165906,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvjAqAF1NMo+7NZSAbv67hZuvPb3MFAYIADjOQAAFgMBAgABAAH8AwObHTBBjptn8M2MO45Zv5ljKTP+98xeE3APrXXUMhcUnQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEQAPAAAMd3d3My56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBM3QAAAAQAAsACQhodHRwLzEuMQAVALYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470165906,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470165906,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470197342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520470197342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoYcxAAO8G9Fc0yj7EwKgBdQG71lFyHvWE14g0jlAQAAcuWwAAAAAAAAAA"} -01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470199286,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470199286,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01557{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470199565,"flow_dst_last_pkt_time":1569520470199762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470199762,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470199286,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470199286,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01555{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470199565,"flow_dst_last_pkt_time":1569520470199762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470199762,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470278606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520470278606,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAo8dBAAO4GZSs0yj7swKgBdQG71lK89vcw+u4Yc1AQAAfaYgAAAAAAAAAA"} -01243{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01567{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01565{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008h1_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470350181,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520470350181,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38469.9,"max":210729,"stddev":59394.9,"var":3527759616.0,"ent":3.3,"data": [112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148]},"pktlen": {"min":40,"avg":663.0,"max":1492,"stddev":660.1,"var":435695.1,"ent":4.2,"data": [64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} +02192{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38469.9,"max":210729,"stddev":59394.9,"var":3527759616.0,"ent":3.3,"data": [112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148]},"pktlen": {"min":40,"avg":663.0,"max":1492,"stddev":660.1,"var":435695.1,"ent":4.2,"data": [64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470666966,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520470666966,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABI4PAAAEARFPDAqAF1wKgB\/+EV4RUANLyaU3BvdFVkcDAJFTOWktM6lAABAARIlcIDDi3QR5gZLZgtSkZtNr91y8rdz4k="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470666966,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -211,7 +211,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1569520473084563,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1569520473116083,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1569520473116331,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1569520473116331,"pkt":"EBMx8Tl2KDc3AG3ICABFAAApU1gAAEARV43AqAF1bV6gY\/EjImEAFahIBAAAAAF2KpKmAFoORA=="} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1569520473121070,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1569520473121070,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDmwAAEARnEPAqAF1bV6gY\/EjImEAS0M9BQ0AAAAMASGOnDkoxEsvqQJwcoIuVvYBAAQDAgAAAAAAAAABAAAAFmRhdGFfYmluZF9yZXBsYWNlX2ZsYWcCAAAAAQ=="} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":701,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1673444902645655} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":701,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1673444902645655} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902645655,"packet_id":701,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902645655} 00531{"packet_event_id":1,"packet_event_name":"packet","packet_id":701,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":167,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":167,"pkt_l4_len":0,"thread_ts_usec":1569520473198709,"pkt":"AAAAAAAAAAECAAD6gQBNQoEAQHEIAEUwAJHKGwAA\/xGzEwqGGUMKhA+wCGgIaAB9eUgw\/wBtBJhmXEUAAG316wAAQBEffgqMdSPBeiPtskIiYQBZseADAAAAEg\/+mNIAJy7JAQVA3IMlEZ3S66JjfHMo8enxO0XEN5PMhIeLRp6CXCZ6i5NbikRhcdwrc6d1VElcFx1R+ZHQglXiW8kQjpgMrPMjkQA="} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902769137,"packet_id":702,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902769137} @@ -291,14 +291,14 @@ 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520469423595,"flow_src_last_pkt_time":1569520469433729,"flow_dst_last_pkt_time":1569520469423595,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469797670,"flow_src_last_pkt_time":1569520469797670,"flow_dst_last_pkt_time":1569520469797670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742102,"flow_src_last_pkt_time":1569520470742102,"flow_dst_last_pkt_time":1569520470776015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"zoomfr84zc.zoom.us"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469402528,"flow_dst_last_pkt_time":1569520469413824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1489,"flow_dst_tot_l4_payload_len":4294,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469402528,"flow_dst_last_pkt_time":1569520469413824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1489,"flow_dst_tot_l4_payload_len":4294,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00987{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520470741922,"flow_src_last_pkt_time":1569520470741922,"flow_dst_last_pkt_time":1569520470768577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"zoomfr85zc.zoom.us"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469984408,"flow_src_last_pkt_time":1569520469984408,"flow_dst_last_pkt_time":1569520470021639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www3.zoom.us"}} -00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469430881,"flow_dst_last_pkt_time":1569520469430777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":758,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1466,"flow_dst_tot_l4_payload_len":5833,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470454378,"flow_dst_last_pkt_time":1569520470449389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":15671,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470628076,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469430881,"flow_dst_last_pkt_time":1569520469430777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":758,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1466,"flow_dst_tot_l4_payload_len":5833,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} +00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470454378,"flow_dst_last_pkt_time":1569520470449389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":15671,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470628076,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"AWS_EC2","proto_by_ip_id":461,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520468922117,"flow_src_last_pkt_time":1569520468922117,"flow_dst_last_pkt_time":1569520468958056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"log.zoom.us"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469036433,"flow_src_last_pkt_time":1569520469036433,"flow_dst_last_pkt_time":1569520469072146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"local"}} 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469072220,"flow_src_last_pkt_time":1569520469072220,"flow_dst_last_pkt_time":1569520469072220,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -306,12 +306,12 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520472536483,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01169{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":127,"flow_dst_packets_processed":83,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520473190218,"flow_dst_last_pkt_time":1569520473152463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":45724,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us"}} -01173{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01178{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AWS_Cloudfront","proto_by_ip_id":464,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01246{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520471535462,"flow_dst_last_pkt_time":1569520471572328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":866,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1526,"flow_dst_tot_l4_payload_len":1399,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520471156543,"flow_dst_last_pkt_time":1569520471156659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 01125{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520471159604,"flow_dst_last_pkt_time":1569520471159577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":5902,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":781,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1673445056996306} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":781,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1673445056996306} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 781/697 ~~ skipped flows.............: 0 @@ -320,9 +320,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8985201 bytes -~~ total memory freed........: 8985201 bytes -~~ total allocations/frees...: 141678/141678 +~~ total memory allocated....: 9750632 bytes +~~ total memory freed........: 9750632 bytes +~~ total allocations/frees...: 155645/155645 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 312 chars ~~ json message max len.......: 2418 chars diff --git a/test/results/zoom_extra_dissection/zoom2.pcap.out b/test/results/zoom_extra_dissection/zoom2.pcap.out index e5537fdba..1fa3b9c00 100644 --- a/test/results/zoom_extra_dissection/zoom2.pcap.out +++ b/test/results/zoom_extra_dissection/zoom2.pcap.out @@ -1,5 +1,5 @@ -00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} +00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00817{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458402978,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1642965458402978,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642965458577638,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} @@ -37,7 +37,7 @@ 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":44,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965500043016,"flow_dst_last_pkt_time":1642965498034804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":3423,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":98,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965464235467,"flow_dst_last_pkt_time":1642965464220244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":6619,"flow_dst_tot_l4_payload_len":13719,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":66,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965460403587,"flow_dst_last_pkt_time":1642965460412418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":2702,"flow_dst_tot_l4_payload_len":61420,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":342,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1642965500043016} +00830{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":342,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1642965500043016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 342/342 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8673109 bytes -~~ total memory freed........: 8673109 bytes -~~ total allocations/frees...: 140914/140914 +~~ total memory allocated....: 9437579 bytes +~~ total memory freed........: 9437579 bytes +~~ total allocations/frees...: 154880/154880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2222 chars diff --git a/test/results/zoom_extra_dissection/zoom_p2p.pcapng.out b/test/results/zoom_extra_dissection/zoom_p2p.pcapng.out index 66100b720..b21b15374 100644 --- a/test/results/zoom_extra_dissection/zoom_p2p.pcapng.out +++ b/test/results/zoom_extra_dissection/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ -00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} +00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -131,7 +131,7 @@ 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892918986914,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892928125663,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12936,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1448,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"","ndpi_version":"","ndpi_api_version":0,"size_per_flow":1480,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 763/763 ~~ skipped flows.............: 0 @@ -140,9 +140,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8696147 bytes -~~ total memory freed........: 8696147 bytes -~~ total allocations/frees...: 141426/141426 +~~ total memory allocated....: 9460905 bytes +~~ total memory freed........: 9460905 bytes +~~ total allocations/frees...: 155392/155392 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 2340 chars